From bf83e89205afe3c126f8971f14e3c870906b6aa9 Mon Sep 17 00:00:00 2001 From: Fernando Rubbo Date: Wed, 11 Sep 2019 08:53:52 -0300 Subject: [PATCH 01/23] Update README.md --- README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9f4d6e4a64..d44cdb1cc6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,8 @@ -# Configuring your **dev** environment +# Managing infrastructure as code with Terraform, Cloud Build, and GitOps + +This is the repo for the [Managing infrastructure as code with Terraform, Cloud Build, and GitOps](https://cloud.google.com/solutions/managing-infrastructure-as-code) tutorial. This tutorial explains how to manage infrastructure as code with Terraform and Cloud Build using the popular GitOps methodology. + +## Configuring your **dev** environment Just for demostration, this step will: 1. Configure an apache2 http server on network '**dev**' and subnet '**dev**-subnet-01' @@ -12,7 +16,7 @@ terraform apply terraform destroy ``` -# Promoting your environment to **production** +## Promoting your environment to **production** Once you have tested your app (in this example an apache2 http server), you can promote your configuration to prodution. This step will: 1. Configure an apache2 http server on network '**prod**' and subnet '**prod**-subnet-01' From e6bcec81715f52a9a9c7f547926fe4a05c102268 Mon Sep 17 00:00:00 2001 From: fernandorubbo Date: Thu, 10 Jun 2021 14:25:56 +0000 Subject: [PATCH 02/23] Moving to terraform 1.0.0 --- cloudbuild.yaml | 6 +++--- environments/dev/main.tf | 2 +- environments/dev/versions.tf | 2 +- environments/prod/main.tf | 2 +- environments/prod/versions.tf | 2 +- modules/firewall/versions.tf | 2 +- modules/http_server/versions.tf | 2 +- modules/vpc/main.tf | 2 +- modules/vpc/versions.tf | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index 84f5365cec..a2e241289d 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -25,7 +25,7 @@ steps: echo "***********************" - id: 'tf init' - name: 'hashicorp/terraform:0.11.14' + name: 'hashicorp/terraform:1.0.0' entrypoint: 'sh' args: - '-c' @@ -50,7 +50,7 @@ steps: # [START tf-plan] - id: 'tf plan' - name: 'hashicorp/terraform:0.11.14' + name: 'hashicorp/terraform:1.0.0' entrypoint: 'sh' args: - '-c' @@ -76,7 +76,7 @@ steps: # [START tf-apply] - id: 'tf apply' - name: 'hashicorp/terraform:0.11.14' + name: 'hashicorp/terraform:1.0.0' entrypoint: 'sh' args: - '-c' diff --git a/environments/dev/main.tf b/environments/dev/main.tf index a77cb88e91..a28b76be75 100644 --- a/environments/dev/main.tf +++ b/environments/dev/main.tf @@ -14,7 +14,7 @@ locals { - "env" = "dev" + env = "dev" } provider "google" { diff --git a/environments/dev/versions.tf b/environments/dev/versions.tf index aecd2473e3..4cc81b29fa 100644 --- a/environments/dev/versions.tf +++ b/environments/dev/versions.tf @@ -14,5 +14,5 @@ terraform { - required_version = "~> 0.11.0" + required_version = "~> 1.0.0" } diff --git a/environments/prod/main.tf b/environments/prod/main.tf index 642fe67ba2..0c7726235e 100644 --- a/environments/prod/main.tf +++ b/environments/prod/main.tf @@ -14,7 +14,7 @@ locals { - "env" = "prod" + env = "prod" } provider "google" { diff --git a/environments/prod/versions.tf b/environments/prod/versions.tf index aecd2473e3..4cc81b29fa 100644 --- a/environments/prod/versions.tf +++ b/environments/prod/versions.tf @@ -14,5 +14,5 @@ terraform { - required_version = "~> 0.11.0" + required_version = "~> 1.0.0" } diff --git a/modules/firewall/versions.tf b/modules/firewall/versions.tf index aecd2473e3..4cc81b29fa 100644 --- a/modules/firewall/versions.tf +++ b/modules/firewall/versions.tf @@ -14,5 +14,5 @@ terraform { - required_version = "~> 0.11.0" + required_version = "~> 1.0.0" } diff --git a/modules/http_server/versions.tf b/modules/http_server/versions.tf index aecd2473e3..4cc81b29fa 100644 --- a/modules/http_server/versions.tf +++ b/modules/http_server/versions.tf @@ -14,5 +14,5 @@ terraform { - required_version = "~> 0.11.0" + required_version = "~> 1.0.0" } diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf index 36b08f5b43..8fce4ab20d 100644 --- a/modules/vpc/main.tf +++ b/modules/vpc/main.tf @@ -15,7 +15,7 @@ module "vpc" { source = "terraform-google-modules/network/google" - version = "0.6.0" + version = "3.3.0" project_id = "${var.project}" network_name = "${var.env}" diff --git a/modules/vpc/versions.tf b/modules/vpc/versions.tf index aecd2473e3..4cc81b29fa 100644 --- a/modules/vpc/versions.tf +++ b/modules/vpc/versions.tf @@ -14,5 +14,5 @@ terraform { - required_version = "~> 0.11.0" + required_version = "~> 1.0.0" } From 951c8b7fbc69b16289e090a7e89e158a5dde13fe Mon Sep 17 00:00:00 2001 From: monika Date: Tue, 14 Sep 2021 07:48:27 +0000 Subject: [PATCH 03/23] Update project IDs and buckets --- environments/dev/backend.tf | 2 +- environments/dev/terraform.tfvars | 2 +- environments/prod/backend.tf | 2 +- environments/prod/terraform.tfvars | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/environments/dev/backend.tf b/environments/dev/backend.tf index 33a807a336..26c454deb5 100644 --- a/environments/dev/backend.tf +++ b/environments/dev/backend.tf @@ -15,7 +15,7 @@ terraform { backend "gcs" { - bucket = "PROJECT_ID-tfstate" + bucket = "yash-innovation-tfstate" prefix = "env/dev" } } diff --git a/environments/dev/terraform.tfvars b/environments/dev/terraform.tfvars index cb8a5a1bbc..ab2a0e269c 100644 --- a/environments/dev/terraform.tfvars +++ b/environments/dev/terraform.tfvars @@ -1 +1 @@ -project="PROJECT_ID" \ No newline at end of file +project="yash-innovation" \ No newline at end of file diff --git a/environments/prod/backend.tf b/environments/prod/backend.tf index 7ed343b1a2..ea29eca5c4 100644 --- a/environments/prod/backend.tf +++ b/environments/prod/backend.tf @@ -15,7 +15,7 @@ terraform { backend "gcs" { - bucket = "PROJECT_ID-tfstate" + bucket = "yash-innovation-tfstate" prefix = "env/prod" } } diff --git a/environments/prod/terraform.tfvars b/environments/prod/terraform.tfvars index cb8a5a1bbc..ab2a0e269c 100644 --- a/environments/prod/terraform.tfvars +++ b/environments/prod/terraform.tfvars @@ -1 +1 @@ -project="PROJECT_ID" \ No newline at end of file +project="yash-innovation" \ No newline at end of file From 3b64613cf0fbace4b8c6689c5ab20ad298783a29 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Tue, 14 Sep 2021 14:27:14 +0530 Subject: [PATCH 04/23] Fixing http firewall target --- modules/firewall/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/firewall/main.tf b/modules/firewall/main.tf index 5e40f7089f..1d2e549134 100644 --- a/modules/firewall/main.tf +++ b/modules/firewall/main.tf @@ -27,6 +27,6 @@ resource "google_compute_firewall" "allow-http" { ports = ["80"] } - target_tags = ["http-server2"] + target_tags = ["http-server"] source_ranges = ["0.0.0.0/0"] } From 26327353689dd01fb38154b5443688295d99a942 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 15:59:17 +0530 Subject: [PATCH 05/23] Delete modules/http_server directory --- modules/http_server/main.tf | 44 -------------------------------- modules/http_server/outputs.tf | 22 ---------------- modules/http_server/variables.tf | 17 ------------ modules/http_server/versions.tf | 18 ------------- 4 files changed, 101 deletions(-) delete mode 100644 modules/http_server/main.tf delete mode 100644 modules/http_server/outputs.tf delete mode 100644 modules/http_server/variables.tf delete mode 100644 modules/http_server/versions.tf diff --git a/modules/http_server/main.tf b/modules/http_server/main.tf deleted file mode 100644 index 6f05187f34..0000000000 --- a/modules/http_server/main.tf +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -locals { - network = "${element(split("-", var.subnet), 0)}" -} - -resource "google_compute_instance" "http_server" { - project = "${var.project}" - zone = "us-west1-a" - name = "${local.network}-apache2-instance" - machine_type = "f1-micro" - - metadata_startup_script = "sudo apt-get update && sudo apt-get install apache2 -y && echo '

