Skip to content

Latest commit

 

History

History
88 lines (72 loc) · 4.83 KB

README.md

File metadata and controls

88 lines (72 loc) · 4.83 KB

Description

Deploys a Private GKE cluster with Istio and a helloworld deployment plumbed up to an Istio Ingress Gateway via an Istio VirtualService.

Specifications:

  • Private cluster
    • default node pool removed
    • Control plane authorized networks enabled
    • Custom node pool
      • Autoscaling
    • Shielded nodes
  • Istio service mesh
    • Default install profile via tf module flag
    • Ingress Gateway
    • Gateway
    • Virtual Service
    • Custom myapp namespace
      • myapp namespace has istio-injection enabled
  • App deployed into custom myapp namespace

Deployment instructions:

Then perform the following commands on the root folder:

  • terraform init to get the plugins
  • terraform plan to see the infrastructure plan
  • terraform apply to apply the infrastructure build
  • terraform destroy to destroy the built infrastructure

Terraform will provide outputs containing the app URL.

Requirements

No requirements.

Providers

Name Version
google 4.20.0
http 2.1.0
kubernetes 2.11.0
null 3.1.1
time 0.7.2

Modules

Name Source Version
gke terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster 21.0.0

Resources

Name Type
google_compute_router.router resource
google_compute_router_nat.nat resource
kubernetes_namespace.myapp resource
null_resource.helloworld resource
null_resource.install_helloworld resource
null_resource.local_k8s_context resource
time_sleep.wait_istio resource
google_client_config.default data source
google_compute_subnetwork.subnetwork data source
http_http.my_public_ip data source
kubernetes_service.istio_ingress data source

Inputs

Name Description Type Default Required
cluster_name_suffix A suffix to append to the default cluster name string "" no
compute_engine_service_account Service account to associate to the nodes in the cluster any n/a yes
ip_range_pods The secondary ip range to use for pods any n/a yes
ip_range_services The secondary ip range to use for services any n/a yes
network The VPC network to host the cluster in any n/a yes
project_id The project ID to host the cluster in any n/a yes
region The region to host the cluster in any n/a yes
subnetwork The subnetwork to host the cluster in any n/a yes
zones The zone to host the cluster in (required if is a zonal cluster) list(string) n/a yes

Outputs

Name Description
app_url n/a
ingress_ip n/a
your_ip_addr n/a