README.md

GCP Deployments

Before getting started with this Terraform, ensure the following GCP APIs or services are enabled to prevent any deployment failures or errors.

• Cloud NAT
• Cloud DNS API
• IAM API
• Cloud Resource Manager API

To run this Terraform, create a GCP Service Account and generate an API key for the account. Use the below permissions as a starting point to allow the account to provision your Kasm deployment.

IAM Permissions (these are likely a little too permissive, but they are a good starting point):

• roles/compute.loadBalancerAdmin
• roles/compute.networkAdmin
• roles/compute.securityAdmin
• roles/compute.instanceAdmin
• roles/iam.serviceAccountCreator
• roles/iam.serviceAccountDeleter
• roles/iam.serviceAccountTokenCreator
• roles/iam.serviceAccountViewer
• roles/servicenetworking.networksAdmin
• roles/dns.admin
• roles/storage.admin
• roles/iam.serviceAccountUser
• roles/iam.security.admin
• roles/iam.serviceAccountKeys.create

For additional information, check out Google's IAM documentation check out these links:

• Secure IAM
• Understanding Service Accounts
• IAM Resource Hierarchy
• Predefined IAM Roles

GCP offers a unique Kasm deployment experience. Due to the way they flatten their cloud network architecture, it is possible to use the same terraform deployment for both single and multi-region deployment models. Below, you will find the Terraform variable and module reference, and if you wish to see documentation specific to a Kasm deployment using this Terraform, just click one of the links below.

• Kasm Multi-Server Deployment
• Kasm Multi-Region Deployment

Deploy VPC and network resources

Requirements

Name	Version
terraform	~> 1.0
google	~> 4.0
random	~> 3.0
tls	~> 2.0

Providers

No providers.

Modules

Name	Source	Version
agent_instances	./modules/compute_instance	n/a
cloud_nat	terraform-google-modules/cloud-nat/google	~> 4.0
cpx_instance_group	terraform-google-modules/vm/google//modules/mig	~> 8.0
cpx_instance_template	terraform-google-modules/vm/google//modules/instance_template	~> 8.0
database_instance	./modules/compute_instance	n/a
dns_private_zone	terraform-google-modules/cloud-dns/google	~> 5.0
dns_public_records	./modules/dns_records	n/a
dns_public_zone	terraform-google-modules/cloud-dns/google	~> 5.0
kasm_autoscale_service_account	./modules/service_account_iam	n/a
passwords	./modules/random	n/a
public_load_balancer	GoogleCloudPlatform/lb-http/google	~> 9.0
vpc	terraform-google-modules/network/google	~> 7.0
webapp_instance_group	terraform-google-modules/vm/google//modules/mig	~> 8.0
webapp_instance_template	terraform-google-modules/vm/google//modules/instance_template	~> 8.0
webapp_private_load_balancer	./modules/private_load_balancer	n/a

