-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terraform Module GKE #15
Conversation
sandbox_type = sandbox_config.value | ||
} | ||
} | ||
|
||
boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", "") | ||
|
||
shielded_instance_config { | ||
enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) | ||
enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) | ||
} | ||
} | ||
} | ||
|
||
dynamic "resource_usage_export_config" { | ||
for_each = var.resource_usage_export_dataset_id != "" ? [{ | ||
enable_network_egress_metering = var.enable_network_egress_export | ||
enable_resource_consumption_metering = var.enable_resource_consumption_export | ||
dataset_id = var.resource_usage_export_dataset_id | ||
}] : [] | ||
|
||
content { | ||
enable_network_egress_metering = resource_usage_export_config.value.enable_network_egress_metering | ||
enable_resource_consumption_metering = resource_usage_export_config.value.enable_resource_consumption_metering | ||
bigquery_destination { | ||
dataset_id = resource_usage_export_config.value.dataset_id | ||
} | ||
} | ||
} | ||
|
||
dynamic "private_cluster_config" { | ||
for_each = var.enable_private_nodes ? [{ | ||
enable_private_nodes = var.enable_private_nodes, | ||
enable_private_endpoint = var.enable_private_endpoint | ||
master_ipv4_cidr_block = var.master_ipv4_cidr_block | ||
}] : [] | ||
|
||
content { | ||
enable_private_endpoint = private_cluster_config.value.enable_private_endpoint | ||
enable_private_nodes = private_cluster_config.value.enable_private_nodes | ||
master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block | ||
dynamic "master_global_access_config" { | ||
for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : [] | ||
content { | ||
enabled = master_global_access_config.value | ||
} | ||
} | ||
} | ||
} | ||
|
||
remove_default_node_pool = var.remove_default_node_pool | ||
|
||
dynamic "database_encryption" { | ||
for_each = var.database_encryption | ||
|
||
content { | ||
key_name = database_encryption.value.key_name | ||
state = database_encryption.value.state | ||
} | ||
} | ||
|
||
dynamic "workload_identity_config" { | ||
for_each = local.cluster_workload_identity_config | ||
|
||
content { | ||
workload_pool = workload_identity_config.value.workload_pool | ||
} | ||
} | ||
|
||
dynamic "mesh_certificates" { | ||
for_each = local.cluster_mesh_certificates_config | ||
|
||
content { | ||
enable_certificates = mesh_certificates.value.enable_certificates | ||
} | ||
} | ||
|
||
dynamic "authenticator_groups_config" { | ||
for_each = local.cluster_authenticator_security_group | ||
content { | ||
security_group = authenticator_groups_config.value.security_group | ||
} | ||
} | ||
|
||
notification_config { | ||
pubsub { | ||
enabled = var.notification_config_topic != "" ? true : false | ||
topic = var.notification_config_topic | ||
} | ||
} | ||
|
||
node_pool_defaults { | ||
node_config_defaults { | ||
gcfs_config { | ||
enabled = var.enable_gcfs | ||
} | ||
} | ||
} | ||
|
||
depends_on = [google_project_iam_member.service_agent] | ||
} |
Check failure
Code scanning / defsec
Master authorized networks should be configured on GKE clusters Error
sandbox_type = sandbox_config.value | ||
} | ||
} | ||
|
||
boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", "") | ||
|
||
shielded_instance_config { | ||
enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) | ||
enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) | ||
} | ||
} | ||
} | ||
|
||
dynamic "resource_usage_export_config" { | ||
for_each = var.resource_usage_export_dataset_id != "" ? [{ | ||
enable_network_egress_metering = var.enable_network_egress_export | ||
enable_resource_consumption_metering = var.enable_resource_consumption_export | ||
dataset_id = var.resource_usage_export_dataset_id | ||
}] : [] | ||
|
||
content { | ||
