From c3aadb17f6c358857f4a353e5e9e8e2f94157cab Mon Sep 17 00:00:00 2001 From: chaitu6022 Date: Mon, 26 Apr 2021 09:39:40 -0500 Subject: [PATCH 1/8] Reaper Ingress file and output service account. --- gcp/env/outputs.tf | 6 ++++++ test/reaper-ingress.yaml | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 test/reaper-ingress.yaml diff --git a/gcp/env/outputs.tf b/gcp/env/outputs.tf index 9ec12a7..f8e11aa 100644 --- a/gcp/env/outputs.tf +++ b/gcp/env/outputs.tf @@ -29,3 +29,9 @@ output "master_version" { output "bucket_name" { value = module.gcs.bucket_name } + +# Google cloud service account +#----------------------------- +output "service_account" { + value = module.iam.service_account +} diff --git a/test/reaper-ingress.yaml b/test/reaper-ingress.yaml new file mode 100644 index 0000000..e8f9ac6 --- /dev/null +++ b/test/reaper-ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: reaper + namespace: default +spec: + rules: + - http: + paths: + - backend: + serviceName: reaper-nodeport + servicePort: 8080 + path: /webui/* + pathType: ImplementationSpecific +status: + loadBalancer: + ingress: + - ip: 34.117.48.220 From 2e2764299dc6279812f15de5c5677177e053f06d Mon Sep 17 00:00:00 2001 From: chaitu6022 Date: Thu, 29 Apr 2021 09:16:22 -0700 Subject: [PATCH 2/8] Service Account key for access medusa --- gcp/env/outputs.tf | 4 ++++ gcp/modules/gke/main.tf | 2 +- gcp/modules/iam/main.tf | 6 +++++- gcp/modules/iam/outputs.tf | 4 ++++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/gcp/env/outputs.tf b/gcp/env/outputs.tf index f8e11aa..e18173b 100644 --- a/gcp/env/outputs.tf +++ b/gcp/env/outputs.tf @@ -35,3 +35,7 @@ output "bucket_name" { output "service_account" { value = module.iam.service_account } + +output "service_account_key" { + value = module.iam.service_account_key +} diff --git a/gcp/modules/gke/main.tf b/gcp/modules/gke/main.tf index bc6a97d..be6062c 100644 --- a/gcp/modules/gke/main.tf +++ b/gcp/modules/gke/main.tf @@ -73,7 +73,7 @@ resource "google_container_node_pool" "container_node_pool" { node_config { machine_type = var.machine_type preemptible = true - tags = ["http", "ssh", "rdp"] + tags = ["http", "ssh", "tcp"] metadata = { disable-legacy-endpoints = "true" diff --git a/gcp/modules/iam/main.tf b/gcp/modules/iam/main.tf index 702bcd1..beb015f 100644 --- a/gcp/modules/iam/main.tf +++ b/gcp/modules/iam/main.tf @@ -14,11 +14,15 @@ # Create Google Service Account resource "google_service_account" "service_account" { - account_id = format("%s-sa", var.name) + account_id = format("%s-service-account", var.name) display_name = "GKE Security Service Account" project = var.project_id } +resource "google_service_account_key" "service_account_key" { + service_account_id = format(google_service_account.service_account.name) +} + # Add the service account to the project resource "google_project_iam_member" "service_account" { count = length(var.service_account_iam_roles) diff --git a/gcp/modules/iam/outputs.tf b/gcp/modules/iam/outputs.tf index 42bfdd3..5ccc846 100644 --- a/gcp/modules/iam/outputs.tf +++ b/gcp/modules/iam/outputs.tf @@ -16,3 +16,7 @@ output "service_account" { value = google_service_account.service_account.email } + +output "service_account_key" { + value = base64decode(google_service_account_key.service_account_key.private_key) +} From e534883a5fb61e42573abe0bbad9ff4357fcc19b Mon Sep 17 00:00:00 2001 From: chaitu6022 Date: Thu, 29 Apr 2021 10:04:09 -0700 Subject: [PATCH 3/8] Terraform README.md files standardization --- gcp/env/README.md | 62 +++++++++++++++++++++----------- gcp/env/dev.tf | 1 + gcp/env/variables.tf | 6 ++++ gcp/modules/gcs/README.md | 55 ++++++++++++++++------------ gcp/modules/gke/README.md | 56 ++++++++++++++++++----------- gcp/modules/gke/variables.tf | 2 +- gcp/modules/iam/README.md | 54 ++++++++++++++++------------ gcp/modules/vpc/README.md | 70 ++++++++++++++++++++---------------- 8 files changed, 189 insertions(+), 117 deletions(-) diff --git a/gcp/env/README.md b/gcp/env/README.md index 05e321c..2a6f8b5 100644 --- a/gcp/env/README.md +++ b/gcp/env/README.md @@ -82,32 +82,52 @@ module "gcs" { } ``` + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.14 | +| [google](#requirement\_google) | ~> 3.0 | + ## Providers -| NAME | Version | -|-------------------|------------| -| terraform version | 0.14 | -| gcp provider | ~>3.0 | +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [gcs](#module\_gcs) | ../modules/gcs | | +| [gke](#module\_gke) | ../modules/gke | | +| [iam](#module\_iam) | ../modules/iam | | +| [vpc](#module\_vpc) | ../modules/vpc | | + +## Resources + +No resources. ## Inputs -| Name | Description | Type | Required | -|-------------------|----------------|--------|:------------:| -| name | Name of the cluster and prefix of the related resources names | `string` | yes | -| environment | Environment of the infrastructure being buit | `string` | yes | -| project_id | Id of the project which holds the components | `string` | yes | -| region | the region to create the vpc network | `string` | yes | -| k8s_namespace | The namespace to use for the deployment and workload identity binding | `string` | no | -| zone | The zone in which to create the Kubernetes cluster. Must match the region | `string` | yes | -| service_account_iam_roles | iam roles for the service account | `list` | yes | -| service_account_custom_iam_roles | List of arbitrary additional IAM roles to attach to the service account on - the GKE nodes. | `list` | no | -| project_services | The GCP APIs that should be enabled in this project. | `list` | yes | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [environment](#input\_environment) | The environment of the infrastructure being built. | `any` | n/a | yes | +| [k8s\_namespace](#input\_k8s\_namespace) | The namespace to use for the deployment and workload identity binding | `string` | `"default"` | no | +| [machine\_type](#input\_machine\_type) | Type of machines which are used by cluster node pool | `string` | `"e2-highmem-8"` | no | +| [name](#input\_name) | Name of the cluster resources | `string` | `"k8ssandra"` | no | +| [project\_id](#input\_project\_id) | The GCP project in which the components are created. | `string` | `"k8ssandra-testing"` | no | +| [project\_services](#input\_project\_services) | The GCP APIs that should be enabled in this project. | `list(string)` | 
