This module allows simplified creation and management of individual GKE nodepools, setting sensible defaults (eg a service account is created for nodes if none is set) and allowing for less verbose usage in most use cases.
If no specific node configuration is set via variables, the module uses the provider's defaults only setting OAuth scopes to a minimal working set (devstorage read-only, logging and monitoring write) and the node machine type to n1-standard-1
. The service account set by the provider in this case is the GCE default service account.
module "cluster-1-nodepool-1" {
source = "./modules/gke-nodepool"
project_id = "myproject"
cluster_name = "cluster-1"
location = "europe-west1-b"
name = "nodepool-1"
}
To have the module auto-create a service account for the nodes, set the node_service_account_create
variable to true
. When a service account is created by the module, OAuth scopes are set to cloud-platform
by default. The service account resource and email (in both plain and IAM formats) are then available in outputs to assign IAM roles from your own code.
module "cluster-1-nodepool-1" {
source = "./modules/gke-nodepool"
project_id = "myproject"
cluster_name = "cluster-1"
location = "europe-west1-b"
name = "nodepool-1"
node_service_account_create = true
}
# tftest:modules=1:resources=2
name | description | type | required | default |
---|---|---|---|---|
cluster_name | Cluster name. | string |
✓ | |
location | Cluster location. | string |
✓ | |
project_id | Cluster project id. | string |
✓ | |
autoscaling_config | Optional autoscaling configuration. | object({...}) |
null |
|
gke_version | Kubernetes nodes version. Ignored if auto_upgrade is set in management_config. | string |
null |
|
initial_node_count | Initial number of nodes for the pool. | number |
1 |
|
management_config | Optional node management configuration. | object({...}) |
null |
|
max_pods_per_node | Maximum number of pods per node. | number |
null |
|
name | Optional nodepool name. | string |
null |
|
node_boot_disk_kms_key | Customer Managed Encryption Key used to encrypt the boot disk attached to each node | string |
null |
|
node_count | Number of nodes per instance group, can be updated after creation. Ignored when autoscaling is set. | number |
null |
|
node_disk_size | Node disk size, defaults to 100GB. | number |
100 |
|
node_disk_type | Node disk type, defaults to pd-standard. | string |
pd-standard |
|
node_guest_accelerator | Map of type and count of attached accelerator cards. | map(number) |
{} |
|
node_image_type | Nodes image type. | string |
null |
|
node_labels | Kubernetes labels attached to nodes. | map(string) |
{} |
|
node_local_ssd_count | Number of local SSDs attached to nodes. | number |
0 |
|
node_locations | Optional list of zones in which nodes should be located. Uses cluster locations if unset. | list(string) |
null |
|
node_machine_type | Nodes machine type. | string |
n1-standard-1 |
|
node_metadata | Metadata key/value pairs assigned to nodes. Set disable-legacy-endpoints to true when using this variable. | map(string) |
null |
|
node_min_cpu_platform | Minimum CPU platform for nodes. | string |
null |
|
node_preemptible | Use preemptible VMs for nodes. | bool |
null |
|
node_sandbox_config | GKE Sandbox configuration. Needs image_type set to COS_CONTAINERD and node_version set to 1.12.7-gke.17 when using this variable. | string |
null |
|
node_service_account | Service account email. Unused if service account is auto-created. | string |
null |
|
node_service_account_create | Auto-create service account. | bool |
false |
|
node_service_account_scopes | Scopes applied to service account. Default to: 'cloud-platform' when creating a service account; 'devstorage.read_only', 'logging.write', 'monitoring.write' otherwise. | list(string) |
[] |
|
node_shielded_instance_config | Shielded instance options. | object({...}) |
null |
|
node_tags | Network tags applied to nodes. | list(string) |
null |
|
node_taints | Kubernetes taints applied to nodes. E.g. type=blue:NoSchedule | list(string) |
[] |
|
upgrade_config | Optional node upgrade configuration. | object({...}) |
null |
|
workload_metadata_config | Metadata configuration to expose to workloads on the node pool. | string |
GKE_METADATA_SERVER |
name | description | sensitive |
---|---|---|
name | Nodepool name. | |
service_account | Service account resource. | |
service_account_email | Service account email. | |
service_account_iam_email | Service account email. |