Initial cluster Terraform configuration #306
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
k8s-tf-cluster/image/Dockerfile
Outdated
| @@ -0,0 +1,47 @@ | |||
| FROM alpine:3.9 as installer | |||
There was a problem hiding this comment.
A big part of me wishes that we build deterministic Docker images with Bazel, since all we're doing is extracting a known zip and just setting some ENV vars.
But I'm fine with a Dockerfiles for now.
k8s-tf-cluster/01-datasources.tf
Outdated
| } | ||
|
|
||
| data "google_container_engine_versions" "us-central1" { | ||
| project = data.google_project.project.id |
There was a problem hiding this comment.
Based on the doc, there is no attribute id. Is terraform trying to extract this information from the GCP API ?
There was a problem hiding this comment.
Docs are inaccurate. Using a data resource for this confirms that A) the project exists and B) that you have access to that project.
This value is computed to the GCP project ID (e.g. k8s-infra-dev-cluster-turnup).
k8s-tf-cluster/00-inputs.tf
Outdated
|
|
||
| variable "cluster_name" { | ||
| type = string | ||
| description = <<EOT |
There was a problem hiding this comment.
Just curious, why are you using here docs for the descriptions?
There was a problem hiding this comment.
Allows for multi-line descriptions. Only one variable uses it, but it keeps things consistent.
|
@cblecker this might be of use for patterns: https://github.com/crosscloudci/cross-cloud |
|
/cc @denverwilliams |
|
@hh: GitHub didn't allow me to request PR reviews from the following users: denverwilliams. Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/assign |
|
@hh let me know if there's anything specific from the GKE module you'd like to bring in. Having a very quick look at it, it seems like a pretty basic template, but forces certain things like a hardcoded admin password (we just disable this local account), hard coded scopes, and forced use of a single node pool. |
| resource "google_container_node_pool" "pool-1" { | ||
| provider = google-beta | ||
|
|
||
| name_prefix = "pool-1-" |
There was a problem hiding this comment.
I would suggest to put this as a variable.
|
|
||
| // Set machine type, and enable all oauth scopes tied to the service account | ||
| node_config { | ||
| machine_type = "n1-standard-4" |
There was a problem hiding this comment.
I would suggest to put this as a variable.
| } | ||
|
|
||
| resource "google_bigquery_dataset" "usage_metering" { | ||
| dataset_id = "usage_metering" |
There was a problem hiding this comment.
We should include the name of the cluster in the id so we don't have the same dataset for differents clusters.
| } | ||
|
|
||
| // Create GKE cluster, but with no node pools. Node pools can be provisioned below | ||
| resource "google_container_cluster" "cluster" { |
There was a problem hiding this comment.
There is no NetworkPolicy Provider deployed. Shouldn't it be deployed ?
|
I was able to run this PR. Awesome! google_container_cluster.cluster: Creation complete after 8m42s [id=k8s-services-cluster]
google_container_node_pool.pool-1: Creating...
google_container_node_pool.pool-1: Still creating... [10s elapsed]
google_container_node_pool.pool-1: Still creating... [20s elapsed]
google_container_node_pool.pool-1: Still creating... [30s elapsed]
google_container_node_pool.pool-1: Still creating... [40s elapsed]
google_container_node_pool.pool-1: Still creating... [50s elapsed]
google_container_node_pool.pool-1: Still creating... [1m0s elapsed]
google_container_node_pool.pool-1: Still creating... [1m10s elapsed]
google_container_node_pool.pool-1: Still creating... [1m20s elapsed]
google_container_node_pool.pool-1: Still creating... [1m30s elapsed]
google_container_node_pool.pool-1: Still creating... [1m40s elapsed]
google_container_node_pool.pool-1: Still creating... [1m50s elapsed]
google_container_node_pool.pool-1: Still creating... [2m0s elapsed]
google_container_node_pool.pool-1: Creation complete after 2m8s [id=us-central1/k8s-services-cluster/pool-1-20190724224037646600000001]
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.It would be amazing to see the description of this PR in the README, also add the command that generate the Edit: Also, can you please specify in the README that the cluster is only accessible through gcloud shell ? |
|
|
||
| // Start with a single node | ||
| initial_node_count = 1 | ||
|
|
There was a problem hiding this comment.
I believe @thockin also wanted to default max pods per node to 32 (default_max_pods_per_node = 32)
|
Two things I saw on https://github.com/kubernetes/k8s.io/pull/250/files that aren't here:
|
AFAIR we didn't have consensus about this option. Enable this have some limitations and require additional configurations
|
|
@cblecker Is there anything else I can do to help on this ticket? If it's just setting up a GKE cluster the majority of the work seems to be done. If there's other Terraform code you need written please let me know and I'll be happy to add it. |
|
What needs to be done / where do we need to get this to for this to reach "not perfect but let's merge and iterate"? |
|
@thockin to review this one last time, and we'll need to drop the [wip] before we can reach "merge and iterate" for this |
cblecker
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
| EOT | ||
| } | ||
|
|
||
| variable "region" { |
There was a problem hiding this comment.
I'd rework the folder structure to like clusters/<environment>/<region>/<name>/..., this has a few benefits like for example we can setup and generate a terraform.tfvars (https://www.terraform.io/docs/configuration/variables.html#variable-definitions-tfvars-files) from the structure and automatically populate the variables.
| } | ||
| ``` | ||
| - Ensure you are logged into your GCP account with `gcloud auth application-default login` | ||
| - `terraform plan` will print changes needed to create cluster |
There was a problem hiding this comment.
Prefer using -out= and then apply the generated plan using terraform apply <path>.
| @@ -0,0 +1,2 @@ | |||
| project = "k8s-infra-dev-cluster-turnup" | |||
There was a problem hiding this comment.
Is it fair to say that k8s-infra is a prefix, dev is the environment and cluster-turnup is what gives the unique name to the project? If so, I'd split these into multiple variables and document the naming convention for the project somewhere
There was a problem hiding this comment.
it's a great suggestion! I think it's better to put this as an issue since we have no real hierarchy or convention and it may take some time to implement this.
clusters/k8s-infra-dev-cluster-turnup/11-pool-1-configuration.tf
Outdated
Show resolved
Hide resolved
Co-Authored-By: Arnaud M. <[email protected]>
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/approve @thockin Any objections to this as-is for the dev cluster? If you're good, feel free to remove the hold. |
k8s-ci-robot
added
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cblecker The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/hold cancel Merging and we can iterate! |
k8s-ci-robot
removed
the
do-not-merge/hold
Prerequisites:
k8s-infra-dev-cluster-turnupInstructions:
.terraformrcfile in your home directory with the following format:k8s-tf-cluster/folderterraform planwill print changes needed to create clusterterraform applywill apply themterraform destroywill destroy and clean up all created resources