kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kops/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf

348 lines
10 KiB
HCL
Raw Blame History

locals {
cluster_name = "minimal-gce-private.example.com"
project = "us-test1"
region = "us-test1"
}
output "cluster_name" {
value = "minimal-gce-private.example.com"
}
output "project" {
value = "us-test1"
}
output "region" {
value = "us-test1"
}
provider "google" {
region = "us-test1"
}
resource "google_compute_disk" "d1-etcd-events-minimal-gce-private-example-com" {
labels = {
"k8s-io-cluster-name" = "minimal-gce-private-example-com"
"k8s-io-etcd-events" = "1-2f1"
"k8s-io-role-master" = "master"
}
name = "d1-etcd-events-minimal-gce-private-example-com"
size = 20
type = "pd-ssd"
zone = "us-test1-a"
}
resource "google_compute_disk" "d1-etcd-main-minimal-gce-private-example-com" {
labels = {
"k8s-io-cluster-name" = "minimal-gce-private-example-com"
"k8s-io-etcd-main" = "1-2f1"
"k8s-io-role-master" = "master"
}
name = "d1-etcd-main-minimal-gce-private-example-com"
size = 20
type = "pd-ssd"
zone = "us-test1-a"
}
resource "google_compute_firewall" "cidr-to-master-minimal-gce-private-example-com" {
allow {
ports = ["443"]
protocol = "tcp"
}
allow {
ports = ["4194"]
protocol = "tcp"
}
name = "cidr-to-master-minimal-gce-private-example-com"
network = google_compute_network.default.name
source_ranges = ["100.64.0.0/10"]
target_tags = ["minimal-gce-private-example-com-k8s-io-role-master"]
}
resource "google_compute_firewall" "cidr-to-node-minimal-gce-private-example-com" {
allow {
protocol = "tcp"
}
allow {
protocol = "udp"
}
allow {
protocol = "icmp"
}
allow {
protocol = "esp"
}
allow {
protocol = "ah"
}
allow {
protocol = "sctp"
}
name = "cidr-to-node-minimal-gce-private-example-com"
network = google_compute_network.default.name
source_ranges = ["100.64.0.0/10"]
target_tags = ["minimal-gce-private-example-com-k8s-io-role-node"]
}
resource "google_compute_firewall" "kubernetes-master-https-minimal-gce-private-example-com" {
allow {
ports = ["443"]
protocol = "tcp"
}
name = "kubernetes-master-https-minimal-gce-private-example-com"
network = google_compute_network.default.name
source_ranges = ["0.0.0.0/0"]
target_tags = ["minimal-gce-private-example-com-k8s-io-role-master"]
}
resource "google_compute_firewall" "master-to-master-minimal-gce-private-example-com" {
allow {
protocol = "tcp"
}
allow {
protocol = "udp"
}
allow {
protocol = "icmp"
}
allow {
protocol = "esp"
}
allow {
protocol = "ah"
}
allow {
protocol = "sctp"
}
name = "master-to-master-minimal-gce-private-example-com"
network = google_compute_network.default.name
source_tags = ["minimal-gce-private-example-com-k8s-io-role-master"]
target_tags = ["minimal-gce-private-example-com-k8s-io-role-master"]
}
resource "google_compute_firewall" "master-to-node-minimal-gce-private-example-com" {
allow {
protocol = "tcp"
}
allow {
protocol = "udp"
}
allow {
protocol = "icmp"
}
allow {
protocol = "esp"
}
allow {
protocol = "ah"
}
allow {
protocol = "sctp"
}
name = "master-to-node-minimal-gce-private-example-com"
network = google_compute_network.default.name
source_tags = ["minimal-gce-private-example-com-k8s-io-role-master"]
target_tags = ["minimal-gce-private-example-com-k8s-io-role-node"]
}
resource "google_compute_firewall" "node-to-master-minimal-gce-private-example-com" {
allow {
ports = ["443"]
protocol = "tcp"
}
allow {
ports = ["4194"]
protocol = "tcp"
}
name = "node-to-master-minimal-gce-private-example-com"
network = google_compute_network.default.name
source_tags = ["minimal-gce-private-example-com-k8s-io-role-node"]
target_tags = ["minimal-gce-private-example-com-k8s-io-role-master"]
}
resource "google_compute_firewall" "node-to-node-minimal-gce-private-example-com" {
allow {
protocol = "tcp"
}
allow {
protocol = "udp"
}
allow {
protocol = "icmp"
}
allow {
protocol = "esp"
}
allow {
protocol = "ah"
}
allow {
protocol = "sctp"
}
name = "node-to-node-minimal-gce-private-example-com"
network = google_compute_network.default.name
source_tags = ["minimal-gce-private-example-com-k8s-io-role-node"]
target_tags = ["minimal-gce-private-example-com-k8s-io-role-node"]
}
resource "google_compute_firewall" "nodeport-external-to-node-minimal-gce-private-example-com" {
allow {
ports = ["30000-32767"]
protocol = "tcp"
}
allow {
ports = ["30000-32767"]
protocol = "udp"
}
name = "nodeport-external-to-node-minimal-gce-private-example-com"
network = google_compute_network.default.name
source_tags = ["minimal-gce-private-example-com-k8s-io-role-node"]
target_tags = ["minimal-gce-private-example-com-k8s-io-role-node"]
