added simple-template

.pre-commit-config.yaml

@@ -3,7 +3,11 @@ repos:
     rev: "v0.16.0"
     hooks:
       - id: terraform-docs-go
-        args: ["markdown", "table", "--output-file", "README.md", "."]
+        args: ["markdown", "table", "--output-file", "README.md", "./simple-template"]
+      - id: terraform-docs-go
+        args: ["markdown", "table", "--output-file", "README.md", "./private-cluster-module"]
+      - id: terraform-docs-go
+        args: ["markdown", "table", "--output-file", "README.md", "./bucket"]
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.4.0
     hooks:

.terraform.lock.hcl

@@ -1,55 +0,0 @@
-# This file is maintained automatically by "tofu init".
-# Manual edits may be lost in future updates.
-
-provider "registry.opentofu.org/hashicorp/google" {
-  version     = "5.27.0"
-  constraints = "~> 5.27.0"
-  hashes = [
-    "h1:cMRlEcTObLOVpFx09v3osbNtKayr2IIJFuhsRPdfrT4=",
-    "zh:10dee695387df836c8f2a7e7f4609e3d3d910e8070cebf91bdd4e4449237191b",
-    "zh:260a2bf30a5e0cbbb2a331a74561886df3d380be26beeb1f50a3cab829208eed",
-    "zh:2a87013cb2a408b2d494e2e7a938d2c6df7ed85156a6fe6be47a84390c3e3162",
-    "zh:443aa9b0637de3e20ff901a5e2e431d82bac80067eca3256d8792b4d069a9018",
-    "zh:4eb358ad15b756993b36fa7ef70507b9ad3fefa7869ac6d483a83a9f8beaa5f7",
-    "zh:5e8657fca3376d3b8f57aaa2ebf0575974f0d3af7448ad456ceae8364322362b",
-    "zh:8bcf6fa7adcc375ffb293dc72ba4e1ee8ad39fbadf11d901bd413fa01de836c6",
-    "zh:965d6df9bf7f0d85e0f61a9d7e5afdd389219e8b339ed241646ac292aedc839e",
-    "zh:c573e6c6e84691bf1c7736c238290441b2be40038972230dcaa7adc48b74b316",
-    "zh:eac4f56c4f3ddaead0a55d3b2016391578fdf3dea060b2ed32ac80974cd46b1d",
-  ]
-}
-
-provider "registry.opentofu.org/hashicorp/helm" {
-  version = "2.14.0"
-  hashes = [
-    "h1:K1yXsEeNhW/7YVSvsv55UaFSx4hHeKB1giPuQUKmFfQ=",
-    "zh:1c84ca8c274564c46497e89055139c7af64c9e1a8dd4f1cd4c68503ac1322fb8",
-    "zh:211a763173934d30c2e49c0cc828b1e34a528b0fdec8bf48d2bb3afadd4f9095",
-    "zh:3dca0b703a2f82d3e283a9e9ca6259a3b9897b217201f3cddf430009a1ca00c9",
-    "zh:40c5cfd48dcef54e87129e19d31c006c2e3309ee6c09d566139eaf315a59a369",
-    "zh:6f23c00ca1e2663e2a208a7491aa6dbe2604f00e0af7e23ef9323206e8f2fc81",
-    "zh:77f8cfc4888600e0d12da137bbdb836de160db168dde7af26c2e44cf00cbf057",
-    "zh:97b99c945eafa9bafc57c3f628d496356ea30312c3df8dfac499e0f3ff6bf0c9",
-    "zh:a01cfc53e50d5f722dc2aabd26097a8e4d966d343ffd471034968c2dc7a8819d",
-    "zh:b69c51e921fe8c91e38f4a82118d0b6b0f47f6c71a76f506fde3642ecbf39911",
-    "zh:fb8bfc7b8106bef58cc5628c024103f0dd5276d573fe67ac16f343a2b38ecee8",
-  ]
-}
-
-provider "registry.opentofu.org/hashicorp/kubernetes" {
-  version     = "2.29.0"
-  constraints = "~> 2.29.0"
-  hashes = [
-    "h1:WcfXWA92IBkzQCGSv05Yb8Lped8kp7RRJEQIWG5nDTY=",
-    "zh:2467de940f98ef5d3ed977a0f6b797962cd9ae6210ef706b8f6e6db23a0b3b99",
-    "zh:480a2ccc9e1f3a444b6ebf836d87061002be00c54482be7180e090dddc47809e",
-    "zh:4ce04ba31734813d6636b51b2346b8262253264033be2775d66e8298551c2dde",
-    "zh:56b94fcd5ba65cae892fd64e831838369ae4615582c314eee73fa2e513689991",
-    "zh:5a7e858dc3600e542182abcec9079e2f8741d1ba72114e87668ef64679e7191a",
-    "zh:905b6eb78f19bd80b22c688af06130353977f77f313738c8e0cfc524e8550d4c",
-    "zh:ccf5c3e7383d11785a735a0ce7751e4ff394b133aa5085857139eaec1d9a54c1",
-    "zh:eb4e72d3abf937c283f702342eb1fc820b3dbfc743b1e24c84c3604c8fca1988",
-    "zh:eea59cd51ef366269231cbfa5b77fc3b9fbebecfd6bca8dff27e5abd96188d92",
-    "zh:f026a8b4fa2ca566c3d6cd9bfdd0dd58c0631e3d945b98a8ced0943aa27dd4bd",
-  ]
-}