enable_network_egress_metering = resource_usage_export_config.value.enable_network_egress_metering | ||
enable_resource_consumption_metering = resource_usage_export_config.value.enable_resource_consumption_metering | ||
bigquery_destination { | ||
dataset_id = resource_usage_export_config.value.dataset_id | ||
} | ||
} | ||
} | ||
|
||
dynamic "private_cluster_config" { | ||
for_each = var.enable_private_nodes ? [{ | ||
enable_private_nodes = var.enable_private_nodes, | ||
enable_private_endpoint = var.enable_private_endpoint | ||
master_ipv4_cidr_block = var.master_ipv4_cidr_block | ||
}] : [] | ||
|
||
content { | ||
enable_private_endpoint = private_cluster_config.value.enable_private_endpoint | ||
enable_private_nodes = private_cluster_config.value.enable_private_nodes | ||
master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block | ||
dynamic "master_global_access_config" { | ||
for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : [] | ||
content { | ||
enabled = master_global_access_config.value | ||
} | ||
} | ||
} | ||
} | ||
|
||
remove_default_node_pool = var.remove_default_node_pool | ||
|
||
dynamic "database_encryption" { | ||
for_each = var.database_encryption | ||
|
||
content { | ||
key_name = database_encryption.value.key_name | ||
state = database_encryption.value.state | ||
} | ||
} | ||
|
||
dynamic "workload_identity_config" { | ||
for_each = local.cluster_workload_identity_config | ||
|
||
content { | ||
workload_pool = workload_identity_config.value.workload_pool | ||
} | ||
} | ||
|
||
dynamic "mesh_certificates" { | ||
for_each = local.cluster_mesh_certificates_config | ||
|
||
content { | ||
enable_certificates = mesh_certificates.value.enable_certificates | ||
} | ||
} | ||
|
||
dynamic "authenticator_groups_config" { | ||
for_each = local.cluster_authenticator_security_group | ||
content { | ||
security_group = authenticator_groups_config.value.security_group | ||
} | ||
} | ||
|
||
notification_config { | ||
pubsub { | ||
enabled = var.notification_config_topic != "" ? true : false | ||
topic = var.notification_config_topic | ||
} | ||
} | ||
|
||
node_pool_defaults { | ||
node_config_defaults { | ||
gcfs_config { | ||
enabled = var.enable_gcfs | ||
} | ||
} | ||
} | ||
|
||
depends_on = [google_project_iam_member.service_agent] | ||
} |
Check warning
Code scanning / defsec
Network Policy should be enabled on GKE clusters Warning
sandbox_type = sandbox_config.value | ||
} | ||
} | ||
|
||
boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", "") | ||
|
||
shielded_instance_config { | ||
enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) | ||
enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) | ||
} | ||
} | ||
} | ||
|
||
dynamic "resource_usage_export_config" { | ||
for_each = var.resource_usage_export_dataset_id != "" ? [{ | ||
enable_network_egress_metering = var.enable_network_egress_export | ||
enable_resource_consumption_metering = var.enable_resource_consumption_export | ||
dataset_id = var.resource_usage_export_dataset_id | ||
}] : [] | ||
|
||
content { | ||
enable_network_egress_metering = resource_usage_export_config.value.enable_network_egress_metering | ||
enable_resource_consumption_metering = resource_usage_export_config.value.enable_resource_consumption_metering | ||
bigquery_destination { | ||
dataset_id = resource_usage_export_config.value.dataset_id | ||
} | ||
} | ||
} | ||
|
||
dynamic "private_cluster_config" { | ||
for_each = var.enable_private_nodes ? [{ | ||
enable_private_nodes = var.enable_private_nodes, | ||
enable_private_endpoint = var.enable_private_endpoint | ||
master_ipv4_cidr_block = var.master_ipv4_cidr_block | ||
}] : [] | ||
|
||
content { | ||
enable_private_endpoint = private_cluster_config.value.enable_private_endpoint | ||
enable_private_nodes = private_cluster_config.value.enable_private_nodes | ||
master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block | ||
