Merge branch 'master' into 37-disable-client-cert

Author: coryodaniel

CHANGELOG.md

@@ -14,6 +14,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 * Add `basic_auth_username` set to `""` by default #40
 * Add `basic_auth_password` set to `""` by default #40
 * Add `issue_client_certificate` set to `false` by default #40
+* Add `initial_node_count` parameter to node_pool block. #60 
 
 ## [v0.4.0] - 2018-12-19
 ### Added

Makefile

@@ -85,6 +85,11 @@ test_integration:
 generate_docs:
 	@source test/make.sh && generate_docs
 
+.PHONY: generate
+generate:
+	@pip install --user -r ./helpers/generate_modules/requirements.txt
+	@./helpers/generate_modules/generate_modules.py
+
 # Versioning
 .PHONY: version
 version:

README.md

@@ -30,17 +30,18 @@ module "gke" {
 
   node_pools = [
     {
-      name            = "default-node-pool"
-      machine_type    = "n1-standard-2"
-      min_count       = 1
-      max_count       = 100
-      disk_size_gb    = 100
-      disk_type       = "pd-standard"
-      image_type      = "COS"
-      auto_repair     = true
-      auto_upgrade    = true
-      service_account = "project-service-account@<PROJECT ID>.iam.gserviceaccount.com"
-      preemptible     = false
+      name               = "default-node-pool"
+      machine_type       = "n1-standard-2"
+      min_count          = 1
+      max_count          = 100
+      disk_size_gb       = 100
+      disk_type          = "pd-standard"
+      image_type         = "COS"
+      auto_repair        = true
+      auto_upgrade       = true
+      service_account    = "project-service-account@<PROJECT ID>.iam.gserviceaccount.com"
+      preemptible        = false
+      initial_node_count = 80
     },
   ]
 
@@ -201,13 +202,20 @@ The project has the following folders and files:
 
 - /: root folder
 - /examples: examples for using this module
+- /helpers: Helper scripts
 - /scripts: Scripts for specific tasks on module (see Infrastructure section on this file)
 - /test: Folders with files for testing the module (see Testing section on this file)
 - /main.tf: main file for this module, contains all the resources to create
 - /variables.tf: all the variables for the module
 - /output.tf: the outputs of the module
 - /readme.MD: this file
 
+## Templating
+
+To more cleanly handle cases where desired functionality would require complex duplication of Terraform resources (i.e. [PR 51](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/51)), this repository is largely generated from the [`autogen`](./autogen) directory.
+
+The root module is generated by running `make generate`. Changes to this repository should be made in the [`autogen`](./autogen) directory where appropriate.
+
 ## Testing
 
 ### Requirements
@@ -227,23 +235,22 @@ Integration tests are run though [test-kitchen](https://github.com/test-kitchen/
 
 Six test-kitchen instances are defined:
 
-- `deploy_service`
-- `node_pool`
-- `shared_vpc`
-- `simple_regional`
-- `simple_zonal`
-- `stub_domains`
+- `deploy-service`
+- `node-pool`
+- `shared-vpc`
+- `simple-regional`
+- `simple-zonal`
+- `stub-domains`
 
 The test-kitchen instances in `test/fixtures/` wrap identically-named examples in the `examples/` directory.
 
 #### Setup
 
 1. Configure the [test fixtures](#test-configuration)
 2. Download a Service Account key with the necessary permissions and put it in the module's root directory with the name `credentials.json`.
-3. Build the Docker containers for testing:
+3. Build the Docker container for testing:
 
