From 48d8c4dfa1a635af7568e5c2dc9dc54269b99619 Mon Sep 17 00:00:00 2001 From: sekka1 <garlandk@gmail.com> Date: Sat, 18 Jan 2020 20:25:54 -0800 Subject: [PATCH] GCP - dev env re-organization (#59) * Reorganizing the gcp dev items Signed-off-by: gar <garlandk@gmail.com> * Adding readme Signed-off-by: gar <garlandk@gmail.com> --- tf-environments/gcp/README.md | 32 ++++++++++ .../gcp/dev/dev/cluster/terragrunt.hcl | 58 ++++++++++++++++++ .../gcp/dev/dev/networking/terragrunt.hcl | 26 ++++++++ .../dev/dev/nodepools/pool-1/terragrunt.hcl | 58 ++++++++++++++++++ .../dev/dev/nodepools/pool-2/terragrunt.hcl | 59 +++++++++++++++++++ tf-environments/gcp/dev/terragrunt.hcl | 21 +++++++ 6 files changed, 254 insertions(+) create mode 100644 tf-environments/gcp/README.md create mode 100644 tf-environments/gcp/dev/dev/cluster/terragrunt.hcl create mode 100644 tf-environments/gcp/dev/dev/networking/terragrunt.hcl create mode 100644 tf-environments/gcp/dev/dev/nodepools/pool-1/terragrunt.hcl create mode 100644 tf-environments/gcp/dev/dev/nodepools/pool-2/terragrunt.hcl create mode 100644 tf-environments/gcp/dev/terragrunt.hcl diff --git a/tf-environments/gcp/README.md b/tf-environments/gcp/README.md new file mode 100644 index 000000000..721b23a8f --- /dev/null +++ b/tf-environments/gcp/README.md @@ -0,0 +1,32 @@ +Folder Layout +============== + +This folder is here to hold all Terraform resources for our GCP deployments. + +# ./gcp folder +This folder holds each named environment we have: dev, qa, stage, prod, special-project, etc + +This can hold any number of environments + +# ./gcp/<environment name> +Under the named environment folder we have another folder that is named exactly the same. Yes, this is a little redundant and not too DRY but let me explain why this is done. + +In the folder `./gcp/<environment name>/` folder we have a `terragrunt.hcl` file that holds the state store information: + +``` +remote_state { + backend = "gcs" + config = { + bucket = "kubernetes-ops-terraform-state-${get_env("STATE_STORE_UNIQUE_KEY", "default-value-1234")}" + prefix = path_relative_to_include() + project = "managedkube" + location = "us-central1" + } +} +``` + +Creating a directory structure like this allows us to keep this file "DRY" and with no specific changes needed for it besides the `project` var if you wanted to store the state in another GCP project. + +The alternative is to hold this file in each of the top level named environment dir and then set the `prefix` with the environment name. However, this means that if I create another environment I have to copy this file over to that directory and remember to change the environment name in the `prefix` variable. While I like that idea, I have seen many times when someone creates a new environment they don't chane that var and then start overwritting another environment's state store. With this method, the environment name (which is the directory name) is always there and in the GCS bucket that means these paths will always be unique because on your local file system you cannot create a folder name with the same name. + +Another thing that this provide us is a way to keep the state store in another GCP project. Your pre-production infra might be in one GCP project and your production infra could be in another project. This allows us to specify which project to target. diff --git a/tf-environments/gcp/dev/dev/cluster/terragrunt.hcl b/tf-environments/gcp/dev/dev/cluster/terragrunt.hcl new file mode 100644 index 000000000..b7a587aea --- /dev/null +++ b/tf-environments/gcp/dev/dev/cluster/terragrunt.hcl @@ -0,0 +1,58 @@ +include { + path = find_in_parent_folders() +} + +terraform { + source = "../../../../../tf-modules/gcp/private-gke-cluster/" +} + +inputs = { + vpc_name = "dev" + network_name = "dev" + cluster_name = "dev" + + enable_private_kube_master_endpoint = false + + oauth_scopes = [ + "compute-rw", + "storage-rw", + "logging-write", + "monitoring" + ] + + tags = ["dev"] + + labels = {} + + taints = [] + + node_version = "1.13.11-gke.14" + machine_type = "n1-standard-4" + image_type = "COS" + disk_size_gb = "20" + initial_node_count = "1" + + master_ipv4_cidr_block="10.20.22.0/28" + + pods_ip_cidr_range="10.20.64.0/19" + services_ip_cidr_range="10.20.96.0/19" + # pods_ip_cidr_range="10.30.10.0/16" + # services_ip_cidr_range="10.30.11.0/16" + + master_authorized_networks_cidr = [ + { cidr_block = "10.0.0.0/8", display_name = "10x" }, + { cidr_block = "172.16.0.0/12", display_name = "172x" }, + { cidr_block = "192.168.0.0/16", display_name = "192x" }, + { cidr_block = "38.30.8.138/32", display_name = "home" }, + { cidr_block = "35.222.67.76/32", display_name = "gar-vpn" }, + ] + + + ##################### + # networking + ##################### + public_subnet_cidr_range = "10.20.11.0/24" + private_subnet_cidr_range = "10.20.21.0/24" + + outbound_through_nat_tags=["private-subnet", "gke-private-nodes"] +} diff --git a/tf-environments/gcp/dev/dev/networking/terragrunt.hcl b/tf-environments/gcp/dev/dev/networking/terragrunt.hcl new file mode 100644 index 000000000..4fbb1a415 --- /dev/null +++ b/tf-environments/gcp/dev/dev/networking/terragrunt.hcl @@ -0,0 +1,26 @@ +include { + path = find_in_parent_folders() +} + +terraform { + source = "../../../../../tf-modules/gcp/vpc/" +} + +inputs = { + # region = "us-central1" # specified in ../_env_defaults/gcp.tfars + bastion_region_zone = "us-central1-b" + // project_name = "managedkube" + vpc_name = "dev" + + public_subnet_cidr_range = "10.20.10.0/24" + private_subnet_cidr_range = "10.20.20.0/24" + + bastion_machine_type = "n1-standard-2" + bastion_image = "ubuntu-1810-cosmic-v20190628" + bastion_internal_ip = "10.20.10.253" + + internal_services_bastion_cidr = "10.20.10.253/32" + + outbound_through_bastion_tags=["private-subnet", "gke-private-nodes"] + outbound_through_nat_tags=["private-subnet", "gke-private-nodes"] +} diff --git a/tf-environments/gcp/dev/dev/nodepools/pool-1/terragrunt.hcl b/tf-environments/gcp/dev/dev/nodepools/pool-1/terragrunt.hcl new file mode 100644 index 000000000..d944cb97c --- /dev/null +++ b/tf-environments/gcp/dev/dev/nodepools/pool-1/terragrunt.hcl @@ -0,0 +1,58 @@ +include { + path = find_in_parent_folders() +} + +terraform { + source = "../../../../../../tf-modules/gcp/nodepool/" +} + +inputs = { + + cluster_name = "dev" + node_pool_name = "pool-1" + + initial_node_count = "3" + min_node_count = "0" + max_node_count = "50" + machine_type = "n1-standard-2" + disk_size_gb = "100" + + image_type = "COS" + + # These represent the "gke-defaults" scope list + oauth_scopes = [ + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/servicecontrol", + "https://www.googleapis.com/auth/trace.append", + ] + + # Kubernetes node labels + labels = {} + // { + // foo = "bar", + // foo2 = "bar2", + // } + + # GCP node labels and firewall labels + tags = [] + // ["foo", "bar"] + + # Kubernetes taints + taints = [] + // [ + // { + // effect = "NO_SCHEDULE" + // key = "bar" + // value = "foo" + // }, + // { + // effect = "NO_SCHEDULE" + // key = "bar2" + // value = "foo2" + // }, + // ] + +} diff --git a/tf-environments/gcp/dev/dev/nodepools/pool-2/terragrunt.hcl b/tf-environments/gcp/dev/dev/nodepools/pool-2/terragrunt.hcl new file mode 100644 index 000000000..12cee00e0 --- /dev/null +++ b/tf-environments/gcp/dev/dev/nodepools/pool-2/terragrunt.hcl @@ -0,0 +1,59 @@ +include { + path = find_in_parent_folders() +} + +terraform { + source = "../../../../../../tf-modules/gcp/nodepool/" +} + +inputs = { + + cluster_name = "dev" + node_pool_name = "pool-2" + + initial_node_count = "1" + is_preemtible = true + min_node_count = "0" + max_node_count = "6" + machine_type = "n1-standard-8" + disk_size_gb = "100" + + image_type = "COS" + + # These represent the "gke-defaults" scope list + oauth_scopes = [ + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/servicecontrol", + "https://www.googleapis.com/auth/trace.append", + ] + + # Kubernetes node labels + labels = {} + // { + // foo = "bar", + // foo2 = "bar2", + // } + + # GCP node labels and firewall labels + tags = [] + // ["foo", "bar"] + + # Kubernetes taints + taints = [] + // [ + // { + // effect = "NO_SCHEDULE" + // key = "bar" + // value = "foo" + // }, + // { + // effect = "NO_SCHEDULE" + // key = "bar2" + // value = "foo2" + // }, + // ] + +} diff --git a/tf-environments/gcp/dev/terragrunt.hcl b/tf-environments/gcp/dev/terragrunt.hcl new file mode 100644 index 000000000..36d41efd4 --- /dev/null +++ b/tf-environments/gcp/dev/terragrunt.hcl @@ -0,0 +1,21 @@ +remote_state { + backend = "gcs" + config = { + bucket = "kubernetes-ops-terraform-state-${get_env("STATE_STORE_UNIQUE_KEY", "default-value-1234")}" + prefix = path_relative_to_include() + project = "managedkube" + location = "us-central1" + } +} + +terraform { + extra_arguments "common_vars" { + commands = get_terraform_commands_that_need_vars() + + arguments = [ + # "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/gcp.tfvars", + # "-var-file=${get_terragrunt_dir()}/../_env_defaults/gcp.tfvars", + "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/gcp.tfvars", + ] + } +}