dynamic "master_global_access_config" { | ||
for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : [] | ||
content { | ||
enabled = master_global_access_config.value | ||
} | ||
} | ||
} | ||
} | ||
|
||
remove_default_node_pool = var.remove_default_node_pool | ||
|
||
dynamic "database_encryption" { | ||
for_each = var.database_encryption | ||
|
||
content { | ||
key_name = database_encryption.value.key_name | ||
state = database_encryption.value.state | ||
} | ||
} | ||
|
||
dynamic "workload_identity_config" { | ||
for_each = local.cluster_workload_identity_config | ||
|
||
content { | ||
workload_pool = workload_identity_config.value.workload_pool | ||
} | ||
} | ||
|
||
dynamic "mesh_certificates" { | ||
for_each = local.cluster_mesh_certificates_config | ||
|
||
content { | ||
enable_certificates = mesh_certificates.value.enable_certificates | ||
} | ||
} | ||
|
||
dynamic "authenticator_groups_config" { | ||
for_each = local.cluster_authenticator_security_group | ||
content { | ||
security_group = authenticator_groups_config.value.security_group | ||
} | ||
} | ||
|
||
notification_config { | ||
pubsub { | ||
enabled = var.notification_config_topic != "" ? true : false | ||
topic = var.notification_config_topic | ||
} | ||
} | ||
|
||
node_pool_defaults { | ||
node_config_defaults { | ||
gcfs_config { | ||
enabled = var.enable_gcfs | ||
} | ||
} | ||
} | ||
|
||
depends_on = [google_project_iam_member.service_agent] | ||
} |
Check warning
Code scanning / defsec
Clusters should be set to private Warning
sandbox_type = sandbox_config.value | ||
} | ||
} | ||
|
||
boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", "") | ||
|
||
shielded_instance_config { | ||
enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) | ||
enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) | ||
} | ||
} | ||
} | ||
|
||
dynamic "resource_usage_export_config" { | ||
for_each = var.resource_usage_export_dataset_id != "" ? [{ | ||
enable_network_egress_metering = var.enable_network_egress_export | ||
enable_resource_consumption_metering = var.enable_resource_consumption_export | ||
dataset_id = var.resource_usage_export_dataset_id | ||
}] : [] | ||
|
||
content { | ||
enable_network_egress_metering = resource_usage_export_config.value.enable_network_egress_metering | ||
enable_resource_consumption_metering = resource_usage_export_config.value.enable_resource_consumption_metering | ||
bigquery_destination { | ||
dataset_id = resource_usage_export_config.value.dataset_id | ||
} | ||
} | ||
} | ||
|
||
dynamic "private_cluster_config" { | ||
for_each = var.enable_private_nodes ? [{ | ||
enable_private_nodes = var.enable_private_nodes, | ||
enable_private_endpoint = var.enable_private_endpoint | ||
master_ipv4_cidr_block = var.master_ipv4_cidr_block | ||
}] : [] | ||
|
||
content { | ||
enable_private_endpoint = private_cluster_config.value.enable_private_endpoint | ||
enable_private_nodes = private_cluster_config.value.enable_private_nodes | ||
master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block | ||
dynamic "master_global_access_config" { | ||
for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : [] | ||
content { | ||
enabled = master_global_access_config.value | ||
} | ||
} | ||
} | ||
} | ||
|
||
remove_default_node_pool = var.remove_default_node_pool | ||
|
||
dynamic "database_encryption" { | ||
for_each = var.database_encryption | ||
|
||
content { | ||
key_name = database_encryption.value.key_name | ||
state = database_encryption.value.state | ||
} | ||
} | ||
|
||
dynamic "workload_identity_config" { | ||
for_each = local.cluster_workload_identity_config | ||
|
||
content { | ||
workload_pool = workload_identity_config.value.workload_pool | ||
} | ||
} | ||
|
||
dynamic "mesh_certificates" { | ||
for_each = local.cluster_mesh_certificates_config | ||
|
||
content { | ||
