This module handles the opinionated creation of infrastructure necessary to deploy Terraform Cloud agents on Google Kubernetes Engine (GKE).
This includes:
- Enabling necessary APIs
- VPC
- GKE Cluster
- Kubernetes Secret
Below are some examples:
This example shows how to deploy a simple GKE self hosted Terraform Cloud agent.
This example shows how to deploy a custom Terraform Cloud agent image with GKE.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_network | When set to true, VPC will be auto created | bool |
true |
no |
| create_service_account | Set to true to create a new service account, false to use an existing one | bool |
true |
no |
| ip_range_pods_cidr | The secondary IP range CIDR to use for pods | string |
"192.168.0.0/18" |
no |
| ip_range_pods_name | The secondary IP range to use for pods | string |
"ip-range-pods" |
no |
| ip_range_services_cider | The secondary IP range CIDR to use for services | string |
"192.168.64.0/18" |
no |
| ip_range_services_name | The secondary IP range to use for services | string |
"ip-range-scv" |
no |
| machine_type | Machine type for TFC agent node pool | string |
"n1-standard-4" |
no |
| max_node_count | Maximum number of nodes in the TFC agent node pool | number |
4 |
no |
| min_node_count | Minimum number of nodes in the TFC agent node pool | number |
2 |
no |
| network_name | Name for the VPC network | string |
"tfc-agent-network" |
no |
| network_project_id | The project ID of the shared VPCs host (for shared vpc support). If not provided, the project_id is used |
string |
"" |
no |
| project_id | The Google Cloud Platform project ID to deploy Terraform Cloud agent cluster | string |
n/a | yes |
| region | The GCP region to use when deploying resources | string |
"us-central1" |
no |
| service_account_email | Optional Service Account for the GKE nodes, required if create_service_account is set to false | string |
"" |
no |
| subnet_ip | IP range for the subnet | string |
"10.0.0.0/17" |
no |
| subnet_name | Name for the subnet | string |
"tfc-agent-subnet" |
no |
| tfc_agent_address | The HTTP or HTTPS address of the Terraform Cloud/Enterprise API | string |
"https://app.terraform.io" |
no |
| tfc_agent_auto_update | Controls automatic core updates behavior. Acceptable values include disabled, patch, and minor | string |
"minor" |
no |
| tfc_agent_cpu_request | CPU request for the Terraform Cloud agent container | string |
"2" |
no |
| tfc_agent_image | The Terraform Cloud agent image to use | string |
"hashicorp/tfc-agent:latest" |
no |
| tfc_agent_k8s_secrets | Name for the k8s secret required to configure TFC agent on GKE | string |
"tfc-agent-k8s-secrets" |
no |
| tfc_agent_max_replicas | Maximum replicas for the Terraform Cloud agent pod autoscaler | string |
"10" |
no |
| tfc_agent_memory_request | Memory request for the Terraform Cloud agent container | string |
"2Gi" |
no |
| tfc_agent_min_replicas | Minimum replicas for the Terraform Cloud agent pod autoscaler | string |
"1" |
no |
| tfc_agent_name_prefix | This name may be used in the Terraform Cloud user interface to help easily identify the agent | string |
"tfc-agent-k8s" |
no |
| tfc_agent_single | Enable single mode. This causes the agent to handle at most one job and immediately exit thereafter. Useful for running agents as ephemeral containers, VMs, or other isolated contexts with a higher-level scheduler or process supervisor. |
bool |
false |
no |
| tfc_agent_token | Terraform Cloud agent token. (Organization Settings >> Agents) | string |
n/a | yes |
| zones | The GCP zone to use when deploying resources | list(string) |
[ |
no |
| Name | Description |
|---|---|
| ca_certificate | The cluster CA certificate (base64 encoded) |
| client_token | The bearer token for auth |
| cluster_name | GKE cluster name |
| kubernetes_endpoint | The GKE cluster endpoint |
| location | GKE cluster location |
| network_name | Name of the VPC |
| service_account | The default service account used for TFC agent nodes |
| subnet_name | Name of the subnet in the VPC |
Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled:
-
Required APIs are activated
"iam.googleapis.com", "cloudresourcemanager.googleapis.com", "containerregistry.googleapis.com", "container.googleapis.com", "storage-component.googleapis.com", "logging.googleapis.com", "monitoring.googleapis.com"