   ```
-  make docker_build_terraform
   make docker_build_kitchen_terraform
   ```
 4. Run the testing container in interactive mode:
@@ -252,7 +259,7 @@ The test-kitchen instances in `test/fixtures/` wrap identically-named examples i
   make docker_run
   ```
 
-  The module root directory will be loaded into the Docker container at `/cftk/workdir/`.
+  The module root directory will be loaded into the Docker container at `/cft/workdir/`.
 5. Run kitchen-terraform to test the infrastructure:
 
   1. `kitchen create` creates Terraform state and downloads modules, if applicable.

auth.tf

@@ -14,6 +14,8 @@
  * limitations under the License.
  */
 
+// This file was automatically generated from a template in ./autogen
+
 /******************************************
   Retrieve authentication token
  *****************************************/
@@ -27,4 +29,4 @@ provider "kubernetes" {
   host                   = "https://${local.cluster_endpoint}"
   token                  = "${data.google_client_config.default.access_token}"
   cluster_ca_certificate = "${base64decode(local.cluster_ca_certificate)}"
-}
+}

autogen/auth.tf

@@ -0,0 +1,32 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+{{ autogeneration_note }}
+
+/******************************************
+  Retrieve authentication token
+ *****************************************/
+data "google_client_config" "default" {}
+
+/******************************************
+  Configure provider
+ *****************************************/
+provider "kubernetes" {
+  load_config_file       = false
+  host                   = "https://${local.cluster_endpoint}"
+  token                  = "${data.google_client_config.default.access_token}"
+  cluster_ca_certificate = "${base64decode(local.cluster_ca_certificate)}"
+}

autogen/cluster_regional.tf

@@ -0,0 +1,156 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+{{ autogeneration_note }}
+
+/******************************************
+  Create regional cluster
+ *****************************************/
+resource "google_container_cluster" "primary" {
+  count       = "${var.regional ? 1 : 0}"
+  name        = "${var.name}"
+  description = "${var.description}"
+  project     = "${var.project_id}"
+
+  region           = "${var.region}"
+  additional_zones = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]
+
+  network            = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  subnetwork         = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  min_master_version = "${local.kubernetes_version}"
+
+  logging_service    = "${var.logging_service}"
+  monitoring_service = "${var.monitoring_service}"
+
+  master_authorized_networks_config = "${var.master_authorized_networks_config}"
+
+  addons_config {
+    http_load_balancing {
+      disabled = "${var.http_load_balancing ? 0 : 1}"
+    }
+
+    horizontal_pod_autoscaling {
+      disabled = "${var.horizontal_pod_autoscaling ? 0 : 1}"
+    }
+
+    kubernetes_dashboard {
+      disabled = "${var.kubernetes_dashboard ? 0 : 1}"
+    }
+
+    network_policy_config {
+      disabled = "${var.network_policy ? 0 : 1}"
+    }
+  }
+
+  ip_allocation_policy {
+    cluster_secondary_range_name  = "${var.ip_range_pods}"
+    services_secondary_range_name = "${var.ip_range_services}"
+  }
+
+  maintenance_policy {
+    daily_maintenance_window {
+      start_time = "${var.maintenance_start_time}"
+    }
+  }
+
+  lifecycle {
+    ignore_changes = ["node_pool"]
+  }
+
+  timeouts {
+    create = "30m"
+    update = "30m"
+    delete = "30m"
+  }
+
+  node_pool {
+    name = "default-pool"
+
+    node_config {
+      service_account = "${lookup(var.node_pools[0], "service_account", var.service_account)}"
+    }
+  }
+
+  remove_default_node_pool = "${var.remove_default_node_pool}"
+}
+
+/******************************************
+  Create regional node pools
+ *****************************************/
+resource "google_container_node_pool" "pools" {
+  count              = "${var.regional ? length(var.node_pools) : 0}"
+  name               = "${lookup(var.node_pools[count.index], "name")}"
+  project            = "${var.project_id}"
+  region             = "${var.region}"
+  cluster            = "${var.name}"
+  version            = "${lookup(var.node_pools[count.index], "auto_upgrade", false) ? "" : lookup(var.node_pools[count.index], "version", local.node_version)}"
+  initial_node_count = "${lookup(var.node_pools[count.index], "initial_node_count", lookup(var.node_pools[count.index], "min_count", 1))}"
+
+  autoscaling {
+    min_node_count = "${lookup(var.node_pools[count.index], "min_count", 1)}"
+    max_node_count = "${lookup(var.node_pools[count.index], "max_count", 100)}"
+  }
+
+  management {
+    auto_repair  = "${lookup(var.node_pools[count.index], "auto_repair", true)}"
+    auto_upgrade = "${lookup(var.node_pools[count.index], "auto_upgrade", true)}"
+  }
+
+  node_config {
+    image_type   = "${lookup(var.node_pools[count.index], "image_type", "COS")}"
+    machine_type = "${lookup(var.node_pools[count.index], "machine_type", "n1-standard-2")}"
+    labels       = "${merge(map("cluster_name", var.name), map("node_pool", lookup(var.node_pools[count.index], "name")), var.node_pools_labels["all"], var.node_pools_labels[lookup(var.node_pools[count.index], "name")])}"
+    metadata     = "${merge(map("cluster_name", var.name), map("node_pool", lookup(var.node_pools[count.index], "name")), var.node_pools_metadata["all"], var.node_pools_metadata[lookup(var.node_pools[count.index], "name")])}"
+    taint        = "${concat(var.node_pools_taints["all"], var.node_pools_taints[lookup(var.node_pools[count.index], "name")])}"
+    tags         = ["${concat(list("gke-${var.name}"), list("gke-${var.name}-${lookup(var.node_pools[count.index], "name")}"), var.node_pools_tags["all"], var.node_pools_tags[lookup(var.node_pools[count.index], "name")])}"]
+
+    disk_size_gb    = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}"
+    disk_type       = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}"
+    service_account = "${lookup(var.node_pools[count.index], "service_account", var.service_account)}"
+    preemptible     = "${lookup(var.node_pools[count.index], "preemptible", false)}"
+
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/cloud-platform",
+    ]
+  }
+
+  lifecycle {
+    ignore_changes = ["initial_node_count"]
+  }
+
+  timeouts {
+    create = "30m"
+    update = "30m"
+    delete = "30m"
+  }
+
+  depends_on = ["google_container_cluster.primary"]
+}
+
+resource "null_resource" "wait_for_regional_cluster" {
+  count = "${var.regional ? 1 : 0}"
+
+  provisioner "local-exec" {
+    command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"
+  }
+
+  provisioner "local-exec" {
+    when    = "destroy"
+    command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"
+  }
+
+  depends_on = ["google_container_cluster.primary", "google_container_node_pool.pools"]
+}