Skip to content

truefoundry/terraform-google-truefoundry-cluster-classic

BranchesTags

Repository files navigation

terraform-google-truefoundry-cluster-classic

Truefoundry Google Cloud Cluster Classic Module

Requirements

Name Version
terraform ~> 1.4
google 6.47
google-beta 6.47

Providers

Name Version
google 6.47
google-beta 6.47

Modules

No modules.

Resources

Name Type
google-beta_google_container_cluster.cluster resource
google_compute_firewall.fix_webhooks resource
google_container_node_pool.control_plane_pool resource
google_container_node_pool.critical_pool resource
google_container_cluster.existing_cluster data source

Inputs

Name Description Type Default Required
allowed_ip_ranges Allowed IP ranges to connect to the master endpoint list(string) 
[
  "0.0.0.0/0"
]
 no
cluster_endpoint_public_access Enable public access to the cluster endpoint. Set to true to allow access from public CIDRs, which is required for TrueFoundry modules running locally. bool true no
cluster_master_ipv4_cidr_block IPv4 CIDR block for the master nodes string n/a yes
cluster_name Name of the cluster. If use_existing_cluster is enabled cluster_name is used to fetch details of existing cluster string n/a yes
cluster_nap_node_config Configuration for the NAP (Node Auto Provisioning) node pool. This includes:
- disk_size_gb: Size of the disk attached to each node (default: "300")
- disk_type: Type of disk attached to each node (pd-standard, pd-balanced, pd-ssd) (default: "pd-balanced")
- enable_secure_boot: Secure Boot helps ensure that the system only runs authentic software (default: true)
- enable_integrity_monitoring: Enables monitoring and attestation of the boot integrity (default: true)
- autoscaling_profile: Profile for autoscaling optimization (default: "OPTIMIZE_UTILIZATION")
- max_cpu: Maximum CPU cores allowed per node (default: 1024)
- max_memory: Maximum memory in MB allowed per node (default: 8172)
- auto_repair: Flag to enable auto repair for the nodes (default: true)
- auto_upgrade: Flag to enable auto upgrade for the nodes (default: true)
- max_surge: Maximum number of nodes that can be created beyond the current size during updates (default: 1)
- max_unavailable: Maximum number of nodes that can be unavailable during updates (default: 0)

See GKE docs for more information: https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning		 
object({
    disk_size_gb                = optional(string, "300")
    disk_type                   = optional(string, "pd-balanced")
    enable_secure_boot          = optional(bool, true)
    enable_integrity_monitoring = optional(bool, true)
    autoscaling_profile         = optional(string, "OPTIMIZE_UTILIZATION")
    max_cpu                     = optional(number, 1024)
    max_memory                  = optional(number, 8172)
    auto_repair                 = optional(bool, true)
    auto_upgrade                = optional(bool, true)
    max_surge                   = optional(number, 1)
    max_unavailable             = optional(number, 0)
  })
 {} no
cluster_network_id Existing VPC network ID for the cluster string n/a yes
cluster_networking_mode Networking mode for the cluster. Values can be VPC_NATIVE (recommended) or ROUTES. VPC_NATIVE is default after google-beta 5.0.0 string "VPC_NATIVE" no
cluster_node_locations Availability zones for nodes - should match the region list(string) n/a yes
cluster_secondary_range_name VPC secondary range name for pods string "" no
cluster_subnet_id Existing subnet ID for the cluster string n/a yes
control_plane_enabled Enable dedicated control plane nodes for the cluster bool false no
control_plane_pool_config Configuration for the control plane node pool 
object({
    disk_size_gb = optional(string, "100")
    disk_type    = optional(string, "pd-balanced")
    machine_type = optional(string, "e2-standard-4")
    autoscaling = optional(object({
      min_node_count  = optional(number, 1)
      max_node_count  = optional(number, 2)
      location_policy = optional(string, "BALANCED")
    }), {})
    enable_secure_boot            = optional(bool, true)
    enable_integrity_monitoring   = optional(bool, true)
    auto_repair                   = optional(bool, true)
    auto_upgrade                  = optional(bool, true)
    workload_metadata_config_mode = optional(string, "GKE_METADATA")
    service_account               = optional(string, "default")
    labels = optional(map(string), {
      "class.truefoundry.com/component" = "control-plane"
    })
    taints = optional(object(
      {
        key    = optional(string, "class.truefoundry.com/component")
        value  = optional(string, "control-plane")
        effect = optional(string, "NO_SCHEDULE")
      }
    ), {})
    preemptible = optional(bool, false)
    spot        = optional(bool, false)
  })
 {} no
critical_pool_config Configuration for the critical workloads node pool 
object({
    disk_size_gb = optional(string, "100")
    disk_type    = optional(string, "pd-balanced")
    machine_type = optional(string, "e2-standard-4")
    autoscaling = optional(object({
      min_node_count  = optional(number, 1)
      max_node_count  = optional(number, 2)
      location_policy = optional(string, "BALANCED")
    }), {})
    enable_secure_boot            = optional(bool, true)
    enable_integrity_monitoring   = optional(bool, true)
    auto_repair                   = optional(bool, true)
    auto_upgrade                  = optional(bool, true)
    workload_metadata_config_mode = optional(string, "GKE_METADATA")
    service_account               = optional(string, "default")
    labels = optional(map(string), {
      "class.truefoundry.com/component" = "critical"
    })
    taints = optional(object(
      {
        key    = optional(string, "class.truefoundry.com/component")
        value  = optional(string, "critical")
        effect = optional(string, "NO_SCHEDULE")
      }
    ), {})
    preemptible = optional(bool, false)
    spot        = optional(bool, false)
  })
 {} no
default_node_pool_config Configuration for the default node pool 
object({
    service_account = optional(string, "default")
    oauth_scopes = optional(list(string), [
      "https://www.googleapis.com/auth/cloud-platform",
      "https://www.googleapis.com/auth/devstorage.read_only",
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring",
      "https://www.googleapis.com/auth/service.management.readonly",
      "https://www.googleapis.com/auth/servicecontrol",
      "https://www.googleapis.com/auth/trace.append"
    ])
    disk_size_gb         = optional(string, "100")
    disk_type            = optional(string, "pd-balanced")
    secure_boot          = optional(bool, true)
    integrity_monitoring = optional(bool, true)
    enable_spot          = optional(bool, false)
  })
 {} no
deletion_protection Enable deletion protection for the cluster bool false no
enable_container_image_streaming Enable/disable container image streaming bool true no
enable_eol_maintenance_exclusion Enable automatic End-of-Life (EOL) maintenance exclusion for the GKE cluster.