enable_certificates = mesh_certificates.value.enable_certificates | ||
} | ||
} | ||
|
||
dynamic "authenticator_groups_config" { | ||
for_each = local.cluster_authenticator_security_group | ||
content { | ||
security_group = authenticator_groups_config.value.security_group | ||
} | ||
} | ||
|
||
notification_config { | ||
pubsub { | ||
enabled = var.notification_config_topic != "" ? true : false | ||
topic = var.notification_config_topic | ||
} | ||
} | ||
|
||
node_pool_defaults { | ||
node_config_defaults { | ||
gcfs_config { | ||
enabled = var.enable_gcfs | ||
} | ||
} | ||
} | ||
|
||
depends_on = [google_project_iam_member.service_agent] | ||
} |
Check failure
Code scanning / defsec
Pod security policy enforcement not defined. Error
sandbox_type = sandbox_config.value | ||
} | ||
} | ||
|
||
boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", "") | ||
|
||
shielded_instance_config { | ||
enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) | ||
enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) | ||
} | ||
} | ||
} | ||
|
||
dynamic "resource_usage_export_config" { | ||
for_each = var.resource_usage_export_dataset_id != "" ? [{ | ||
enable_network_egress_metering = var.enable_network_egress_export | ||
enable_resource_consumption_metering = var.enable_resource_consumption_export | ||
dataset_id = var.resource_usage_export_dataset_id | ||
}] : [] | ||
|
||
content { | ||
enable_network_egress_metering = resource_usage_export_config.value.enable_network_egress_metering | ||
enable_resource_consumption_metering = resource_usage_export_config.value.enable_resource_consumption_metering | ||
bigquery_destination { | ||
dataset_id = resource_usage_export_config.value.dataset_id | ||
} | ||
} | ||
} | ||
|
||
dynamic "private_cluster_config" { | ||
for_each = var.enable_private_nodes ? [{ | ||
enable_private_nodes = var.enable_private_nodes, | ||
enable_private_endpoint = var.enable_private_endpoint | ||
master_ipv4_cidr_block = var.master_ipv4_cidr_block | ||
}] : [] | ||
|
||
content { | ||
enable_private_endpoint = private_cluster_config.value.enable_private_endpoint | ||
enable_private_nodes = private_cluster_config.value.enable_private_nodes | ||
master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block | ||
dynamic "master_global_access_config" { | ||
for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : [] | ||
content { | ||
enabled = master_global_access_config.value | ||
} | ||
} | ||
} | ||
} | ||
|
||
remove_default_node_pool = var.remove_default_node_pool | ||
|
||
dynamic "database_encryption" { | ||
for_each = var.database_encryption | ||
|
||
content { | ||
key_name = database_encryption.value.key_name | ||
state = database_encryption.value.state | ||
} | ||
} | ||
|
||
dynamic "workload_identity_config" { | ||
for_each = local.cluster_workload_identity_config | ||
|
||
content { | ||
workload_pool = workload_identity_config.value.workload_pool | ||
} | ||
} | ||
|
||
dynamic "mesh_certificates" { | ||
for_each = local.cluster_mesh_certificates_config | ||
|
||
content { | ||
enable_certificates = mesh_certificates.value.enable_certificates | ||
} | ||
} | ||
|
||
dynamic "authenticator_groups_config" { | ||
for_each = local.cluster_authenticator_security_group | ||
content { | ||
security_group = authenticator_groups_config.value.security_group | ||
} | ||
} | ||
|
||
notification_config { | ||
pubsub { | ||
enabled = var.notification_config_topic != "" ? true : false | ||
topic = var.notification_config_topic | ||
} | ||
} | ||
|
||
node_pool_defaults { | ||
node_config_defaults { | ||
gcfs_config { | ||
enabled = var.enable_gcfs | ||
} | ||
} | ||
} | ||
|
||
depends_on = [google_project_iam_member.service_agent] | ||
} |
Check notice
Code scanning / defsec
Clusters should be configured with Labels Note
} | ||
|
||
dynamic "local_nvme_ssd_block_config" { | ||
for_each = lookup(each.value, "local_nvme_ssd_count", 0) > 0 ? [1] : [] | ||
