Merge pull request #85 from ranyodh/gcp-cloud-provider-support

ranyodh · web-flow · commit f94dc0c95d2d · 2022-08-08T14:36:21.000-04:00
Add service account, access scopes and instance prefix tags to instances
diff --git a/examples/terraform/gcp/main.tf b/examples/terraform/gcp/main.tf
@@ -40,15 +40,16 @@ module "common" {
 }
 
 module "managers" {
-  source          = "./modules/manager"
-  manager_count   = var.manager_count
-  gcp_region      = var.gcp_region
-  gcp_zone        = local.zone
-  cluster_name    = var.cluster_name
-  image_name      = module.common.image_name
-  vpc_name        = module.vpc.vpc_name
-  subnetwork_name = module.vpc.subnet_name
-  ssh_key         = module.common.ssh_key
+  source                = "./modules/manager"
+  manager_count         = var.manager_count
+  gcp_region            = var.gcp_region
+  gcp_zone              = local.zone
+  cluster_name          = var.cluster_name
+  image_name            = module.common.image_name
+  vpc_name              = module.vpc.vpc_name
+  subnetwork_name       = module.vpc.subnet_name
+  ssh_key               = module.common.ssh_key
+  service_account_email = module.common.service_account_email
 }
 
 module "msrs" {
@@ -64,30 +65,32 @@ module "msrs" {
 }
 
 module "workers" {
-  source          = "./modules/worker"
-  worker_count    = var.worker_count
-  gcp_region      = var.gcp_region
-  gcp_zone        = local.zone
-  cluster_name    = var.cluster_name
-  vpc_name        = module.vpc.vpc_name
-  subnetwork_name = module.vpc.subnet_name
-  image_name      = module.common.image_name
-  ssh_key         = module.common.ssh_key
-  worker_type     = var.worker_type
+  source                = "./modules/worker"
+  worker_count          = var.worker_count
+  gcp_region            = var.gcp_region
+  gcp_zone              = local.zone
+  cluster_name          = var.cluster_name
+  vpc_name              = module.vpc.vpc_name
+  subnetwork_name       = module.vpc.subnet_name
+  image_name            = module.common.image_name
+  ssh_key               = module.common.ssh_key
+  worker_type           = var.worker_type
+  service_account_email = module.common.service_account_email
 }
 
 module "windows_workers" {
-  source           = "./modules/windows_worker"
-  worker_count     = var.windows_worker_count
-  gcp_zone         = local.zone
-  cluster_name     = var.cluster_name
-  vpc_name         = module.vpc.vpc_name
-  subnetwork_name  = module.vpc.subnet_name
-  image_name       = module.common.windows_2019_image_name
-  ssh_key          = module.common.ssh_key
-  worker_type      = var.worker_type
-  windows_user     = var.windows_user
-  windows_password = var.windows_password
+  source                = "./modules/windows_worker"
+  worker_count          = var.windows_worker_count
+  gcp_zone              = local.zone
+  cluster_name          = var.cluster_name
+  vpc_name              = module.vpc.vpc_name
+  subnetwork_name       = module.vpc.subnet_name
+  image_name            = module.common.windows_2019_image_name
+  ssh_key               = module.common.ssh_key
+  worker_type           = var.worker_type
+  windows_user          = var.windows_user
+  windows_password      = var.windows_password
+  service_account_email = module.common.service_account_email
 }
 
 locals {
diff --git a/examples/terraform/gcp/modules/common/main.tf b/examples/terraform/gcp/modules/common/main.tf
@@ -11,16 +11,28 @@ resource "local_file" "ssh_public_key" {
   }
 }
 
+
 data "google_compute_image" "ubuntu" {
-  family  = "ubuntu-1804-lts"
+  family  = "ubuntu-2004-lts"
   project = "ubuntu-os-cloud"
 }
 
 data "google_compute_image" "windows_2019" {
-  family  = "windows-2019-core-for-containers"
+  family  = "windows-2019-core"
   project = "windows-cloud"
 }
 
+resource "google_service_account" "default" {
+  account_id   = "${var.cluster_name}-service-account-id"
+  display_name = "Service Account"
+}
+
+resource "google_project_iam_member" "default" {
+  project = var.project_id
+  member  = "serviceAccount:${google_service_account.default.email}"
+  role    = "roles/compute.admin"
+}
+
 resource "google_compute_firewall" "common_internal" {
   name        = "${var.cluster_name}-internal"
   description = "mke cluster common rule to allow all internal traffic"
diff --git a/examples/terraform/gcp/modules/common/outputs.tf b/examples/terraform/gcp/modules/common/outputs.tf
@@ -9,3 +9,7 @@ output "windows_2019_image_name" {
 output "ssh_key" {
   value = tls_private_key.ssh_key
 }
+
+output "service_account_email" {
+  value = google_service_account.default.email
+}
diff --git a/examples/terraform/gcp/modules/manager/main.tf b/examples/terraform/gcp/modules/manager/main.tf
@@ -53,11 +53,20 @@ resource "google_compute_instance" "mke_manager" {
     access_config {
     }
   }
+
   tags = [
+    var.cluster_name,
     "allow-ssh",
     "allow-manager",
     "allow-internal"
   ]
+
+  service_account {
+    email = var.service_account_email
+    scopes = [
+      "https://www.googleapis.com/auth/cloud-platform"
+    ]
+  }
 }
 
 resource "google_compute_instance_group" "default" {
diff --git a/examples/terraform/gcp/modules/manager/variables.tf b/examples/terraform/gcp/modules/manager/variables.tf
@@ -12,6 +12,8 @@ variable "image_name" {}
 
 variable "ssh_key" {}
 
+variable "service_account_email" {}
+
 variable "manager_count" {
   default = 3
 }
diff --git a/examples/terraform/gcp/modules/msr/main.tf b/examples/terraform/gcp/modules/msr/main.tf
@@ -37,6 +37,7 @@ resource "google_compute_instance" "mke_msr" {
     }
   }
   tags = [
+    var.cluster_name,
     "allow-ssh",
     "allow-msr",
     "allow-internal"
diff --git a/examples/terraform/gcp/modules/windows_worker/main.tf b/examples/terraform/gcp/modules/windows_worker/main.tf
@@ -104,12 +104,20 @@ EOF
   }
 
   tags = [
+    var.cluster_name,
     "allow-rdp",
     "allow-winrm",
     "allow-worker",
     "allow-internal"
   ]
 
