Awesome
<!-- BEGIN_TF_DOCS -->Kubespot (GCP)
<img src="http://assets.opszero.com/images/auditkube.png" width="200px" />Compliance Oriented Kubernetes Setup for Google Cloud.
Tools & Setup
brew install kubectl kubernetes-helm google-cloud-sdk terraform
Terraform usage
gcloud auth activate-service-account --key-file=./account.json
terraform init && terraform get -update && terraform apply
gcloud config set account foo@opszero.com # Set account name
gcloud container clusters get-credentials <clustername> --region us-central1
Providers
| Name | Version |
|---|---|
| <a name="provider_google"></a> google | n/a |
| <a name="provider_helm"></a> helm | n/a |
| <a name="provider_http"></a> http | n/a |
| <a name="provider_null"></a> null | n/a |
| <a name="provider_random"></a> random | n/a |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| <a name="input_cluster_version"></a> cluster_version | The minimum version of the master | string | "1.27" | no |
| <a name="input_csi_secrets_store_enabled"></a> csi_secrets_store_enabled | Specify whether the CSI driver is enabled | bool | true | no |
| <a name="input_environment_name"></a> environment_name | The name of the environment to create resources | string | n/a | yes |
| <a name="input_project"></a> project | The Google Project that will host the cluster | string | n/a | yes |
| <a name="input_redis_enabled"></a> redis_enabled | Specify whether the redis cluster is enabled | bool | false | no |
| <a name="input_redis_ha_enabled"></a> redis_ha_enabled | Specify whether HA is enabled for redis | bool | false | no |
| <a name="input_redis_memory_in_gb"></a> redis_memory_in_gb | Redis memory size in GiB | number | 1 | no |
| <a name="input_region"></a> region | The location (region or zone) in which the cluster master will be created | string | "us-central1" | no |
| <a name="input_sql_enabled"></a> sql_enabled | Specify whether the sql instance is enabled | bool | false | no |
| <a name="input_sql_engine"></a> sql_engine | The sql version to use | string | "POSTGRES_15" | no |
| <a name="input_sql_instance_class"></a> sql_instance_class | The machine type to use | string | "db-f1-micro" | no |
| <a name="input_sql_master_password"></a> sql_master_password | The password for the db user | string | "" | no |
| <a name="input_sql_master_username"></a> sql_master_username | The name of the db user | string | "" | no |
| <a name="input_tags"></a> tags | Terraform map to create custom tags for the Google resources | map | {} | no |
Resources
| Name | Type |
|---|---|
| google_compute_global_address.private_ip_address | resource |
| google_compute_network.network | resource |
| google_compute_subnetwork.subnet | resource |
| google_container_cluster.cluster | resource |
| google_kms_crypto_key.key | resource |
| google_kms_key_ring.keyring | resource |
| google_redis_instance.cache | resource |
| google_service_networking_connection.private_vpc_connection | resource |
| google_sql_database_instance.default | resource |
| google_sql_user.user | resource |
| helm_release.csi_secrets_store | resource |
| null_resource.csi_secrets_store_aws_provider | resource |
| null_resource.sql_vpc_lock | resource |
| random_id.server | resource |
| google_client_config.current | data source |
| http_http.csi_secrets_store_gcp_provider | data source |
Outputs
| Name | Description |
|---|---|
| <a name="output_private_vpc_network"></a> private_vpc_network | n/a |
| <a name="output_sql_database"></a> sql_database | n/a |
🚀 Built by opsZero!
<a href="https://opszero.com"><img src="https://opszero.com/wp-content/uploads/2024/07/opsZero_logo_svg.svg" width="300px"/></a>
Since 2016 opsZero has been providing Kubernetes expertise to companies of all sizes on any Cloud. With a focus on AI and Compliance we can say we seen it all whether SOC2, HIPAA, PCI-DSS, ITAR, FedRAMP, CMMC we have you and your customers covered.
We provide support to organizations in the following ways:
- Modernize or Migrate to Kubernetes
- Cloud Infrastructure with Kubernetes on AWS, Azure, Google Cloud, or Bare Metal
- Building AI and Data Pipelines on Kubernetes
- Optimizing Existing Kubernetes Workloads
We do this with a high-touch support model where you:
- Get access to us on Slack, Microsoft Teams or Email
- Get 24/7 coverage of your infrastructure
- Get an accelerated migration to Kubernetes
Please schedule a call if you need support.
<br/><br/>
<div style="display: block"> <img src="https://opszero.com/wp-content/uploads/2024/07/aws-advanced.png" width="150px" /> <img src="https://opszero.com/wp-content/uploads/2024/07/AWS-public-sector.png" width="150px" /> <img src="https://opszero.com/wp-content/uploads/2024/07/AWS-eks.png" width="150px" /> </div> <!-- END_TF_DOCS -->