Use network module

examples/gke-basic-tiller/main.tf

@@ -65,14 +65,14 @@ provider "helm" {
 module "gke_cluster" {
   # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
   # to a specific version of the modules, such as the following example:
-  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-cluster?ref=v0.0.1"
+  # source = "git::[email protected]:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.4"
   source = "../../modules/gke-cluster"
 
   name = "${var.cluster_name}"
 
   project    = "${var.project}"
   location   = "${var.location}"
-  network    = "${google_compute_network.main.name}"
+  network    = "${google_compute_network.main.self_link}"
   subnetwork = "${google_compute_subnetwork.main.self_link}"
 
   cluster_secondary_range_name = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}"
@@ -140,7 +140,7 @@ resource "google_container_node_pool" "node_pool" {
 module "gke_service_account" {
   # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
   # to a specific version of the modules, such as the following example:
-  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-service-account?ref=v0.0.1"
+  # source = "git::[email protected]:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.4"
   source = "../../modules/gke-service-account"
 
   name        = "${var.cluster_service_account_name}"

examples/gke-private-cluster/README.md

@@ -42,7 +42,20 @@ Currently, you cannot use a proxy to reach the cluster master of a regional clus
 1. Run `terraform get`.
 1. Run `terraform plan`.
 1. If the plan looks good, run `terraform apply`.
+
+#### Optional: Deploy a sample application
+
 1. To setup `kubectl` to access the deployed cluster, run `gcloud beta container clusters get-credentials $CLUSTER_NAME 
 --region $REGION --project $PROJECT`, where `CLUSTER_NAME`, `REGION` and `PROJECT` correspond to what you set for the 
 input variables.
+1. Run `kubectl apply -f example-app/nginx.yml` to create a deployment in your cluster.
+1. Run `kubectl get pods` to view the pod status and check that it is ready.
+1. Run `kubectl get deployment` to view the deployment status.
+1. Run `kubectl port-forward deployment/nginx 8080:80`
+
+Now you should be able to access your `nginx` deployment on http://localhost:8080
+
+#### Destroy the created resources
 
+1. If you deployed the sample application, run `kubectl delete -f example-app/nginx.yml`.
+1. Run `terraform destroy`.

examples/gke-private-cluster/example-app/nginx.yml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+
+metadata:
+  name: nginx
+  labels:
+    app: nginx
+    tier: backend
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+        tier: backend
+    spec:
+      containers:
+        - name: nginx
+          image: nginx
+          ports:
+            - containerPort: 80

examples/gke-private-cluster/main.tf

@@ -32,18 +32,18 @@ provider "google-beta" {
 module "gke_cluster" {
   # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
   # to a specific version of the modules, such as the following example:
-  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-cluster?ref=v0.0.4"
+  # source = "git::[email protected]:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.4"
   source = "../../modules/gke-cluster"
 
   name = "${var.cluster_name}"
 
   project    = "${var.project}"
   location   = "${var.location}"
-  network    = "${google_compute_network.main.name}"
-  subnetwork = "${google_compute_subnetwork.main.self_link}"
+  network    = "${module.vpc_network.network}"
+  subnetwork = "${module.vpc_network.public_subnetwork}"
 
   # When creating a private cluster, the 'master_ipv4_cidr_block' has to be defined and the size must be /28
-  master_ipv4_cidr_block = "10.5.0.0/28"
+  master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}"
 
   # This setting will make the cluster private
   enable_private_nodes = "true"
@@ -60,7 +60,7 @@ module "gke_cluster" {
     }]
   }]
 
-  cluster_secondary_range_name = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}"
+  cluster_secondary_range_name = "${module.vpc_network.public_subnetwork_secondary_range_name}"
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
@@ -95,7 +95,13 @@ resource "google_container_node_pool" "node_pool" {
       private-pools-example = "true"
     }
 
-    tags         = ["private-pool-example"]
+    # Add a private tag to the instances. See the network access tier table for full details:
+    # https://github.com/gruntwork-io/terraform-google-network/tree/master/modules/vpc-network#access-tier
+    tags = [
+      "${module.vpc_network.private}",
+      "private-pool-example",
+    ]
+
     disk_size_gb = "30"
     disk_type    = "pd-standard"
     preemptible  = false
@@ -125,7 +131,7 @@ resource "google_container_node_pool" "node_pool" {
 module "gke_service_account" {
   # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
   # to a specific version of the modules, such as the following example:
-  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-service-account?ref=v0.0.1"
+  # source = "git::[email protected]:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.4"
   source = "../../modules/gke-service-account"
 
   name        = "${var.cluster_service_account_name}"
@@ -137,26 +143,20 @@ module "gke_service_account" {
 # CREATE A NETWORK TO DEPLOY THE CLUSTER TO
 # ---------------------------------------------------------------------------------------------------------------------
 
