feat: Add kubectl submodule (#45)

examples/kubectl_wrapper_example/README.md

@@ -0,0 +1,37 @@
+# Kubernetes Wrapper Example
+
+This example illustrates how to use the kubectl submodule to deploy Kubernetes resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| cluster\_name | The name for the GKE cluster | string | `"gke-on-vpc-cluster"` | no |
+| ip\_range\_pods\_name | The secondary ip range to use for pods | string | `"ip-range-pods"` | no |
+| ip\_range\_services\_name | The secondary ip range to use for services | string | `"ip-range-scv"` | no |
+| network | The VPC network created to host the cluster in | string | `"gke-network"` | no |
+| project\_id | The project ID to host the cluster in | string | n/a | yes |
+| region | The region to host the cluster in | string | `"us-central1"` | no |
+| subnetwork | The subnetwork created to host the cluster in | string | `"gke-subnet"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ca\_certificate | The cluster ca certificate (base64 encoded) |
+| client\_token | The bearer token for auth |
+| cluster\_name | Cluster name |
+| kubernetes\_endpoint | The cluster endpoint |
+| network\_name | The name of the VPC being created |
+| service\_account | The default service account used for running nodes. |
+| subnet\_name | The name of the subnet being created |
+| subnet\_secondary\_ranges | The secondary ranges associated with the subnet |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure

examples/kubectl_wrapper_example/main.tf

@@ -0,0 +1,108 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "google" {
+  version = "~> 3.16.0"
+}
+
+locals {
+  manifest_path = "${path.module}/manifests"
+}
+
+module "enabled_google_apis" {
+  source  = "terraform-google-modules/project-factory/google//modules/project_services"
+  version = "~> 8.0"
+
+  project_id                  = var.project_id
+  disable_services_on_destroy = false
+
+  activate_apis = [
+    "logging.googleapis.com",
+    "monitoring.googleapis.com",
+    "container.googleapis.com",
+    "stackdriver.googleapis.com",
+  ]
+}
+
+module "gcp-network" {
+  source       = "terraform-google-modules/network/google"
+  version      = "~> 2.0"
+  project_id   = module.enabled_google_apis.project_id
+  network_name = var.network
+
+  subnets = [
+    {
+      subnet_name   = var.subnetwork
+      subnet_ip     = "10.0.0.0/17"
+      subnet_region = var.region
+    },
+  ]
+
+  secondary_ranges = {
+    "${var.subnetwork}" = [
+      {
+        range_name    = var.ip_range_pods_name
+        ip_cidr_range = "192.168.0.0/18"
+      },
+      {
+        range_name    = var.ip_range_services_name
+        ip_cidr_range = "192.168.64.0/18"
+      },
+    ]
+  }
+}
+
+module "gke" {
+  source                 = "terraform-google-modules/kubernetes-engine/google"
+  version                = "~> 9.0"
+  project_id             = module.enabled_google_apis.project_id
+  name                   = var.cluster_name
+  regional               = true
+  region                 = var.region
+  network                = module.gcp-network.network_name
+  subnetwork             = module.gcp-network.subnets_names[0]
+  ip_range_pods          = var.ip_range_pods_name
+  ip_range_services      = var.ip_range_services_name
+  create_service_account = true
+}
+
+data "google_client_config" "default" {
+}
+
+module "kubectl-imperative" {
+  source = "../../modules/kubectl-wrapper"
+
+  project_id        = var.project_id
+  cluster_name      = module.gke.name
+  cluster_location  = module.gke.location
+  module_depends_on = [module.gke.endpoint]
+  # using --generator for cross compat between 1.18 and lower
+  kubectl_create_command  = "kubectl run --generator=run-pod/v1 nginx-imperative --image=nginx"
+  kubectl_destroy_command = "kubectl delete pod nginx-imperative"
+  skip_download           = true
+}
+
+module "kubectl-local-yaml" {
+  source = "../../modules/kubectl-wrapper"
+
+  project_id              = var.project_id
+  cluster_name            = module.gke.name
+  cluster_location        = module.gke.location
+  module_depends_on       = [module.kubectl-imperative.wait, module.gke.endpoint]
+  kubectl_create_command  = "kubectl apply -f ${local.manifest_path}"
+  kubectl_destroy_command = "kubectl delete -f ${local.manifest_path}"
+  skip_download           = false
+}

examples/kubectl_wrapper_example/manifests/nginx.yaml

@@ -0,0 +1,22 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-declarative
+spec:
+    containers:
+    - name: nginx
+      image: nginx

