diff --git a/solutions_builder/modules/terraform_gke/docs/components/{{component_name}}.md b/solutions_builder/modules/terraform_gke/docs/components/{{component_name}}.md index 1cbb94f4..99d8be6d 100644 --- a/solutions_builder/modules/terraform_gke/docs/components/{{component_name}}.md +++ b/solutions_builder/modules/terraform_gke/docs/components/{{component_name}}.md @@ -7,10 +7,10 @@ Main components after setup: ## Setup -Run `st components add [COMPONENT_NAME]` to add this module. +Run `sb components add [COMPONENT_NAME]` to add this module. ``` cd my-solution-folder -st components add terraform_gke . +sb components add terraform_gke . ``` Fill in the variables. @@ -20,7 +20,7 @@ Fill in the variables. 🎤 Which Google Cloud region? us-central1 🎤 Kubernetes version? - 1.24.11-gke.1000 + latest 🎤 Allow domains for CORS? (comma-seperated) http://localhost:4200,http://localhost:3000 🎤 Cert Issuer Email diff --git a/solutions_builder/modules/terraform_gke_autopilot/.sb/module_answers/{{component_name}}.yaml b/solutions_builder/modules/terraform_gke_autopilot/.sb/module_answers/{{component_name}}.yaml new file mode 100644 index 00000000..e22ec9d3 --- /dev/null +++ b/solutions_builder/modules/terraform_gke_autopilot/.sb/module_answers/{{component_name}}.yaml @@ -0,0 +1,2 @@ +# Changes here will be overwritten by Copier +{{_copier_answers|to_nice_yaml -}} diff --git a/solutions_builder/modules/terraform_gke_autopilot/copier.yaml b/solutions_builder/modules/terraform_gke_autopilot/copier.yaml new file mode 100644 index 00000000..d7076339 --- /dev/null +++ b/solutions_builder/modules/terraform_gke_autopilot/copier.yaml @@ -0,0 +1,55 @@ +_metadata: + module_name: terraform_gke + version: 1.0.0 + destination_path: . + +# questions +component_name: + type: str + help: What is the name of this component (snake_case)? + default: terraform_gke + +terraform_stage_name: + type: str + help: Terraform stage name? + default: 3-gke-autopilot + +gcp_region: + type: str + help: Which Google Cloud region? + default: us-central1 + +cluster_name: + type: str + help: GKE cluster name? + default: main-cluster + +kubernetes_version: + type: str + help: Kubernetes version? + default: latest + # See https://cloud.google.com/kubernetes-engine/docs/release-notes-stable + +_answers_file: ".st/module_answers/{{component_name}}.yaml" + +_templates_suffix: "" + +_patch: [] + +_exclude: + - "README.md" + - "copier.yaml" + - "copier_extensions" + - ".terraform*" + - ".tmp" + - ".venv" + - ".pytest_cache" + - "__pycache__" + - "*-debug.log" + - ".skip" + - "README.md" + +_jinja_extensions: + - jinja2_time.TimeExtension + - copier_templates_extensions.TemplateExtensionLoader + - ../../copier_extensions/sb_helpers.py:SolutionsTemplateHelpersExtension diff --git a/solutions_builder/modules/terraform_gke_autopilot/docs/components/{{component_name}}.md b/solutions_builder/modules/terraform_gke_autopilot/docs/components/{{component_name}}.md new file mode 100644 index 00000000..1f2df78b --- /dev/null +++ b/solutions_builder/modules/terraform_gke_autopilot/docs/components/{{component_name}}.md @@ -0,0 +1,37 @@ +# Module: Terraform GKE Stage + +This module defines a Terraform GKE setup stage named "3-gke-autopillot". + +Main components after setup: +- ./terraform/stage/3-gke-autopillot + +## Setup + +Run `st components add [COMPONENT_NAME]` to add this module. +``` +cd my-solution-folder +sb components add terraform_gke_autopilot +``` + +Fill in the variables. +``` +🎤 What is the name of this terraform stage? + 3-gke-autopillot +🎤 Which Google Cloud region? + us-central1 + +... + +Complete. Component terraform_gke added to solution at . +``` + +Initialize the terraform stage using `st init --stage=[STAGE_NAME]` +``` +sb init --stage=3-gke +``` + +## Development + +## FAQ + + diff --git a/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/backend.tf b/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/backend.tf new file mode 100644 index 00000000..0e3d94cf --- /dev/null +++ b/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/backend.