update modules

sohanyadav · sohanyadav · commit df03e2be9d26 · 2025-03-12T12:37:21.000+05:30
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -9,7 +9,7 @@ Ensure the following tasks are completed.
 - [ ] Are tests included?
   - [ ] Are the tests running?
 - [ ] Are the names of the files correct?
-- [ ] Add PR/Issue to opsZero Project and set to `Review` column
+- [ ] Add PR/Issue to opsZero project and set to `Review` column
 
 # Reviewer Checklist
 
diff --git a/README.md b/README.md
@@ -36,8 +36,8 @@ gcloud container clusters get-credentials <clustername> --region us-central1
 |------|-------------|------|---------|:--------:|
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | The minimum version of the master | `string` | `"1.27"` | no |
 | <a name="input_csi_secrets_store_enabled"></a> [csi\_secrets\_store\_enabled](#input\_csi\_secrets\_store\_enabled) | Specify whether the CSI driver is enabled | `bool` | `true` | no |
-| <a name="input_name"></a> [environment\_name](#input\_environment\_name) | The name of the environment to create resources | `string` | n/a | yes |
-| <a name="input_project"></a> [project](#input\_project) | The Google Project that will host the cluster | `string` | n/a | yes |
+| <a name="input_environment_name"></a> [environment\_name](#input\_environment\_name) | The name of the environment to create resources | `string` | n/a | yes |
+| <a name="input_project"></a> [project](#input\_project) | The Google project that will host the cluster | `string` | n/a | yes |
 | <a name="input_redis_enabled"></a> [redis\_enabled](#input\_redis\_enabled) | Specify whether the redis cluster is enabled | `bool` | `false` | no |
 | <a name="input_redis_ha_enabled"></a> [redis\_ha\_enabled](#input\_redis\_ha\_enabled) | Specify whether HA is enabled for redis | `bool` | `false` | no |
 | <a name="input_redis_memory_in_gb"></a> [redis\_memory\_in\_gb](#input\_redis\_memory\_in\_gb) | Redis memory size in GiB | `number` | `1` | no |
@@ -105,4 +105,4 @@ Please [schedule a call](https://calendly.com/opszero-llc/discovery) if you need
   <img src="https://opszero.com/wp-content/uploads/2024/07/AWS-public-sector.png" width="150px" />
   <img src="https://opszero.com/wp-content/uploads/2024/07/AWS-eks.png" width="150px" />
 </div>
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->
diff --git a/examples/gcp/.gitignore b/examples/gcp/.gitignore
diff --git a/examples/gcp/main.tf b/examples/gcp/main.tf
@@ -1,18 +1,24 @@
 provider "google" {
   region  = "us-central1"
-  project = "xx-xxxx-xxxx-xx"
+  project = "xx-xx-xx-xx"
 }
 
 module "gke" {
   source                    = "../../"
-  project                   = "xx-xxxx-xxxx-xx"
-  name                      = "dev"
+  project                   = "xx-xx-xx-xx"
+  environment_name          = "example"
   machine_type              = "e2-medium"
   image_type                = "UBUNTU_CONTAINERD"
   location                  = "us-central1-a"
-  min_master_version        = "1.29.14-gke.1018000"
+  min_master_version        = "1.30.9-gke.1046000"
+  sql_master_username       = "root"
+  sql_master_password       = "pass"
   initial_node_count        = 1
   min_node_count            = 1
   max_node_count            = 1
   disk_size_gb              = 20
+  csi_secrets_store_enabled = true
+  kms_enabled               = true
+  sql_enabled               = true
+  redis_enabled             = true
 }
diff --git a/gcp_csi_secrets_store.tf b/gcp_csi_secrets_store.tf
@@ -1,12 +1,12 @@
 resource "helm_release" "csi_secrets_store" {
   count = var.csi_secrets_store_enabled ? 1 : 0
 