[
  "cloudresourcemanager.googleapis.com",
  "servicenetworking.googleapis.com",
  "container.googleapis.com",
  "compute.googleapis.com",
  "iam.googleapis.com",
  "logging.googleapis.com",
  "monitoring.googleapis.com",
  "sqladmin.googleapis.com",
  "securetoken.googleapis.com"
]
| no | +| [region](#input\_region) | The region in which to create the VPC network | `string` | `"us-central1"` | no | +| [service\_account\_custom\_iam\_roles](#input\_service\_account\_custom\_iam\_roles) | List of arbitrary additional IAM roles to attach to the service account on
the GKE nodes. | `list(string)` | `[]` | no | +| [service\_account\_iam\_roles](#input\_service\_account\_iam\_roles) | List of the default IAM roles to attach to the service account on the GKE Nodes. | `list(string)` | 
[
  "roles/logging.logWriter",
  "roles/monitoring.metricWriter",
  "roles/monitoring.viewer",
  "roles/stackdriver.resourceMetadata.writer"
]
| no | +| [zone](#input\_zone) | The zone in which to create the Kubernetes cluster. Must match the region | `string` | `"us-central-1a"` | no | ## Outputs -| Name | description | -|-------------|:----------------:| -| endpoint | google container cluster endpoint | -| master_version| google container cluster master version | -| bucket_name | google storage bucket name | \ No newline at end of file +| Name | Description | +|------|-------------| +| [bucket\_name](#output\_bucket\_name) | gcs module output attributes ----------------------------- | +| [endpoint](#output\_endpoint) | gke module output attributes ------------------------------ Print GKE cluster endpoint. | +| [master\_version](#output\_master\_version) | Print GKE cluster version. | +| [service\_account](#output\_service\_account) | Google cloud service account ----------------------------- | +| [service\_account\_key](#output\_service\_account\_key) | n/a | diff --git a/gcp/env/dev.tf b/gcp/env/dev.tf index de9ea0b..67662e3 100644 --- a/gcp/env/dev.tf +++ b/gcp/env/dev.tf @@ -28,6 +28,7 @@ module "gke" { name = local.prefix region = var.region project_id = var.project_id + machine_type = var.machine_type network_link = module.vpc.network_selflink subnetwork_link = module.vpc.subnetwork_selflink service_account = module.iam.service_account diff --git a/gcp/env/variables.tf b/gcp/env/variables.tf index 052d583..ff50cb4 100644 --- a/gcp/env/variables.tf +++ b/gcp/env/variables.tf @@ -45,6 +45,12 @@ variable "k8s_namespace" { default = "default" } +variable "machine_type" { + description = "Type of machines which are used by cluster node pool" + type = string + default = "e2-highmem-8" +} + variable "service_account_iam_roles" { type = list(string) diff --git a/gcp/modules/gcs/README.md b/gcp/modules/gcs/README.md index 96e283d..711600c 100644 --- a/gcp/modules/gcs/README.md +++ b/gcp/modules/gcs/README.md @@ -6,31 +6,42 @@ This is a Dynamic modules in Terraform to create a GCS bucket and assign basic p * variables.tf : contains all variables required to create the resources. * outputs.tf : contains output attributes of the resources. -## google cloud resources created -* google cloud storage bucket -* google storage bucket iam member +## Requirements + +No requirements. ## Providers -| NAME | Version | -|-------------------|------------| -| terraform version | 0.14 | -| gcp provider | ~>3.0 | +| Name | Version | +|------|---------| +| [google](#provider\_google) | 3.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [google_storage_bucket.storage_bucket](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket) | resource | +| [google_storage_bucket_iam_member.storage_bucket_iam_member](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource | ## Inputs -| Name | Description | Type | Required | -|-------------------|----------------|--------|:------------:| -| name | name of the cluster and prefix of the related resources names | `string` | yes | -| project_id | Id of the project which holds the components | `string` | yes | -| region | the region to create the vpc network | `string` | yes | -| storage_class | Storage class for the gcs bucket | `string` | no | -| bucket_policy_only | Enables Bucket Policy Only access to a bucket | `boolean` | no | -| role | Role of the google storage bucket iam member | `string` | no | -| service_account | service account email address | `string` | yes | - -## Output - -| Name | description | -|-------------|:----------------:| -| bucket_name | name of the google cloud storage bucket | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [bucket\_policy\_only](#input\_bucket\_policy\_only) | Enables Bucket Policy Only access to a bucket. | `bool` | `true` | no | +| [environment](#input\_environment) | The environment of the infrastructure being built. | `string` | n/a | yes | +| [name](#input\_name) | Globally unique name of the bucket | `string` | n/a | yes | +| [project\_id](#input\_project\_id) | The ID of the project to create the bucket in. | `string` | n/a | yes | +| [region](#input\_region) | location of the bucket | `string` | n/a | yes | +| [role](#input\_role) | Role of the google storage bucket iam member | `string` | `"roles/storage.admin"` | no | +| [service\_account](#input\_service\_account) | service account email address | `string` | n/a | yes | +| [storage\_class](#input\_storage\_class) | Storage class for the gcs bucket | `string` | `null` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [bucket\_name](#output\_bucket\_name) | name of the google cloud storage bucket | diff --git a/gcp/modules/gke/README.md b/gcp/modules/gke/README.md index 3db298a..91c6ff0 100644 --- a/gcp/modules/gke/README.md +++ b/gcp/modules/gke/README.md @@ -5,33 +5,47 @@ This is a Dynamic module in terraform to create GKE cluster. This module will be * variables.tf : contains all the variables required to create the resources. * outputs.tf : prints output attributes of the resources. +## Requirements -## Google cloud resources created -* GKE cluster -* Cluster node pool +No requirements. ## Providers -| NAME | Version | -|-------------------|------------| -| terraform version | 0.14 | -| gcp provider | ~>3.0 | + +| Name | Version | +|------|---------| +| [google](#provider\_google) | 3.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [google_container_cluster.container_cluster](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) | resource | +| [google_container_node_pool.container_node_pool](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool) | resource | ## Inputs -| Name | Description | Type | Required | -|-------------------|----------------|--------|:------------:| -| name | name of the cluster and prefix of the related resources names | `string` | yes | -| project_id | Id of the project which holds the components | `string` | yes | -| region | the region to create the vpc network | `string` | yes | -| initial_node_count | initial node count | `string` | no | -| mechine_type | type of gcp virtuval machine | `string` | no | -| network_link | network link | `string` | yes | -| subnetwork_link | subnetwork_link | `string` | yes | -| service_account | service account email | `string` | yes | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [enable\_private\_endpoint](#input\_enable\_private\_endpoint) | (Beta) Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no | +| [enable\_private\_nodes](#input\_enable\_private\_nodes) | (Beta) Whether nodes have internal IP addresses only | `bool` | `false` | no | +| [environment](#input\_environment) | Name of the environment the infrasstructure is being built. | `string` | n/a | yes | +| [initial\_node\_count](#input\_initial\_node\_count) | n/a | `number` | `1` | no | +| [machine\_type](#input\_machine\_type) | Type of machines which are used by cluster node pool | `string` | `"e2-highmem-8"` | no | +| [master\_ipv4\_cidr\_block](#input\_master\_ipv4\_cidr\_block) | The IP range in CIDR notation (size must be /28) to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network. | `string` | `"10.0.0.0/28"` | no | +| [name](#input\_name) | Name of the cluster | `string` | n/a | yes | +| [network\_link](#input\_network\_link) | network link variable from vpc module outputs | `string` | `""` | no | +| [project\_id](#input\_project\_id) | The project ID where all resources will be launched. | `string` | n/a | yes | +| [region](#input\_region) | The location of the GKE cluster. | `string` | n/a | yes | +| [service\_account](#input\_service\_account) | The name of the custom service account used for the GKE cluster. This parameter is limited to a maximum of 28 characters | `string` | `""` | no | +| [subnetwork\_link](#input\_subnetwork\_link) | subnetworking link variable from vpc module outputs | `string` | `""` | no | ## Outputs -| Name | description | -|-------------|:----------------:| -| endpoint | google container cluster endpoint | -| master_version| google container cluster master version | +| Name | Description | +|------|-------------| +| [endpoint](#output\_endpoint) | End point of the google container cluster. | +| [master\_version](#output\_master\_version) | Master version of Kubernetes cluster. | diff --git a/gcp/modules/gke/variables.tf b/gcp/modules/gke/variables.tf index 1a21726..4a9ef6d 100644 --- a/gcp/modules/gke/variables.tf +++ b/gcp/modules/gke/variables.tf @@ -34,7 +34,7 @@ variable "initial_node_count" { variable "machine_type" { description = "Type of machines which are used by cluster node pool" type = string - default = "n1-standard-8" + default = "e2-highmem-8" } variable "region" { diff --git a/gcp/modules/iam/README.md b/gcp/modules/iam/README.md index 7e5ad93..6792554 100644 --- a/gcp/modules/iam/README.md +++ b/gcp/modules/iam/README.md @@ -5,34 +5,44 @@ This is a Dynamic module in Terraform to create IAM resources. This module will * variables.tf : contains all the variables required to create the resources. * outputs.tf : print output attributes of the resources. +## Requirements -## Google cloud resources created -* Service Account will be created -* IAM member with roles attached -* Custom IAM member with roles attached -* Project Services. - +No requirements. ## Providers -| NAME | Version | -|-------------------|------------| -| terraform version | 0.14 | -| gcp provider | ~>3.0 | -## Inputs +| Name | Version | +|------|---------| +| [google](#provider\_google) | 3.0 | + +## Modules + +No modules. -| Name | Description | Type | Required | -|-------------------|----------------|--------|:------------:| -| name | name of the cluster and prefix of the related resources names | `string` | yes | -| project_id | Id of the project which holds the components | `string` | yes | -| region | the region to create the vpc network | `string` | yes | -| service_account_custom_iam_roles | service account custom iam roles | `list` | no | -| service_account_iam_roles | service account iam roles | `list` | no | -| project_services | The GCP APIs that should be enabled in this project. | `list` | no | +## Resources + +| Name | Type | +|------|------| +| [google_project_iam_member.service_account](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | +| [google_project_iam_member.service_account_custom](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | +| [google_project_service.project_services](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_service) | resource | +| [google_service_account.service_account](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource | +| [google_service_account_key.service_account_key](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_key) | resource | + +## Inputs +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [name](#input\_name) | name of the cluster | `string` | n/a | yes | +| [project\_id](#input\_project\_id) | The project in which to hold the components | `string` | n/a | yes | +| [project\_services](#input\_project\_services) | n/a | `list(string)` | `[]` | no | +| [region](#input\_region) | The region in which to create the VPC network | `string` | n/a | yes | +| [service\_account\_custom\_iam\_roles](#input\_service\_account\_custom\_iam\_roles) | service account custom iam roles | `list(string)` | `[]` | no | +| [service\_account\_iam\_roles](#input\_service\_account\_iam\_roles) | service account custom iam roles | `list(string)` | n/a | yes | ## Outputs -| Name | description | -|-------------|:----------------:| -| service_account | service account email | +| Name | Description | +|------|-------------| +| [service\_account](#output\_service\_account) | Output variable for the service account email | +| [service\_account\_key](#output\_service\_account\_key) | n/a | diff --git a/gcp/modules/vpc/README.md b/gcp/modules/vpc/README.md index 1d5e3e9..73b463d 100644 --- a/gcp/modules/vpc/README.md +++ b/gcp/modules/vpc/README.md @@ -5,44 +5,54 @@ This is a Dynamic module in Terraform to create compute Network(VPC). This modul * variables.tf : contains all the variables required to create the resources. * outputs.tf : print output attributes of the resources. +## Requirements -## Google cloud resources created -* Google Compute Network(VPC) -* Compute Subnet -* Google Compute Firewall -* Compute Router -* Compute Router NAT - +No requirements. ## Providers -| NAME | Version | -|-------------------|------------| -| terraform version | 0.14 | -| GCP provider | ~>3.0 | +| Name | Version | +|------|---------| +| [google](#provider\_google) | 3.0 | -## Inputs +## Modules + +No modules. -| Name | Description | Type | Required | -|-------------------|----------------|--------|:------------:| -| name | name of the cluster and prefix of the related resources names | `string` | yes | -| project_id | Id of the project which holds the components | `string` | yes | -| region | the region to create the vpc network | `string` | yes | -| cidr_block | The IP address range of the VPC in CIDR notation. | `string` | no | -| cidr_subnetwork_width_delta | The difference between your network and subnetwork netmask | `string` | no | -| cidr_subnetwork_spacing | How many subnetwork-mask sized spaces to leave between each subnetwork type | `string` | no | -| secondary_cidr_block | The IP address range of the VPC's secondary address range | `string` | no | -| secondary_cidr_subnetwork_width_delta | The difference between your network and subnetwork's | `string` | no | -| secondary_cidr_subnetwork_spacing | How many subnetwork-mask sized spaces to leave | `string` | no | -| enable_cloud_nat | Whether to enable Cloud NAT. | `bool` | no | -| enable_cloud_nat_logging | Whether the NAT should export logs. | `bool` | no | -| cloud_nat_logging_filter | What filtering should be applied to logs | `string` | no | +## Resources +| Name | Type | +|------|------| +| [google_compute_firewall.http_compute_firewall](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | +| [google_compute_firewall.https_compute_firewall](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | +| [google_compute_firewall.rdp_compute_firewall](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | +| [google_compute_firewall.ssh_compute_firewall](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource | +| [google_compute_network.compute_network](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network) | resource | +| [google_compute_router.vpc_compute_router](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router) | resource | +| [google_compute_router_nat.compute_router_nat](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router_nat) | resource | +| [google_compute_subnetwork.compute_subnetwork](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource | + +## Inputs +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cidr\_block](#input\_cidr\_block) | The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27. | `string` | `"10.0.0.0/16"` | no | +| [cidr\_subnetwork\_spacing](#input\_cidr\_subnetwork\_spacing) | How many subnetwork-mask sized spaces to leave between each subnetwork type. | `number` | `0` | no | +| [cidr\_subnetwork\_width\_delta](#input\_cidr\_subnetwork\_width\_delta) | The difference between your network and subnetwork netmask; an /16 network and a /20 subnetwork would be 4. | `number` | `4` | no | +| [cloud\_nat\_logging\_filter](#input\_cloud\_nat\_logging\_filter) | What filtering should be applied to logs for this NAT. Valid values are: 'ERRORS\_ONLY', 'TRANSLATIONS\_ONLY', 'ALL'. Defaults to 'ERRORS\_ONLY'. | `string` | `"ERRORS_ONLY"` | no | +| [enable\_cloud\_nat](#input\_enable\_cloud\_nat) | Whether to enable Cloud NAT. This can be used to allow