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
additional_agent_install_options	Additional global Kasm install options. Refer to the install.sh file in the Kasm installer for additional details.	list(string)	[]	no
additional_cpx_install_options	Additional global Kasm install options. Refer to the install.sh file in the Kasm installer for additional details.	list(string)	[]	no
additional_database_install_options	Additional global Kasm install options. Refer to the install.sh file in the Kasm installer for additional details.	list(string)	[]	no
additional_kasm_install_options	Additional global Kasm install options. Refer to the install.sh file in the Kasm installer for additional details.	list(string)	[ "-O" ]	no
additional_webapp_install_options	Additional global Kasm install options. Refer to the install.sh file in the Kasm installer for additional details.	list(string)	[]	no
agent_gpu_enabled	Whether or not to automatically install GPU libraries. NOTE: This is useless unless you deploy Kasm agents using a GPU-based instance.	bool	false	no
agent_vm_instance_config	Agent Compute instance configuration settings	object({ machine_type = string disk_size_gb = number instance_role = string name = optional(string) name_prefix = optional(string) disk_auto_delete = optional(bool) description = optional(string) disk_type = optional(string) })	n/a	yes
compute_service_account	Compute service account to use for CPX autoscaling	object({ email = optional(string) scopes = list(string) })	{ "email": "", "scopes": [ "cloud-platform" ] }	no
cpx_autoscale_cool_down_period	Time in seconds for the autoscale group to wait before evaluating the health of the webapp	number	600	no
cpx_autoscale_max_instances	CPX Autoscale maximum number of instances	number	5	no
cpx_autoscale_min_instances	CPX Autoscale minimum number of instances	number	1	no
cpx_autoscale_scale_in_settings	CPX Autoscale scale-in settings	object({ fixed_replicas = number time_window_sec = number percent_replicas = optional(number, null) })	{ "fixed_replicas": 1, "time_window_sec": 600 }	no
cpx_autoscale_scale_out_cpu	CPX Autoscale CPU percent to scale up webapps	list(object({ target = number predictive_method = optional(string, "NONE") }))	[ { "target": 0.6 } ]	no
cpx_hostname_prefix	CPX hostname prefix to use for instance group	string	"cpx"	no
cpx_instance_update_policy	The CPX Instance group rolling update policy	list(object({ instance_redistribution_type = string min_ready_sec = number replacement_method = string minimal_action = string type = string max_surge_fixed = optional(number, null) max_surge_percent = optional(number, null) # Can only use if you run 10 or more instances max_unavailable_fixed = optional(number, null) max_unavailable_percent = optional(number, null) # Can only use if you run 10 or more instances }))	[ { "instance_redistribution_type": "PROACTIVE", "max_surge_fixed": 3, "max_unavailable_fixed": 0, "min_ready_sec": 600, "minimal_action": "REFRESH", "replacement_method": "SUBSTITUTE", "type": "PROACTIVE" } ]	no
cpx_named_ports	CPX named ports for firewall and Google service connectivity	list(object({ name = string port = number }))	[ { "name": "https", "port": 443 } ]	no
cpx_vm_instance_config	CPX Compute instance configuration settings	object({ machine_type = string disk_size_gb = string disk_type = string })	n/a	yes
create_kasm_autoscale_service_account	Create a GCP service account capable of managing Kasm Cloud Autoscaling for GCP agents	bool	false	no
create_public_dns_zone	Set to true if you wish to create a public DNS zone for this Kasm instance. If not, the public_dns_friendly_name should belong to an existing DNS zone.	bool	true	no
custom_firewall_rules	Additional, custom firewall rules	list(object({ name = string description = optional(string, null) direction = optional(string, null) priority = optional(number, null) ranges = optional(list(string), null) source_tags = optional(list(string), null) source_service_accounts = optional(list(string), null) target_tags = optional(list(string), null) target_service_accounts = optional(list(string), null) allow = optional(list(object({ protocol = string ports = optional(list(string)) })), null) deny = optional(list(object({ protocol = string ports = optional(list(string)) })), null) log_config = optional(object({ metadata = string }), null) }))	[]	no
custom_kasm_routes	Custom routes to add to VPC	list(object({ name = string destination_range = string description = optional(string, null) priority = optional(number, null) next_hop_internet = optional(bool, false) next_hop_ip = optional(string, null) next_hop_instance = optional(string, null) next_hop_instance_zone = optional(string, null) next_hop_vpn_tunnel = optional(string, null) next_hop_ilb = optional(string, null) tags = optional(list(string), []) }))	[]	no
database_vm_instance_config	Database Compute instance configuration settings	object({ machine_type = string disk_size_gb = number instance_role = string name = optional(string) name_prefix = optional(string) disk_auto_delete = optional(bool) description = optional(string) disk_type = optional(string) })	n/a	yes
deploy_connection_proxy	Deploy Kasm Guacamole Server for RDP/SSH access to physical servers	bool	false	no
deploy_windows_hosts	Create a subnet and Firewall rules for Windows hosts. These hosts must be deployed manually, or you'll need to add your own compute entry for Windows hosts.	bool	false	no
deployment_type	The deployment type - Single-Server, Multi-Server, or Multi-Region	string	"Multi-Server"	no
enable_agent_nat_gateway	Deploy Kasm Agent behind a NAT gateway	bool	false	no
google_credential_file_path	File path to GCP account authentication file	string	""	no
kasm_admin_password	The administrative user password. No special characters	string	""	no
kasm_cert_map_base_name	Name to use for Kasm Global SSL certificate map	string	"kasm-global-certificate-map"	no
kasm_certificate_base_name	Name to use for Kasm Global SSL certificate	string	"kasm-global-tls-certificate"	no
kasm_certificate_dns_auth_base_name	Name to use for Kasm SSL DNS authorization service	string	"kasm-global-certificate-dns-authorization"	no
