refactor readme and some cluster; add script for fetch cluster creds
This commit is contained in:
		
							parent
							
								
									b19f7f7cbc
								
							
						
					
					
						commit
						c355d27bb1
					
				|  | @ -57,7 +57,5 @@ terraform.* | ||||||
| *.tfvars | *.tfvars | ||||||
| flux-git-auth.yaml | flux-git-auth.yaml | ||||||
| 
 | 
 | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| # custom | # custom | ||||||
| _* | _* | ||||||
|  | @ -0,0 +1,55 @@ | ||||||
|  | # This file is maintained automatically by "tofu init". | ||||||
|  | # Manual edits may be lost in future updates. | ||||||
|  | 
 | ||||||
|  | provider "registry.opentofu.org/hashicorp/google" { | ||||||
|  |   version     = "5.27.0" | ||||||
|  |   constraints = "~> 5.27.0" | ||||||
|  |   hashes = [ | ||||||
|  |     "h1:cMRlEcTObLOVpFx09v3osbNtKayr2IIJFuhsRPdfrT4=", | ||||||
|  |     "zh:10dee695387df836c8f2a7e7f4609e3d3d910e8070cebf91bdd4e4449237191b", | ||||||
|  |     "zh:260a2bf30a5e0cbbb2a331a74561886df3d380be26beeb1f50a3cab829208eed", | ||||||
|  |     "zh:2a87013cb2a408b2d494e2e7a938d2c6df7ed85156a6fe6be47a84390c3e3162", | ||||||
|  |     "zh:443aa9b0637de3e20ff901a5e2e431d82bac80067eca3256d8792b4d069a9018", | ||||||
|  |     "zh:4eb358ad15b756993b36fa7ef70507b9ad3fefa7869ac6d483a83a9f8beaa5f7", | ||||||
|  |     "zh:5e8657fca3376d3b8f57aaa2ebf0575974f0d3af7448ad456ceae8364322362b", | ||||||
|  |     "zh:8bcf6fa7adcc375ffb293dc72ba4e1ee8ad39fbadf11d901bd413fa01de836c6", | ||||||
|  |     "zh:965d6df9bf7f0d85e0f61a9d7e5afdd389219e8b339ed241646ac292aedc839e", | ||||||
|  |     "zh:c573e6c6e84691bf1c7736c238290441b2be40038972230dcaa7adc48b74b316", | ||||||
|  |     "zh:eac4f56c4f3ddaead0a55d3b2016391578fdf3dea060b2ed32ac80974cd46b1d", | ||||||
|  |   ] | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | provider "registry.opentofu.org/hashicorp/helm" { | ||||||
|  |   version = "2.14.0" | ||||||
|  |   hashes = [ | ||||||
|  |     "h1:K1yXsEeNhW/7YVSvsv55UaFSx4hHeKB1giPuQUKmFfQ=", | ||||||
|  |     "zh:1c84ca8c274564c46497e89055139c7af64c9e1a8dd4f1cd4c68503ac1322fb8", | ||||||
|  |     "zh:211a763173934d30c2e49c0cc828b1e34a528b0fdec8bf48d2bb3afadd4f9095", | ||||||
|  |     "zh:3dca0b703a2f82d3e283a9e9ca6259a3b9897b217201f3cddf430009a1ca00c9", | ||||||
|  |     "zh:40c5cfd48dcef54e87129e19d31c006c2e3309ee6c09d566139eaf315a59a369", | ||||||
|  |     "zh:6f23c00ca1e2663e2a208a7491aa6dbe2604f00e0af7e23ef9323206e8f2fc81", | ||||||
|  |     "zh:77f8cfc4888600e0d12da137bbdb836de160db168dde7af26c2e44cf00cbf057", | ||||||
|  |     "zh:97b99c945eafa9bafc57c3f628d496356ea30312c3df8dfac499e0f3ff6bf0c9", | ||||||
|  |     "zh:a01cfc53e50d5f722dc2aabd26097a8e4d966d343ffd471034968c2dc7a8819d", | ||||||
|  |     "zh:b69c51e921fe8c91e38f4a82118d0b6b0f47f6c71a76f506fde3642ecbf39911", | ||||||
|  |     "zh:fb8bfc7b8106bef58cc5628c024103f0dd5276d573fe67ac16f343a2b38ecee8", | ||||||
|  |   ] | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | provider "registry.opentofu.org/hashicorp/kubernetes" { | ||||||
|  |   version     = "2.29.0" | ||||||
|  |   constraints = "~> 2.29.0" | ||||||
|  |   hashes = [ | ||||||
|  |     "h1:WcfXWA92IBkzQCGSv05Yb8Lped8kp7RRJEQIWG5nDTY=", | ||||||
|  |     "zh:2467de940f98ef5d3ed977a0f6b797962cd9ae6210ef706b8f6e6db23a0b3b99", | ||||||
|  |     "zh:480a2ccc9e1f3a444b6ebf836d87061002be00c54482be7180e090dddc47809e", | ||||||
|  |     "zh:4ce04ba31734813d6636b51b2346b8262253264033be2775d66e8298551c2dde", | ||||||
|  |     "zh:56b94fcd5ba65cae892fd64e831838369ae4615582c314eee73fa2e513689991", | ||||||
|  |     "zh:5a7e858dc3600e542182abcec9079e2f8741d1ba72114e87668ef64679e7191a", | ||||||
|  |     "zh:905b6eb78f19bd80b22c688af06130353977f77f313738c8e0cfc524e8550d4c", | ||||||
|  |     "zh:ccf5c3e7383d11785a735a0ce7751e4ff394b133aa5085857139eaec1d9a54c1", | ||||||
|  |     "zh:eb4e72d3abf937c283f702342eb1fc820b3dbfc743b1e24c84c3604c8fca1988", | ||||||
|  |     "zh:eea59cd51ef366269231cbfa5b77fc3b9fbebecfd6bca8dff27e5abd96188d92", | ||||||
|  |     "zh:f026a8b4fa2ca566c3d6cd9bfdd0dd58c0631e3d945b98a8ced0943aa27dd4bd", | ||||||
|  |   ] | ||||||
|  | } | ||||||
							
