Skip to content

Commit

Permalink
Add support for private clusters
Browse files Browse the repository at this point in the history
  • Loading branch information
Jberlinsky committed Jan 3, 2019
1 parent 5644f71 commit c494ed9
Show file tree
Hide file tree
Showing 31 changed files with 1,337 additions and 60 deletions.
24 changes: 24 additions & 0 deletions .kitchen.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,18 @@ suites:
backend: local
provisioner:
name: terraform
- name: "simple_regional_private"
driver:
name: "terraform"
command_timeout: 1800
root_module_directory: test/fixtures/simple_regional_private
verifier:
name: terraform
systems:
- name: simple_regional_private
backend: local
provisioner:
name: terraform
- name: "simple_zonal"
driver:
name: "terraform"
Expand All @@ -84,6 +96,18 @@ suites:
backend: local
provisioner:
name: terraform
- name: "simple_zonal_private"
driver:
name: "terraform"
command_timeout: 1800
root_module_directory: test/fixtures/simple_zonal_private
verifier:
name: terraform
systems:
- name: simple_zonal_private
backend: local
provisioner:
name: terraform
- name: "stub_domains"
driver:
name: "terraform"
Expand Down
8 changes: 4 additions & 4 deletions cluster_regional.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*****************************************/
resource "google_container_cluster" "primary" {
provider = "google-beta"
count = "${var.regional ? 1 : 0}"
count = "${(local.cluster_deployment_type == "regional") ? 1 : 0}"
name = "${var.name}"
description = "${var.description}"
project = "${var.project_id}"
Expand All @@ -34,7 +34,7 @@ resource "google_container_cluster" "primary" {
logging_service = "${var.logging_service}"
monitoring_service = "${var.monitoring_service}"

master_authorized_networks_config = "${var.master_authorized_networks_config}"
master_authorized_networks_config = ["${var.master_authorized_networks_config}"]

addons_config {
http_load_balancing {
Expand Down Expand Up @@ -89,7 +89,7 @@ resource "google_container_cluster" "primary" {
*****************************************/
resource "google_container_node_pool" "pools" {
provider = "google-beta"
count = "${var.regional ? length(var.node_pools) : 0}"
count = "${(local.cluster_deployment_type == "regional") ? length(var.node_pools) : 0}"
name = "${lookup(var.node_pools[count.index], "name")}"
project = "${var.project_id}"
region = "${var.region}"
Expand Down Expand Up @@ -138,7 +138,7 @@ resource "google_container_node_pool" "pools" {
}

resource "null_resource" "wait_for_regional_cluster" {
count = "${var.regional ? 1 : 0}"
count = "${(local.cluster_deployment_type == "regional") ? 1 : 0}"

provisioner "local-exec" {
command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"
Expand Down
153 changes: 153 additions & 0 deletions cluster_regional_private.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
/**
* Copyright 2018 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

/******************************************
Create regional cluster
*****************************************/
resource "google_container_cluster" "primary_private" {
provider = "google-beta"
count = "${(local.cluster_deployment_type == "regional_private") ? 1 : 0}"
name = "${var.name}"
description = "${var.description}"
project = "${var.project_id}"

region = "${var.region}"
additional_zones = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]

network = "${data.google_compute_network.gke_network.self_link}"
subnetwork = "${data.google_compute_subnetwork.gke_subnetwork.self_link}"
min_master_version = "${local.kubernetes_version}"

logging_service = "${var.logging_service}"
monitoring_service = "${var.monitoring_service}"

master_authorized_networks_config = ["${var.master_authorized_networks_config}"]

addons_config {
http_load_balancing {
disabled = "${var.http_load_balancing ? 0 : 1}"
}

horizontal_pod_autoscaling {
disabled = "${var.horizontal_pod_autoscaling ? 0 : 1}"
}

kubernetes_dashboard {
disabled = "${var.kubernetes_dashboard ? 0 : 1}"
}

network_policy_config {
disabled = "${var.network_policy ? 0 : 1}"
}
}

ip_allocation_policy {
cluster_secondary_range_name = "${var.ip_range_pods}"
services_secondary_range_name = "${var.ip_range_services}"
}

maintenance_policy {
daily_maintenance_window {
start_time = "${var.maintenance_start_time}"
}
}

lifecycle {
ignore_changes = ["node_pool"]
}

timeouts {
create = "30m"
update = "30m"
delete = "30m"
}

node_pool {
name = "default-pool"

node_config {
service_account = "${lookup(var.node_pools[0], "service_account", var.service_account)}"
}
}
}

