google_container_aws_node_pool

An Anthos node pool running on AWS.

For more information, see:

Example Usage - basic_aws_cluster

A basic example of a containeraws node pool

data "google_container_aws_versions" "versions" {
  project = "my-project-name"
  location = "us-west1"
}

resource "google_container_aws_cluster" "primary" {
  authorization {
    admin_users {
      username = "my@service-account.com"
    }
  }

  aws_region = "my-aws-region"

  control_plane {
    aws_services_authentication {
      role_arn          = "arn:aws:iam::012345678910:role/my--1p-dev-oneplatform"
      role_session_name = "my--1p-dev-session"
    }

    config_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    database_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    iam_instance_profile = "my--1p-dev-controlplane"
    subnet_ids           = ["subnet-00000000000000000"]
    version   = "${data.google_container_aws_versions.versions.valid_versions[0]}"
    instance_type        = "t3.medium"

    main_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "GP3"
    }

    proxy_config {
      secret_arn     = "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF"
      secret_version = "12345678-ABCD-EFGH-IJKL-987654321098"
    }

    root_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "GP3"
    }

    security_group_ids = ["sg-00000000000000000"]

    ssh_config {
      ec2_key_pair = "my--1p-dev-ssh"
    }

    tags = {
      owner = "my@service-account.com"
    }
  }

  fleet {
    project = "my-project-number"
  }

  location = "us-west1"
  name     = "name"

  networking {
    pod_address_cidr_blocks     = ["10.2.0.0/16"]
    service_address_cidr_blocks = ["10.1.0.0/16"]
    vpc_id                      = "vpc-00000000000000000"
  }

  annotations = {
    label-one = "value-one"
  }

  description = "A sample aws cluster"
  project     = "my-project-name"
}


resource "google_container_aws_node_pool" "primary" {
  autoscaling {
    max_node_count = 5
    min_node_count = 1
  }

  cluster = google_container_aws_cluster.primary.name

  config {
    config_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    iam_instance_profile = "my--1p-dev-nodepool"
    instance_type        = "t3.medium"

    labels = {
      label-one = "value-one"
    }

    root_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "GP3"
    }

    security_group_ids = ["sg-00000000000000000"]

    proxy_config {
      secret_arn     = "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF"
      secret_version = "12345678-ABCD-EFGH-IJKL-987654321098"
    }

    ssh_config {
      ec2_key_pair = "my--1p-dev-ssh"
    }

    tags = {
      tag-one = "value-one"
    }

    taints {
      effect = "PREFER_NO_SCHEDULE"
      key    = "taint-key"
      value  = "taint-value"
    }
  }

  location = "us-west1"

  max_pods_constraint {
    max_pods_per_node = 110
  }

  name      = "node-pool-name"
  subnet_id = "subnet-00000000000000000"
  version   = "${data.google_container_aws_versions.versions.valid_versions[0]}"

  annotations = {
    label-one = "value-one"
  }

  management {
    auto_repair = true
  }

  project = "my-project-name"
}

Example Usage - basic_enum_aws_cluster

A basic example of a containeraws node pool with lowercase enums

data "google_container_aws_versions" "versions" {
  project = "my-project-name"
  location = "us-west1"
}

resource "google_container_aws_cluster" "primary" {
  authorization {
    admin_users {
      username = "my@service-account.com"
    }
  }

  aws_region = "my-aws-region"

  control_plane {
    aws_services_authentication {
      role_arn          = "arn:aws:iam::012345678910:role/my--1p-dev-oneplatform"
      role_session_name = "my--1p-dev-session"
    }

    config_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    database_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    iam_instance_profile = "my--1p-dev-controlplane"
    subnet_ids           = ["subnet-00000000000000000"]
    version   = "${data.google_container_aws_versions.versions.valid_versions[0]}"
    instance_type        = "t3.medium"

    main_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "GP3"
    }

    proxy_config {
      secret_arn     = "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF"
      secret_version = "12345678-ABCD-EFGH-IJKL-987654321098"
    }

    root_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "GP3"
    }

    security_group_ids = ["sg-00000000000000000"]

    ssh_config {
      ec2_key_pair = "my--1p-dev-ssh"
    }

    tags = {
      owner = "my@service-account.com"
    }
  }

  fleet {
    project = "my-project-number"
  }

  location = "us-west1"
  name     = "name"

  networking {
    pod_address_cidr_blocks     = ["10.2.0.0/16"]
    service_address_cidr_blocks = ["10.1.0.0/16"]
    vpc_id                      = "vpc-00000000000000000"
  }

  annotations = {
    label-one = "value-one"
  }

  description = "A sample aws cluster"
  project     = "my-project-name"
}


resource "google_container_aws_node_pool" "primary" {
  autoscaling {
    max_node_count = 5
    min_node_count = 1
  }

  cluster = google_container_aws_cluster.primary.name

  config {
    config_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    iam_instance_profile = "my--1p-dev-nodepool"
    instance_type        = "t3.medium"

    labels = {
      label-one = "value-one"
    }

    root_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "gp3"
    }

    security_group_ids = ["sg-00000000000000000"]

