From 731b0aa0f628cfcb8b6fe1b4279bdbe980b83b18 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Thu, 11 Apr 2019 11:43:37 +0300 Subject: [PATCH 1/5] Update repo name in comments --- examples/gke-basic-tiller/main.tf | 4 ++-- examples/gke-private-cluster/main.tf | 4 ++-- examples/gke-public-cluster/main.tf | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/examples/gke-basic-tiller/main.tf b/examples/gke-basic-tiller/main.tf index a6ba3c1..d29daa1 100644 --- a/examples/gke-basic-tiller/main.tf +++ b/examples/gke-basic-tiller/main.tf @@ -65,7 +65,7 @@ provider "helm" { module "gke_cluster" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: - # source = "git::git@github.com:gruntwork-io/gke-cluster.git//modules/gke-cluster?ref=v0.0.1" + # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.4" source = "../../modules/gke-cluster" name = "${var.cluster_name}" @@ -140,7 +140,7 @@ resource "google_container_node_pool" "node_pool" { module "gke_service_account" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: - # source = "git::git@github.com:gruntwork-io/gke-cluster.git//modules/gke-service-account?ref=v0.0.1" + # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.4" source = "../../modules/gke-service-account" name = "${var.cluster_service_account_name}" diff --git a/examples/gke-private-cluster/main.tf b/examples/gke-private-cluster/main.tf index a1c45cd..7f67af0 100644 --- a/examples/gke-private-cluster/main.tf +++ b/examples/gke-private-cluster/main.tf @@ -32,7 +32,7 @@ provider "google-beta" { module "gke_cluster" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: - # source = "git::git@github.com:gruntwork-io/gke-cluster.git//modules/gke-cluster?ref=v0.0.4" + # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.4" source = "../../modules/gke-cluster" name = "${var.cluster_name}" @@ -125,7 +125,7 @@ resource "google_container_node_pool" "node_pool" { module "gke_service_account" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: - # source = "git::git@github.com:gruntwork-io/gke-cluster.git//modules/gke-service-account?ref=v0.0.1" + # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.4" source = "../../modules/gke-service-account" name = "${var.cluster_service_account_name}" diff --git a/examples/gke-public-cluster/main.tf b/examples/gke-public-cluster/main.tf index e16d998..300c0d6 100644 --- a/examples/gke-public-cluster/main.tf +++ b/examples/gke-public-cluster/main.tf @@ -33,7 +33,7 @@ provider "google-beta" { module "gke_cluster" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: - # source = "git::git@github.com:gruntwork-io/gke-cluster.git//modules/gke-cluster?ref=v0.0.3" + # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.4" source = "../../modules/gke-cluster" name = "${var.cluster_name}" @@ -108,7 +108,7 @@ resource "google_container_node_pool" "node_pool" { module "gke_service_account" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: - # source = "git::git@github.com:gruntwork-io/gke-cluster.git//modules/gke-service-account?ref=v0.0.1" + # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.4" source = "../../modules/gke-service-account" name = "${var.cluster_service_account_name}" From 257b35984f8918cd1a1e19e68f04802a04a91c28 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Thu, 11 Apr 2019 15:47:53 +0300 Subject: [PATCH 2/5] Use network -module in private example --- examples/gke-basic-tiller/main.tf | 2 +- examples/gke-private-cluster/README.md | 13 ++++++ .../gke-private-cluster/example-app/nginx.yml | 24 ++++++++++ examples/gke-private-cluster/main.tf | 46 +++++++++---------- examples/gke-private-cluster/variables.tf | 19 ++++++++ examples/gke-public-cluster/main.tf | 2 +- modules/gke-cluster/main.tf | 13 +----- modules/gke-cluster/variables.tf | 4 +- 8 files changed, 84 insertions(+), 39 deletions(-) create mode 100644 examples/gke-private-cluster/example-app/nginx.yml diff --git a/examples/gke-basic-tiller/main.tf b/examples/gke-basic-tiller/main.tf index d29daa1..f59d34f 100644 --- a/examples/gke-basic-tiller/main.tf +++ b/examples/gke-basic-tiller/main.tf @@ -72,7 +72,7 @@ module "gke_cluster" { project = "${var.project}" location = "${var.location}" - network = "${google_compute_network.main.name}" + network = "${google_compute_network.main.self_link}" subnetwork = "${google_compute_subnetwork.main.self_link}" cluster_secondary_range_name = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" diff --git a/examples/gke-private-cluster/README.md b/examples/gke-private-cluster/README.md index 28ed075..7c8b16d 100644 --- a/examples/gke-private-cluster/README.md +++ b/examples/gke-private-cluster/README.md @@ -42,7 +42,20 @@ Currently, you cannot use a proxy to reach the cluster master of a regional clus 1. Run `terraform get`. 