								
								
									
										21
									
								
								README.md
								
								
								
								
							
							
						
						
									
										21
									
								
								README.md
								
								
								
								
							|  | @ -1,7 +1,7 @@ | ||||||
| # How to use repo | # How to use repo | ||||||
| 
 | 
 | ||||||
| 1. Create `terraform.tfvars` file with a few variables | 1. Create `terraform.tfvars` file with a few variables | ||||||
| ```bash | ```shell | ||||||
| project          = "gcp-project" | project          = "gcp-project" | ||||||
| region           = "europe-west1" | region           = "europe-west1" | ||||||
| environment_name = "demo" | environment_name = "demo" | ||||||
|  | @ -11,7 +11,7 @@ environment_name = "demo" | ||||||
| All commands will be applied via Terraform 1.7.0 and via OpenTofu, the same version. | All commands will be applied via Terraform 1.7.0 and via OpenTofu, the same version. | ||||||
| 
 | 
 | ||||||
| Here are OpenTofu commands. | Here are OpenTofu commands. | ||||||
| ```bash | ```shell | ||||||
| tofu init | tofu init | ||||||
| tofu apply | tofu apply | ||||||
| ``` | ``` | ||||||
|  | @ -19,18 +19,22 @@ tofu apply | ||||||
| 3. Get the credentials for the new cluster (configure kubeconfig) | 3. Get the credentials for the new cluster (configure kubeconfig) | ||||||
| 
 | 
 | ||||||
| You can see all useful commands and links in the output: | You can see all useful commands and links in the output: | ||||||
| ```bash | 
 | ||||||
|  | ```shell | ||||||
| tofu output | tofu output | ||||||
| ``` | ``` | ||||||
| 
 | 
 | ||||||
| There is a manual command: | There is a manual command: | ||||||
| ```bash | 
 | ||||||
| gcloud container clusters get-credentials $(tofu output -raw kubernetes_cluster_name) --region $(tofu output -raw region) --project $(tofu output -raw project) | ```shell | ||||||
|  | gcloud container clusters get-credentials $(tofu output -raw kubernetes_cluster_name) --region $(tofu output -raw zone) --project $(tofu output -raw project) | ||||||
| ``` | ``` | ||||||
| 
 | 
 | ||||||
|  | Or just use `./get-credentials.sh` | ||||||
|  | 
 | ||||||
| 4. Destroy all resources | 4. Destroy all resources | ||||||
| 
 | 
 | ||||||
| ```bash | ```shell | ||||||
| tofu destroy | tofu destroy | ||||||
| ``` | ``` | ||||||
| 
 | 
 | ||||||
|  | @ -48,6 +52,7 @@ tofu destroy | ||||||
| | Name | Version | | | Name | Version | | ||||||
| |------|---------| | |------|---------| | ||||||
| | <a name="provider_google"></a> [google](#provider\_google) | 5.27.0 | | | <a name="provider_google"></a> [google](#provider\_google) | 5.27.0 | | ||||||
|  | | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.29.0 | | ||||||
| 
 | 
 | ||||||
| ## Modules | ## Modules | ||||||
| 
 | 
 | ||||||
|  | @ -61,6 +66,8 @@ No modules. | ||||||
| | [google_compute_subnetwork.subnet](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource | | | [google_compute_subnetwork.subnet](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource | | ||||||
| | [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) | resource | | | [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) | resource | | ||||||
| | [google_container_node_pool.primary_nodes](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool) | resource | | | [google_container_node_pool.primary_nodes](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool) | resource | | ||||||
|  | | [google_project_service.service_networking](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_service) | resource | | ||||||
|  | | [kubernetes_namespace.demo-cluster](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | ||||||
| | [google_client_config.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source | | | [google_client_config.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source | | ||||||
| 
 | 
 | ||||||
| ## Inputs | ## Inputs | ||||||
|  | @ -68,7 +75,6 @@ No modules. | ||||||
| | Name | Description | Type | Default | Required | | | Name | Description | Type | Default | Required | | ||||||
| |------|-------------|------|---------|:--------:| | |------|-------------|------|---------|:--------:| | ||||||
| | <a name="input_environment_name"></a> [environment\_name](#input\_environment\_name) | n/a | `string` | `"demo"` | no | | | <a name="input_environment_name"></a> [environment\_name](#input\_environment\_name) | n/a | `string` | `"demo"` | no | | ||||||
| | <a name="input_gke_num_nodes"></a> [gke\_num\_nodes](#input\_gke\_num\_nodes) | number of gke nodes | `number` | `1` | no | |  | ||||||
| | <a name="input_project"></a> [project](#input\_project) | Google Project to create resources in | `string` | `"demo"` | no | | | <a name="input_project"></a> [project](#input\_project) | Google Project to create resources in | `string` | `"demo"` | no | | ||||||
| | <a name="input_region"></a> [region](#input\_region) | The region to host the cluster in | `string` | `"us-central1"` | no | | | <a name="input_region"></a> [region](#input\_region) | The region to host the cluster in | `string` | `"us-central1"` | no | | ||||||
| | <a name="input_vpc_host_project"></a> [vpc\_host\_project](#input\_vpc\_host\_project) | Host Project where virtual network exists | `string` | `"demo"` | no | | | <a name="input_vpc_host_project"></a> [vpc\_host\_project](#input\_vpc\_host\_project) | Host Project where virtual network exists | `string` | `"demo"` | no | | ||||||
|  | @ -85,4 +91,5 @@ No modules. | ||||||
| | <a name="output_kubernetes_cluster_name"></a> [kubernetes\_cluster\_name](#output\_kubernetes\_cluster\_name) | GKE Cluster Name | | | <a name="output_kubernetes_cluster_name"></a> [kubernetes\_cluster\_name](#output\_kubernetes\_cluster\_name) | GKE Cluster Name | | ||||||
| | <a name="output_project"></a> [project](#output\_project) | GCloud Project ID | | | <a name="output_project"></a> [project](#output\_project) | GCloud Project ID | | ||||||
| | <a name="output_region"></a> [region](#output\_region) | GCloud Region | | | <a name="output_region"></a> [region](#output\_region) | GCloud Region | | ||||||
|  | | <a name="output_zone"></a> [zone](#output\_zone) | GCloud Project ID | | ||||||
| <!-- END_TF_DOCS --> | <!-- END_TF_DOCS --> | ||||||
|  |  | ||||||
|  | @ -0,0 +1,6 @@ | ||||||
|  | resource "kubernetes_namespace" "demo-cluster" { | ||||||
|  |   metadata { | ||||||
|  |     name = "demo-cluster" | ||||||
|  |   } | ||||||
|  |   depends_on = [google_container_node_pool.primary_nodes] | ||||||
|  | } | ||||||
							