private cluster nodes to accesss the internet. Defaults to 'true' | `bool` | `true` | no | +| [enable\_cloud\_nat\_logging](#input\_enable\_cloud\_nat\_logging) | Whether the NAT should export logs. Defaults to 'true'. | `bool` | `true` | no | +| [environment](#input\_environment) | Name of the environment the infrasstructure is being built. | `string` | n/a | yes | +| [name](#input\_name) | name of the cluster | `string` | n/a | yes | +| [project\_id](#input\_project\_id) | The project in which to hold the components | `string` | n/a | yes | +| [region](#input\_region) | The region in which to create the VPC network | `string` | n/a | yes | +| [secondary\_cidr\_block](#input\_secondary\_cidr\_block) | The IP address range of the VPC's secondary address range in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27. | `string` | `"10.1.0.0/16"` | no | +| [secondary\_cidr\_subnetwork\_spacing](#input\_secondary\_cidr\_subnetwork\_spacing) | How many subnetwork-mask sized spaces to leave between each subnetwork type's secondary ranges. | `number` | `0` | no | +| [secondary\_cidr\_subnetwork\_width\_delta](#input\_secondary\_cidr\_subnetwork\_width\_delta) | The difference between your network and subnetwork's secondary range netmask; an /16 network and a /20 subnetwork would be 4. | `number` | `4` | no | ## Outputs -| Name | description | -|-------------|:----------------:| -| network_selflink | compute network link | -| subnetwork_selflink | subnetwork compute link | +| Name | Description | +|------|-------------| +| [network\_selflink](#output\_network\_selflink) | Output variable for the vpc network selflink | +| [subnetwork\_selflink](#output\_subnetwork\_selflink) | Output variable for the subnetwork selflink. | From d8cbf36f943c7ee99e58a22ed4c2991b7183f524 Mon Sep 17 00:00:00 2001 From: chaitu6022 Date: Thu, 29 Apr 2021 10:40:07 -0700 Subject: [PATCH 4/8] Terraform module output variable documentation. --- gcp/env/README.md | 13 +++++++------ gcp/env/outputs.tf | 12 ++++++++++++ gcp/modules/gke/README.md | 7 ++++--- gcp/modules/gke/outputs.tf | 8 ++++++++ gcp/modules/iam/README.md | 6 +++--- gcp/modules/iam/outputs.tf | 5 ++++- gcp/modules/vpc/README.md | 6 +++--- gcp/modules/vpc/outputs.tf | 4 +++- 8 files changed, 44 insertions(+), 17 deletions(-) diff --git a/gcp/env/README.md b/gcp/env/README.md index 2a6f8b5..68834c0 100644 --- a/gcp/env/README.md +++ b/gcp/env/README.md @@ -87,7 +87,7 @@ module "gcs" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.14 | +| [terraform](#requirement\_terraform) | >= 0.12 | | [google](#requirement\_google) | ~> 3.0 | ## Providers @@ -126,8 +126,9 @@ No resources. | Name | Description | |------|-------------| -| [bucket\_name](#output\_bucket\_name) | gcs module output attributes ----------------------------- | -| [endpoint](#output\_endpoint) | gke module output attributes ------------------------------ Print GKE cluster endpoint. | -| [master\_version](#output\_master\_version) | Print GKE cluster version. | -| [service\_account](#output\_service\_account) | Google cloud service account ----------------------------- | -| [service\_account\_key](#output\_service\_account\_key) | n/a | +| [bucket\_name](#output\_bucket\_name) | The name of the GCS bucket. | +| [connect\_cluster](#output\_connect\_cluster) | Configuring GKE cluster access for kubectl | +| [endpoint](#output\_endpoint) | Endpoint for the GKE cluster | +| [master\_version](#output\_master\_version) | Master version of GKE cluster | +| [service\_account](#output\_service\_account) | The E-mail id of the service account. | +| [service\_account\_key](#output\_service\_account\_key) | The service Account Key to configure Medusa backups to use GCS bucket | diff --git a/gcp/env/outputs.tf b/gcp/env/outputs.tf index e18173b..2e53dbc 100644 --- a/gcp/env/outputs.tf +++ b/gcp/env/outputs.tf @@ -16,26 +16,38 @@ #------------------------------ # Print GKE cluster endpoint. output "endpoint" { + description = "Endpoint for the GKE cluster" value = module.gke.endpoint } # Print GKE cluster version. output "master_version" { + description = "Master version of GKE cluster" value = module.gke.master_version } # gcs module output attributes #----------------------------- output "bucket_name" { + description = "The name of the GCS bucket." value = module.gcs.bucket_name } # Google cloud service account #----------------------------- output "service_account" { + description = "The E-mail id of the service account." value = module.iam.service_account } output "service_account_key" { + description = "The service Account Key to configure Medusa backups to use GCS bucket" value = module.iam.service_account_key } + +# Configuring GKE cluster access for kubectl. +#----------------------- +output "connect_cluster" { + description = "Configuring GKE cluster access for kubectl" + value = format("gcloud container clusters get-credentials %s --region %s --project %s", module.gke.cluster_name, var.region, var.project_id) +} diff --git a/gcp/modules/gke/README.md b/gcp/modules/gke/README.md index 91c6ff0..ad29652 100644 --- a/gcp/modules/gke/README.md +++ b/gcp/modules/gke/README.md @@ -13,7 +13,7 @@ No requirements. | Name | Version | |------|---------| -| [google](#provider\_google) | 3.0 | +| [google](#provider\_google) | n/a | ## Modules @@ -47,5 +47,6 @@ No modules. | Name | Description | |------|-------------| -| [endpoint](#output\_endpoint) | End point of the google container cluster. | -| [master\_version](#output\_master\_version) | Master version of Kubernetes cluster. | +| [cluster\_name](#output\_cluster\_name) | GKE cluster name | +| [endpoint](#output\_endpoint) | End point of the google container cluster | +| [master\_version](#output\_master\_version) | Master