feat: updated to current best practices

.gitignore

@@ -0,0 +1,2 @@
+.terragrunt-cache
+kubeconfig

terraform/live/sample/gke/terraform.tfvars

@@ -0,0 +1,54 @@
+terragrunt = {
+  include {
+    path = "${find_in_parent_folders()}"
+  }
+
+  terraform {
+    source = "../../../modules//gke"
+  }
+}
+
+//
+// [provider]
+//
+gcp = {
+  region = "europe-west1"
+  project = "tgke-233413"
+}
+
+//
+// [kubernetes]
+//
+cluster-name = "sample"
+kubernetes_version = "1.11.7-gke.4"
+master_ipv4_cidr_block = "172.16.0.0/28"
+enable_private_nodes = true
+regional = false
+daily_maintenance_window_start_time = "03:00"
+master_authorized_networks_config_cidr_blocks = [
+  {
+    cidr_block = "0.0.0.0/0",
+    display_name = "anywhere"
+  }
+]
+
+//
+// [node-pools]
+//
+node-pools = [
+  {
+    name = "default"
+    min_node_count = 1
+    max_node_count = 1
+    initial_node_count = 1
+    machine_type = "n1-standard-1"
+    image_type = "COS_CONTAINERD"
+    key_name = "keypair"
+    disk_size_gb = 30
+    disk_type = "pd-ssd"
+    preemptible = false
+    version = "1.11.7-gke.4"
+    auto_repair = true
+    auto_upgrade = false
+  },
+]

terraform/live/terraform.tfvars

@@ -0,0 +1,10 @@
+terragrunt = {
+  remote_state {
+    backend = "gcs"
+    config {
+      bucket         = "tgke-terraform-remote-state"
+      prefix         = "${path_relative_to_include()}"
+      region         = "europe-west1"
+    }
+  }
+}

terraform/modules/gke/network.tf

@@ -1,5 +1,4 @@
 resource "google_compute_network" "kubernetes_network" {
-  name                    = "${var.kubernetes_network_name}-${var.env}"
+  name                    = "gke-${var.cluster_name}-network"
   auto_create_subnetworks = "true"
-  project = "${var.project}"
 }

terraform/modules/gke/provider.tf

@@ -3,15 +3,15 @@ terraform {
 }
 
 provider "google" {
-  region = "${var.gcp-region}"
+  region  = "${var.gcp["region"]}"
+  project = "${var.gcp["project"]}"
 }
 
 provider "google-beta" {
-  region = "${var.gcp-region}"
+  region  = "${var.gcp["region"]}"
+  project = "${var.gcp["project"]}"
 }
 
 data "google_compute_regions" "available" {}
 
 data "google_compute_zones" "available" {}
-
-provider "http" {}

terraform/modules/gke/regional-cluster.tf

@@ -1,14 +1,21 @@
 resource "google_container_cluster" "regional_kubernetes_cluster" {
   provider = "google-beta"
+  count    = "${var.regional ? 1 : 0 }"
+
   name               = "${var.cluster_name}"
-  region             = "${var.master_region}"
-  min_master_version = "${var.min_master_version}"
-  project            = "${var.project}"
+  region             = "${var.gcp["region"]}"
+  min_master_version = "${var.kubernetes_version}"
   network            = "${google_compute_network.kubernetes_network.name}"
   initial_node_count = 1
 
   remove_default_node_pool = true
 
+  maintenance_policy {
+    daily_maintenance_window {
+      start_time = "${var.daily_maintenance_window_start_time}"
+    }
+  }
+
   ip_allocation_policy {
     cluster_ipv4_cidr_block  = ""
     services_ipv4_cidr_block = ""
@@ -26,48 +33,80 @@ resource "google_container_cluster" "regional_kubernetes_cluster" {
     network_policy_config {
       disabled = false
     }
+
     kubernetes_dashboard {
       disabled = true
     }
+
     http_load_balancing {
       disabled = true
     }
   }
 
   private_cluster_config {
-    enable_private_nodes   = true
-    master_ipv4_cidr_block = "172.16.0.0/28"
+    enable_private_nodes   = "${var.enable_private_nodes}"
+    master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}"
   }
 
   master_auth {
     password = ""
     username = ""
+
     client_certificate_config {
       issue_client_certificate = false
     }
   }
 
