k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/config/clusters/k8s-prow/cluster-configuration.tf (about) 1 /* 2 This file defines the configuration for the `k8s-prow` cluster: 3 - GCP container cluster 4 - GCP container node pools 5 */ 6 7 variable "project_name" { 8 type = "string" 9 default = "k8s-prow" 10 } 11 12 variable "cluster_name" { 13 type = "string" 14 default = "prow" 15 } 16 17 variable "cluster_region" { 18 type = "string" 19 default = "us-central1-f" 20 } 21 22 # Configure the Google Cloud provider 23 provider "google" { 24 project = "${var.project_name}" 25 region = "${var.cluster_region}" 26 } 27 28 # Configure the Google Cloud beta provider (required for defining taints) 29 provider "google-beta" { 30 project = "${var.project_name}" 31 region = "${var.cluster_region}" 32 } 33 34 resource "google_container_cluster" "cluster" { 35 name = "${var.cluster_name}" 36 location = "${var.cluster_region}" 37 38 # Whether the ABAC authorizer is enabled for this cluster. When enabled, identities 39 # in the system, including service accounts, nodes, and controllers, will have statically 40 # granted permissions beyond those provided by the RBAC configuration or IAM. 41 # Set to `false` to utilize RBAC. 42 enable_legacy_abac = true 43 44 # Disable basic and client certificate authorization for the cluster 45 master_auth { 46 client_certificate_config { 47 issue_client_certificate = false 48 } 49 } 50 } 51 52 # The "ghproxy" pool is for running the GitHub reverse proxy cache (i.e. GHproxy) 53 resource "google_container_node_pool" "ghproxy_nodes" { 54 provider = "google-beta" 55 56 name = "ghproxy" 57 location = "${google_container_cluster.cluster.location}" 58 cluster = "${google_container_cluster.cluster.name}" 59 node_count = 1 60 61 62 # Auto repair, and auto upgrade nodes to match the master version 63 management { 64 auto_repair = true 65 auto_upgrade = true 66 } 67 68 # The node configuration of the pool. 69 node_config { 70 machine_type = "e2-standard-8" 71 disk_size_gb = "100" 72 labels = { 73 dedicated = "ghproxy" 74 } 75 taint { 76 key = "dedicated" 77 value = "ghproxy" 78 effect = "NO_SCHEDULE" 79 } 80 oauth_scopes = [ 81 # Compute Engine (rw) 82 "https://www.googleapis.com/auth/compute", 83 # Storage (ro) 84 "https://www.googleapis.com/auth/devstorage.read_only", 85 # Service Control (enabled) 86 "https://www.googleapis.com/auth/servicecontrol", 87 # Service Management (rw) 88 "https://www.googleapis.com/auth/service.management", 89 # Stackdriver Logging (wo) 90 "https://www.googleapis.com/auth/logging.write", 91 # Stackdriver Monitoring (full) 92 "https://www.googleapis.com/auth/monitoring", 93 ] 94 } 95 } 96 97 resource "google_container_node_pool" "e2_standard_8_nodes" { 98 name = "e2-standard-8" 99 location = "${google_container_cluster.cluster.location}" 100 cluster = "${google_container_cluster.cluster.name}" 101 node_count = 8 102 103 # Auto repair, and auto upgrade nodes to match the master version 104 management { 105 auto_repair = true 106 auto_upgrade = true 107 } 108 109 # The node configuration of the pool. 110 node_config { 111 machine_type = "e2-standard-8" 112 disk_size_gb = "200" 113 114 oauth_scopes = [ 115 # Compute Engine (rw) 116 "https://www.googleapis.com/auth/compute", 117 # Storage (ro) 118 "https://www.googleapis.com/auth/devstorage.read_only", 119 # Service Control (enabled) 120 "https://www.googleapis.com/auth/servicecontrol", 121 # Service Management (rw) 122 "https://www.googleapis.com/auth/service.management", 123 # Stackdriver Logging (wo) 124 "https://www.googleapis.com/auth/logging.write", 125 # Stackdriver Monitoring (full) 126 "https://www.googleapis.com/auth/monitoring", 127 ] 128 } 129 }