Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Safer Cluster module #315

Merged
merged 29 commits into from
Nov 26, 2019
Merged
Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
e8688fc
Initial definition of a Safer Cluster module.
mmontan Sep 22, 2019
f63e69b
Merge branch 'master' into safer-cluster
morgante Oct 17, 2019
599dd2e
Initial definition of a Safer Cluster module.
mmontan Sep 22, 2019
d60fb28
Merge branch 'safer-cluster' of github.com:mmontan/terraform-google-k…
mmontan Oct 25, 2019
3e12560
Merge remote-tracking branch 'mmontan/safer-cluster' into feature/gke…
bharathkkb Nov 9, 2019
b3a6d3e
add shielded vms, use new CI, address comments
bharathkkb Nov 11, 2019
31f833b
adds docs from PR281, add desc
bharathkkb Nov 11, 2019
6f7de18
Merge branch 'master' into feature/gke-safe-cluster
Nov 11, 2019
2c1aa19
Initial definition of a Safer Cluster module.
mmontan Sep 22, 2019
b411371
add shielded vms, use new CI, address comments
bharathkkb Nov 11, 2019
8539316
adds docs from PR281, add desc
bharathkkb Nov 11, 2019
5a19471
address comments
bharathkkb Nov 13, 2019
afda7fe
address comments
bharathkkb Nov 13, 2019
fb38612
fix lint
bharathkkb Nov 13, 2019
1120377
Merge branch 'master' into feature/gke-safe-cluster
Nov 15, 2019
1a5eb63
add types, fix desc
bharathkkb Nov 18, 2019
2d996f6
Merge branch 'master' into feature/gke-safe-cluster
Nov 18, 2019
1d8b42a
Merge branch 'master' into feature/gke-safe-cluster
bharathkkb Nov 20, 2019
0468ec7
Merge branch 'master' into feature/gke-safe-cluster
Nov 21, 2019
e5a7267
Merge pull request #3 from terraform-google-modules/master
bharathkkb Nov 22, 2019
8a135fe
Merge branch 'master' into feature/gke-safe-cluster
Nov 22, 2019
1f2edb6
remove kubernetes_dashboard_enabled
bharathkkb Nov 22, 2019
509f6ba
fix int test
bharathkkb Nov 22, 2019
6b0e4f0
Merge pull request #4 from terraform-google-modules/master
bharathkkb Nov 22, 2019
191e16b
Merge branch 'master' into feature/gke-safe-cluster
bharathkkb Nov 23, 2019
932bd0e
hardcode vars
bharathkkb Nov 23, 2019
b06c425
update int test to split between two projects
bharathkkb Nov 26, 2019
0be30c8
fix outputs
bharathkkb Nov 26, 2019
5564e1b
Merge branch 'master' into feature/gke-safe-cluster
bharathkkb Nov 26, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .kitchen.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,13 @@ suites:
systems:
- name: shared_vpc
backend: local
- name: "safer_cluster"
morgante marked this conversation as resolved.
Show resolved Hide resolved
driver:
root_module_directory: test/fixtures/safer_cluster
verifier:
systems:
- name: safer_cluster
backend: local
- name: "simple_regional"
driver:
root_module_directory: test/fixtures/simple_regional
Expand Down
47 changes: 47 additions & 0 deletions examples/safer_cluster/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# Safer GKE Cluster

This example illustrates how to instantiate the opinionated Safer Cluster module.

