Terraform module that deploys essential core add-ons to your Google Kubernetes Engine (GKE) cluster. This Terraform module is also used as part of the GCP-GKE Cluster.dev stack template to start and provision a GKE cluster with add-ons in Google Cloud Platform.
The module installs the following add-ons to a GKE cluster:
-
Ingress-Nginx: Easily deploy the Ingress Nginx controller, which provides a powerful and scalable solution for managing external access to services within your GKE cluster. Ingress Nginx is crucial for routing external traffic to your applications.
-
External-DNS: Seamlessly configure External DNS for your GKE cluster. External DNS automatically manages DNS records in your chosen DNS provider based on changes in your cluster's services and Ingress resources. It simplifies DNS management and ensures that your applications are always reachable via DNS.
-
External-Secrets: Securely manage secrets in your GKE cluster using External Secrets. This module helps you integrate External Secrets, which allows you to fetch secrets from various secret stores and inject them into your pods as environment variables or files. This enhances the security and flexibility of secret management.
-
Cert-Manager: Deploy Cert-Manager to automate the management of SSL/TLS certificates in your GKE cluster. Cert-Manager simplifies the process of obtaining and renewing certificates from Let's Encrypt or other certificate authorities, ensuring that your applications are served over HTTPS securely.
-
Reloader: Automatically update ConfigMaps and Secrets in your Kubernetes cluster when their sources change. Reloader helps keep your cluster configuration up-to-date by watching for changes in ConfigMaps and Secrets and triggering updates when changes occur.
By using this Terraform module, you can streamline the deployment of these essential add-ons, including Reloader, and focus on developing and running your applications without worrying about the complexities of add-on setup.
To use this Terraform module for installing core add-ons in your GKE cluster, follow these steps:
-
Module Configuration: In your Terraform configuration, define the module and configure the necessary variables. Here's an example of how to include this module in your Terraform code:
module "gke_core_addons" { source = "github.com/shalb/terraform-gke-addons?ref=0.0.6" gke_endpoint = gke.endpoint gke_ca_certificate = gke.ca_certificate project_id = project_id enable_reloader = true enable_nginx = true enable_cert_manager = true enable_external_secrets = true enable_argocd = true enable_external_dns = true domain = "demo.gcp.cluster.dev" }
| Name | Version |
|---|---|
| terraform | >= 1.2.0 |
| >= 4.80.0 | |
| helm | >= 2.11.0 |
| kubernetes | >= 2.20.0 |
| null | >= 3.2.0 |
| random | >= 3.5.1 |
| Name | Version |
|---|---|
| 4.81.0 | |
| helm | 2.11.0 |
| random | 3.5.1 |
| Name | Source | Version |
|---|---|---|
| external_dns_workload_identity | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 27.0.0 |
| external_secrets_workload_identity | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 27.0.0 |
| Name | Type |
|---|---|
| helm_release.argocd | resource |
| helm_release.cert_manager | resource |
| helm_release.cluster_gcp_secret_store | resource |
| helm_release.cluster_issuer_letsencrypt_production | resource |
| helm_release.external_dns | resource |
| helm_release.external_secrets | resource |
| helm_release.ingress_nginx | resource |
| helm_release.reloader | resource |
| random_id.id | resource |
| google_client_config.client | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| argocd_chart_version | Argocd helm chart version | string |
"5.43.3" |
no |
| argocd_image_tag | Argocd docker image version | string |
"v2.8.0" |
no |
| argocd_password_bcrypted | Bctypted password (hash) for argocd web ui | string |
"" |
no |
| cert_manager_version | Cert manager helm chart version | string |
"v1.5.4" |
no |
| domain | DNS domain to create apps DNS records for applications | string |
n/a | yes |
| enable_argocd | Disable/enable ArgoCD addon | bool |
false |
no |
| enable_cert_manager | Disable/enable cert manager | bool |
false |
no |
| enable_external_dns | Disable/enable external dns | bool |
false |
no |
| enable_external_secrets | Disable/enable external secrets | bool |
false |
no |
| enable_nginx | Disable/enable Nginx Ingress | bool |
false |
no |
| enable_reloader | Disable/enable reloader | bool |
false |
no |
| external_dns_version | External dns helm chart version | string |
"6.5.6" |
no |
| external_secrets_version | External secrets helm chart version | string |
"0.9.4" |
no |
| gke_ca_certificate | gke cluster ca certificate | string |
"" |
no |
| gke_endpoint | gke cluster host endpoint | string |
"" |
no |
| ingress_nginx_version | Ingress nginx helm chart version | string |
"4.2.5" |
no |
| project_id | google project id | string |
"" |
no |
| reloader_version | Reloader chart version | string |
"v0.0.118" |
no |
No outputs.