content { | ||
local_ssd_count = local_nvme_ssd_block_config.value | ||
} | ||
} | ||
|
||
service_account = lookup( | ||
each.value, | ||
"service_account", | ||
local.service_account, | ||
) | ||
preemptible = lookup(each.value, "preemptible", false) | ||
spot = lookup(each.value, "spot", false) | ||
|
||
oauth_scopes = concat( | ||
local.node_pools_oauth_scopes["all"], | ||
local.node_pools_oauth_scopes[each.value["name"]], | ||
) | ||
|
||
dynamic "guest_accelerator" { | ||
for_each = lookup(each.value, "accelerator_count", 0) > 0 ? [1] : [] | ||
content { | ||
type = lookup(each.value, "accelerator_type", "") | ||
count = lookup(each.value, "accelerator_count", 0) | ||
gpu_partition_size = lookup(each.value, "gpu_partition_size", null) | ||
|
||
dynamic "gpu_driver_installation_config" { | ||
for_each = lookup(each.value, "gpu_driver_version", "") != "" ? [1] : [] | ||
content { | ||
gpu_driver_version = lookup(each.value, "gpu_driver_version", "") | ||
} | ||
} | ||
} | ||
} | ||
|
||
dynamic "workload_metadata_config" { | ||
for_each = local.cluster_node_metadata_config | ||
|
||
content { | ||
mode = lookup(each.value, "node_metadata", workload_metadata_config.value.mode) | ||
} | ||
} | ||
|
||
dynamic "sandbox_config" { | ||
for_each = tobool((lookup(each.value, "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] | ||
content { | ||
sandbox_type = sandbox_config.value | ||
} | ||
} | ||
|
||
dynamic "kubelet_config" { | ||
for_each = length(setintersection( | ||
keys(each.value), | ||
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period"] | ||
)) != 0 ? [1] : [] | ||
|
||
content { | ||
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static") | ||
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null) | ||
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null) | ||
} | ||
} | ||
|
||
dynamic "linux_node_config" { | ||
for_each = length(merge( | ||
local.node_pools_linux_node_configs_sysctls["all"], | ||
local.node_pools_linux_node_configs_sysctls[each.value["name"]] | ||
)) != 0 ? [1] : [] | ||
|
||
content { | ||
sysctls = merge( | ||
local.node_pools_linux_node_configs_sysctls["all"], | ||
local.node_pools_linux_node_configs_sysctls[each.value["name"]] | ||
) | ||
} | ||
} | ||
|
||
boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") | ||
|
||
shielded_instance_config { | ||
enable_secure_boot = lookup(each.value, "enable_secure_boot", false) | ||
enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) | ||
} | ||
} | ||
|
||
lifecycle { | ||
ignore_changes = [initial_node_count] | ||
|
||
} | ||
|
||
timeouts { | ||
create = lookup(var.timeouts, "create", "45m") | ||
update = lookup(var.timeouts, "update", "45m") | ||
delete = lookup(var.timeouts, "delete", "45m") | ||
} | ||
|
||
} |
Check failure
Code scanning / defsec
Legacy metadata endpoints enabled. Error
|
istio = false | ||
network_policy = true | ||
ip_range_services = "services" | ||
create_service_account = false | ||
cluster_resource_labels = { env = "test" } | ||
service_account = "example@example.gserviceaccount.com" | ||
remove_default_node_pool = true | ||
disable_legacy_metadata_endpoints = true | ||
deletion_protection = false | ||
|
||
|
||
node_pools = [ | ||
{ | ||
name = "critical" | ||
master_version = "1.30.2-gke.1587003" | ||
machine_type = "g1-small" | ||
node_locations = "us-central1-c" | ||
min_count = 1 | ||
max_count = 1 | ||
local_ssd_count = 0 | ||
spot = true | ||
disk_size_gb = 10 | ||
disk_type = "pd-standard" | ||
image_type = "cos_containerd" | ||
enable_gcfs = false | ||
enable_gvnic = false | ||
logging_variant = "DEFAULT" | ||
auto_repair = true | ||
auto_upgrade = true | ||
create_service_account = false | ||
service_account = "example@example.gserviceaccount.com" | ||
preemptible = false | ||
initial_node_count = 1 | ||
enable_node_pool_autoscaling = false | ||