version of Kubernetes cluster | diff --git a/gcp/modules/gke/outputs.tf b/gcp/modules/gke/outputs.tf index 0db8fe2..3429025 100644 --- a/gcp/modules/gke/outputs.tf +++ b/gcp/modules/gke/outputs.tf @@ -14,10 +14,18 @@ # End point of the google container cluster. output "endpoint" { + description = "End point of the google container cluster" value = google_container_cluster.container_cluster.endpoint } # Master version of Kubernetes cluster. output "master_version" { + description = "Master version of Kubernetes cluster" value = google_container_cluster.container_cluster.master_version } + +# GKE cluster name. +output "cluster_name" { + description = "GKE cluster name" + value = google_container_cluster.container_cluster.name +} diff --git a/gcp/modules/iam/README.md b/gcp/modules/iam/README.md index 6792554..199737b 100644 --- a/gcp/modules/iam/README.md +++ b/gcp/modules/iam/README.md @@ -13,7 +13,7 @@ No requirements. | Name | Version | |------|---------| -| [google](#provider\_google) | 3.0 | +| [google](#provider\_google) | n/a | ## Modules @@ -44,5 +44,5 @@ No modules. | Name | Description | |------|-------------| -| [service\_account](#output\_service\_account) | Output variable for the service account email | -| [service\_account\_key](#output\_service\_account\_key) | n/a | +| [service\_account](#output\_service\_account) | Service Account Email-id | +| [service\_account\_key](#output\_service\_account\_key) | The service Account Key to configure Medusa backups to use GCS bucket | diff --git a/gcp/modules/iam/outputs.tf b/gcp/modules/iam/outputs.tf index 5ccc846..deb23cd 100644 --- a/gcp/modules/iam/outputs.tf +++ b/gcp/modules/iam/outputs.tf @@ -12,11 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Output variable for the service account email +# Output variable for the service account email. output "service_account" { + description = "Service Account Email-id" value = google_service_account.service_account.email } +# Output variable for the service account key. output "service_account_key" { + description = "The service Account Key to configure Medusa backups to use GCS bucket" value = base64decode(google_service_account_key.service_account_key.private_key) } diff --git a/gcp/modules/vpc/README.md b/gcp/modules/vpc/README.md index 73b463d..ff52a1d 100644 --- a/gcp/modules/vpc/README.md +++ b/gcp/modules/vpc/README.md @@ -13,7 +13,7 @@ No requirements. | Name | Version | |------|---------| -| [google](#provider\_google) | 3.0 | +| [google](#provider\_google) | n/a | ## Modules @@ -54,5 +54,5 @@ No modules. | Name | Description | |------|-------------| -| [network\_selflink](#output\_network\_selflink) | Output variable for the vpc network selflink | -| [subnetwork\_selflink](#output\_subnetwork\_selflink) | Output variable for the subnetwork selflink. | +| [network\_selflink](#output\_network\_selflink) | variable for the vpc network selflink | +| [subnetwork\_selflink](#output\_subnetwork\_selflink) | variable for the subnetwork selflink | diff --git a/gcp/modules/vpc/outputs.tf b/gcp/modules/vpc/outputs.tf index a157ac0..710f743 100644 --- a/gcp/modules/vpc/outputs.tf +++ b/gcp/modules/vpc/outputs.tf @@ -12,12 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Output variable for the vpc network selflink +# Output variable for the vpc network selflink. output "network_selflink" { + description = "variable for the vpc network selflink" value = google_compute_network.compute_network.self_link } # Output variable for the subnetwork selflink. output "subnetwork_selflink" { + description = "variable for the subnetwork selflink" value = google_compute_subnetwork.compute_subnetwork.self_link } From 6fe534d309adc6f6b1c44cd1c8ee010021783278 Mon Sep 17 00:00:00 2001 From: chaitu6022 Date: Thu, 29 Apr 2021 14:49:59 -0700 Subject: [PATCH 5/8] Terraform Formatting and tags --- gcp/env/outputs.tf | 12 ++++++------ gcp/modules/gke/main.tf | 2 +- gcp/modules/gke/outputs.tf | 6 +++--- gcp/modules/iam/main.tf | 2 +- gcp/modules/iam/outputs.tf | 4 ++-- gcp/modules/vpc/outputs.tf | 4 ++-- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/gcp/env/outputs.tf b/gcp/env/outputs.tf index 2e53dbc..31da9f1 100644 --- a/gcp/env/outputs.tf +++ b/gcp/env/outputs.tf @@ -17,37 +17,37 @@ # Print GKE cluster endpoint. output "endpoint" { description = "Endpoint for the GKE cluster" - value = module.gke.endpoint + value = module.gke.endpoint } # Print GKE cluster version. output "master_version" { description = "Master version of GKE cluster" - value = module.gke.master_version + value = module.gke.master_version } # gcs module output attributes #----------------------------- output "bucket_name" { description = "The name of the GCS bucket." - value = module.gcs.bucket_name + value = module.gcs.bucket_name } # Google cloud service account #----------------------------- output "service_account" { description = "The E-mail id of the service account." - value = module.iam.service_account + value = module.iam.service_account } output "service_account_key" { description = "The service Account Key to configure Medusa backups to use GCS bucket" - value = module.iam.service_account_key + value = module.iam.service_account_key } # Configuring GKE cluster access for kubectl. #----------------------- output "connect_cluster" { description = "Configuring GKE cluster access for kubectl" - value = format("gcloud container clusters get-credentials %s --region %s --project %s", module.gke.cluster_name, var.region, var.project_id) + value = format("gcloud container clusters get-credentials %s --region %s --project %s", module.gke.cluster_name, var.region, var.project_id) } diff --git a/gcp/modules/gke/main.tf b/gcp/modules/gke/main.tf index be6062c..5384338 100644 --- a/gcp/modules/gke/main.tf +++ b/gcp/modules/gke/main.tf @@ -73,7 +73,7 @@ resource "google_container_node_pool" "container_node_pool" { node_config { machine_type = var.machine_type preemptible = true - tags = ["http", "ssh", "tcp"] + tags = ["http", "ssh"] metadata = { disable-legacy-endpoints = "true" diff --git a/gcp/modules/gke/outputs.tf b/gcp/modules/gke/outputs.tf index 3429025..057479e 100644 --- a/gcp/modules/gke/outputs.tf +++ b/gcp/modules/gke/outputs.tf @@ -15,17 +15,17 @@ # End point of the google container cluster. output "endpoint" { description = "End point of the google container cluster" - value = google_container_cluster.container_cluster.endpoint + value = google_container_cluster.container_cluster.endpoint } # Master version of Kubernetes cluster. output "master_version" { description = "Master version of Kubernetes cluster" - value = google_container_cluster.container_cluster.master_version + value = google_container_cluster.container_cluster.master_version } # GKE cluster name. output "cluster_name" { description = "GKE cluster name" - value = google_container_cluster.container_cluster.name + value = google_container_cluster.container_cluster.name } diff --git a/gcp/modules/iam/main.tf b/gcp/modules/iam/main.tf index beb015f..d22de38 100644 --- a/gcp/modules/iam/main.tf +++ b/gcp/modules/iam/main.tf @@ -14,7 +14,7 @@ # Create Google Service Account resource "google_service_account" "service_account" { - account_id = format("%s-service-account", var.name) + account_id = format("%s-sa", var.name) display_name = "GKE Security Service Account" project = var.project_id } diff --git a/gcp/modules/iam/outputs.tf b/gcp/modules/iam/outputs.tf index deb23cd..265fade 100644 --- a/gcp/modules/iam/outputs.tf +++ b/gcp/modules/iam/outputs.tf @@ -15,11 +15,11 @@ # Output variable for the service account email. output "service_account" { description = "Service Account Email-id" - value = google_service_account.service_account.email + value = google_service_account.service_account.email } # Output variable for the service account key. output "service_account_key" { description = "The service Account Key to configure Medusa backups to use GCS bucket" - value = base64decode(google_service_account_key.service_account_key.private_key) + value = base64decode(google_service_account_key.service_account_key.private_key) } diff --git a/gcp/modules/vpc/outputs.tf b/gcp/modules/vpc/outputs.tf index 710f743..9e8e3e8 100644 --- a/gcp/modules/vpc/outputs.tf +++ b/gcp/modules/vpc/outputs.tf @@ -15,11 +15,11 @@ # Output variable for the vpc network selflink. output "network_selflink" { description = "variable for the vpc network selflink" - value = google_compute_network.compute_network.self_link + value = google_compute_network.compute_network.self_link } # Output variable for the subnetwork selflink. output "subnetwork_selflink" { description = "variable for the subnetwork selflink" - value = google_compute_subnetwork.compute_subnetwork.self_link + value = google_compute_subnetwork.compute_subnetwork.self_link } From 432a739d56920a8d7879b32077531b3e73633bbc Mon Sep 17 00:00:00 2001 From: chaitu6022 Date: Thu, 29 Apr 2021 15:41:36 -0700 Subject: [PATCH 6/8] Terraform backed documentation --- gcp/README.md | 17 +++++++++++++++++ gcp/env/README.md | 2 +- gcp/modules/gcs/README.md | 3 +-- 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/gcp/README.md b/gcp/README.md index 5c783f7..dcbb365 100644 --- a/gcp/README.md +++ b/gcp/README.md @@ -105,6 +105,23 @@ gcloud init If you created your Google cloud account newly, Google Compute Engine enforces quotas on resource usage for a variety of reasons. For example, quotas protect the community of Google Cloud users by preventing unforeseen spikes in usage, Google keep some soft limitations on the resources, you can always make a request to increase your quota limit. If you are planning to deploy k8ssandra cluster on GKE, you will need to make a request to increase your **Compute Engine API (backend services)** quota to `50` for the future use. +### Backend + * Terraform uses persistent state data to keep track of the resources it manages. Since it needs the state in order to know which real-world infrastructure objects correspond to the resources in a configuration, everyone working with a given collection of infrastructure resources must be able to access the same state data. + * Terraform backend configuration: + [Configuring your backend in aws gcs](https://www.terraform.io/docs/language/settings/backends/gcs.html) + * Terraform state + [How Terraform state works](https://www.terraform.io/docs/language/state/index.html) + +Sample template to configure your backend in gcs bucket: +``` + terraform { + backend "gcs" { + bucket = "" + prefix = "" + } + } +``` + ### Tools * Access to an existing Google Cloud project as a owner or a developer. diff --git a/gcp/env/README.md b/gcp/env/README.md index 68834c0..5ac6c75 100644 --- a/gcp/env/README.md +++ b/gcp/env/README.md @@ -52,7 +52,7 @@ module "iam" { ``` ## vpc example module -Usage: The following module call will create google compute network(VPC) and Gooogle Compute Subnet resources. Resources will be configured using the following input variables on this module. +Usage: The following module call will create google compute network(VPC) and Google Compute Subnet resources. Resources will be configured using the following input variables on this module. ``` # Module used for creating a google compute network. diff --git a/gcp/modules/gcs/README.md b/gcp/modules/gcs/README.md index 711600c..742ea2b 100644 --- a/gcp/modules/gcs/README.md +++ b/gcp/modules/gcs/README.md @@ -1,6 +1,5 @@ # Terraform google cloud storage module -This is a Dynamic modules in Terraform to create a GCS bucket and assign basic persmissions to the users. - +This is a Dynamic modules in Terraform to create a GCS bucket and assign basic permissions to the users. * main.tf : contains all the resources which will be created with `terraform apply` command. * variables.tf : contains all variables required to create the resources. From 2baca414f3443cb9f25411fc55c829eaf8ce4094 Mon Sep 17 00:00:00 2001 From: chaitu6022 Date: Fri, 30 Apr 2021 11:58:28 -0700 Subject: [PATCH 7/8] Update reaper-ingress.yaml --- test/reaper-ingress.