/******************************************
Create regional node pools
*****************************************/
resource "google_container_node_pool" "pools_private" {
provider = "google-beta"
count = "${(local.cluster_deployment_type == "regional_private") ? length(var.node_pools) : 0}"
name = "${lookup(var.node_pools[count.index], "name")}"
project = "${var.project_id}"
region = "${var.region}"
cluster = "${var.name}"
version = "${lookup(var.node_pools[count.index], "auto_upgrade", false) ? "" : lookup(var.node_pools[count.index], "version", local.node_version)}"
initial_node_count = "${lookup(var.node_pools[count.index], "min_count", 1)}"

autoscaling {
min_node_count = "${lookup(var.node_pools[count.index], "min_count", 1)}"
max_node_count = "${lookup(var.node_pools[count.index], "max_count", 100)}"
}

management {
auto_repair = "${lookup(var.node_pools[count.index], "auto_repair", true)}"
auto_upgrade = "${lookup(var.node_pools[count.index], "auto_upgrade", true)}"
}

node_config {
image_type = "${lookup(var.node_pools[count.index], "image_type", "COS")}"
machine_type = "${lookup(var.node_pools[count.index], "machine_type", "n1-standard-2")}"
labels = "${merge(map("cluster_name", var.name), map("node_pool", lookup(var.node_pools[count.index], "name")), var.node_pools_labels["all"], var.node_pools_labels[lookup(var.node_pools[count.index], "name")])}"
taint = "${concat(var.node_pools_taints["all"], var.node_pools_taints[lookup(var.node_pools[count.index], "name")])}"
tags = "${concat(list("gke-${var.name}"), list("gke-${var.name}-${lookup(var.node_pools[count.index], "name")}"), var.node_pools_tags["all"], var.node_pools_tags[lookup(var.node_pools[count.index], "name")])}"

disk_size_gb = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}"
disk_type = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}"
service_account = "${lookup(var.node_pools[count.index], "service_account", var.service_account)}"
preemptible = "${lookup(var.node_pools[count.index], "preemptible", false)}"

oauth_scopes = [
"https://www.googleapis.com/auth/cloud-platform",
]
}

lifecycle {
ignore_changes = ["initial_node_count"]
}

timeouts {
create = "30m"
update = "30m"
delete = "30m"
}

depends_on = ["google_container_cluster.primary_private"]
}

resource "null_resource" "wait_for_private_regional_cluster" {
count = "${(local.cluster_deployment_type == "regional_private") ? 1 : 0}"

provisioner "local-exec" {
command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"
}

provisioner "local-exec" {
when = "destroy"
command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"
}

depends_on = ["google_container_cluster.primary_private", "google_container_node_pool.pools_private"]
}
8 changes: 4 additions & 4 deletions cluster_zonal.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*****************************************/
resource "google_container_cluster" "zonal_primary" {
provider = "google-beta"
count = "${var.regional ? 0 : 1}"
count = "${(local.cluster_deployment_type == "zonal") ? 1 : 0}"
name = "${var.name}"
description = "${var.description}"
project = "${var.project_id}"
Expand All @@ -34,7 +34,7 @@ resource "google_container_cluster" "zonal_primary" {
logging_service = "${var.logging_service}"
monitoring_service = "${var.monitoring_service}"

master_authorized_networks_config = "${var.master_authorized_networks_config}"
master_authorized_networks_config = ["${var.master_authorized_networks_config}"]

addons_config {
http_load_balancing {
Expand Down Expand Up @@ -89,7 +89,7 @@ resource "google_container_cluster" "zonal_primary" {
*****************************************/
resource "google_container_node_pool" "zonal_pools" {
provider = "google-beta"
count = "${var.regional ? 0 : length(var.node_pools)}"
count = "${(local.cluster_deployment_type == "zonal") ? length(var.node_pools) : 0}"
name = "${lookup(var.node_pools[count.index], "name")}"
project = "${var.project_id}"
zone = "${var.zones[0]}"
Expand Down Expand Up @@ -138,7 +138,7 @@ resource "google_container_node_pool" "zonal_pools" {
}

resource "null_resource" "wait_for_zonal_cluster" {
count = "${var.regional ? 0 : 1}"
count = "${(local.cluster_deployment_type == "zonal") ? 1 : 0}"

provisioner "local-exec" {
command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"
Expand Down
Loading

0 comments on commit c494ed9

Please sign in to comment.