    proxy_config {
      secret_arn     = "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF"
      secret_version = "12345678-ABCD-EFGH-IJKL-987654321098"
    }

    ssh_config {
      ec2_key_pair = "my--1p-dev-ssh"
    }

    tags = {
      tag-one = "value-one"
    }

    taints {
      effect = "prefer_no_schedule"
      key    = "taint-key"
      value  = "taint-value"
    }
  }

  location = "us-west1"

  max_pods_constraint {
    max_pods_per_node = 110
  }

  name      = "node-pool-name"
  subnet_id = "subnet-00000000000000000"
  version   = "${data.google_container_aws_versions.versions.valid_versions[0]}"

  annotations = {
    label-one = "value-one"
  }

  project = "my-project-name"
}

Example Usage - beta_basic_enum_aws_cluster

A basic example of a containeraws node pool with lowercase enums (beta)

data "google_container_aws_versions" "versions" {
  provider = google-beta
  project = "my-project-name"
  location = "us-west1"
}

resource "google_container_aws_cluster" "primary" {
  provider = google-beta
  authorization {
    admin_users {
      username = "my@service-account.com"
    }
  }

  aws_region = "my-aws-region"

  control_plane {
    aws_services_authentication {
      role_arn          = "arn:aws:iam::012345678910:role/my--1p-dev-oneplatform"
      role_session_name = "my--1p-dev-session"
    }

    config_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    database_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    iam_instance_profile = "my--1p-dev-controlplane"
    subnet_ids           = ["subnet-00000000000000000"]
    version   = "${data.google_container_aws_versions.versions.valid_versions[0]}"
    instance_type        = "t3.medium"

    main_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "GP3"
    }

    proxy_config {
      secret_arn     = "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF"
      secret_version = "12345678-ABCD-EFGH-IJKL-987654321098"
    }

    root_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "GP3"
    }

    security_group_ids = ["sg-00000000000000000"]

    ssh_config {
      ec2_key_pair = "my--1p-dev-ssh"
    }

    tags = {
      owner = "my@service-account.com"
    }
  }

  fleet {
    project = "my-project-number"
  }

  location = "us-west1"
  name     = "name"

  networking {
    pod_address_cidr_blocks     = ["10.2.0.0/16"]
    service_address_cidr_blocks = ["10.1.0.0/16"]
    vpc_id                      = "vpc-00000000000000000"
  }

  annotations = {
    label-one = "value-one"
  }

  description = "A sample aws cluster"
  project     = "my-project-name"
}


resource "google_container_aws_node_pool" "primary" {
  provider = google-beta
  autoscaling {
    max_node_count = 5
    min_node_count = 1
  }

  cluster = google_container_aws_cluster.primary.name

  config {
    config_encryption {
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
    }

    iam_instance_profile = "my--1p-dev-nodepool"
    instance_type        = "t3.medium"

    labels = {
      label-one = "value-one"
    }

    root_volume {
      iops        = 3000
      kms_key_arn = "arn:aws:kms:my-aws-region:012345678910:key/12345678-1234-1234-1234-123456789111"
      size_gib    = 10
      volume_type = "gp3"
    }

    security_group_ids = ["sg-00000000000000000"]

    proxy_config {
      secret_arn     = "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF"
      secret_version = "12345678-ABCD-EFGH-IJKL-987654321098"
    }

    ssh_config {
      ec2_key_pair = "my--1p-dev-ssh"
    }

    tags = {
      tag-one = "value-one"
    }

    taints {
      effect = "prefer_no_schedule"
      key    = "taint-key"
      value  = "taint-value"
    }

    instance_placement {
      tenancy = "dedicated"
    }

    image_type = "ubuntu"
  }

  location = "us-west1"

  max_pods_constraint {
    max_pods_per_node = 110
  }

  name      = "node-pool-name"
  subnet_id = "subnet-00000000000000000"
  version   = "${data.google_container_aws_versions.versions.valid_versions[0]}"

  annotations = {
    label-one = "value-one"
  }

  project = "my-project-name"
}

Argument Reference

The following arguments are supported:

The autoscaling block supports:

The config block supports:

The config_encryption block supports:

The max_pods_constraint block supports:


Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

The autoscaling_metrics_collection block supports:

The instance_placement block supports:

The proxy_config block supports:

The root_volume block supports:

The spot_config block supports:

The ssh_config block supports:

The taints block supports:

The management block supports:

The update_settings block supports:

The surge_settings block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

NodePool can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import NodePool using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/awsClusters/{{cluster}}/awsNodePools/{{name}}"
  to = google_container_aws_node_pool.default
}

When using the terraform import command, NodePool can be imported using one of the formats above. For example:

$ terraform import google_container_aws_node_pool.default projects/{{project}}/locations/{{location}}/awsClusters/{{cluster}}/awsNodePools/{{name}}
$ terraform import google_container_aws_node_pool.default {{project}}/{{location}}/{{cluster}}/{{name}}
$ terraform import google_container_aws_node_pool.default {{location}}/{{cluster}}/{{name}}