From 214b0ecd9105ed6ac2f1d4174a92f7ed777a4445 Mon Sep 17 00:00:00 2001 From: Alekhya Lakkadi Date: Wed, 13 Nov 2019 18:11:08 -0800 Subject: [PATCH 1/8] Example to create private cluster with node pool specifications along with oauth scopes --- .../README.md | 41 ++++++ .../main.tf | 110 ++++++++++++++++ .../network.tf | 41 ++++++ .../outputs.tf | 117 ++++++++++++++++++ .../provider.tf | 24 ++++ .../variables.tf | 50 ++++++++ 6 files changed, 383 insertions(+) create mode 100644 examples/regional_private_node_pool_oauth_scopes/README.md create mode 100644 examples/regional_private_node_pool_oauth_scopes/main.tf create mode 100644 examples/regional_private_node_pool_oauth_scopes/network.tf create mode 100644 examples/regional_private_node_pool_oauth_scopes/outputs.tf create mode 100644 examples/regional_private_node_pool_oauth_scopes/provider.tf create mode 100644 examples/regional_private_node_pool_oauth_scopes/variables.tf diff --git a/examples/regional_private_node_pool_oauth_scopes/README.md b/examples/regional_private_node_pool_oauth_scopes/README.md new file mode 100644 index 0000000000..2fd7b5139a --- /dev/null +++ b/examples/regional_private_node_pool_oauth_scopes/README.md @@ -0,0 +1,41 @@ +# Regional Private Cluster with node pool and oauth scopes + +This example illustrates how to create a private cluster with node pool specifications, oauth scopes along with required network and subnet creation. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| project\_id | The project ID to host the cluster in | string | n/a | yes | +| cluster\_name | Name of the cluster | string | n/a | yes | +| ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes | +| ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes | +| network | The VPC network to host the cluster in | string | n/a | yes | +| region | The region to host the cluster in | string | n/a | yes | +| subnetwork | The subnetwork to host the cluster in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| cluster\_name | Cluster name | +| cluster\_type | Cluster type - Regional or Zonal | +| location | Cluster location | +| region | Cluster region | +| zones | List of zones in which the cluster resides | +| min\_master\_version | Minimum master kubernetes version | +| master\_authorized\_networks\_config | Networks from which access to master is permitted | +| master\_version | Current master kubernetes version | +| node\_pools\_names | List of node pools names | +| node\_pools\_versions | List of node pools versions | +| service\_account | The default service account used for running nodes. | +| network | Network module output | + + + +To provision this example, run the following from within this directory: +- `terraform init` to get the plugins +- `terraform plan` to see the infrastructure plan +- `terraform apply` to apply the infrastructure build +- `terraform destroy` to destroy the built infrastructure diff --git a/examples/regional_private_node_pool_oauth_scopes/main.tf b/examples/regional_private_node_pool_oauth_scopes/main.tf new file mode 100644 index 0000000000..e6947f35ad --- /dev/null +++ b/examples/regional_private_node_pool_oauth_scopes/main.tf @@ -0,0 +1,110 @@ +/* +Copyright 2019 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +data "google_compute_subnetwork" "subnetwork" { + name = module.gke-network.subnets_names[0] + project = var.project_id + region = var.region +} + +module "gke" { + source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" + project_id = var.project_id + name = var.cluster_name + region = var.region + regional = true + network = module.gke-network.network_name + subnetwork = module.gke-network.subnets_names[0] + ip_range_pods = var.ip_range_pods + ip_range_services = var.ip_range_services + enable_private_endpoint = true + enable_private_nodes = true + master_ipv4_cidr_block = "172.16.0.16/28" + network_policy = true + horizontal_pod_autoscaling = true + service_account = "create" + remove_default_node_pool = true + disable_legacy_metadata_endpoints = true + +master_authorized_networks_config = [ + { + cidr_blocks = [ + { + cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range + display_name = "VPC" + }, + ] + }, + ] + + node_pools = [ + { + name = "my-node-pool" + machine_type = "n1-standard-1" + min_count = 1 + max_count = 1 + disk_size_gb = 100 + disk_type = "pd-ssd" + image_type = "COS" + auto_repair = true + auto_upgrade = false + preemptible = false + initial_node_count = 1 + }, + ] + + node_pools_oauth_scopes = { + all = [ + "https://www.googleapis.com/auth/trace.append", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/servicecontrol", + ] + + my-node-pool = [ + "https://www.googleapis.com/auth/trace.append", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/servicecontrol", + ] + } + + node_pools_labels = { + + all = { + + } + my-node-pool = { + + } + } + + node_pools_metadata = { + all = {} + + my-node-pool = {} + + } + + node_pools_tags = { + all = [] + + my-node-pool = [] + + } +} diff --git a/examples/regional_private_node_pool_oauth_scopes/network.tf b/examples/regional_private_node_pool_oauth_scopes/network.tf new file mode 100644 index 0000000000..8295d9f49d --- /dev/null +++ b/examples/regional_private_node_pool_oauth_scopes/network.tf @@ -0,0 +1,41 @@ +/* +Copyright 2019 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +module "gke-network" { + source = "terraform-google-modules/network/google" + project_id = var.project_id + network_name = var.network + + subnets = [ + { + subnet_name = var.subnet + subnet_ip = "10.0.0.0/24" + subnet_region = var.region + }, + ] + + secondary_ranges = { + "${var.subnet}" = [ + { + range_name = var.ip_range_pods + ip_cidr_range = "10.1.0.0/16" + }, + { + range_name = var.ip_range_services + ip_cidr_range = "10.2.0.0/20" + }, + ]} +} diff --git a/examples/regional_private_node_pool_oauth_scopes/outputs.tf b/examples/regional_private_node_pool_oauth_scopes/outputs.tf new file mode 100644 index 0000000000..765205ff39 --- /dev/null +++ b/examples/regional_private_node_pool_oauth_scopes/outputs.tf @@ -0,0 +1,117 @@ +/* +Copyright 2018 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +output "cluster_name" { + description = "Cluster name" + value = "${module.gke.name}" +} + +output "type" { + description = "Cluster type (regional / zonal)" + value = "${module.gke.type}" +} + +output "location" { + description = "Cluster location (region if regional cluster, zone if zonal cluster)" + value = "${module.gke.location}" +} + +output "region" { + description = "Cluster region" + value = "${module.gke.region}" +} + +output "zones" { + description = "List of zones in which the cluster resides" + value = "${module.gke.zones}" +} + +output "endpoint" { + sensitive = true + description = "Cluster endpoint" + value = "${module.gke.endpoint}" +} + +output "min_master_version" { + description = "Minimum master kubernetes version" + value = "${module.gke.min_master_version}" +} + +output "logging_service" { + description = "Logging service used" + value = "${module.gke.logging_service}" +} + +output "monitoring_service" { + description = "Monitoring service used" + value = "${module.gke.monitoring_service}" +} + +output "master_authorized_networks_config" { + description = "Networks from which access to master is permitted" + value = "${module.gke.master_authorized_networks_config}" +} + +output "master_version" { + description = "Current master kubernetes version" + value = "${module.gke.master_version}" +} + +output "ca_certificate" { + sensitive = true + description = "Cluster ca certificate (base64 encoded)" + value = "${module.gke.ca_certificate}" +} + +output "network_policy_enabled" { + description = "Whether network policy enabled" + value = "${module.gke.network_policy_enabled}" +} + +output "http_load_balancing_enabled" { + description = "Whether http load balancing enabled" + value = "${module.gke.http_load_balancing_enabled}" +} + +output "horizontal_pod_autoscaling_enabled" { + description = "Whether horizontal pod autoscaling enabled" + value = "${module.gke.horizontal_pod_autoscaling_enabled}" +} + +output "kubernetes_dashboard_enabled" { + description = "Whether kubernetes dashboard enabled" + value = "${module.gke.kubernetes_dashboard_enabled}" +} + +output "node_pools_names" { + description = "List of node pools names" + value = "${module.gke.node_pools_names}" +} + +output "node_pools_versions" { + description = "List of node pools versions" + value = "${module.gke.node_pools_versions}" +} + +output "service_account" { + description = "The service account to default running nodes as if not overridden in `node_pools`." + value = "${module.gke.service_account}" +} + +output "network_module" { + description = "network module output" + value = module.gke-network +} diff --git a/examples/regional_private_node_pool_oauth_scopes/provider.tf