GCP - dev env re-organization (#59)

* Reorganizing the gcp dev items

Signed-off-by: gar <[email protected]>

* Adding readme

Signed-off-by: gar <[email protected]>

tf-environments/gcp/README.md

@@ -0,0 +1,32 @@
+Folder Layout
+==============
+
+This folder is here to hold all Terraform resources for our GCP deployments.
+
+# ./gcp folder
+This folder holds each named environment we have: dev, qa, stage, prod, special-project, etc
+
+This can hold any number of environments
+
+# ./gcp/<environment name>
+Under the named environment folder we have another folder that is named exactly the same.  Yes, this is a little redundant and not too DRY but let me explain why this is done.
+
+In the folder `./gcp/<environment name>/` folder we have a `terragrunt.hcl` file that holds the state store information:
+
+```
+remote_state {
+  backend = "gcs"
+  config = {
+    bucket = "kubernetes-ops-terraform-state-${get_env("STATE_STORE_UNIQUE_KEY", "default-value-1234")}"
+    prefix  = path_relative_to_include()
+    project = "managedkube"
+    location = "us-central1"
+  }
+}
+```
+
+Creating a directory structure like this allows us to keep this file "DRY" and with no specific changes needed for it besides the `project` var if you wanted to store the state in another GCP project.
+
+The alternative is to hold this file in each of the top level named environment dir and then set the `prefix` with the environment name.  However, this means that if I create another environment I have to copy this file over to that directory and remember to change the environment name in the `prefix` variable.  While I like that idea, I have seen many times when someone creates a new environment they don't chane that var and then start overwritting another environment's state store.  With this method, the environment name (which is the directory name) is always there and in the GCS bucket that means these paths will always be unique because on your local file system you cannot create a folder name with the same name.
+
+Another thing that this provide us is a way to keep the state store in another GCP project.  Your pre-production infra might be in one GCP project and your production infra could be in another project.  This allows us to specify which project to target.

tf-environments/gcp/dev/dev/cluster/terragrunt.hcl

@@ -0,0 +1,58 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../tf-modules/gcp/private-gke-cluster/"
+}
+
+inputs = {
+  vpc_name = "dev"
+  network_name = "dev"
+  cluster_name = "dev"
+
+  enable_private_kube_master_endpoint = false
+
+  oauth_scopes = [
+    "compute-rw",
+    "storage-rw",
+    "logging-write",
+    "monitoring"
+  ]
+
+  tags = ["dev"]
+
+  labels = {}
+
+  taints = []
+
+  node_version = "1.13.11-gke.14"
+  machine_type = "n1-standard-4"
+  image_type = "COS"
+  disk_size_gb = "20"
+  initial_node_count = "1"
+
+  master_ipv4_cidr_block="10.20.22.0/28"
+
+  pods_ip_cidr_range="10.20.64.0/19"
+  services_ip_cidr_range="10.20.96.0/19"
+  # pods_ip_cidr_range="10.30.10.0/16"
+  # services_ip_cidr_range="10.30.11.0/16"
+
+  master_authorized_networks_cidr = [
+    { cidr_block = "10.0.0.0/8", display_name = "10x" },
+    { cidr_block = "172.16.0.0/12", display_name = "172x" },
+    { cidr_block = "192.168.0.0/16", display_name = "192x" },
+    { cidr_block = "38.30.8.138/32", display_name = "home" },
+    { cidr_block = "35.222.67.76/32", display_name = "gar-vpn" },
+  ]
+
+
+  #####################
+  # networking
+  #####################
+  public_subnet_cidr_range = "10.20.11.0/24"
+  private_subnet_cidr_range = "10.20.21.0/24"
+
+  outbound_through_nat_tags=["private-subnet", "gke-private-nodes"]
+}

tf-environments/gcp/dev/dev/networking/terragrunt.hcl

@@ -0,0 +1,26 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../tf-modules/gcp/vpc/"
+}
+
+inputs = {
+  # region = "us-central1" # specified in ../_env_defaults/gcp.tfars
+  bastion_region_zone = "us-central1-b"
+  // project_name = "managedkube"
+  vpc_name = "dev"
+
+  public_subnet_cidr_range = "10.20.10.0/24"
+  private_subnet_cidr_range = "10.20.20.0/24"
+
+  bastion_machine_type = "n1-standard-2"
+  bastion_image = "ubuntu-1810-cosmic-v20190628"
+  bastion_internal_ip = "10.20.10.253"
+
+  internal_services_bastion_cidr = "10.20.10.253/32"
+
+  outbound_through_bastion_tags=["private-subnet", "gke-private-nodes"]
+  outbound_through_nat_tags=["private-subnet", "gke-private-nodes"]
+}