Environment: ${local.network}

' | sudo tee /var/www/html/index.html" - - boot_disk { - initialize_params { - image = "debian-cloud/debian-9" - } - } - - network_interface { - subnetwork = "${var.subnet}" - - access_config { - # Include this section to give the VM an external ip address - } - } - - # Apply the firewall rule to allow external IPs to access this instance - tags = ["http-server"] -} diff --git a/modules/http_server/outputs.tf b/modules/http_server/outputs.tf deleted file mode 100644 index c503157063..0000000000 --- a/modules/http_server/outputs.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -output "instance_name" { - value = "${google_compute_instance.http_server.name}" -} - -output "external_ip" { - value = "${google_compute_instance.http_server.network_interface.0.access_config.0.nat_ip}" -} diff --git a/modules/http_server/variables.tf b/modules/http_server/variables.tf deleted file mode 100644 index 2301355111..0000000000 --- a/modules/http_server/variables.tf +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -variable "project" {} -variable "subnet" {} diff --git a/modules/http_server/versions.tf b/modules/http_server/versions.tf deleted file mode 100644 index 4cc81b29fa..0000000000 --- a/modules/http_server/versions.tf +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -terraform { - required_version = "~> 1.0.0" -} From 9a54db3a450c810c241ca0e67fc57136ccc5c2d9 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 16:00:00 +0530 Subject: [PATCH 06/23] Delete modules/firewall directory --- modules/firewall/main.tf | 32 -------------------------------- modules/firewall/outputs.tf | 18 ------------------ modules/firewall/variables.tf | 17 ----------------- modules/firewall/versions.tf | 18 ------------------ 4 files changed, 85 deletions(-) delete mode 100644 modules/firewall/main.tf delete mode 100644 modules/firewall/outputs.tf delete mode 100644 modules/firewall/variables.tf delete mode 100644 modules/firewall/versions.tf diff --git a/modules/firewall/main.tf b/modules/firewall/main.tf deleted file mode 100644 index 1d2e549134..0000000000 --- a/modules/firewall/main.tf +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -locals { - network = "${element(split("-", var.subnet), 0)}" -} - -resource "google_compute_firewall" "allow-http" { - name = "${local.network}-allow-http" - network = "${local.network}" - project = "${var.project}" - - allow { - protocol = "tcp" - ports = ["80"] - } - - target_tags = ["http-server"] - source_ranges = ["0.0.0.0/0"] -} diff --git a/modules/firewall/outputs.tf b/modules/firewall/outputs.tf deleted file mode 100644 index 6eee8e9bcf..0000000000 --- a/modules/firewall/outputs.tf +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -output "firewall_rule" { - value = "${google_compute_firewall.allow-http.name}" -} diff --git a/modules/firewall/variables.tf b/modules/firewall/variables.tf deleted file mode 100644 index 2301355111..0000000000 --- a/modules/firewall/variables.tf +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -variable "project" {} -variable "subnet" {} diff --git a/modules/firewall/versions.tf b/modules/firewall/versions.tf deleted file mode 100644 index 4cc81b29fa..0000000000 --- a/modules/firewall/versions.tf +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -terraform { - required_version = "~> 1.0.0" -} From 766f97049ab939a6ca7612fb0ed8eb8d08af70b5 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 16:02:20 +0530 Subject: [PATCH 07/23] Update main.tf --- environments/prod/main.tf | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/environments/prod/main.tf b/environments/prod/main.tf index 0c7726235e..a3b8bfe852 100644 --- a/environments/prod/main.tf +++ b/environments/prod/main.tf @@ -14,27 +14,33 @@ locals { - env = "prod" + env = "dev" } provider "google" { project = "${var.project}" } -module "vpc" { - source = "../../modules/vpc" - project = "${var.project}" - env = "${local.env}" -} -module "http_server" { - source = "../../modules/http_server" - project = "${var.project}" - subnet = "${module.vpc.subnet}" -} -module "firewall" { - source = "../../modules/firewall" - project = "${var.project}" - subnet = "${module.vpc.subnet}" +module "kubernetes_engine" { + source = "../../modules/vpc" + count = var.kubernetes_engine-create ? var.kubernetes_engine-count : 0 + k8s_cluster_name = var.k8s_cluster_name + k8s_cluster_location = var.k8s_cluster_location + k8s_remove_default_node_pool = var.k8s_remove_default_node_pool + k8s_initial_node_count = var.k8s_initial_node_count + #k8s_username = var.k8s_username + #k8s_password = var.k8s_password + k8s_issue_client_certificate = var.k8s_issue_client_certificate + k8s_pool_name = var.k8s_pool_name + k8s_pool_location = var.k8s_pool_location + k8s_pool_node_count = var.k8s_pool_node_count + k8s_pool_preemptible = var.k8s_pool_preemptible + k8s_pool_machine_type = var.k8s_pool_machine_type + k8s_pool_disable-legacy-endpoints = var.k8s_pool_disable-legacy-endpoints + k8s_pool_oauth_scopes = var.k8s_pool_oauth_scopes + project = "${var.project}" + env = "${local.env}" } + From 097c4cb3277f58fcdc2a2d2bf03bf42ebdde82d0 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 16:03:59 +0530 Subject: [PATCH 08/23] Update outputs.tf --- environments/prod/outputs.tf | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/environments/prod/outputs.tf b/environments/prod/outputs.tf index 0ae139e4f7..6f350a511d 100644 --- a/environments/prod/outputs.tf +++ b/environments/prod/outputs.tf @@ -13,22 +13,18 @@ # limitations under the License. -output "network" { - value = "${module.vpc.network}" +output "cluster_id" { + value = module.kubernetes_engine[*].cluster_id } -output "subnet" { - value = "${module.vpc.subnet}" +output "cluster_endpoint" { + value = module.kubernetes_engine[*].cluster_endpoint } -output "firewall_rule" { - value = "${module.firewall.firewall_rule}" +output "pool_id" { + value = module.kubernetes_engine[*].pool_id } -output "instance_name" { - value = "${module.http_server.instance_name}" -} - -output "external_ip" { - value = "${module.http_server.external_ip}" +output "pool_instance_group_urls" { + value = module.kubernetes_engine[*].pool_instance_group_urls } From d60dffeb27540c070934bb6ff168f5855f31d622 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 16:04:40 +0530 Subject: [PATCH 09/23] Update terraform.tfvars --- environments/prod/terraform.tfvars | 37 +++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/environments/prod/terraform.tfvars b/environments/prod/terraform.tfvars index ab2a0e269c..237517c662 100644 --- a/environments/prod/terraform.tfvars +++ b/environments/prod/terraform.tfvars @@ -1 +1,36 @@ -project="yash-innovation" \ No newline at end of file +project="yash-innovation" +kubernetes_engine-create=true + + +kubernetes_engine-count=1 + + +k8s_cluster_name="tf-gke-cluster1" + +k8s_cluster_location="us-central1-a" + + +k8s_remove_default_node_pool=true + +k8s_initial_node_count=1 + +k8s_issue_client_certificate=false + +k8s_pool_name="tf-node-pool" + + +k8s_pool_location="us-central1-a" + + +k8s_pool_node_count=1 + +k8s_pool_preemptible=true + +k8s_pool_machine_type="e2-micro" + + +k8s_pool_disable-legacy-endpoints=true +k8s_pool_oauth_scopes= [ + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring" + ] From d6bed02b42e680168c239637dbe6867f0bf2713e Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 16:05:18 +0530 Subject: [PATCH 10/23] Update variables.tf --- environments/prod/variables.tf | 73 ++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/environments/prod/variables.tf b/environments/prod/variables.tf