Skip to content

Commit

Permalink
Merge pull request #19 from sjmiller609/master
Browse files Browse the repository at this point in the history
productionalizing the terraform code
  • Loading branch information
sjmiller609 authored Jul 15, 2019
2 parents 2b3ffaf + 29e1625 commit ef4c877
Show file tree
Hide file tree
Showing 9 changed files with 72 additions and 36 deletions.
8 changes: 3 additions & 5 deletions bastion.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ data "google_compute_image" "ubuntu_lts_latest_image" {

# Bastion host
resource "google_compute_instance" "bastion" {

count = var.management_endpoint == "public" ? 0 : 1

name = local.bastion_name
machine_type = var.machine_type_bastion
zone = local.zone
Expand All @@ -25,11 +28,6 @@ resource "google_compute_instance" "bastion" {
enable-oslogin = "true"
}

service_account {
email = "${google_service_account.bastion.email}"
scopes = []
}

allow_stopping_for_update = true

metadata_startup_script = <<EOF
Expand Down
1 change: 1 addition & 0 deletions buckets.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,6 @@ resource "google_storage_bucket" "container_registry" {
labels = {
"managed-by" = "terraform"
}

}

1 change: 1 addition & 0 deletions db.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ resource "google_sql_database_instance" "instance" {
create = "30m"
delete = "30m"
}

}

resource "random_string" "postgres_airflow_password" {
Expand Down
1 change: 1 addition & 0 deletions examples/from_scratch/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,5 @@ module "astronomer_gcp" {
email = "[email protected]"
zonal_cluster = var.zonal
management_endpoint = "public"
force_destroy = "DESTROY"
}
18 changes: 15 additions & 3 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ data "http" "local_ip" {
url = "http://ipv4.icanhazip.com/s"
}

data "google_container_engine_versions" "versions" {
location = var.zonal_cluster ? local.zone : local.region
}

# GKE cluster
resource "google_container_cluster" "primary" {
provider = google-beta
Expand All @@ -23,7 +27,14 @@ resource "google_container_cluster" "primary" {

maintenance_policy {
daily_maintenance_window {
start_time = "04:00"
# 9am EST
# For maintenance windows in general,
# people usually choose a time of least-use.
# The nature of Airflow is such that the jobs
# are likely to run in those same windows, so
# it's best to just choose a time where support
# will likely be available.
start_time = "13:00"
}
}

Expand All @@ -34,8 +45,8 @@ resource "google_container_cluster" "primary" {
# https://www.terraform.io/docs/providers/google/r/container_cluster.html#node_pool
location = var.zonal_cluster ? local.zone : local.region

# min_master_version = local.min_master_version
# node_version = local.node_version
min_master_version = data.google_container_engine_versions.versions.latest_master_version

network = local.core_network_id
subnetwork = local.gke_subnetwork_id

Expand Down Expand Up @@ -103,6 +114,7 @@ resource "google_container_cluster" "primary" {
network_policy {
enabled = true
}

}

resource "random_id" "kubeconfig_suffix" {
Expand Down
12 changes: 8 additions & 4 deletions network.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
resource "google_compute_network" "core" {
name = "${var.deployment_id}-core-network"
auto_create_subnetworks = false

}

#Subnetwork
Expand All @@ -23,6 +24,7 @@ resource "google_compute_subnetwork" "gke" {
range_name = "${var.deployment_id}-gke-services"
ip_cidr_range = var.gke_secondary_ip_ranges_services
}

}

# Router
Expand All @@ -34,6 +36,7 @@ resource "google_compute_router" "router" {
bgp {
asn = 64514
}

}

# IP address
Expand Down Expand Up @@ -61,25 +64,26 @@ resource "google_compute_router_nat" "nat" {
name = google_compute_subnetwork.bastion.self_link
source_ip_ranges_to_nat = ["ALL_IP_RANGES"]
}

}

# https://cloud.google.com/vpc/docs/configure-private-services-access#creating-connection
resource "google_compute_global_address" "private_ip_address" {
provider = google-beta

provider = google-beta
name = "${var.deployment_id}-private-ip-address"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
network = google_compute_network.core.self_link

}

resource "google_service_networking_connection" "private_vpc_connection" {
provider = google-beta

provider = google-beta
network = google_compute_network.core.self_link
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]

}

// - Bastion Subnetwork --------------------------------------------------
Expand Down
37 changes: 19 additions & 18 deletions node_pools.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,11 @@ resource "google_container_node_pool" "node_pool_mt" {

provider = google-beta

# can't be deleted at the same time.
# theses can't be created or deleted at the same time.
depends_on = [google_container_node_pool.node_pool_platform]
version = data.google_container_engine_versions.versions.latest_master_version

name = "${var.deployment_id}-node-pool-multi-tenant"
name = "${var.deployment_id}-node-pool-multi-tenant-${formatdate("MM-DD-mm", timestamp())}"

