GKE Module Design

.circleci/config.yml

@@ -0,0 +1,56 @@
+workspace_root: &workspace_root
+  /go/src/github.com/hashicorp/terraform-google-gke
+
+defaults: &defaults
+  working_directory: *workspace_root
+  docker:
+  - image: gruntwork/circle-ci-test-image-base:latest
+
+version: 2
+jobs:
+  build:
+    <<: *defaults
+    steps:
+    - checkout
+    - attach_workspace:
+        at: *workspace_root
+    - restore_cache:
+        keys:
+        - dep-{{ checksum "test/Gopkg.lock" }}
+    - run: configure-environment-for-gruntwork-module --go-src-path test --use-go-dep --circle-ci-2
+    - save_cache:
+        key: dep-{{ checksum "test/Gopkg.lock" }}
+        paths:
+        - /go/src/github.com/hashicorp/terraform-google-gke/test/vendor
+    - persist_to_workspace:
+        root: *workspace_root
+        paths: test/vendor
+  test:
+    <<: *defaults
+    steps:
+    - checkout
+    - run: echo 'export PATH=$HOME/terraform:$HOME/packer:$PATH' >> $BASH_ENV
+    - attach_workspace:
+        at: *workspace_root
+    # Write service account creds to disk where the API expects them
+    - run: mkdir -p /tmp/logs
+    - run: |
+        export GOOGLE_APPLICATION_CREDENTIALS="/tmp/gcloud.json" && \
+        echo $GCLOUD_SERVICE_KEY > /tmp/gcloud.json && \
+        run-go-tests --circle-ci-2 --path test | tee /tmp/logs/all.log
+    - run:
+        command: terratest_log_parser --testlog /tmp/logs/all.log --outputdir /tmp/logs
+        when: always
+    - store_artifacts:
+        path: /tmp/logs
+    - store_test_results:
+        path: /tmp/logs
+
+workflows:
+  version: 2
+  build-and-test:
+    jobs:
+    - build
+    - test:
+        requires:
+        - build

.gitignore

@@ -21,5 +21,8 @@ out/
 # Go best practices dictate that libraries should not include the vendor directory
 vendor
 
-# Ignore test data
-.test_data/
+# Folder used to store temporary test data by Terratest
+.test-data
+
+# Mock user-data log file
+mock-user-data.log

examples/gke-regional-public-cluster/README.md

@@ -0,0 +1,12 @@
+# GKE Regional Public Cluster
+
+This example creates a Regional Public GKE Cluster with some sane defaults.
+
+## How do you run these examples?
+
+1. Install [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) v0.10.3 or later.
+1. Open `variables.tf`, set the environment variables specified at the top of the file, and fill in any other variables that
+   don't have a default.
+1. Run `terraform get`.
+1. Run `terraform plan`.
+1. If the plan looks good, run `terraform apply`.

examples/gke-regional-public-cluster/main.tf

@@ -0,0 +1,125 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# DEPLOY A GKE REGIONAL PUBLIC CLUSTER IN GOOGLE CLOUD
+# This is an example of how to use the gke-cluster module to deploy a regional public Kubernetes cluster in GCP with a
+# Load Balancer in front of it.
+# ---------------------------------------------------------------------------------------------------------------------
+
+provider "google-beta" {
+  project = "${var.project}"
+  region  = "${var.region}"
+}
+
+# Use Terraform 0.10.x so that we can take advantage of Terraform GCP functionality as a separate provider via
+# https://github.com/terraform-providers/terraform-provider-google
+terraform {
+  required_version = ">= 0.10.3"
+}
+
+module "gke_cluster" {
+  # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
+  # to a specific version of the modules, such as the following example:
+  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-cluster?ref=v0.0.1"
+  source = "../../modules/gke-cluster"
+
+  project = "${var.project}"
+  region  = "${var.region}"
+  name    = "${var.cluster_name}"
+
+  network           = "${google_compute_network.main.name}"
+  subnetwork        = "${google_compute_subnetwork.main.name}"
+  ip_range_pods     = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}"
+  ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}"
+
+  #service_account   = "${var.compute_engine_service_account}"
+}
+
+# Node Pool
+
+// Node Pool Resource
+resource "google_container_node_pool" "node_pool" {
+  name               = "main-pool"
+  project            = "${var.project}"
+  region             = "${var.region}"
+  cluster            = "${module.gke_cluster.name}"
+  initial_node_count = "1"
+
+  autoscaling {
+    min_node_count = "1"
+    max_node_count = "5"
+  }
+
+  management {
+    auto_repair  = "true"
+    auto_upgrade = "true"
+  }
+
+  node_config {
+    image_type   = "COS"
+    machine_type = "n1-standard-1"
+
+    labels = {
+      all-pools-example = "true"
+    }
+
+    # for custom shutdown scripts etc
+    # metadata = ""
+
+
+    #[DEPRECATED] This field is in beta and will be removed from this provider. Use it in the the google-beta provider instead.
+    # See https://terraform.io/docs/providers/google/provider_versions.html for more details.
+    #taint = {
+    #  key    = "main-pool-example"
+    #  value  = "true"
+    #  effect = "PREFER_NO_SCHEDULE"
+    #}
+
+    tags         = ["main-pool-example"]
+    disk_size_gb = "30"
+    disk_type    = "pd-standard"
+    #service_account = "${lookup(var.node_pools[count.index], "service_account", var.service_account)}"
+    preemptible = false
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/cloud-platform",
+    ]
+  }
+
+  lifecycle {
+    ignore_changes = ["initial_node_count"]
+  }
+
+  timeouts {
+    create = "30m"
+    update = "30m"
+    delete = "30m"
+  }
+}
+
+# Network
+
+resource "random_string" "suffix" {
+  length  = 4
+  special = false
+  upper   = false
+}
+
+resource "google_compute_network" "main" {
+  name                    = "cft-gke-test-${random_string.suffix.result}"
+  auto_create_subnetworks = "false"
+}
+
+resource "google_compute_subnetwork" "main" {
+  name          = "cft-gke-test-${random_string.suffix.result}"
+  ip_cidr_range = "10.0.0.0/17"
+  region        = "${var.region}"
+  network       = "${google_compute_network.main.self_link}"
+
+  secondary_ip_range {
+    range_name    = "cft-gke-test-pods-${random_string.suffix.result}"
+    ip_cidr_range = "192.168.0.0/18"
+  }
+
+  secondary_ip_range {
+    range_name    = "cft-gke-test-services-${random_string.suffix.result}"
+    ip_cidr_range = "192.168.64.0/18"
+  }
+}

examples/gke-regional-public-cluster/outputs.tf

@@ -0,0 +1,5 @@
+output "cluster_endpoint" {
+  #sensitive   = true
+  description = "Cluster endpoint"
+  value       = "${module.gke_cluster.endpoint}"
+}

examples/gke-regional-public-cluster/variables.tf

@@ -0,0 +1,36 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# REQUIRED PARAMETERS
+# These parameters must be supplied when consuming this module.
+# ---------------------------------------------------------------------------------------------------------------------
+
+variable "project" {
+  description = "The name of the GCP Project where all resources will be launched."
+}
+
+variable "region" {
+  description = "The Region in which all GCP resources will be launched."
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# OPTIONAL PARAMETERS
+# These parameters have reasonable defaults.
+# ---------------------------------------------------------------------------------------------------------------------
+
+variable "cluster_name" {
+  description = "The name of the Kubernetes cluster."
+  default     = "example-cluster"
+}
+
+#variable "ip_range_pods" {
+#  description = "The secondary ip range to use for pods"
+#}
+
+
+#variable "ip_range_services" {
+#  description = "The secondary ip range to use for pods"
+#}
+
+
+#variable "compute_engine_service_account" {
+#  description = "Service account to associate to the nodes in the cluster"
+#}

examples/gke-zonal-private-cluster/README.md

@@ -0,0 +1 @@
+TODO

examples/gke-zonal-public-cluster/README.md

@@ -0,0 +1 @@
+TODO

modules/gke-cluster/README.md

@@ -0,0 +1,3 @@
+# GKE Cluster Module
+
+The GKE Cluster creates a configurable GKE cluster.

modules/gke-cluster/main.tf

@@ -0,0 +1,107 @@
+resource "google_container_cluster" "cluster" {
+  name        = "${var.name}"
+  description = "${var.description}"
+  project     = "${var.project}"
+
+  region           = "${var.region}"
+  additional_zones = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]
+
+  network            = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  subnetwork         = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  min_master_version = "${local.kubernetes_version}"
+
+  # We want to make a cluster with no node pools, and manage them all with the
+  # fine-grained google_container_node_pool resource. The API requires a node
+  # pool or an initial count to be defined; that initial count creates the
+  # "default node pool" with that # of nodes.
+  #
+  # So, we need to set an initial_node_count of 1. This will make a default node
+  # pool with server-defined defaults that Terraform will immediately delete as
+  # part of Create. This leaves us in our desired state- with a cluster master
+  # with no node pools.
+  remove_default_node_pool = true
+
+  initial_node_count = 1
+
+  logging_service    = "${var.logging_service}"
+  monitoring_service = "${var.monitoring_service}"
+
+  master_authorized_networks_config = "${var.master_authorized_networks_config}"
+
+  addons_config {
+    http_load_balancing {
+      disabled = "${var.http_load_balancing ? 0 : 1}"
+    }
+
+    horizontal_pod_autoscaling {
+      disabled = "${var.horizontal_pod_autoscaling ? 0 : 1}"
+    }
+
+    kubernetes_dashboard {
+      disabled = "${var.kubernetes_dashboard ? 0 : 1}"
+    }
+
+    network_policy_config {
+      disabled = "${var.network_policy ? 0 : 1}"
+    }
+  }
+
+  ip_allocation_policy {
+    cluster_secondary_range_name  = "${var.ip_range_pods}"
+    services_secondary_range_name = "${var.ip_range_services}"
+  }
+
+  maintenance_policy {
+    daily_maintenance_window {
+      start_time = "${var.maintenance_start_time}"
+    }
+  }
+
+  lifecycle {
+    ignore_changes = ["node_pool"]
+  }
+
+  # Version 2.0.0 will set the default timeouts to these values.
+  timeouts {
+    create = "30m"
+    update = "30m"
+    delete = "30m"
+  }
+}
+
+// TODO
+// Add Data Source to get the latest k8s version
+// Use this is k8s version is not set.
+locals {
+  kubernetes_version = "${var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_node_version}"
+  network_project    = "${var.network_project != "" ? var.network_project : var.project}"
+}
+
+data "google_compute_zones" "available" {
+  project = "${var.project}"
+  region  = "${var.region}"
+}
+
+data "google_compute_network" "gke_network" {
+  name    = "${var.network}"
+  project = "${local.network_project}"
+}
+
+data "google_compute_subnetwork" "gke_subnetwork" {
+  name    = "${var.subnetwork}"
+  region  = "${var.region}"
+  project = "${local.network_project}"
+}
+
+resource "random_shuffle" "available_zones" {
+  input        = ["${data.google_compute_zones.available.names}"]
+  result_count = 3
+}
+
+/******************************************
+  Get available container engine versions
+ *****************************************/
+data "google_container_engine_versions" "region" {
+  region  = "${var.region}"
+  project = "${var.project}"
+}