From 5945d17afa8e38c31c0e3d77f32b1f8a78028ce2 Mon Sep 17 00:00:00 2001 From: Ranyodh Singh Date: Fri, 25 Feb 2022 09:57:54 -0500 Subject: [PATCH 1/2] Example terraform scripts for installing MKE on GCP This is an example of terraform scripts that prepares a cluster on Google Cloud Platform to install Mirantis Kubernetes Engine. It creates following GCP resources: - A VPC with specified MTU (default value is 1500) and one subnetwork - Linux and Windows instances using public images provided by GCP - Firewall rules to allow internal and external traffic - A network load balancers for MKE and MSR that targets corresponding unmanaged instance group (along with health checks) MTU: The default MTU is set to 1500 (rather than the default 1460). This is to an issue where swarm services fails because Docker network uses 1500 as the default MTU. Known Issues: * MSR (Mirantis Secure Registry) installation fails due to invalid SSL certificate for the load balancer IP * Windows nodes does not work when it is assigned "Kubernetes" orchestration --- examples/terraform/README.md | 1 + .../terraform/azure/modules/master/main.tf | 1 + examples/terraform/gcp/README.md | 29 +++ examples/terraform/gcp/main.tf | 188 ++++++++++++++++++ examples/terraform/gcp/modules/common/main.tf | 60 ++++++ .../terraform/gcp/modules/common/outputs.tf | 11 + .../terraform/gcp/modules/common/variables.tf | 5 + .../terraform/gcp/modules/manager/main.tf | 90 +++++++++ .../terraform/gcp/modules/manager/outputs.tf | 15 ++ .../gcp/modules/manager/variables.tf | 29 +++ examples/terraform/gcp/modules/msr/main.tf | 61 ++++++ examples/terraform/gcp/modules/msr/outputs.tf | 15 ++ .../terraform/gcp/modules/msr/variables.tf | 29 +++ .../terraform/gcp/modules/networklb/main.tf | 30 +++ .../gcp/modules/networklb/outputs.tf | 5 + .../gcp/modules/networklb/variables.tf | 34 ++++ .../gcp/modules/networklb/versions.tf | 3 + examples/terraform/gcp/modules/vpc/main.tf | 15 ++ examples/terraform/gcp/modules/vpc/outputs.tf | 8 + .../terraform/gcp/modules/vpc/variables.tf | 10 + .../gcp/modules/windows_worker/main.tf | 129 ++++++++++++ .../gcp/modules/windows_worker/outputs.tf | 7 + .../gcp/modules/windows_worker/variables.tf | 31 +++ examples/terraform/gcp/modules/worker/main.tf | 32 +++ .../terraform/gcp/modules/worker/outputs.tf | 7 + .../terraform/gcp/modules/worker/variables.tf | 29 +++ examples/terraform/gcp/run.sh | 16 ++ .../terraform/gcp/terraform.tfvars.example | 6 + examples/terraform/gcp/variables.tf | 88 ++++++++ examples/terraform/gcp/versions.tf | 4 + 30 files changed, 988 insertions(+) create mode 100644 examples/terraform/gcp/README.md create mode 100644 examples/terraform/gcp/main.tf create mode 100644 examples/terraform/gcp/modules/common/main.tf create mode 100644 examples/terraform/gcp/modules/common/outputs.tf create mode 100644 examples/terraform/gcp/modules/common/variables.tf create mode 100644 examples/terraform/gcp/modules/manager/main.tf create mode 100644 examples/terraform/gcp/modules/manager/outputs.tf create mode 100644 examples/terraform/gcp/modules/manager/variables.tf create mode 100644 examples/terraform/gcp/modules/msr/main.tf create mode 100644 examples/terraform/gcp/modules/msr/outputs.tf create mode 100644 examples/terraform/gcp/modules/msr/variables.tf create mode 100644 examples/terraform/gcp/modules/networklb/main.tf create mode 100644 examples/terraform/gcp/modules/networklb/outputs.tf create mode 100644 examples/terraform/gcp/modules/networklb/variables.tf create mode 100644 examples/terraform/gcp/modules/networklb/versions.tf create mode 100644 examples/terraform/gcp/modules/vpc/main.tf create mode 100644 examples/terraform/gcp/modules/vpc/outputs.tf create mode 100644 examples/terraform/gcp/modules/vpc/variables.tf create mode 100644 examples/terraform/gcp/modules/windows_worker/main.tf create mode 100644 examples/terraform/gcp/modules/windows_worker/outputs.tf create mode 100644 examples/terraform/gcp/modules/windows_worker/variables.tf create mode 100644 examples/terraform/gcp/modules/worker/main.tf create mode 100644 examples/terraform/gcp/modules/worker/outputs.tf create mode 100644 examples/terraform/gcp/modules/worker/variables.tf create mode 100755 examples/terraform/gcp/run.sh create mode 100644 examples/terraform/gcp/terraform.tfvars.example create mode 100644 examples/terraform/gcp/variables.tf create mode 100644 examples/terraform/gcp/versions.tf diff --git a/examples/terraform/README.md