# this one can take a long time to delete or create
timeouts {
Expand All @@ -15,19 +16,19 @@ resource "google_container_node_pool" "node_pool_mt" {
}

lifecycle {
# ignore_changes =["node_config[0].labels", "node_config[0].taint"]
ignore_changes = ["node_config"]
create_before_destroy = true
ignore_changes = [name]
}

location = var.zonal_cluster ? local.zone : local.region
cluster = google_container_cluster.primary.name

# since we are 'regional' i.e. in 3 zones,
# if we are 'regional' i.e. in 3 zones,
# "1" here means "1 in each zone"
initial_node_count = "1"
initial_node_count = var.zonal_cluster ? "3" : "1"

autoscaling {
min_node_count = "1"
min_node_count = var.zonal_cluster ? "3" : "1"
max_node_count = var.zonal_cluster ? var.max_node_count : ceil(var.max_node_count / 3)
}

Expand All @@ -43,12 +44,6 @@ resource "google_container_node_pool" "node_pool_mt" {

machine_type = var.machine_type

labels = {
# One of the pools should have the label indicating that it's
# multi-tenant, and the other should not.
"astronomer.io/multi-tenant" = "true"
}

oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
Expand All @@ -60,7 +55,7 @@ resource "google_container_node_pool" "node_pool_mt" {
]

# this is required for sandbox_config to work
image_type = "cos_containerd"
image_type = "COS_CONTAINERD"

sandbox_config {
sandbox_type = "gvisor"
Expand All @@ -70,17 +65,18 @@ resource "google_container_node_pool" "node_pool_mt" {

resource "google_container_node_pool" "node_pool_platform" {

name = "${var.deployment_id}-node-pool-platform"
name = "${var.deployment_id}-node-pool-platform-${formatdate("MM-DD-mm", timestamp())}"
version = data.google_container_engine_versions.versions.latest_master_version

location = var.zonal_cluster ? local.zone : local.region
cluster = google_container_cluster.primary.name

# since we are 'regional' i.e. in 3 zones,
# if we are 'regional' i.e. in 3 zones,
# "1" here means "1 in each zone"
initial_node_count = "1"
initial_node_count = var.zonal_cluster ? "3" : "1"

autoscaling {
min_node_count = "1"
min_node_count = var.zonal_cluster ? "3" : "1"
max_node_count = var.zonal_cluster ? var.max_node_count : ceil(var.max_node_count / 3)
}

Expand Down Expand Up @@ -109,4 +105,9 @@ resource "google_container_node_pool" "node_pool_platform" {
"https://www.googleapis.com/auth/trace.append",
]
}

lifecycle {
create_before_destroy = true
ignore_changes = [name]
}
}
24 changes: 18 additions & 6 deletions outputs.tf
Original file line number Diff line number Diff line change
@@ -1,9 +1,5 @@
output "bastion_proxy_command" {
value = "gcloud beta compute ssh --zone ${google_compute_instance.bastion.zone} ${google_compute_instance.bastion.name} --tunnel-through-iap --ssh-flag='-L 1234:127.0.0.1:8888 -C -N'"
}

output "kubernetes_api_sample_command" {
value = "If you have started the api proxy using the bastion SOCKS5 proxy command, this should work:\nhttps_proxy=http://127.0.0.1:1234 kubectl get pods"
value = "gcloud beta compute ssh --zone ${google_compute_instance.bastion[0].zone} ${google_compute_instance.bastion[0].name} --tunnel-through-iap --ssh-flag='-L 1234:127.0.0.1:8888 -C -N'"
}

output "db_connection_string" {
Expand Down Expand Up @@ -43,7 +39,19 @@ output "container_registry_bucket_name" {
}

# https://github.com/hashicorp/terraform/issues/1178
resource "null_resource" "dependency_setter" {}
resource "null_resource" "dependency_setter" {
depends_on = [google_container_cluster.primary,
google_container_node_pool.node_pool_mt,
google_container_node_pool.node_pool_platform]

provisioner "local-exec" {
# wait 5 minutes after the first
# deployment to allow GKE auto-updates
# to converge
command = "sleep 300"
}
}

output "depended_on" {
value = "${null_resource.dependency_setter.id}-${timestamp()}"
}
Expand All @@ -52,3 +60,7 @@ output "gcp_default_service_account_key" {
value = "${base64decode(google_service_account_key.default_key.private_key)}"
sensitive = true
}

output "load_balancer_ip" {
value = google_compute_address.nginx_static_ip.address
}
6 changes: 6 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -91,3 +91,9 @@ variable "zonal_cluster" {
variable "management_endpoint" {
default = "private"
}

variable "force_destroy" {
default = ""
description = "set to 'DESTROY' to enable destroying operationally critical resources"
type = string
}

0 comments on commit ef4c877

Please sign in to comment.