Skip to content
Snippets Groups Projects
Commit ffc7412d authored by schnarkus's avatar schnarkus
Browse files

add initial tofu gcp hello world test

parent a3b9679e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
kubernetes-tofu-demo/app.tf 0 → 100644
+ 124
0
View file @ ffc7412d
data "google_client_config" "default" {}
provider "kubernetes" {
host = "https://${google_container_cluster.default.endpoint}"
token = data.google_client_config.default.access_token
cluster_ca_certificate = base64decode(google_container_cluster.default.master_auth[0].cluster_ca_certificate)
ignore_annotations = [
"^autopilot\\.gke\\.io\\/.*",
"^cloud\\.google\\.com\\/.*"
]
}
resource "kubernetes_deployment_v1" "default" {
metadata {
name = "devops24-hello-app-deployment"
}
spec {
selector {
match_labels = {
app = "hello-app"
}
}
template {
metadata {
labels = {
app = "hello-app"
}
}
spec {
container {
image = "us-docker.pkg.dev/google-samples/containers/gke/hello-app:2.0"
name = "hello-app-container"
port {
container_port = 8080
name = "hello-app-svc"
}
security_context {
allow_privilege_escalation = false
privileged = false
read_only_root_filesystem = false
capabilities {
add = []
drop = ["NET_RAW"]
}
}
liveness_probe {
http_get {
path = "/"
port = "hello-app-svc"
http_header {
name = "X-Custom-Header"
value = "Awesome"
}
}
initial_delay_seconds = 3
period_seconds = 3
}
}
security_context {
run_as_non_root = true
seccomp_profile {
type = "RuntimeDefault"
}
}
# Toleration is currently required to prevent perpetual diff:
# https://github.com/hashicorp/terraform-provider-kubernetes/pull/2380
toleration {
effect = "NoSchedule"
key = "kubernetes.io/arch"
operator = "Equal"
value = "amd64"
}
}
}
}
}
resource "kubernetes_service_v1" "default" {
metadata {
name = "devops24-hello-app-loadbalancer"
annotations = {
"cloud.google.com/l4-rbs" = "enabled"
}
}
spec {
selector = {
app = "hello-app"
}
ip_family_policy = "RequireDualStack"
port {
name = "http"
port = 80
target_port = "hello-app-svc"
protocol = "TCP"
}
type = "LoadBalancer"
}
depends_on = [time_sleep.wait_service_cleanup]
}
# Provide time for Service cleanup
resource "time_sleep" "wait_service_cleanup" {
depends_on = [google_container_cluster.default]
destroy_duration = "180s"
}
kubernetes-tofu-demo/cluster.tf 0 → 100644
+ 48
0
View file @ ffc7412d
resource "google_compute_network" "default" {
name = "devops24-network"
auto_create_subnetworks = false
enable_ula_internal_ipv6 = true
}
resource "google_compute_subnetwork" "default" {
name = "devops24-subnetwork"
ip_cidr_range = "10.0.0.0/16"
region = "europe-west1"
stack_type = "IPV4_IPV6"
ipv6_access_type = "EXTERNAL"
network = google_compute_network.default.id
secondary_ip_range {
range_name = "services-range"
ip_cidr_range = "192.168.0.0/24"
}
secondary_ip_range {
range_name = "pod-ranges"
ip_cidr_range = "192.168.1.0/24"
}
}
resource "google_container_cluster" "default" {
name = "devops24-autopilot-cluster"
location = "europe-west1"
enable_autopilot = true
enable_l4_ilb_subsetting = true
network = google_compute_network.default.id
subnetwork = google_compute_subnetwork.default.id
ip_allocation_policy {
stack_type = "IPV4_IPV6"
services_secondary_range_name = google_compute_subnetwork.default.secondary_ip_range[0].range_name
cluster_secondary_range_name = google_compute_subnetwork.default.secondary_ip_range[1].range_name
}
# Set `deletion_protection` to `true` will ensure that one cannot
# accidentally delete this instance by use of Terraform.
deletion_protection = false
}
kubernetes-tofu-demo/provider.tf 0 → 100644
+ 5
0
View file @ ffc7412d
provider "google" {
project = "bht-devops24-ss"
region = "europe-west1"
credentials = file("/home/schnarkus/.gcp/keyfile.json")
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment