Merge pull request #23 from gruntwork-io/network_module

Use network module
gruntwork-io · Apr 12, 2019 · 7afc279 · 7afc279
2 parents eda8942 + 258ab7f
commit 7afc279
Show file tree

Hide file tree

Showing 10 changed files with 175 additions and 85 deletions.
diff --git a/examples/gke-basic-tiller/main.tf b/examples/gke-basic-tiller/main.tf
@@ -65,17 +65,22 @@ provider "helm" {
 module "gke_cluster" {
   # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
   # to a specific version of the modules, such as the following example:
-  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-cluster?ref=v0.0.1"
+  # source = "git::[email protected]:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.5"
   source = "../../modules/gke-cluster"
 
   name = "${var.cluster_name}"
 
-  project    = "${var.project}"
-  location   = "${var.location}"
-  network    = "${google_compute_network.main.name}"
-  subnetwork = "${google_compute_subnetwork.main.self_link}"
+  project  = "${var.project}"
+  location = "${var.location}"
+
+  # We're deploying the cluster in the 'public' subnetwork to allow outbound internet access
+  # See the network access tier table for full details:
+  # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier
+  network = "${module.vpc_network.network}"
+
+  subnetwork = "${module.vpc_network.public_subnetwork}"
 
-  cluster_secondary_range_name = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}"
+  cluster_secondary_range_name = "${module.vpc_network.public_subnetwork_secondary_range_name}"
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
@@ -110,7 +115,13 @@ resource "google_container_node_pool" "node_pool" {
       all-pools-example = "true"
     }
 
-    tags         = ["main-pool-example"]
+    # Add a public tag to the instances. See the network access tier table for full details:
+    # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier
+    tags = [
+      "${module.vpc_network.public}",
+      "tiller-example",
+    ]
+
     disk_size_gb = "30"
     disk_type    = "pd-standard"
     preemptible  = false
@@ -140,36 +151,33 @@ resource "google_container_node_pool" "node_pool" {
 module "gke_service_account" {
   # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
   # to a specific version of the modules, such as the following example:
-  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-service-account?ref=v0.0.1"
+  # source = "git::[email protected]:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.5"
   source = "../../modules/gke-service-account"
 
   name        = "${var.cluster_service_account_name}"
   project     = "${var.project}"
   description = "${var.cluster_service_account_description}"
 }
 
-# TODO(rileykarson): Add proper VPC network config once we've made a VPC module
+# ---------------------------------------------------------------------------------------------------------------------
+# CREATE A NETWORK TO DEPLOY THE CLUSTER TO
+# ---------------------------------------------------------------------------------------------------------------------
+
 resource "random_string" "suffix" {
   length  = 4
   special = false
   upper   = false
 }
 
-resource "google_compute_network" "main" {
-  name                    = "${var.cluster_name}-network-${random_string.suffix.result}"
-  auto_create_subnetworks = "false"
-}
+module "vpc_network" {
+  source = "git::[email protected]:gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=v0.0.2"
 
-resource "google_compute_subnetwork" "main" {
-  name          = "${var.cluster_name}-subnetwork-${random_string.suffix.result}"
-  ip_cidr_range = "10.0.0.0/17"
-  region        = "${var.region}"
-  network       = "${google_compute_network.main.self_link}"
+  name    = "${var.cluster_name}-network-${random_string.suffix.result}"
+  project = "${var.project}"
+  region  = "${var.region}"
 
-  secondary_ip_range {
-    range_name    = "cluster-pods"
-    ip_cidr_range = "10.1.0.0/18"
-  }
+  cidr_block           = "${var.vpc_cidr_block}"
+  secondary_cidr_block = "${var.vpc_secondary_cidr_block}"
 }
 
 # ---------------------------------------------------------------------------------------------------------------------

diff --git a/examples/gke-basic-tiller/variables.tf b/examples/gke-basic-tiller/variables.tf
@@ -93,3 +93,17 @@ variable "undeploy_releases" {
   description = "If true, will delete deployed releases from the Tiller instance before undeploying Tiller."
   default     = false
 }
+
+# For the example, we recommend a /16 network for the VPC. Note that when changing the size of the network,
+# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly.
+variable "vpc_cidr_block" {
+  description = "The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27."
+  default     = "10.1.0.0/16"
+}
+
+# For the example, we recommend a /16 network for the secondary range. Note that when changing the size of the network,
+# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly.
+variable "vpc_secondary_cidr_block" {
+  description = "The IP address range of the VPC's secondary address range in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27."
+  default     = "10.2.0.0/16"
+}
diff --git a/examples/gke-private-cluster/README.md b/examples/gke-private-cluster/README.md
@@ -42,7 +42,20 @@ Currently, you cannot use a proxy to reach the cluster master of a regional clus
 1. Run `terraform get`.
 1. Run `terraform plan`.
 1. If the plan looks good, run `terraform apply`.
+
+#### Optional: Deploy a sample application
+
 1. To setup `kubectl` to access the deployed cluster, run `gcloud beta container clusters get-credentials $CLUSTER_NAME 
 --region $REGION --project $PROJECT`, where `CLUSTER_NAME`, `REGION` and `PROJECT` correspond to what you set for the 
 input variables.
+1. Run `kubectl apply -f example-app/nginx.yml` to create a deployment in your cluster.
+1. Run `kubectl get pods` to view the pod status and check that it is ready.
+1. Run `kubectl get deployment` to view the deployment status.
+1. Run `kubectl port-forward deployment/nginx 8080:80`
+
+Now you should be able to access your `nginx` deployment on http://localhost:8080
+
+#### Destroy the created resources
 
