Merge pull request #321 from alekhyal/master

Example to create private cluster with node pool specifications along…

Author: Aaron Lane

examples/regional_private_node_pool_oauth_scopes/README.md

@@ -0,0 +1,44 @@
+# Regional Private Cluster with node pool and oauth scopes
+
+This example illustrates how to create a private cluster with node pool specifications, oauth scopes along with required network and subnet creation.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| project\_id | The project ID to host the cluster in | string | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ca\_certificate | Cluster ca certificate (base64 encoded) |
+| cluster\_name | Cluster name |
+| endpoint | Cluster endpoint |
+| horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled |
+| http\_load\_balancing\_enabled | Whether http load balancing enabled |
+| location | Cluster location (region if regional cluster, zone if zonal cluster) |
+| logging\_service | Logging service used |
+| master\_authorized\_networks\_config | Networks from which access to master is permitted |
+| master\_version | Current master kubernetes version |
+| min\_master\_version | Minimum master kubernetes version |
+| monitoring\_service | Monitoring service used |
+| network\_module | network module output |
+| network\_policy\_enabled | Whether network policy enabled |
+| node\_pools\_names | List of node pools names |
+| node\_pools\_versions | List of node pools versions |
+| region | Cluster region |
+| service\_account | The service account to default running nodes as if not overridden in `node_pools`. |
+| subnets\_ips | The IP and cidrs of the subnets being created |
+| subnets\_secondary\_ranges | The secondary ranges associated with these subnets |
+| type | Cluster type (regional / zonal) |
+| zones | List of zones in which the cluster resides |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure

examples/regional_private_node_pool_oauth_scopes/main.tf

@@ -0,0 +1,104 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "gke" {
+  source                            = "../../modules/private-cluster"
+  project_id                        = var.project_id
+  name                              = "random-test-cluster"
+  region                            = "us-west1"
+  regional                          = true
+  network                           = module.gke-network.network_name
+  subnetwork                        = module.gke-network.subnets_names[0]
+  ip_range_pods                     = module.gke-network.subnets_secondary_ranges[0].*.range_name[0]
+  ip_range_services                 = module.gke-network.subnets_secondary_ranges[0].*.range_name[1]
+  enable_private_endpoint           = true
+  enable_private_nodes              = true
+  master_ipv4_cidr_block            = "172.16.0.16/28"
+  network_policy                    = true
+  horizontal_pod_autoscaling        = true
+  service_account                   = "create"
+  remove_default_node_pool          = true
+  disable_legacy_metadata_endpoints = true
+
+  master_authorized_networks_config = [
+    {
+      cidr_blocks = [
+        {
+          cidr_block   = module.gke-network.subnets_ips[0]
+          display_name = "VPC"
+        },
+      ]
+    },
+  ]
+
+  node_pools = [
+    {
+      name               = "my-node-pool"
+      machine_type       = "n1-standard-1"
+      min_count          = 1
+      max_count          = 1
+      disk_size_gb       = 100
+      disk_type          = "pd-ssd"
+      image_type         = "COS"
+      auto_repair        = true
+      auto_upgrade       = false
+      preemptible        = false
+      initial_node_count = 1
+    },
+  ]
+
+  node_pools_oauth_scopes = {
+    all = [
+      "https://www.googleapis.com/auth/trace.append",
+      "https://www.googleapis.com/auth/service.management.readonly",
+      "https://www.googleapis.com/auth/monitoring",
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/servicecontrol",
+    ]
+
+    my-node-pool = [
+      "https://www.googleapis.com/auth/trace.append",
+      "https://www.googleapis.com/auth/service.management.readonly",
+      "https://www.googleapis.com/auth/monitoring",
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/servicecontrol",
+    ]
+  }
+
+  node_pools_labels = {
+
+    all = {
+
+    }
+    my-node-pool = {
+
+    }
+  }
+
+  node_pools_metadata = {
+    all = {}
+
+    my-node-pool = {}
+
+  }
+
+  node_pools_tags = {
+    all = []
+
+    my-node-pool = []
+
+  }
+}

