Bootstrap

Documentation/variables/gcp.md

@@ -19,5 +19,4 @@ This document gives an overview of variables used in the Google Cloud platform o
 | tectonic_gcp_worker_disk_size | The size of the disk in gigabytes for the root block device of worker nodes. | string | `30` |
 | tectonic_gcp_worker_disktype | The type of disk (pd-standard or pd-ssd) for the worker nodes. | string | `pd-standard` |
 | tectonic_gcp_worker_gce_type | Instance size for the worker node(s). Example: `n1-standard-2`. | string | `n1-standard-2` |
-| tectonic_gcp_zones | List of two or more zones to use from specified GCP region. | list | - |
 

Jenkinsfile

@@ -9,6 +9,7 @@
 creds = [
   file(credentialsId: 'tectonic-license', variable: 'TF_VAR_tectonic_license_path'),
   file(credentialsId: 'tectonic-pull', variable: 'TF_VAR_tectonic_pull_secret_path'),
+  file(credentialsId: 'GCP-APPLICATION', variable: 'GOOGLE_APPLICATION_CREDENTIALS'),
   [
     $class: 'AmazonWebServicesCredentialsBinding',
     credentialsId: 'tectonic-jenkins-installer'
@@ -72,6 +73,11 @@ pipeline {
       defaultValue: true,
       description: ''
     )
+    booleanParam(
+      name: 'PLATFORM/GCP',
+      defaultValue: true,
+      description: ''
+    )
     booleanParam(
       name: 'PLATFORM/BARE_METAL',
       defaultValue: true,
@@ -197,6 +203,7 @@ pipeline {
         GRAFITI_DELETER_ROLE = 'grafiti-deleter'
         TF_VAR_tectonic_container_images = "${params.hyperkube_image}"
         TF_VAR_tectonic_container_linux_version = "${params.container_linux_version}"
+        GOOGLE_PROJECT = "tectonic-installer"
       }
       steps {
         script {
@@ -226,6 +233,10 @@ pipeline {
             builds['azure_example'] = runRSpecTest('spec/azure_example_spec.rb', '')
           }
 
+          if (params."PLATFORM/GCP") {
+            builds['gcp'] = runRSpecTest('spec/gcp_spec.rb', '')
+          }
+
           if (params."PLATFORM/BARE_METAL") {
             builds['bare_metal'] = {
               node('worker && bare-metal') {

examples/terraform.tfvars.gcp

@@ -157,9 +157,6 @@ tectonic_gcp_worker_disktype = "pd-standard"
 // Instance size for the worker node(s). Example: `n1-standard-2`.
 tectonic_gcp_worker_gce_type = "n1-standard-2"
 
-// List of two or more zones to use from specified GCP region.
-tectonic_gcp_zones = ""
-
 // The path to the tectonic licence file.
 // You can download the Tectonic license file from your Account overview page at [1].
 // 

modules/gcp/master-igm/ignition.tf

@@ -1,8 +1,7 @@
 data "ignition_config" "main" {
   files = [
+    "${data.ignition_file.kubeconfig.id}",
     "${var.ign_max_user_watches_id}",
-    "${var.ign_gcs_puller_id}",
-    "${data.ignition_file.init_assets.id}",
     "${var.ign_installer_kubelet_env_id}",
   ]
 
@@ -11,31 +10,19 @@ data "ignition_config" "main" {
     var.ign_locksmithd_service_id,
     var.ign_kubelet_service_id,
     var.ign_k8s_node_bootstrap_service_id,
-    var.ign_init_assets_service_id,
     var.ign_bootkube_service_id,
     var.ign_tectonic_service_id,
     var.ign_bootkube_path_unit_id,
     var.ign_tectonic_path_unit_id
    ))}"]
 }
 
-data "template_file" "init_assets" {
-  template = "${file("${path.module}/resources/init-assets.sh")}"
-
-  vars {
-    cluster_name        = "${var.cluster_name}"
-    assets_gcs_location = "${var.assets_gcs_location}"
-    kubelet_image_url   = "${replace(var.container_images["hyperkube"],var.image_re,"$1")}"
-    kubelet_image_tag   = "${replace(var.container_images["hyperkube"],var.image_re,"$2")}"
-  }
-}
-
-data "ignition_file" "init_assets" {
+data "ignition_file" "kubeconfig" {
   filesystem = "root"
-  path       = "/opt/init-assets.sh"
-  mode       = 0755
+  path       = "/etc/kubernetes/kubeconfig"
+  mode       = 0644
 
   content {
-    content = "${data.template_file.init_assets.rendered}"
+    content = "${var.kubeconfig_content}"
   }
 }

modules/gcp/master-igm/master.tf

@@ -47,12 +47,17 @@ resource "google_compute_instance_template" "master-it" {
   }
 }
 