+1. If you deployed the sample application, run `kubectl delete -f example-app/nginx.yml`.
+1. Run `terraform destroy`.
diff --git a/examples/gke-private-cluster/example-app/nginx.yml b/examples/gke-private-cluster/example-app/nginx.yml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+
+metadata:
+  name: nginx
+  labels:
+    app: nginx
+    tier: backend
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+        tier: backend
+    spec:
+      containers:
+        - name: nginx
+          image: nginx
+          ports:
+            - containerPort: 80
diff --git a/examples/gke-private-cluster/main.tf b/examples/gke-private-cluster/main.tf
@@ -32,18 +32,22 @@ provider "google-beta" {
 module "gke_cluster" {
   # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
   # to a specific version of the modules, such as the following example:
-  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-cluster?ref=v0.0.4"
+  # source = "git::[email protected]:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.5"
   source = "../../modules/gke-cluster"
 
   name = "${var.cluster_name}"
 
-  project    = "${var.project}"
-  location   = "${var.location}"
-  network    = "${google_compute_network.main.name}"
-  subnetwork = "${google_compute_subnetwork.main.self_link}"
+  project  = "${var.project}"
+  location = "${var.location}"
+  network  = "${module.vpc_network.network}"
+
+  # We're deploying the cluster in the 'public' subnetwork to allow outbound internet access
+  # See the network access tier table for full details:
+  # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier
+  subnetwork = "${module.vpc_network.public_subnetwork}"
 
   # When creating a private cluster, the 'master_ipv4_cidr_block' has to be defined and the size must be /28
-  master_ipv4_cidr_block = "10.5.0.0/28"
+  master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}"
 
   # This setting will make the cluster private
   enable_private_nodes = "true"
@@ -60,7 +64,7 @@ module "gke_cluster" {
     }]
   }]
 
-  cluster_secondary_range_name = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}"
+  cluster_secondary_range_name = "${module.vpc_network.public_subnetwork_secondary_range_name}"
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
@@ -95,7 +99,13 @@ resource "google_container_node_pool" "node_pool" {
       private-pools-example = "true"
     }
 
-    tags         = ["private-pool-example"]
+    # Add a private tag to the instances. See the network access tier table for full details:
+    # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier
+    tags = [
+      "${module.vpc_network.private}",
+      "private-pool-example",
+    ]
+
     disk_size_gb = "30"
     disk_type    = "pd-standard"
     preemptible  = false
@@ -125,7 +135,7 @@ resource "google_container_node_pool" "node_pool" {
 module "gke_service_account" {
   # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
   # to a specific version of the modules, such as the following example:
-  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-service-account?ref=v0.0.1"
+  # source = "git::[email protected]:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.5"
   source = "../../modules/gke-service-account"
 
   name        = "${var.cluster_service_account_name}"
@@ -137,26 +147,20 @@ module "gke_service_account" {
 # CREATE A NETWORK TO DEPLOY THE CLUSTER TO
 # ---------------------------------------------------------------------------------------------------------------------
 
-# TODO(rileykarson): Add proper VPC network config once we've made a VPC module
+module "vpc_network" {
+  source = "git::[email protected]:gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=v0.0.2"
+
+  name    = "${var.cluster_name}-network-${random_string.suffix.result}"
+  project = "${var.project}"
+  region  = "${var.region}"
+
+  cidr_block           = "${var.vpc_cidr_block}"
+  secondary_cidr_block = "${var.vpc_secondary_cidr_block}"
+}
+
+# Use a random suffix to prevent overlap in network names
 resource "random_string" "suffix" {
   length  = 4
   special = false
   upper   = false
 }
-
-resource "google_compute_network" "main" {
-  name                    = "${var.cluster_name}-network-${random_string.suffix.result}"
-  auto_create_subnetworks = "false"
-}
-
-resource "google_compute_subnetwork" "main" {
-  name          = "${var.cluster_name}-subnetwork-${random_string.suffix.result}"
-  ip_cidr_range = "10.3.0.0/17"
-  region        = "${var.region}"
-  network       = "${google_compute_network.main.self_link}"
-
-  secondary_ip_range {
-    range_name    = "private-cluster-pods"
-    ip_cidr_range = "10.4.0.0/18"
-  }
-}
diff --git a/examples/gke-private-cluster/variables.tf b/examples/gke-private-cluster/variables.tf
@@ -34,3 +34,22 @@ variable "cluster_service_account_description" {
   description = "A description of the custom service account used for the GKE cluster."
   default     = "Example GKE Cluster Service Account managed by Terraform"
 }
+
+variable "master_ipv4_cidr_block" {
+  description = "The IP range in CIDR notation (size must be /28) to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network."
+  default     = "10.5.0.0/28"
+}
+
+# For the example, we recommend a /16 network for the VPC. Note that when changing the size of the network,
+# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly.
+variable "vpc_cidr_block" {
+  description = "The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27."
+  default     = "10.3.0.0/16"
+}
+
+# For the example, we recommend a /16 network for the secondary range. Note that when changing the size of the network,
+# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly.
+variable "vpc_secondary_cidr_block" {
+  description = "The IP address range of the VPC's secondary address range in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27."
+  default     = "10.4.0.0/16"
+}
diff --git a/examples/gke-public-cluster/main.tf b/examples/gke-public-cluster/main.tf
@@ -33,17 +33,22 @@ provider "google-beta" {
 module "gke_cluster" {
   # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
   # to a specific version of the modules, such as the following example:
-  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-cluster?ref=v0.0.3"
+  # source = "git::[email protected]:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.5"
   source = "../../modules/gke-cluster"
 
