terraform-google-anthos-vm

This module will provide the capability to create VMs on Anthos Bare Metal clusters easily using Terraform.

This module doesn't interact with the GCP services but the Anthos Bare Metal clusters directly.

Usage

Basic usage of this module is as follows:

provider "kubernetes" {
  config_path = <CLUSTER_KUBECONFIG>
}

module "anthos_vm" {
  source  = "GoogleCloudPlatform/anthos-vm/google"
  version = "~> 0.1"

  name = "myvm"
  boot_disk_http_source = {
    url = "https://cloud-images.ubuntu.com/releases/focal/release/ubuntu-20.04-server-cloudimg-amd64.img"
  }
  boot_disk_size = "20Gi"
  vcpus          = 2
  memory         = "8Gi"
}

Functional examples are included in the examples directory.

Inputs

Name	Description	Type	Default	Required
auto_restart_on_config_change	whether to automatically restart a VM to pick up configuration changes.	bool	false	no
boot_disk_gcs_source	url : "URL of the GCS source" secretRef : "A Secret reference needed to access the GCS source"	object({ url = string secretRef = optional(string) })	null	no
boot_disk_http_source	url : "URL of the http(s) endpoint" secretRef : "A Secret reference which contains accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded" certConfigMap : "A configmap reference which contains a Certificate Authority(CA) public key, and a base64 encoded pem certificate" extraHeaders : "A list of strings containing extra headers to include with HTTP transfer requests" secretExtraHeaders : "A list of Secret references, each containing an extra HTTP header that may include sensitive information"	object({ url = string secretRef = optional(string) certConfigMap = optional(string) extraHeaders = optional(list(string)) secretExtraHeaders = optional(list(string)) })	null	no
boot_disk_name	The name of the existing boot disk in the same namespace.	string	""	no
boot_disk_registry_source	url : "URL of the registry source (starting with the scheme: docker, oci-archive)" secretRef : "A Secret reference needed to access the Registry source" certConfigMap : "A configmap reference provides registry certs" imageStream : "The name of image stream for import" pullMethod : "pullMethod can be either "pod" (default import), or "node" (node docker cache based import)"	object({ url = string secretRef = optional(string) certConfigMap = optional(string) imageStream = optional(string) pullMethod = optional(string) })	null	no
boot_disk_size	Boot disk size in k8s quantity format(https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/).	string	"20Gi"	no
boot_loader_type	The initial machine booting options when powering on before loading the kernel. The supported boot options are uefi or bios.	string	""	no
cloudinit_nocloud	cloud-init nocloud source https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html secretRef : "Then name of a k8s secret that contains the userdata." userDataBase64 : "Userdata as a base64 encoded string." userData : "Inline userdata." networkDataSecretRef : "The name of a k8s secret that contains the networkdata." networkDataBase64 : "Networkdata as a base64 encoded string." networkData : "Inline networkdata"	object({ secretRef = optional(object({ name = string })) userDataBase64 = optional(string) userData = optional(string) networkDataSecretRef = optional(object({ name = string })) networkDataBase64 = optional(string) networkData = optional(string) })	null	no
create_timeout	Timeout for the disk creation.	string	"10m"	no
dedicated_cpu	If the VM should be allocated dedicated host CPU cores and each VM CPU core is pinned to each allocated host CPU core.	bool	false	no
delete_timeout	Timeout for the disk deletion.	string	"1m"	no
enable_secure_boot	Whether to assist blocking modified or malicious code from loading. Only work with UEFI bootloader	bool	true	no
extra_disks	A list of existing disks that will be used by the VM. name : "Name of the VM disk in the same namespace" readonly : "If the VM disk is readonly." auto_delete : "If to delete the VM disk when the VM is deleted."	list(object({ name = string readonly = optional(bool, false) auto_delete = optional(bool, false) }))	[]	no
extra_interfaces	A list of existing disks that will be used by the VM. name : "Name of the network interface in the VM." network : "Name of the Anthos network object." ips : "A list of IP addresses from the network to be allocated to the VM."	list(object({ name = string network = string ips = list(string) }))	[]	no
gpu	model : "The GPU model the VM want to reserve." quantity : "The number of GPU card for the specific GPU model the VM want to reserve."	object({ model = string quantity = number })	null	no
guest_environment	The guest environment features. enable_access_management : "Whether the SSH access management feature should be enabled."	object({ enable_access_management = optional(bool) })	{ "enable_access_management": true }	no
hugepage_size	Use the huge page instead for the VM memory config. Valid huge pages are 2Mi or 1Gi.	string	""	no
is_guaranteed	If the resources of the VM are in the guaranteed tier	bool	false	no
is_windows	If the VM is a windows VM	bool	false	no
isolated_emulator_thread	If one more dedicated host CPU core should be allocated to the VM for the QEMU emulator thread.	bool	false	no
memory	Memory capacity in k8s quantity format(https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/).	string	"4Gi"	no
name	Name of the VM	string	n/a	yes
namespace	Namespace where the VM belongs to	string	"default"	no
numa_guest_mapping_passthrough	It creates an efficient guest topology based on container NUMA topology	bool	false	no
scheduling	nodeSelector : "The node labels that the host node of this VM must have." affinity : "The affinity rules of the VM. The object needs to align with the k8s Affinity type." tolerations : "Allows the VM to schedule onto nodes with matching taints. The list elements should have the type align with k8s Toleration type."	object({ nodeSelector = optional(map(string)) affinity = optional(any) tolerations = optional(list(any)) })	null	no
startup_scripts	A list of startup scripts of the VM. name : "The name of a script." script : "The plain text string of the script." scriptBase64 : "The base64 encoded string of the script." scriptSecretRef : "The name of a k8s secret that contains the script."	list(object({ name = string script = optional(string) scriptBase64 = optional(string) scriptSecretRef = optional(object({ name = string })) }))	null	no
storage_class	The name of storage class used to provision the disks	string	"local-shared"	no
update_timeout	Timeout for the disk udpate.	string	"10m"	no
vcpus	Number of VCPUs	number	1	no
vm_type_name	Name of the exsiting virtual machine type	string	""	no
wait_conditions	A list of conditions to wait for.	list(object({ type = string status = string }))	[]	no
wait_fields	A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use * for any value.	map(string)	{ "status.state": "Running" }	no

Outputs

Name	Description
vm_name	The name of the VM.
vm_namespace	The namespace of the VM.

Requirements

These sections describe requirements for using this module.

Software

The following dependencies must be available:

• [Terraform][terraform] v1.3
• [Terraform Provider for Kubebernetes][terraform-provider-kubernetes] plugin v2.15

Environment

Unlike the other GCP Terraform module, this module interact with the Anthos Bare Metal clusters directly. Therefore, it needs to be executed in the environment that has the access to the Anthos Bare Metal cluster.

Service Account

The service account has to bind the kubevm.edit ClusterRole using RoleBinding.

Contributing

Refer to the contribution guidelines for information on contributing to this module.

Other references:

• iam-module
• project-factory-module
• terraform-provider-kubernetes
• terraform-provider-gcp
• terraform

Security Disclosures

Please see our security disclosure process.