-  name       = "csi-secrets-store"
-  repository = "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts"
-  chart      = "secrets-store-csi-driver"
-
+  name             = "csi-secrets-store"
+  repository       = "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts"
+  chart            = "secrets-store-csi-driver"
   namespace        = "csi"
   create_namespace = true
+  depends_on       = [google_container_cluster.primary, google_container_node_pool.node_pool]
 }
 
 data "http" "csi_secrets_store_gcp_provider" {
diff --git a/kms.tf b/kms.tf
@@ -1,6 +1,6 @@
 resource "google_kms_key_ring" "keyring" {
   count   = var.kms_enabled ? 1 : 0
-  name    = var.name
+  name    = var.environment_name
   project = var.project
 
   location = "global"
@@ -12,7 +12,7 @@ resource "google_kms_key_ring" "keyring" {
 
 resource "google_kms_crypto_key" "key" {
   count = var.kms_enabled ? 1 : 0
-  name  = var.name
+  name  = var.environment_name
 
   key_ring = join("", google_kms_key_ring.keyring.*.id)
 
diff --git a/locals.tf b/locals.tf
@@ -1,5 +1,5 @@
 locals {
   tags = merge(var.tags, {
-    "kubespot_env" = var.name
+    "kubespot_env" = var.environment_name
   })
 }
diff --git a/main.tf b/main.tf
@@ -1,10 +1,27 @@
+data "google_client_config" "default" {}
+
+provider "helm" {
+  kubernetes {
+    host                   = "https://${google_container_cluster.primary.endpoint}"
+    token                  = data.google_client_config.default.access_token
+    cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
+  }
+}
+
+provider "kubernetes" {
+  host                   = "https://${google_container_cluster.primary.endpoint}"
+  token                  = data.google_client_config.default.access_token
+  cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
+}
+
+
 resource "google_container_cluster" "primary" {
-  name                     = var.name
+  name                     = var.environment_name
   project                  = var.project
   network                  = google_compute_network.network.id
   subnetwork               = google_compute_subnetwork.subnet.id
-  remove_default_node_pool = var.remove_default_node_pool
   location                 = var.location
+  remove_default_node_pool = var.remove_default_node_pool
   initial_node_count       = var.initial_node_count
   min_master_version       = var.min_master_version
 
@@ -13,14 +30,6 @@ resource "google_container_cluster" "primary" {
     enable_private_endpoint = false
   }
 
-  node_config {
-    preemptible  = true
-    machine_type = var.machine_type
-  }
-
-  lifecycle {
-    ignore_changes = [initial_node_count]
-  }
   deletion_protection = false
   ip_allocation_policy {}
 
@@ -36,7 +45,7 @@ resource "google_container_cluster" "primary" {
 }
 
 resource "google_container_node_pool" "node_pool" {
-  name               = "${var.name}-node-pool"
+  name               = "${var.environment_name}-node-pool"
   project            = var.project
   location           = var.location
   cluster            = google_container_cluster.primary.id
@@ -66,7 +75,6 @@ resource "google_container_node_pool" "node_pool" {
     ignore_changes        = [initial_node_count]
     create_before_destroy = false
   }
-
   timeouts {
     create = var.cluster_create_timeouts
     update = var.cluster_update_timeouts
@@ -76,7 +84,7 @@ resource "google_container_node_pool" "node_pool" {
 
 resource "null_resource" "configure_kubectl" {
   provisioner "local-exec" {
-    command = "gcloud container clusters get-credentials ${var.name} --zone ${var.location} --project ${var.project}"
+    command = "gcloud container clusters get-credentials ${var.environment_name} --zone ${var.location} --project ${var.project}"
     environment = {
       KUBECONFIG = var.kubectl_config_path != "" ? var.kubectl_config_path : ""
     }
diff --git a/redis.tf b/redis.tf
@@ -1,7 +1,7 @@
 resource "google_redis_instance" "cache" {
   count          = var.redis_enabled ? 1 : 0
   project        = var.project
-  name           = var.name
+  name           = var.environment_name
   memory_size_gb = var.redis_memory_in_gb
 
   authorized_network = google_compute_network.network.self_link
diff --git a/sql.tf b/sql.tf
@@ -8,7 +8,7 @@ resource "google_sql_database_instance" "default" {
   project = var.project
   region  = var.region
 