README.md

@@ -1,95 +1,19 @@
-# How to use repo
+# Terraform GKE clusters templates
 
-1. Create `terraform.tfvars` file with a few variables
-```shell
-project          = "gcp-project"
-region           = "europe-west1"
-environment_name = "demo"
-```
+Hello everyone! I'm glad to see you here.
+This is a repository with a few examples of GKE clusters that you can create in your own GCP project.
+Feel free to use this code in sandboxes for testing purposes.
 
-2. Create cluster
-All commands will be applied via Terraform 1.7.0 and via OpenTofu, the same version.
+Also, I'm adding links to this repository in my articles on [my Medium](https://medium.com/@ksemele) and other places.
 
-Here are OpenTofu commands.
-```shell
-tofu init
-tofu apply
-```
+## How to use this repo
 
-3. Get the credentials for the new cluster (configure kubeconfig)
+You can see a few directories in this repo:
+* [bucket](https://github.com/ksemele/tf-gke-test/tree/main/bucket) - terraform code for creating google bucket for storing remote state
+* [simple-template](https://github.com/ksemele/tf-gke-test/tree/main/simple-template) - Simple GKE example. Usually it's enough for any of my tests.
+* [private-cluster-module](https://github.com/ksemele/tf-gke-test/tree/main/private-cluster-module) - GKE created by `beta-private-cluster-update-variant` module. Creates GKE cluster with a private network.
 
-You can see all useful commands and links in the output:
+Each directory contains its own readme with all needed commands to reproduce the example.
+---
 
-```shell
-tofu output
-```
-
-There is a manual command:
-
-```shell
-gcloud container clusters get-credentials $(tofu output -raw kubernetes_cluster_name) --region $(tofu output -raw zone) --project $(tofu output -raw project)
-```
-
-Or just use `./get-credentials.sh`
-
-4. Destroy all resources
-
-```shell
-tofu destroy
-```
-
-<!-- BEGIN_TF_DOCS -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~>1.7.0 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | ~>5.27.0 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~>2.29.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 5.27.0 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.29.0 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [google_compute_network.vpc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network) | resource |
-| [google_compute_subnetwork.subnet](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource |
-| [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) | resource |
-| [google_container_node_pool.primary_nodes](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool) | resource |
-| [google_project_service.service_networking](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_service) | resource |
-| [kubernetes_namespace.demo-cluster](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [google_client_config.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_environment_name"></a> [environment\_name](#input\_environment\_name) | n/a | `string` | `"demo"` | no |
-| <a name="input_project"></a> [project](#input\_project) | Google Project to create resources in | `string` | `"demo"` | no |
-| <a name="input_region"></a> [region](#input\_region) | The region to host the cluster in | `string` | `"us-central1"` | no |
-| <a name="input_vpc_host_project"></a> [vpc\_host\_project](#input\_vpc\_host\_project) | Host Project where virtual network exists | `string` | `"demo"` | no |
-| <a name="input_zone"></a> [zone](#input\_zone) | The region to host the cluster in | `string` | `"us-central1-b"` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_gcloud_gke_get_creds"></a> [gcloud\_gke\_get\_creds](#output\_gcloud\_gke\_get\_creds) | Command to get GKE credentials |
-| <a name="output_gcloud_gke_link"></a> [gcloud\_gke\_link](#output\_gcloud\_gke\_link) | GKE web ui link |
-| <a name="output_gcloud_vpc_link"></a> [gcloud\_vpc\_link](#output\_gcloud\_vpc\_link) | VPC web ui link |
-| <a name="output_kubernetes_cluster_host"></a> [kubernetes\_cluster\_host](#output\_kubernetes\_cluster\_host) | GKE Cluster Host |
-| <a name="output_kubernetes_cluster_name"></a> [kubernetes\_cluster\_name](#output\_kubernetes\_cluster\_name) | GKE Cluster Name |
-| <a name="output_project"></a> [project](#output\_project) | GCloud Project ID |
-| <a name="output_region"></a> [region](#output\_region) | GCloud Region |
-| <a name="output_zone"></a> [zone](#output\_zone) | GCloud Project ID |
-<!-- END_TF_DOCS -->
+❤️ I'm very thankful to [Altenar](https://altenar.com) who sponsored me in this project.

demo-namespace.tf

@@ -1,6 +0,0 @@
-resource "kubernetes_namespace" "demo-cluster" {
-  metadata {
-    name = "demo-cluster"
-  }
-  depends_on = [google_container_node_pool.primary_nodes]
-}

get-credentials.sh

@@ -1,2 +0,0 @@
-#!/bin/bash
-gcloud container clusters get-credentials $(tofu output -raw kubernetes_cluster_name) --region $(tofu output -raw zone) --project $(tofu output -raw project)