-resource "google_compute_instance_group_manager" "master-igm" {
-  count              = "${var.instance_count}"
-  target_size        = 1
+resource "google_compute_region_instance_group_manager" "master-igm" {
+  count              = 1
+  region             = "${var.region}"
+  target_size        = "${var.instance_count}"
   name               = "${var.cluster_name}-master-igm-${count.index}"
-  zone               = "${element(var.zone_list, count.index)}"
   instance_template  = "${google_compute_instance_template.master-it.self_link}"
   target_pools       = ["${var.master_targetpool_self_link}"]
-  base_instance_name = "mstr"
+  base_instance_name = "${var.cluster_name}-master"
+
+  named_port {
+    name = "https"
+    port = 443
+  }
 }

modules/gcp/master-igm/outputs.tf

@@ -15,5 +15,5 @@ limitations under the License.
 */
 
 output "instance_group" {
-  value = ["${google_compute_instance_group_manager.master-igm.*.instance_group}"]
+  value = ["${google_compute_region_instance_group_manager.master-igm.*.instance_group}"]
 }

modules/gcp/master-igm/variables.tf

@@ -26,10 +26,6 @@ variable "region" {
   type = "string"
 }
 
-variable "zone_list" {
-  type = "list"
-}
-
 variable "machine_type" {
   type = "string"
 }
@@ -74,19 +70,6 @@ variable "ign_tectonic_path_unit_id" {
   type = "string"
 }
 
-variable "ign_gcs_puller_id" {
-  type = "string"
-}
-
-variable "ign_init_assets_service_id" {
-  type = "string"
-}
-
-variable "assets_gcs_location" {
-  type        = "string"
-  description = "Location on gcs of the Bootkube/Tectonic assets to use (bucket/key)"
-}
-
 variable "container_images" {
   description = "Container images to use"
   type        = "map"
@@ -100,3 +83,7 @@ variable "image_re" {
 variable "public_ssh_key" {
   default = ""
 }
+
+variable "kubeconfig_content" {
+  type = "string"
+}

modules/gcp/network/loadbalancer.tf

@@ -19,14 +19,57 @@ resource "google_compute_http_health_check" "worker-hc" {
   check_interval_sec = 1
 }
 
-resource "google_compute_address" "masters-ip" {
+// api-server/masters lb
+// We need to use a global lb for bootstraping
+// because of https://issuetracker.google.com/issues/67366622
+resource "google_compute_global_address" "masters-ip" {
+  name = "${var.cluster_name}-masters-ip"
+}
+
+resource "google_compute_global_forwarding_rule" "api-external-fwd-rule" {
+  name       = "${var.cluster_name}-api-external-fwd-rule"
+  target     = "${google_compute_target_tcp_proxy.api-external-tcp-proxy.self_link}"
+  ip_address = "${google_compute_global_address.masters-ip.address}"
+  port_range = "443"
+}
+
+resource "google_compute_target_tcp_proxy" "api-external-tcp-proxy" {
+  name            = "${var.cluster_name}-api-external-tcp-proxy"
+  backend_service = "${google_compute_backend_service.api-backend-service.self_link}"
+}
+
+resource "google_compute_backend_service" "api-backend-service" {
+  name             = "${var.cluster_name}-api-backend-service"
+  protocol         = "TCP"
+  port_name        = "https"
+  timeout_sec      = 10
+  session_affinity = "NONE"
+
+  backend {
+    group = "${var.master_instance_group[0]}"
+  }
+
+  health_checks = ["${google_compute_health_check.api-health-check.self_link}"]
+}
+
+resource "google_compute_health_check" "api-health-check" {
+  name               = "${var.cluster_name}-api-health-check"
+  timeout_sec        = 1
+  check_interval_sec = 1
+
+  ssl_health_check {
+    port = "443"
+  }
+}
+
+resource "google_compute_address" "ssh-masters-ip" {
   name = "${var.cluster_name}-masters-ip"
 }
 