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +terraform { + backend "gcs" { + bucket = "{{project_id}}-tfstate" # sb-var:project_id:{{project_id}}-tfstate + prefix = "stage/{{terraform_stage_name}}" + } +} diff --git a/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/iam.tf b/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/iam.tf new file mode 100644 index 00000000..6c72f42c --- /dev/null +++ b/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/iam.tf @@ -0,0 +1,60 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +locals { + # TODO: Add users to your project below. + role_members = { + admin = [ + # "user:admin@example.com", + ] + breakglass = [ + # "user:admin@example.com", + ] + editor = [ + # "user:developer@example.com", + ] + viewer = [ + # "user:developer@example.com", + ] + } +} + +# Additive IAM bindings. Must not conflict with authoritative bindings below. +module "projects_iam_bindings" { + source = "terraform-google-modules/iam/google//modules/projects_iam" + version = "7.4.1" + + projects = [var.project_id] + mode = "additive" + + bindings = { + "roles/owner" = flatten([ + local.role_members.admin, + ]) + "roles/editor" = flatten([ + local.role_members.breakglass, + local.role_members.editor, + ]) + "roles/viewer" = flatten([ + local.role_members.viewer + ]) + "roles/resourcemanager.projectIamAdmin" = flatten([ + local.role_members.breakglass, + local.role_members.admin, + ]) + } +} diff --git a/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/main.tf b/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/main.tf new file mode 100644 index 00000000..77cd360c --- /dev/null +++ b/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/main.tf @@ -0,0 +1,51 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +# project-specific locals +locals { + vpc_network = data.terraform_remote_state.foundation.outputs.vpc_network + vpc_subnetwork = data.terraform_remote_state.foundation.outputs.vpc_subnetwork + service_account_name = "gke-sa" + default_namespace = "default" +} + +data "google_project" "project" {} + +data "terraform_remote_state" "foundation" { + backend = "gcs" + config = { + bucket = "${var.project_id}-tfstate" + prefix = "stage/2-foundation" + } +} + +resource "google_container_cluster" "primary" { + name = var.cluster_name + location = var.region + + network = local.vpc_network + subnetwork = local.vpc_subnetwork + + # Enabling Autopilot for this cluster + enable_autopilot = true + deletion_protection = false +} + +resource "google_service_account" "service_account" { + account_id = local.service_account_name + display_name = "Service Account for GKE" +} diff --git a/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/providers.tf b/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/providers.tf new file mode 100644 index 00000000..d81683de --- /dev/null +++ b/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/providers.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +# Terraform Block +terraform { + required_providers { + google = { + source = "hashicorp/google" + version = ">= 4.50.0" + } + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.14.0" + } + helm = { + source = "hashicorp/helm" + version = ">= 2.7.0" + } + } +} + +provider "google" { + project = var.project_id +} + +data "google_client_config" "default" {} diff --git a/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/terraform.tfvars b/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/terraform.tfvars new file mode 100644 index 00000000..d7584100 --- /dev/null +++ b/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/terraform.tfvars @@ -0,0 +1,4 @@ +project_id = "{{project_id}}" # sb-var:project_id +region = "{{gcp_region}}" # sb-var:gcp_region +kubernetes_version = "{{kubernetes_version}}" +cluster_name = "{{cluster_name}}" diff --git a/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/variables.tf b/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/variables.tf new file mode 100644 index 00000000..1f124300 --- /dev/null +++ b/solutions_builder/modules/terraform_gke_autopilot/terraform/stages/{{terraform_stage_name}}/variables.tf @@ -0,0 +1,42 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +variable "project_id" { + type = string + description = "GCP Project ID" + + validation { + condition = length(var.project_id) > 0 + error_message = "The project_id value must be an non-empty string." + } +} + +variable "region" { + type = string + description = "Default GCP region" + default = "us-central1" + + validation { + condition = length(var.region) > 0 + error_message = "The region value must be an non-empty string." + } +} + +variable "cluster_name" { + type = string + default = "main-cluster" +}