k8s_cluster = Cluster( "gke-cluster", name=CLUSTER_NAME, # Zone is read automagically from the stack config file # Cluster version min_master_version=MASTER_VERSION, master_auth={ # Pulumi requires one of clientCertificateConfig, password, or username. If # Username is not present, then basic auth is disabled. # See docs (master_auth): https://github.com/pulumi/pulumi-gcp/blob/master/sdk/python/pulumi_gcp/container/cluster.py # This is the equivalent of --no-enable-basic-auth "password": "" }, # Networking network=f"projects/{project}/global/networks/opsnet", subnetwork=f"projects/{project}/regions/{region}/subnetworks/opsnet", ip_allocation_policy={ # This empty dict enables IP aliasing (equivalent of --enable-ip-alias) }, default_max_pods_per_node="110", node_pools=[{ "initial_node_count": NODE_COUNT, "management": { "autoRepair": True, "autoUpgrade": True }, "node_config": { "machine_type": NODE_MACHINE_TYPE, "imageType": IMAGE_TYPE, "diskType": DISK_TYPE, "disk_size_gb": DISK_SIZE_GB, "oauth_scopes": [ "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/servicecontrol", "https://www.googleapis.com/auth/service.management.readonly", "https://www.googleapis.com/auth/trace.append", ], }, }], addons_config={ # These are enabled by default. Don't need them. "horizontalPodAutoscaling": { "disabled": "false" }, # "httpLoadBalancing": {"disabled": False}, "istioConfig": { "disabled": False, "auth": "AUTH_MUTUAL_TLS" }, }, # Equivalent of --no-enable-stackdriver-kubernetes logging_service=None, )
USERNAME = config.get('username') or 'admin' # password is the password for the admin user in the cluster. PASSWORD = config.get_secret('password') or RandomPassword( "password", length=20, special=True).result # master version of GKE engine MASTER_VERSION = config.get('master_version') # Now, actually create the GKE cluster. k8s_cluster = Cluster( 'gke-cluster', initial_node_count=NODE_COUNT, node_version=MASTER_VERSION, min_master_version=MASTER_VERSION, node_config=ClusterNodeConfigArgs( machine_type=NODE_MACHINE_TYPE, oauth_scopes=[ 'https://www.googleapis.com/auth/compute', 'https://www.googleapis.com/auth/devstorage.read_only', 'https://www.googleapis.com/auth/logging.write', 'https://www.googleapis.com/auth/monitoring' ], ), ) # Manufacture a GKE-style Kubeconfig. Note that this is slightly "different" because of the way GKE requires # gcloud to be in the picture for cluster authentication (rather than using the client cert/key directly). k8s_info = Output.all(k8s_cluster.name, k8s_cluster.endpoint, k8s_cluster.master_auth) k8s_config = k8s_info.apply(lambda info: """apiVersion: v1 clusters: - cluster:
PASSWORD = config.get_secret('password') or RandomString( "password", length=20, special=True).result engine_version = Output.from_input(get_engine_versions()).latest_master_version # Now, actually create the GKE cluster. k8s_cluster = Cluster( 'gke-cluster', initial_node_count=NODE_COUNT, node_version=engine_version, min_master_version=engine_version, master_auth={ 'username': USERNAME, 'password': PASSWORD }, node_config={ 'machine_type': NODE_MACHINE_TYPE, 'oauth_scopes': [ 'https://www.googleapis.com/auth/compute', 'https://www.googleapis.com/auth/devstorage.read_only', 'https://www.googleapis.com/auth/logging.write', 'https://www.googleapis.com/auth/monitoring' ], }, ) # Manufacture a GKE-style Kubeconfig. Note that this is slightly "different" because of the way GKE requires # gcloud to be in the picture for cluster authentication (rather than using the client cert/key directly). k8s_info = Output.all(k8s_cluster.name, k8s_cluster.endpoint, k8s_cluster.master_auth) k8s_config = k8s_info.apply(lambda info: """apiVersion: v1
# username is the admin username for the cluster. USERNAME = config.get('username') or 'admin' # password is the password for the admin user in the cluster. PASSWORD = config.get_secret('password') or RandomPassword("password", length=20, special=True).result # master version of GKE engine MASTER_VERSION = config.get('master_version') # Now, actually create the GKE cluster. k8s_cluster = Cluster('template-gke-cluster', name="template-gke-cluster", initial_node_count=NODE_COUNT, node_version=MASTER_VERSION, min_master_version=MASTER_VERSION, master_auth=ClusterMasterAuthArgs(username=USERNAME, password=PASSWORD), node_config=ClusterNodeConfigArgs( machine_type=NODE_MACHINE_TYPE, oauth_scopes=[ 'https://www.googleapis.com/auth/compute', 'https://www.googleapis.com/auth/devstorage.read_only', 'https://www.googleapis.com/auth/logging.write', 'https://www.googleapis.com/auth/monitoring' ], ), ) # Manufacture a GKE-style Kubeconfig. Note that this is slightly "different" because of the way GKE requires # gcloud to be in the picture for cluster authentication (rather than using the client cert/key directly). k8s_info = Output.all(k8s_cluster.name, k8s_cluster.endpoint, k8s_cluster.master_auth) k8s_config = k8s_info.apply( lambda info: """apiVersion: v1 clusters: - cluster: