k8s_cluster = Cluster(
"gke-cluster",
name=CLUSTER_NAME,
# Zone is read automagically from the stack config file
# Cluster version
min_master_version=MASTER_VERSION,
master_auth={
# Pulumi requires one of clientCertificateConfig, password, or username. If
# Username is not present, then basic auth is disabled.
# See docs (master_auth): https://github.com/pulumi/pulumi-gcp/blob/master/sdk/python/pulumi_gcp/container/cluster.py
# This is the equivalent of --no-enable-basic-auth
"password": ""
},
# Networking
network=f"projects/{project}/global/networks/opsnet",
subnetwork=f"projects/{project}/regions/{region}/subnetworks/opsnet",
ip_allocation_policy={
# This empty dict enables IP aliasing (equivalent of --enable-ip-alias)
},
default_max_pods_per_node="110",
node_pools=[{
"initial_node_count": NODE_COUNT,
"management": {
"autoRepair": True,
"autoUpgrade": True
},
"node_config": {
"machine_type":
NODE_MACHINE_TYPE,
"imageType":
IMAGE_TYPE,
"diskType":
DISK_TYPE,
"disk_size_gb":
DISK_SIZE_GB,
"oauth_scopes": [
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
"https://www.googleapis.com/auth/servicecontrol",
"https://www.googleapis.com/auth/service.management.readonly",
"https://www.googleapis.com/auth/trace.append",
],
},
}],
addons_config={
# These are enabled by default. Don't need them.
"horizontalPodAutoscaling": {
"disabled": "false"
},
# "httpLoadBalancing": {"disabled": False},
"istioConfig": {
"disabled": False,
"auth": "AUTH_MUTUAL_TLS"
},
},
# Equivalent of --no-enable-stackdriver-kubernetes
logging_service=None,
)
USERNAME = config.get('username') or 'admin'
# password is the password for the admin user in the cluster.
PASSWORD = config.get_secret('password') or RandomPassword(
"password", length=20, special=True).result
# master version of GKE engine
MASTER_VERSION = config.get('master_version')
# Now, actually create the GKE cluster.
k8s_cluster = Cluster(
'gke-cluster',
initial_node_count=NODE_COUNT,
node_version=MASTER_VERSION,
min_master_version=MASTER_VERSION,
node_config=ClusterNodeConfigArgs(
machine_type=NODE_MACHINE_TYPE,
oauth_scopes=[
'https://www.googleapis.com/auth/compute',
'https://www.googleapis.com/auth/devstorage.read_only',
'https://www.googleapis.com/auth/logging.write',
'https://www.googleapis.com/auth/monitoring'
],
),
)
# Manufacture a GKE-style Kubeconfig. Note that this is slightly "different" because of the way GKE requires
# gcloud to be in the picture for cluster authentication (rather than using the client cert/key directly).
k8s_info = Output.all(k8s_cluster.name, k8s_cluster.endpoint,
k8s_cluster.master_auth)
k8s_config = k8s_info.apply(lambda info: """apiVersion: v1
clusters:
- cluster:
PASSWORD = config.get_secret('password') or RandomString(
"password", length=20, special=True).result
engine_version = Output.from_input(get_engine_versions()).latest_master_version
# Now, actually create the GKE cluster.
k8s_cluster = Cluster(
'gke-cluster',
initial_node_count=NODE_COUNT,
node_version=engine_version,
min_master_version=engine_version,
master_auth={
'username': USERNAME,
'password': PASSWORD
},
node_config={
'machine_type':
NODE_MACHINE_TYPE,
'oauth_scopes': [
'https://www.googleapis.com/auth/compute',
'https://www.googleapis.com/auth/devstorage.read_only',
'https://www.googleapis.com/auth/logging.write',
'https://www.googleapis.com/auth/monitoring'
],
},
)
# Manufacture a GKE-style Kubeconfig. Note that this is slightly "different" because of the way GKE requires
# gcloud to be in the picture for cluster authentication (rather than using the client cert/key directly).
k8s_info = Output.all(k8s_cluster.name, k8s_cluster.endpoint,
k8s_cluster.master_auth)
k8s_config = k8s_info.apply(lambda info: """apiVersion: v1
# username is the admin username for the cluster.
USERNAME = config.get('username') or 'admin'
# password is the password for the admin user in the cluster.
PASSWORD = config.get_secret('password') or RandomPassword("password", length=20, special=True).result
# master version of GKE engine
MASTER_VERSION = config.get('master_version')
# Now, actually create the GKE cluster.
k8s_cluster = Cluster('template-gke-cluster',
name="template-gke-cluster",
initial_node_count=NODE_COUNT,
node_version=MASTER_VERSION,
min_master_version=MASTER_VERSION,
master_auth=ClusterMasterAuthArgs(username=USERNAME, password=PASSWORD),
node_config=ClusterNodeConfigArgs(
machine_type=NODE_MACHINE_TYPE,
oauth_scopes=[
'https://www.googleapis.com/auth/compute',
'https://www.googleapis.com/auth/devstorage.read_only',
'https://www.googleapis.com/auth/logging.write',
'https://www.googleapis.com/auth/monitoring'
],
),
)
# Manufacture a GKE-style Kubeconfig. Note that this is slightly "different" because of the way GKE requires
# gcloud to be in the picture for cluster authentication (rather than using the client cert/key directly).
k8s_info = Output.all(k8s_cluster.name, k8s_cluster.endpoint, k8s_cluster.master_auth)
k8s_config = k8s_info.apply(
lambda info: """apiVersion: v1
clusters:
- cluster: