From 2598cc76d73e00b2b5e23d4fe1dd07ae7baa724f Mon Sep 17 00:00:00 2001 From: Aleksei Krugliak Date: Wed, 3 May 2023 08:52:20 -0400 Subject: [PATCH] add gke cluster code --- .gitignore | 57 +++++++++++++++++++++++++++++ .pre-commit-config.yaml | 10 +++++ README.md | 81 +++++++++++++++++++++++++++++++++++++++++ flux.tf | 5 +++ gke.tf | 40 ++++++++++++++++++++ outputs.tf | 19 ++++++++++ providers.tf | 15 ++++++++ variables.tf | 27 ++++++++++++++ versions.tf | 14 +++++++ vpc.tf | 19 ++++++++++ 10 files changed, 287 insertions(+) create mode 100644 .gitignore create mode 100644 .pre-commit-config.yaml create mode 100644 README.md create mode 100644 flux.tf create mode 100644 gke.tf create mode 100644 outputs.tf create mode 100644 providers.tf create mode 100644 variables.tf create mode 100644 versions.tf create mode 100644 vpc.tf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7195aaf --- /dev/null +++ b/.gitignore @@ -0,0 +1,57 @@ +# These are some examples of commonly ignored file patterns. +# You should customize this list as applicable to your project. +# Learn more about .gitignore: +# https://www.atlassian.com/git/tutorials/saving-changes/gitignore + +# Node artifact files +node_modules/ +dist/ + +# Compiled Java class files +*.class + +# Compiled Python bytecode +*.py[cod] + +# Log files +*.log + +# Package files +*.jar + +# Maven +target/ +dist/ + +# JetBrains IDE +.idea/ + +# Unit test reports +TEST*.xml + +# Generated by MacOS +.DS_Store + +# Generated by Windows +Thumbs.db + +# Applications +*.app +*.exe +*.war + +# Large media files +*.mp4 +*.tiff +*.avi +*.flv +*.mov +*.wmv + +.terraform/ +.terraform* +terraform.* +*.tfvars +flux-git-auth.yaml + +.idea diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..d629c01 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,10 @@ +repos: + - repo: https://github.com/terraform-docs/terraform-docs + rev: "v0.16.0" + hooks: + - id: terraform-docs-go + args: ["markdown", "table", "--output-file", "README.md", "."] + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: trailing-whitespace \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..a81463c --- /dev/null +++ b/README.md @@ -0,0 +1,81 @@ +# How to use + +1. Create *.tfvars file with a few variables +``` +project = "gcp-project" +region = "europe-west1" +environment_name = "demo" +``` + +2. Create cluster +``` +terraform init +terraform apply +``` + +3. Configure kubeconfig for new cluster +``` +gcloud container clusters get-credentials $(terraform output -raw kubernetes_cluster_name) --region $(terraform output -raw region) --project $(terraform output -raw project) +``` + +4. Destroy all resources +``` +terraform destroy -target 'kubernetes_namespace.flux-system' +terraform destroy -target 'google_container_node_pool.primary_nodes' +terraform destroy -target 'google_container_cluster.primary' +terraform destroy -target 'google_compute_subnetwork.subnet' +terraform destroy -target 'google_compute_network.vpc' +terraform destroy -target 'data.google_client_config.primary' +``` + + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | ~>1.4.2 | +| [google](#requirement\_google) | ~>4.62.0 | +| [kubernetes](#requirement\_kubernetes) | ~>2.19.0 | + +## Providers + +| Name | Version | +|------|---------| +| [google](#provider\_google) | 4.62.1 | +| [kubernetes](#provider\_kubernetes) | 2.19.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [google_compute_network.vpc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network) | resource | +| [google_compute_subnetwork.subnet](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource | +| [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) | resource | +| [google_container_node_pool.primary_nodes](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool) | resource | +| [kubernetes_namespace.flux-system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [google_client_config.