mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-03 01:01:06 +00:00
Update GKE examples, docs to recommend fine grained node pools. (#2968)
<!-- This change is generated by MagicModules. --> /cc @rileykarson
This commit is contained in:
parent
742c060dcc
commit
bb5e34894f
@ -8,15 +8,84 @@ description: |-
|
|||||||
|
|
||||||
# google\_container\_cluster
|
# google\_container\_cluster
|
||||||
|
|
||||||
Creates a Google Kubernetes Engine (GKE) cluster. For more information see
|
Manages a Google Kubernetes Engine (GKE) cluster. For more information see
|
||||||
[the official documentation](https://cloud.google.com/container-engine/docs/clusters)
|
[the official documentation](https://cloud.google.com/container-engine/docs/clusters)
|
||||||
and
|
and [the API reference](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters).
|
||||||
[API](https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters).
|
|
||||||
|
|
||||||
~> **Note:** All arguments including the username and password will be stored in the raw state as plain-text.
|
~> **Note:** All arguments and attributes, including basic auth username and
|
||||||
[Read more about sensitive data in state](/docs/state/sensitive-data.html).
|
passwords as well as certificate outputs will be stored in the raw state as
|
||||||
|
plaintext. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
|
||||||
|
|
||||||
## Example usage
|
## Example Usage - with a separately managed node pool (recommended)
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
resource "google_container_cluster" "primary" {
|
||||||
|
name = "my-gke-cluster"
|
||||||
|
region = "us-central1"
|
||||||
|
|
||||||
|
# We can't create a cluster with no node pool defined, but we want to only use
|
||||||
|
# separately managed node pools. So we create the smallest possible default
|
||||||
|
# node pool and immediately delete it.
|
||||||
|
remove_default_node_pool = true
|
||||||
|
initial_node_count = 1
|
||||||
|
|
||||||
|
# Setting an empty username and password explicitly disables basic auth
|
||||||
|
master_auth {
|
||||||
|
username = ""
|
||||||
|
password = ""
|
||||||
|
}
|
||||||
|
|
||||||
|
node_config {
|
||||||
|
oauth_scopes = [
|
||||||
|
"https://www.googleapis.com/auth/compute",
|
||||||
|
"https://www.googleapis.com/auth/devstorage.read_only",
|
||||||
|
"https://www.googleapis.com/auth/logging.write",
|
||||||
|
"https://www.googleapis.com/auth/monitoring",
|
||||||
|
]
|
||||||
|
|
||||||
|
labels = {
|
||||||
|
foo = "bar"
|
||||||
|
}
|
||||||
|
|
||||||
|
tags = ["foo", "bar"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_container_node_pool" "primary_preemptible_nodes" {
|
||||||
|
name = "my-node-pool"
|
||||||
|
region = "us-central1"
|
||||||
|
cluster = "${google_container_cluster.primary.name}"
|
||||||
|
node_count = 1
|
||||||
|
|
||||||
|
node_config {
|
||||||
|
preemptible = true
|
||||||
|
machine_type = "n1-standard-1"
|
||||||
|
|
||||||
|
oauth_scopes = [
|
||||||
|
"https://www.googleapis.com/auth/compute",
|
||||||
|
"https://www.googleapis.com/auth/devstorage.read_only",
|
||||||
|
"https://www.googleapis.com/auth/logging.write",
|
||||||
|
"https://www.googleapis.com/auth/monitoring",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# The following outputs allow authentication and connectivity to the GKE Cluster