tf-environments/gcp/dev/dev/nodepools/pool-1/terragrunt.hcl

@@ -0,0 +1,58 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../../tf-modules/gcp/nodepool/"
+}
+
+inputs = {
+
+  cluster_name = "dev"
+  node_pool_name = "pool-1"
+
+  initial_node_count = "3"
+  min_node_count = "0"
+  max_node_count = "50"
+  machine_type = "n1-standard-2"
+  disk_size_gb = "100"
+
+  image_type = "COS"
+
+  # These represent the "gke-defaults" scope list
+  oauth_scopes = [
+    "https://www.googleapis.com/auth/devstorage.read_only",
+    "https://www.googleapis.com/auth/logging.write",
+    "https://www.googleapis.com/auth/monitoring",
+    "https://www.googleapis.com/auth/service.management.readonly",
+    "https://www.googleapis.com/auth/servicecontrol",
+    "https://www.googleapis.com/auth/trace.append",
+  ]
+
+  # Kubernetes node labels
+  labels = {}
+  // {
+  //   foo = "bar",
+  //   foo2 = "bar2",
+  // }
+
+  # GCP node labels and firewall labels
+  tags = []
+  // ["foo", "bar"]
+
+  # Kubernetes taints
+  taints = []
+  // [
+  //   {
+  //     effect = "NO_SCHEDULE"
+  //     key    = "bar"
+  //     value  = "foo"
+  //   },
+  //   {
+  //     effect = "NO_SCHEDULE"
+  //     key    = "bar2"
+  //     value  = "foo2"
+  //   },
+  // ]
+
+}

tf-environments/gcp/dev/dev/nodepools/pool-2/terragrunt.hcl

@@ -0,0 +1,59 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../../tf-modules/gcp/nodepool/"
+}
+
+inputs = {
+
+  cluster_name = "dev"
+  node_pool_name = "pool-2"
+
+  initial_node_count = "1"
+  is_preemtible = true
+  min_node_count = "0"
+  max_node_count = "6"
+  machine_type = "n1-standard-8"
+  disk_size_gb = "100"
+
+  image_type = "COS"
+
+  # These represent the "gke-defaults" scope list
+  oauth_scopes = [
+    "https://www.googleapis.com/auth/devstorage.read_only",
+    "https://www.googleapis.com/auth/logging.write",
+    "https://www.googleapis.com/auth/monitoring",
+    "https://www.googleapis.com/auth/service.management.readonly",
+    "https://www.googleapis.com/auth/servicecontrol",
+    "https://www.googleapis.com/auth/trace.append",
+  ]
+
+  # Kubernetes node labels
+  labels = {}
+  // {
+  //   foo = "bar",
+  //   foo2 = "bar2",
+  // }
+
+  # GCP node labels and firewall labels
+  tags = []
+  // ["foo", "bar"]
+
+  # Kubernetes taints
+  taints = []
+  // [
+  //   {
+  //     effect = "NO_SCHEDULE"
+  //     key    = "bar"
+  //     value  = "foo"
+  //   },
+  //   {
+  //     effect = "NO_SCHEDULE"
+  //     key    = "bar2"
+  //     value  = "foo2"
+  //   },
+  // ]
+
+}

tf-environments/gcp/dev/terragrunt.hcl

@@ -0,0 +1,21 @@
+remote_state {
+  backend = "gcs"
+  config = {
+    bucket = "kubernetes-ops-terraform-state-${get_env("STATE_STORE_UNIQUE_KEY", "default-value-1234")}"
+    prefix  = path_relative_to_include()
+    project = "managedkube"
+    location = "us-central1"
+  }
+}
+
+terraform {
+  extra_arguments "common_vars" {
+    commands = get_terraform_commands_that_need_vars()
+
+     arguments = [
+      #  "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/gcp.tfvars",
+      # "-var-file=${get_terragrunt_dir()}/../_env_defaults/gcp.tfvars",
+      "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/gcp.tfvars",
+     ]
+  }
+}