Adding gke nodepool module and usage

Signed-off-by: garland <[email protected]>
ManagedKube · Aug 6, 2019 · 9dc13df · 9dc13df
1 parent 2935def
commit 9dc13df
Show file tree

Hide file tree

Showing 5 changed files with 197 additions and 0 deletions.
diff --git a/tf-environments/dev/gcp/nodepools/pool-1/terraform.tfvars b/tf-environments/dev/gcp/nodepools/pool-1/terraform.tfvars
@@ -0,0 +1,35 @@
+terragrunt = {
+  terraform {
+    source = "../../../../../tf-modules/gcp/nodepool/"
+  }
+  include {
+    path = "${find_in_parent_folders()}"
+  }
+}
+
+region = "us-central1"
+project_name = "managedkube"
+cluster_name = "dev"
+node_pool_name = "pool-1"
+
+initial_node_count = "1"
+min_node_count = "0"
+max_node_count = "3"
+machine_type = "n1-standard-1"
+disk_size_gb = "10"
+
+image_type = "COS"
+
+oauth_scopes = [
+  "https://www.googleapis.com/auth/monitoring",
+  "https://www.googleapis.com/auth/logging.write",
+]
+
+tags = [
+  "private-subnet"
+]
+
+labels = {
+}
+
+taints = []
diff --git a/tf-modules/gcp/nodepool/README.md b/tf-modules/gcp/nodepool/README.md
@@ -0,0 +1,18 @@
+# GCP Private GKE VPC module
+
+This module is used to set up a VPC as well as a few basic networking components
+for a private GKE cluster with no public IPs on the GKE master and nodes.  This module
+should be restricted to content that is considered 'core' to setting up a VPC and basic subnets,
+in most cases additional networking logic (e.g. firewall rules, routes) will need to be created on top
+of this.
+
+This module sets up the following resources:
+
+- A VPC (known as a google_compute_network)
+- A public subnet and a private subnet, each of which is allocated a /24 subnet
+- Secondary IP ranges that are required for a private GKE cluster
+- A reserved IP address for a NAT instance
+- A NAT instance
+- A firewall rule allowing ssh traffic from a bastion server
+- A firewall rule for the NAT to allow passthrough traffic
+- A route for instances on the private subnet to proxy traffic through the NAT
diff --git a/tf-modules/gcp/nodepool/main.tf b/tf-modules/gcp/nodepool/main.tf
@@ -0,0 +1,48 @@
+terraform {
+  backend "s3" {}
+}
+
+provider "google-beta" {
+  region      = "${var.region}"
+  project     = "${var.project_name}"
+  credentials = "${file("${var.credentials_file_path}")}"
+  version     = "~> 2.10.0"
+}
+
+resource "google_container_node_pool" "node_nodes" {
+  provider = "google-beta"
+  name       = "${var.node_pool_name}"
+  location   = "${var.region}"
+  cluster    = "${var.cluster_name}"
+  node_count = "${var.initial_node_count}"
+  autoscaling = {
+    min_node_count = "${var.min_node_count}"
+    max_node_count = "${var.max_node_count}"
+  }
+
+  management {
+    auto_upgrade = false
+    auto_repair = true
+  }
+
+  node_config {
+    preemptible  = "${var.is_preemtible}"
+    machine_type = "${var.machine_type}"
+
+    disk_size_gb = "${var.disk_size_gb}"
+    disk_type = "${var.disk_type}"
+
+    metadata = {
+      disable-legacy-endpoints = "true"
+    }
+
+    oauth_scopes = "${var.oauth_scopes}"
+
+    labels = "${var.labels}"
+
+    tags = "${var.tags}"
+
+    taint = "${var.taints}"
+
+  }
+}
diff --git a/tf-modules/gcp/nodepool/outputs.tf b/tf-modules/gcp/nodepool/outputs.tf
@@ -0,0 +1,23 @@
+# output "network_name" {
+#   value = "${google_compute_network.main.name}"
+# }
+
+# output "network" {
+#   value = "${google_compute_network.main.self_link}"
+# }
+#
+# output "private_subnet_name" {
+#   value = "${google_compute_subnetwork.private_subnet.name}"
+# }
+#
+# output "public_subnet_name" {
+#   value = "${google_compute_subnetwork.public_subnet.name}"
+# }
+#
+# output "private_subnet_cidr" {
+#   value = "${google_compute_subnetwork.private_subnet.ip_cidr_range}"
+# }
+#
+# output "public_subnet_cidr" {
+#   value = "${google_compute_subnetwork.public_subnet.ip_cidr_range}"
+# }
diff --git a/tf-modules/gcp/nodepool/vars.tf b/tf-modules/gcp/nodepool/vars.tf
@@ -0,0 +1,73 @@
+variable "project_name" {
+  description = "The GCP project name"
+}
+
+variable "region" {
+  description = "The region to launch the vpc in."
+}
+
+variable "credentials_file_path" {
+  description = "A local path to a service account json credentials file."
+}
+
+variable "cluster_name" {}
+
+variable "oauth_scopes" {
+  type = "list"
+  default = []
+}
+
+variable "labels" {
+  type = "map"
+  default = {}
+}
+
+variable "tags" {
+  type = "list"
+  default = []
+}
+
+variable "taints" {
+  type = "list"
+  default = []
+}
+
+variable "node_version" {
+  default = "1.7.6"
+}
+
+variable "machine_type" {
+  default = "n1-standard-1"
+}
+
+variable "disk_size_gb" {
+  default = "10"
+}
+
+variable "disk_type" {
+  default = "pd-standard"
+}
+
+variable "image_type" {
+  default = "COS"
+}
+
+variable "initial_node_count" {
+  default = "1"
+}
+
+variable "node_pool_name" {
+  default = "custom_nodepool"
+}
+
+variable "min_node_count" {
+  default = "0"
+}
+
+variable "max_node_count" {
+  default = "3"
+}
+
+variable "is_preemtible" {
+  default = "false"
+}