|
||||||
|
# by using certificate-based authentication.
|
||||||
|
output "client_certificate" {
|
||||||
|
value = "${google_container_cluster.primary.master_auth.0.client_certificate}"
|
||||||
|
}
|
||||||
|
|
||||||
|
output "client_key" {
|
||||||
|
value = "${google_container_cluster.primary.master_auth.0.client_key}"
|
||||||
|
}
|
||||||
|
|
||||||
|
output "cluster_ca_certificate" {
|
||||||
|
value = "${google_container_cluster.primary.master_auth.0.cluster_ca_certificate}"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Example Usage - with the default node pool
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
resource "google_container_cluster" "primary" {
|
resource "google_container_cluster" "primary" {
|
||||||
@ -24,14 +93,10 @@ resource "google_container_cluster" "primary" {
|
|||||||
zone = "us-central1-a"
|
zone = "us-central1-a"
|
||||||
initial_node_count = 3
|
initial_node_count = 3
|
||||||
|
|
||||||
additional_zones = [
|
# Setting an empty username and password explicitly disables basic auth
|
||||||
"us-central1-b",
|
|
||||||
"us-central1-c",
|
|
||||||
]
|
|
||||||
|
|
||||||
master_auth {
|
master_auth {
|
||||||
username = "mr.yoda"
|
username = ""
|
||||||
password = "adoy.rm"
|
password = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
node_config {
|
node_config {
|
||||||
@ -55,7 +120,8 @@ resource "google_container_cluster" "primary" {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# The following outputs allow authentication and connectivity to the GKE Cluster.
|
# The following outputs allow authentication and connectivity to the GKE Cluster
|
||||||
|
# by using certificate-based authentication.
|
||||||
output "client_certificate" {
|
output "client_certificate" {
|
||||||
value = "${google_container_cluster.primary.master_auth.0.client_certificate}"
|
value = "${google_container_cluster.primary.master_auth.0.client_certificate}"
|
||||||
}
|
}
|
||||||
@ -81,10 +147,11 @@ output "cluster_ca_certificate" {
|
|||||||
may be set. If neither zone nor region are set, the provider zone is used.
|
may be set. If neither zone nor region are set, the provider zone is used.
|
||||||
|
|
||||||
* `region` (Optional)
|
* `region` (Optional)
|
||||||
The region to create the cluster in, for
|
The region to create the cluster in for
|
||||||
[Regional Clusters](https://cloud.google.com/kubernetes-engine/docs/concepts/multi-zone-and-regional-clusters#regional).
|
[Regional Clusters](https://cloud.google.com/kubernetes-engine/docs/concepts/multi-zone-and-regional-clusters#regional).
|
||||||
In a Regional Cluster, the number of nodes specified in `initial_node_count` is
|
In a Regional Cluster, the number of nodes specified in `initial_node_count` is
|
||||||
created in three zones of the region (this can be changed by setting `additional_zones`).
|
created in each of three zones of the region (this can be changed by setting
|
||||||
|
`additional_zones`).
|
||||||
|
|
||||||
* `additional_zones` - (Optional) The list of additional Google Compute Engine
|
* `additional_zones` - (Optional) The list of additional Google Compute Engine
|
||||||
locations in which the cluster's nodes should be located. If additional zones are
|
locations in which the cluster's nodes should be located. If additional zones are
|
||||||
@ -210,18 +277,23 @@ The `addons_config` block supports:
|
|||||||
It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service.
|
It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service.
|
||||||
It is enabled by default;
|
It is enabled by default;
|
||||||
set `disabled = true` to disable.
|
set `disabled = true` to disable.
|
||||||
|
|
||||||
* `http_load_balancing` - (Optional) The status of the HTTP (L7) load balancing
|
* `http_load_balancing` - (Optional) The status of the HTTP (L7) load balancing
|
||||||
controller addon, which makes it easy to set up HTTP load balancers for services in a
|
controller addon, which makes it easy to set up HTTP load balancers for services in a
|
||||||
cluster. It is enabled by default; set `disabled = true` to disable.
|
cluster. It is enabled by default; set `disabled = true` to disable.
|
||||||
|
|
||||||
* `kubernetes_dashboard` - (Optional) The status of the Kubernetes Dashboard
|
* `kubernetes_dashboard` - (Optional) The status of the Kubernetes Dashboard
|
||||||
add-on, which controls whether the Kubernetes Dashboard is enabled for this cluster.
|
add-on, which controls whether the Kubernetes Dashboard is enabled for this cluster.
|
||||||
It is enabled by default; set `disabled = true` to disable.
