Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added service account for gke cluster #129

Merged
merged 2 commits into from
Apr 25, 2022
Merged

Added service account for gke cluster #129

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b87803d
Added service account for gke cluster
nkotibiot Apr 25, 2022
48fcab9
Merge remote-tracking branch 'origin/master' into helm_docker_gcp
nkotibiot Apr 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 25 additions & 1 deletion cloud/gcp/gks.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
resource "google_service_account" "gke" {
account_id = "gkeuser"
display_name = "GKE Service Account"
project = var.gcp_project_id
}
resource "google_project_iam_member" "gke_gcr_binding" {
project = var.gcp_project_id
role = "roles/storage.objectViewer"
member = "serviceAccount:${google_service_account.gke.email}"
}
#GKE CLUSTER
resource "google_container_cluster" "udmi" {
name = var.gke_cluster_name
Expand All @@ -7,7 +17,9 @@ resource "google_container_cluster" "udmi" {
# We can't create a cluster with no node pool defined, but we want to only use
# separately managed node pools. So we create the smallest possible default
# node pool and immediately delete it.


remove_default_node_pool = true

initial_node_count = var.gke_initial_node_count

network = var.create_vpc ? google_compute_network.vpc[0].name : null
Expand All @@ -25,23 +37,34 @@ resource "google_container_node_pool" "node_pool" {

# preemptible = true
machine_type = var.gke_machine_type

# Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
service_account = google_service_account.gke.email
oauth_scopes = [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring"
]
metadata = {
disable-legacy-endpoints = "true"
}
}
}

#This resource creates static IP
resource "google_compute_global_address" "udmi_global_address"{
name = "udmi-global-address"
project = var.gcp_project_id
}

#This resource creates clouddns entry
resource "google_dns_managed_zone" "udmi_dns_zone" {
name = var.gcp_project_name
dns_name = var.dns_name
project = var.gcp_project_id
}

#This resource creates A record in cloud dns
resource "google_dns_record_set" "dns_record" {
project = var.gcp_project_id
managed_zone = var.gcp_project_name
Expand All @@ -51,6 +74,7 @@ resource "google_dns_record_set" "dns_record" {
rrdatas = ["${google_compute_global_address.udmi_global_address.address}"]
}

#This resouce creates ssl certs
resource "google_compute_managed_ssl_certificate" "udmi_ssl_certs" {
name = "udmi-ssl"
project = var.gcp_project_id
Expand Down
4 changes: 2 additions & 2 deletions cloud/gcp/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,13 +90,13 @@ variable "dns_name" {
#ssl variable
variable "ssl_domains" {
type = list(string)
description = "list of domain names"
description = "Domains for which a managed SSL certificate will be valid"
}
##vpc variables##
variable "gcp_vpc_name" {
type = string
default = "udmi"
description = "vpc name"
description = "Name of the VPC will be created"
}
variable "ip_cidr_range" {
type = string
Expand Down