Merge pull request #9 from FairwindsOps/nb/terraform-0.12

terraform 0.12 upgrades
FairwindsOps · Oct 23, 2019 · af1fc20 · af1fc20
2 parents ff97d86 + f431b09
commit af1fc20
Show file tree

Hide file tree

Showing 12 changed files with 176 additions and 87 deletions.
diff --git a/cloud-nat/CHANGELOG.md b/cloud-nat/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## 2.0.0
+Note, this module should be considered deprecated. Use the `default` module with cloud-nat options.
+### Breaking
+* Updated module to support terraform 0.12
+
 ## 1.1.0
 ### Added
 * Ability to configure nat router with `var.nat_ip_allocate_option`

diff --git a/cloud-nat/main.tf b/cloud-nat/main.tf
@@ -44,106 +44,92 @@ variable "cloud_nat_address_count" {
 
 locals {
   ## the following locals modify resource creation behavior depending on var.nat_ip_allocate_option
-  cloud_nat_address_count = "${var.nat_ip_allocate_option == "AUTO_ONLY" ? 0 : var.cloud_nat_address_count}"
-  nat_ips                 = "${var.nat_ip_allocate_option == "AUTO_ONLY" ? "" : join(",", google_compute_address.ip_address.*.self_link)}"
-  manual_nat_router       = "${var.nat_ip_allocate_option == "AUTO_ONLY" ? 0 : 1}"
-  auto_nat_router         = "${var.nat_ip_allocate_option == "AUTO_ONLY" ? 1 : 0}"
+  cloud_nat_address_count = var.nat_ip_allocate_option == "AUTO_ONLY" ? 0 : var.cloud_nat_address_count
+  nat_ips                 = var.nat_ip_allocate_option == "AUTO_ONLY" ? null : google_compute_address.ip_address.*.self_link
 }
 
+
 #######################
 # Create the network and subnetworks, including secondary IP ranges on subnetworks
 #######################
 
 resource "google_compute_network" "network" {
-  name                    = "${var.network_name}"
+  name                    = var.network_name
   routing_mode            = "GLOBAL"
-  auto_create_subnetworks = "false"
+  auto_create_subnetworks = false
 }
 
 /* note that for secondary ranges necessary for GKE Alias IPs, the ranges have
  to be manually specified with terraform currently -- no GKE automagic allowed here. */
 resource "google_compute_subnetwork" "subnetwork" {
-  name                     = "${var.subnetwork_name}"
-  ip_cidr_range            = "${var.subnetwork_range}"
-  network                  = "${google_compute_network.network.self_link}"
-  region                   = "${var.region}"
+  name                     = var.subnetwork_name
+  ip_cidr_range            = var.subnetwork_range
+  network                  = google_compute_network.network.self_link
+  region                   = var.region
   private_ip_google_access = true
-  enable_flow_logs         = "${var.enable_flow_logs}"
+  enable_flow_logs         = var.enable_flow_logs
 
-  secondary_ip_range = {
+  secondary_ip_range {
     range_name    = "gke-pods-1"
-    ip_cidr_range = "${var.subnetwork_pods}"
+    ip_cidr_range = var.subnetwork_pods
   }
 
-  secondary_ip_range = {
+  secondary_ip_range {
     range_name    = "gke-services-1"
-    ip_cidr_range = "${var.subnetwork_services}"
+    ip_cidr_range = var.subnetwork_services
   }
 
   /* We ignore changes on secondary_ip_range because terraform doesn't list
-                                    them in the same order every time during runs. */
+    them in the same order every time during runs. */
   lifecycle {
-    ignore_changes = ["secondary_ip_range"]
+    ignore_changes = [secondary_ip_range]
   }
 }
 
 resource "google_compute_router" "router" {
-  name    = "${var.network_name}"
-  network = "${google_compute_network.network.name}"
-  region  = "${var.region}"
+  name    = var.network_name
+  network = google_compute_network.network.name
+  region  = var.region
 }
 
 resource "google_compute_address" "ip_address" {
-  # resource only created if var.nat_allocate_option != AUTO_ONLY
-  count  = "${local.cloud_nat_address_count}"
+  count  = local.cloud_nat_address_count
   name   = "nat-external-address-${count.index}"
-  region = "${var.region}"
+  region = var.region
 }
 
 resource "google_compute_router_nat" "nat_router" {
-  # resource only created if local.auto_nat_router evaulates to TRUE
-  count                              = "${local.auto_nat_router}"
-  name                               = "${var.network_name}"
-  router                             = "${google_compute_router.router.name}"
-  region                             = "${var.region}"
-  nat_ip_allocate_option             = "${var.nat_ip_allocate_option}"
-  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
-}
-
-resource "google_compute_router_nat" "manual_nat_router" {
-  # resource only created if local.manual_nat_router evaulates to TRUE
-  count                              = "${local.manual_nat_router}"
-  name                               = "${var.network_name}"
-  router                             = "${google_compute_router.router.name}"
-  region                             = "${var.region}"
-  nat_ip_allocate_option             = "${var.nat_ip_allocate_option}"
-  nat_ips                            = ["${split(",", local.nat_ips)}"]
+  name                               = var.network_name
+  router                             = google_compute_router.router.name
+  region                             = var.region
+  nat_ip_allocate_option             = var.nat_ip_allocate_option
+  nat_ips                            = local.nat_ips
   source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
 }
 