simple-template/README.md

@@ -0,0 +1,128 @@
+# simple-template
+
+## What is created ty thah template
+
+This example is using local state.
+You need an empty google project for tests.
+
+1. VPC network with one subnet
+2. GKE cluster with an external endpoint and services network (be careful with that!)
+3. Workload nodepool with one node
+3. Namespace `this-is-demo-cluster`
+
+## How to use the code
+
+1. Create a `terraform.tfvars` file with a few variables
+
+```shell
+project          = "your-gcp-project"
+```
+`region`, `zone` and `environment_name` are optional
+
+2. Create the cluster
+
+All commands will be applied via Terraform 1.8.0 or via OpenTofu, the same version.
+I use alias `t` for the commands.
+
+```shell
+t init
+t apply
+```
+
+3. Get the credentials for the new cluster (configure kubeconfig)
+
+You can see all useful commands and links in the output:
+
+```shell
+t output
+```
+
+There is a manual command:
+
+```shell
+gcloud container clusters get-credentials $(t output -raw kubernetes_cluster_name) --zone $(t output -raw zone) --project $(t output -raw project)
+```
+
+Or just use `./get-credentials.sh`
+
+4. Destroy all resources
+
+```shell
+t destroy
+```
+
+## Additional info
+
+Some manual tests.
+
+### terraform
+✅ create cluster<br>
+✅ `./get-credentials.sh`<br>
+✅ manual cred command<br>
+✅ output `gcloud_gke_get_creds` command<br>
+✅ create simple nginx pod `kubectl run nginx --image=nginx:latest -n default && kubectl get po -w`<br>
+✅ `flux install && kubectl get po -n flux-system -w`<br>
+✅ destroy cluster
+
+### opentofu
+✅ create cluster<br>
+✅ `./get-credentials.sh`<br>
+✅ manual cred command<br>
+✅ output `gcloud_gke_get_creds` command<br>
+✅ create simple nginx pod `kubectl run nginx --image=nginx:latest -n default && kubectl get po -w`<br>
+✅ `flux install && kubectl get po -n flux-system -w`<br>
+✅ destroy cluster
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~>1.8.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~>5.42.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~>2.32.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_google"></a> [google](#provider\_google) | 5.42.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.32.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_compute_network.vpc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network) | resource |
+| [google_compute_subnetwork.subnet](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource |
+| [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) | resource |
+| [google_container_node_pool.primary_nodes](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool) | resource |
+| [google_project_service.service_networking](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_service) | resource |
+| [kubernetes_namespace.this-is-demo-cluster](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [google_client_config.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_project"></a> [project](#input\_project) | Google Project to create resources in | `string` | `"demo"` | no |
+| <a name="input_region"></a> [region](#input\_region) | The region to host the cluster in | `string` | `"us-central1"` | no |
+| <a name="input_zone"></a> [zone](#input\_zone) | The region to host the cluster in | `string` | `"us-central1-b"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_gcloud_gke_get_creds"></a> [gcloud\_gke\_get\_creds](#output\_gcloud\_gke\_get\_creds) | Command to get GKE credentials |
+| <a name="output_gcloud_gke_link"></a> [gcloud\_gke\_link](#output\_gcloud\_gke\_link) | GKE web ui link |
+| <a name="output_gcloud_vpc_link"></a> [gcloud\_vpc\_link](#output\_gcloud\_vpc\_link) | VPC web ui link |
+| <a name="output_kubernetes_cluster_host"></a> [kubernetes\_cluster\_host](#output\_kubernetes\_cluster\_host) | GKE Cluster Host |
+| <a name="output_kubernetes_cluster_name"></a> [kubernetes\_cluster\_name](#output\_kubernetes\_cluster\_name) | GKE Cluster Name |
+| <a name="output_project"></a> [project](#output\_project) | GCloud Project ID |
+| <a name="output_region"></a> [region](#output\_region) | GCloud Region |
+| <a name="output_zone"></a> [zone](#output\_zone) | GCloud Project ID |
+<!-- END_TF_DOCS -->

simple-template/demo-namespace.tf

@@ -0,0 +1,6 @@
+resource "kubernetes_namespace" "this-is-demo-cluster" {
+  metadata {
+    name = "this-is-demo-cluster"
+  }
+  depends_on = [google_container_node_pool.primary_nodes]
+}

simple-template/get-credentials.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if grep -H "opentofu.org" .terraform.lock.hcl > /dev/null; then
+    echo "trying to read tofu state"
+    gcloud container clusters get-credentials $(tofu output -raw kubernetes_cluster_name) --zone $(tofu output -raw zone) --project $(tofu output -raw project)
+else
+    echo "trying to read terraform state"
+    gcloud container clusters get-credentials $(terraform output -raw kubernetes_cluster_name) --zone $(terraform output -raw zone) --project $(terraform output -raw project)
+fi

simple-template/gke.tf

@@ -1,5 +1,9 @@
+locals {
+  cluster_name = "${var.project}-gke"
+}
+
 resource "google_container_cluster" "primary" {
-  name     = "${var.project}-gke"
+  name     = local.cluster_name
   location = var.zone
 
   # We can't create a cluster with no node pool defined, but we want to only use
@@ -10,10 +14,16 @@ resource "google_container_cluster" "primary" {
 
   network             = google_compute_network.vpc.name
   subnetwork          = google_compute_subnetwork.subnet.name
-  deletion_protection = false # Use this only for study purposess
-  depends_on          = [google_compute_network.vpc, google_compute_subnetwork.subnet]
+  deletion_protection = false # Use this only for testing purposess!
+  depends_on = [
+    google_compute_network.vpc,
+    google_compute_subnetwork.subnet
+  ]
 }
 
