Merge pull request #233 from bedrockio/terraform-provisioning-templat…

…es-upgrade Upgraded terraform provisioning templates
bedrockio · Mar 14, 2023 · aba90f3 · aba90f3
2 parents e4ed2e0 + 3303cda
commit aba90f3
Show file tree

Hide file tree

Showing 22 changed files with 435 additions and 254 deletions.
diff --git a/deployment/environments/production/config.json b/deployment/environments/production/config.json
@@ -9,9 +9,10 @@
       "nodePoolCount": 2,
       "minNodeCount": 2,
       "maxNodeCount": 4,
-      "machineType": "n2d-standard-2"
+      "machineType": "n2-standard-2",
+      "preemptible": false
     },
-    "ingresses": ["api", "web"],
-    "label": "app"
+    "label": "app",
+    "ingresses": ["api", "web"]
   }
 }
diff --git a/deployment/environments/production/provisioning/.terraform.lock.hcl b/deployment/environments/production/provisioning/.terraform.lock.hcl
diff --git a/deployment/environments/production/provisioning/main.tf b/deployment/environments/production/provisioning/main.tf
@@ -1,37 +1,152 @@
-locals {
-  global = {
-    project          = var.project,
-    region           = var.region,
-    multi_region     = var.multi_region,
-    zone             = var.zone,
-    environment      = var.environment,
-    location         = "${var.region}-${var.zone}",
-    bucket_prefix    = var.bucket_prefix,
-    cluster_name     = var.cluster_name,
-    node_pool_count  = var.node_pool_count,
-    min_node_count   = var.min_node_count,
-    max_node_count   = var.max_node_count,
-    machine_type     = var.machine_type,
-    preemptible      = var.preemptible
+## https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/using_gke_with_terraform
+
+## NETWORKING ##
+resource "google_compute_network" "gke" {
+  project                 = var.project
+  name                    = "gke-network"
+  auto_create_subnetworks = false
+  description             = "Compute Network for GKE nodes"
+}
+
+resource "google_compute_subnetwork" "gke" {
+  project       = var.project
+  name          = "gke-subnetwork"
+  ip_cidr_range = "10.5.0.0/20" # 4096 IPs
+  region        = var.region
+  network       = google_compute_network.gke.id
+
+  secondary_ip_range {
+    range_name    = "services-range"
+    ip_cidr_range = "10.4.0.0/19" # 8192 IPs
+  }
+
+  secondary_ip_range {
+    range_name    = "pod-ranges"
+    ip_cidr_range = "10.0.0.0/14" # 262.144 IPs
   }
 }
 
-module "gke-cluster" {
-  source = "../../../provisioning/gke-cluster-module"
+## CLUSTER ##
+resource "google_container_cluster" "default" {
+  project     = var.project
+  location    = "${var.region}-${var.zone}"
+  name        = var.cluster_name
+  description = var.cluster_description
+
+  remove_default_node_pool = true
+  initial_node_count       = 1
+  enable_kubernetes_alpha  = false
+
+  network    = google_compute_network.gke.id
+  subnetwork = google_compute_subnetwork.gke.id
+
+  gateway_api_config {
+		channel = "CHANNEL_STANDARD"
+	}
+
+  ip_allocation_policy {
+    cluster_secondary_range_name  = "pod-ranges"
+    services_secondary_range_name = "services-range"
+  }
+
+  master_auth {
+    client_certificate_config {
+      issue_client_certificate = false
+    }
+  }
+
+  release_channel {
+    channel = "REGULAR"
+  }
+
+  timeouts {
+    create = "2h"
+    update = "2h"
+    delete = "2h"
+  }
+
+  ## Use when you want to use IP whitelist
+  master_authorized_networks_config {
 
-  global = local.global
+    dynamic "cidr_blocks" {
+      for_each = var.master_authorizaed_networks_cidr_blocks
+      content {
+        display_name = cidr_blocks.value["display_name"]
+        cidr_block = cidr_blocks.value["cidr_block"]
+      }
+    }
+
+  }
+
+  ## Recommended to use private nodes
+  # private_cluster_config {
+  #   enable_private_nodes = true
+  # }
+}
+
+## BUCKETS ##
+locals {
+  buckets = [for bucket in var.buckets : "${var.bucket_prefix}-${bucket}"]
 }
 
-module "gcp-buckets" {
-  source = "../../../provisioning/gcp-bucket-module"
+resource "google_storage_bucket" "bucket" {
+  for_each = toset(local.buckets)
 
-  global = local.global
+  name          = each.value
+  project       = var.project
+  location      = var.multi_region
+  storage_class = "MULTI_REGIONAL"
 }
 