|
It is enabled by default; set `disabled = true` to disable.
|
||||||
|
|
||||||
* `network_policy_config` - (Optional) Whether we should enable the network policy addon
|
* `network_policy_config` - (Optional) Whether we should enable the network policy addon
|
||||||
for the master. This must be enabled in order to enable network policy for the nodes.
|
for the master. This must be enabled in order to enable network policy for the nodes.
|
||||||
It can only be disabled if the nodes already do not have network policies enabled.
|
It can only be disabled if the nodes already do not have network policies enabled.
|
||||||
Set `disabled = true` to disable.
|
Set `disabled = true` to disable.
|
||||||
|
|
||||||
* `istio_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)).
|
* `istio_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)).
|
||||||
Structure is documented below.
|
Structure is documented below.
|
||||||
|
|
||||||
* `cloudrun_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)).
|
* `cloudrun_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)).
|
||||||
The status of the CloudRun addon. It requires `istio_config` enabled. It is disabled by default.
|
The status of the CloudRun addon. It requires `istio_config` enabled. It is disabled by default.
|
||||||
Set `disabled = false` to enable. This addon can only be enabled at cluster creation time.
|
Set `disabled = false` to enable. This addon can only be enabled at cluster creation time.
|
||||||
@ -254,9 +326,12 @@ The `cluster_autoscaling` block supports:
|
|||||||
sure to set at least `cpu` and `memory`. Structure is documented below.
|
sure to set at least `cpu` and `memory`. Structure is documented below.
|
||||||
|
|
||||||
The `resource_limits` block supports:
|
The `resource_limits` block supports:
|
||||||
|
|
||||||
* `resource_type` - (Required) See [the docs](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning)
|
* `resource_type` - (Required) See [the docs](https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning)
|
||||||
for a list of permitted types - `cpu`, `memory`, and others.
|
for a list of permitted types - `cpu`, `memory`, and others.
|
||||||
|
|
||||||
* `minimum` - (Optional) The minimum value for the resource type specified.
|
* `minimum` - (Optional) The minimum value for the resource type specified.
|
||||||
|
|
||||||
* `maximum` - (Optional) The maximum value for the resource type specified.
|
* `maximum` - (Optional) The maximum value for the resource type specified.
|
||||||
|
|
||||||
The `maintenance_policy` block supports:
|
The `maintenance_policy` block supports:
|
||||||
|
@ -8,13 +8,46 @@ description: |-
|
|||||||
|
|
||||||
# google\_container\_node\_pool
|
# google\_container\_node\_pool
|
||||||
|
|
||||||
Manages a Node Pool resource within GKE. For more information see
|
Manages a node pool in a Google Kubernetes Engine (GKE) cluster separately from
|
||||||
[the official documentation](https://cloud.google.com/container-engine/docs/node-pools)
|
the cluster control plane. For more information see [the official documentation](https://cloud.google.com/container-engine/docs/node-pools)
|
||||||
and
|
and [the API reference](https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.nodePools).
|
||||||
[API](https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.nodePools).
|
|
||||||
|
### Example Usage - using a separately managed node pool (recommended)
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
resource "google_container_cluster" "primary" {
|
||||||
|
name = "my-gke-cluster"
|
||||||
|
region = "us-central1"