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| cloudrun | Boolean to enable / disable CloudRun | string | `"true"` | no |
| cluster\_name\_suffix | A suffix to append to the default cluster name | string | `""` | no |
| compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | string | n/a | yes |
| ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes |
| ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes |
| istio | Boolean to enable / disable Istio | string | `"true"` | no |
| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network | string | `"172.16.0.0/28"` | no |
| network | The VPC network to host the cluster in | string | n/a | yes |
| project\_id | The project ID to host the cluster in | string | n/a | yes |
| region | The region to host the cluster in | string | n/a | yes |
| subnetwork | The subnetwork to host the cluster in | string | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| ca\_certificate | The cluster ca certificate (base64 encoded) |
| client\_token | The bearer token for auth |
| cluster\_name | Cluster name |
| ip\_range\_pods | The secondary IP range used for pods |
| ip\_range\_services | The secondary IP range used for services |
| kubernetes\_endpoint | The cluster endpoint |
| location | |
| master\_kubernetes\_version | The master Kubernetes version |
| network | |
| project\_id | |
| region | |
| service\_account | The service account to default running nodes as if not overridden in `node_pools`. |
| subnetwork | |
| zones | List of zones in which the cluster resides |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

To provision this example, run the following from within this directory:
- `terraform init` to get the plugins
- `terraform plan` to see the infrastructure plan
- `terraform apply` to apply the infrastructure build
- `terraform destroy` to destroy the built infrastructure
60 changes: 60 additions & 0 deletions examples/safer_cluster/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
/**
* Copyright 2018 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

locals {
cluster_type = "safer-cluster"
}

provider "google-beta" {
version = "~> 2.18.0"
region = var.region
bharathkkb marked this conversation as resolved.
Show resolved Hide resolved
}

data "google_compute_subnetwork" "subnetwork" {
bharathkkb marked this conversation as resolved.
Show resolved Hide resolved
name = var.subnetwork
project = var.project_id
region = var.region
}

module "gke" {
source = "../../modules/safer-cluster/"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
regional = true
region = var.region
network = var.network
subnetwork = var.subnetwork
ip_range_pods = var.ip_range_pods
ip_range_services = var.ip_range_services
compute_engine_service_account = var.compute_engine_service_account
master_ipv4_cidr_block = var.master_ipv4_cidr_block
master_authorized_networks_config = [
{
cidr_blocks = [
{
cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range
display_name = "VPC"
},
]
},
]
istio = var.istio
cloudrun = var.cloudrun
}

data "google_client_config" "default" {
}

38 changes: 38 additions & 0 deletions examples/safer_cluster/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
/**
* Copyright 2018 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

output "kubernetes_endpoint" {
description = "The cluster endpoint"
sensitive = true
value = module.gke.endpoint
}

output "client_token" {
description = "The bearer token for auth"
sensitive = true
value = base64encode(data.google_client_config.default.access_token)
}

output "ca_certificate" {
description = "The cluster ca certificate (base64 encoded)"
value = module.gke.ca_certificate
}

output "service_account" {
description = "The service account to default running nodes as if not overridden in `node_pools`."
value = module.gke.service_account
}

1 change: 1 addition & 0 deletions examples/safer_cluster/test_outputs.tf
63 changes: 63 additions & 0 deletions examples/safer_cluster/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
/**
* Copyright 2018 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

variable "project_id" {
description = "The project ID to host the cluster in"
bharathkkb marked this conversation as resolved.
Show resolved Hide resolved
}

variable "cluster_name_suffix" {
description = "A suffix to append to the default cluster name"
default = ""
}

variable "region" {
description = "The region to host the cluster in"
}

variable "network" {
bharathkkb marked this conversation as resolved.
Show resolved Hide resolved
description = "The VPC network to host the cluster in"
}

variable "subnetwork" {
description = "The subnetwork to host the cluster in"
}

variable "ip_range_pods" {
description = "The secondary ip range to use for pods"
}

variable "ip_range_services" {
description = "The secondary ip range to use for pods"
}

variable "istio" {
description = "Boolean to enable / disable Istio"
default = true
}

variable "cloudrun" {
description = "Boolean to enable / disable CloudRun"
default = true
}

variable "master_ipv4_cidr_block" {
description = "The IP range in CIDR notation to use for the hosted master network"
default = "172.16.0.0/28"
}

variable "compute_engine_service_account" {
description = "Service account to associate to the nodes in the cluster"
}
19 changes: 19 additions & 0 deletions examples/safer_cluster/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
/**
* Copyright 2018 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

terraform {
required_version = ">= 0.12"
}
Loading