examples/kubectl_wrapper_example/outputs.tf

@@ -0,0 +1,57 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "kubernetes_endpoint" {
+  description = "The cluster endpoint"
+  sensitive   = true
+  value       = module.gke.endpoint
+}
+
+output "client_token" {
+  description = "The bearer token for auth"
+  sensitive   = true
+  value       = base64encode(data.google_client_config.default.access_token)
+}
+
+output "ca_certificate" {
+  description = "The cluster ca certificate (base64 encoded)"
+  value       = module.gke.ca_certificate
+}
+
+output "service_account" {
+  description = "The default service account used for running nodes."
+  value       = module.gke.service_account
+}
+
+output "cluster_name" {
+  description = "Cluster name"
+  value       = module.gke.name
+}
+
+output "network_name" {
+  description = "The name of the VPC being created"
+  value       = module.gcp-network.network_name
+}
+
+output "subnet_name" {
+  description = "The name of the subnet being created"
+  value       = module.gcp-network.subnets_names
+}
+
+output "subnet_secondary_ranges" {
+  description = "The secondary ranges associated with the subnet"
+  value       = module.gcp-network.subnets_secondary_ranges
+}

examples/kubectl_wrapper_example/variables.tf

@@ -0,0 +1,49 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The project ID to host the cluster in"
+}
+
+variable "cluster_name" {
+  description = "The name for the GKE cluster"
+  default     = "gke-on-vpc-cluster"
+}
+
+variable "region" {
+  description = "The region to host the cluster in"
+  default     = "us-central1"
+}
+
+variable "network" {
+  description = "The VPC network created to host the cluster in"
+  default     = "gke-network"
+}
+
+variable "subnetwork" {
+  description = "The subnetwork created to host the cluster in"
+  default     = "gke-subnet"
+}
+
+variable "ip_range_pods_name" {
+  description = "The secondary ip range to use for pods"
+  default     = "ip-range-pods"
+}
+
+variable "ip_range_services_name" {
+  description = "The secondary ip range to use for services"
+  default     = "ip-range-scv"
+}

kitchen.yml

@@ -59,3 +59,14 @@ suites:
           backend: local
           controls:
             - file
+  - name: kubectl_wrapper_example
+    driver:
+      command_timeout: 3600
+      root_module_directory: test/fixtures/kubectl_wrapper_example/
+    verifier:
+      color: false
+      systems:
+        - name: kubectl_wrapper_example local
+          backend: local
+          controls:
+            - kubectl

modules/kubectl-wrapper/README.md

@@ -0,0 +1,57 @@
+# kubectl wrapper
+
+This submodule aims to make interactions with GKE clusters using kubectl easier by utilizing the gcloud module and kubectl_wrapper script.
+
+This module can be used to deploy any Kubernetes resource using imperative commands or declarative yaml files. An example can be found [here](../../examples/kubectl_wrapper_example).
+
+## Usage
+
+Basic usage of this module is as follows:
+
+```hcl
+module "kubectl" {
+  source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper"
+
+  project_id              = var.project_id
+  cluster_name            = var.cluster_name
+  cluster_location        = var.cluster_location
+  kubectl_create_command  = "kubectl create deploy nginx --image=nginx"
+  kubectl_destroy_command = "kubectl delete deploy nginx"
+}
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| additional\_components | Additional gcloud CLI components to install. Defaults to installing kubectl. Valid value are components listed in `gcloud components list` | list | `<list>` | no |
+| cluster\_location | Cluster location (Zone/Region). Optional if use_existing_context is true. | string | `""` | no |
+| cluster\_name | Cluster name. Optional if use_existing_context is true. | string | `""` | no |
+| create\_cmd\_triggers | List of any additional triggers for the create command execution. | map | `<map>` | no |
+| enabled | Flag to optionally disable usage of this module. | bool | `"true"` | no |
+| gcloud\_sdk\_version | The gcloud sdk version to download. | string | `"281.0.0"` | no |
+| kubectl\_create\_command | The kubectl command to create resources. | string | n/a | yes |
+| kubectl\_destroy\_command | The kubectl command to destroy resources. | string | n/a | yes |
+| module\_depends\_on | List of modules or resources this module depends on. | list | `<list>` | no |
+| project\_id | The project ID hosting the cluster. Optional if use_existing_context is true. | string | `""` | no |
+| skip\_download | Whether to skip downloading gcloud (assumes gcloud and kubectl is already available outside the module) | bool | `"true"` | no |
+| upgrade | Whether to upgrade gcloud at runtime | bool | `"true"` | no |
+| use\_existing\_context | Use existing kubecontext to auth kube-api. | bool | `"false"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| bin\_dir | The full bin path of the modules executables |
+| create\_cmd\_bin | The full bin path & command used on create |
+| destroy\_cmd\_bin | The full bin path & command used on destroy |
+| wait | An output to use when you want to depend on cmd finishing |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure