diff --git a/docs/cidr-ranges.md b/docs/cidr-ranges.md index c8b392e7d..5b37c946d 100644 --- a/docs/cidr-ranges.md +++ b/docs/cidr-ranges.md @@ -12,7 +12,6 @@ http://www.subnet-calculator.com/cidr.php | Name | CIDR | |-----------------------------------|---------------| | docker0 | 172.26.0.0/16 | -| Kubernetes aws - dev-example | 10.9.0.0/16 | | Kubernetes aws - dev | 10.10.0.0/16 | | Kubernetes aws - qa | 10.11.0.0/16 | | Kubernetes aws - staging | 10.12.0.0/16 | @@ -55,3 +54,6 @@ be applied to any of the above CIDRs. | GKE master CIDR block | 10.xx.22.0/28 | 10.xx.22.0 - 10.xx.22.15 | | GKE pod CIDR range | 10.xx.64.0/19 | 10.xx.64.0 - 10.xx.95.255 | | GKE service CIDR range | 10.xx.96.0/19 | 10.xx.96.0 - 10.xx.127.255 | +| Transit Gateway - subnet1 | 10.xx.104.16/28 | 10.xx.104.16 - 10.xx.104.31 | +| Transit Gateway - subnet2 | 10.xx.104.32/28 | 10.xx.104.32 - 10.xx.104.47 | +| Transit Gateway - subnet3 | 10.xx.104.48/28 | 10.xx.104.48 - 10.xx.104.63 | \ No newline at end of file diff --git a/ops/vpc.sh b/ops/vpc.sh index 8d3c96a0b..f6c074486 100755 --- a/ops/vpc.sh +++ b/ops/vpc.sh @@ -54,14 +54,14 @@ create() exit 1 fi - if [ ! -f ../tf-environments/${cloud}/${vpc_name}/${vpc_name}/vpc/terragrunt.hcl ]; then - echo "File does not exist: ../tf-environments/${cloud}/${vpc_name}/${vpc_name}/vpc/terragrunt.hcl" + if [ ! -f ../tf-environments/${cloud}/${vpc_name}/vpc/terragrunt.hcl ]; then + echo "File does not exist: ../tf-environments/${cloud}/${vpc_name}/vpc/terragrunt.hcl" exit 1 fi echo "[INFO] Adding new VPC named: $vpc_name" - cd ../tf-environments/${cloud}/${vpc_name}/${vpc_name}/vpc/ + cd ../tf-environments/${cloud}/${vpc_name}/vpc/ terragrunt init terragrunt plan @@ -89,7 +89,7 @@ delete() { echo "[INFO] Deleting vpc named: ${vpc_name}" - cd ../tf-environments/${cloud}/${vpc_name}/${vpc_name}/vpc + cd ../tf-environments/${cloud}/${vpc_name}/vpc if [ "${dry_run}" == "false" ]; then echo "[INFO] Not a dry run" diff --git a/tf-environments/README.md b/tf-environments/README.md index 721b23a8f..cf4bcdd5b 100644 --- a/tf-environments/README.md +++ b/tf-environments/README.md @@ -1,32 +1,25 @@ Folder Layout ============== -This folder is here to hold all Terraform resources for our GCP deployments. +The folders are split into clouds. There is a folder for `aws` and another folder for `gcp`. The main reason for this is that the state store configurations are a little different for each of these clouds. To keep everything "DRY" it is easier to split them up by clouds instead of by the environment it is. -# ./gcp folder -This folder holds each named environment we have: dev, qa, stage, prod, special-project, etc +# AWS -This can hold any number of environments - -# ./gcp/ -Under the named environment folder we have another folder that is named exactly the same. Yes, this is a little redundant and not too DRY but let me explain why this is done. - -In the folder `./gcp//` folder we have a `terragrunt.hcl` file that holds the state store information: +In the `aws` folder there is a `terragrunt.hcl` file the puts the state store into: ``` -remote_state { - backend = "gcs" - config = { - bucket = "kubernetes-ops-terraform-state-${get_env("STATE_STORE_UNIQUE_KEY", "default-value-1234")}" - prefix = path_relative_to_include() - project = "managedkube" - location = "us-central1" - } -} +bucket = "kubernetes-ops-tf-state-${get_aws_account_id()}-terraform-state" ``` -Creating a directory structure like this allows us to keep this file "DRY" and with no specific changes needed for it besides the `project` var if you wanted to store the state in another GCP project. +S3 buckets has to be globally unique accross all of their customers. The `terragrunt.hcl` file is set to get the current AWS account number and put it in the bucket name making it unique. For most cases this should work well. + +Usually you would use new account for dev, qa, and prod. This means launching those environments, it would put the state store in the correct account's S3 bucket with the accounts ID in the bucket name. -The alternative is to hold this file in each of the top level named environment dir and then set the `prefix` with the environment name. However, this means that if I create another environment I have to copy this file over to that directory and remember to change the environment name in the `prefix` variable. While I like that idea, I have seen many times when someone creates a new environment they don't chane that var and then start overwritting another environment's state store. With this method, the environment name (which is the directory name) is always there and in the GCS bucket that means these paths will always be unique because on your local file system you cannot create a folder name with the same name. +# GCP +In the `gcp` folder there is a `terragrunt.hcl` file that puts the state store into: + +``` +bucket = "kubernetes-ops-terraform-state-${get_env("STATE_STORE_UNIQUE_KEY", "default-value-1234")}" +``` -Another thing that this provide us is a way to keep the state store in another GCP project. Your pre-production infra might be in one GCP project and your production infra could be in another project. This allows us to specify which project to target. +Terragrunt does not provide us with a handy function to get the account or project id. We have to set that as a unique key. A good key to use would be the project name or the ID. You have to export the variable to your environment: `STATE_STORE_UNIQUE_KEY` diff --git a/tf-environments/aws/dev/dev/rds/terragrunt.hcl b/tf-environments/aws/dev/rds/terragrunt.hcl similarity index 94% rename from tf-environments/aws/dev/dev/rds/terragrunt.hcl rename to tf-environments/aws/dev/rds/terragrunt.hcl index 4e536cfe0..8887a8151 100644 --- a/tf-environments/aws/dev/dev/rds/terragrunt.hcl +++ b/tf-environments/aws/dev/rds/terragrunt.hcl @@ -3,7 +3,7 @@ include { } terraform { - source = "../../../../../tf-modules/aws/rds/" + source = "../../../../tf-modules/aws/rds/" } dependency "vpc" { diff --git a/tf-environments/aws/dev/dev/vpc/terragrunt.hcl b/tf-environments/aws/dev/vpc/terragrunt.hcl similarity index 83% rename from tf-environments/aws/dev/dev/vpc/terragrunt.hcl rename to tf-environments/aws/dev/vpc/terragrunt.hcl index 416452a60..ee7f61e51 100644 --- a/tf-environments/aws/dev/dev/vpc/terragrunt.hcl +++ b/tf-environments/aws/dev/vpc/terragrunt.hcl @@ -3,13 +3,13 @@ include { } terraform { - source = "../../../../../tf-modules/aws/vpc/" + source = "../../../../tf-modules/aws/vpc/" extra_arguments "common_vars" { commands = get_terraform_commands_that_need_vars() arguments = [ - "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/aws.tfvars", + "-var-file=${get_terragrunt_dir()}/../_env_defaults/aws.tfvars", ] } } diff --git a/tf-environments/aws/dev/terragrunt.hcl b/tf-environments/aws/terragrunt.hcl similarity index 100% rename from tf-environments/aws/dev/terragrunt.hcl rename to tf-environments/aws/terragrunt.hcl diff --git a/tf-environments/gcp/dev/_env_defaults/gcp.tfvars b/tf-environments/gcp/dev/_env_defaults/gcp.tfvars new file mode 100644 index 000000000..6e2e8513b --- /dev/null +++ b/tf-environments/gcp/dev/_env_defaults/gcp.tfvars @@ -0,0 +1,2 @@ +region = "us-central1" +project_name = "managedkube" diff --git a/tf-environments/gcp/dev/dev/cluster/terragrunt.hcl b/tf-environments/gcp/dev/cluster/terragrunt.hcl similarity index 100% rename from tf-environments/gcp/dev/dev/cluster/terragrunt.hcl rename to tf-environments/gcp/dev/cluster/terragrunt.hcl diff --git a/tf-environments/gcp/dev/dev/networking/terragrunt.hcl b/tf-environments/gcp/dev/networking/terragrunt.hcl similarity index 100% rename from tf-environments/gcp/dev/dev/networking/terragrunt.hcl rename to tf-environments/gcp/dev/networking/terragrunt.hcl diff --git a/tf-environments/gcp/dev/dev/nodepools/pool-1/terragrunt.hcl b/tf-environments/gcp/dev/nodepools/pool-1/terragrunt.hcl similarity index 100% rename from tf-environments/gcp/dev/dev/nodepools/pool-1/terragrunt.hcl rename to tf-environments/gcp/dev/nodepools/pool-1/terragrunt.hcl diff --git a/tf-environments/gcp/dev/dev/nodepools/pool-2/terragrunt.hcl b/tf-environments/gcp/dev/nodepools/pool-2/terragrunt.hcl similarity index 100% rename from tf-environments/gcp/dev/dev/nodepools/pool-2/terragrunt.hcl rename to tf-environments/gcp/dev/nodepools/pool-2/terragrunt.hcl diff --git a/tf-environments/gcp/dev/terragrunt.hcl b/tf-environments/gcp/terragrunt.hcl similarity index 100% rename from tf-environments/gcp/dev/terragrunt.hcl rename to tf-environments/gcp/terragrunt.hcl