   name = "${var.cluster_name}"
 
-  project    = "${var.project}"
-  location   = "${var.location}"
-  network    = "${google_compute_network.main.name}"
-  subnetwork = "${google_compute_subnetwork.main.self_link}"
+  project  = "${var.project}"
+  location = "${var.location}"
+
+  # We're deploying the cluster in the 'public' subnetwork to allow outbound internet access
+  # See the network access tier table for full details:
+  # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier
+  network = "${module.vpc_network.network}"
 
-  cluster_secondary_range_name = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}"
+  subnetwork = "${module.vpc_network.public_subnetwork}"
+
+  cluster_secondary_range_name = "${module.vpc_network.public_subnetwork_secondary_range_name}"
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
@@ -78,7 +83,13 @@ resource "google_container_node_pool" "node_pool" {
       all-pools-example = "true"
     }
 
-    tags         = ["main-pool-example"]
+    # Add a public tag to the instances. See the network access tier table for full details:
+    # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier
+    tags = [
+      "${module.vpc_network.public}",
+      "public-pool-example",
+    ]
+
     disk_size_gb = "30"
     disk_type    = "pd-standard"
     preemptible  = false
@@ -108,7 +119,7 @@ resource "google_container_node_pool" "node_pool" {
 module "gke_service_account" {
   # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
   # to a specific version of the modules, such as the following example:
-  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-service-account?ref=v0.0.1"
+  # source = "git::[email protected]:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.5"
   source = "../../modules/gke-service-account"
 
   name        = "${var.cluster_service_account_name}"
@@ -119,26 +130,20 @@ module "gke_service_account" {
 # ---------------------------------------------------------------------------------------------------------------------
 # CREATE A NETWORK TO DEPLOY THE CLUSTER TO
 # ---------------------------------------------------------------------------------------------------------------------
-# TODO(rileykarson): Add proper VPC network config once we've made a VPC module
+
 resource "random_string" "suffix" {
   length  = 4
   special = false
   upper   = false
 }
 
-resource "google_compute_network" "main" {
-  name                    = "${var.cluster_name}-network-${random_string.suffix.result}"
-  auto_create_subnetworks = "false"
-}
+module "vpc_network" {
+  source = "git::[email protected]:gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=v0.0.2"
 
-resource "google_compute_subnetwork" "main" {
-  name          = "${var.cluster_name}-subnetwork-${random_string.suffix.result}"
-  ip_cidr_range = "10.0.0.0/17"
-  region        = "${var.region}"
-  network       = "${google_compute_network.main.self_link}"
+  name    = "${var.cluster_name}-network-${random_string.suffix.result}"
+  project = "${var.project}"
+  region  = "${var.region}"
 
-  secondary_ip_range {
-    range_name    = "cluster-pods"
-    ip_cidr_range = "10.1.0.0/18"
-  }
+  cidr_block           = "${var.vpc_cidr_block}"
+  secondary_cidr_block = "${var.vpc_secondary_cidr_block}"
 }
diff --git a/examples/gke-public-cluster/variables.tf b/examples/gke-public-cluster/variables.tf
@@ -34,3 +34,17 @@ variable "cluster_service_account_description" {
   description = "A description of the custom service account used for the GKE cluster."
   default     = "Example GKE Cluster Service Account managed by Terraform"
 }
+
+# For the example, we recommend a /16 network for the VPC. Note that when changing the size of the network,
+# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly.
+variable "vpc_cidr_block" {
+  description = "The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27."
+  default     = "10.6.0.0/16"
+}
+
+# For the example, we recommend a /16 network for the secondary range. Note that when changing the size of the network,
+# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly.
+variable "vpc_secondary_cidr_block" {
+  description = "The IP address range of the VPC's secondary address range in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27."
+  default     = "10.7.0.0/16"
+}