b/examples/terraform/README.md index befccdb..3689a05 100644 --- a/examples/terraform/README.md +++ b/examples/terraform/README.md @@ -5,6 +5,7 @@ Working examples for using Terraform with Mirantis Launchpad. The scripts are pr * [AWS](aws/README.md), a complete infrastructure example including VPC, LB, security groups, and other settings. * [Azure](azure/README.md), a complete example including VNET, LB, network security rules, and other settings. +* [GCP](gcp/README.md), a complete example including VPC, Network/Subnetwork, LB, Firewall Rules and other settings. * [Hetzner](hetzner/README.md), a simple example with just a couple of VMs provisioned for an MKE cluster. * [OpenStack](openstack/README.md), a simple example with basic settings. * [VMware](vmware/README.md), a simple example using existing vSphere network. diff --git a/examples/terraform/azure/modules/master/main.tf b/examples/terraform/azure/modules/master/main.tf index f0a7940..63a47b1 100644 --- a/examples/terraform/azure/modules/master/main.tf +++ b/examples/terraform/azure/modules/master/main.tf @@ -317,6 +317,7 @@ EOF ssh_keys { path = "/home/ubuntu/.ssh/authorized_keys" key_data = var.ssh_key.public_key_openssh + } } diff --git a/examples/terraform/gcp/README.md b/examples/terraform/gcp/README.md new file mode 100644 index 0000000..fc1bf40 --- /dev/null +++ b/examples/terraform/gcp/README.md @@ -0,0 +1,29 @@ +# Bootstrapping MKE cluster on GCP + +This directory provides an example flow for using Mirantis Launchpad with Terraform and GCP. + +## Prerequisites + +* An account and credentials for GCP. +* Terraform [installed](https://learn.hashicorp.com/terraform/getting-started/install) + +## Authentication + +The Terraform `google` provider uses JSON key file for authentication. Download the JSON key file for a service account and place it in a secure location on your workstation. +See [here](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/getting_started#adding-credentials) for more information. + +The authentication credentials can be passed to `google` provider in two ways: +* Setting environment variable GOOGLE_APPLICATION_CREDENTIALS with JSON key location. +* Setting `gcp_service_credential` variable in `terraform.tfvars` file. + +## Steps + +1. Create terraform.tfvars file with needed details. You can use the provided terraform.tfvars.example as a baseline. +2. `terraform init` +3. `terraform apply` +4. `terraform output --raw mke_cluster | launchpad apply --config -` + + +## Notes + +1. Both RDP and WinRM ports are opened for Windows workers. \ No newline at end of file diff --git a/examples/terraform/gcp/main.tf b/examples/terraform/gcp/main.tf new file mode 100644 index 0000000..86e093a --- /dev/null +++ b/examples/terraform/gcp/main.tf @@ -0,0 +1,188 @@ +terraform { + required_providers { + google = { + source = "hashicorp/google" + version = "4.11.0" + } + } +} + +provider "google" { + credentials = var.gcp_service_credential + + project = var.project_id + region = var.gcp_region + zone = var.gcp_zone +} + +data "google_compute_zones" "available" { +} + +# If the zone is not specified, use the first zone from the available zones +locals { + zone = var.gcp_zone != "" ? var.gcp_zone : data.google_compute_zones.available.names[0] +} + +module "vpc" { + source = "./modules/vpc" + project_id = var.project_id + cluster_name = var.cluster_name + host_cidr = var.vpc_cidr + gcp_region = var.gcp_region + vpc_mtu = var.vpc_mtu +} + +module "common" { + source = "./modules/common" + project_id = var.project_id + cluster_name = var.cluster_name + vpc_name = module.vpc.vpc_name +} + +module "managers" { + source = "./modules/manager" + manager_count = var.manager_count + gcp_region = var.gcp_region + gcp_zone = local.zone + cluster_name = var.cluster_name + image_name = module.common.image_name + vpc_name = module.vpc.vpc_name + subnetwork_name = module.vpc.subnet_name + ssh_key = module.common.ssh_key +} + +module "msrs" { + source = "./modules/msr" + msr_count = var.msr_count + gcp_region = var.gcp_region + gcp_zone = local.zone + cluster_name = var.cluster_name + image_name = module.common.image_name + vpc_name = module.vpc.vpc_name + subnetwork_name = module.vpc.subnet_name + ssh_key = module.common.ssh_key +} + +module "workers" { + source = "./modules/worker" + worker_count = var.worker_count + gcp_region = var.gcp_region + gcp_zone = local.zone + cluster_name = var.cluster_name + vpc_name = module.vpc.vpc_name + subnetwork_name = module.vpc.subnet_name + image_name = module.common.image_name + ssh_key = module.common.ssh_key + worker_type = var.worker_type +} + +module "windows_workers" { + source = "./modules/windows_worker" + worker_count = var.windows_worker_count + gcp_zone = local.zone + cluster_name = var.cluster_name + vpc_name = module.vpc.vpc_name + subnetwork_name = module.vpc.subnet_name + image_name = module.common.windows_2019_image_name + ssh_key = module.common.ssh_key + worker_type = var.worker_type + windows_user = var.windows_user + windows_password = var.windows_password +} + +locals { + managers = [ + for host in module.managers.machines : { + ssh = { + address = host.network_interface.0.access_config.0.nat_ip + user = "ubuntu" + keyPath = "./ssh_keys/${var.cluster_name}.pem" + } + role = host.metadata["role"] + privateInterface = "ens4" + } + ] + msrs = [ + for host in module.msrs.machines : { + ssh = { + address = host.network_interface.0.access_config.0.nat_ip + user = "ubuntu" + keyPath = "./ssh_keys/${var.cluster_name}.pem" + } + role = host.metadata["role"] + privateInterface = "ens4" + } + ] + workers = [ + for host in module.workers.machines : { + ssh = { + address = host.network_interface.0.access_config.0.nat_ip + user = "ubuntu" + keyPath = "./ssh_keys/${var.cluster_name}.pem" + } + role = host.metadata["role"] + privateInterface = "ens4" + } + ] + windows_workers = [ + for host in module.windows_workers.machines : { + winRM = { + address = host.network_interface.0.access_config.0.nat_ip + user = var.windows_user + password = var.windows_password + useHTTPS = true + insecure = true + } + role = host.metadata["role"] + privateInterface = "Ethernet" + } + ] + mke_launchpad_tmpl = { + apiVersion = "launchpad.mirantis.com/mke/v1.3" + kind = "mke" + spec = { + mke = { + version = var.mke_version + adminUsername = "admin" + adminPassword = var.admin_password + installFlags : [ + "--default-node-orchestrator=kubernetes", + "--san=${module.managers.lb_public_ip_address}", + ] + } + msr = {} + hosts = concat(local.managers, local.msrs, local.workers, local.windows_workers) + } + } + + + msr_launchpad_tmpl = { + apiVersion = "launchpad.mirantis.com/mke/v1.3" + kind = "mke+msr" + spec = { + mke = { + version = var.mke_version + adminUsername = "admin" + adminPassword = var.admin_password + installFlags : [ + "--default-node-orchestrator=kubernetes", + "--san=${module.managers.lb_public_ip_address}", + ] + } + msr = { + installFlags : [ + "--ucp-insecure-tls", + "--dtr-external-url ${module.msrs.lb_public_ip_address}", + ] + } + hosts = concat(local.managers, local.msrs, local.workers, local.windows_workers) + } + } + + launchpad_tmpl = var.msr_count > 0 ? local.msr_launchpad_tmpl : local.mke_launchpad_tmpl +} + + +output "mke_cluster" { + value = yamlencode(local.launchpad_tmpl) +} \ No newline at end of file diff --git a/examples/terraform/gcp/modules/common/main.tf b/examples/terraform/gcp/modules/common/main.tf new file mode 100644 index 0000000..5d06115 --- /dev/null +++ b/examples/terraform/gcp/modules/common/main.tf @@ -0,0 +1,60 @@ +resource "tls_private_key" "ssh_key" { + algorithm = "RSA" + rsa_bits = "4096" +} + +resource "local_file" "ssh_public_key" { + content = tls_private_key.ssh_key.private_key_pem + filename = "ssh_keys/${var.cluster_name}.pem" + provisioner "local-exec" { + command = "chmod 0600 ${local_file.ssh_public_key.filename}" + } +} + +data "google_compute_image" "ubuntu" { + family = "ubuntu-1804-lts" + project = "ubuntu-os-cloud" +} + +data "google_compute_image" "windows_2019" { + family = "windows-2019-core-for-containers" + project = "windows-cloud" +} + +resource "google_compute_firewall" "common_internal" { + name = "${var.cluster_name}-internal" + description = "mke cluster common rule to allow all internal traffic" + network = var.vpc_name + direction = "INGRESS" + allow { + protocol = "all" + } + + target_tags = ["allow-internal"] + source_tags = ["allow-internal"] +} + +resource "google_compute_firewall" "common_ssh" { + name = "${var.cluster_name}-ssh" + description = "mke cluster common rule" + network = var.vpc_name + direction = "INGRESS" + allow { + protocol = "tcp" + ports = ["22"] + } + target_tags = ["allow-ssh"] + source_ranges = ["0.0.0.0/0"] +} + + +resource "google_compute_firewall" "common_all_egress" { + name = "${var.cluster_name}-all-egress" + description = "mke cluster common rule" + network = var.vpc_name + direction = "EGRESS" + allow { + protocol = "all" + } + destination_ranges = ["0.0.0.0/0"] +} \ No newline at end of file diff --git a/examples/terraform/gcp/modules/common/outputs.tf b/examples/terraform/gcp/modules/common/outputs.tf new file mode 100644 index 0000000..5d7428f --- /dev/null +++ b/examples/terraform/gcp/modules/common/outputs.tf @@ -0,0 +1,11 @@ +output "image_name" { + value = data.google_compute_image.ubuntu.name +} + +output "windows_2019_image_name" { + value = data.google_compute_image.windows_2019.name +} + +output "ssh_key" { + value = tls_private_key.ssh_key +} \ No newline at end of file diff --git a/examples/terraform/gcp/modules/common/variables.tf b/examples/terraform/gcp/modules/common/variables.tf new file mode 100644 index 0000000..4d86deb --- /dev/null +++ b/examples/terraform/gcp/modules/common/variables.tf @@ -0,0 +1,5 @@ +variable "cluster_name" {} + +variable "project_id" {} + +variable "vpc_name" {} diff --git a/examples/terraform/gcp/modules/manager/main.tf b/examples/terraform/gcp/modules/manager/main.tf new file mode 100644 index 0000000..36c5fc2 --- /dev/null +++ b/examples/terraform/gcp/modules/manager/main.tf @@ -0,0 +1,90 @@ +data "google_client_openid_userinfo" "me" {} + +resource "google_compute_firewall" "manager_internal" { + name = "${var.cluster_name}-managers-internal" + description = "mke cluster managers nodes internal traffic" + network = var.vpc_name + direction = "INGRESS" + allow { + protocol = "tcp" + ports = ["2379-2380"] + } + + target_tags = ["allow-manager"] + source_tags = ["allow-manager"] +} + +resource "google_compute_firewall" "manager" { + name = "${var.cluster_name}-managers" + description = "mke cluster managers ingress traffic" + network = var.vpc_name + direction = "INGRESS" + allow { + protocol = "tcp" + ports = ["443", "6443"] + } + + source_ranges = ["0.0.0.0/0"] + target_tags = ["allow-manager"] +} + +resource "google_compute_instance" "mke_manager" { + count = var.manager_count + name = "${var.cluster_name}-manager-${count.index + 1}" + machine_type = var.manager_type + zone = var.gcp_zone + + metadata = tomap({ + "role" = "manager" + ssh-keys = "ubuntu:${var.ssh_key.public_key_openssh}" + }) + + boot_disk { + initialize_params { + image = var.image_name + type = var.manager_volume_type + size = var.manager_volume_size + } + } + + network_interface { + network = var.vpc_name + subnetwork = var.subnetwork_name + access_config { + } + } + tags = [ + "allow-ssh", + "allow-manager", + "allow-internal" + ] +} + +resource "google_compute_instance_group" "default" { + name = "${var.cluster_name}-manager-group" + description = "Manager nodes instances group" + zone = var.gcp_zone + instances = [for i in google_compute_instance.mke_manager : i.self_link] + + named_port { + name = "api" + port = 443 + } + + named_port { + name = "kubeapi" + port = 6443 + } +} + +module "load_balancer_manager" { + source = "../networklb" + region = var.gcp_region + network = var.vpc_name + name = "${var.cluster_name}-manager-lb" + service_ports = [443, 6443] + health_check_port = 443 + target_instance_group = google_compute_instance_group.default.self_link +} + + diff --git a/examples/terraform/gcp/modules/manager/outputs.tf b/examples/terraform/gcp/modules/manager/outputs.tf new file mode 100644 index 0000000..f0133bd --- /dev/null +++ b/examples/terraform/gcp/modules/manager/outputs.tf @@ -0,0 +1,15 @@ +output "lb_public_ip_address" { + value = module.load_balancer_manager.external_ip +} + +output "public_ips" { + value = google_compute_instance.mke_manager.*.network_interface.0.access_config.0.nat_ip +} + +output "private_ips" { + value = google_compute_instance.mke_manager.*.network_interface.0.network_ip +} + +output "machines" { + value = google_compute_instance.mke_manager +} diff --git a/examples/terraform/gcp/modules/manager/variables.tf b/examples/terraform/gcp/modules/manager/variables.tf new file mode 100644 index 0000000..479142b --- /dev/null +++ b/examples/terraform/gcp/modules/manager/variables.tf @@ -0,0 +1,29 @@ +variable "gcp_region" {} + +variable "gcp_zone" {} + +variable "cluster_name" {} + +variable "vpc_name" {} + +variable "subnetwork_name" {} + +variable "image_name" {} + +variable "ssh_key" {} + +variable "manager_count" { + default = 3 +} + +variable "manager_type" { + default = "e2-standard-4" +} + +variable "manager_volume_type" { + default = "pd-balanced" +} + +variable "manager_volume_size" { + default = 100 +} diff --git a/examples/terraform/gcp/modules/msr/main.tf