Skip to content

Commit

Permalink
Combine all clusters into one (#122)
Browse files Browse the repository at this point in the history 
It seems the FDA MyStudies team has moved towards combining all servers into
one cluster, "heroes-hat-dev". Adjust Terraform configs to match that.

Also increase the IP ranges for pods and services, to leave more room for
scaling.

Co-authored-by: Martin Petkov <[email protected]>
  • Loading branch information
@MartinPetkov
MartinPetkov and MartinPetkov authored Apr 9, 2020
1 parent a1d67b3 commit b7af48d
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 162 deletions.
122 changes: 6 additions & 116 deletions Terraform/org/folder.fda-my-studies/project.heroes-hat-dev-apps/apps/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,131 +6,21 @@ terraform {

# From
# https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/modules/safer-cluster-update-variant

# Auth server
module "gke-auth-server" {
source = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster"

# Required
name = "auth-server-ws-cluster"
kubernetes_version = "1.14.10-gke.24"
project_id = var.project_id
region = var.gke_region
regional = true
network_project_id = var.network_project_id
network = var.network
subnetwork = var.subnetwork
ip_range_pods = "auth-server-ws-cluster-ip-range-pods"
ip_range_services = "auth-server-ws-cluster-ip-range-svc"
master_ipv4_cidr_block = "172.16.0.0/28"

# Optional
# Some of these were taken from the example config at
# https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/examples/safer_cluster
istio = true
skip_provisioners = true

# Need to either disable private endpoint, or enable master auth networks.
enable_private_endpoint = false
}

# Response server
module "gke-response-server" {
source = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster"

# Required
name = "response-server-ws-cluster"
kubernetes_version = "1.14.10-gke.24"
project_id = var.project_id
region = var.gke_region
regional = true
network_project_id = var.network_project_id
network = var.network
subnetwork = var.subnetwork
ip_range_pods = "response-server-ws-cluster-ip-range-pods"
ip_range_services = "response-server-ws-cluster-ip-range-svc"
master_ipv4_cidr_block = "172.16.1.0/28"

# Optional
# Some of these were taken from the example config at
# https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/examples/safer_cluster
istio = true
skip_provisioners = true

# Need to either disable private endpoint, or enable master auth networks.
enable_private_endpoint = false
}

# Study designer
module "gke-study-designer" {
source = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster"

# Required
name = "study-designer-cluster"
kubernetes_version = "1.14.10-gke.24"
project_id = var.project_id
region = var.gke_region
regional = true
network_project_id = var.network_project_id
network = var.network
subnetwork = var.subnetwork
ip_range_pods = "study-designer-cluster-ip-range-pods"
ip_range_services = "study-designer-cluster-ip-range-svc"
master_ipv4_cidr_block = "172.16.2.0/28"

# Optional
# Some of these were taken from the example config at
# https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/examples/safer_cluster
istio = true
skip_provisioners = true

# Need to either disable private endpoint, or enable master auth networks.
enable_private_endpoint = false
}

# Study metadata
module "gke-study-metadata" {
source = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster"

# Required
name = "study-meta-data-cluster"
kubernetes_version = "1.14.10-gke.24"
project_id = var.project_id
region = var.gke_region
regional = true
network_project_id = var.network_project_id
network = var.network
subnetwork = var.subnetwork
ip_range_pods = "study-meta-data-cluster-ip-range-pods"
ip_range_services = "study-meta-data-cluster-ip-range-svc"
master_ipv4_cidr_block = "172.16.3.0/28"

# Optional
# Some of these were taken from the example config at
# https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/examples/safer_cluster
istio = true
skip_provisioners = true

# Need to either disable private endpoint, or enable master auth networks.
enable_private_endpoint = false
}

# User registration server
module "gke-registration-server" {
module "heroes_hat_cluster" {
source = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster"

# Required
name = "user-registration-server-ws-cluster"
kubernetes_version = "1.14.10-gke.24"
name = "heroes-hat-cluster"
kubernetes_version = "1.14.10-gke.27"
project_id = var.project_id
region = var.gke_region
regional = true
network_project_id = var.network_project_id
network = var.network
subnetwork = var.subnetwork
ip_range_pods = "user-registration-server-ws-cluster-ip-range-pods"
ip_range_services = "user-registration-server-ws-cluster-ip-range-svc"
master_ipv4_cidr_block = "172.16.4.0/28"
ip_range_pods = "heroes-hat-cluster-ip-range-pods"
ip_range_services = "heroes-hat-cluster-ip-range-svc"
master_ipv4_cidr_block = "192.168.0.0/28"

# Optional
# Some of these were taken from the example config at
Expand Down
54 changes: 8 additions & 46 deletions Terraform/org/folder.fda-my-studies/project.heroes-hat-dev-networks/networks/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ module "private" {
project_id = var.project_id
network_name = "private"

# All the clusters can be in the same network and subnet.
# Multiple clusters can be in the same network and subnet.
subnets = [
{
subnet_name = local.gke_clusters_subnet_name
Expand All @@ -30,54 +30,16 @@ module "private" {
# See https://cloud.google.com/kubernetes-engine/docs/how-to/alias-ips#cluster_sizing_secondary_range_pods for how many nodes the /20 ranges get.
secondary_ranges = {
"${local.gke_clusters_subnet_name}" = [
# Auth server.
# The Heroes Hat GKE cluster.
# /14 is the default size for the subnet's secondary IP range for Pods when the secondary range assignment method is managed by GKE, so imitate that.
# Calculated using http://www.davidc.net/sites/default/subnets/subnets.html
{
range_name = "auth-server-ws-cluster-ip-range-pods"
ip_cidr_range = "192.168.0.0/20"
range_name = "heroes-hat-cluster-ip-range-pods"
ip_cidr_range = "172.16.0.0/14"
},
{
range_name = "auth-server-ws-cluster-ip-range-svc"
ip_cidr_range = "192.168.16.0/20"
},

# Response server.
{
range_name = "response-server-ws-cluster-ip-range-pods"
ip_cidr_range = "192.168.32.0/20"
},
{
range_name = "response-server-ws-cluster-ip-range-svc"
ip_cidr_range = "192.168.48.0/20"
},

# Study designer.
{
range_name = "study-designer-cluster-ip-range-pods"
ip_cidr_range = "192.168.64.0/20"
},
{
range_name = "study-designer-cluster-ip-range-svc"
ip_cidr_range = "192.168.80.0/20"
},

# Study metadata.
{
range_name = "study-meta-data-cluster-ip-range-pods"
ip_cidr_range = "192.168.96.0/20"
},
{
range_name = "study-meta-data-cluster-ip-range-svc"
ip_cidr_range = "192.168.112.0/20"
},

# User registration server.
{
range_name = "user-registration-server-ws-cluster-ip-range-pods"
ip_cidr_range = "192.168.128.0/20"
},
{
range_name = "user-registration-server-ws-cluster-ip-range-svc"
ip_cidr_range = "192.168.144.0/20"
range_name = "heroes-hat-cluster-ip-range-svc"
ip_cidr_range = "172.20.0.0/14"
},
],
}
Expand Down

0 comments on commit b7af48d

Please sign in to comment.