Skip to content
/ terraform-yandex-kubernetes Public

Terraform module to manage Kubernetes (K8S) resources within the Yandex.Cloud.

License

Apache-2.0 license
13 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

terraform-yacloud-modules/terraform-yandex-kubernetes

BranchesTags

Repository files navigation

Yandex Cloud Kubernetes Terraform module

Terraform module which creates Yandex Cloud Kubernetes resources.

Examples

Examples codified under the examples are intended to give users references for how to use the module(s) as well as testing/validating changes to the source code of the module. If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!

Requirements

Name Version
terraform >= 1.3
tls >= 3.1.0
yandex >= 0.72.0

Providers

Name Version
tls >= 3.1.0
yandex >= 0.72.0

Modules

No modules.

Resources

Name Type
tls_private_key.default_ssh_key resource
yandex_kubernetes_cluster.main resource
yandex_kubernetes_node_group.node_groups resource
yandex_logging_group.main resource
yandex_client_config.client data source

Inputs

Name Description Type Default Required
cluster_ipv4_range CIDR block. IP range for allocating pod addresses. It should not overlap with
any subnet in the network the K8S cluster located in. Static routes will
be set up for this CIDR blocks in node subnets		 string null no
cluster_ipv6_range Identical to cluster_ipv4_range but for IPv6 protocol string null no
cni_type Type of K8S CNI which will be used for the cluster string "calico" no
description K8S cluster description string "" no
enable_oslogin Enable OS Login for node groups bool false no
generate_default_ssh_key If true, SSH key for node groups will be generated bool true no
kms_provider_key_id K8S cluster KMS key ID string null no
labels A set of labels to assign to the K8S cluster map(string) {} no
master_auto_upgrade Boolean flag that specifies if master can be upgraded automatically bool false no
master_locations List of locations where cluster will be created. If list contains only one
location, will be created zonal cluster, if more than one -- regional		 
list(object({
    subnet_id = string
    zone      = string
  }))
 n/a yes
master_logging Master logging 
object({
    enabled                    = bool
    create_log_group           = optional(bool, true)
    log_group_retention_period = optional(string, "168h")
    log_group_id               = optional(string, "")
    audit_enabled              = optional(bool, true)
    kube_apiserver_enabled     = optional(bool, true)
    cluster_autoscaler_enabled = optional(bool, true)
    events_enabled             = optional(bool, true)
  })
 
{
  "enabled": false
}
 no
master_maintenance_windows List of structures that specifies maintenance windows,
when auto update for master is allowed

E.g:
master_maintenance_windows = [
    {
      start_time = "10:00"
      duration   = "5h"
    }
  ]
 list(map(string)) 
[
  {
    "duration": "3h",
    "start_time": "23:00"
  }
]
 no
master_public_ip Boolean flag. When true, K8S master will have visible ipv4 address bool true no
master_region Name of region where cluster will be created. Required for regional cluster,
not used for zonal cluster		 string null no
master_security_group_ids List of security group IDs to which the K8S cluster belongs set(string) null no
master_version Version of K8S that will be used for master string "1.27" no
name K8S cluster name string n/a yes
network_id The ID of the cluster network string null no
node_groups K8S node groups 
map(object({
    description               = optional(string, null)
    labels                    = optional(map(string), null)
    version                   = optional(string, null)
    metadata                  = optional(map(string), {})
    platform_id               = optional(string, null)
    memory                    = optional(string, 2)
    cores                     = optional(string, 2)
    core_fraction             = optional(string, 100)
    gpus                      = optional(string, null)
    boot_disk_type            = optional(string, "network-hdd")
    boot_disk_size            = optional(string, 100)
    preemptible               = optional(bool, false)
    placement_group_id        = optional(string, null)
    nat                       = optional(bool, false)
    security_group_ids        = optional(list(string))
    network_acceleration_type = optional(string, null)
    container_runtime_type    = optional(string, "containerd")
    fixed_scale               = optional(map(string), null)
    auto_scale                = optional(map(string), null)
    auto_repair               = optional(bool, true)
    auto_upgrade              = optional(bool, true)
    maintenance_windows       = optional(list(any))
    node_labels               = optional(map(string), null)
    node_taints               = optional(list(string), null)
    allowed_unsafe_sysctls    = optional(list(string), [])
    max_expansion             = optional(string, null)
    max_unavailable           = optional(string, null)
    zones                     = optional(list(string), null)
    subnet_ids                = optional(list(string), null)
  }))
 {} no
node_groups_default_security_groups_ids A list of default IDs for node groups. Will be used if node_groups[].security_group_ids is empty list(string) [] no
node_groups_locations Locations of K8S node groups. If omitted, master_locations will be used 
list(object({
    subnet_id = string
    zone      = string
  }))
 null no
node_groups_ssh_keys Map containing SSH keys to install on all K8S node servers by default map(list(string)) {} no
node_ipv4_cidr_mask_size Size of the masks that are assigned to each node in the cluster. Effectively
limits maximum number of pods for each node		 number null no
node_name_prefix The prefix for node group name string "" no
node_service_account_id ID of service account to be used by the worker nodes of the K8S
cluster to access Container Registry or to push node logs and metrics.

If omitted or equal to service_account_id, service account will be used
as node service account.		 string null no
nodes_default_ssh_user Default SSH user for node groups. Used only if generate_default_ssh_key == true string "ubuntu" no
release_channel K8S cluster release channel string "STABLE" no
service_account_id ID of existing service account to be used for provisioning Compute Cloud
and VPC resources for K8S cluster. Selected service account should have
edit role on the folder where the K8S cluster will be located and on the
folder where selected network resides		 string null no
service_ipv4_range CIDR block. IP range K8S service K8S cluster IP addresses
will be allocated from. It should not overlap with any subnet in the network
the K8S cluster located in		 string null no
service_ipv6_range Identical to service_ipv4_range but for IPv6 protocol string null no

Outputs

Name Description
cluster_ca_certificate PEM-encoded public certificate that is the root of trust for the K8S cluster
cluster_id ID of a new K8S cluster
default_ssh_key_prv Default node groups that is attached to all node groups
default_ssh_key_pub Default node groups that is attached to all node groups
external_v4_endpoint An IPv4 external network address that is assigned to the master
internal_v4_endpoint An IPv4 internal network address that is assigned to the master
node_groups Attributes of yandex_node_group resources created in cluster

License

Apache-2.0 Licensed. See LICENSE.

About

Terraform module to manage Kubernetes (K8S) resources within the Yandex.Cloud.

Topics

kubernetes yandex terraform iac k8s hacktoberfest terraform-modules yandex-cloud

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

13 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 17

v1.1.0 Latest
Jul 20, 2024
+ 16 releases

Packages

No packages published

Contributors 5

Languages