diff --git a/examples/terraform/gcp/main.tf b/examples/terraform/gcp/main.tf index d94857e..ee1768f 100644 --- a/examples/terraform/gcp/main.tf +++ b/examples/terraform/gcp/main.tf @@ -40,15 +40,16 @@ module "common" { } module "managers" { - source = "./modules/manager" - manager_count = var.manager_count - gcp_region = var.gcp_region - gcp_zone = local.zone - cluster_name = var.cluster_name - image_name = module.common.image_name - vpc_name = module.vpc.vpc_name - subnetwork_name = module.vpc.subnet_name - ssh_key = module.common.ssh_key + source = "./modules/manager" + manager_count = var.manager_count + gcp_region = var.gcp_region + gcp_zone = local.zone + cluster_name = var.cluster_name + image_name = module.common.image_name + vpc_name = module.vpc.vpc_name + subnetwork_name = module.vpc.subnet_name + ssh_key = module.common.ssh_key + service_account_email = module.common.service_account_email } module "msrs" { @@ -64,30 +65,32 @@ module "msrs" { } module "workers" { - source = "./modules/worker" - worker_count = var.worker_count - gcp_region = var.gcp_region - gcp_zone = local.zone - cluster_name = var.cluster_name - vpc_name = module.vpc.vpc_name - subnetwork_name = module.vpc.subnet_name - image_name = module.common.image_name - ssh_key = module.common.ssh_key - worker_type = var.worker_type + source = "./modules/worker" + worker_count = var.worker_count + gcp_region = var.gcp_region + gcp_zone = local.zone + cluster_name = var.cluster_name + vpc_name = module.vpc.vpc_name + subnetwork_name = module.vpc.subnet_name + image_name = module.common.image_name + ssh_key = module.common.ssh_key + worker_type = var.worker_type + service_account_email = module.common.service_account_email } module "windows_workers" { - source = "./modules/windows_worker" - worker_count = var.windows_worker_count - gcp_zone = local.zone - cluster_name = var.cluster_name - vpc_name = module.vpc.vpc_name - subnetwork_name = module.vpc.subnet_name - image_name = module.common.windows_2019_image_name - ssh_key = module.common.ssh_key - worker_type = var.worker_type - windows_user = var.windows_user - windows_password = var.windows_password + source = "./modules/windows_worker" + worker_count = var.windows_worker_count + gcp_zone = local.zone + cluster_name = var.cluster_name + vpc_name = module.vpc.vpc_name + subnetwork_name = module.vpc.subnet_name + image_name = module.common.windows_2019_image_name + ssh_key = module.common.ssh_key + worker_type = var.worker_type + windows_user = var.windows_user + windows_password = var.windows_password + service_account_email = module.common.service_account_email } locals { diff --git a/examples/terraform/gcp/modules/common/main.tf b/examples/terraform/gcp/modules/common/main.tf index 6056daf..60c40e5 100644 --- a/examples/terraform/gcp/modules/common/main.tf +++ b/examples/terraform/gcp/modules/common/main.tf @@ -11,16 +11,28 @@ resource "local_file" "ssh_public_key" { } } + data "google_compute_image" "ubuntu" { - family = "ubuntu-1804-lts" + family = "ubuntu-2004-lts" project = "ubuntu-os-cloud" } data "google_compute_image" "windows_2019" { - family = "windows-2019-core-for-containers" + family = "windows-2019-core" project = "windows-cloud" } +resource "google_service_account" "default" { + account_id = "${var.cluster_name}-service-account-id" + display_name = "Service Account" +} + +resource "google_project_iam_member" "default" { + project = var.project_id + member = "serviceAccount:${google_service_account.default.email}" + role = "roles/compute.admin" +} + resource "google_compute_firewall" "common_internal" { name = "${var.cluster_name}-internal" description = "mke cluster common rule to allow all internal traffic" diff --git a/examples/terraform/gcp/modules/common/outputs.tf b/examples/terraform/gcp/modules/common/outputs.tf index 460b553..b7b459e 100644 --- a/examples/terraform/gcp/modules/common/outputs.tf +++ b/examples/terraform/gcp/modules/common/outputs.tf @@ -9,3 +9,7 @@ output "windows_2019_image_name" { output "ssh_key" { value = tls_private_key.ssh_key } + +output "service_account_email" { + value = google_service_account.default.email +} diff --git a/examples/terraform/gcp/modules/manager/main.tf b/examples/terraform/gcp/modules/manager/main.tf index a7019b5..28856e0 100644 --- a/examples/terraform/gcp/modules/manager/main.tf +++ b/examples/terraform/gcp/modules/manager/main.tf @@ -53,11 +53,20 @@ resource "google_compute_instance" "mke_manager" { access_config { } } + tags = [ + var.cluster_name, "allow-ssh", "allow-manager", "allow-internal" ] + + service_account { + email = var.service_account_email + scopes = [ + "https://www.googleapis.com/auth/cloud-platform" + ] + } } resource "google_compute_instance_group" "default" { diff --git a/examples/terraform/gcp/modules/manager/variables.tf b/examples/terraform/gcp/modules/manager/variables.tf index 479142b..19d46be 100644 --- a/examples/terraform/gcp/modules/manager/variables.tf +++ b/examples/terraform/gcp/modules/manager/variables.tf @@ -12,6 +12,8 @@ variable "image_name" {} variable "ssh_key" {} +variable "service_account_email" {} + variable "manager_count" { default = 3 } diff --git a/examples/terraform/gcp/modules/msr/main.tf b/examples/terraform/gcp/modules/msr/main.tf index 41289dd..1168e2c 100644 --- a/examples/terraform/gcp/modules/msr/main.tf +++ b/examples/terraform/gcp/modules/msr/main.tf @@ -37,6 +37,7 @@ resource "google_compute_instance" "mke_msr" { } } tags = [ + var.cluster_name, "allow-ssh", "allow-msr", "allow-internal" diff --git a/examples/terraform/gcp/modules/windows_worker/main.tf b/examples/terraform/gcp/modules/windows_worker/main.tf index d8c2979..f9b740f 100644 --- a/examples/terraform/gcp/modules/windows_worker/main.tf +++ b/examples/terraform/gcp/modules/windows_worker/main.tf @@ -104,12 +104,20 @@ EOF } tags = [ + var.cluster_name, "allow-rdp", "allow-winrm", "allow-worker", "allow-internal" ] + service_account { + email = var.service_account_email + scopes = [ + "https://www.googleapis.com/auth/cloud-platform" + ] + } + provisioner "remote-exec" { connection { host = self.network_interface.0.access_config.0.nat_ip diff --git a/examples/terraform/gcp/modules/windows_worker/variables.tf b/examples/terraform/gcp/modules/windows_worker/variables.tf index 35125c5..9a6b907 100644 --- a/examples/terraform/gcp/modules/windows_worker/variables.tf +++ b/examples/terraform/gcp/modules/windows_worker/variables.tf @@ -10,6 +10,8 @@ variable "image_name" {} variable "ssh_key" {} +variable "service_account_email" {} + variable "worker_count" { default = 0 } diff --git a/examples/terraform/gcp/modules/worker/main.tf b/examples/terraform/gcp/modules/worker/main.tf index 7badf43..f090793 100644 --- a/examples/terraform/gcp/modules/worker/main.tf +++ b/examples/terraform/gcp/modules/worker/main.tf @@ -24,9 +24,18 @@ resource "google_compute_instance" "mke_worker" { access_config { } } + tags = [ + var.cluster_name, "allow-ssh", "allow-worker", "allow-internal" ] + + service_account { + email = var.service_account_email + scopes = [ + "https://www.googleapis.com/auth/cloud-platform" + ] + } } diff --git a/examples/terraform/gcp/modules/worker/variables.tf b/examples/terraform/gcp/modules/worker/variables.tf index 9d108c9..e188d63 100644 --- a/examples/terraform/gcp/modules/worker/variables.tf +++ b/examples/terraform/gcp/modules/worker/variables.tf @@ -12,6 +12,8 @@ variable "image_name" {} variable "ssh_key" {} +variable "service_account_email" {} + variable "worker_count" { default = 3 } diff --git a/examples/terraform/gcp/variables.tf b/examples/terraform/gcp/variables.tf index 6695c75..2fdaa85 100644 --- a/examples/terraform/gcp/variables.tf +++ b/examples/terraform/gcp/variables.tf @@ -20,7 +20,7 @@ variable "gcp_service_credential" { variable "vpc_mtu" { default = 1500 - description = "MTU for the VPC. GCP support two MTU values for the VPC: 1440 or 1500" + description = "MTU for the VPC. GCP support two MTU values for the VPC: 1460 or 1500" } variable "vpc_cidr" {