-resource "google_compute_disk" "mongo_disk" {
+## DISKS ##
+resource "google_compute_disk" "mongo-disk" {
   project = var.project
   name    = "mongo-disk"
   type    = "pd-ssd"
-  zone    = local.global.location
+  zone    = "${var.region}-${var.zone}"
   size    = 100
+
+ lifecycle {
+    ignore_changes = [
+      labels
+    ]
+  }
+}
+
+resource "google_compute_resource_policy" "hourly" {
+  name    = "hourly-snapshot-policy"
+  project = var.project
+  region  = var.region
+  snapshot_schedule_policy {
+    schedule {
+      hourly_schedule {
+        hours_in_cycle = 1 # The number of hours between snapshots
+        start_time = "00:00"
+      }
+    }
+    retention_policy {
+      max_retention_days    = 7
+      # Specifies the behavior to apply to scheduled snapshots when the source disk is deleted.
+      # Default value is KEEP_AUTO_SNAPSHOTS
+      on_source_disk_delete = "APPLY_RETENTION_POLICY"
+    }
+  }
+}
+
+resource "google_compute_disk_resource_policy_attachment" "attachment" {
+  project = var.project
+  name = google_compute_resource_policy.hourly.name
+  disk = google_compute_disk.mongo-disk.name
+  zone = "${var.region}-${var.zone}"
+}
+
+## IP ADDRESES ##
+resource "google_compute_global_address" "api_ingress" {
+  name     = "api-ingress"
+  project  = var.project
+}
+
+resource "google_compute_global_address" "web_ingress" {
+  name     = "web-ingress"
+  project  = var.project
 }
diff --git a/deployment/environments/production/provisioning/node_pool.tf b/deployment/environments/production/provisioning/node_pool.tf
@@ -0,0 +1,42 @@
+resource "google_container_node_pool" "pool_1" {
+  name       = "pool-1"
+  project    = var.project
+  location   = "${var.region}-${var.zone}"
+  cluster    = google_container_cluster.default.name
+  node_count = var.node_pool_count
+
+  autoscaling {
+    min_node_count = var.min_node_count
+    max_node_count = var.max_node_count
+  }
+
+  lifecycle {
+    ignore_changes = [
+      node_count
+    ]
+  }
+
+  node_config {
+    spot  = var.preemptible
+    machine_type = var.machine_type
+    disk_type = "pd-standard"
+    disk_size_gb = 100
+
+    metadata = {
+      disable-legacy-endpoints = "true"
+    }
+
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/cloud-platform" # Give full access to all cloud services
+    ]
+  }
+
+  management {
+    auto_repair  = true
+    auto_upgrade = true
+  }
+
+  depends_on = [
+    google_container_cluster.default
+  ]
+}
diff --git a/deployment/environments/production/provisioning/outputs.tf b/deployment/environments/production/provisioning/outputs.tf
@@ -1,9 +1,9 @@
 output "endpoint" {
-  value = module.gke-cluster.endpoint
+  value = google_container_cluster.default.endpoint
 }
 
 output "master_version" {
-  value = module.gke-cluster.master_version
+  value = google_container_cluster.default.master_version
 }
 
 output "cli_connect" {

diff --git a/deployment/environments/production/provisioning/variables.tf b/deployment/environments/production/provisioning/variables.tf
@@ -1,5 +1,5 @@
 variable "project" {
-  default = "bedrock-foundation"
+  default = "bedrock-production"
 }
 
 variable "environment" {
@@ -19,23 +19,27 @@ variable "multi_region" {
 }
 
 variable "bucket_prefix" {
-  default = "bedrock_production"
+  default = "bedrock-production"
 }
 
 variable "cluster_name" {
   default = "cluster-1"
 }
 
+variable "cluster_description" {
+  default = "GKE Cluster"
+}
+
 variable "node_pool_count" {
-  default = 3
+  default = 1
 }
 
 variable "min_node_count" {
-  default = 3
+  default = 1
 }
 
 variable "max_node_count" {
-  default = 6
+  default = 3
 }
 
 variable "preemptible" {
@@ -45,3 +49,23 @@ variable "preemptible" {
 variable "machine_type" {
   default = "n2-standard-2"
 }
+
+variable "buckets" {
+  type = set(string)
+
+  default = [
+    "uploads",
+    "uploads-backup",
+    "mongodb-backups",
+  ]
+}
+
+variable "master_authorizaed_networks_cidr_blocks" {
+  type = list(map(string))
+  default = [
+    {
+      display_name = "All",
+      cidr_block = "0.0.0.0/0"
+    }
+  ]
+}
diff --git a/deployment/environments/production/services/api-service.yml b/deployment/environments/production/services/api-service.yml
@@ -5,7 +5,7 @@ metadata:
   labels:
     name: api
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: api
   ports:

diff --git a/deployment/environments/production/services/web-service.yml b/deployment/environments/production/services/web-service.yml
@@ -5,7 +5,7 @@ metadata:
   labels:
     name: web
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: web
   ports:

diff --git a/deployment/environments/staging/config.json b/deployment/environments/staging/config.json
@@ -9,9 +9,10 @@
       "nodePoolCount": 1,
       "minNodeCount": 1,
       "maxNodeCount": 3,
-      "machineType": "n2d-standard-2"
+      "machineType": "n2-standard-2",
+      "preemptible": false
     },
-    "ingresses": ["api", "web"],
-    "label": "app"
+    "label": "app",
+    "ingresses": ["api", "web"]
   }
 }