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/reaper-ingress.yaml b/test/reaper-ingress.yaml index e8f9ac6..511c182 100644 --- a/test/reaper-ingress.yaml +++ b/test/reaper-ingress.yaml @@ -12,7 +12,3 @@ spec: servicePort: 8080 path: /webui/* pathType: ImplementationSpecific -status: - loadBalancer: - ingress: - - ip: 34.117.48.220 From 4c36c42cf61ea98918bf9f2bc41fe7d6e7a060a6 Mon Sep 17 00:00:00 2001 From: chaitu6022 Date: Wed, 19 May 2021 10:59:03 -0700 Subject: [PATCH 8/8] Terraform backend configuration template. --- gcp/env/backend.tf | 22 ---------------------- gcp/modules/gke/README.md | 4 ++-- gcp/scripts/destroy.sh | 17 +++++++++++++++-- gcp/scripts/init.sh | 13 +++++++++++-- 4 files changed, 28 insertions(+), 28 deletions(-) delete mode 100644 gcp/env/backend.tf diff --git a/gcp/env/backend.tf b/gcp/env/backend.tf deleted file mode 100644 index b536497..0000000 --- a/gcp/env/backend.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2021 Datastax LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Backend GCS bucket for terraform statefiles. -# Delete the backend file for local testing. -terraform { - backend "gcs" { - bucket = "tf-state-files-k8ssandra-testing" - prefix = "terraform/" - } -} diff --git a/gcp/modules/gke/README.md b/gcp/modules/gke/README.md index ad29652..11dd913 100644 --- a/gcp/modules/gke/README.md +++ b/gcp/modules/gke/README.md @@ -32,7 +32,7 @@ No modules. |------|-------------|------|---------|:--------:| | [enable\_private\_endpoint](#input\_enable\_private\_endpoint) | (Beta) Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no | | [enable\_private\_nodes](#input\_enable\_private\_nodes) | (Beta) Whether nodes have internal IP addresses only | `bool` | `false` | no | -| [environment](#input\_environment) | Name of the environment the infrasstructure is being built. | `string` | n/a | yes | +| [environment](#input\_environment) | Name of the environment the infrastructure is being built. | `string` | n/a | yes | | [initial\_node\_count](#input\_initial\_node\_count) | n/a | `number` | `1` | no | | [machine\_type](#input\_machine\_type) | Type of machines which are used by cluster node pool | `string` | `"e2-highmem-8"` | no | | [master\_ipv4\_cidr\_block](#input\_master\_ipv4\_cidr\_block) | The IP range in CIDR notation (size must be /28) to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network. | `string` | `"10.0.0.0/28"` | no | @@ -41,7 +41,7 @@ No modules. | [project\_id](#input\_project\_id) | The project ID where all resources will be launched. | `string` | n/a | yes | | [region](#input\_region) | The location of the GKE cluster. | `string` | n/a | yes | | [service\_account](#input\_service\_account) | The name of the custom service account used for the GKE cluster. This parameter is limited to a maximum of 28 characters | `string` | `""` | no | -| [subnetwork\_link](#input\_subnetwork\_link) | subnetworking link variable from vpc module outputs | `string` | `""` | no | +| [subnetwork\_link](#input\_subnetwork\_link) | subnetwork link variable from vpc module outputs | `string` | `""` | no | ## Outputs diff --git a/gcp/scripts/destroy.sh b/gcp/scripts/destroy.sh index d45c466..516384c 100644 --- a/gcp/scripts/destroy.sh +++ b/gcp/scripts/destroy.sh @@ -28,8 +28,21 @@ source "${ROOT}/scripts/common.sh" # Exporting the bucket name as an environment variable. export bucket_name="${TF_VAR_name}-${TF_VAR_project_id}-statefiles" -# Make destroy : this command will destroy the GKE cluster- infrastructure -cd "${ROOT}"/env +# Generate Backend Template to store Terraform State files. +readonly backend_config="terraform { + backend \"gcs\" { + bucket = \"${bucket_name}\" + prefix = \"terraform/${TF_VAR_environment}/\" + } +}" + +# Terraform initialize should run on env folder. +cd "${ROOT}/env" +echo -e "${backend_config}" > backend.tf + +# Terraform initinalize the back +end bucket +terraform init -input=false # Select the environment workspace where you want destroy all your resources terraform workspace select $"TF_VAR_environment" diff --git a/gcp/scripts/init.sh b/gcp/scripts/init.sh index 8bb6bf3..c77f5de 100644 --- a/gcp/scripts/init.sh +++ b/gcp/scripts/init.sh @@ -33,11 +33,20 @@ export bucket_name="${TF_VAR_name}-${TF_VAR_project_id}-statefiles" # Create Google cloud storage bucket to store the state files. source "${ROOT}/gcp/scripts/make_bucket.py" -# Terraform initialize and run cd gcp/env +# Generate Backend Template to store Terraform State files. +readonly backend_config="terraform { + backend \"gcs\" { + bucket = \"${bucket_name}\" + prefix = \"terraform/${TF_VAR_environment}/\" + } +}" + +# Terraform initialize should run on env folder. cd "${ROOT}/env" +echo -e "${backend_config}" > backend.tf # Terraform initinalize the backend bucket -terraform init -input=false -backend-config="bucket=${bucket_name}" -backend-config="prefix=terraform/${TF_VAR_environment}/" +terraform init -input=false # Create workspace based on the environment, by doing this you don't overlap wih the resources in different environments. terraform workspace new "$TF_VAR_environment" || terraform workspace select "$TF_VAR_environment"