Skip to content

DO NOT MERGE: Prototype GCP installer-provisioned-infra #1109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
smarterclayton wants to merge 2 commits into from
Closed

DO NOT MERGE: Prototype GCP installer-provisioned-infra #1109

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0b38679
vendor: Add terraform-google provider
smarterclayton Jan 21, 2019
3c4e92e
gcp: Enable a GCP installer
smarterclayton Jan 22, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
1 change: 1 addition & 0 deletions cmd/openshift-install/destroy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"github.com/openshift/installer/pkg/asset"
"github.com/openshift/installer/pkg/destroy"
"github.com/openshift/installer/pkg/destroy/bootstrap"
_ "github.com/openshift/installer/pkg/destroy/google"
_ "github.com/openshift/installer/pkg/destroy/libvirt"
_ "github.com/openshift/installer/pkg/destroy/openstack"
)
Expand Down
59 changes: 59 additions & 0 deletions data/data/google/bootstrap/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
resource "google_service_account" "cluster" {
account_id = "${var.cluster_name}-cluster"
display_name = "Cluster service account"
}

resource "google_project_iam_member" "cluster" {
role = "roles/editor"
member = "serviceAccount:${google_service_account.cluster.email}"
}

resource "google_compute_instance" "bootstrap" {
name = "${var.cluster_name}-bootstrap"
machine_type = "${var.instance_type}"
zone = "${var.zone}"

metadata = {
user-data = "${var.ignition}"
}

tags = ["ocp", "ocp-master"]
Copy link

@seanmalloy seanmalloy Jan 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recommend adding the the ability for a user to add additional tags to this list. This will be necessary for environments with restrictive GCP firewalls that require specific tags to be set to allow network communication.


service_account = {
email = "${google_service_account.cluster.email}"
scopes = ["compute-rw"]
}

network_interface = {
network = "${var.subnetwork != "" ? "" : var.network}"
subnetwork = "${var.subnetwork}"
Copy link

@seanmalloy seanmalloy Jan 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some environments may require using a GCP Shared VPC. The above code will not work with a Shared VPC.


access_config = {
}
}

boot_disk {
initialize_params {
type = "${var.root_volume_type}"
size = "${var.root_volume_size}"
image = "${var.image_name}"
}
}

labels = "${merge(map(
"cluster-kubernetes-io", "${var.cluster_name}",
), var.extra_labels)}"
}

resource "google_compute_instance_group" "bootstrap" {
name = "${var.cluster_name}-bootstrap"
zone = "${var.zone}"
network = "${var.network}"

named_port {
name = "https"
port = "6443"
}

instances = ["${google_compute_instance.bootstrap.self_link}"]
}
7 changes: 7 additions & 0 deletions data/data/google/bootstrap/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
output "bootstrap_instance" {
value = "${google_compute_instance.bootstrap.self_link}"
}

output "bootstrap_instance_group" {
value = "${google_compute_instance_group.bootstrap.self_link}"
}
53 changes: 53 additions & 0 deletions data/data/google/bootstrap/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
variable "cluster_name" {
type = "string"
description = "The name of the cluster."
}

variable "extra_labels" {
type = "map"
default = {}
description = "Extra GCP labels to be applied to created resources."
}

variable "ignition" {
type = "string"
description = "The content of the bootstrap ignition file."
}

variable "image_name" {
type = "string"
description = "The image for the bootstrap node."
}

variable "instance_type" {
type = "string"
default = "n1-standard-2"
description = "The instance type for the bootstrap node."
}

variable "network" {
type = "string"
description = "The network the bootstrap node will be added to."
}

variable "subnetwork" {
type = "string"
description = "The subnetwork the bootstrap node will be added to."
}

variable "root_volume_size" {
type = "string"
default = "30"
description = "The volume size (in gibibytes) for the bootstrap node's root volume."
}

variable "root_volume_type" {
type = "string"
default = "pd-standard"
description = "The volume type for the bootstrap node's root volume."
}

variable "zone" {
type = "string"
description = "The zone for the bootstrap node."
}
49 changes: 49 additions & 0 deletions data/data/google/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
provider "google" {
region = "${var.google_region}"
}

module "bootstrap" {
source = "./bootstrap"

image_name = "${var.google_image_name_override}"
cluster_name = "${var.cluster_name}"
ignition = "${var.ignition_bootstrap}"
zone = "${module.network.zones[0]}"
network = "${module.network.network}"
subnetwork = "${module.network.subnetwork}"

extra_labels = "${merge(map(
"name", "${var.cluster_name}-bootstrap",
), var.google_extra_labels)}"
}

module "masters" {
source = "./master"

image_name = "${var.google_image_name_override}"
cluster_name = "${var.cluster_name}"
instance_type = "${var.google_master_instance_type}"
extra_labels = "${var.google_extra_labels}"
instance_count = "${var.master_count}"
root_volume_size = "${var.google_master_root_volume_size}"
root_volume_type = "${var.google_master_root_volume_type}"
zones = "${module.network.zones}"
network = "${module.network.network}"
subnetwork = "${module.network.subnetwork}"
ignition = "${var.ignition_master}"
}

module "network" {
source = "./network"

cidr_block = "${var.machine_cidr}"
cluster_name = "${var.cluster_name}"
region = "${var.google_region}"

bootstrap_instance_group = "${module.bootstrap.bootstrap_instance_group}"
bootstrap_instance = "${module.bootstrap.bootstrap_instance}"
master_instance_groups = "${module.masters.master_instance_groups}"
master_instances = "${module.masters.master_instances}"

extra_labels = "${var.google_extra_labels}"
}
75 changes: 75 additions & 0 deletions data/data/google/master/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
resource "google_compute_instance" "master" {
Copy link