When set to true (default), this automatically adds maintenance exclusions that prevent
automatic minor version upgrades and node upgrades during the end-of-life period for
the specified Kubernetes version. This helps maintain cluster stability by preventing
automatic upgrades that could potentially cause issues during EOL periods.

This exclusion is scoped to NO_MINOR_UPGRADES. This will prevent control plane upgrades,
but will allow node patch level upgrades.

The EOL maintenance exclusions are version-specific and include:
- Kubernetes 1.32: EOL from 2024-06-01 to 2026-04-11
- Kubernetes 1.33: EOL from 2024-06-01 to 2026-08-03
- Kubernetes 1.34: EOL from 2024-06-01 to 2026-10-01

When disabled (false), only user-defined maintenance exclusions from the maintenance_policy
variable will be applied. This gives you full control over maintenance scheduling.

For more information on GKE release schedules and EOL dates, see:
https://cloud.google.com/kubernetes-engine/docs/release-schedule		 bool true no
enable_gce_persistent_disk_csi_driver Enable/disable GCE Persistent Disk CSI driver bool true no
enable_gcp_filestore_csi_driver Enable/disable GCP Filestore CSI driver bool false no
enable_gcs_fuse_csi_driver Enable/disable GCS Fuse CSI driver bool false no
kubernetes_version Kubernetes version for the GKE cluster string "1.33" no
logging_config Configuration for cluster logging components 
object({
    enable_components = optional(list(string), ["SYSTEM_COMPONENTS", "APISERVER", "CONTROLLER_MANAGER", "SCHEDULER"])
  })
 
{
  "enable_components": [
    "SYSTEM_COMPONENTS",
    "APISERVER",
    "CONTROLLER_MANAGER",
    "SCHEDULER"
  ]
}
 no
maintenance_recurring_window_policy Recurring maintenance window for the GKE cluster

When set to true (default), this automatically adds a recurring maintenance window for the GKE cluster.
This helps maintain cluster stability by preventing automatic upgrades that could potentially cause
issues during EOL periods.

The recurring maintenance window default is set to every Saturday and Sunday from 9:00 AM to 9:00 AM.

When enable_eol_maintenance_exclusion is set to true, this window is used for patch upgrades.
GKE may apply critical upgrades outside of this window.
(https://cloud.google.com/kubernetes-engine/docs/concepts/maintenance-windows-and-exclusions#security-patching)

See https://cloud.google.com/kubernetes-engine/docs/how-to/maintenance-windows-and-exclusions#maintenance-window-existing_cluster for more information.		 
object({
    start_time = string
    end_time   = string
    recurrence = string
  })
 
{
  "end_time": "2023-10-03T09:00:00Z",
  "recurrence": "FREQ=WEEKLY;BYDAY=SA,SU",
  "start_time": "2023-10-01T09:00:00Z"
}
 no
max_pods_per_node Maximum number of pods per node in this cluster. string "32" no
network_tags A list of network tags to add to all instances list(string) [] no
oauth_scopes OAuth scopes to attach to the cluster list(string) 
[
  "https://www.googleapis.com/auth/cloud-platform",
  "https://www.googleapis.com/auth/devstorage.read_only",
  "https://www.googleapis.com/auth/logging.write",
  "https://www.googleapis.com/auth/monitoring",
  "https://www.googleapis.com/auth/service.management.readonly",
  "https://www.googleapis.com/auth/servicecontrol",
  "https://www.googleapis.com/auth/trace.append"
]
 no
project GCP project ID string n/a yes
region GCP region for the cluster string n/a yes
services_secondary_range_name VPC secondary range name for services string "" no
shared_vpc Flag to enable shared VPC for the cluster bool false no
tags A map of tags to add to all resources. Tags are key-value pairs used for grouping and filtering map(string) {} no
use_existing_cluster Flag to enable the use of an existing GKE cluster or create a new one bool false no

Outputs

Name Description
cluster_endpoint Endpoint for your Kubernetes API server
cluster_id The id of the GKE cluster
cluster_master_version Master version for the cluster
cluster_name The name of the GKE cluster
cluster_secondary_range_name Cluster secondary range name for pod IPs
services_secondary_range_name Cluster secondry range name for service IPs

About

Truefoundry Google Cloud Cluster Classic Module

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 28

v0.4.6 Latest
Oct 27, 2025
+ 27 releases

Packages

No packages published

Contributors 8

Languages