Compliance Oriented Kubernetes Setup for Google Cloud.
brew install kubectl kubernetes-helm google-cloud-sdk terraform
gcloud auth activate-service-account --key-file=./account.json
terraform init && terraform get -update && terraform apply
gcloud config set account [email protected] # Set account name
gcloud container clusters get-credentials <clustername> --region us-central1
| Name | Version |
|---|---|
| n/a | |
| helm | n/a |
| http | n/a |
| null | n/a |
| random | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| auto_repair | Enables or disables automatic repair of nodes in the cluster. | bool |
true |
no |
| auto_upgrade | Enables or disables automatic upgrades of nodes in the cluster. | bool |
true |
no |
| cluster_create_timeouts | Timeout for creating the cluster. | string |
"30m" |
no |
| cluster_delete_timeouts | Timeout for deleting the cluster. | string |
"30m" |
no |
| cluster_update_timeouts | Timeout for updating the cluster. | string |
"30m" |
no |
| cluster_version | The minimum version of the master | string |
"1.27" |
no |
| csi_secrets_store_enabled | Specify whether the CSI driver is enabled | bool |
false |
no |
| disk_size_gb | Size of the disk in gigabytes for each node in the cluster. | number |
10 |
no |
| disk_type | Type of disk to use for the nodes in the cluster. | string |
"" |
no |
| environment_name | Name of the resource. Provided by the client when the resource is created. | string |
"" |
no |
| image_type | Type of image to use for the nodes in the cluster. | string |
"" |
no |
| initial_node_count | The number of nodes to create in this cluster's default node pool. | number |
0 |
no |
| kms_enabled | Specify whether the redis cluster is enabled | bool |
false |
no |
| kubectl_config_path | Path to the kubectl config file. Defaults to $HOME/.kube/config | string |
"" |
no |
| location | The location (region or zone) in which the cluster master will be created, as well as the default node location. | string |
"" |
no |
| location_policy | Specifies the policy for distributing nodes across locations, with the default being BALANCED | string |
"BALANCED" |
no |
| machine_type | Specifies the machine type for the nodes in the cluster. | string |
"" |
no |
| max_node_count | Maximum number of nodes in the cluster. | number |
1 |
no |
| min_master_version | The minimum version of the master. | string |
"" |
no |
| min_node_count | Minimum number of nodes in the cluster. | number |
1 |
no |
| preemptible | Specifies whether the nodes in the cluster should be preemptible. | bool |
false |
no |
| project | The Google project that will host the cluster | string |
n/a | yes |
| redis_enabled | Specify whether the redis cluster is enabled | bool |
false |
no |
| redis_ha_enabled | Specify whether HA is enabled for redis | bool |
false |
no |
| redis_memory_in_gb | Redis memory size in GiB | number |
1 |
no |
| region | The location (region or zone) in which the cluster master will be created | string |
"" |
no |
| remove_default_node_pool | deletes the default node pool upon cluster creation. | bool |
true |
no |
| service_account | The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP. | string |
"" |
no |
| sql_enabled | Specify whether the sql instance is enabled | bool |
false |
no |
| sql_engine | The sql version to use | string |
"POSTGRES_15" |
no |
| sql_instance_class | The machine type to use | string |
"db-f1-micro" |
no |
| sql_master_password | The password for the db user | string |
"" |
no |
| sql_master_username | The name of the db user | string |
"" |
no |
| tags | Terraform map to create custom tags for the Google resources | map |
{} |
no |
| Name | Type |
|---|---|
| google_compute_global_address.private_ip_address | resource |
| google_compute_network.network | resource |
| google_compute_router.nat_router | resource |
| google_compute_router_nat.nat_config | resource |
| google_compute_subnetwork.subnet | resource |
| google_container_cluster.primary | resource |
| google_container_node_pool.node_pool | resource |
| google_kms_crypto_key.key | resource |
| google_kms_key_ring.keyring | resource |
| google_redis_instance.cache | resource |
| google_service_networking_connection.private_vpc_connection | resource |
| google_sql_database_instance.default | resource |
| google_sql_user.user | resource |
| helm_release.csi_secrets_store | resource |
| null_resource.configure_kubectl | resource |
| null_resource.csi_secrets_store_aws_provider | resource |
| null_resource.sql_vpc_lock | resource |
| random_id.server | resource |
| google_client_config.default | data source |
| http_http.csi_secrets_store_gcp_provider | data source |
| Name | Description |
|---|---|
| private_vpc_network | n/a |
| sql_database | n/a |
Since 2016 opsZero has been providing Kubernetes expertise to companies of all sizes on any Cloud. With a focus on AI and Compliance we can say we seen it all whether SOC2, HIPAA, PCI-DSS, ITAR, FedRAMP, CMMC we have you and your customers covered.
We provide support to organizations in the following ways:
- Modernize or Migrate to Kubernetes
- Cloud Infrastructure with Kubernetes on AWS, Azure, Google Cloud, or Bare Metal
- Building AI and Data Pipelines on Kubernetes
- Optimizing Existing Kubernetes Workloads
We do this with a high-touch support model where you:
- Get access to us on Slack, Microsoft Teams or Email
- Get 24/7 coverage of your infrastructure
- Get an accelerated migration to Kubernetes
Please schedule a call if you need support.
