Skip to content

Commit

Permalink
Added shielded VMs
Browse files Browse the repository at this point in the history
  • Loading branch information
arueth committed Mar 15, 2024
1 parent 544068a commit 81872a0
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 8 deletions.
26 changes: 18 additions & 8 deletions ml-platform/terraform/modules/cluster/gke.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,14 +21,15 @@ data "google_project" "project" {
resource "google_container_cluster" "mlp" {
provider = google-beta

deletion_protection = false
initial_node_count = 2
location = var.region
name = var.cluster_name
network = var.network
node_locations = ["${var.region}-a", "${var.region}-b", "${var.region}-c"]
project = var.project_id
subnetwork = var.subnet
deletion_protection = false
enable_shielded_nodes = true
initial_node_count = 2
location = var.region
name = var.cluster_name
network = var.network
node_locations = ["${var.region}-a", "${var.region}-b", "${var.region}-c"]
project = var.project_id
subnetwork = var.subnet

addons_config {
gcp_filestore_csi_driver_config {
Expand Down Expand Up @@ -157,11 +158,20 @@ resource "google_container_cluster" "mlp" {
}
}

node_config {
shielded_instance_config {
enable_integrity_monitoring = true
enable_secure_boot = true
}
}

node_pool_defaults {
node_config_defaults {
gcfs_config {
enabled = true
}


}
}

Expand Down
5 changes: 5 additions & 0 deletions ml-platform/terraform/modules/node-pools/nodepools.tf
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,11 @@ resource "google_container_node_pool" "node-pool" {
}
}

shielded_instance_config {
enable_integrity_monitoring = true
enable_secure_boot = true
}

dynamic "taint" {
for_each = var.taints
content {
Expand Down

0 comments on commit 81872a0

Please sign in to comment.