A Terraform module to create a best-practice Google Kubernetes Engine (GKE) cluster.
This module is available on Terraform registry.
The module is designed to be used by Jetstack customers to make it easier for them to create clusters that are secure and follow Jetstack recommendations. It gives them flexibility with certain properties so the cluster can be customised to their needs, but gives fixed values for properties that could lead to issues or insecurity.
:warning:
The 0.3
release of this module is planned to be the final release.
:warning:
After this the module will be deprecated in favour of Google's GKE module. Jetstack will be producing an example project using Google's module as well as migration guidance.
The module requires an existing Google Cloud project, with VPC network and subnetwork for the cluster to use. The subnetwork must be in the same region as the cluster and have pod and service ranges specified.
The module allows the cluster to be extensively customised using input variables.
These can be found with documentation in variables.tf
.
The customisable properties include:
Some of the properties of the cluster are fixed based on Jetstack's recommended best-practice settings:
cloud-platform
to manage permissions with IAM.The module itself is located in the root of this repo, and is designed to be used as part of a larger Terraform project. It can be used directly from the Terraform Registry like so:
module "gke-cluster" {
source = "jetstack/gke-cluster/google"
version = "0.3.0"
# insert the 9 required variables here
}
There is an example project in the example/
directory which can be used to test and demonstrate the module. It could also be used as the basis for your own Terraform project.
If private nodes are used then nodes will not have direct access to the internet. This means they cannot pull images hosted outside of the container registry in the same project as the cluster. The example project features a Cloud NAT to give the nodes to access the internet.
This project is licensed under the Apache 2.0 License.
For full details see the LICENSE
file.