-# TODO(rileykarson): Add proper VPC network config once we've made a VPC module
+module "vpc_network" {
+  source = "git::[email protected]:gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=v0.0.2"
+
+  name    = "${var.cluster_name}-network-${random_string.suffix.result}"
+  project = "${var.project}"
+  region  = "${var.region}"
+
+  cidr_block           = "${var.vpc_cidr_block}"
+  secondary_cidr_block = "${var.vpc_secondary_cidr_block}"
+}
+
+# Use a random suffix to prevent overlap in network names
 resource "random_string" "suffix" {
   length  = 4
   special = false
   upper   = false
 }
-
-resource "google_compute_network" "main" {
-  name                    = "${var.cluster_name}-network-${random_string.suffix.result}"
-  auto_create_subnetworks = "false"
-}
-
-resource "google_compute_subnetwork" "main" {
-  name          = "${var.cluster_name}-subnetwork-${random_string.suffix.result}"
-  ip_cidr_range = "10.3.0.0/17"
-  region        = "${var.region}"
-  network       = "${google_compute_network.main.self_link}"
-
-  secondary_ip_range {
-    range_name    = "private-cluster-pods"
-    ip_cidr_range = "10.4.0.0/18"
-  }
-}

examples/gke-private-cluster/variables.tf

@@ -34,3 +34,22 @@ variable "cluster_service_account_description" {
   description = "A description of the custom service account used for the GKE cluster."
   default     = "Example GKE Cluster Service Account managed by Terraform"
 }
+
+variable "master_ipv4_cidr_block" {
+  description = "The IP range in CIDR notation (size must be /28) to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network."
+  default     = "10.5.0.0/28"
+}
+
+# For the example, we recommend a /16 network for the VPC. Note that when changing the size of the network,
+# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly.
+variable "vpc_cidr_block" {
+  description = "The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27."
+  default     = "10.3.0.0/16"
+}
+
+# For the example, we recommend a /16 network for the secondary range. Note that when changing the size of the network,
+# you will have to adjust the 'cidr_subnetwork_width_delta' in the 'vpc_network' -module accordingly.
+variable "vpc_secondary_cidr_block" {
+  description = "The IP address range of the VPC's secondary address range in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27."
+  default     = "10.4.0.0/16"
+}

examples/gke-public-cluster/main.tf

@@ -33,14 +33,14 @@ provider "google-beta" {
 module "gke_cluster" {
   # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
   # to a specific version of the modules, such as the following example:
-  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-cluster?ref=v0.0.3"
+  # source = "git::[email protected]:gruntwork-io/terraform-google-gke.git//modules/gke-cluster?ref=v0.0.4"
   source = "../../modules/gke-cluster"
 
   name = "${var.cluster_name}"
 
   project    = "${var.project}"
   location   = "${var.location}"
-  network    = "${google_compute_network.main.name}"
+  network    = "${google_compute_network.main.self_link}"
   subnetwork = "${google_compute_subnetwork.main.self_link}"
 
   cluster_secondary_range_name = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}"
@@ -108,7 +108,7 @@ resource "google_container_node_pool" "node_pool" {
 module "gke_service_account" {
   # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
   # to a specific version of the modules, such as the following example:
-  # source = "git::[email protected]:gruntwork-io/gke-cluster.git//modules/gke-service-account?ref=v0.0.1"
+  # source = "git::[email protected]:gruntwork-io/terraform-google-gke.git//modules/gke-service-account?ref=v0.0.4"
   source = "../../modules/gke-service-account"
 
   name        = "${var.cluster_service_account_name}"

modules/gke-cluster/main.tf

@@ -14,8 +14,8 @@ resource "google_container_cluster" "cluster" {
 
   project    = "${var.project}"
   location   = "${var.location}"
-  network    = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
-  subnetwork = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  network    = "${var.network}"
+  subnetwork = "${var.subnetwork}"
 
   logging_service    = "${var.logging_service}"
   monitoring_service = "${var.monitoring_service}"
@@ -109,15 +109,6 @@ locals {
 # Pull in data
 # ---------------------------------------------------------------------------------------------------------------------
 
-data "google_compute_network" "gke_network" {
-  name    = "${var.network}"
-  project = "${local.network_project}"
-}
-
-data "google_compute_subnetwork" "gke_subnetwork" {
-  self_link = "${var.subnetwork}"
-}
-
 // Get available master versions in our location to determine the latest version
 data "google_container_engine_versions" "location" {
   location = "${var.location}"

modules/gke-cluster/variables.tf

@@ -16,7 +16,7 @@ variable "name" {
 }
 
 variable "network" {
-  description = "The VPC network to host the cluster in"
+  description = "A reference (self link) to the VPS network to host the cluster in"
 }
 
 variable "subnetwork" {
@@ -77,8 +77,6 @@ variable "master_ipv4_cidr_block" {
   default     = ""
 }
 
-// TODO(robmorgan): Are we using these values below? We should understand them more fully before adding them to configs.
-
 variable "network_project" {
   description = "The project ID of the shared VPC's host (for shared vpc support)"
   default     = ""