index 2b0a363f94..fcae41b22c 100644 --- a/environments/prod/variables.tf +++ b/environments/prod/variables.tf @@ -14,3 +14,76 @@ variable "project" {} +variable "kubernetes_engine-create" { + type = bool + default = true +} + +variable "kubernetes_engine-count" { + type = number + default = 1 +} + +variable "k8s_cluster_name" { + type = string + default = "tf-gke-cluster1" +} + +variable "k8s_cluster_location" { + type = string + default = "us-central1-a" +} + +variable "k8s_remove_default_node_pool" { + type = bool + default = true +} + +variable "k8s_initial_node_count" { + type = number + default = 1 +} + + +variable "k8s_issue_client_certificate" { + type = bool + default = false +} + +variable "k8s_pool_name" { + type = string + default = "tf-node-pool" +} + +variable "k8s_pool_location" { + type = string + default = "us-central1-a" +} + +variable "k8s_pool_node_count" { + type = number + default = 1 +} + +variable "k8s_pool_preemptible" { + type = bool + default = true +} + +variable "k8s_pool_machine_type" { + type = string + default = "e2-micro" +} + +variable "k8s_pool_disable-legacy-endpoints" { + type = bool + default = true +} + +variable "k8s_pool_oauth_scopes" { + type = list(string) + default = [ + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + ] +} From 4d5600a0766707def0e8c63e0e09784d472c4053 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 16:07:29 +0530 Subject: [PATCH 11/23] Update main.tf --- modules/vpc/main.tf | 43 ++++++++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf index 8fce4ab20d..da4de3c0c7 100644 --- a/modules/vpc/main.tf +++ b/modules/vpc/main.tf @@ -13,22 +13,35 @@ # limitations under the License. -module "vpc" { - source = "terraform-google-modules/network/google" - version = "3.3.0" +resource "google_container_cluster" "primary" { + name = var.k8s_cluster_name + location = var.k8s_cluster_location + # We can't create a cluster with no node pool defined, but we want to only use + # separately managed node pools. So we create the smallest possible default + # node pool and immediately delete it. + remove_default_node_pool = var.k8s_remove_default_node_pool + initial_node_count = var.k8s_initial_node_count + + master_auth { + - project_id = "${var.project}" - network_name = "${var.env}" - - subnets = [ - { - subnet_name = "${var.env}-subnet-01" - subnet_ip = "10.${var.env == "dev" ? 10 : 20}.10.0/24" - subnet_region = "us-west1" - }, - ] + client_certificate_config { + issue_client_certificate = var.k8s_issue_client_certificate + } + } +} - secondary_ranges = { - "${var.env}-subnet-01" = [] +resource "google_container_node_pool" "primary_preemptible_nodes" { + name = var.k8s_pool_name + location = var.k8s_pool_location + cluster = google_container_cluster.primary.name + node_count = var.k8s_pool_node_count + node_config { + preemptible = var.k8s_pool_preemptible + machine_type = var.k8s_pool_machine_type + metadata = { + disable-legacy-endpoints = var.k8s_pool_disable-legacy-endpoints + } + oauth_scopes = var.k8s_pool_oauth_scopes } } From 7b4fd54eea3d157ea3d127b1e191bce74b27b95a Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 16:08:13 +0530 Subject: [PATCH 12/23] Update outputs.tf --- modules/vpc/outputs.tf | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/modules/vpc/outputs.tf b/modules/vpc/outputs.tf index 35877bbd08..7ce6843f7f 100644 --- a/modules/vpc/outputs.tf +++ b/modules/vpc/outputs.tf @@ -12,11 +12,18 @@ # See the License for the specific language governing permissions and # limitations under the License. +output "cluster_id" { + value = google_container_cluster.primary.id +} + +output "cluster_endpoint" { + value = google_container_cluster.primary.endpoint +} -output "network" { - value = "${module.vpc.network_name}" +output "pool_id" { + value = google_container_node_pool.primary_preemptible_nodes.id } -output "subnet" { - value = "${element(module.vpc.subnets_names, 