 resource "google_compute_forwarding_rule" "api-external-fwd-rule" {
   load_balancing_scheme = "EXTERNAL"
   name                  = "${var.cluster_name}-api-external-fwd-rule"
-  ip_address            = "${google_compute_address.masters-ip.address}"
+  ip_address            = "${google_compute_address.ssh-masters-ip.address}"
   region                = "${var.gcp_region}"
   target                = "${google_compute_target_pool.master-targetpool.self_link}"
   port_range            = "443"
@@ -39,7 +82,7 @@ resource "google_compute_address" "ingress-ip" {
 resource "google_compute_forwarding_rule" "api-external-ssh-fwd-rule" {
   load_balancing_scheme = "EXTERNAL"
   name                  = "${var.cluster_name}-api-external-ssh-fwd-rule"
-  ip_address            = "${google_compute_address.masters-ip.address}"
+  ip_address            = "${google_compute_address.ssh-masters-ip.address}"
   region                = "${var.gcp_region}"
   target                = "${google_compute_target_pool.master-targetpool.self_link}"
   port_range            = "22"

modules/gcp/network/outputs.tf

@@ -15,7 +15,11 @@ limitations under the License.
 */
 
 output "master_ip" {
-  value = "${google_compute_address.masters-ip.address}"
+  value = "${google_compute_global_address.masters-ip.address}"
+}
+
+output "ssh_master_ip" {
+  value = "${google_compute_address.ssh-masters-ip.address}"
 }
 
 output "ingress_ip" {

modules/gcp/worker-igm/ignition.tf

@@ -1,7 +1,7 @@
 data "ignition_config" "main" {
   files = [
+    "${data.ignition_file.kubeconfig.id}",
     "${var.ign_max_user_watches_id}",
-    "${var.ign_gcs_puller_id}",
     "${var.ign_installer_kubelet_env_id}",
   ]
 
@@ -12,3 +12,13 @@ data "ignition_config" "main" {
     "${var.ign_kubelet_service_id}",
   ]
 }
+
+data "ignition_file" "kubeconfig" {
+  filesystem = "root"
+  path       = "/etc/kubernetes/kubeconfig"
+  mode       = 0644
+
+  content {
+    content = "${var.kubeconfig_content}"
+  }
+}

modules/gcp/worker-igm/variables.tf

@@ -26,10 +26,6 @@ variable "region" {
   type = "string"
 }
 
-variable "zone_list" {
-  type = "list"
-}
-
 variable "machine_type" {
   type = "string"
 }
@@ -56,10 +52,10 @@ variable "disk_size" {
   description = "The size of the volume in gigabytes for the root block device."
 }
 
-variable "ign_gcs_puller_id" {
-  type = "string"
-}
-
 variable "public_ssh_key" {
   default = ""
 }
+
+variable "kubeconfig_content" {
+  type = "string"
+}

modules/gcp/worker-igm/worker.tf

@@ -47,12 +47,12 @@ resource "google_compute_instance_template" "worker-it" {
   }
 }
 
-resource "google_compute_instance_group_manager" "worker-igm" {
-  count              = "${var.instance_count}"
-  target_size        = 1
+resource "google_compute_region_instance_group_manager" "worker-igm" {
+  count              = 1
+  region             = "${var.region}"
+  target_size        = "${var.instance_count}"
   name               = "${var.cluster_name}-worker-igm-${count.index}"
-  zone               = "${element(var.zone_list, count.index)}"
   instance_template  = "${google_compute_instance_template.worker-it.self_link}"
   target_pools       = ["${var.worker_targetpool_self_link}"]
-  base_instance_name = "wrkr"
+  base_instance_name = "${var.cluster_name}-worker"
 }

modules/ignition/assets.tf

@@ -91,20 +91,6 @@ data "ignition_file" "s3_puller" {
   }
 }
 
-data "template_file" "gcs_puller" {
-  template = "${file("${path.module}/resources/bin/gcs-puller.sh")}"
-}
-
-data "ignition_file" "gcs_puller" {
-  filesystem = "root"
-  path       = "/opt/gcs-puller.sh"
-  mode       = 0755
-
-  content {
-    content = "${data.template_file.gcs_puller.rendered}"
-  }
-}
-
 data "ignition_systemd_unit" "locksmithd" {
   name = "locksmithd.service"
   mask = true

modules/ignition/outputs.tf

@@ -42,14 +42,6 @@ output "s3_puller_rendered" {
   value = "${data.template_file.s3_puller.rendered}"
 }
 
-output "gcs_puller_id" {
-  value = "${data.ignition_file.gcs_puller.id}"
-}
-
-output "gcs_puller_rendered" {
-  value = "${data.template_file.gcs_puller.rendered}"
-}
-
 output "locksmithd_service_id" {
   value = "${data.ignition_systemd_unit.locksmithd.id}"
 }