1. Run `terraform plan`. 1. If the plan looks good, run `terraform apply`. + +#### Optional: Deploy a sample application + 1. To setup `kubectl` to access the deployed cluster, run `gcloud beta container clusters get-credentials $CLUSTER_NAME --region $REGION --project $PROJECT`, where `CLUSTER_NAME`, `REGION` and `PROJECT` correspond to what you set for the input variables. +1. Run `kubectl apply -f example-app/nginx.yml` to create a deployment in your cluster. +1. Run `kubectl get pods` to view the pod status and check that it is ready. +1. Run `kubectl get deployment` to view the deployment status. +1. Run `kubectl port-forward deployment/nginx 8080:80` + +Now you should be able to access your `nginx` deployment on http://localhost:8080 + +#### Destroy the created resources +1. If you deployed the sample application, run `kubectl delete -f example-app/nginx.yml`. +1. Run `terraform destroy`. diff --git a/examples/gke-private-cluster/example-app/nginx.yml b/examples/gke-private-cluster/example-app/nginx.yml new file mode 100644 index 0000000..e4b2476 --- /dev/null +++ b/examples/gke-private-cluster/example-app/nginx.yml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment + +metadata: + name: nginx + labels: + app: nginx + tier: backend +spec: + replicas: 2 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + tier: backend + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 diff --git a/examples/gke-private-cluster/main.tf b/examples/gke-private-cluster/main.tf index 7f67af0..b23e277 100644 --- a/examples/gke-private-cluster/main.tf +++ b/examples/gke-private-cluster/main.tf @@ -39,11 +39,11 @@ module "gke_cluster" { project = "${var.project}" location = "${var.location}" - network = "${google_compute_network.main.name}" - subnetwork = "${google_compute_subnetwork.main.self_link}" + network = "${module.vpc_network.network}" + subnetwork = "${module.vpc_network.public_subnetwork}" # When creating a private cluster, the 'master_ipv4_cidr_block' has to be defined and the size must be /28 - master_ipv4_cidr_block = "10.5.0.0/28" + master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}" # This setting will make the cluster private enable_private_nodes = "true" @@ -60,7 +60,7 @@ module "gke_cluster" { }] }] - cluster_secondary_range_name = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + cluster_secondary_range_name = "${module.vpc_network.public_subnetwork_secondary_range_name}" } # --------------------------------------------------------------------------------------------------------------------- @@ -95,7 +95,13 @@ resource "google_container_node_pool" "node_pool" { private-pools-example = "true" } - tags = ["private-pool-example"] + # Add a private tag to the instances. See the network access tier table for full details: + # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier + tags = [ + "${module.vpc_network.private}", + "private-pool-example", + ] + disk_size_gb = "30" disk_type = "pd-standard" preemptible = false @@ -137,26 +143,20 @@ module "gke_service_account" { # CREATE A NETWORK TO DEPLOY THE CLUSTER TO # --------------------------------------------------------------------------------------------------------------------- -# TODO(rileykarson): Add proper VPC network config once we've made a VPC module +module "vpc_network" { + source = "git::git@github.com:gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=vpc_outputs" + + name = "${var.cluster_name}-network-${random_string.suffix.result}" + project = "${var.project}" + region = "${var.region}" + + cidr_block = "${var.vpc_cidr_block}" + secondary_cidr_block = "${var.vpc_secondary_cidr_block}" +} + +# Use a random suffix to prevent overlap in network names resource "random_string" "suffix" { length = 4 special = false upper = false } - -resource "google_compute_network" "main" { - name = "${var.cluster_name}-network-${random_string.suffix.result}" - auto_create_subnetworks = "false" -} - -resource "google_compute_subnetwork" "main" { - name = "${var.cluster_name}-subnetwork-${random_string.suffix.result}" - ip_cidr_range = "10.3.0.0/17" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" - - secondary_ip_range { - range_name = "private-cluster-pods" - ip_cidr_range = "10.4.0.0/18" - } -} diff --git a/examples/gke-private-cluster/variables.tf b/examples/gke-private-cluster/variables.tf index d0ad1eb..b57ecb2 100644 --- a/examples/gke-private-cluster/variables.tf +++ b/examples/gke-private-cluster/variables.tf @@ -34,3 +34,22 @@ variable "cluster_service_account_description" { description = "A description of the custom service account used for the GKE cluster." default = "Example GKE Cluster Service Account managed by Terraform" } + +variable "master_ipv4_cidr_block" { + description = "The IP range in CIDR notation (size must be /28) to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network." + default = "10.5.0.0/28" +} + +# For the example, we recommend a /16 network for the VPC. Note that when changing the size of the network, +# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly. +variable "vpc_cidr_block" { + description = "The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27." + default = "10.3.0.0/16" +} + +# For the example, we recommend a /16 network for the secondary range. Note that when changing the size of the network, +# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly. +variable "vpc_secondary_cidr_block" { + description = "The IP address range of the VPC's secondary address range in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27." + default = "10.4.0.0/16" +} diff --git a/examples/gke-public-cluster/main.tf b/examples/gke-public-cluster/main.tf index 300c0d6..9cac698 100644 --- a/examples/gke-public-cluster/main.tf +++ b/examples/gke-public-cluster/main.tf @@ -40,7 +40,7 @@ module "gke_cluster" { project = "${var.project}" location = "${var.location}" - network = "${google_compute_network.main.name}" + network = "${google_compute_network.main.self_link}" subnetwork = "${google_compute_subnetwork.main.self_link}" cluster_secondary_range_name = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf index b33689e..ab1f035 100644 --- a/modules/gke-cluster/main.tf +++ b/modules/gke-cluster/main.tf @@ -14,8 +14,8 @@ resource "google_container_cluster" "cluster" { project = "${var.project}" location = "${var.location}" - network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" - subnetwork = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" logging_service = "${var.logging_service}" monitoring_service = "${var.monitoring_service}" @@ -109,15 +109,6 @@ locals { # Pull in data # --------------------------------------------------------------------------------------------------------------------- -data "google_compute_network" "gke_network" { - name = "${var.network}" - project = "${local.network_project}" -} - -data "google_compute_subnetwork" "gke_subnetwork" { - self_link = "${var.subnetwork}" -} - // Get available master versions in our location to determine the latest version data "google_container_engine_versions" "location" { location = "${var.location}" diff --git a/modules/gke-cluster/variables.tf b/modules/gke-cluster/variables.tf index a79fe1a..7c78443 100644 --- a/modules/gke-cluster/variables.tf +++ b/modules/gke-cluster/variables.tf @@ -16,7 +16,7 @@ variable "name" { } variable "network" { - description = "The VPC network to host the cluster in" + description = "A reference (self link) to the VPS network to host the cluster in" } variable "subnetwork" { @@ -77,8 +77,6 @@ variable "master_ipv4_cidr_block" { default = "" } -// TODO(robmorgan): Are we using these values below? We should understand them more fully before adding them to configs. - variable "network_project" { description = "The project ID of the shared VPC's host (for shared vpc support)" default = "" From 78c18f77fbad55eeb1c1c803f34582ccb7c27e16 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Thu, 11 Apr 2019 16:44:26 +0300 Subject: [PATCH 3/5] Use released network -module --- examples/gke-private-cluster/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/gke-private-cluster/main.tf b/examples/gke-private-cluster/main.tf index b23e277..28bbdcf 100644 --- a/examples/gke-private-cluster/main.tf +++ b/examples/gke-private-cluster/main.tf @@ -144,7 +144,7 @@ module "gke_service_account" { # --------------------------------------------------------------------------------------------------------------------- module "vpc_network" { - source = "git::git@github.com:gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=vpc_outputs" + source = "git::git@github.com:gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=v0.0.2" name = "${var.cluster_name}-network-${random_string.suffix.result}" project = "${var.project}" From 5ec0095ff2bb8eab11608f26b2ab79996cb9cb3b Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Thu, 11 Apr 2019 21:00:06 +0300 Subject: [PATCH 4/5] [skip ci] until git issue fixed. Use the network -module in the other examples. Improved documentation. --- examples/gke-basic-tiller/main.tf | 50 ++++++++++++++---------- examples/gke-basic-tiller/variables.tf | 14 +++++++ examples/gke-private-cluster/main.tf | 12 ++++-- examples/gke-public-cluster/main.tf | 47 ++++++++++++---------- examples/gke-public-cluster/variables.tf | 14 +++++++ 5 files changed, 91 insertions(+), 46 deletions(-) diff --git a/examples/gke-basic-tiller/main.tf b/examples/gke-basic-tiller/main.tf index f59d34f..f7810c0 100644 --- a/examples/gke-basic-tiller/main.tf +++ b/examples/gke-basic-tiller/main.tf @@ -65,17 +65,22 @@ provider "helm" { module "gke_cluster" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: - # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.4" + # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.5" source = "../../modules/gke-cluster" name = "${var.cluster_name}" - project = "${var.project}" - location = "${var.location}" - network = "${google_compute_network.main.self_link}" - subnetwork = "${google_compute_subnetwork.main.self_link}" + project = "${var.project}" + location = "${var.location}" + + # We're deploying the cluster in the 'public' subnetwork to allow outbound internet access + # See the network access tier table for full details: + # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier + network = "${module.vpc_network.network}" + + subnetwork = "${module.vpc_network.public_subnetwork}" - cluster_secondary_range_name = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + cluster_secondary_range_name = "${module.vpc_network.public_subnetwork_secondary_range_name}" } # --------------------------------------------------------------------------------------------------------------------- @@ -110,7 +115,13 @@ resource "google_container_node_pool" "node_pool" { all-pools-example = "true" } - tags = ["main-pool-example"] + # Add a public tag to the instances. See the network access tier table for full details: + # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier + tags = [ + "${module.vpc_network.public}", + "tiller-example", + ] + disk_size_gb = "30" disk_type = "pd-standard" preemptible = false @@ -148,28 +159,25 @@ module "gke_service_account" { description = "${var.cluster_service_account_description}" } -# TODO(rileykarson): Add proper VPC network config once we've made a VPC module +# --------------------------------------------------------------------------------------------------------------------- +# CREATE A NETWORK TO DEPLOY THE CLUSTER TO +# --------------------------------------------------------------------------------------------------------------------- + resource "random_string" "suffix" { length = 4 special = false upper = false } -resource "google_compute_network" "main" { - name = "${var.cluster_name}-network-${random_string.suffix.result}" - auto_create_subnetworks = "false" -} +module "vpc_network" { + source = "git::git@github.com:gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=v0.0.2" -resource "google_compute_subnetwork" "main" { - name = "${var.cluster_name}-subnetwork-${random_string.suffix.result}" - ip_cidr_range = "10.0.0.0/17" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" + name = "${var.cluster_name}-network-${random_string.suffix.result}" + project = "${var.project}" + region = "${var.region}" - secondary_ip_range { - range_name = "cluster-pods" - ip_cidr_range = "10.1.0.0/18" - } + cidr_block = "${var.vpc_cidr_block}" + secondary_cidr_block = "${var.vpc_secondary_cidr_block}" } # --------------------------------------------------------------------------------------------------------------------- diff --git a/examples/gke-basic-tiller/variables.tf b/examples/gke-basic-tiller/variables.tf index 987fcb3..ade77c9 100644 --- a/examples/gke-basic-tiller/variables.tf +++ b/examples/gke-basic-tiller/variables.tf @@ -93,3 +93,17 @@ variable "undeploy_releases" { description = "If true, will delete deployed releases from the Tiller instance before undeploying Tiller." default = false } + +# For the example, we recommend a /16 network for the VPC. Note that when changing the size of the network, +# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly. +variable "vpc_cidr_block" { + description = "The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27." + default = "10.1.0.0/16" +} + +# For the example, we recommend a /16 network for the secondary range. Note that when changing the size of the network, +# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly. +variable "vpc_secondary_cidr_block" { + description = "The IP address range of the VPC's secondary address range in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27." + default = "10.2.0.0/16" +} diff --git a/examples/gke-private-cluster/main.tf b/examples/gke-private-cluster/main.tf index 28bbdcf..cf1c44e 100644 --- a/examples/gke-private-cluster/main.tf +++ b/examples/gke-private-cluster/main.tf @@ -32,14 +32,18 @@ provider "google-beta" { module "gke_cluster" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: - # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.4" + # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.5" source = "../../modules/gke-cluster" name = "${var.cluster_name}" - project = "${var.project}" - location = "${var.location}" - network = "${module.vpc_network.network}" + project = "${var.project}" + location = "${var.location}" + network = "${module.vpc_network.network}" + + # We're deploying the cluster in the 'public' subnetwork to allow outbound internet access + # See the network access tier table for full details: + # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier subnetwork = "${module.vpc_network.public_subnetwork}" # When creating a private cluster, the 'master_ipv4_cidr_block' has to be defined and the size must be /28 diff --git a/examples/gke-public-cluster/main.tf b/examples/gke-public-cluster/main.tf index 9cac698..166a550 100644 --- a/examples/gke-public-cluster/main.tf +++ b/examples/gke-public-cluster/main.tf @@ -33,17 +33,22 @@ provider "google-beta" { module "gke_cluster" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: - # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.4" + # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.5" source = "../../modules/gke-cluster" name = "${var.cluster_name}" - project = "${var.project}" - location = "${var.location}" - network = "${google_compute_network.main.self_link}" - subnetwork = "${google_compute_subnetwork.main.self_link}" + project = "${var.project}" + location = "${var.location}" + + # We're deploying the cluster in the 'public' subnetwork to allow outbound internet access + # See the network access tier table for full details: + # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier + network = "${module.vpc_network.network}" - cluster_secondary_range_name = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + subnetwork = "${module.vpc_network.public_subnetwork}" + + cluster_secondary_range_name = "${module.vpc_network.public_subnetwork_secondary_range_name}" } # --------------------------------------------------------------------------------------------------------------------- @@ -78,7 +83,13 @@ resource "google_container_node_pool" "node_pool" { all-pools-example = "true" } - tags = ["main-pool-example"] + # Add a public tag to the instances. See the network access tier table for full details: + # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier + tags = [ + "${module.vpc_network.public}", + "public-pool-example", + ] + disk_size_gb = "30" disk_type = "pd-standard" preemptible = false @@ -119,26 +130,20 @@ module "gke_service_account" { # --------------------------------------------------------------------------------------------------------------------- # CREATE A NETWORK TO DEPLOY THE CLUSTER TO # --------------------------------------------------------------------------------------------------------------------- -# TODO(rileykarson): Add proper VPC network config once we've made a VPC module + resource "random_string" "suffix" { length = 4 special = false upper = false } -resource "google_compute_network" "main" { - name = "${var.cluster_name}-network-${random_string.suffix.result}" - auto_create_subnetworks = "false" -} +module "vpc_network" { + source = "git::git@github.com:gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=v0.0.2" -resource "google_compute_subnetwork" "main" { - name = "${var.cluster_name}-subnetwork-${random_string.suffix.result}" - ip_cidr_range = "10.0.0.0/17" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" + name = "${var.cluster_name}-network-${random_string.suffix.result}" + project = "${var.project}" + region = "${var.region}" - secondary_ip_range { - range_name = "cluster-pods" - ip_cidr_range = "10.1.0.0/18" - } + cidr_block = "${var.vpc_cidr_block}" + secondary_cidr_block = "${var.vpc_secondary_cidr_block}" } diff --git a/examples/gke-public-cluster/variables.tf b/examples/gke-public-cluster/variables.tf index 47fe283..1673660 100644 --- a/examples/gke-public-cluster/variables.tf +++ b/examples/gke-public-cluster/variables.tf @@ -34,3 +34,17 @@ variable "cluster_service_account_description" { description = "A description of the custom service account used for the GKE cluster." default = "Example GKE Cluster Service Account managed by Terraform" } + +# For the example, we recommend a /16 network for the VPC. Note that when changing the size of the network, +# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly. +variable "vpc_cidr_block" { + description = "The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27." + default = "10.6.0.0/16" +} + +# For the example, we recommend a /16 network for the secondary range. Note that when changing the size of the network, +# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly. +variable "vpc_secondary_cidr_block" { + description = "The IP address range of the VPC's secondary address range in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27." + default = "10.7.0.0/16" +} From 258ab7f4dda3617a3f79d0dfb29742ea20f964c5 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Fri, 12 Apr 2019 08:15:06 +0300 Subject: [PATCH 5/5] Update references to the upcoming v0.0.5 release, fix typo --- examples/gke-basic-tiller/main.tf | 2 +- examples/gke-private-cluster/main.tf | 2 +- examples/gke-public-cluster/main.tf | 2 +- modules/gke-cluster/variables.tf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/gke-basic-tiller/main.tf b/examples/gke-basic-tiller/main.tf index f7810c0..2369556 100644 --- a/examples/gke-basic-tiller/main.tf +++ b/examples/gke-basic-tiller/main.tf @@ -151,7 +151,7 @@ resource "google_container_node_pool" "node_pool" { module "gke_service_account" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: - # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.4" + # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.5" source = "../../modules/gke-service-account" name = "${var.cluster_service_account_name}" diff --git a/examples/gke-private-cluster/main.tf b/examples/gke-private-cluster/main.tf index cf1c44e..2f72efb 100644 --- a/examples/gke-private-cluster/main.tf +++ b/examples/gke-private-cluster/main.tf @@ -135,7 +135,7 @@ resource "google_container_node_pool" "node_pool" { module "gke_service_account" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: - # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.4" + # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.5" source = "../../modules/gke-service-account" name = "${var.cluster_service_account_name}" diff --git a/examples/gke-public-cluster/main.tf b/examples/gke-public-cluster/main.tf index 166a550..52bb2f1 100644 --- a/examples/gke-public-cluster/main.tf +++ b/examples/gke-public-cluster/main.tf @@ -119,7 +119,7 @@ resource "google_container_node_pool" "node_pool" { module "gke_service_account" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: - # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.4" + # source = "git::git@github.com:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.5" source = "../../modules/gke-service-account" name = "${var.cluster_service_account_name}" diff --git a/modules/gke-cluster/variables.tf b/modules/gke-cluster/variables.tf index 7c78443..41b6d70 100644 --- a/modules/gke-cluster/variables.tf +++ b/modules/gke-cluster/variables.tf @@ -16,7 +16,7 @@ variable "name" { } variable "network" { - description = "A reference (self link) to the VPS network to host the cluster in" + description = "A reference (self link) to the VPC network to host the cluster in" } variable "subnetwork" {