agones.dev/agones@v1.54.0/install/terraform/modules/gke/cluster.tf (about) 1 # Copyright 2019 Google LLC All Rights Reserved. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 16 terraform { 17 required_version = ">= 1.0.0" 18 } 19 20 data "google_client_config" "default" {} 21 22 # A list of all parameters used in interpolation var.cluster 23 # Set values to default if not key was not set in original map 24 locals { 25 project = lookup(var.cluster, "project", "agones") 26 location = lookup(var.cluster, "location", "us-west1-c") 27 zone = lookup(var.cluster, "zone", "") 28 name = lookup(var.cluster, "name", "test-cluster") 29 machineType = lookup(var.cluster, "machineType", "e2-standard-4") 30 initialNodeCount = lookup(var.cluster, "initialNodeCount", "4") 31 enableImageStreaming = lookup(var.cluster, "enableImageStreaming", true) 32 network = lookup(var.cluster, "network", "default") 33 subnetwork = lookup(var.cluster, "subnetwork", "") 34 releaseChannel = lookup(var.cluster, "releaseChannel", "UNSPECIFIED") 35 kubernetesVersion = lookup(var.cluster, "kubernetesVersion", "1.33") 36 windowsInitialNodeCount = lookup(var.cluster, "windowsInitialNodeCount", "0") 37 windowsMachineType = lookup(var.cluster, "windowsMachineType", "e2-standard-4") 38 autoscale = lookup(var.cluster, "autoscale", false) 39 workloadIdentity = lookup(var.cluster, "workloadIdentity", false) 40 minNodeCount = lookup(var.cluster, "minNodeCount", "1") 41 maxNodeCount = lookup(var.cluster, "maxNodeCount", "5") 42 maintenanceExclusionStartTime = lookup(var.cluster, "maintenanceExclusionStartTime", null) 43 maintenanceExclusionEndTime = lookup(var.cluster, "maintenanceExclusionEndTime", null) 44 } 45 46 data "google_container_engine_versions" "version" { 47 project = local.project 48 provider = google-beta 49 location = local.location 50 version_prefix = format("%s.", local.kubernetesVersion) 51 } 52 53 # echo command used for debugging purpose 54 # Run `terraform taint null_resource.test-setting-variables` before second execution 55 resource "null_resource" "test-setting-variables" { 56 provisioner "local-exec" { 57 command = <<EOT 58 ${format("echo Current variables set as following - name: %s, project: %s, machineType: %s, initialNodeCount: %s, network: %s, zone: %s, location: %s, windowsInitialNodeCount: %s, windowsMachineType: %s, releaseChannel: %s, kubernetesVersion: %s", 59 local.name, 60 local.project, 61 local.machineType, 62 local.initialNodeCount, 63 local.network, 64 local.zone, 65 local.location, 66 local.windowsInitialNodeCount, 67 local.windowsMachineType, 68 local.releaseChannel, 69 local.kubernetesVersion, 70 )} 71 EOT 72 } 73 } 74 75 resource "google_container_cluster" "primary" { 76 name = local.name 77 location = local.zone != "" ? local.zone : local.location 78 project = local.project 79 network = local.network 80 subnetwork = local.subnetwork 81 82 networking_mode = "VPC_NATIVE" 83 ip_allocation_policy {} 84 85 # https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#example-usage---with-a-separately-managed-node-pool-recommended 86 remove_default_node_pool = true 87 initial_node_count = 1 88 release_channel { 89 channel = local.releaseChannel 90 } 91 92 min_master_version = local.kubernetesVersion 93 94 dynamic "maintenance_policy" { 95 for_each = (local.releaseChannel != "UNSPECIFIED" && local.maintenanceExclusionStartTime != null && local.maintenanceExclusionEndTime != null) ? [1] : [] 96 content { 97 # When exclusions and maintenance windows overlap, exclusions have precedence. 98 daily_maintenance_window { 99 start_time = "03:00" 100 } 101 maintenance_exclusion { 102 exclusion_name = format("%s-%s", local.name, "exclusion") 103 start_time = local.maintenanceExclusionStartTime 104 end_time = local.maintenanceExclusionEndTime 105 exclusion_options { 106 scope = "NO_MINOR_UPGRADES" 107 } 108 } 109 } 110 } 111 112 dynamic "ip_allocation_policy" { 113 for_each = tonumber(local.windowsInitialNodeCount) > 0 ? [1] : [] 114 content { 115 # Enable Alias IPs to allow Windows Server networking. 116 cluster_ipv4_cidr_block = "/14" 117 services_ipv4_cidr_block = "/20" 118 } 119 } 120 dynamic "workload_identity_config" { 121 for_each = local.workloadIdentity ? [1] : [] 122 content { 123 workload_pool = "${local.project}.svc.id.goog" 124 } 125 } 126 timeouts { 127 create = "30m" 128 update = "40m" 129 } 130 } 131 132 # create a nodepool for the above cluster named "default" 133 resource "google_container_node_pool" "default" { 134 name = "default" 135 cluster = google_container_cluster.primary.id 136 node_count = local.autoscale ? null : local.initialNodeCount 137 version = local.releaseChannel == "UNSPECIFIED" ? data.google_container_engine_versions.version.latest_node_version : data.google_container_engine_versions.version.release_channel_latest_version[local.releaseChannel] 138 139 dynamic "autoscaling" { 140 for_each = local.autoscale ? [1] : [] 141 content { 142 min_node_count = local.minNodeCount 143 max_node_count = local.maxNodeCount 144 } 145 } 146 147 management { 148 auto_upgrade = local.releaseChannel == "UNSPECIFIED" ? false : true 149 } 150 151 node_config { 152 machine_type = local.machineType 153 154 oauth_scopes = [ 155 "https://www.googleapis.com/auth/devstorage.read_only", 156 "https://www.googleapis.com/auth/logging.write", 157 "https://www.googleapis.com/auth/monitoring", 158 "https://www.googleapis.com/auth/service.management.readonly", 159 "https://www.googleapis.com/auth/servicecontrol", 160 "https://www.googleapis.com/auth/trace.append", 161 ] 162 163 tags = ["game-server"] 164 165 gcfs_config { 166 enabled = local.enableImageStreaming 167 } 168 } 169 } 170 171 # create agones-system nodepool 172 resource "google_container_node_pool" "agones-system" { 173 name = "agones-system" 174 cluster = google_container_cluster.primary.id 175 node_count = 1 176 version = local.releaseChannel == "UNSPECIFIED" ? data.google_container_engine_versions.version.latest_node_version : data.google_container_engine_versions.version.release_channel_latest_version[local.releaseChannel] 177 178 management { 179 auto_upgrade = local.releaseChannel == "UNSPECIFIED" ? false : true 180 } 181 182 node_config { 183 machine_type = "e2-standard-4" 184 185 oauth_scopes = [ 186 "https://www.googleapis.com/auth/devstorage.read_only", 187 "https://www.googleapis.com/auth/logging.write", 188 "https://www.googleapis.com/auth/monitoring", 189 "https://www.googleapis.com/auth/service.management.readonly", 190 "https://www.googleapis.com/auth/servicecontrol", 191 "https://www.googleapis.com/auth/trace.append", 192 ] 193 194 labels = { 195 "agones.dev/agones-system" = "true" 196 } 197 198 taint { 199 key = "agones.dev/agones-system" 200 value = "true" 201 effect = "NO_EXECUTE" 202 } 203 204 gcfs_config { 205 enabled = true 206 } 207 } 208 } 209 210 resource "google_container_node_pool" "agones-metrics" { 211 count = var.enable_agones_metrics_nodepool ? 1 : 0 212 name = "agones-metrics" 213 cluster = google_container_cluster.primary.id 214 node_count = 1 215 version = local.releaseChannel == "UNSPECIFIED" ? data.google_container_engine_versions.version.latest_node_version : data.google_container_engine_versions.version.release_channel_latest_version[local.releaseChannel] 216 217 management { 218 auto_upgrade = local.releaseChannel == "UNSPECIFIED" ? false : true 219 } 220 221 node_config { 222 machine_type = "e2-standard-4" 223 224 oauth_scopes = [ 225 "https://www.googleapis.com/auth/devstorage.read_only", 226 "https://www.googleapis.com/auth/logging.write", 227 "https://www.googleapis.com/auth/monitoring", 228 "https://www.googleapis.com/auth/service.management.readonly", 229 "https://www.googleapis.com/auth/servicecontrol", 230 "https://www.googleapis.com/auth/trace.append", 231 ] 232 233 labels = { 234 "agones.dev/agones-metrics" = "true" 235 } 236 237 taint { 238 key = "agones.dev/agones-metrics" 239 value = "true" 240 effect = "NO_EXECUTE" 241 } 242 243 gcfs_config { 244 enabled = true 245 } 246 } 247 } 248 249 resource "google_container_node_pool" "windows" { 250 count = tonumber(local.windowsInitialNodeCount) > 0 ? 1 : 0 251 252 name = "windows" 253 cluster = google_container_cluster.primary.id 254 node_count = local.windowsInitialNodeCount 255 version = local.releaseChannel == "UNSPECIFIED" ? data.google_container_engine_versions.version.latest_node_version : data.google_container_engine_versions.version.release_channel_latest_version[local.releaseChannel] 256 257 management { 258 auto_upgrade = local.releaseChannel == "UNSPECIFIED" ? false : true 259 } 260 261 node_config { 262 image_type = "WINDOWS_LTSC_CONTAINERD" 263 machine_type = local.windowsMachineType 264 265 oauth_scopes = [ 266 "https://www.googleapis.com/auth/devstorage.read_only", 267 "https://www.googleapis.com/auth/logging.write", 268 "https://www.googleapis.com/auth/monitoring", 269 "https://www.googleapis.com/auth/service.management.readonly", 270 "https://www.googleapis.com/auth/servicecontrol", 271 "https://www.googleapis.com/auth/trace.append", 272 ] 273 274 tags = ["game-server"] 275 } 276 } 277 278 # create firewall rule for the cluster 279 280 resource "google_compute_firewall" "default" { 281 count = var.udpFirewall ? 1 : 0 282 name = length(var.firewallName) == 0 ? "game-server-firewall-${local.name}" : var.firewallName 283 project = local.project 284 network = local.network 285 286 allow { 287 protocol = "udp" 288 ports = [var.ports] 289 } 290 291 target_tags = ["game-server"] 292 source_ranges = [var.sourceRanges] 293 }