enable_private_nodes = true | ||
|
||
}, | ||
{ | ||
name = "application" | ||
master_version = "1.30.2-gke.1587003" | ||
machine_type = "g1-small" | ||
node_locations = "us-central1-c" | ||
min_count = 1 | ||
max_count = 2 | ||
local_ssd_count = 0 | ||
spot = true | ||
disk_size_gb = 10 | ||
disk_type = "pd-standard" | ||
image_type = "cos_containerd" | ||
enable_gcfs = false | ||
enable_gvnic = false | ||
logging_variant = "DEFAULT" | ||
auto_repair = true | ||
auto_upgrade = true | ||
create_service_account = false | ||
service_account = "example@example.gserviceaccount.com" | ||
preemptible = false | ||
initial_node_count = 1 | ||
enable_node_pool_autoscaling = true | ||
enable_private_nodes = true | ||
}, | ||
] | ||
|
||
node_pools_labels = { | ||
all = {} | ||
|
||
default-node-pool = { | ||
default-node-pool = true | ||
} | ||
} | ||
|
||
node_pools_metadata = { | ||
all = {} | ||
|
||
default-node-pool = { | ||
node-pool-metadata-custom-value = "my-node-pool" | ||
} | ||
} | ||
|
||
node_pools_taints = { | ||
all = [] | ||
|
||
default-node-pool = [ | ||
{ | ||
key = "default-node-pool" | ||
value = true | ||
effect = "PREFER_NO_SCHEDULE" | ||
}, | ||
] | ||
} | ||
|
||
node_pools_tags = { | ||
all = [] | ||
|
||
default-node-pool = [ | ||
"default-node-pool", | ||
] | ||
} | ||
|
||
} |
Check failure
Code scanning / defsec
Master authorized networks should be configured on GKE clusters Error
istio = false | ||
network_policy = true | ||
ip_range_services = "services" | ||
create_service_account = false | ||
cluster_resource_labels = { env = "test" } | ||
service_account = "example@example.gserviceaccount.com" | ||
remove_default_node_pool = true | ||
disable_legacy_metadata_endpoints = true | ||
deletion_protection = false | ||
|
||
|
||
node_pools = [ | ||
{ | ||
name = "critical" | ||
master_version = "1.30.2-gke.1587003" | ||
machine_type = "g1-small" | ||
node_locations = "us-central1-c" | ||
min_count = 1 | ||
max_count = 1 | ||
local_ssd_count = 0 | ||
spot = true | ||
disk_size_gb = 10 | ||
disk_type = "pd-standard" | ||
image_type = "cos_containerd" | ||
enable_gcfs = false | ||
enable_gvnic = false | ||
logging_variant = "DEFAULT" | ||
auto_repair = true | ||
auto_upgrade = true | ||
create_service_account = false | ||
service_account = "example@example.gserviceaccount.com" | ||
preemptible = false | ||
initial_node_count = 1 | ||
enable_node_pool_autoscaling = false | ||
enable_private_nodes = true | ||
|
||
}, | ||
{ | ||
name = "application" | ||
master_version = "1.30.2-gke.1587003" | ||
machine_type = "g1-small" | ||
node_locations = "us-central1-c" | ||
min_count = 1 | ||
max_count = 2 | ||
local_ssd_count = 0 | ||
spot = true | ||
disk_size_gb = 10 | ||
disk_type = "pd-standard" | ||
image_type = "cos_containerd" | ||
enable_gcfs = false | ||
enable_gvnic = false | ||
logging_variant = "DEFAULT" | ||
auto_repair = true | ||
auto_upgrade = true | ||
create_service_account = false | ||
service_account = "example@example.gserviceaccount.com" | ||
preemptible = false | ||
initial_node_count = 1 | ||
enable_node_pool_autoscaling = true | ||
enable_private_nodes = true | ||
}, | ||
] | ||
|
||
node_pools_labels = { | ||
all = {} | ||
|
||
default-node-pool = { | ||
default-node-pool = true | ||
} | ||
} | ||
|
||
node_pools_metadata = { | ||
all = {} | ||
|
||
default-node-pool = { | ||
node-pool-metadata-custom-value = "my-node-pool" | ||
} | ||
} | ||
|
||
node_pools_taints = { | ||
all = [] | ||
|
||
default-node-pool = [ | ||
{ | ||
key = "default-node-pool" | ||
value = true | ||
effect = "PREFER_NO_SCHEDULE" | ||
}, | ||
] | ||
} | ||
|
||
node_pools_tags = { | ||
all = [] | ||
|
||
default-node-pool = [ | ||
"default-node-pool", | ||
] | ||
} | ||
|
||
} |
Check failure
Code scanning / defsec
Pod security policy enforcement not defined. Error
|
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
what