Add terraform

2020-09-03 16:02:48 +08:00 · 2020-09-03 16:02:48 +08:00 · 56f1f94694
commit 56f1f94694
parent 0d635b9a0e
6 changed files with 173 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -10,4 +10,39 @@ pkg/
 .skaffold-*.yaml
 .kubernetes-manifests-*/
 .project
-.eclipse.buildship.core.prefs
+.eclipse.buildship.core.prefs
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
--- a/terraform/dev/gke.tf
+++ b/terraform/dev/gke.tf
@ -0,0 +1,31 @@
+module "gke" {
+  source     = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
+  project_id = var.project_id
+
+  name = var.gke_name
+
+  regional = false
+  region   = var.region
+  zones    = [var.zone]
+
+  network    = module.vpc.network_name
+  subnetwork = module.vpc.subnets["${var.region}/${var.gke_subnet_name}"].name
+
+  ip_range_pods     = "secondary-range-pods"
+  ip_range_services = "secondary-range-services"
+
+  create_service_account = false
+  service_account        = null
+
+  enable_private_endpoint = false
+  enable_private_nodes    = true
+
+  master_ipv4_cidr_block = var.gke_cidr_range_master
+
+  master_authorized_networks = [
+    {
+      cidr_block   = "0.0.0.0/0"
+      display_name = "Public"
+    },
+  ]
+}
--- a/terraform/dev/network.tf
+++ b/terraform/dev/network.tf
@ -0,0 +1,32 @@
+module "vpc" {
+  source  = "terraform-google-modules/network/google"
+  version = "~> 2.5"
+
+  project_id   = var.project_id
+  network_name = var.network_name
+  routing_mode = "GLOBAL"
+
+  subnets = [
+    {
+      subnet_name           = var.gke_subnet_name
+      subnet_ip             = var.gke_subnet_cidr_range
+      subnet_region         = var.region
+      subnet_private_access = "true"
+      subnet_flow_logs      = "true"
+      description           = "Gke subnet for microservices demo"
+    },
+  ]
+
+  secondary_ranges = {
+    "${var.gke_subnet_name}" = [
+      {
+        range_name    = "secondary-range-pods"
+        ip_cidr_range = var.gke_subnet_cidr_range_pod
+      },
+      {
+        range_name    = "secondary-range-services"
+        ip_cidr_range = var.gke_subnet_cidr_range_services
+      },
+    ]
+  }
+}
--- a/terraform/dev/outputs.tf
+++ b/terraform/dev/outputs.tf
@ -0,0 +1,7 @@
+output "vpc" {
+  value       = module.vpc
+}
+
+output "gke" {
+  value       = module.gke
+}
--- a/terraform/dev/terraform.tfvars
+++ b/terraform/dev/terraform.tfvars
@ -0,0 +1,17 @@
+## Project
+project_id = "cloudcover-sandbox"
+region     = "asia-southeast1"
+zone       = "asia-southeast1-a"
+
+## Network
+network_name = "microservice-demo"
+
+## GKE
+### Subnet
+gke_subnet_name                = "gke-subnet"
+gke_subnet_cidr_range          = "10.10.10.0/24"
+gke_subnet_cidr_range_pod      = "192.168.0.0/22"
+gke_subnet_cidr_range_services = "192.168.4.0/22"
+### Config
+gke_name              = "microservices-demo-gke"
+gke_cidr_range_master = "172.16.0.0/28"
--- a/terraform/dev/variables.tf
+++ b/terraform/dev/variables.tf
@ -0,0 +1,50 @@
+variable "project_id" {
+  description = "Project id"
+  type        = string
+}
+
+variable "region" {
+  description = "Project region"
+  type        = string
+}
+
+variable "zone" {
+  description = "Project zone"
+  type        = string
+}
+
+variable "network_name" {
+  description = "Name of the vpc network"
+  type        = string
+}
+
+variable "gke_subnet_name" {
+  description = "Name of the gke subnet"
+  type        = string
+}
+
+variable "gke_subnet_cidr_range" {
+  description = "Cidr range for gke subnet"
+  type        = string
+}
+
+variable "gke_subnet_cidr_range_pod" {
+  description = "Cidr range for gke subnet pods"
+  type        = string
+}
+
+variable "gke_subnet_cidr_range_services" {
+  description = "Cidr range for gke subnet services"
+  type        = string
+}
+
+variable "gke_cidr_range_master" {
+  description = "Cidr range for gke subnet master ipv4"
+  type        = string
+}
+
+variable "gke_name" {
+  description = "Name for GKE cluster"
+  type        = string
+}
+