kasm_database_password	The password for the database. No special characters	string	""	no
kasm_deployment_regions	Kasm regions to deploy into	list(string)	n/a	yes
kasm_domain_name	Public DNS domain name to use for Kasm deployment	string	n/a	yes
kasm_download_url	Download URL for Kasm Workspaces installer	string	n/a	yes
kasm_firewall_security_tags	Firewall tags to use for Kasm CPX firewall rules	object({ webapp = list(string) database = list(string) agent = list(string) cpx = optional(list(string), []) windows = optional(list(string), []) })	{ "agent": [ "kasm-agent" ], "cpx": [ "kasm-cpx" ], "database": [ "database" ], "webapp": [ "webapp" ], "windows": [ "kasm-windows" ] }	no
kasm_manager_token	The manager token value for Agents to authenticate to webapps. No special characters	string	""	no
kasm_project_name	Kasm deployment project name (separate from GCP Project id or Project Name)	string	""	no
kasm_redis_password	The password for the Redis server. No special characters	string	""	no
kasm_service_token	The service registration token value for Guac RDP servers to authenticate to webapps. No special characters	string	""	no
kasm_source_image	The source VM Image information to use for deploying Kasm. Recommended to use Ubuntu 20.04 Minimal. You can either explicitly define the source image to use, or the image project and family so that Terraform always chooses the latest.	object({ source_image = optional(string, null) project = optional(string, null) family = optional(string, null) })	{ "family": "ubuntu-minimal-2004-lts", "project": "ubuntu-os-cloud" }	no
kasm_user_password	The standard (non administrator) user password. No special characters	string	""	no
kasm_version	Kasm version to deploy	string	""	no
kasm_vpc_subnet	VPC Subnet CIDR range. All other Subnets will be automatically calculated from this seed value.	string	"10.0.0.0/16"	no
number_of_agents_per_region	The number of static Kasm agents to deploy in each region. Set this to 0 to	number	n/a	yes
private_dns_friendly_name	Private DNS Zone resource name	string	n/a	yes
project_id	GCP Project ID where to deploy Kasm	string	n/a	yes
public_dns_friendly_name	Public DNS Zone resource name. If not creating a new DNS Zone, make sure the desired DNS zone already exists.	string	n/a	yes
public_load_balancer_name	GCP name for Global Public HTTPS Load balancer	string	"webapp-global-load-balancer"	no
resource_labels	Default tags to add to Terraform-deployed Kasm services	map(any)	null	no
service_account_name	Account name to use for Kasm Autoscaling service account	string	""	no
show_passwords	Show Kasm passwords in root Terraform output	bool	true	no
show_sa_credentials	Show GCP Service account credential file in output	bool	true	no
use_gcp_certificate_manager	Use Certificate Manager to create and manage the Kasm public SSL certificate	bool	false	no
vpc_name	Name for Kasm VPC	string	n/a	yes
webapp_autoscale_cool_down_period	Time in seconds for the autoscale group to wait before evaluating the health of the webapp	number	600	no
webapp_autoscale_max_instances	Webapp Autoscale maximum number of instances	number	5	no
webapp_autoscale_min_instances	Webapp Autoscale minimum number of instances	number	2	no
webapp_autoscale_scale_in_settings	Webapp Autoscale scale-in settings	object({ fixed_replicas = number time_window_sec = number percent_replicas = optional(number, null) })	{ "fixed_replicas": 1, "time_window_sec": 600 }	no
webapp_autoscale_scale_out_cpu	Webapp Autoscale CPU percent to scale up webapps	list(object({ target = number predictive_method = string }))	[ { "predictive_method": "NONE", "target": 0.6 } ]	no
webapp_health_check	HTTPS Managed Instance Group healthcheck for webapps.	object({ type = string initial_delay_sec = number check_interval_sec = number healthy_threshold = number timeout_sec = number unhealthy_threshold = number port = number port_name = string request_path = string response = optional(string, "") proxy_header = optional(string, "NONE") request = optional(string, "") host = optional(string, "") enable_log = optional(bool, false) enable_logging = optional(string, false) })	{ "check_interval_sec": 30, "healthy_threshold": 2, "initial_delay_sec": 600, "port": 443, "port_name": "https", "request_path": "/api/__healthcheck", "timeout_sec": 10, "type": "https", "unhealthy_threshold": 5 }	no
webapp_health_check_name	Name of Webapp Managed Instance Group healthcheck	string	"webapp-healthcheck"	no
webapp_hostname_prefix	Webapp hostname prefix to use for instance group	string	"webapp"	no
webapp_instance_update_policy	The Instance group rolling update policy	list(object({ instance_redistribution_type = string min_ready_sec = number replacement_method = string minimal_action = string type = string max_surge_fixed = optional(number, null) max_surge_percent = optional(number, null) # Can only use if you run 10 or more instances max_unavailable_fixed = optional(number, null) max_unavailable_percent = optional(number, null) # Can only use if you run 10 or more instances }))	[ { "instance_redistribution_type": "PROACTIVE", "max_surge_fixed": 3, "max_unavailable_fixed": 0, "min_ready_sec": 600, "minimal_action": "REFRESH", "replacement_method": "SUBSTITUTE", "type": "PROACTIVE" } ]	no
webapp_lb_health_check	HTTPS Load balancer and healthcheck for webapps.	object({ check_interval_sec = optional(number) timeout_sec = optional(number) healthy_threshold = optional(number) unhealthy_threshold = optional(number) request_path = optional(string) port = optional(number) host = optional(string) logging = optional(bool) })	{ "check_interval_sec": 30, "healthy_threshold": 2, "port": 443, "request_path": "/api/__healthcheck", "timeout_sec": 10, "unhealthy_threshold": 3 }	no
webapp_named_ports	Webapp named ports for firewall and Google service connectivity	list(object({ name = string port = number }))	[ { "name": "https", "port": 443 } ]	no
webapp_vm_instance_config	Webapp Compute instance configuration settings	object({ machine_type = string disk_size_gb = string disk_type = string })	n/a	yes

