gke-tf was created to streamline the creation of customized Terraform source files that build GKE clusters and supporting resources in GCP.
License: Apache License 2.0
https://godoc.org/github.com/GoogleCloudPlatform/gke-terraform-generator/pkg/api
needs to be added to the documentation
Do we want istio enabled by default? @bgeesaman @wripley ???
I have set region/zone to us-central1/us-central1-a, but the demo has failed. By looking at the logs, it seems that the script tried to create a NAT Gateway in us-west1... why ? given that the default region is us-central1.
`google_compute_router.router: Creation complete after 9s [id=us-west1/test-cluster-cloud-router]
google_compute_firewall.bastion-ssh: Still creating... [10s elapsed]
google_compute_subnetwork.subnetwork: Still creating... [10s elapsed]
google_compute_firewall.bastion-ssh: Creation complete after 16s [id=test-cluster-bastion-ssh]
google_compute_subnetwork.subnetwork: Still creating... [20s elapsed]
google_compute_subnetwork.subnetwork: Still creating... [30s elapsed]
google_compute_subnetwork.subnetwork: Creation complete after 39s [id=us-west1/my-subnet]
google_compute_router_nat.nat: Creating...
google_compute_instance.instance: Creating...
Error: Error waiting to patch router us-west1/test-cluster-cloud-router: Error waiting for Patching router: error while retrieving operation: googleapi: Error 401: Invalid Credentials, authError
on network.tf line 109, in resource "google_compute_router_nat" "nat":
109: resource "google_compute_router_nat" "nat" {
Error: Error waiting for instance to create: error while retrieving operation: Get https://www.googleapis.com/compute/v1/projects/my-apigee-project/zones/us-west1-a/operations/operation-1564478751498-58ee2983de116-77b5505e-ecefd8fe?alt=json&prettyPrint=false: oauth2/google: incomplete token received from metadata
on network.tf line 169, in resource "google_compute_instance" "instance":
169: resource "google_compute_instance" "instance" {
`
The validation for initialNodeCount: 2 working weird.
This works
nodePools:
- metadata:
name: my-node-pool
spec:
minCount: 2
maxCount: 2
initialNodeCount: 2This does not work:
nodePools:
- metadata:
name: my-node-pool
spec:
minCount: 2
initialNodeCount: 2This does not work:
nodePools:
- metadata:
name: my-node-pool
spec:
initialNodeCount: 2On Windows, it can't run the uptime validation command in terraform apply because gcloud compute ssh is shelling out to the local ssh but the local ssh is prompting for accepting the host key.
├── provider.google
├── provider.google-beta ~> 3.28.0
├── provider.kubernetes
├── provider.vault
└── module.dcp-gke
├── provider.google
├── provider.google-beta
├── provider.kubernetes
└── provider.random
When i deploy an new cluster by using Terraform providers . every think is OK except this pods : event-exporter-gke
i don't know why he can boot on cluster . I faced this issue:
F0707 13:26:00.772823 1 main.go:123] Failed to get GCE config: error while getting instance (node) name: metadata: GCE metadata "instance/name" not defined
Master version
1.16.9-gke.6
Endpoint
35.205.99.XX
maybe an permission issue ???
any suggestions will help me...
Using this yaml from the Anthos tutorial, changing the zone from us-central1 to us-east1 generated this error when executing terraform apply:
Error: Error loading zone 'us-east1-a': googleapi: Error 404: The resource 'projects/[project-id]/zones/us-east1-a' was not found
, notFound
Reviewing the terraform plan I found that the zone was automatically generated.
It looks like the us-east1-a zone doesn't exist, only the zones b, c, d.
Is this an issue or am I missing something?
The bastion instance resource hardcodes the zone to "${var.region}-a", which does not work for all regions, eg "europe-west1".
You probably want an additional "zone" variable, and then using that both for setting the resource's "zone" attribute, and the zone arg in the gcloud ssh command. Both are in network.tf.
We are setting master authorized networks and nat when are are doing a public cluster.
As discussed, I think it would be better to use Terraform remote state with a GCS bucket in this demo to showcase Terraform best practices instead of using local state.
We could add an init script that would create the GCS bucket if needed.
I have added the missing oauth scope in #21 and for some reason it is not working :(
I am getting docker login issues on the nodes. Here is my yaml in order to recreate:
kind: gke-cluster
metadata:
name: "test-cluster"
spec:
region: "us-west2"
private: "false"
regional: "false"
zones:
- "us-west2-c"
addons:
istio: false
binaryAuth: false
network:
metadata:
name: my-network
spec:
subnetName: my-subnet
subnetRange: "10.0.0.0/24"
podSubnetRange: "10.1.0.0/16"
serviceSubnetRange: "10.2.0.0/20"
masterIPV4CIDRBlock: "172.16.0.16/28"
nodePools:
- metadata:
name: my-node-pool
spec:
minCount: 2
maxCount: 2
initialNodeCount: 2
machineType: n1-standard-2
preemptible: trueThis is a public cluster and needs my other PR merged for the cluster to even launch.
When we create the iam role we are missing Storage Object Viewer so that the nodes can download containers.
We need to create step by step instructions on how to install gke-tf on the various operating systems.
In order to use CFT we need to update the various files in https://github.com/GoogleCloudPlatform/gke-terraform-generator/tree/master/pkg/terraform/cft
Each of the files needs to be updated to support the various values set in https://github.com/GoogleCloudPlatform/gke-terraform-generator/blob/master/pkg/api/api.go. Those structs define the values that the user provides in the yaml that is used to define a cluster.
The https://github.com/GoogleCloudPlatform/gke-terraform-generator/tree/master/pkg/terraform/vanilla directory containers the currently working templates for vanilla terraform that can be used as a guide on how to implement the CFT terraform.
The CFT go templates, to my best recollection, where working at one point, but need to be improved and tested.
Tests like https://github.com/GoogleCloudPlatform/gke-terraform-generator/blob/master/pkg/templates/templates_test.go#L82 determine if various values are set in the templates. Further unit testing should be implemented.
workloadIdentityConfig:
identityNamespace: "bgeesaman-gke-demos.svc.id.goog"We may be able to default the value for identityNamespace. Not certain exactly what it defaults to.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.