b/examples/terraform/gcp/modules/msr/main.tf new file mode 100644 index 0000000..4e2eea4 --- /dev/null +++ b/examples/terraform/gcp/modules/msr/main.tf @@ -0,0 +1,61 @@ +resource "google_compute_firewall" "worker" { + name = "${var.cluster_name}-msr" + description = "mke cluster msrs" + network = var.vpc_name + direction = "INGRESS" + allow { + protocol = "tcp" + ports = ["80", "443"] + } + source_ranges = ["0.0.0.0/0"] + target_tags = ["allow-msr", "allow-lb-service-msr"] +} + +resource "google_compute_instance" "mke_msr" { + count = var.msr_count + name = "${var.cluster_name}-msr-${count.index + 1}" + machine_type = var.msr_type + zone = var.gcp_zone + + metadata = tomap({ + "role" = "msr" + ssh-keys = "ubuntu:${var.ssh_key.public_key_openssh}" + }) + + boot_disk { + initialize_params { + image = var.image_name + type = var.msr_volume_type + size = var.msr_volume_size + } + } + + network_interface { + network = var.vpc_name + subnetwork = var.subnetwork_name + access_config { + } + } + tags = [ + "allow-ssh", + "allow-msr", + "allow-internal" + ] +} + +resource "google_compute_instance_group" "default" { + name = "${var.cluster_name}-msr-group" + description = "MSR nodes instances group" + zone = var.gcp_zone + instances = [for i in google_compute_instance.mke_msr : i.self_link] +} + +module "load_balancer_msr" { + source = "../networklb" + region = var.gcp_region + name = "${var.cluster_name}-msr-lb" + service_ports = [443] + health_check_port = 443 + network = var.vpc_name + target_instance_group = google_compute_instance_group.default.self_link +} \ No newline at end of file diff --git a/examples/terraform/gcp/modules/msr/outputs.tf b/examples/terraform/gcp/modules/msr/outputs.tf new file mode 100644 index 0000000..8014296 --- /dev/null +++ b/examples/terraform/gcp/modules/msr/outputs.tf @@ -0,0 +1,15 @@ +output "lb_public_ip_address" { + value = module.load_balancer_msr.external_ip +} + +output "public_ips" { + value = google_compute_instance.mke_msr.*.network_interface.0.access_config.0.nat_ip +} + +output "private_ips" { + value = google_compute_instance.mke_msr.*.network_interface.0.network_ip +} + +output "machines" { + value = google_compute_instance.mke_msr +} diff --git a/examples/terraform/gcp/modules/msr/variables.tf b/examples/terraform/gcp/modules/msr/variables.tf new file mode 100644 index 0000000..4576550 --- /dev/null +++ b/examples/terraform/gcp/modules/msr/variables.tf @@ -0,0 +1,29 @@ +variable "gcp_region" {} + +variable "gcp_zone" {} + +variable "cluster_name" {} + +variable "vpc_name" {} + +variable "subnetwork_name" {} + +variable "image_name" {} + +variable "ssh_key" {} + +variable "msr_count" { + default = 3 +} + +variable "msr_type" { + default = "e2-standard-4" +} + +variable "msr_volume_type" { + default = "pd-balanced" +} + +variable "msr_volume_size" { + default = 100 +} diff --git a/examples/terraform/gcp/modules/networklb/main.tf b/examples/terraform/gcp/modules/networklb/main.tf new file mode 100644 index 0000000..5e46e8b --- /dev/null +++ b/examples/terraform/gcp/modules/networklb/main.tf @@ -0,0 +1,30 @@ +resource "google_compute_forwarding_rule" "default" { + project = var.project + name = var.name + region = var.region + ports = var.service_ports + backend_service = google_compute_region_backend_service.default.self_link +} + +resource "google_compute_region_backend_service" "default" { + name = "${var.name}-backend-service" + project = var.project + protocol = "TCP" + load_balancing_scheme = "EXTERNAL" + + health_checks = [google_compute_region_health_check.default.self_link] + + backend { + group = var.target_instance_group + } +} + +resource "google_compute_region_health_check" "default" { + project = var.project + name = "${var.name}-hc" + + https_health_check { + port = var.health_check_port + } +} + diff --git a/examples/terraform/gcp/modules/networklb/outputs.tf b/examples/terraform/gcp/modules/networklb/outputs.tf new file mode 100644 index 0000000..8be0273 --- /dev/null +++ b/examples/terraform/gcp/modules/networklb/outputs.tf @@ -0,0 +1,5 @@ +output "external_ip" { + description = "The external ip address of the load balancer" + value = google_compute_forwarding_rule.default.ip_address +} + diff --git a/examples/terraform/gcp/modules/networklb/variables.tf b/examples/terraform/gcp/modules/networklb/variables.tf new file mode 100644 index 0000000..b49d928 --- /dev/null +++ b/examples/terraform/gcp/modules/networklb/variables.tf @@ -0,0 +1,34 @@ +variable "project" { + type = string + default = "" +} + +variable "region" { + type = string + default = "" +} + +variable "network" { + type = string +} + +variable "name" { + type = string +} + +variable "service_ports" { + type = list(number) + description = "List of TCP port your service is listening on." +} + + +variable "health_check_port" { + type = number + description = "Health check port for the service" +} + +variable "target_instance_group" { + type = string + description = "Target instance group for the network load balancer" + +} \ No newline at end of file diff --git a/examples/terraform/gcp/modules/networklb/versions.tf b/examples/terraform/gcp/modules/networklb/versions.tf new file mode 100644 index 0000000..d9b6f79 --- /dev/null +++ b/examples/terraform/gcp/modules/networklb/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.12" +} diff --git a/examples/terraform/gcp/modules/vpc/main.tf b/examples/terraform/gcp/modules/vpc/main.tf new file mode 100644 index 0000000..5b18264 --- /dev/null +++ b/examples/terraform/gcp/modules/vpc/main.tf @@ -0,0 +1,15 @@ +# Network VPC and subnets +resource "google_compute_network" "vpc_network" { + project = var.project_id + name = var.cluster_name + auto_create_subnetworks = false + routing_mode = "REGIONAL" + mtu = var.vpc_mtu +} + +resource "google_compute_subnetwork" "subnetwork" { + ip_cidr_range = var.host_cidr + name = format("subnet-%s-%s", var.gcp_region, var.cluster_name) + network = google_compute_network.vpc_network.id + region = var.gcp_region +} \ No newline at end of file diff --git a/examples/terraform/gcp/modules/vpc/outputs.tf b/examples/terraform/gcp/modules/vpc/outputs.tf new file mode 100644 index 0000000..6298d3e --- /dev/null +++ b/examples/terraform/gcp/modules/vpc/outputs.tf @@ -0,0 +1,8 @@ +output "vpc_name" { + value = google_compute_network.vpc_network.name +} + +output "subnet_name" { + value = google_compute_subnetwork.subnetwork.name +} + diff --git a/examples/terraform/gcp/modules/vpc/variables.tf b/examples/terraform/gcp/modules/vpc/variables.tf new file mode 100644 index 0000000..9376a96 --- /dev/null +++ b/examples/terraform/gcp/modules/vpc/variables.tf @@ -0,0 +1,10 @@ +variable "cluster_name" {} +variable "project_id" {} +variable "gcp_region" {} + +variable "vpc_mtu" {} + +variable "host_cidr" { + description = "CIDR IPv4 range to assign to GCE nodes" + default = "172.31.0.0/16" +} diff --git a/examples/terraform/gcp/modules/windows_worker/main.tf b/examples/terraform/gcp/modules/windows_worker/main.tf new file mode 100644 index 0000000..d8c2979 --- /dev/null +++ b/examples/terraform/gcp/modules/windows_worker/main.tf @@ -0,0 +1,129 @@ +resource "google_compute_firewall" "winrm" { + name = "${var.cluster_name}-win-worker" + description = "winrm access for windows workers" + network = var.vpc_name + direction = "INGRESS" + allow { + protocol = "tcp" + ports = ["5985-5990"] + } + source_ranges = ["0.0.0.0/0"] + target_tags = ["allow-winrm"] +} + +resource "google_compute_firewall" "rdp" { + name = "${var.cluster_name}-win-rdp" + description = "rdp access for windows workers" + network = var.vpc_name + direction = "INGRESS" + allow { + protocol = "tcp" + ports = ["3389"] + } + source_ranges = ["0.0.0.0/0"] + target_tags = ["allow-rdp"] +} + +resource "google_compute_instance" "mke_win_worker" { + count = var.worker_count + + name = "${var.cluster_name}-win-worker-${count.index + 1}" + machine_type = var.worker_type + zone = var.gcp_zone + metadata = tomap({ + role = "worker" + windows-startup-script-ps1 = < ./launchpad.yaml +echo "Your launchpad.yaml sample is stored in your current directory" && ls ./launchpad.yaml +echo "Apply your configuration via launchpad apply" + +exit 0 \ No newline at end of file diff --git a/examples/terraform/gcp/terraform.tfvars.example b/examples/terraform/gcp/terraform.tfvars.example new file mode 100644 index 0000000..0f02949 --- /dev/null +++ b/examples/terraform/gcp/terraform.tfvars.example @@ -0,0 +1,6 @@ +cluster_name = "my-mke-cluster" +manager_count = 1 +msr_count = 1 +worker_count = 3 +windows_worker_count = 0 +admin_password = "orcaorcaorca" \ No newline at end of file diff --git a/examples/terraform/gcp/variables.tf b/examples/terraform/gcp/variables.tf new file mode 100644 index 0000000..6695c75 --- /dev/null +++ b/examples/terraform/gcp/variables.tf @@ -0,0 +1,88 @@ +variable "project_id" { + default = "mkeongcp" +} + +variable "cluster_name" { + default = "mke" +} + +variable "gcp_region" { + default = "us-central1" +} + +variable "gcp_zone" { + default = "us-central1-a" +} + +variable "gcp_service_credential" { + default = "" +} + +variable "vpc_mtu" { + default = 1500 + description = "MTU for the VPC. GCP support two MTU values for the VPC: 1440 or 1500" +} + +variable "vpc_cidr" { + default = "172.31.0.0/16" +} + +variable "admin_password" { + default = "dockeradmin" +} + +variable "manager_count" { + default = 1 +} + +variable "worker_count" { + default = 3 +} + +variable "windows_worker_count" { + default = 0 +} + +variable "msr_count" { + default = 0 +} + +variable "manager_type" { + default = "e2-standard-4" +} + +variable "worker_type" { + default = "e2-standard-4" +} + +variable "msr_type" { + default = "e2-standard-4" +} + +variable "manager_volume_type" { + default = "pd-balanced" +} + +variable "manager_volume_size" { + default = 100 +} + +variable "worker_volume_size" { + default = 100 +} + +variable "msr_volume_size" { + default = 100 +} + +variable "windows_user" { + default = "winadmin" +} + +variable "windows_password" { + default = "w!ndozePassw0rd" +} + +variable "mke_version" { + default = "3.5.2" +} diff --git a/examples/terraform/gcp/versions.tf b/examples/terraform/gcp/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/examples/terraform/gcp/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} From 99c794cae5c264b310b92587af184a08faf8b306 Mon Sep 17 00:00:00 2001 From: Ranyodh Singh Date: Wed, 20 Apr 2022 10:46:17 -0400 Subject: [PATCH 2/2] Formatting Fixes --- examples/terraform/azure/modules/master/main.tf | 1 - examples/terraform/gcp/README.md | 3 +-- examples/terraform/gcp/main.tf | 7 +++++-- examples/terraform/gcp/modules/common/main.tf | 3 +-- examples/terraform/gcp/modules/common/outputs.tf | 2 +- examples/terraform/gcp/modules/manager/main.tf | 2 -- examples/terraform/gcp/modules/msr/main.tf | 2 +- examples/terraform/gcp/modules/networklb/main.tf | 1 - examples/terraform/gcp/modules/networklb/outputs.tf | 1 - examples/terraform/gcp/modules/networklb/variables.tf | 3 +-- examples/terraform/gcp/modules/vpc/main.tf | 2 +- examples/terraform/gcp/modules/vpc/outputs.tf | 1 - examples/terraform/gcp/modules/worker/outputs.tf | 2 +- examples/terraform/gcp/modules/worker/variables.tf | 2 +- 14 files changed, 13 insertions(+), 19 deletions(-) diff --git a/examples/terraform/azure/modules/master/main.tf b/examples/terraform/azure/modules/master/main.tf index 63a47b1..f0a7940 100644 --- a/examples/terraform/azure/modules/master/main.tf +++ b/examples/terraform/azure/modules/master/main.tf @@ -317,7 +317,6 @@ EOF ssh_keys { path = "/home/ubuntu/.ssh/authorized_keys" key_data = var.ssh_key.public_key_openssh - } } diff --git a/examples/terraform/gcp/README.md b/examples/terraform/gcp/README.md index fc1bf40..e0d878b 100644 --- a/examples/terraform/gcp/README.md +++ b/examples/terraform/gcp/README.md @@ -23,7 +23,6 @@ The authentication credentials can be passed to `google` provider in two ways: 3. `terraform apply` 4. `terraform output --raw mke_cluster | launchpad apply --config -` - ## Notes -1. Both RDP and WinRM ports are opened for Windows workers. \ No newline at end of file +1. Both RDP and WinRM ports are opened for Windows workers. diff --git a/examples/terraform/gcp/main.tf b/examples/terraform/gcp/main.tf index 86e093a..d94857e 100644 --- a/examples/terraform/gcp/main.tf +++ b/examples/terraform/gcp/main.tf @@ -102,6 +102,7 @@ locals { privateInterface = "ens4" } ] + msrs = [ for host in module.msrs.machines : { ssh = { @@ -113,6 +114,7 @@ locals { privateInterface = "ens4" } ] + workers = [ for host in module.workers.machines : { ssh = { @@ -124,6 +126,7 @@ locals { privateInterface = "ens4" } ] + windows_workers = [ for host in module.windows_workers.machines : { winRM = { @@ -137,6 +140,7 @@ locals { privateInterface = "Ethernet" } ] + mke_launchpad_tmpl = { apiVersion = "launchpad.mirantis.com/mke/v1.3" kind = "mke" @@ -155,7 +159,6 @@ locals { } } - msr_launchpad_tmpl = { apiVersion = "launchpad.mirantis.com/mke/v1.3" kind = "mke+msr" @@ -185,4 +188,4 @@ locals { output "mke_cluster" { value = yamlencode(local.launchpad_tmpl) -} \ No newline at end of file +} diff --git a/examples/terraform/gcp/modules/common/main.tf b/examples/terraform/gcp/modules/common/main.tf index 5d06115..6056daf 100644 --- a/examples/terraform/gcp/modules/common/main.tf +++ b/examples/terraform/gcp/modules/common/main.tf @@ -47,7 +47,6 @@ resource "google_compute_firewall" "common_ssh" { source_ranges = ["0.0.0.0/0"] } - resource "google_compute_firewall" "common_all_egress" { name = "${var.cluster_name}-all-egress" description = "mke cluster common rule" @@ -57,4 +56,4 @@ resource "google_compute_firewall" "common_all_egress" { protocol = "all" } destination_ranges = ["0.0.0.0/0"] -} \ No newline at end of file +} diff --git a/examples/terraform/gcp/modules/common/outputs.tf b/examples/terraform/gcp/modules/common/outputs.tf index 5d7428f..460b553 100644 --- a/examples/terraform/gcp/modules/common/outputs.tf +++ b/examples/terraform/gcp/modules/common/outputs.tf @@ -8,4 +8,4 @@ output "windows_2019_image_name" { output "ssh_key" { value = tls_private_key.ssh_key -} \ No newline at end of file +} diff --git a/examples/terraform/gcp/modules/manager/main.tf b/examples/terraform/gcp/modules/manager/main.tf index 36c5fc2..a7019b5 100644 --- a/examples/terraform/gcp/modules/manager/main.tf +++ b/examples/terraform/gcp/modules/manager/main.tf @@ -86,5 +86,3 @@ module "load_balancer_manager" { health_check_port = 443 target_instance_group = google_compute_instance_group.default.self_link } - - diff --git a/examples/terraform/gcp/modules/msr/main.tf b/examples/terraform/gcp/modules/msr/main.tf index 4e2eea4..41289dd 100644 --- a/examples/terraform/gcp/modules/msr/main.tf +++ b/examples/terraform/gcp/modules/msr/main.tf @@ -58,4 +58,4 @@ module "load_balancer_msr" { health_check_port = 443 network = var.vpc_name target_instance_group = google_compute_instance_group.default.self_link -} \ No newline at end of file +} diff --git a/examples/terraform/gcp/modules/networklb/main.tf b/examples/terraform/gcp/modules/networklb/main.tf index 5e46e8b..e232454 100644 --- a/examples/terraform/gcp/modules/networklb/main.tf +++ b/examples/terraform/gcp/modules/networklb/main.tf @@ -27,4 +27,3 @@ resource "google_compute_region_health_check" "default" { port = var.health_check_port } } - diff --git a/examples/terraform/gcp/modules/networklb/outputs.tf b/examples/terraform/gcp/modules/networklb/outputs.tf index 8be0273..2bf1ec8 100644 --- a/examples/terraform/gcp/modules/networklb/outputs.tf +++ b/examples/terraform/gcp/modules/networklb/outputs.tf @@ -2,4 +2,3 @@ output "external_ip" { description = "The external ip address of the load balancer" value = google_compute_forwarding_rule.default.ip_address } - diff --git a/examples/terraform/gcp/modules/networklb/variables.tf b/examples/terraform/gcp/modules/networklb/variables.tf index b49d928..383acca 100644 --- a/examples/terraform/gcp/modules/networklb/variables.tf +++ b/examples/terraform/gcp/modules/networklb/variables.tf @@ -30,5 +30,4 @@ variable "health_check_port" { variable "target_instance_group" { type = string description = "Target instance group for the network load balancer" - -} \ No newline at end of file +} diff --git a/examples/terraform/gcp/modules/vpc/main.tf b/examples/terraform/gcp/modules/vpc/main.tf index 5b18264..3e87173 100644 --- a/examples/terraform/gcp/modules/vpc/main.tf +++ b/examples/terraform/gcp/modules/vpc/main.tf @@ -12,4 +12,4 @@ resource "google_compute_subnetwork" "subnetwork" { name = format("subnet-%s-%s", var.gcp_region, var.cluster_name) network = google_compute_network.vpc_network.id region = var.gcp_region -} \ No newline at end of file +} diff --git a/examples/terraform/gcp/modules/vpc/outputs.tf b/examples/terraform/gcp/modules/vpc/outputs.tf index 6298d3e..72ce946 100644 --- a/examples/terraform/gcp/modules/vpc/outputs.tf +++ b/examples/terraform/gcp/modules/vpc/outputs.tf @@ -5,4 +5,3 @@ output "vpc_name" { output "subnet_name" { value = google_compute_subnetwork.subnetwork.name } - diff --git a/examples/terraform/gcp/modules/worker/outputs.tf b/examples/terraform/gcp/modules/worker/outputs.tf index 759f2a3..2f6ca8e 100644 --- a/examples/terraform/gcp/modules/worker/outputs.tf +++ b/examples/terraform/gcp/modules/worker/outputs.tf @@ -4,4 +4,4 @@ output "private_ips" { output "machines" { value = google_compute_instance.mke_worker -} \ No newline at end of file +} diff --git a/examples/terraform/gcp/modules/worker/variables.tf b/examples/terraform/gcp/modules/worker/variables.tf index 5b4cdc6..9d108c9 100644 --- a/examples/terraform/gcp/modules/worker/variables.tf +++ b/examples/terraform/gcp/modules/worker/variables.tf @@ -26,4 +26,4 @@ variable "worker_volume_type" { variable "worker_volume_size" { default = 100 -} \ No newline at end of file +}