								
								
									
										5
									
								
								flux.tf
								
								
								
								
							
							
						
						
									
										5
									
								
								flux.tf
								
								
								
								
							|  | @ -1,5 +0,0 @@ | ||||||
| # resource "kubernetes_namespace" "flux-system" { |  | ||||||
| #   metadata { |  | ||||||
| #     name = "flux-system" |  | ||||||
| #   } |  | ||||||
| # } |  | ||||||
|  | @ -0,0 +1,2 @@ | ||||||
|  | #!/bin/bash | ||||||
|  | gcloud container clusters get-credentials $(tofu output -raw kubernetes_cluster_name) --region $(tofu output -raw zone) --project $(tofu output -raw project) | ||||||
							
								
								
									
										19
									
								
								gke.tf
								
								
								
								
							
							
						
						
									
										19
									
								
								gke.tf
								
								
								
								
							|  | @ -1,7 +1,6 @@ | ||||||
| # GKE cluster |  | ||||||
| resource "google_container_cluster" "primary" { | resource "google_container_cluster" "primary" { | ||||||
|   name     = "${var.project}-gke" |   name     = "${var.project}-gke" | ||||||
|   location = var.region |   location = var.zone | ||||||
| 
 | 
 | ||||||
|   # We can't create a cluster with no node pool defined, but we want to only use |   # We can't create a cluster with no node pool defined, but we want to only use | ||||||
|   # separately managed node pools. So we create the smallest possible default |   # separately managed node pools. So we create the smallest possible default | ||||||
|  | @ -13,18 +12,19 @@ resource "google_container_cluster" "primary" { | ||||||
|   subnetwork          = google_compute_subnetwork.subnet.name |   subnetwork          = google_compute_subnetwork.subnet.name | ||||||
|   deletion_protection = false # Use this only for study purposess |   deletion_protection = false # Use this only for study purposess | ||||||
|   depends_on          = [google_compute_network.vpc, google_compute_subnetwork.subnet] |   depends_on          = [google_compute_network.vpc, google_compute_subnetwork.subnet] | ||||||
|   # min_master_version = "1.26.5-gke.1200" |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # Separately Managed Node Pool |  | ||||||
| resource "google_container_node_pool" "primary_nodes" { | resource "google_container_node_pool" "primary_nodes" { | ||||||
|   name       = google_container_cluster.primary.name |   name       = google_container_cluster.primary.name | ||||||
|   location   = var.region |   location   = var.zone | ||||||
|   cluster    = google_container_cluster.primary.name |   cluster    = google_container_cluster.primary.name | ||||||
|   node_count = var.gke_num_nodes |   node_count = 1 | ||||||
| 
 | 
 | ||||||
|   node_config { |   node_config { | ||||||
|     oauth_scopes = [ |     oauth_scopes = [ | ||||||
|  |       "https://www.googleapis.com/auth/cloud-platform", | ||||||
|  |       "https://www.googleapis.com/auth/compute", | ||||||
|  |       "https://www.googleapis.com/auth/devstorage.read_only", | ||||||
|       "https://www.googleapis.com/auth/logging.write", |       "https://www.googleapis.com/auth/logging.write", | ||||||
|       "https://www.googleapis.com/auth/monitoring", |       "https://www.googleapis.com/auth/monitoring", | ||||||
|     ] |     ] | ||||||
|  | @ -34,8 +34,11 @@ resource "google_container_node_pool" "primary_nodes" { | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     preemptible  = true |     preemptible  = true | ||||||
|     machine_type = "custom-2-4096" # 1 core too low for Prometheus... |     machine_type = "n2-standard-8" | ||||||
|     tags         = ["gke-node", "${var.project}-gke"] |     tags = [ | ||||||
|  |       "${var.environment_name}-k8s-${var.region}", | ||||||
|  |       "${var.environment_name}-k8s-${var.region}-nodes" | ||||||
|  |     ] | ||||||
|     metadata = { |     metadata = { | ||||||
|       disable-legacy-endpoints = "true" |       disable-legacy-endpoints = "true" | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  | @ -8,6 +8,11 @@ output "project" { | ||||||
|   value       = var.project |   value       = var.project | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | output "zone" { | ||||||
|  |   description = "GCloud Project ID" | ||||||
|  |   value       = var.zone | ||||||
|  | } | ||||||
|  | 
 | ||||||
| output "kubernetes_cluster_name" { | output "kubernetes_cluster_name" { | ||||||
|   description = "GKE Cluster Name" |   description = "GKE Cluster Name" | ||||||
|   value       = google_container_cluster.primary.name |   value       = google_container_cluster.primary.name | ||||||
|  | @ -20,7 +25,7 @@ output "kubernetes_cluster_host" { | ||||||
| 
 | 
 | ||||||
| output "gcloud_gke_get_creds" { | output "gcloud_gke_get_creds" { | ||||||
|   description = "Command to get GKE credentials" |   description = "Command to get GKE credentials" | ||||||
|   value       = "gcloud container clusters get-credentials ${google_container_cluster.primary.name} --region ${var.region} --project ${var.project}" |   value       = "gcloud container clusters get-credentials ${google_container_cluster.primary.name} --region ${google_container_cluster.primary.location} --project ${var.project}" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| output "gcloud_vpc_link" { | output "gcloud_vpc_link" { | ||||||
|  |  | ||||||
|  | @ -1,5 +1,10 @@ | ||||||
| data "google_client_config" "primary" {} | data "google_client_config" "primary" {} | ||||||
| 
 | 
 | ||||||
|  | provider "google" { | ||||||
|  |   project = var.project | ||||||
|  |   region  = var.region | ||||||
|  | } | ||||||
|  | 
 | ||||||
| provider "kubernetes" { | provider "kubernetes" { | ||||||
|   host                   = "https://${google_container_cluster.primary.endpoint}" |   host                   = "https://${google_container_cluster.primary.endpoint}" | ||||||
|   token                  = data.google_client_config.primary.access_token |   token                  = data.google_client_config.primary.access_token | ||||||
|  |  | ||||||
|  | @ -26,8 +26,3 @@ variable "zone" { | ||||||
|   description = "The region to host the cluster in" |   description = "The region to host the cluster in" | ||||||
|   default     = "us-central1-b" |   default     = "us-central1-b" | ||||||
| } | } | ||||||
| 
 |  | ||||||
| variable "gke_num_nodes" { |  | ||||||
|   default     = 1 |  | ||||||
|   description = "number of gke nodes" |  | ||||||
| } |  | ||||||
|  |  | ||||||
							
