refactor readme and some cluster; add script for fetch cluster creds

This commit is contained in:
Aleksei Krugliak 2024-06-16 12:41:35 +04:00
parent b19f7f7cbc
commit c355d27bb1
11 changed files with 105 additions and 34 deletions

2
.gitignore vendored
View File

@ -57,7 +57,5 @@ terraform.*
*.tfvars *.tfvars
flux-git-auth.yaml flux-git-auth.yaml
# custom # custom
_* _*

55
.terraform.lock.hcl Normal file
View File

@ -0,0 +1,55 @@
# This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates.
provider "registry.opentofu.org/hashicorp/google" {
version = "5.27.0"
constraints = "~> 5.27.0"
hashes = [
"h1:cMRlEcTObLOVpFx09v3osbNtKayr2IIJFuhsRPdfrT4=",
"zh:10dee695387df836c8f2a7e7f4609e3d3d910e8070cebf91bdd4e4449237191b",
"zh:260a2bf30a5e0cbbb2a331a74561886df3d380be26beeb1f50a3cab829208eed",
"zh:2a87013cb2a408b2d494e2e7a938d2c6df7ed85156a6fe6be47a84390c3e3162",
"zh:443aa9b0637de3e20ff901a5e2e431d82bac80067eca3256d8792b4d069a9018",
"zh:4eb358ad15b756993b36fa7ef70507b9ad3fefa7869ac6d483a83a9f8beaa5f7",
"zh:5e8657fca3376d3b8f57aaa2ebf0575974f0d3af7448ad456ceae8364322362b",
"zh:8bcf6fa7adcc375ffb293dc72ba4e1ee8ad39fbadf11d901bd413fa01de836c6",
"zh:965d6df9bf7f0d85e0f61a9d7e5afdd389219e8b339ed241646ac292aedc839e",
"zh:c573e6c6e84691bf1c7736c238290441b2be40038972230dcaa7adc48b74b316",
"zh:eac4f56c4f3ddaead0a55d3b2016391578fdf3dea060b2ed32ac80974cd46b1d",
]
}
provider "registry.opentofu.org/hashicorp/helm" {
version = "2.14.0"
hashes = [
"h1:K1yXsEeNhW/7YVSvsv55UaFSx4hHeKB1giPuQUKmFfQ=",
"zh:1c84ca8c274564c46497e89055139c7af64c9e1a8dd4f1cd4c68503ac1322fb8",
"zh:211a763173934d30c2e49c0cc828b1e34a528b0fdec8bf48d2bb3afadd4f9095",
"zh:3dca0b703a2f82d3e283a9e9ca6259a3b9897b217201f3cddf430009a1ca00c9",
"zh:40c5cfd48dcef54e87129e19d31c006c2e3309ee6c09d566139eaf315a59a369",
"zh:6f23c00ca1e2663e2a208a7491aa6dbe2604f00e0af7e23ef9323206e8f2fc81",
"zh:77f8cfc4888600e0d12da137bbdb836de160db168dde7af26c2e44cf00cbf057",
"zh:97b99c945eafa9bafc57c3f628d496356ea30312c3df8dfac499e0f3ff6bf0c9",
"zh:a01cfc53e50d5f722dc2aabd26097a8e4d966d343ffd471034968c2dc7a8819d",
"zh:b69c51e921fe8c91e38f4a82118d0b6b0f47f6c71a76f506fde3642ecbf39911",
"zh:fb8bfc7b8106bef58cc5628c024103f0dd5276d573fe67ac16f343a2b38ecee8",
]
}
provider "registry.opentofu.org/hashicorp/kubernetes" {
version = "2.29.0"
constraints = "~> 2.29.0"
hashes = [
"h1:WcfXWA92IBkzQCGSv05Yb8Lped8kp7RRJEQIWG5nDTY=",
"zh:2467de940f98ef5d3ed977a0f6b797962cd9ae6210ef706b8f6e6db23a0b3b99",
"zh:480a2ccc9e1f3a444b6ebf836d87061002be00c54482be7180e090dddc47809e",
"zh:4ce04ba31734813d6636b51b2346b8262253264033be2775d66e8298551c2dde",
"zh:56b94fcd5ba65cae892fd64e831838369ae4615582c314eee73fa2e513689991",
"zh:5a7e858dc3600e542182abcec9079e2f8741d1ba72114e87668ef64679e7191a",
"zh:905b6eb78f19bd80b22c688af06130353977f77f313738c8e0cfc524e8550d4c",
"zh:ccf5c3e7383d11785a735a0ce7751e4ff394b133aa5085857139eaec1d9a54c1",
"zh:eb4e72d3abf937c283f702342eb1fc820b3dbfc743b1e24c84c3604c8fca1988",
"zh:eea59cd51ef366269231cbfa5b77fc3b9fbebecfd6bca8dff27e5abd96188d92",
"zh:f026a8b4fa2ca566c3d6cd9bfdd0dd58c0631e3d945b98a8ced0943aa27dd4bd",
]
}

View File

@ -1,7 +1,7 @@
# How to use repo # How to use repo
1. Create `terraform.tfvars` file with a few variables 1. Create `terraform.tfvars` file with a few variables
```bash ```shell
project = "gcp-project" project = "gcp-project"
region = "europe-west1" region = "europe-west1"
environment_name = "demo" environment_name = "demo"
@ -11,7 +11,7 @@ environment_name = "demo"
All commands will be applied via Terraform 1.7.0 and via OpenTofu, the same version. All commands will be applied via Terraform 1.7.0 and via OpenTofu, the same version.
Here are OpenTofu commands. Here are OpenTofu commands.
```bash ```shell
tofu init tofu init
tofu apply tofu apply
``` ```
@ -19,18 +19,22 @@ tofu apply
3. Get the credentials for the new cluster (configure kubeconfig) 3. Get the credentials for the new cluster (configure kubeconfig)
You can see all useful commands and links in the output: You can see all useful commands and links in the output:
```bash
```shell
tofu output tofu output
``` ```
There is a manual command: There is a manual command:
```bash
gcloud container clusters get-credentials $(tofu output -raw kubernetes_cluster_name) --region $(tofu output -raw region) --project $(tofu output -raw project) ```shell
gcloud container clusters get-credentials $(tofu output -raw kubernetes_cluster_name) --region $(tofu output -raw zone) --project $(tofu output -raw project)
``` ```
Or just use `./get-credentials.sh`
4. Destroy all resources 4. Destroy all resources
```bash ```shell
tofu destroy tofu destroy
``` ```
@ -48,6 +52,7 @@ tofu destroy
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="provider_google"></a> [google](#provider\_google) | 5.27.0 | | <a name="provider_google"></a> [google](#provider\_google) | 5.27.0 |
| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.29.0 |
## Modules ## Modules
@ -61,6 +66,8 @@ No modules.
| [google_compute_subnetwork.subnet](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource | | [google_compute_subnetwork.subnet](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource |
| [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) | resource | | [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) | resource |
| [google_container_node_pool.primary_nodes](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool) | resource | | [google_container_node_pool.primary_nodes](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool) | resource |
| [google_project_service.service_networking](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_service) | resource |
| [kubernetes_namespace.demo-cluster](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [google_client_config.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source | | [google_client_config.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
## Inputs ## Inputs
@ -68,7 +75,6 @@ No modules.
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:| |------|-------------|------|---------|:--------:|
| <a name="input_environment_name"></a> [environment\_name](#input\_environment\_name) | n/a | `string` | `"demo"` | no | | <a name="input_environment_name"></a> [environment\_name](#input\_environment\_name) | n/a | `string` | `"demo"` | no |
| <a name="input_gke_num_nodes"></a> [gke\_num\_nodes](#input\_gke\_num\_nodes) | number of gke nodes | `number` | `1` | no |
| <a name="input_project"></a> [project](#input\_project) | Google Project to create resources in | `string` | `"demo"` | no | | <a name="input_project"></a> [project](#input\_project) | Google Project to create resources in | `string` | `"demo"` | no |
| <a name="input_region"></a> [region](#input\_region) | The region to host the cluster in | `string` | `"us-central1"` | no | | <a name="input_region"></a> [region](#input\_region) | The region to host the cluster in | `string` | `"us-central1"` | no |
| <a name="input_vpc_host_project"></a> [vpc\_host\_project](#input\_vpc\_host\_project) | Host Project where virtual network exists | `string` | `"demo"` | no | | <a name="input_vpc_host_project"></a> [vpc\_host\_project](#input\_vpc\_host\_project) | Host Project where virtual network exists | `string` | `"demo"` | no |
@ -85,4 +91,5 @@ No modules.
| <a name="output_kubernetes_cluster_name"></a> [kubernetes\_cluster\_name](#output\_kubernetes\_cluster\_name) | GKE Cluster Name | | <a name="output_kubernetes_cluster_name"></a> [kubernetes\_cluster\_name](#output\_kubernetes\_cluster\_name) | GKE Cluster Name |
| <a name="output_project"></a> [project](#output\_project) | GCloud Project ID | | <a name="output_project"></a> [project](#output\_project) | GCloud Project ID |
| <a name="output_region"></a> [region](#output\_region) | GCloud Region | | <a name="output_region"></a> [region](#output\_region) | GCloud Region |
| <a name="output_zone"></a> [zone](#output\_zone) | GCloud Project ID |
<!-- END_TF_DOCS --> <!-- END_TF_DOCS -->

6
demo-namespace.tf Normal file
View File

@ -0,0 +1,6 @@
resource "kubernetes_namespace" "demo-cluster" {
metadata {
name = "demo-cluster"
}
depends_on = [google_container_node_pool.primary_nodes]
}

View File

@ -1,5 +0,0 @@
# resource "kubernetes_namespace" "flux-system" {
# metadata {
# name = "flux-system"
# }
# }