Outputs

Name	Description
kasm_passwords	Kasm login passwords
kasm_sa_account	Kasm Service Account connection details

Deploy VPC and network resources

Requirements

Name	Version
terraform	~> 1.0
google	~> 4.0
random	~> 3.0
tls	~> 2.0

Providers

No providers.

Modules

Name	Source	Version
agent_instances	./modules/compute_instance	n/a
cloud_nat	terraform-google-modules/cloud-nat/google	~> 4.0
cpx_instance_group	terraform-google-modules/vm/google//modules/mig	~> 8.0
cpx_instance_template	terraform-google-modules/vm/google//modules/instance_template	~> 8.0
database_instance	./modules/compute_instance	n/a
dns_private_zone	terraform-google-modules/cloud-dns/google	~> 5.0
dns_public_records	./modules/dns_records	n/a
dns_public_zone	terraform-google-modules/cloud-dns/google	~> 5.0
kasm_autoscale_service_account	./modules/service_account_iam	n/a
passwords	./modules/random	n/a
public_load_balancer	GoogleCloudPlatform/lb-http/google	~> 9.0
vpc	terraform-google-modules/network/google	~> 7.0
webapp_instance_group	terraform-google-modules/vm/google//modules/mig	~> 8.0
webapp_instance_template	terraform-google-modules/vm/google//modules/instance_template	~> 8.0
webapp_private_load_balancer	./modules/private_load_balancer	n/a

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
additional_agent_install_options	Additional global Kasm install options. Refer to the install.sh file in the Kasm installer for additional details.	list(string)	[]	no
additional_cpx_install_options	Additional global Kasm install options. Refer to the install.sh file in the Kasm installer for additional details.	list(string)	[]	no
additional_database_install_options	Additional global Kasm install options. Refer to the install.sh file in the Kasm installer for additional details.	list(string)	[]	no
additional_kasm_install_options	Additional global Kasm install options. Refer to the install.sh file in the Kasm installer for additional details.	list(string)	[ "-O" ]	no
additional_webapp_install_options	Additional global Kasm install options. Refer to the install.sh file in the Kasm installer for additional details.	list(string)	[]	no
agent_gpu_enabled	Whether or not to automatically install GPU libraries. NOTE: This is useless unless you deploy Kasm agents using a GPU-based instance.	bool	false	no
agent_vm_instance_config	Agent Compute instance configuration settings	object({ machine_type = string disk_size_gb = number instance_role = string name = optional(string) name_prefix = optional(string) disk_auto_delete = optional(bool) description = optional(string) disk_type = optional(string) })	n/a	yes
compute_service_account	Compute service account to use for CPX autoscaling	object({ email = optional(string) scopes = list(string) })	{ "email": "", "scopes": [ "cloud-platform" ] }	no
cpx_autoscale_cool_down_period	Time in seconds for the autoscale group to wait before evaluating the health of the webapp	number	600	no
cpx_autoscale_max_instances	CPX Autoscale maximum number of instances	number	5	no
cpx_autoscale_min_instances	CPX Autoscale minimum number of instances	number	1	no
cpx_autoscale_scale_in_settings	CPX Autoscale scale-in settings	object({ fixed_replicas = number time_window_sec = number percent_replicas = optional(number, null) })	{ "fixed_replicas": 1, "time_window_sec": 600 }	no
cpx_autoscale_scale_out_cpu	CPX Autoscale CPU percent to scale up webapps	list(object({ target = number predictive_method = optional(string, "NONE") }))	[ { "target": 0.6 } ]	no
cpx_hostname_prefix	CPX hostname prefix to use for instance group	string	"cpx"	no
cpx_instance_update_policy	The CPX Instance group rolling update policy	list(object({ instance_redistribution_type = string min_ready_sec = number replacement_method = string minimal_action = string type = string max_surge_fixed = optional(number, null) max_surge_percent = optional(number, null) # Can only use if you run 10 or more instances max_unavailable_fixed = optional(number, null) max_unavailable_percent = optional(number, null) # Can only use if you run 10 or more instances }))	[ { "instance_redistribution_type": "PROACTIVE", "max_surge_fixed": 3, "max_unavailable_fixed": 0, "min_ready_sec": 600, "minimal_action": "REFRESH", "replacement_method": "SUBSTITUTE", "type": "PROACTIVE" } ]	no
cpx_named_ports	CPX named ports for firewall and Google service connectivity	list(object({ name = string port = number }))	[ { "name": "https", "port": 443 } ]	no
cpx_vm_instance_config	CPX Compute instance configuration settings	object({ machine_type = string disk_size_gb = string disk_type = string })	n/a	yes
create_kasm_autoscale_service_account	Create a GCP service account capable of managing Kasm Cloud Autoscaling for GCP agents	bool	false	no
create_public_dns_zone	Set to true if you wish to create a public DNS zone for this Kasm instance. If not, the public_dns_friendly_name should belong to an existing DNS zone.	bool	true	no
custom_firewall_rules	Additional, custom firewall rules	list(object({ name = string description = optional(string, null) direction = optional(string, null) priority = optional(number, null) ranges = optional(list(string), null) source_tags = optional(list(string), null) source_service_accounts = optional(list(string), null) target_tags = optional(list(string), null) target_service_accounts = optional(list(string), null) allow = optional(list(object({ protocol = string ports = optional(list(string)) })), null) deny = optional(list(object({ protocol = string ports = optional(list(string)) })), null) log_config = optional(object({ metadata = string }), null) }))	[]	no
