-
Notifications
You must be signed in to change notification settings - Fork 3
/
main.tf
79 lines (73 loc) · 2.65 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
data "google_project" "project" {}
data "google_client_config" "default" {}
module "foundations" {
source = "../modules/foundation"
project_number = data.google_project.project.number
project_id = data.google_project.project.project_id
spanner_config = "regional-us-central1"
memorystore_tier = "BASIC"
memorystore_size = 1
gbash_role = "roles/editor"
}
module "primary" {
source = "../modules/instance"
name = "isidro-us"
vpc = module.foundations.vpc_name
auxiliary_range = "172.16.0.0/18"
pods_range = "172.16.64.0/19"
services_range = "172.16.96.0/19"
region = "us-central1"
zones = ["us-central1-c"]
node_count = 1
nodes_service_account = module.foundations.nodes_sa_email
spot = false
machine_type = "e2-standard-8"
binauthz_attestor_name = module.foundations.binauthz_attestor
providers = {
kubernetes = kubernetes.primary
}
}
provider "kubernetes" {
alias = "primary"
host = "https://${module.primary.endpoint}"
token = data.google_client_config.default.access_token
cluster_ca_certificate = base64decode(module.primary.ca_certificate)
}
module "config" {
source = "../modules/instance"
name = "isidro-config"
vpc = module.foundations.vpc_name
auxiliary_range = "172.17.0.0/18"
pods_range = "172.17.64.0/19"
services_range = "172.17.96.0/19"
region = "northamerica-northeast1"
zones = ["northamerica-northeast1-b", "northamerica-northeast1-c"]
node_count = 0
autoprovisioning = true
nodes_service_account = module.foundations.nodes_sa_email
spot = false
machine_type = "e2-highcpu-4"
binauthz_attestor_name = module.foundations.binauthz_attestor
providers = {
kubernetes = kubernetes.config
}
}
provider "kubernetes" {
alias = "config"
host = "https://${module.config.endpoint}"
token = data.google_client_config.default.access_token
cluster_ca_certificate = base64decode(module.config.ca_certificate)
}
resource "google_gke_hub_feature" "mci" {
depends_on = [
module.config
]
name = "multiclusteringress"
location = "global"
spec {
multiclusteringress {
config_membership = "projects/${data.google_project.project.project_id}/locations/global/memberships/${module.config.name}-membership"
}
}
provider = google-beta
}