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [environment\_name](#input\_environment\_name) | n/a | `string` | `"demo"` | no | +| [gke\_num\_nodes](#input\_gke\_num\_nodes) | number of gke nodes | `number` | `1` | no | +| [project](#input\_project) | Google Project to create resources in | `string` | `"demo"` | no | +| [region](#input\_region) | The region to host the cluster in | `string` | `"us-central1"` | no | +| [vpc\_host\_project](#input\_vpc\_host\_project) | Host Project where virtual network exists | `string` | `"demo"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [kubernetes\_cluster\_host](#output\_kubernetes\_cluster\_host) | GKE Cluster Host | +| [kubernetes\_cluster\_name](#output\_kubernetes\_cluster\_name) | GKE Cluster Name | +| [project](#output\_project) | GCloud Project ID | +| [region](#output\_region) | GCloud Region | + diff --git a/flux.tf b/flux.tf new file mode 100644 index 0000000..d61afc1 --- /dev/null +++ b/flux.tf @@ -0,0 +1,5 @@ +resource "kubernetes_namespace" "flux-system" { + metadata { + name = "flux-system" + } +} \ No newline at end of file diff --git a/gke.tf b/gke.tf new file mode 100644 index 0000000..4fb9af1 --- /dev/null +++ b/gke.tf @@ -0,0 +1,40 @@ +# GKE cluster +resource "google_container_cluster" "primary" { + name = "${var.project}-gke" + location = var.region + + # We can't create a cluster with no node pool defined, but we want to only use + # separately managed node pools. So we create the smallest possible default + # node pool and immediately delete it. + remove_default_node_pool = true + initial_node_count = 1 + + network = google_compute_network.vpc.name + subnetwork = google_compute_subnetwork.subnet.name +} + +# Separately Managed Node Pool +resource "google_container_node_pool" "primary_nodes" { + name = google_container_cluster.primary.name + location = var.region + cluster = google_container_cluster.primary.name + node_count = var.gke_num_nodes + + node_config { + oauth_scopes = [ + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + ] + + labels = { + env = var.project + } + + preemptible = true + machine_type = "custom-2-4096" # 1 core too low for Prometheus... + tags = ["gke-node", "${var.project}-gke"] + metadata = { + disable-legacy-endpoints = "true" + } + } +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..81698e7 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,19 @@ +output "region" { + value = var.region + description = "GCloud Region" +} + +output "project" { + value = var.project + description = "GCloud Project ID" +} + +output "kubernetes_cluster_name" { + value = google_container_cluster.primary.name + description = "GKE Cluster Name" +} + +output "kubernetes_cluster_host" { + value = google_container_cluster.primary.endpoint + description = "GKE Cluster Host" +} diff --git a/providers.tf b/providers.tf new file mode 100644 index 0000000..e00c4b7 --- /dev/null +++ b/providers.tf @@ -0,0 +1,15 @@ +data "google_client_config" "primary" {} + +provider "kubernetes" { + host = "https://${google_container_cluster.primary.endpoint}" + token = data.google_client_config.primary.access_token + cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate) +} + +provider "helm" { + kubernetes { + host = "https://${google_container_cluster.primary.endpoint}" + token = data.google_client_config.primary.access_token + cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate) + } +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..d4a5d5d --- /dev/null +++ b/variables.tf @@ -0,0 +1,27 @@ +variable "project" { + description = "Google Project to create resources in" + type = string + default = "demo" +} + +variable "vpc_host_project" { + description = "Host Project where virtual network exists" + type = string + default = "demo" +} + +variable "environment_name" { + type = string + default = "demo" +} + +variable "region" { + type = string + description = "The region to host the cluster in" + default = "us-central1" +} + +variable "gke_num_nodes" { + default = 1 + description = "number of gke nodes" +} diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..54cdf42 --- /dev/null +++ b/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = "~>1.4.2" + + required_providers { + google = { + source = "hashicorp/google" # https://github.com/hashicorp/terraform-provider-google + version = "~>4.62.0" + } + kubernetes = { + source = "hashicorp/kubernetes" # https://github.com/hashicorp/terraform-provider-kubernetes + version = "~>2.19.0" + } + } +} diff --git a/vpc.tf b/vpc.tf new file mode 100644 index 0000000..63a5aa5 --- /dev/null +++ b/vpc.tf @@ -0,0 +1,19 @@ +provider "google" { + project = var.project + region = var.region +} + +# VPC +resource "google_compute_network" "vpc" { + name = "${var.project}-vpc" + auto_create_subnetworks = "false" +} + +# Subnet +resource "google_compute_subnetwork" "subnet" { + name = "${var.project}-subnet" + region = var.region + network = google_compute_network.vpc.name + ip_cidr_range = "10.10.0.0/24" + private_ip_google_access = true +}