#Copyright 2022 Google LLC #Licensed under the Apache License, Version 2.0 (the "License"); #you may not use this file except in compliance with the License. #You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 #Unless required by applicable law or agreed to in writing, software #distributed under the License is distributed on an "AS IS" BASIS, #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #See the License for the specific language governing permissions and #limitations under the License. // This file was automatically generated from a template in ./autogen/main /****************************************** Create Container Cluster *****************************************/ resource "google_container_cluster" "primary" { provider = google-beta name = var.name description = var.description project = var.project_id resource_labels = var.cluster_resource_labels location = local.location node_locations = local.node_locations cluster_ipv4_cidr = var.cluster_ipv4_cidr network = "projects/${local.network_project_id}/global/networks/${var.network}" dynamic "release_channel" { for_each = local.release_channel content { channel = release_channel.value.channel } } dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { enabled = var.enable_cost_allocation } } dynamic "confidential_nodes" { for_each = local.confidential_node_config content { enabled = confidential_nodes.value.enabled } } subnetwork = "projects/${local.network_project_id}/regions/${local.region}/subnetworks/${var.subnetwork}" default_snat_status { disabled = var.disable_default_snat } min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null logging_service = var.logging_service monitoring_service = var.monitoring_service dynamic "monitoring_config" { for_each = var.monitoring_enable_managed_prometheus ? [1] : [] content { managed_prometheus { enabled = var.monitoring_enable_managed_prometheus } } } vertical_pod_autoscaling { enabled = var.enable_vertical_pod_autoscaling } enable_autopilot = true dynamic "master_authorized_networks_config" { for_each = local.master_authorized_networks_config content { dynamic "cidr_blocks" { for_each = master_authorized_networks_config.value.cidr_blocks content { cidr_block = lookup(cidr_blocks.value, "cidr_block", "") display_name = lookup(cidr_blocks.value, "display_name", "") } } } } master_auth { client_certificate_config { issue_client_certificate = var.issue_client_certificate } } dynamic "service_external_ips_config" { for_each = var.service_external_ips ? [1] : [] content { enabled = var.service_external_ips } } addons_config { http_load_balancing { disabled = !var.http_load_balancing } horizontal_pod_autoscaling { disabled = !var.horizontal_pod_autoscaling } } datapath_provider = var.datapath_provider networking_mode = "VPC_NATIVE" ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services } maintenance_policy { dynamic "recurring_window" { for_each = local.cluster_maintenance_window_is_recurring content { start_time = var.maintenance_start_time end_time = var.maintenance_end_time recurrence = var.maintenance_recurrence } } dynamic "daily_maintenance_window" { for_each = local.cluster_maintenance_window_is_daily content { start_time = var.maintenance_start_time } } dynamic "maintenance_exclusion" { for_each = var.maintenance_exclusions content { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time dynamic "exclusion_options" { for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] content { scope = exclusion_options.value } } } } } timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") delete = lookup(var.timeouts, "delete", "45m") } dynamic "resource_usage_export_config" { for_each = var.resource_usage_export_dataset_id != "" ? [{ enable_network_egress_metering = var.enable_network_egress_export enable_resource_consumption_metering = var.enable_resource_consumption_export dataset_id = var.resource_usage_export_dataset_id }] : [] content { enable_network_egress_metering = resource_usage_export_config.value.enable_network_egress_metering enable_resource_consumption_metering = resource_usage_export_config.value.enable_resource_consumption_metering bigquery_destination { dataset_id = resource_usage_export_config.value.dataset_id } } } dynamic "private_cluster_config" { for_each = var.enable_private_nodes ? [{ enable_private_nodes = var.enable_private_nodes, enable_private_endpoint = var.enable_private_endpoint master_ipv4_cidr_block = var.master_ipv4_cidr_block }] : [] content { enable_private_endpoint = private_cluster_config.value.enable_private_endpoint enable_private_nodes = private_cluster_config.value.enable_private_nodes master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block dynamic "master_global_access_config" { for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : [] content { enabled = master_global_access_config.value } } } } dynamic "database_encryption" { for_each = var.database_encryption content { key_name = database_encryption.value.key_name state = database_encryption.value.state } } dynamic "authenticator_groups_config" { for_each = local.cluster_authenticator_security_group content { security_group = authenticator_groups_config.value.security_group } } notification_config { pubsub { enabled = var.notification_config_topic != "" ? true : false topic = var.notification_config_topic } } }