agones.dev/agones@v1.53.0/install/terraform/modules/gke/cluster.tf (about) 1 # Copyright 2019 Google LLC All Rights Reserved. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 16 terraform { 17 required_version = ">= 1.0.0" 18 } 19 20 data "google_client_config" "default" {} 21 22 # A list of all parameters used in interpolation var.cluster 23 # Set values to default if not key was not set in original map 24 locals { 25 project = lookup(var.cluster, "project", "agones") 26 location = lookup(var.cluster, "location", "us-west1-c") 27 zone = lookup(var.cluster, "zone", "") 28 name = lookup(var.cluster, "name", "test-cluster") 29 machineType = lookup(var.cluster, "machineType", "e2-standard-4") 30 initialNodeCount = lookup(var.cluster, "initialNodeCount", "4") 31 enableImageStreaming = lookup(var.cluster, "enableImageStreaming", true) 32 network = lookup(var.cluster, "network", "default") 33 subnetwork = lookup(var.cluster, "subnetwork", "") 34 releaseChannel = lookup(var.cluster, "releaseChannel", "UNSPECIFIED") 35 kubernetesVersion = lookup(var.cluster, "kubernetesVersion", "1.32") 36 windowsInitialNodeCount = lookup(var.cluster, "windowsInitialNodeCount", "0") 37 windowsMachineType = lookup(var.cluster, "windowsMachineType", "e2-standard-4") 38 autoscale = lookup(var.cluster, "autoscale", false) 39 workloadIdentity = lookup(var.cluster, "workloadIdentity", false) 40 minNodeCount = lookup(var.cluster, "minNodeCount", "1") 41 maxNodeCount = lookup(var.cluster, "maxNodeCount", "5") 42 maintenanceExclusionStartTime = lookup(var.cluster, "maintenanceExclusionStartTime", null) 43 maintenanceExclusionEndTime = lookup(var.cluster, "maintenanceExclusionEndTime", null) 44 } 45 46 data "google_container_engine_versions" "version" { 47 project = local.project 48 provider = google-beta 49 location = local.location 50 version_prefix = format("%s.", local.kubernetesVersion) 51 } 52 53 # echo command used for debugging purpose 54 # Run `terraform taint null_resource.test-setting-variables` before second execution 55 resource "null_resource" "test-setting-variables" { 56 provisioner "local-exec" { 57 command = <<EOT 58 ${format("echo Current variables set as following - name: %s, project: %s, machineType: %s, initialNodeCount: %s, network: %s, zone: %s, location: %s, windowsInitialNodeCount: %s, windowsMachineType: %s, releaseChannel: %s, kubernetesVersion: %s", 59 local.name, 60 local.project, 61 local.machineType, 62 local.initialNodeCount, 63 local.network, 64 local.zone, 65 local.location, 66 local.windowsInitialNodeCount, 67 local.windowsMachineType, 68 local.releaseChannel, 69 local.kubernetesVersion, 70 )} 71 EOT 72 } 73 } 74 75 resource "google_container_cluster" "primary" { 76 name = local.name 77 location = local.zone != "" ? local.zone : local.location 78 project = local.project 79 network = local.network 80 subnetwork = local.subnetwork 81 82 networking_mode = "VPC_NATIVE" 83 ip_allocation_policy {} 84 85 # https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#example-usage---with-a-separately-managed-node-pool-recommended 86 remove_default_node_pool = true 87 initial_node_count = 1 88 89 release_channel { 90 channel = local.releaseChannel 91 } 92 93 min_master_version = local.kubernetesVersion 94 95 dynamic "maintenance_policy" { 96 for_each = (local.releaseChannel != "UNSPECIFIED" && local.maintenanceExclusionStartTime != null && local.maintenanceExclusionEndTime != null) ? [1] : [] 97 content { 98 # When exclusions and maintenance windows overlap, exclusions have precedence. 99 daily_maintenance_window { 100 start_time = "03:00" 101 } 102 maintenance_exclusion { 103 exclusion_name = format("%s-%s", local.name, "exclusion") 104 start_time = local.maintenanceExclusionStartTime 105 end_time = local.maintenanceExclusionEndTime 106 exclusion_options { 107 scope = "NO_MINOR_UPGRADES" 108 } 109 } 110 } 111 } 112 113 dynamic "ip_allocation_policy" { 114 for_each = tonumber(local.windowsInitialNodeCount) > 0 ? [1] : [] 115 content { 116 # Enable Alias IPs to allow Windows Server networking. 