}
resource "google_compute_firewall" "ssh-external-to-master-minimal-gce-private-example-com" {
allow {
ports = ["22"]
protocol = "tcp"
}
name = "ssh-external-to-master-minimal-gce-private-example-com"
network = google_compute_network.default.name
source_ranges = ["0.0.0.0/0"]
target_tags = ["minimal-gce-private-example-com-k8s-io-role-master"]
}
resource "google_compute_firewall" "ssh-external-to-node-minimal-gce-private-example-com" {
allow {
ports = ["22"]
protocol = "tcp"
}
name = "ssh-external-to-node-minimal-gce-private-example-com"
network = google_compute_network.default.name
source_ranges = ["0.0.0.0/0"]
target_tags = ["minimal-gce-private-example-com-k8s-io-role-node"]
}
resource "google_compute_instance_group_manager" "a-master-us-test1-a-minimal-gce-private-example-com" {
base_instance_name = "master-us-test1-a"
name = "a-master-us-test1-a-minimal-gce-private-example-com"
target_size = 1
version {
instance_template = google_compute_instance_template.master-us-test1-a-minimal-gce-private-example-com.self_link
}
zone = "us-test1-a"
}
resource "google_compute_instance_group_manager" "a-nodes-minimal-gce-private-example-com" {
base_instance_name = "nodes"
name = "a-nodes-minimal-gce-private-example-com"
target_size = 2
version {
instance_template = google_compute_instance_template.nodes-minimal-gce-private-example-com.self_link
}
zone = "us-test1-a"
}
resource "google_compute_instance_template" "master-us-test1-a-minimal-gce-private-example-com" {
can_ip_forward = true
disk {
auto_delete = true
boot = true
device_name = "persistent-disks-0"
disk_name = ""
disk_size_gb = 64
disk_type = "pd-standard"
interface = ""
mode = "READ_WRITE"
source = ""
source_image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-57-9202-64-0"
type = "PERSISTENT"
}
machine_type = "n1-standard-1"
metadata = {
"cluster-name" = "minimal-gce-private.example.com"
"kops-k8s-io-instance-group-name" = "master-us-test1-a"
"ssh-keys" = file("${path.module}/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_ssh-keys")
"startup-script" = file("${path.module}/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_startup-script")
}
name_prefix = "master-us-test1-a-minimal-asf34c-"
network_interface {
network = google_compute_network.default.name
}
scheduling {
automatic_restart = true
on_host_maintenance = "MIGRATE"
preemptible = false
}
service_account {
email = "default"
scopes = ["https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/devstorage.read_write", "https://www.googleapis.com/auth/ndev.clouddns.readwrite"]
}
tags = ["minimal-gce-private-example-com-k8s-io-role-master"]
}
resource "google_compute_instance_template" "nodes-minimal-gce-private-example-com" {
can_ip_forward = true
disk {
auto_delete = true
boot = true
device_name = "persistent-disks-0"
disk_name = ""
disk_size_gb = 128
disk_type = "pd-standard"
interface = ""
mode = "READ_WRITE"
source = ""
source_image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-57-9202-64-0"
type = "PERSISTENT"
}
machine_type = "n1-standard-2"
metadata = {
"cluster-name" = "minimal-gce-private.example.com"
"kops-k8s-io-instance-group-name" = "nodes"
"ssh-keys" = file("${path.module}/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_ssh-keys")
"startup-script" = file("${path.module}/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_startup-script")
}
name_prefix = "nodes-minimal-gce-private-4aopo5-"
network_interface {
network = google_compute_network.default.name
}
scheduling {
automatic_restart = true
on_host_maintenance = "MIGRATE"
preemptible = false
}
service_account {
email = "default"
scopes = ["https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/devstorage.read_only"]
}
tags = ["minimal-gce-private-example-com-k8s-io-role-node"]
}
resource "google_compute_network" "default" {
auto_create_subnetworks = true
name = "default"
}
resource "google_compute_router_nat" "nat-minimal-gce-private-example-com" {
name = "nat-minimal-gce-private-example-com"
nat_ip_allocate_option = "AUTO_ONLY"
region = "us-test1"
router = "nat-minimal-gce-private-example-com"
source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
}
resource "google_compute_router" "nat-minimal-gce-private-example-com" {
name = "nat-minimal-gce-private-example-com"
network = "https://www.googleapis.com/compute/v1/projects/testproject/global/networks/default"
}
terraform {
required_version = ">= 0.12.26"
required_providers {
google = {
"source" = "hashicorp/google"
"version" = ">= 2.19.0"
}
}
}
Reference in New Issue View Git Blame Copy Permalink