cycloidio · tormath1 · Oct 22, 2020 · Oct 28, 2020 · Oct 28, 2020 · Oct 28, 2020
diff --git a/generate/testdata/stack-gke/gke.tf b/generate/testdata/stack-gke/gke.tf
@@ -0,0 +1,195 @@
+# Put here a custom name for the GKE Cluster
+# Otherwise `${var.project}-${var.env}` will be used
+locals {
+ cluster_name = ""
+}
+
+# https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters
+# You cannot use a cluster master, node, Pod, or Service IP range that overlaps with 172.17.0.0/16.
+# The size of the RFC 1918 block for the cluster master must be /28.
+
+module "vpc" {
+ #####################################
+ # Do not modify the following lines #
+ source = "./module-vpc"
+
+ project = var.project
+ env = var.env
+ customer = var.customer
+
+ #####################################
+
+ ###
+ # General
+ ###
+
+ #. gcp_project (required):
+ #+ The Google Cloud Platform project to use. 
+ gcp_project = var.gcp_project
+
+ #. gcp_region (optional): eu-central1
+ #+ The Google Cloud Platform region to use.
+ gcp_region = var.gcp_region
+
+ #. extra_labels (optional): {}
+ #+ Dict of extra labels to add on aws resources. format { "foo" = "bar" }.
+
+ ###
+ # Networking
+ ###
+
+ #. subnet_cidr (optional): 10.8.0.0/16
+ #+ The CIDR of the VPC subnet.
+ subnet_cidr = "10.8.0.0/16"
+
+ #. pods_cidr (optional): 10.9.0.0/16
+ #+ The CIDR of the pods secondary range.
+ pods_cidr = "10.9.0.0/16"
+
+ #. services_cidr (optional): 10.10.0.0/16
+ #+ The CIDR of the services secondary range.
+ services_cidr = "10.10.0.0/16"
+
+ #. network_routing_mode (optional): GLOBAL
+ #+ The network routing mode.
+
+ ###
+ # Required (should probably not be touched)
+ ###
+
+ cluster_name = local.gke_cluster_name
+}
+
+module "gke" {
+ #####################################
+ # Do not modify the following lines #
+ source = "./module-gke"
+
+ project = var.project
+ env = var.env
+ customer = var.customer
+
+ #####################################
+
+ ###
+ # General
+ ###
+
+ #. gcp_project (required):
+ #+ The Google Cloud Platform project to use. 
+ gcp_project = var.gcp_project
+
+ #. gcp_region (optional): eu-central1
+ #+ The Google Cloud Platform region to use.
+ gcp_region = var.gcp_region
+
+ #. gcp_zones (optional): []
+ #+ To use specific Google Cloud Platform zones if not regional, otherwise it will be chosen randomly.
+
+ #. extra_labels (optional): {}
+ #+ Dict of extra labels to add on GCP resources. format { "foo" = "bar" }.
+
+ ###
+ # Control plane
+ ###
+
+ #. cluster_version (optional): latest
+ #+ GKE Cluster version to use.
+
+ #. cluster_release_channel (optional): UNSPECIFIED
+ #+ GKE Cluster release channel to use. Accepted values are UNSPECIFIED, RAPID, REGULAR and STABLE.
+
+ #. cluster_regional (optional): false
+ #+ If the GKE Cluster must be regional or zonal. Be careful, this setting is destructive.
+
+ #. enable_only_private_endpoint (optional): false
+ #+ If true, only enable the private endpoint which disable the Public endpoint entirely. If false, private endpoint will be enabled, and the public endpoint will be only accessible by master authorized networks.
+
+ #. master_authorized_networks (optional): []
+ #+ List of master authorized networks.
+ # master_authorized_networks = [
+ # {
+ # name: "my-ip",
+ # cidr: "x.x.x.x/32"
+ # }
+ # ]
+
+ #. enable_network_policy (optional): true
+ #+ Enable GKE Cluster network policies addon.
+
+ #. enable_horizontal_pod_autoscaling (optional): true
+ #+ Enable GKE Cluster horizontal pod autoscaling addon.
