GKE Module Design

[robmorgan]

I intend to use this PR to discuss and design the initial module structure for the GKE package. The goal for release v0.0.1 is to write a Terraform module(s) with tests and examples that can create a GKE cluster.

Proposed Structure

The proposed directory layout is as follows:

├── .gitignore
├── LICENSE
├── README.md
├── examples
│   ├── README.md
│   ├── gke-regional-private-cluster
│   ├── gke-regional-public-cluster
│   ├── gke-zonal-private-cluster
│   ├── gke-zonal-public-cluster
├── modules
│   └── gke-cluster
└── test
    └── Gopkg.toml

Design Decisions

1. We are postponing support of Zonal clusters until Terraform 0.12 or until the Google provider outputs a single location field.

Open Questions

• Should we have a parent module gke-cluster that conditionally invokes submodules depending on the desired parameters? Terraform modules don't support count.

Notes

• Private clusters require VPC Network Peering.

Tasks

Terratest

• Write cluster tests.

[brikis98]

A reminder of a few items we discussed during the team sync today:

I know @yorinasub17 had to spend some time on the following for K8S on AWS, so look into if you need to do the same for GCP:

1. Rolling update for worker nodes
2. How does kubectl auth to your cluster in the cloud
3. How do you do role mapping

Also, add to the docs a comment on why we have several cluster modules rather than 1 due to Terraform 0.11 limitations.

Should we have a parent module gke-cluster that conditionally invokes submodules depending on the desired parameters?

Unfortunately, the Terraform module does not support count.

[robmorgan]

@brikis98 thanks Jim 👍

[rileykarson]

I'm curious if we need to support both zonal and regional clusters out of the gate; looking at the terraform-google-modules equivalent module, they need to do a lot of bending over backwards to support both right now.

I expect that we could defer zonal support until 0.12 is out and/or the Google provider outputs a single location field (this is something we're thinking about doing right now); if it's still necessary to add all that boilerplate after both of those, we can do so then.

[rileykarson]

A regional cluster doesn't necessarily support the same version(s) as any/all of its corresponding zones. We'll need to supply the region parameter when working with regional clusters.

[rileykarson]

Just for context, the reason this / the corresponding datasource are useful (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/3f7527e583ffa07e6a06250844e07c38556a4488/cluster_regional.tf#L29) is because it lets you explicitly define which zones in the region your regional / multi-zonal (afaik regional supersedes multi-zonal) cluster resides in.

[rileykarson]

Just realised I had some changes pending in a review pass I thought I'd submitted.

[rileykarson]

This seems like an output we don't need, since the user will have supplied this variable anyways. Or is that standard convention?

[robmorgan]

yeah can probably go, I must have copied it from the other repos.

[rileykarson]

Same as dashboard - these are always user supplied (logging, monitoring).

[rileykarson]

Can you add the outputs from https://github.com/gruntwork-io/terraform-google-gke/pull/10/files#diff-c49d0ae81c71a97455954c7c48bc0eca without the base64decode step? I think they'll be necessary when integrating Tiller.

[rileykarson]

This datasource is present at the bottom of the file.

[rileykarson]

Suggested change

To make it clear both lines are connected

[robmorgan]

I think terraform fmt is causing me problems here at the moment

[robmorgan]

Hi @rileykarson I'm going to merge this as is. I thought about removing the cluster cert & key outputs, but figured we can do this in the upcoming Helm work. I'll also change all of the other PR bases to master