0)}" +output "pool_instance_group_urls" { + value = google_container_node_pool.primary_preemptible_nodes.instance_group_urls } From af36e005df95cdc9c755301b49a6071a4efcbbdb Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 16:08:57 +0530 Subject: [PATCH 13/23] Update variables.tf --- modules/vpc/variables.tf | 48 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf index f1fc7b13b6..f91f697ef6 100644 --- a/modules/vpc/variables.tf +++ b/modules/vpc/variables.tf @@ -15,3 +15,51 @@ variable "project" {} variable "env" {} +variable "k8s_cluster_name" { + type = string +} + +variable "k8s_cluster_location" { + type = string +} + +variable "k8s_remove_default_node_pool" { + type = bool +} + +variable "k8s_initial_node_count" { + type = number +} + +variable "k8s_issue_client_certificate" { + type = bool +} + +variable "k8s_pool_name" { + type = string +} + +variable "k8s_pool_location" { + type = string + default = "us-central1-a" +} + +variable "k8s_pool_node_count" { + type = number +} + +variable "k8s_pool_preemptible" { + type = bool +} + +variable "k8s_pool_machine_type" { + type = string +} + +variable "k8s_pool_disable-legacy-endpoints" { + type = bool +} + +variable "k8s_pool_oauth_scopes" { + type = list(string) +} From d92ff6baed9736d436386cc1c3124818b49fb08b Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 17:24:28 +0530 Subject: [PATCH 14/23] Update main.tf --- environments/dev/main.tf | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/environments/dev/main.tf b/environments/dev/main.tf index a28b76be75..a3b8bfe852 100644 --- a/environments/dev/main.tf +++ b/environments/dev/main.tf @@ -21,20 +21,26 @@ provider "google" { project = "${var.project}" } -module "vpc" { - source = "../../modules/vpc" - project = "${var.project}" - env = "${local.env}" -} -module "http_server" { - source = "../../modules/http_server" - project = "${var.project}" - subnet = "${module.vpc.subnet}" -} -module "firewall" { - source = "../../modules/firewall" - project = "${var.project}" - subnet = "${module.vpc.subnet}" +module "kubernetes_engine" { + source = "../../modules/vpc" + count = var.kubernetes_engine-create ? var.kubernetes_engine-count : 0 + k8s_cluster_name = var.k8s_cluster_name + k8s_cluster_location = var.k8s_cluster_location + k8s_remove_default_node_pool = var.k8s_remove_default_node_pool + k8s_initial_node_count = var.k8s_initial_node_count + #k8s_username = var.k8s_username + #k8s_password = var.k8s_password + k8s_issue_client_certificate = var.k8s_issue_client_certificate + k8s_pool_name = var.k8s_pool_name + k8s_pool_location = var.k8s_pool_location + k8s_pool_node_count = var.k8s_pool_node_count + k8s_pool_preemptible = var.k8s_pool_preemptible + k8s_pool_machine_type = var.k8s_pool_machine_type + k8s_pool_disable-legacy-endpoints = var.k8s_pool_disable-legacy-endpoints + k8s_pool_oauth_scopes = var.k8s_pool_oauth_scopes + project = "${var.project}" + env = "${local.env}" } + From 35413a4e01fc20e423923e19f9e40df19ca877f2 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 17:30:46 +0530 Subject: [PATCH 15/23] Update outputs.tf --- environments/dev/outputs.tf | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/environments/dev/outputs.tf b/environments/dev/outputs.tf index 0ae139e4f7..6f350a511d 100644 --- a/environments/dev/outputs.tf +++ b/environments/dev/outputs.tf @@ -13,22 +13,18 @@ # limitations under the License. -output "network" { - value = "${module.vpc.network}" +output "cluster_id" { + value = module.kubernetes_engine[*].cluster_id } -output "subnet" { - value = "${module.vpc.subnet}" +output "cluster_endpoint" { + value = module.kubernetes_engine[*].cluster_endpoint } -output "firewall_rule" { - value = "${module.firewall.firewall_rule}" +output "pool_id" { + value = module.kubernetes_engine[*].pool_id } -output "instance_name" { - value = "${module.http_server.instance_name}" -} - -output "external_ip" { - value = "${module.http_server.external_ip}" +output "pool_instance_group_urls" { + value = module.kubernetes_engine[*].pool_instance_group_urls } From 726579842f700048adda98c42dda043b09d9f600 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 17:31:35 +0530 Subject: [PATCH 16/23] Update terraform.tfvars --- environments/dev/terraform.tfvars | 37 ++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/environments/dev/terraform.tfvars b/environments/dev/terraform.tfvars index ab2a0e269c..237517c662 100644 --- a/environments/dev/terraform.tfvars +++ b/environments/dev/terraform.tfvars @@ -1 +1,36 @@ -project="yash-innovation" \ No newline at end of file +project="yash-innovation" +kubernetes_engine-create=true + + +kubernetes_engine-count=1 + + +k8s_cluster_name="tf-gke-cluster1" + +k8s_cluster_location="us-central1-a" + + +k8s_remove_default_node_pool=true + +k8s_initial_node_count=1 + +k8s_issue_client_certificate=false + +k8s_pool_name="tf-node-pool" + + +k8s_pool_location="us-central1-a" + + +k8s_pool_node_count=1 + +k8s_pool_preemptible=true + +k8s_pool_machine_type="e2-micro" + + +k8s_pool_disable-legacy-endpoints=true +k8s_pool_oauth_scopes= [ + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring" + ] From b90f0a1de08b7b31ca8387cf98777061fa587a08 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Wed, 15 Sep 2021 17:32:23 +0530 Subject: [PATCH 17/23] Update variables.tf --- environments/dev/variables.tf | 73 +++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/environments/dev/variables.tf b/environments/dev/variables.tf index 2b0a363f94..fcae41b22c 100644 --- a/environments/dev/variables.tf +++ b/environments/dev/variables.tf @@ -14,3 +14,76 @@ variable "project" {} +variable "kubernetes_engine-create" { + type = bool + default = true +} + +variable "kubernetes_engine-count" { + type = number + default = 1 +} + +variable "k8s_cluster_name" { + type = string + default = "tf-gke-cluster1" +} + +variable "k8s_cluster_location" { + type = string + default = "us-central1-a" +} + +variable "k8s_remove_default_node_pool" { + type = bool + default = true +} + +variable "k8s_initial_node_count" { + type = number + default = 1 +} + + +variable "k8s_issue_client_certificate" { + type = bool + default = false +} + +variable "k8s_pool_name" { + type = string + default = "tf-node-pool" +} + +variable "k8s_pool_location" { + type = string + default = "us-central1-a" +} + +variable "k8s_pool_node_count" { + type = number + default = 1 +} + +variable "k8s_pool_preemptible" { + type = bool + default = true +} + +variable "k8s_pool_machine_type" { + type = string + default = "e2-micro" +} + +variable "k8s_pool_disable-legacy-endpoints" { + type = bool + default = true +} + +variable "k8s_pool_oauth_scopes" { + type = list(string) + default = [ + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + ] +} From 39bfff5494d90acce23848e4bb39688ab0df2b66 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Mon, 27 Sep 2021 14:44:22 +0530 Subject: [PATCH 18/23] Update main.tf --- modules/vpc/main.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf index da4de3c0c7..55f4b96429 100644 --- a/modules/vpc/main.tf +++ b/modules/vpc/main.tf @@ -11,6 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +#*************************************************** resource "google_container_cluster" "primary" { @@ -36,6 +37,10 @@ resource "google_container_node_pool" "primary_preemptible_nodes" { location = var.k8s_pool_location cluster = google_container_cluster.primary.name node_count = var.k8s_pool_node_count + autoscaling { + min_node_count = var.k8s_min_node_count + max_node_count = var.k8s_max_node_count + } node_config { preemptible = var.k8s_pool_preemptible machine_type = var.k8s_pool_machine_type From e603cf41646ed360f7e4152e196d01e04abb187e Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Mon, 27 Sep 2021 14:45:27 +0530 Subject: [PATCH 19/23] Update variables.tf --- modules/vpc/variables.