2
get-credentials.sh Executable file
View File

@ -0,0 +1,2 @@
#!/bin/bash
gcloud container clusters get-credentials $(tofu output -raw kubernetes_cluster_name) --region $(tofu output -raw zone) --project $(tofu output -raw project)

19
gke.tf
View File

@ -1,7 +1,6 @@
# GKE cluster
resource "google_container_cluster" "primary" { resource "google_container_cluster" "primary" {
name = "${var.project}-gke" name = "${var.project}-gke"
location = var.region location = var.zone
# We can't create a cluster with no node pool defined, but we want to only use # We can't create a cluster with no node pool defined, but we want to only use
# separately managed node pools. So we create the smallest possible default # separately managed node pools. So we create the smallest possible default
@ -13,18 +12,19 @@ resource "google_container_cluster" "primary" {
subnetwork = google_compute_subnetwork.subnet.name subnetwork = google_compute_subnetwork.subnet.name
deletion_protection = false # Use this only for study purposess deletion_protection = false # Use this only for study purposess
depends_on = [google_compute_network.vpc, google_compute_subnetwork.subnet] depends_on = [google_compute_network.vpc, google_compute_subnetwork.subnet]
# min_master_version = "1.26.5-gke.1200"
} }
# Separately Managed Node Pool
resource "google_container_node_pool" "primary_nodes" { resource "google_container_node_pool" "primary_nodes" {
name = google_container_cluster.primary.name name = google_container_cluster.primary.name
location = var.region location = var.zone
cluster = google_container_cluster.primary.name cluster = google_container_cluster.primary.name
node_count = var.gke_num_nodes node_count = 1
node_config { node_config {
oauth_scopes = [ oauth_scopes = [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/monitoring",
] ]
@ -34,8 +34,11 @@ resource "google_container_node_pool" "primary_nodes" {
} }
preemptible = true preemptible = true
machine_type = "custom-2-4096" # 1 core too low for Prometheus... machine_type = "n2-standard-8"
tags = ["gke-node", "${var.project}-gke"] tags = [
"${var.environment_name}-k8s-${var.region}",
"${var.environment_name}-k8s-${var.region}-nodes"
]
metadata = { metadata = {
disable-legacy-endpoints = "true" disable-legacy-endpoints = "true"
} }

View File

@ -8,6 +8,11 @@ output "project" {
value = var.project value = var.project
} }
output "zone" {
description = "GCloud Project ID"
value = var.zone
}
output "kubernetes_cluster_name" { output "kubernetes_cluster_name" {
description = "GKE Cluster Name" description = "GKE Cluster Name"
value = google_container_cluster.primary.name value = google_container_cluster.primary.name
@ -20,7 +25,7 @@ output "kubernetes_cluster_host" {
output "gcloud_gke_get_creds" { output "gcloud_gke_get_creds" {
description = "Command to get GKE credentials" description = "Command to get GKE credentials"
value = "gcloud container clusters get-credentials ${google_container_cluster.primary.name} --region ${var.region} --project ${var.project}" value = "gcloud container clusters get-credentials ${google_container_cluster.primary.name} --region ${google_container_cluster.primary.location} --project ${var.project}"
} }
output "gcloud_vpc_link" { output "gcloud_vpc_link" {

View File

@ -1,5 +1,10 @@
data "google_client_config" "primary" {} data "google_client_config" "primary" {}
provider "google" {
project = var.project
region = var.region
}
provider "kubernetes" { provider "kubernetes" {
host = "https://${google_container_cluster.primary.endpoint}" host = "https://${google_container_cluster.primary.endpoint}"
token = data.google_client_config.primary.access_token token = data.google_client_config.primary.access_token

View File

@ -26,8 +26,3 @@ variable "zone" {
description = "The region to host the cluster in" description = "The region to host the cluster in"
default = "us-central1-b" default = "us-central1-b"
} }
variable "gke_num_nodes" {
default = 1
description = "number of gke nodes"
}

10
vpc.tf
View File

@ -1,19 +1,19 @@
provider "google" { # https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork
resource "google_project_service" "service_networking" {
service = "servicenetworking.googleapis.com"
project = var.project project = var.project
region = var.region
} }
# VPC
resource "google_compute_network" "vpc" { resource "google_compute_network" "vpc" {
name = "${var.project}-vpc" name = "${var.project}-vpc"
auto_create_subnetworks = "false" auto_create_subnetworks = "false"
} }
# Subnet
resource "google_compute_subnetwork" "subnet" { resource "google_compute_subnetwork" "subnet" {
name = "${var.project}-subnet" name = "${var.project}-subnet"
region = var.region region = var.region
network = google_compute_network.vpc.name network = google_compute_network.vpc.name
ip_cidr_range = "10.10.0.0/24" ip_cidr_range = "10.0.0.0/14"
private_ip_google_access = true private_ip_google_access = true
depends_on = [google_compute_network.vpc]
} }