From 9dc13dff23b606704428a677aa9c369ea0d44649 Mon Sep 17 00:00:00 2001 From: garland Date: Tue, 6 Aug 2019 13:56:26 -0700 Subject: [PATCH] Adding gke nodepool module and usage Signed-off-by: garland --- .../dev/gcp/nodepools/pool-1/terraform.tfvars | 35 +++++++++ tf-modules/gcp/nodepool/README.md | 18 +++++ tf-modules/gcp/nodepool/main.tf | 48 ++++++++++++ tf-modules/gcp/nodepool/outputs.tf | 23 ++++++ tf-modules/gcp/nodepool/vars.tf | 73 +++++++++++++++++++ 5 files changed, 197 insertions(+) create mode 100644 tf-environments/dev/gcp/nodepools/pool-1/terraform.tfvars create mode 100644 tf-modules/gcp/nodepool/README.md create mode 100644 tf-modules/gcp/nodepool/main.tf create mode 100644 tf-modules/gcp/nodepool/outputs.tf create mode 100644 tf-modules/gcp/nodepool/vars.tf diff --git a/tf-environments/dev/gcp/nodepools/pool-1/terraform.tfvars b/tf-environments/dev/gcp/nodepools/pool-1/terraform.tfvars new file mode 100644 index 000000000..0f25b8454 --- /dev/null +++ b/tf-environments/dev/gcp/nodepools/pool-1/terraform.tfvars @@ -0,0 +1,35 @@ +terragrunt = { + terraform { + source = "../../../../../tf-modules/gcp/nodepool/" + } + include { + path = "${find_in_parent_folders()}" + } +} + +region = "us-central1" +project_name = "managedkube" +cluster_name = "dev" +node_pool_name = "pool-1" + +initial_node_count = "1" +min_node_count = "0" +max_node_count = "3" +machine_type = "n1-standard-1" +disk_size_gb = "10" + +image_type = "COS" + +oauth_scopes = [ + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/logging.write", +] + +tags = [ + "private-subnet" +] + +labels = { +} + +taints = [] diff --git a/tf-modules/gcp/nodepool/README.md b/tf-modules/gcp/nodepool/README.md new file mode 100644 index 000000000..125b9e49d --- /dev/null +++ b/tf-modules/gcp/nodepool/README.md @@ -0,0 +1,18 @@ +# GCP Private GKE VPC module + +This module is used to set up a VPC as well as a few basic networking components +for a private GKE cluster with no public IPs on the GKE master and nodes. This module +should be restricted to content that is considered 'core' to setting up a VPC and basic subnets, +in most cases additional networking logic (e.g. firewall rules, routes) will need to be created on top +of this. + +This module sets up the following resources: + +- A VPC (known as a google_compute_network) +- A public subnet and a private subnet, each of which is allocated a /24 subnet +- Secondary IP ranges that are required for a private GKE cluster +- A reserved IP address for a NAT instance +- A NAT instance +- A firewall rule allowing ssh traffic from a bastion server +- A firewall rule for the NAT to allow passthrough traffic +- A route for instances on the private subnet to proxy traffic through the NAT diff --git a/tf-modules/gcp/nodepool/main.tf b/tf-modules/gcp/nodepool/main.tf new file mode 100644 index 000000000..c043a7eef --- /dev/null +++ b/tf-modules/gcp/nodepool/main.tf @@ -0,0 +1,48 @@ +terraform { + backend "s3" {} +} + +provider "google-beta" { + region = "${var.region}" + project = "${var.project_name}" + credentials = "${file("${var.credentials_file_path}")}" + version = "~> 2.10.0" +} + +resource "google_container_node_pool" "node_nodes" { + provider = "google-beta" + name = "${var.node_pool_name}" + location = "${var.region}" + cluster = "${var.cluster_name}" + node_count = "${var.initial_node_count}" + autoscaling = { + min_node_count = "${var.min_node_count}" + max_node_count = "${var.max_node_count}" + } + + management { + auto_upgrade = false + auto_repair = true + } + + node_config { + preemptible = "${var.is_preemtible}" + machine_type = "${var.machine_type}" + + disk_size_gb = "${var.disk_size_gb}" + disk_type = "${var.disk_type}" + + metadata = { + disable-legacy-endpoints = "true" + } + + oauth_scopes = "${var.oauth_scopes}" + + labels = "${var.labels}" + + tags = "${var.tags}" + + taint = "${var.taints}" + + } +} diff --git a/tf-modules/gcp/nodepool/outputs.tf b/tf-modules/gcp/nodepool/outputs.tf new file mode 100644 index 000000000..f07ebda5c --- /dev/null +++ b/tf-modules/gcp/nodepool/outputs.tf @@ -0,0 +1,23 @@ +# output "network_name" { +# value = "${google_compute_network.main.name}" +# } + +# output "network" { +# value = "${google_compute_network.main.self_link}" +# } +# +# output "private_subnet_name" { +# value = "${google_compute_subnetwork.private_subnet.name}" +# } +# +# output "public_subnet_name" { +# value = "${google_compute_subnetwork.public_subnet.name}" +# } +# +# output "private_subnet_cidr" { +# value = "${google_compute_subnetwork.private_subnet.ip_cidr_range}" +# } +# +# output "public_subnet_cidr" { +# value = "${google_compute_subnetwork.public_subnet.ip_cidr_range}" +# } diff --git a/tf-modules/gcp/nodepool/vars.tf b/tf-modules/gcp/nodepool/vars.tf new file mode 100644 index 000000000..19dca6679 --- /dev/null +++ b/tf-modules/gcp/nodepool/vars.tf @@ -0,0 +1,73 @@ +variable "project_name" { + description = "The GCP project name" +} + +variable "region" { + description = "The region to launch the vpc in." +} + +variable "credentials_file_path" { + description = "A local path to a service account json credentials file." +} + +variable "cluster_name" {} + +variable "oauth_scopes" { + type = "list" + default = [] +} + +variable "labels" { + type = "map" + default = {} +} + +variable "tags" { + type = "list" + default = [] +} + +variable "taints" { + type = "list" + default = [] +} + +variable "node_version" { + default = "1.7.6" +} + +variable "machine_type" { + default = "n1-standard-1" +} + +variable "disk_size_gb" { + default = "10" +} + +variable "disk_type" { + default = "pd-standard" +} + +variable "image_type" { + default = "COS" +} + +variable "initial_node_count" { + default = "1" +} + +variable "node_pool_name" { + default = "custom_nodepool" +} + +variable "min_node_count" { + default = "0" +} + +variable "max_node_count" { + default = "3" +} + +variable "is_preemtible" { + default = "false" +}