+
+ #. enable_vertical_pod_autoscaling (optional): false
+ #+ Enable GKE Cluster vertical pod autoscaling addon. Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.
+
+ #. enable_http_load_balancing (optional): false
+ #+ Enable GKE Cluster HTTP load balancing addon.
+
+ #. enable_binary_authorization (optional): false
+ #+ Enable GKE Cluster BinAuthZ Admission controller.
+
+ #. enable_cloudrun (optional): false
+ #+ Enable GKE Cluster Cloud Run for Anthos addon.
+
+ #. enable_istio (optional): false
+ #+ Enable GKE Cluster Istio addon.
+
+ ###
+ # Node pools
+ ###
+
+ #. node_pools (optional): []
+ #+ GKE Cluster node pools to create.
+ node_pools = [
+ {
+ name = "my-node-pool"
+ machine_type = "n1-standard-1"
+ image_type = "COS"
+
+ auto_repair = true
+ auto_upgrade = false
+ preemptible = false
+
+ autoscaling = true
+ initial_node_count = 1
+ min_count = 1
+ max_count = 1
+
+ # autoscaling = false
+ # node_count = 1
+
+ local_ssd_count = 0
+ disk_size_gb = 100
+ disk_type = "pd-ssd"
+
+ # service_account = ""
+ # accelerator_count = 0
+ # accelerator_type = ""
+
+ # oauth_scopes = []
+ # metadata = {}
+ # labels = {}
+ # taints = []
+ # tags = []
+ },
+ ]
+
+ #. enable_shielded_nodes (optional): true
+ #+ Enable GKE Cluster Shielded Nodes features on all nodes.
+
+ #. enable_sandbox (optional): false
+ #+ Enable GKE Sandbox (Do not forget to set image_type = COS_CONTAINERD and node_version = 1.12.7-gke.17 or later to use it).
+
+ #. default_max_pods_per_node (optional): 110
+ #+ The maximum number of pods to schedule per node.
+
+ ###
+ # Required (should probably not be touched)
+ ###
+
+ cluster_name = local.gke_cluster_name
+ subnet_name = module.vpc.subnet_name
+ pods_ip_range = module.vpc.pods_ip_range
+ services_ip_range = module.vpc.services_ip_range
+}
diff --git a/generate/testdata/stack-gke/module-gke/control_plane.tf b/generate/testdata/stack-gke/module-gke/control_plane.tf
@@ -0,0 +1,150 @@
+
+data "google_compute_subnetwork" "subnetwork" {
+ name = var.subnet_name
+ project = var.gcp_project
+ region = var.gcp_region
+}
+
+module "gcp-gke" {
+ source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster-update-variant"
+ version = "~> 6.1"
+
+ project_id = var.gcp_project
+ region = var.gcp_region
+
+ name = var.cluster_name
+ description = "${var.cluster_name} GKE Cluster deployed via the cycloid.io GKE stack. Customer: ${var.customer}, Project: ${var.project}, Env: ${var.env}."
+ regional = var.cluster_regional
+ zones = local.gcp_available_zones
+ kubernetes_version = var.cluster_version
+ release_channel = var.cluster_release_channel
+
+ // This craziness gets a plain network name from the reference link which is the
+ // only way to force cluster creation to wait on network creation without a
+ // depends_on link. Tests use terraform 0.12.6, which does not have regex or regexall
+ network = reverse(split("/", data.google_compute_subnetwork.subnetwork.network))[0]
+
+ subnetwork = data.google_compute_subnetwork.subnetwork.name
+ ip_range_pods = var.pods_ip_range
+ ip_range_services = var.services_ip_range
+
+ # security
+ create_service_account = true
+ enable_private_endpoint = var.enable_only_private_endpoint
+ grant_registry_access = var.grant_registry_access
+ disable_legacy_metadata_endpoints = var.disable_legacy_metadata_endpoints
+ enable_intranode_visibility = var.enable_intranode_visibility
+ enable_shielded_nodes = var.enable_shielded_nodes
+ node_metadata = "SECURE"
+ sandbox_enabled = var.enable_sandbox
+
+ # { state = "ENCRYPTED", key_name = "" }
+ # database_encryption
+
+ # addons
+ network_policy = var.enable_network_policy
+ network_policy_provider = var.network_policy_provider
+ horizontal_pod_autoscaling = var.enable_horizontal_pod_autoscaling
+ enable_vertical_pod_autoscaling = var.enable_vertical_pod_autoscaling
+ http_load_balancing = var.enable_http_load_balancing
+ enable_binary_authorization = var.enable_binary_authorization
+ cloudrun = var.enable_cloudrun
+ istio = var.enable_istio
+
+ # settings
+ default_max_pods_per_node = var.default_max_pods_per_node
+ maintenance_start_time = var.maintenance_start_time
+ logging_service = "logging.googleapis.com/kubernetes"
+ monitoring_service = "monitoring.googleapis.com/kubernetes"
+
+ master_ipv4_cidr_block = var.master_cidr
+ master_authorized_networks = concat(
+ [
+ {
+ cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+ display_name = "VPC"
+ },
+ ],
+ [
+ for allowed_ip in var.master_authorized_networks: {
+ cidr_block = allowed_ip["cidr"]
+ display_name = allowed_ip["name"]
+ }
+ ]
+ )
+
+ enable_private_nodes = true
+ remove_default_node_pool = true
+ node_pools = var.node_pools
+
+ node_pools_oauth_scopes = merge(
+ {
+ all = [
+ "https://www.googleapis.com/auth/cloud-platform",
+ "https://www.googleapis.com/auth/devstorage.read_only",
+ "https://www.googleapis.com/auth/logging.write",
+ "https://www.googleapis.com/auth/monitoring",
+ "https://www.googleapis.com/auth/service.management.readonly",
+ "https://www.googleapis.com/auth/servicecontrol",
+ "https://www.googleapis.com/auth/trace.append",
+ ]
+ },
+ zipmap(
+ [for node_pool in var.node_pools : node_pool["name"]],
+ [for node_pool in var.node_pools : lookup(node_pool, "oauth_scopes", [])]
+ ),
+ )
+
+ node_pools_labels = merge(
+ {
+ all = {}
+ },
+ zipmap(
+ [for node_pool in var.node_pools : node_pool["name"]],
+ [for node_pool in var.node_pools : lookup(node_pool, "labels", {})]
+ ),
+ )
+
+ node_pools_metadata = merge(
+ {
+ all = {
+ shutdown-script = file("${path.module}/data/shutdown-script.sh")
+ }
+ },
+ zipmap(
+ [for node_pool in var.node_pools : node_pool["name"]],
+ [for node_pool in var.node_pools : lookup(node_pool, "metadata", {})]
+ ),
+ )
+
+ node_pools_taints = merge(
+ {
+ all = []
+ },
+ zipmap(
+ [for node_pool in var.node_pools : node_pool["name"]],
+ [for node_pool in var.node_pools : lookup(node_pool, "taints", [])]
+ ),
+ )
+
+ node_pools_tags = merge(
+ {
+ all = []
+ },
+ zipmap(
+ [for node_pool in var.node_pools : node_pool["name"]],
+ [for node_pool in var.node_pools : lookup(node_pool, "tags", [])]
+ ),
+ )
+
+ cluster_resource_labels = merge(local.merged_labels, {
+ name = "${var.project}-${var.env}-gke-cluster"
+ })
+
+ # gcloud and jq commands not available in the concourse terraform-resource.
+ # By doing that, `stub_domains` and `upstream_nameservers` variables can't be use.
+ skip_provisioners = true
+}
+
+data "google_client_config" "default" {
+}
diff --git a/generate/testdata/stack-gke/module-gke/data/shutdown-script.sh b/generate/testdata/stack-gke/module-gke/data/shutdown-script.sh
@@ -0,0 +1,17 @@
+ #!/bin/bash -e
+
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kubectl --kubeconfig=/var/lib/kubelet/kubeconfig drain --force=true --ignore-daemonsets=true --delete-local-data "$HOSTNAME"