|
||||||
|
|
||||||
|
# We can't create a cluster with no node pool defined, but we want to only use
|
||||||
|
# separately managed node pools. So we create the smallest possible default
|
||||||
|
# node pool and immediately delete it.
|
||||||
|
remove_default_node_pool = true
|
||||||
|
initial_node_count = 1
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_container_node_pool" "primary_preemptible_nodes" {
|
||||||
|
name = "my-node-pool"
|
||||||
|
region = "us-central1"
|
||||||
|
cluster = "${google_container_cluster.primary.name}"
|
||||||
|
node_count = 1
|
||||||
|
|
||||||
|
node_config {
|
||||||
|
preemptible = true
|
||||||
|
machine_type = "n1-standard-1"
|
||||||
|
|
||||||
|
oauth_scopes = [
|
||||||
|
"https://www.googleapis.com/auth/compute",
|
||||||
|
"https://www.googleapis.com/auth/devstorage.read_only",
|
||||||
|
"https://www.googleapis.com/auth/logging.write",
|
||||||
|
"https://www.googleapis.com/auth/monitoring",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Example Usage - 2 node pools, 1 separately managed + the default node pool
|
||||||
|
|
||||||
## Example usage
|
|
||||||
### Standard usage
|
|
||||||
```hcl
|
```hcl
|
||||||
resource "google_container_node_pool" "np" {
|
resource "google_container_node_pool" "np" {
|
||||||
name = "my-node-pool"
|
name = "my-node-pool"
|
||||||
@ -34,13 +67,13 @@ resource "google_container_cluster" "primary" {
|
|||||||
initial_node_count = 3
|
initial_node_count = 3
|
||||||
|
|
||||||
additional_zones = [
|
additional_zones = [
|
||||||
"us-central1-b",
|
|
||||||
"us-central1-c",
|
"us-central1-c",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
# Setting an empty username and password explicitly disables basic auth
|
||||||
master_auth {
|
master_auth {
|
||||||
username = "mr.yoda"
|
username = ""
|
||||||
password = "adoy.rm"
|
password = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
node_config {
|
node_config {
|
||||||
@ -58,70 +91,19 @@ resource "google_container_cluster" "primary" {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
```
|
|
||||||
### Usage with an empty default pool.
|
|
||||||
```hcl
|
|
||||||
resource "google_container_node_pool" "np" {
|
|
||||||
name = "my-node-pool"
|
|
||||||
zone = "us-central1-a"
|
|
||||||
cluster = "${google_container_cluster.primary.name}"
|
|
||||||
node_count = 1
|
|
||||||
|
|
||||||
node_config {
|
|
||||||
preemptible = true
|
|
||||||
machine_type = "n1-standard-1"
|
|
||||||
|
|
||||||
oauth_scopes = [
|
|
||||||
"compute-rw",
|
|
||||||
"storage-ro",
|
|
||||||
"logging-write",
|
|
||||||
"monitoring",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_container_cluster" "primary" {
|
|
||||||
name = "marcellus-wallace"
|
|
||||||
zone = "us-central1-a"
|
|
||||||
|
|
||||||
lifecycle {
|
|
||||||
ignore_changes = ["node_pool"]
|
|
||||||
}
|
|
||||||
|
|
||||||
node_pool {
|
|
||||||
name = "default-pool"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
### Usage with a regional cluster
|
|
||||||
|
|
||||||
```hcl
|
|
||||||
|
|
||||||
resource "google_container_cluster" "regional" {
|
|
||||||
name = "marcellus-wallace"
|
|
||||||
region = "us-central1"
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_container_node_pool" "regional-np" {
|
|
||||||
name = "my-node-pool"
|
|
||||||
region = "us-central1"
|
|
||||||
cluster = "${google_container_cluster.regional.name}"
|
|
||||||
node_count = 1
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Argument Reference
|
## Argument Reference
|
||||||
|
|
||||||
* `zone` - (Optional) The zone in which the cluster resides.
|
|
||||||
|
|
||||||
* `region` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)) The region in which the cluster resides (for regional clusters).
|
|
||||||
|
|
||||||
* `cluster` - (Required) The cluster to create the node pool for. Cluster must be present in `zone` provided for zonal clusters.
|
* `cluster` - (Required) The cluster to create the node pool for. Cluster must be present in `zone` provided for zonal clusters.
|
||||||
|
|
||||||
Note: You must be provide region for regional clusters and zone for zonal clusters
|
- - -
|
||||||
|
|
||||||
|
* `zone` - (Optional) The zone in which the cluster resides.
|
||||||
|
|
||||||
|
* `region` - (Optional) The region in which the cluster resides (for regional clusters).
|
||||||
|
|
||||||
|
-> Note: You must be provide `region` for regional clusters and `zone` for zonal clusters
|
||||||
|
|
||||||
- - -
|
- - -
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user