b/examples/regional_private_node_pool_oauth_scopes/provider.tf new file mode 100644 index 0000000000..7fc7ee64bb --- /dev/null +++ b/examples/regional_private_node_pool_oauth_scopes/provider.tf @@ -0,0 +1,24 @@ +/* +Copyright 2019 Google LLC +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + https://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +provider "google" { + version = "2.18.0" + project = var.project_id + region = var.region +} + +provider "google-beta" { + version = "2.18.0" + project = var.project_id + region = var.region +} diff --git a/examples/regional_private_node_pool_oauth_scopes/variables.tf b/examples/regional_private_node_pool_oauth_scopes/variables.tf new file mode 100644 index 0000000000..4c3c5a907d --- /dev/null +++ b/examples/regional_private_node_pool_oauth_scopes/variables.tf @@ -0,0 +1,50 @@ +/* +Copyright 2019 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +variable "cluster_name" { + description = "Name of the cluster" + default = "test-cluster" +} + +variable "project_id" { + description = "The project ID to host the cluster in" + default = "alekhya-lakkadi" +} + +variable "region" { + description = "The region to host the cluster in" + default = "us-west1" +} + +variable "ip_range_pods" { + description = "The secondary ip range to use for pods" + default = "cluster-ip-range-pods" +} + +variable "ip_range_services" { + description = "The secondary ip range to use for pods" + default = "cluster-ip-range-services" +} + +variable "network" { + description = "The VPC network name to host the cluster in" + default = "my-network" +} + +variable "subnet" { + description = "The subnetwork name to host the cluster in" + default = "my-subnet" +} From b097db7592563b2ecf60de30460cadc59dba3f67 Mon Sep 17 00:00:00 2001 From: Alekhya Lakkadi Date: Thu, 14 Nov 2019 13:15:02 -0800 Subject: [PATCH 2/8] Terraform fmt and default values are removed --- .../main.tf | 14 +++++++------- .../network.tf | 2 +- .../variables.tf | 6 +----- 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/examples/regional_private_node_pool_oauth_scopes/main.tf b/examples/regional_private_node_pool_oauth_scopes/main.tf index e6947f35ad..12e7a33511 100644 --- a/examples/regional_private_node_pool_oauth_scopes/main.tf +++ b/examples/regional_private_node_pool_oauth_scopes/main.tf @@ -39,7 +39,7 @@ module "gke" { remove_default_node_pool = true disable_legacy_metadata_endpoints = true -master_authorized_networks_config = [ + master_authorized_networks_config = [ { cidr_blocks = [ { @@ -68,12 +68,12 @@ master_authorized_networks_config = [ node_pools_oauth_scopes = { all = [ - "https://www.googleapis.com/auth/trace.append", - "https://www.googleapis.com/auth/service.management.readonly", - "https://www.googleapis.com/auth/monitoring", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/servicecontrol", - ] + "https://www.googleapis.com/auth/trace.append", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/servicecontrol", + ] my-node-pool = [ "https://www.googleapis.com/auth/trace.append", diff --git a/examples/regional_private_node_pool_oauth_scopes/network.tf b/examples/regional_private_node_pool_oauth_scopes/network.tf index 8295d9f49d..e42f7099b2 100644 --- a/examples/regional_private_node_pool_oauth_scopes/network.tf +++ b/examples/regional_private_node_pool_oauth_scopes/network.tf @@ -37,5 +37,5 @@ module "gke-network" { range_name = var.ip_range_services ip_cidr_range = "10.2.0.0/20" }, - ]} + ] } } diff --git a/examples/regional_private_node_pool_oauth_scopes/variables.tf b/examples/regional_private_node_pool_oauth_scopes/variables.tf index 4c3c5a907d..a7dd2b323f 100644 --- a/examples/regional_private_node_pool_oauth_scopes/variables.tf +++ b/examples/regional_private_node_pool_oauth_scopes/variables.tf @@ -16,17 +16,15 @@ limitations under the License. variable "cluster_name" { description = "Name of the cluster" - default = "test-cluster" + default = "test-cluster" } variable "project_id" { description = "The project ID to host the cluster in" - default = "alekhya-lakkadi" } variable "region" { description = "The region to host the cluster in" - default = "us-west1" } variable "ip_range_pods" { @@ -41,10 +39,8 @@ variable "ip_range_services" { variable "network" { description = "The VPC network name to host the cluster in" - default = "my-network" } variable "subnet" { description = "The subnetwork name to host the