custom_kasm_routes	Custom routes to add to VPC	list(object({ name = string destination_range = string description = optional(string, null) priority = optional(number, null) next_hop_internet = optional(bool, false) next_hop_ip = optional(string, null) next_hop_instance = optional(string, null) next_hop_instance_zone = optional(string, null) next_hop_vpn_tunnel = optional(string, null) next_hop_ilb = optional(string, null) tags = optional(list(string), []) }))	[]	no
database_vm_instance_config	Database Compute instance configuration settings	object({ machine_type = string disk_size_gb = number instance_role = string name = optional(string) name_prefix = optional(string) disk_auto_delete = optional(bool) description = optional(string) disk_type = optional(string) })	n/a	yes
deploy_connection_proxy	Deploy Kasm Guacamole Server for RDP/SSH access to physical servers	bool	false	no
deploy_windows_hosts	Create a subnet and Firewall rules for Windows hosts. These hosts must be deployed manually, or you'll need to add your own compute entry for Windows hosts.	bool	false	no
deployment_type	The deployment type - Single-Server, Multi-Server, or Multi-Region	string	"Multi-Server"	no
enable_agent_nat_gateway	Deploy Kasm Agent behind a NAT gateway	bool	false	no
google_credential_file_path	File path to GCP account authentication file	string	""	no
kasm_admin_password	The administrative user password. No special characters	string	""	no
kasm_cert_map_base_name	Name to use for Kasm Global SSL certificate map	string	"kasm-global-certificate-map"	no
kasm_certificate_base_name	Name to use for Kasm Global SSL certificate	string	"kasm-global-tls-certificate"	no
kasm_certificate_dns_auth_base_name	Name to use for Kasm SSL DNS authorization service	string	"kasm-global-certificate-dns-authorization"	no
kasm_database_password	The password for the database. No special characters	string	""	no
kasm_deployment_regions	Kasm regions to deploy into	list(string)	n/a	yes
kasm_domain_name	Public DNS domain name to use for Kasm deployment	string	n/a	yes
kasm_download_url	Download URL for Kasm Workspaces installer	string	n/a	yes
kasm_firewall_security_tags	Firewall tags to use for Kasm CPX firewall rules	object({ webapp = list(string) database = list(string) agent = list(string) cpx = optional(list(string), []) windows = optional(list(string), []) })	{ "agent": [ "kasm-agent" ], "cpx": [ "kasm-cpx" ], "database": [ "database" ], "webapp": [ "webapp" ], "windows": [ "kasm-windows" ] }	no
kasm_manager_token	The manager token value for Agents to authenticate to webapps. No special characters	string	""	no
kasm_project_name	Kasm deployment project name (separate from GCP Project id or Project Name)	string	""	no
kasm_redis_password	The password for the Redis server. No special characters	string	""	no
kasm_service_token	The service registration token value for Guac RDP servers to authenticate to webapps. No special characters	string	""	no
kasm_source_image	The source VM Image information to use for deploying Kasm. Recommended to use Ubuntu 20.04 Minimal. You can either explicitly define the source image to use, or the image project and family so that Terraform always chooses the latest.	object({ source_image = optional(string, null) project = optional(string, null) family = optional(string, null) })	{ "family": "ubuntu-minimal-2004-lts", "project": "ubuntu-os-cloud" }	no
kasm_user_password	The standard (non administrator) user password. No special characters	string	""	no
kasm_version	Kasm version to deploy	string	""	no
kasm_vpc_subnet	VPC Subnet CIDR range. All other Subnets will be automatically calculated from this seed value.	string	"10.0.0.0/16"	no
number_of_agents_per_region	The number of static Kasm agents to deploy in each region. Set this to 0 to	number	n/a	yes
private_dns_friendly_name	Private DNS Zone resource name	string	n/a	yes