								
								
									
										10
									
								
								vpc.tf
								
								
								
								
							
							
						
						
									
										10
									
								
								vpc.tf
								
								
								
								
							|  | @ -1,19 +1,19 @@ | ||||||
| provider "google" { | # https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork | ||||||
|  | resource "google_project_service" "service_networking" { | ||||||
|  |   service = "servicenetworking.googleapis.com" | ||||||
|   project = var.project |   project = var.project | ||||||
|   region  = var.region |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # VPC |  | ||||||
| resource "google_compute_network" "vpc" { | resource "google_compute_network" "vpc" { | ||||||
|   name                    = "${var.project}-vpc" |   name                    = "${var.project}-vpc" | ||||||
|   auto_create_subnetworks = "false" |   auto_create_subnetworks = "false" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # Subnet |  | ||||||
| resource "google_compute_subnetwork" "subnet" { | resource "google_compute_subnetwork" "subnet" { | ||||||
|   name                     = "${var.project}-subnet" |   name                     = "${var.project}-subnet" | ||||||
|   region                   = var.region |   region                   = var.region | ||||||
|   network                  = google_compute_network.vpc.name |   network                  = google_compute_network.vpc.name | ||||||
|   ip_cidr_range            = "10.10.0.0/24" |   ip_cidr_range            = "10.0.0.0/14" | ||||||
|   private_ip_google_access = true |   private_ip_google_access = true | ||||||
|  |   depends_on               = [google_compute_network.vpc] | ||||||
| } | } | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue