From 56f1f94694c4875ad20e89c35f7cd5b60e8794ac Mon Sep 17 00:00:00 2001 From: nadzir Date: Thu, 3 Sep 2020 16:02:48 +0800 Subject: [PATCH] Add terraform --- .gitignore | 37 ++++++++++++++++++++++++- terraform/dev/gke.tf | 31 +++++++++++++++++++++ terraform/dev/network.tf | 32 ++++++++++++++++++++++ terraform/dev/outputs.tf | 7 +++++ terraform/dev/terraform.tfvars | 17 ++++++++++++ terraform/dev/variables.tf | 50 ++++++++++++++++++++++++++++++++++ 6 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 terraform/dev/gke.tf create mode 100644 terraform/dev/network.tf create mode 100644 terraform/dev/outputs.tf create mode 100644 terraform/dev/terraform.tfvars create mode 100644 terraform/dev/variables.tf diff --git a/.gitignore b/.gitignore index 66f5f93..95fd3d7 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,39 @@ pkg/ .skaffold-*.yaml .kubernetes-manifests-*/ .project -.eclipse.buildship.core.prefs \ No newline at end of file +.eclipse.buildship.core.prefs + +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +# +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc diff --git a/terraform/dev/gke.tf b/terraform/dev/gke.tf new file mode 100644 index 0000000..f2ccc84 --- /dev/null +++ b/terraform/dev/gke.tf @@ -0,0 +1,31 @@ +module "gke" { + source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" + project_id = var.project_id + + name = var.gke_name + + regional = false + region = var.region + zones = [var.zone] + + network = module.vpc.network_name + subnetwork = module.vpc.subnets["${var.region}/${var.gke_subnet_name}"].name + + ip_range_pods = "secondary-range-pods" + ip_range_services = "secondary-range-services" + + create_service_account = false + service_account = null + + enable_private_endpoint = false + enable_private_nodes = true + + master_ipv4_cidr_block = var.gke_cidr_range_master + + master_authorized_networks = [ + { + cidr_block = "0.0.0.0/0" + display_name = "Public" + }, + ] +} diff --git a/terraform/dev/network.tf b/terraform/dev/network.tf new file mode 100644 index 0000000..6642ff8 --- /dev/null +++ b/terraform/dev/network.tf @@ -0,0 +1,32 @@ +module "vpc" { + source = "terraform-google-modules/network/google" + version = "~> 2.5" + + project_id = var.project_id + network_name = var.network_name + routing_mode = "GLOBAL" + + subnets = [ + { + subnet_name = var.gke_subnet_name + subnet_ip = var.gke_subnet_cidr_range + subnet_region = var.region + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "Gke subnet for microservices demo" + }, + ] + + secondary_ranges = { + "${var.gke_subnet_name}" = [ + { + range_name = "secondary-range-pods" + ip_cidr_range = var.gke_subnet_cidr_range_pod + }, + { + range_name = "secondary-range-services" + ip_cidr_range = var.gke_subnet_cidr_range_services + }, + ] + } +} diff --git a/terraform/dev/outputs.tf b/terraform/dev/outputs.tf new file mode 100644 index 0000000..d458f91 --- /dev/null +++ b/terraform/dev/outputs.tf @@ -0,0 +1,7 @@ +output "vpc" { + value = module.vpc +} + +output "gke" { + value = module.gke +} diff --git a/terraform/dev/terraform.tfvars b/terraform/dev/terraform.tfvars new file mode 100644 index 0000000..603d814 --- /dev/null +++ b/terraform/dev/terraform.tfvars @@ -0,0 +1,17 @@ +## Project +project_id = "cloudcover-sandbox" +region = "asia-southeast1" +zone = "asia-southeast1-a" + +## Network +network_name = "microservice-demo" + +## GKE +### Subnet +gke_subnet_name = "gke-subnet" +gke_subnet_cidr_range = "10.10.10.0/24" +gke_subnet_cidr_range_pod = "192.168.0.0/22" +gke_subnet_cidr_range_services = "192.168.4.0/22" +### Config +gke_name = "microservices-demo-gke" +gke_cidr_range_master = "172.16.0.0/28" diff --git a/terraform/dev/variables.tf b/terraform/dev/variables.tf new file mode 100644 index 0000000..2b02060 --- /dev/null +++ b/terraform/dev/variables.tf @@ -0,0 +1,50 @@ +variable "project_id" { + description = "Project id" + type = string +} + +variable "region" { + description = "Project region" + type = string +} + +variable "zone" { + description = "Project zone" + type = string +} + +variable "network_name" { + description = "Name of the vpc network" + type = string +} + +variable "gke_subnet_name" { + description = "Name of the gke subnet" + type = string +} + +variable "gke_subnet_cidr_range" { + description = "Cidr range for gke subnet" + type = string +} + +variable "gke_subnet_cidr_range_pod" { + description = "Cidr range for gke subnet pods" + type = string +} + +variable "gke_subnet_cidr_range_services" { + description = "Cidr range for gke subnet services" + type = string +} + +variable "gke_cidr_range_master" { + description = "Cidr range for gke subnet master ipv4" + type = string +} + +variable "gke_name" { + description = "Name for GKE cluster" + type = string +} +