+# You can use only the default pool for your experiments, but in that confuguration
+# you have more flexibility. Even Prometheus or Flux doesn't run in the default node.
+# That's why I suppose to use a separate node pool.
 resource "google_container_node_pool" "primary_nodes" {
   name       = google_container_cluster.primary.name
   location   = var.zone
@@ -36,8 +46,8 @@ resource "google_container_node_pool" "primary_nodes" {
     preemptible  = true
     machine_type = "n2-standard-8"
     tags = [
-      "${var.environment_name}-k8s-${var.region}",
-      "${var.environment_name}-k8s-${var.region}-nodes"
+      "${local.cluster_name}-${var.region}",
+      "${local.cluster_name}-${var.region}-nodes"
     ]
     metadata = {
       disable-legacy-endpoints = "true"

simple-template/outputs.tf

@@ -20,12 +20,13 @@ output "kubernetes_cluster_name" {
 
 output "kubernetes_cluster_host" {
   description = "GKE Cluster Host"
+  sensitive   = true
   value       = google_container_cluster.primary.endpoint
 }
 
 output "gcloud_gke_get_creds" {
   description = "Command to get GKE credentials"
-  value       = "gcloud container clusters get-credentials ${google_container_cluster.primary.name} --region ${google_container_cluster.primary.location} --project ${var.project}"
+  value       = "gcloud container clusters get-credentials ${google_container_cluster.primary.name} --zone ${google_container_cluster.primary.location} --project ${var.project}"
 }
 
 output "gcloud_vpc_link" {
@@ -35,5 +36,5 @@ output "gcloud_vpc_link" {
 
 output "gcloud_gke_link" {
   description = "GKE web ui link"
-  value       = "https://console.cloud.google.com/kubernetes/clusters/details/${var.region}/${var.project}-gke/details?project=${var.project}"
+  value       = "https://console.cloud.google.com/kubernetes/clusters/details/${var.region}/${local.cluster_name}/details?project=${var.project}"
 }

simple-template/providers.tf

@@ -10,11 +10,3 @@ provider "kubernetes" {
   token                  = data.google_client_config.primary.access_token
   cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
 }
-
-provider "helm" {
-  kubernetes {
-    host                   = "https://${google_container_cluster.primary.endpoint}"
-    token                  = data.google_client_config.primary.access_token
-    cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
-  }
-}

simple-template/variables.tf

@@ -1,20 +1,9 @@
 variable "project" {
+  type        = string
   description = "Google Project to create resources in"
-  type        = string
   default     = "demo"
 }
 
-variable "vpc_host_project" {
-  description = "Host Project where virtual network exists"
-  type        = string
-  default     = "demo"
-}
-
-variable "environment_name" {
-  type    = string
-  default = "demo"
-}
-
 variable "region" {
   type        = string
   description = "The region to host the cluster in"

simple-template/versions.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_version = "~>1.8.0"
+
+  required_providers {
+    # https://github.com/hashicorp/terraform-provider-google
+    google = {
+      source  = "hashicorp/google"
+      version = "~>5.42.0"
+    }
+    # https://github.com/hashicorp/terraform-provider-kubernetes
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~>2.32.0"
+    }
+  }
+}

versions.tf

@@ -1,14 +0,0 @@
-terraform {
-  required_version = "~>1.7.0"
-
-  required_providers {
-    google = {
-      source  = "hashicorp/google" # https://github.com/hashicorp/terraform-provider-google
-      version = "~>5.27.0"
-    }
-    kubernetes = {
-      source  = "hashicorp/kubernetes" # https://github.com/hashicorp/terraform-provider-kubernetes
-      version = "~>2.29.0"
-    }
-  }
-}