117 cluster_ipv4_cidr_block = "/14" 118 services_ipv4_cidr_block = "/20" 119 } 120 } 121 dynamic "workload_identity_config" { 122 for_each = local.workloadIdentity ? [1] : [] 123 content { 124 workload_pool = "${local.project}.svc.id.goog" 125 } 126 } 127 timeouts { 128 create = "30m" 129 update = "40m" 130 } 131 } 132 133 # create a nodepool for the above cluster named "default" 134 resource "google_container_node_pool" "default" { 135 name = "default" 136 cluster = google_container_cluster.primary.id 137 node_count = local.autoscale ? null : local.initialNodeCount 138 version = local.releaseChannel == "UNSPECIFIED" ? data.google_container_engine_versions.version.latest_node_version : data.google_container_engine_versions.version.release_channel_latest_version[local.releaseChannel] 139 140 dynamic "autoscaling" { 141 for_each = local.autoscale ? [1] : [] 142 content { 143 min_node_count = local.minNodeCount 144 max_node_count = local.maxNodeCount 145 } 146 } 147 148 management { 149 auto_upgrade = local.releaseChannel == "UNSPECIFIED" ? false : true 150 } 151 152 node_config { 153 machine_type = local.machineType 154 155 oauth_scopes = [ 156 "https://www.googleapis.com/auth/devstorage.read_only", 157 "https://www.googleapis.com/auth/logging.write", 158 "https://www.googleapis.com/auth/monitoring", 159 "https://www.googleapis.com/auth/service.management.readonly", 160 "https://www.googleapis.com/auth/servicecontrol", 161 "https://www.googleapis.com/auth/trace.append", 162 ] 163 164 tags = ["game-server"] 165 166 gcfs_config { 167 enabled = local.enableImageStreaming 168 } 169 } 170 } 171 172 # create agones-system nodepool 173 resource "google_container_node_pool" "agones-system" { 174 name = "agones-system" 175 cluster = google_container_cluster.primary.id 176 node_count = 1 177 version = local.releaseChannel == "UNSPECIFIED" ? data.google_container_engine_versions.version.latest_node_version : data.google_container_engine_versions.version.release_channel_latest_version[local.releaseChannel] 178 179 management { 180 auto_upgrade = local.releaseChannel == "UNSPECIFIED" ? false : true 181 } 182 183 node_config { 184 machine_type = "e2-standard-4" 185 186 oauth_scopes = [ 187 "https://www.googleapis.com/auth/devstorage.read_only", 188 "https://www.googleapis.com/auth/logging.write", 189 "https://www.googleapis.com/auth/monitoring", 190 "https://www.googleapis.com/auth/service.management.readonly", 191 "https://www.googleapis.com/auth/servicecontrol", 192 "https://www.googleapis.com/auth/trace.append", 193 ] 194 195 labels = { 196 "agones.dev/agones-system" = "true" 197 } 198 199 taint { 200 key = "agones.dev/agones-system" 201 value = "true" 202 effect = "NO_EXECUTE" 203 } 204 205 gcfs_config { 206 enabled = true 207 } 208 } 209 } 210 211 resource "google_container_node_pool" "agones-metrics" { 212 count = var.enable_agones_metrics_nodepool ? 1 : 0 213 name = "agones-metrics" 214 cluster = google_container_cluster.primary.id 215 node_count = 1 216 version = local.releaseChannel == "UNSPECIFIED" ? data.google_container_engine_versions.version.latest_node_version : data.google_container_engine_versions.version.release_channel_latest_version[local.releaseChannel] 217 218 management { 219 auto_upgrade = local.releaseChannel == "UNSPECIFIED" ? false : true 220 } 221 222 node_config { 223 machine_type = "e2-standard-4" 224 225 oauth_scopes = [ 226 "https://www.googleapis.com/auth/devstorage.read_only", 227 "https://www.googleapis.com/auth/logging.write", 228 "https://www.googleapis.com/auth/monitoring", 229 "https://www.googleapis.com/auth/service.management.readonly", 230 "https://www.googleapis.com/auth/servicecontrol", 231 "https://www.googleapis.com/auth/trace.append", 232 ] 233 234 labels = { 235 "agones.dev/agones-metrics" = "true" 236 } 237 238 taint { 239 key = "agones.dev/agones-metrics" 240 value = "true" 241 effect = "NO_EXECUTE" 242 } 243 244 gcfs_config { 245 enabled = true 246 } 247 } 248 } 249 250 resource "google_container_node_pool" "windows" { 251 count = tonumber(local.windowsInitialNodeCount) > 0 ? 1 : 0 252 253 name = "windows" 254 cluster = google_container_cluster.primary.id 255 node_count = local.windowsInitialNodeCount 256 version = local.releaseChannel == "UNSPECIFIED" ? data.google_container_engine_versions.version.latest_node_version : data.google_container_engine_versions.version.release_channel_latest_version[local.releaseChannel] 257 258 management { 259 auto_upgrade = local.releaseChannel == "UNSPECIFIED" ? false : true 260 } 261 262 node_config { 263 image_type = "WINDOWS_LTSC_CONTAINERD" 264 machine_type = local.windowsMachineType 265 266 oauth_scopes = [ 267 "https://www.googleapis.com/auth/devstorage.read_only", 268 "https://www.googleapis.com/auth/logging.write", 269 "https://www.googleapis.com/auth/monitoring", 270 "https://www.googleapis.com/auth/service.management.readonly", 271 "https://www.googleapis.com/auth/servicecontrol", 272 "https://www.googleapis.com/auth/trace.append", 273 ] 274 275 tags = ["game-server"] 276 } 277 } 278 279 # create firewall rule for the cluster 280 281 resource "google_compute_firewall" "default" { 282 count = var.udpFirewall ? 1 : 0 283 name = length(var.firewallName) == 0 ? "game-server-firewall-${local.name}" : var.firewallName 284 project = local.project 285 network = local.network 286 287 allow { 288 protocol = "udp" 289 ports = [var.ports] 290 } 291 292 target_tags = ["game-server"] 293 source_ranges = [var.sourceRanges] 294 }