project_id	GCP Project ID where to deploy Kasm	string	n/a	yes
public_dns_friendly_name	Public DNS Zone resource name. If not creating a new DNS Zone, make sure the desired DNS zone already exists.	string	n/a	yes
public_load_balancer_name	GCP name for Global Public HTTPS Load balancer	string	"webapp-global-load-balancer"	no
resource_labels	Default tags to add to Terraform-deployed Kasm services	map(any)	null	no
service_account_name	Account name to use for Kasm Autoscaling service account	string	""	no
show_passwords	Show Kasm passwords in root Terraform output	bool	true	no
show_sa_credentials	Show GCP Service account credential file in output	bool	true	no
use_gcp_certificate_manager	Use Certificate Manager to create and manage the Kasm public SSL certificate	bool	false	no
vpc_name	Name for Kasm VPC	string	n/a	yes
webapp_autoscale_cool_down_period	Time in seconds for the autoscale group to wait before evaluating the health of the webapp	number	600	no
webapp_autoscale_max_instances	Webapp Autoscale maximum number of instances	number	5	no
webapp_autoscale_min_instances	Webapp Autoscale minimum number of instances	number	2	no
webapp_autoscale_scale_in_settings	Webapp Autoscale scale-in settings	object({ fixed_replicas = number time_window_sec = number percent_replicas = optional(number, null) })	{ "fixed_replicas": 1, "time_window_sec": 600 }	no
webapp_autoscale_scale_out_cpu	Webapp Autoscale CPU percent to scale up webapps	list(object({ target = number predictive_method = string }))	[ { "predictive_method": "NONE", "target": 0.6 } ]	no
webapp_health_check	HTTPS Managed Instance Group healthcheck for webapps.	object({ type = string initial_delay_sec = number check_interval_sec = number healthy_threshold = number timeout_sec = number unhealthy_threshold = number port = number port_name = string request_path = string response = optional(string, "") proxy_header = optional(string, "NONE") request = optional(string, "") host = optional(string, "") enable_log = optional(bool, false) enable_logging = optional(string, false) })	{ "check_interval_sec": 30, "healthy_threshold": 2, "initial_delay_sec": 600, "port": 443, "port_name": "https", "request_path": "/api/__healthcheck", "timeout_sec": 10, "type": "https", "unhealthy_threshold": 5 }	no
webapp_health_check_name	Name of Webapp Managed Instance Group healthcheck	string	"webapp-healthcheck"	no
webapp_hostname_prefix	Webapp hostname prefix to use for instance group	string	"webapp"	no
webapp_instance_update_policy	The Instance group rolling update policy	list(object({ instance_redistribution_type = string min_ready_sec = number replacement_method = string minimal_action = string type = string max_surge_fixed = optional(number, null) max_surge_percent = optional(number, null) # Can only use if you run 10 or more instances max_unavailable_fixed = optional(number, null) max_unavailable_percent = optional(number, null) # Can only use if you run 10 or more instances }))	[ { "instance_redistribution_type": "PROACTIVE", "max_surge_fixed": 3, "max_unavailable_fixed": 0, "min_ready_sec": 600, "minimal_action": "REFRESH", "replacement_method": "SUBSTITUTE", "type": "PROACTIVE" } ]	no
webapp_lb_health_check	HTTPS Load balancer and healthcheck for webapps.	object({ check_interval_sec = optional(number) timeout_sec = optional(number) healthy_threshold = optional(number) unhealthy_threshold = optional(number) request_path = optional(string) port = optional(number) host = optional(string) logging = optional(bool) })	{ "check_interval_sec": 30, "healthy_threshold": 2, "port": 443, "request_path": "/api/__healthcheck", "timeout_sec": 10, "unhealthy_threshold": 3 }	no
webapp_named_ports	Webapp named ports for firewall and Google service connectivity	list(object({ name = string port = number }))	[ { "name": "https", "port": 443 } ]	no
webapp_vm_instance_config	Webapp Compute instance configuration settings	object({ machine_type = string disk_size_gb = string disk_type = string })	n/a	yes

Outputs

Name	Description
kasm_passwords	Kasm login passwords
kasm_sa_account	Kasm Service Account connection details