-  name             = "${var.name}-${random_id.server.hex}"
+  name             = "${var.environment_name}-${random_id.server.hex}"
   database_version = var.sql_engine
   depends_on       = [null_resource.sql_vpc_lock]
   settings {
diff --git a/subnetwork.tf b/subnetwork.tf
@@ -1,5 +1,5 @@
 resource "google_compute_subnetwork" "subnet" {
-  name    = var.name
+  name    = var.environment_name
   region  = var.region
   project = var.project
 
@@ -18,32 +18,47 @@ resource "google_compute_subnetwork" "subnet" {
 }
 
 resource "google_compute_network" "network" {
-  name                    = var.name
+  name                    = var.environment_name
   project                 = var.project
   auto_create_subnetworks = false
 }
 
 resource "google_compute_global_address" "private_ip_address" {
-  name          = var.name
+  name          = var.environment_name
   project       = var.project
   purpose       = "VPC_PEERING"
   address_type  = "INTERNAL"
   prefix_length = 16
   network       = google_compute_network.network.self_link
 }
 
-
-
 resource "null_resource" "sql_vpc_lock" {
   depends_on = [google_service_networking_connection.private_vpc_connection]
 }
-// Set so we can talk to Services like Cloud SQL.
-
 
-// Bug: If the private_ip_address changes then this will not work correctly.
-// Workaround change reserved_peering_ranges = [] `terraform apply` and then change it back and `terraform apply`
 resource "google_service_networking_connection" "private_vpc_connection" {
   network                 = google_compute_network.network.self_link
   service                 = "servicenetworking.googleapis.com"
   reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
 }
+
+resource "google_compute_router" "nat_router" {
+  name    = var.environment_name
+  region  = var.region
+  network = google_compute_network.network.self_link
+  project = var.project
+}
+
+resource "google_compute_router_nat" "nat_config" {
+  name                               = var.environment_name
+  router                             = google_compute_router.nat_router.name
+  region                             = var.region
+  project                            = var.project
+  nat_ip_allocate_option             = "AUTO_ONLY"
+  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+
+  log_config {
+    enable = true
+    filter = "ERRORS_ONLY"
+  }
+}
diff --git a/usage.md b/usage.md
@@ -19,4 +19,4 @@ terraform init && terraform get -update && terraform apply
 
 gcloud config set account foo@opszero.com # Set account name
 gcloud container clusters get-credentials <clustername> --region us-central1
-```
+```
diff --git a/variables.tf b/variables.tf
@@ -4,13 +4,13 @@ variable "cluster_version" {
 }
 
 variable "region" {
-  default     = "us-central1"
+  default     = ""
   description = "The location (region or zone) in which the cluster master will be created"
 }
 
 variable "project" {
   type        = string
-  description = "The Google Project that will host the cluster"
+  description = "The Google project that will host the cluster"
 }
 
 variable "redis_enabled" {
@@ -54,7 +54,7 @@ variable "sql_master_username" {
 }
 
 variable "sql_master_password" {
-  default     = "password"
+  default     = ""
   description = "The password for the db user"
 }
 
@@ -68,7 +68,7 @@ variable "tags" {
   default     = {}
 }
 
-variable "name" {
+variable "environment_name" {
   type        = string
   default     = ""
   description = "Name of the resource. Provided by the client when the resource is created. "

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`locals {`
`2`	`2`	`tags = merge(var.tags, {`
`3`		`- "kubespot_env" = var.name`
	`3`	`+ "kubespot_env" = var.environment_name`
`4`	`4`	`})`
`5`	`5`	`}`