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf index f91f697ef6..571c6ee099 100644 --- a/modules/vpc/variables.tf +++ b/modules/vpc/variables.tf @@ -56,10 +56,18 @@ variable "k8s_pool_machine_type" { type = string } + variable "k8s_pool_disable-legacy-endpoints" { type = bool } +variable "k8s_min_node_count" { + type = number +} +variable "k8s_max_node_count" { + type = number +} + variable "k8s_pool_oauth_scopes" { type = list(string) } From c2cc095cb2203e56339cbe7a30a64c61e7dd07ef Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Mon, 27 Sep 2021 14:46:49 +0530 Subject: [PATCH 20/23] Update main.tf --- environments/dev/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/environments/dev/main.tf b/environments/dev/main.tf index a3b8bfe852..bec3d95395 100644 --- a/environments/dev/main.tf +++ b/environments/dev/main.tf @@ -40,6 +40,8 @@ module "kubernetes_engine" { k8s_pool_machine_type = var.k8s_pool_machine_type k8s_pool_disable-legacy-endpoints = var.k8s_pool_disable-legacy-endpoints k8s_pool_oauth_scopes = var.k8s_pool_oauth_scopes + k8s_min_node_count = var.k8s_min_node_count + k8s_max_node_count = var.k8s_max_node_count project = "${var.project}" env = "${local.env}" } From 8c52acfadfa7809e4c757100f74f21f207d83403 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Mon, 27 Sep 2021 14:48:28 +0530 Subject: [PATCH 21/23] Update terraform.tfvars --- environments/dev/terraform.tfvars | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/environments/dev/terraform.tfvars b/environments/dev/terraform.tfvars index 237517c662..1ca5b5bcbe 100644 --- a/environments/dev/terraform.tfvars +++ b/environments/dev/terraform.tfvars @@ -22,12 +22,14 @@ k8s_pool_name="tf-node-pool" k8s_pool_location="us-central1-a" -k8s_pool_node_count=1 +k8s_pool_node_count=2 k8s_pool_preemptible=true -k8s_pool_machine_type="e2-micro" +k8s_pool_machine_type="e2-small" +k8s_min_node_count=1 +k8s_max_node_count=3 k8s_pool_disable-legacy-endpoints=true k8s_pool_oauth_scopes= [ From 05147e786d06e18a31c6a36a867ca7bd0a495760 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Mon, 27 Sep 2021 14:49:07 +0530 Subject: [PATCH 22/23] Update variables.tf --- environments/dev/variables.tf | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/environments/dev/variables.tf b/environments/dev/variables.tf index fcae41b22c..4834687a6f 100644 --- a/environments/dev/variables.tf +++ b/environments/dev/variables.tf @@ -62,7 +62,7 @@ variable "k8s_pool_location" { variable "k8s_pool_node_count" { type = number - default = 1 + default = 2 } variable "k8s_pool_preemptible" { @@ -72,13 +72,22 @@ variable "k8s_pool_preemptible" { variable "k8s_pool_machine_type" { type = string - default = "e2-micro" + default = "e2-small" } variable "k8s_pool_disable-legacy-endpoints" { type = bool default = true } +variable "k8s_min_node_count" { + type = number + default = 1 +} + +variable "k8s_max_node_count" { + type = number + default = 3 +} variable "k8s_pool_oauth_scopes" { type = list(string) From 49a01cbbcbd9b7cdcd9d40615c8436bbe04f89c5 Mon Sep 17 00:00:00 2001 From: monika16p <49428322+monika16p@users.noreply.github.com> Date: Thu, 12 Jun 2025 18:19:02 +0530 Subject: [PATCH 23/23] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d44cdb1cc6..2d7303239f 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ This is the repo for the [Managing infrastructure as code with Terraform, Cloud Build, and GitOps](https://cloud.google.com/solutions/managing-infrastructure-as-code) tutorial. This tutorial explains how to manage infrastructure as code with Terraform and Cloud Build using the popular GitOps methodology. -## Configuring your **dev** environment +## Configuring your **dev** environment... Just for demostration, this step will: 1. Configure an apache2 http server on network '**dev**' and subnet '**dev**-subnet-01'