examples/regional_private_node_pool_oauth_scopes/network.tf

@@ -0,0 +1,42 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "gke-network" {
+  source       = "terraform-google-modules/network/google"
+  version      = "~> 1.5"
+  project_id   = var.project_id
+  network_name = "random-gke-network"
+
+  subnets = [
+    {
+      subnet_name   = "random-gke-subnet"
+      subnet_ip     = "10.0.0.0/24"
+      subnet_region = "us-west1"
+    },
+  ]
+
+  secondary_ranges = {
+    "random-gke-subnet" = [
+      {
+        range_name    = "random-ip-range-pods"
+        ip_cidr_range = "10.1.0.0/16"
+      },
+      {
+        range_name    = "random-ip-range-services"
+        ip_cidr_range = "10.2.0.0/20"
+      },
+  ] }
+}

examples/regional_private_node_pool_oauth_scopes/outputs.tf

@@ -0,0 +1,122 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "cluster_name" {
+  description = "Cluster name"
+  value       = module.gke.name
+}
+
+output "type" {
+  description = "Cluster type (regional / zonal)"
+  value       = module.gke.type
+}
+
+output "location" {
+  description = "Cluster location (region if regional cluster, zone if zonal cluster)"
+  value       = module.gke.location
+}
+
+output "region" {
+  description = "Cluster region"
+  value       = module.gke.region
+}
+
+output "zones" {
+  description = "List of zones in which the cluster resides"
+  value       = module.gke.zones
+}
+
+output "endpoint" {
+  sensitive   = true
+  description = "Cluster endpoint"
+  value       = module.gke.endpoint
+}
+
+output "min_master_version" {
+  description = "Minimum master kubernetes version"
+  value       = module.gke.min_master_version
+}
+
+output "logging_service" {
+  description = "Logging service used"
+  value       = module.gke.logging_service
+}
+
+output "monitoring_service" {
+  description = "Monitoring service used"
+  value       = module.gke.monitoring_service
+}
+
+output "master_authorized_networks_config" {
+  description = "Networks from which access to master is permitted"
+  value       = module.gke.master_authorized_networks_config
+}
+
+output "master_version" {
+  description = "Current master kubernetes version"
+  value       = module.gke.master_version
+}
+
+output "ca_certificate" {
+  sensitive   = true
+  description = "Cluster ca certificate (base64 encoded)"
+  value       = module.gke.ca_certificate
+}
+
+output "network_policy_enabled" {
+  description = "Whether network policy enabled"
+  value       = module.gke.network_policy_enabled
+}
+
+output "http_load_balancing_enabled" {
+  description = "Whether http load balancing enabled"
+  value       = module.gke.http_load_balancing_enabled
+}
+
+output "horizontal_pod_autoscaling_enabled" {
+  description = "Whether horizontal pod autoscaling enabled"
+  value       = module.gke.horizontal_pod_autoscaling_enabled
+}
+
+output "node_pools_names" {
+  description = "List of node pools names"
+  value       = module.gke.node_pools_names
+}
+
+output "node_pools_versions" {
+  description = "List of node pools versions"
+  value       = module.gke.node_pools_versions
+}
+
+output "service_account" {
+  description = "The service account to default running nodes as if not overridden in `node_pools`."
+  value       = module.gke.service_account
+}
+
+output "network_module" {
+  description = "network module output"
+  value       = module.gke-network
+}
+
+output "subnets_ips" {
+  description = "The IP and cidrs of the subnets being created"
+  value       = module.gke-network.subnets_ips
+}
+
+output "subnets_secondary_ranges" {
+  description = "The secondary ranges associated with these subnets"
+  value       = module.gke-network.subnets_secondary_ranges
+}

examples/regional_private_node_pool_oauth_scopes/provider.tf

@@ -0,0 +1,23 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "google" {
+  version = "2.18.0"
+}
+
+provider "google-beta" {
+  version = "2.18.0"
+}

examples/regional_private_node_pool_oauth_scopes/variables.tf

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The project ID to host the cluster in"
+}