cluster in" - default = "my-subnet" } From d16001ef07de2e4b8f9d7e9df28eed052b09410a Mon Sep 17 00:00:00 2001 From: Alekhya Lakkadi Date: Thu, 14 Nov 2019 15:16:38 -0800 Subject: [PATCH 3/8] Fixed lint issues --- .../README.md | 28 ++++++++++------ .../main.tf | 32 +++++++++--------- .../network.tf | 30 ++++++++--------- .../outputs.tf | 30 ++++++++--------- .../provider.tf | 27 ++++++++------- .../variables.tf | 33 +++++++++---------- 6 files changed, 94 insertions(+), 86 deletions(-) diff --git a/examples/regional_private_node_pool_oauth_scopes/README.md b/examples/regional_private_node_pool_oauth_scopes/README.md index 2fd7b5139a..031f4709e2 100644 --- a/examples/regional_private_node_pool_oauth_scopes/README.md +++ b/examples/regional_private_node_pool_oauth_scopes/README.md @@ -7,30 +7,38 @@ This example illustrates how to create a private cluster with node pool specific | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| project\_id | The project ID to host the cluster in | string | n/a | yes | | cluster\_name | Name of the cluster | string | n/a | yes | | ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes | | ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes | -| network | The VPC network to host the cluster in | string | n/a | yes | +| network | The VPC network name to host the cluster in | string | n/a | yes | +| project\_id | The project ID to host the cluster in | string | n/a | yes | | region | The region to host the cluster in | string | n/a | yes | -| subnetwork | The subnetwork to host the cluster in | string | n/a | yes | +| subnet | The subnetwork name to host the cluster in | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| +| ca\_certificate | Cluster ca certificate (base64 encoded) | | cluster\_name | Cluster name | -| cluster\_type | Cluster type - Regional or Zonal | -| location | Cluster location | -| region | Cluster region | -| zones | List of zones in which the cluster resides | -| min\_master\_version | Minimum master kubernetes version | +| endpoint | Cluster endpoint | +| horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | +| http\_load\_balancing\_enabled | Whether http load balancing enabled | +| kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled | +| location | Cluster location (region if regional cluster, zone if zonal cluster) | +| logging\_service | Logging service used | | master\_authorized\_networks\_config | Networks from which access to master is permitted | | master\_version | Current master kubernetes version | +| min\_master\_version | Minimum master kubernetes version | +| monitoring\_service | Monitoring service used | +| network\_module | network module output | +| network\_policy\_enabled | Whether network policy enabled | | node\_pools\_names | List of node pools names | | node\_pools\_versions | List of node pools versions | -| service\_account | The default service account used for running nodes. | -| network | Network module output | +| region | Cluster region | +| service\_account | The service account to default running nodes as if not overridden in `node_pools`. | +| type | Cluster type (regional / zonal) | +| zones | List of zones in which the cluster resides | diff --git a/examples/regional_private_node_pool_oauth_scopes/main.tf b/examples/regional_private_node_pool_oauth_scopes/main.tf index 12e7a33511..29770985cb 100644 --- a/examples/regional_private_node_pool_oauth_scopes/main.tf +++ b/examples/regional_private_node_pool_oauth_scopes/main.tf @@ -1,18 +1,18 @@ -/* -Copyright 2019 Google LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ data "google_compute_subnetwork" "subnetwork" { name = module.gke-network.subnets_names[0] @@ -21,7 +21,7 @@ data "google_compute_subnetwork" "subnetwork" { } module "gke" { - source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" + source = "../../modules/private-cluster" project_id = var.project_id name = var.cluster_name region = var.region diff --git a/examples/regional_private_node_pool_oauth_scopes/network.tf b/examples/regional_private_node_pool_oauth_scopes/network.tf index e42f7099b2..624236f63c 100644 --- a/examples/regional_private_node_pool_oauth_scopes/network.tf +++ b/examples/regional_private_node_pool_oauth_scopes/network.tf @@ -1,18 +1,18 @@ -/* -Copyright 2019 Google LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ module "gke-network" { source = "terraform-google-modules/network/google" diff --git a/examples/regional_private_node_pool_oauth_scopes/outputs.tf b/examples/regional_private_node_pool_oauth_scopes/outputs.tf index 765205ff39..464ed303c3 100644 --- a/examples/regional_private_node_pool_oauth_scopes/outputs.tf +++ b/examples/regional_private_node_pool_oauth_scopes/outputs.tf @@ -1,18 +1,18 @@ -/* -Copyright 2018 Google LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ output "cluster_name" { description = "Cluster name" diff --git a/examples/regional_private_node_pool_oauth_scopes/provider.tf b/examples/regional_private_node_pool_oauth_scopes/provider.tf index 7fc7ee64bb..4317f93e11 100644 --- a/examples/regional_private_node_pool_oauth_scopes/provider.tf +++ b/examples/regional_private_node_pool_oauth_scopes/provider.tf @@ -1,15 +1,18 @@ -/* -Copyright 2019 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - https://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ provider "google" { version = "2.18.0" diff --git a/examples/regional_private_node_pool_oauth_scopes/variables.tf b/examples/regional_private_node_pool_oauth_scopes/variables.tf index a7dd2b323f..07352a1a0b 100644 --- a/examples/regional_private_node_pool_oauth_scopes/variables.tf +++ b/examples/regional_private_node_pool_oauth_scopes/variables.tf @@ -1,22 +1,21 @@ -/* -Copyright 2019 Google LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ variable "cluster_name" { description = "Name of the cluster" - default = "test-cluster" } variable "project_id" { @@ -29,12 +28,10 @@ variable "region" { variable "ip_range_pods" { description = "The secondary ip range to use for pods" - default = "cluster-ip-range-pods" } variable "ip_range_services" { description = "The secondary ip range to use for pods" - default = "cluster-ip-range-services" } variable "network" { From b0d3c7de66e09b663d30e58312b5ba7ffb0b49c9 Mon Sep 17 00:00:00 2001 From: Alekhya Lakkadi Date: Mon, 18 Nov 2019 10:32:49 -0800 Subject: [PATCH 4/8] doubled the timeout in .kitchen.yml --- .kitchen.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.kitchen.yml b/.kitchen.yml index 39faa2e1e3..ab08aebfd2 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -15,7 +15,7 @@ --- driver: name: "terraform" - command_timeout: 1800 + command_timeout: 3600 provisioner: name: "terraform" From 2708e474f63176e90ed8a0bd57bae79fed59fd1f Mon Sep 17 00:00:00 2001 From: Alekhya Lakkadi Date: Mon, 18 Nov 2019 11:46:31 -0800 Subject: [PATCH 5/8] changing the timeout value --- .kitchen.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.kitchen.yml b/.kitchen.yml index ab08aebfd2..39faa2e1e3 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -15,7 +15,7 @@ --- driver: name: "terraform" - command_timeout: 3600 + command_timeout: 1800 provisioner: name: "terraform" From 3509dcc570665583c54b65b29d47cf8feb0a6904 Mon Sep 17 00:00:00 2001 From: Alekhya Lakkadi Date: Tue, 19 Nov 2019 14:44:59 -0800 Subject: [PATCH 6/8] addressed comments made for regional_private_node_pool example --- .../README.md | 8 +--- .../main.tf | 16 ++----- .../network.tf | 13 ++--- .../outputs.tf | 48 +++++++++++-------- .../provider.tf | 4 -- .../variables.tf | 24 ---------- 6 files changed, 43 insertions(+), 70 deletions(-) diff --git a/examples/regional_private_node_pool_oauth_scopes/README.md b/examples/regional_private_node_pool_oauth_scopes/README.md index 031f4709e2..3ae6a8ca77 100644 --- a/examples/regional_private_node_pool_oauth_scopes/README.md +++ b/examples/regional_private_node_pool_oauth_scopes/README.md @@ -7,13 +7,7 @@ This example illustrates how to create a private cluster with node pool specific | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| cluster\_name | Name of the cluster | string | n/a | yes | -| ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes | -| ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes | -| network | The VPC network name to host the cluster in | string | n/a | yes | | project\_id | The project ID to host the cluster in | string | n/a | yes | -| region | The region to host the cluster in | string | n/a | yes | -| subnet | The subnetwork name to host the cluster in | string | n/a | yes | ## Outputs @@ -37,6 +31,8 @@ This example illustrates how to create a private cluster with node pool specific | node\_pools\_versions | List of node pools versions | | region | Cluster region | | service\_account | The service account to default running nodes as if not overridden in `node_pools`. | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | | type | Cluster type (regional / zonal) | | zones | List of zones in which the cluster resides | diff --git a/examples/regional_private_node_pool_oauth_scopes/main.tf b/examples/regional_private_node_pool_oauth_scopes/main.tf index 29770985cb..e39e3299f6 100644 --- a/examples/regional_private_node_pool_oauth_scopes/main.tf +++ b/examples/regional_private_node_pool_oauth_scopes/main.tf @@ -14,22 +14,16 @@ * limitations under the License. */ -data "google_compute_subnetwork" "subnetwork" { - name = module.gke-network.subnets_names[0] - project = var.project_id - region = var.region -} - module "gke" { source = "../../modules/private-cluster" project_id = var.project_id - name = var.cluster_name - region = var.region + name = "random-test-cluster" + region = "us-west1" regional = true network = module.gke-network.network_name subnetwork = module.gke-network.subnets_names[0] - ip_range_pods = var.ip_range_pods - ip_range_services = var.ip_range_services + ip_range_pods = module.gke-network.subnets_secondary_ranges[0].*.range_name[0] + ip_range_services = module.gke-network.subnets_secondary_ranges[0].*.range_name[1] enable_private_endpoint = true enable_private_nodes = true master_ipv4_cidr_block = "172.16.0.16/28" @@ -43,7 +37,7 @@ module "gke" { { cidr_blocks = [ { - cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range + cidr_block = module.gke-network.subnets_ips[0] display_name = "VPC" }, ] diff --git a/examples/regional_private_node_pool_oauth_scopes/network.tf b/examples/regional_private_node_pool_oauth_scopes/network.tf index 624236f63c..2d15f20c2b 100644 --- a/examples/regional_private_node_pool_oauth_scopes/network.tf +++ b/examples/regional_private_node_pool_oauth_scopes/network.tf @@ -16,25 +16,26 @@ module "gke-network" { source = "terraform-google-modules/network/google" + version = "~> 1.5" project_id = var.project_id - network_name = var.network + network_name = "random-gke-network" subnets = [ { - subnet_name = var.subnet + subnet_name = "random-gke-subnet" subnet_ip = "10.0.0.0/24" - subnet_region = var.region + subnet_region = "us-west1" }, ] secondary_ranges = { - "${var.subnet}" = [ + "random-gke-subnet" = [ { - range_name = var.ip_range_pods + range_name = "random-ip-range-pods" ip_cidr_range = "10.1.0.0/16" }, { - range_name = var.ip_range_services + range_name = "random-ip-range-services" ip_cidr_range = "10.2.0.0/20" }, ] } diff --git a/examples/regional_private_node_pool_oauth_scopes/outputs.tf b/examples/regional_private_node_pool_oauth_scopes/outputs.tf index 464ed303c3..8f600dad7e 100644 --- a/examples/regional_private_node_pool_oauth_scopes/outputs.tf +++ b/examples/regional_private_node_pool_oauth_scopes/outputs.tf @@ -16,102 +16,112 @@ output "cluster_name" { description = "Cluster name" - value = "${module.gke.name}" + value = "module.gke.name" } output "type" { description = "Cluster type (regional / zonal)" - value = "${module.gke.type}" + value = "module.gke.type" } output "location" { description = "Cluster location (region if regional cluster, zone if zonal cluster)" - value = "${module.gke.location}" + value = "module.gke.location" } output "region" { description = "Cluster region" - value = "${module.gke.region}" + value = "module.gke.region" } output "zones" { description = "List of zones in which the cluster resides" - value = "${module.gke.zones}" + value = "module.gke.zones" } output "endpoint" { sensitive = true description = "Cluster endpoint" - value = "${module.gke.endpoint}" + value = "module.gke.endpoint" } output "min_master_version" { description = "Minimum master kubernetes version" - value = "${module.gke.min_master_version}" + value = "module.gke.min_master_version" } output "logging_service" { description = "Logging service used" - value = "${module.gke.logging_service}" + value = "module.gke.logging_service" } output "monitoring_service" { description = "Monitoring service used" - value = "${module.gke.monitoring_service}" + value = "module.gke.monitoring_service" } output "master_authorized_networks_config" { description = "Networks from which access to master is permitted" - value = "${module.gke.master_authorized_networks_config}" + value = "module.gke.master_authorized_networks_config" } output "master_version" { description = "Current master kubernetes version" - value = "${module.gke.master_version}" + value = "module.gke.master_version" } output "ca_certificate" { sensitive = true description = "Cluster ca certificate (base64 encoded)" - value = "${module.gke.ca_certificate}" + value = "module.gke.ca_certificate" } output "network_policy_enabled" { description = "Whether network policy enabled" - value = "${module.gke.network_policy_enabled}" + value = "module.gke.network_policy_enabled" } output "http_load_balancing_enabled" { description = "Whether http load balancing enabled" - value = "${module.gke.http_load_balancing_enabled}" + value = "module.gke.http_load_balancing_enabled" } output "horizontal_pod_autoscaling_enabled" { description = "Whether horizontal pod autoscaling enabled" - value = "${module.gke.horizontal_pod_autoscaling_enabled}" + value = "module.gke.horizontal_pod_autoscaling_enabled" } output "kubernetes_dashboard_enabled" { description = "Whether kubernetes dashboard enabled" - value = "${module.gke.kubernetes_dashboard_enabled}" + value = "module.gke.kubernetes_dashboard_enabled" } output "node_pools_names" { description = "List of node pools names" - value = "${module.gke.node_pools_names}" + value = "module.gke.node_pools_names" } output "node_pools_versions" { description = "List of node pools versions" - value = "${module.gke.node_pools_versions}" + value = "module.gke.node_pools_versions" } output "service_account" { description = "The service account to default running nodes as if not overridden in `node_pools`." - value = "${module.gke.service_account}" + value = "module.gke.service_account" } output "network_module" { description = "network module output" value = module.gke-network } + +output "subnets_ips" { + description = "The IP and cidrs of the subnets being created" + value = module.gke-network.subnets_ips +} + +output "subnets_secondary_ranges" { + description = "The secondary ranges associated with these subnets" + value = module.gke-network.subnets_secondary_ranges +} diff --git a/examples/regional_private_node_pool_oauth_scopes/provider.tf b/examples/regional_private_node_pool_oauth_scopes/provider.tf index 4317f93e11..d052ca7cdb 100644 --- a/examples/regional_private_node_pool_oauth_scopes/provider.tf +++ b/examples/regional_private_node_pool_oauth_scopes/provider.tf @@ -16,12 +16,8 @@ provider "google" { version = "2.18.0" - project = var.project_id - region = var.region } provider "google-beta" { version = "2.18.0" - project = var.project_id - region = var.region } diff --git a/examples/regional_private_node_pool_oauth_scopes/variables.tf b/examples/regional_private_node_pool_oauth_scopes/variables.tf index 07352a1a0b..03eedccd1f 100644 --- a/examples/regional_private_node_pool_oauth_scopes/variables.tf +++ b/examples/regional_private_node_pool_oauth_scopes/variables.tf @@ -14,30 +14,6 @@ * limitations under the License. */ -variable "cluster_name" { - description = "Name of the cluster" -} - variable "project_id" { description = "The project ID to host the cluster in" } - -variable "region" { - description = "The region to host the cluster in" -} - -variable "ip_range_pods" { - description = "The secondary ip range to use for pods" -} - -variable "ip_range_services" { - description = "The secondary ip range to use for pods" -} - -variable "network" { - description = "The VPC network name to host the cluster in" -} - -variable "subnet" { - description = "The subnetwork name to host the cluster in" -} From 39b3deda5d943fcc397f876f52ab546c5662f571 Mon Sep 17 00:00:00 2001 From: Alekhya Lakkadi Date: Thu, 21 Nov 2019 12:04:03 -0800 Subject: [PATCH 7/8] formatted outputs.tf file --- .../outputs.tf | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/examples/regional_private_node_pool_oauth_scopes/outputs.tf b/examples/regional_private_node_pool_oauth_scopes/outputs.tf index 8f600dad7e..13105641e9 100644 --- a/examples/regional_private_node_pool_oauth_scopes/outputs.tf +++ b/examples/regional_private_node_pool_oauth_scopes/outputs.tf @@ -16,99 +16,99 @@ output "cluster_name" { description = "Cluster name" - value = "module.gke.name" + value = module.gke.name } output "type" { description = "Cluster type (regional / zonal)" - value = "module.gke.type" + value = module.gke.type } output "location" { description = "Cluster location (region if regional cluster, zone if zonal cluster)" - value = "module.gke.location" + value = module.gke.location } output "region" { description = "Cluster region" - value = "module.gke.region" + value = module.gke.region } output "zones" { description = "List of zones in which the cluster resides" - value = "module.gke.zones" + value = module.gke.zones } output "endpoint" { sensitive = true description = "Cluster endpoint" - value = "module.gke.endpoint" + value = module.gke.endpoint } output "min_master_version" { description = "Minimum master kubernetes version" - value = "module.gke.min_master_version" + value = module.gke.min_master_version } output "logging_service" { description = "Logging service used" - value = "module.gke.logging_service" + value = module.gke.logging_service } output "monitoring_service" { description = "Monitoring service used" - value = "module.gke.monitoring_service" + value = module.gke.monitoring_service } output "master_authorized_networks_config" { description = "Networks from which access to master is permitted" - value = "module.gke.master_authorized_networks_config" + value = module.gke.master_authorized_networks_config } output "master_version" { description = "Current master kubernetes version" - value = "module.gke.master_version" + value = module.gke.master_version } output "ca_certificate" { sensitive = true description = "Cluster ca certificate (base64 encoded)" - value = "module.gke.ca_certificate" + value = module.gke.ca_certificate } output "network_policy_enabled" { description = "Whether network policy enabled" - value = "module.gke.network_policy_enabled" + value = module.gke.network_policy_enabled } output "http_load_balancing_enabled" { description = "Whether http load balancing enabled" - value = "module.gke.http_load_balancing_enabled" + value = module.gke.http_load_balancing_enabled } output "horizontal_pod_autoscaling_enabled" { description = "Whether horizontal pod autoscaling enabled" - value = "module.gke.horizontal_pod_autoscaling_enabled" + value = module.gke.horizontal_pod_autoscaling_enabled } output "kubernetes_dashboard_enabled" { description = "Whether kubernetes dashboard enabled" - value = "module.gke.kubernetes_dashboard_enabled" + value = module.gke.kubernetes_dashboard_enabled } output "node_pools_names" { description = "List of node pools names" - value = "module.gke.node_pools_names" + value = module.gke.node_pools_names } output "node_pools_versions" { description = "List of node pools versions" - value = "module.gke.node_pools_versions" + value = module.gke.node_pools_versions } output "service_account" { description = "The service account to default running nodes as if not overridden in `node_pools`." - value = "module.gke.service_account" + value = module.gke.service_account } output "network_module" { From 84f6d9a2a99c34c1a05e4e40d8e50de694cd2446 Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Fri, 22 Nov 2019 10:20:38 -0500 Subject: [PATCH 8/8] Remove obsolete dashboard output --- examples/regional_private_node_pool_oauth_scopes/README.md | 1 - examples/regional_private_node_pool_oauth_scopes/outputs.tf | 5 ----- 2 files changed, 6 deletions(-) diff --git a/examples/regional_private_node_pool_oauth_scopes/README.md b/examples/regional_private_node_pool_oauth_scopes/README.md index 3ae6a8ca77..fa9f673894 100644 --- a/examples/regional_private_node_pool_oauth_scopes/README.md +++ b/examples/regional_private_node_pool_oauth_scopes/README.md @@ -18,7 +18,6 @@ This example illustrates how to create a private cluster with node pool specific | endpoint | Cluster endpoint | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | -| kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled | | location | Cluster location (region if regional cluster, zone if zonal cluster) | | logging\_service | Logging service used | | master\_authorized\_networks\_config | Networks from which access to master is permitted | diff --git a/examples/regional_private_node_pool_oauth_scopes/outputs.tf b/examples/regional_private_node_pool_oauth_scopes/outputs.tf index 13105641e9..2df5357298 100644 --- a/examples/regional_private_node_pool_oauth_scopes/outputs.tf +++ b/examples/regional_private_node_pool_oauth_scopes/outputs.tf @@ -91,11 +91,6 @@ output "horizontal_pod_autoscaling_enabled" { value = module.gke.horizontal_pod_autoscaling_enabled } -output "kubernetes_dashboard_enabled" { - description = "Whether kubernetes dashboard enabled" - value = module.gke.kubernetes_dashboard_enabled -} - output "node_pools_names" { description = "List of node pools names" value = module.gke.node_pools_names