Merge branch 'nagyv-gitlab-master-patch-42772' into 'master'

Simplifies setup by introducing Terraform variables. See merge request gitlab-org/configure/examples/gitlab-terraform-gke!1

Merge branch 'nagyv-gitlab-master-patch-42772' into 'master'
57c8e1f6 · João Alexandre Cunha · 792de803 · 124e3adf · 57c8e1f6 · 57c8e1f6
Commit 57c8e1f6 authored 4 years ago by João Alexandre Cunha
--- a/README.md
+++ b/README.md
@@ -20,27 +20,35 @@ These are the Terraform files we have pre-configured for the project.
 └── group_cluster.tf   # Registering kubernetes cluster to GitLab `apps` Group
 ```
-## Secrets
+## Configure your deployment
+Some variables need to be configured to match your desired infrastructure. These values can be set as Terraform variables. Optional variables have a default set already. See [`variables.tf`](./variables.tf) for these defaults.
+### Required variables/secrets
 The following [CI environment variables](https://docs.gitlab.com/ee/ci/variables/) need to be set so that your CI 
 job is able to provision the cluster on GCP and so that the CI job can associate the cluster to 
 your group. It is advised that you create them through the UI and not inside the `.gitlab-ci.yml` to not expose
 them in your code.
- `GITLAB_TOKEN`: [GitLab personal access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) to add K8s clusters to your GitLab your group
+- `TF_VAR_gitlab_token`: [GitLab personal access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) with `api` scope to add the provisioned cluster to your GitLab group.
 - `BASE64_GOOGLE_CREDENTIALS`: 
  - You must create [GCP service account](https://cloud.google.com/docs/authentication/getting-started) with the following roles: `Compute Network Viewer`, `Kubernetes Engine Admin`, `Service Account User`. 
  - As described in the above link, also create a json service account key. 
  - After downloading the json file for the key, encode it with: `base64 /path/to/sa-key.json | tr -d \\n`. Copy this value and use it to create your CI environment variable.
-## Configure your deployment
+- `TF_VAR_gcp_project`: Override the GCP `project` name
+- `TF_VAR_gitlab_group`: Set the GitLab group to attach the cluster to GitLab.
+### Optional variables
-Some defaults in this sample need to be configured to match your desired infrastructure.
+- `TF_VAR_gcp_region`: Set the region for your cluster. 
+- `TF_VAR_cluster_name`: Set the name of the cluster. 
+- `TF_VAR_machine_type`: Set the machine type for the Kubernetes nodes. 
+- `TF_VAR_cluster_description`: Set a description for the cluster. We recommend setting this to `$CI_PROJECT_URL`.
+- `TF_VAR_base_domain`: Set to the base domain to provision resources under.
+- `TF_VAR_environment_scope`: Set to the GitLab environment name to associate the cluster with.
- In the [`gke.tf`](gke.tf) file.
+## More info
-  - **(required)** Override the GCP `project` name under the [`gke.tf`](gke.rf) file.
-  - **(optional)** Choose also the `region` and `zone` that you would like to deploy your cluster to.
- In the [`group_cluster.tf`](group_cluster.tf) file.
-  - **(required)** Override the full_path to point to your GitLab desired group name.
 You can refer to the [GitLab Terraform provider](https://registry.terraform.io/providers/gitlabhq/gitlab/latest/docs) and the [Google Terraform provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference) for further resource options.
--- a/gke.tf
+++ b/gke.tf
-// Configure the Google Cloud resources
 provider "google" {
-  project     = "gcp-project" // Override to use your GCP project
+  project     = var.gcp_project
-  region      = "us-central1" // Override to use your preferred regtion
-  zone        = "us-central1-c" // Override to use your preferred zone
 }
 resource "google_container_cluster" "primary" {
-  name                     = "iac-demo-gke" // Override to your preferred cluster name
+  name                     = var.cluster_name
+  location                 = var.gcp_region
  remove_default_node_pool = true
  initial_node_count       = 1
  min_master_version       = "1.19"
+  description              = var.cluster_description
 }
 resource "google_container_node_pool" "primary_preemptible_nodes" {
-  name       = "my-node-pool"
+  name       = "${var.cluster_name} - node-pool"
  cluster    = google_container_cluster.primary.name
+  location   = var.gcp_region
  node_count = 3
  node_config {
    preemptible  = true
-    machine_type = "n1-standard-4"
+    machine_type = var.machine_type
    metadata = {
      disable-legacy-endpoints = "true"
@@ -31,7 +31,3 @@ resource "google_container_node_pool" "primary_preemptible_nodes" {
    ]
  }
 }
-output "env-dynamic-url" {
-  value = "https://${google_container_cluster.primary.endpoint}"
-}
--- a/group_cluster.tf
+++ b/group_cluster.tf
-data "gitlab_group" "iac-demo-apps" {
+provider "gitlab" {
-  full_path = "iac-demo/apps"
+    token = var.gitlab_token
+}
+data "gitlab_group" "iac-group" {
+  full_path = var.gitlab_group
 }
 resource "gitlab_group_cluster" "gke_cluster" {
-  group                 = data.gitlab_group.iac-demo-apps.id
+  group                 = data.gitlab_group.iac-group.id
  name                  = google_container_cluster.primary.name
-  domain                = "example.com"
+  domain                = var.base_domain
-  environment_scope     = "*"
+  environment_scope     = var.environment_scope
  kubernetes_api_url    = "https://${google_container_cluster.primary.endpoint}"
  kubernetes_token      = data.kubernetes_secret.gitlab-admin-token.data.token
  kubernetes_ca_cert    = trimspace(base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate))

--- a/outputs.tf
+++ b/outputs.tf
+output "env-dynamic-url" {
+  value = "https://${google_container_cluster.primary.endpoint}"
+}
--- a/variables.tf
+++ b/variables.tf
+variable "gcp_project" {
+    type = string
+    description = "The name of the Google Cloud Project where the cluster is to be provisioned"
+}
+variable "gitlab_token" {
+    type = string
+    description = "Provide a GitLab access token with admin rights to the GitLab group set as the `gitlab_group` variable"
+}
+variable "gitlab_group" {
+    type = string
+    description = "Override the full_path to point to your GitLab desired group name"
+}
+variable "gcp_region" {
+    type = string
+    default = "us-central1"
+    description = "The name of the Google region where the cluster nodes are to be provisioned"
+}
+variable "cluster_name" {
+    type = string
+    default = "gitlab-group-level-cluster"
+    description = "The name of the cluster to appear on the Google Cloud Console"
+}
+variable "machine_type" {
+    type = string
+    default = "n1-standard-4"
+    description = "The name of the machine type to use for the cluster nodes"
+}
+variable "cluster_description" {
+    type = string
+    default = "This cluster is defined in GitLab"
+    description = "A description for the cluster. We recommend adding the $CI_PROJECT_URL variable to describe where the cluster is configured."
+}
+variable "base_domain" {
+    type = string
+    default = "example.com"
+    description = "The base domain to configure with this cluster in GitLab"
+}
+variable "environment_scope" {
+    type = string
+    default = "*"
+    description = "The GitLab environment name to associate this cluster with"
+}