+  service_account {
+    email = var.service_account_email
+    scopes = [
+      "https://www.googleapis.com/auth/cloud-platform"
+    ]
+  }
+
   provisioner "remote-exec" {
     connection {
       host     = self.network_interface.0.access_config.0.nat_ip
diff --git a/examples/terraform/gcp/modules/windows_worker/variables.tf b/examples/terraform/gcp/modules/windows_worker/variables.tf
@@ -10,6 +10,8 @@ variable "image_name" {}
 
 variable "ssh_key" {}
 
+variable "service_account_email" {}
+
 variable "worker_count" {
   default = 0
 }
diff --git a/examples/terraform/gcp/modules/worker/main.tf b/examples/terraform/gcp/modules/worker/main.tf
@@ -24,9 +24,18 @@ resource "google_compute_instance" "mke_worker" {
     access_config {
     }
   }
+
   tags = [
+    var.cluster_name,
     "allow-ssh",
     "allow-worker",
     "allow-internal"
   ]
+
+  service_account {
+    email = var.service_account_email
+    scopes = [
+      "https://www.googleapis.com/auth/cloud-platform"
+    ]
+  }
 }
diff --git a/examples/terraform/gcp/modules/worker/variables.tf b/examples/terraform/gcp/modules/worker/variables.tf
@@ -12,6 +12,8 @@ variable "image_name" {}
 
 variable "ssh_key" {}
 
+variable "service_account_email" {}
+
 variable "worker_count" {
   default = 3
 }
diff --git a/examples/terraform/gcp/variables.tf b/examples/terraform/gcp/variables.tf
@@ -20,7 +20,7 @@ variable "gcp_service_credential" {
 
 variable "vpc_mtu" {
   default     = 1500
-  description = "MTU for the VPC. GCP support two MTU values for the VPC: 1440 or 1500"
+  description = "MTU for the VPC. GCP support two MTU values for the VPC: 1460 or 1500"
 }
 
 variable "vpc_cidr" {

Original file line number	Diff line number	Diff line change
`@@ -9,3 +9,7 @@ output "windows_2019_image_name" {`
`9`	`9`	`output "ssh_key" {`
`10`	`10`	`value = tls_private_key.ssh_key`
`11`	`11`	`}`
	`12`	`+`
	`13`	`+output "service_account_email" {`
	`14`	`+ value = google_service_account.default.email`
	`15`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -53,11 +53,20 @@ resource "google_compute_instance" "mke_manager" {`
`53`	`53`	`access_config {`
`54`	`54`	`}`
`55`	`55`	`}`
	`56`	`+`
`56`	`57`	`tags = [`
	`58`	`+ var.cluster_name,`
`57`	`59`	`"allow-ssh",`
`58`	`60`	`"allow-manager",`
`59`	`61`	`"allow-internal"`
`60`	`62`	`]`
	`63`	`+`
	`64`	`+ service_account {`
	`65`	`+ email = var.service_account_email`
	`66`	`+ scopes = [`
	`67`	`+ "https://www.googleapis.com/auth/cloud-platform"`
	`68`	`+ ]`
	`69`	`+ }`
`61`	`70`	`}`
`62`	`71`
`63`	`72`	`resource "google_compute_instance_group" "default" {`
Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,8 @@ variable "image_name" {}`
`12`	`12`
`13`	`13`	`variable "ssh_key" {}`
`14`	`14`
	`15`	`+variable "service_account_email" {}`
	`16`	`+`
`15`	`17`	`variable "manager_count" {`
`16`	`18`	`default = 3`
`17`	`19`	`}`
Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@ resource "google_compute_instance" "mke_msr" {`
`37`	`37`	`}`
`38`	`38`	`}`
`39`	`39`	`tags = [`
	`40`	`+ var.cluster_name,`
`40`	`41`	`"allow-ssh",`
`41`	`42`	`"allow-msr",`
`42`	`43`	`"allow-internal"`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,8 @@ variable "image_name" {}`
`10`	`10`
`11`	`11`	`variable "ssh_key" {}`
`12`	`12`
	`13`	`+variable "service_account_email" {}`
	`14`	`+`
`13`	`15`	`variable "worker_count" {`
`14`	`16`	`default = 0`
`15`	`17`	`}`
Original file line number	Diff line number	Diff line change
`@@ -24,9 +24,18 @@ resource "google_compute_instance" "mke_worker" {`
`24`	`24`	`access_config {`
`25`	`25`	`}`
`26`	`26`	`}`
	`27`	`+`
`27`	`28`	`tags = [`
	`29`	`+ var.cluster_name,`
`28`	`30`	`"allow-ssh",`
`29`	`31`	`"allow-worker",`
`30`	`32`	`"allow-internal"`
`31`	`33`	`]`
	`34`	`+`
	`35`	`+ service_account {`
	`36`	`+ email = var.service_account_email`
	`37`	`+ scopes = [`
	`38`	`+ "https://www.googleapis.com/auth/cloud-platform"`
	`39`	`+ ]`
	`40`	`+ }`
`32`	`41`	`}`