@seanmalloy seanmalloy Jan 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You might want to consider adding a scheduling block to the master GCE instance. Something like this ...

scheduling {
    automatic_restart = "true"
    on_host_maintenance = "MIGRATE"
    preemptible = "false"
  }

By default the Terraform Google Cloud Provider will not enable automatic_restart if you don't explicitly set it. Looks like this will be be fixed in version 2.0 of the provider. See hashicorp/terraform-provider-google#2638 for details.

count = "${var.instance_count}"
name = "${var.cluster_name}-master-${element(var.zones,count.index)}"

machine_type = "${var.instance_type}"
zone = "${element(var.zones, count.index)}"

metadata = {
user-data = "${var.ignition}"
}

tags = ["ocp", "ocp-master"]

network_interface = {
network = "${var.subnetwork != "" ? "" : var.network}"
subnetwork = "${var.subnetwork}"
Copy link

@seanmalloy seanmalloy Jan 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar comment as above regarding GCP Shared VPC. Some users may require using a Shared VPC.


access_config = {
}
}

boot_disk {
initialize_params {
type = "${var.root_volume_type}"
size = "${var.root_volume_size}"
image = "${var.image_name}"
}
}

labels = "${merge(map(
"name", "${var.cluster_name}-master-${count.index}",
"cluster-kubernetes-io", "${var.cluster_name}",
"clusterid", "${var.cluster_name}"
), var.extra_labels)}"
}

# Not ideal, machine API would need to keep membership up to date
resource "google_compute_instance_group" "master-0" {
name = "${var.cluster_name}-master-${element(var.zones,count.index)}"
zone = "${element(var.zones,count.index)}"
network = "${var.network}"

named_port {
name = "https"
port = "6443"
}

instances = ["${google_compute_instance.master.*.self_link[0]}"]
}

resource "google_compute_instance_group" "master-1" {
name = "${var.cluster_name}-master-${element(var.zones,count.index+1)}"
zone = "${element(var.zones,count.index+1)}"
network = "${var.network}"

named_port {
name = "https"
port = "6443"
}

instances = ["${google_compute_instance.master.*.self_link[(count.index+1) % 3]}"]
}

resource "google_compute_instance_group" "master-2" {
name = "${var.cluster_name}-master-${element(var.zones,count.index+2)}"
zone = "${element(var.zones,count.index+2)}"
network = "${var.network}"

named_port {
name = "https"
port = "6443"
}

instances = ["${google_compute_instance.master.*.self_link[(count.index+2) % 3]}"]
}
15 changes: 15 additions & 0 deletions data/data/google/master/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
output "ip_addresses" {
value = "${google_compute_instance.master.*.network_interface.0.network_ip}"
}

output "master_instances" {
value = "${google_compute_instance.master.*.self_link}"
}

output "master_instance_groups" {
value = [
"${google_compute_instance_group.master-0.self_link}",
"${google_compute_instance_group.master-1.self_link}",
"${google_compute_instance_group.master-2.self_link}",
]
}
55 changes: 55 additions & 0 deletions data/data/google/master/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
variable "cluster_name" {
type = "string"
description = "The name of the cluster."
}

variable "extra_labels" {
type = "map"
default = {}
description = "Extra GCP labels to be applied to created resources."
}

variable "ignition" {
type = "string"
description = "The content of the master ignition file."
}

variable "image_name" {
type = "string"
default = ""
description = "The image for the master nodes."
}

variable "instance_count" {
type = "string"
description = "The number of masters to launch."
}

variable "instance_type" {
type = "string"
description = "The instance type for the master nodes."
}

variable "network" {
type = "string"
description = "The network the masters will be added to."
}

variable "subnetwork" {
type = "string"
description = "The subnetwork the masters will be added to."
}

variable "root_volume_size" {
type = "string"
description = "The size of the volume in gigabytes for the root block device."
}

variable "root_volume_type" {
type = "string"
description = "The type of volume for the root block device."
}

variable "zones" {
type = "list"
}
12 changes: 12 additions & 0 deletions data/data/google/network/common.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Canonical internal state definitions for this module.
# read only: only locals and data source definitions allowed. No resources or module blocks in this file
data "google_compute_regions" "current" {}

// Fetch a list of available AZs
data "google_compute_zones" "available" {}

// Only reference data sources which are guaranteed to exist at any time (above) in this locals{} block
locals {
// List of possible AZs for each type of subnet
zones = "${data.google_compute_zones.available.names}"
}
46 changes: 46 additions & 0 deletions data/data/google/network/firewall.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
resource "google_compute_firewall" "global" {
name = "${var.cluster_name}-global"
network = "${google_compute_network.default.self_link}"

allow {
protocol = "icmp"
}
}

resource "google_compute_firewall" "internal" {
name = "${var.cluster_name}-internal"
network = "${google_compute_network.default.self_link}"

allow {
protocol = "tcp"
ports = ["80", "6443-6445", "4789", "9000-9990", "10250-10255", "30000-32767"]
}

source_tags = ["ocp"]
target_tags = ["ocp"]
}

resource "google_compute_firewall" "master-ssh" {
name = "${var.cluster_name}-master-ssh"
network = "${google_compute_network.default.self_link}"

allow {
protocol = "tcp"
ports = ["22"]
}

target_tags = ["ocp-master"]
}

resource "google_compute_firewall" "master-internal" {
name = "${var.cluster_name}-tcp"
network = "${google_compute_network.default.self_link}"

allow {
protocol = "tcp"
ports = ["2379-2380", "12379-12380"]
}

source_tags = ["ocp-master"]
target_tags = ["ocp-master"]
}
Loading