-  logging_service = "logging.googleapis.com/kubernetes"
-  monitoring_service= "monitoring.googleapis.com/kubernetes"
+  logging_service    = "logging.googleapis.com/kubernetes"
+  monitoring_service = "monitoring.googleapis.com/kubernetes"
 
   master_authorized_networks_config {
-    cidr_blocks = [
-      {
-        cidr_block   = "0.0.0.0/0"
-        display_name = "everywhere"
-      },
+    cidr_blocks = "${var.master_authorized_networks_config_cidr_blocks}"
+  }
+}
+
+resource "google_container_node_pool" "regional_node_pool" {
+  provider = "google-beta"
+  count    = "${var.regional ? length(var.node-pools) : 0}"
+
+  name    = "gke-${var.cluster_name}-${lookup(var.node-pools[count.index],"name")}"
+  region  = "${var.gcp["region"]}"
+  cluster = "${google_container_cluster.regional_kubernetes_cluster.name}"
+
+  version            = "${lookup(var.node-pools[count.index],"version")}"
+  initial_node_count = "${lookup(var.node-pools[count.index],"initial_node_count")}"
+
+  node_config {
+    preemptible  = "${lookup(var.node-pools[count.index],"preemptible")}"
+    machine_type = "${lookup(var.node-pools[count.index],"machine_type")}"
+    image_type   = "${lookup(var.node-pools[count.index],"image_type")}"
+    image_type   = "${lookup(var.node-pools[count.index],"image_type")}"
+    disk_type    = "${lookup(var.node-pools[count.index],"disk_type")}"
+    disk_size_gb = "${lookup(var.node-pools[count.index],"disk_size_gb")}"
+
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/compute",
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring",
     ]
   }
+
+  management {
+    auto_repair  = "${lookup(var.node-pools[count.index],"auto_repair")}"
+    auto_upgrade = "${lookup(var.node-pools[count.index],"auto_upgrade")}"
+  }
+
+  autoscaling {
+    min_node_count = "${lookup(var.node-pools[count.index],"min_node_count")}"
+    max_node_count = "${lookup(var.node-pools[count.index],"max_node_count")}"
+  }
 }
 
-resource "google_container_node_pool" "regional-np" {
-  name       = "${var.pool_name}"
-  region     = "${var.master_region}"
-  cluster    = "${google_container_cluster.kubernetes_cluster.name}"
-  node_count = 1
+output "regional_kubernetes_api_endpoint" {
+  value = "${google_container_cluster.regional_kubernetes_cluster.*.endpoint}"
 }
 
-output "kubernetes_api_endpoint" {
-  value = "${google_container_cluster.kubernetes_cluster.endpoint}"
-  provider = "google-beta"
+output "regional_kubernetes_cluster_ca_certificate" {
+  value = "${google_container_cluster.regional_kubernetes_cluster.*.master_auth.0.cluster_ca_certificate}"
 }

terraform/modules/gke/variables.tf

@@ -1,70 +1,30 @@
 variable "cluster_name" {
-  default = "kubernetes-cluster"
+  default = "tgke"
 }
 
-variable "node_count" {
-  default = 1
+variable "kubernetes_version" {
+  default = "1.11.7-gke.4"
 }
 
-variable "max_node_count" {
-  default = 3
-}
-
-variable "min_node_count" {
-  default = 1
-}
-
-variable "admin_username" {
-  default = "admin"
-}
-
-variable "admin_password" {
-  default = "00000000000000000"
-}
-
-variable "machine_type" {
-  default = "n1-standard-1"
-}
-
-variable "disk_size_gb" {
-  default = "100"
-}
-
-variable "master_zone" {
-  default = "europe-west1-b"
-}
-
-variable "additional_zones" {
-  default = [
-    "europe-west1-c",
-    "europe-west1-d",
-  ]
-}
+variable "master_ipv4_cidr_block" {}
 
-variable "min_master_version" {
-  default = "1.9.4-gke.1"
-}
+variable "enable_private_nodes" {}
 
-variable "initial_default_pool_name" {
-  default = "unused-default-pool"
-}
+variable "regional" {}
 
-variable "default_pool_name" {
-  default = "default-pool"
+variable "master_authorized_networks_config_cidr_blocks" {
+  type    = "list"
+  default = []
 }
 
-variable "daily_maintenance_window_start_time" {
-  default = "00:00"
-}
-
-variable "project" {
-  default = "gcp-project"
-}
+variable "daily_maintenance_window_start_time" {}
 
-variable "env" {
-  default = "sample"
+variable "gcp" {
+  type    = "map"
+  default = {}
 }
 
-variable "kubernetes_network_name" {
-  default = "kubernetes-network"
+variable "node-pools" {
+  type    = "list"
+  default = []
 }