 /** provide outputs to be used in GKE cluster creation **/
 output "network_self_link" {
-  value = "${google_compute_network.network.self_link}"
+  value = google_compute_network.network.self_link
 }
 
 output "subnetwork" {
-  value = "${google_compute_subnetwork.subnetwork.self_link}"
+  value = google_compute_subnetwork.subnetwork.self_link
 }
 
 output "subnetwork_self_link" {
-  value = "${google_compute_subnetwork.subnetwork.self_link}"
+  value = google_compute_subnetwork.subnetwork.self_link
 }
 
 output "router_self_link" {
-  value = "${google_compute_router.router.self_link}"
+  value = google_compute_router.router.self_link
 }
 
 output "subnetwork_pods" {
-  value = "${var.subnetwork_pods}"
+  value = var.subnetwork_pods
 }
 
 output "subnetwork_range" {
-  value = "${var.subnetwork_range}"
+  value = var.subnetwork_range
 }
 
 /* provide the literal names of the secondary IP ranges for the pods and services.
@@ -155,3 +141,4 @@ output "gke_pods_1" {
 output "gke_services_1" {
   value = "gke-services-1"
 }
+
diff --git a/cloud-nat/versions.tf b/cloud-nat/versions.tf
@@ -0,0 +1,7 @@
+
+terraform {
+  required_version = ">= 0.12"
+  required_providers {
+    google = ">=2.5.0"
+  }
+}
diff --git a/default/CHANGELOG.md b/default/CHANGELOG.md
@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## 2.0.0
+### Breaking
+
+* Upgraded module to support terraform 0.12.x
+### Added
+* Added Cloud NAT support. See docs for new inputs and logic.
+
 ## 1.0.1
 
 ### deprecations

diff --git a/default/README.md b/default/README.md
@@ -1,5 +1,7 @@
 ### Default module example parameters
-To use the `default` module with a VPC-native-ready public network, you'd fill out your `network.tf` like so: 
+The `default` module will create a VPC-native network for Kubernetes clusters. This module can be configured to provision a Cloud NAT gateway. The Cloud NAT gateway can also be configured with `AUTO_ONLY` or `MANUAL_ONLY` options. If `MANUAL_ONLY` is chosen, `cloud_nat_address_count` can be used to select the desired number of public IP addresses. 
+
+Fill out your `network.tf` like so: 
 
 ```
 module "network" {
@@ -15,5 +17,9 @@ module "network" {
   subnetwork_pods      = "10.128.64.0/18"
   subnetwork_services  = "10.128.32.0/20"
 
+  //optional cloud-nat inputs
+  enable_cloud_nat = true
+  nat_ip_allocation_option = "MANUAL_ONLY"
+  cloud_nat_ip_count = 2
 }
 ```
diff --git a/default/main.tf b/default/main.tf
@@ -30,68 +30,117 @@ variable "enable_flow_logs" {
   description = "whether to turn on flow logs or not"
 }
 
-variable "network_description" {
-  default = ""
-  description = "a description for the VPC in the GCP Console"
+variable "enable_cloud_nat" {
+  # https://cloud.google.com/nat/docs/overview#ip_address_allocation
+  description = "Setup Cloud NAT gateway for VPC"
+  default     = false
 }
 
+variable "nat_ip_allocate_option" {
+  # https://cloud.google.com/nat/docs/overview#ip_address_allocation
+  description = "AUTO_ONLY or MANUAL_ONLY"
+  type        = string
+  default     = "AUTO_ONLY"
+}
+
+variable "cloud_nat_address_count" {
+  # https://cloud.google.com/nat/docs/overview#number_of_nat_ports_and_connections
+  description = "the count of external ip address to assign to the cloud-nat object"
+  type        = number
+  default     = 1
+}
+
+locals {
+  ## the following locals modify resource creation behavior depending on var.nat_ip_allocate_option
+  enable_cloud_nat        = var.enable_cloud_nat == true ? 1 : 0
+  cloud_nat_address_count = var.nat_ip_allocate_option != "AUTO_ONLY" ? var.cloud_nat_address_count * local.enable_cloud_nat : 0
+  nat_ips                 = var.nat_ip_allocate_option != "AUTO_ONLY" ? google_compute_address.ip_address.*.self_link : null
+}
+
+
 #######################
 # Create the network and subnetworks, including secondary IP ranges on subnetworks
 #######################
 
 resource "google_compute_network" "network" {
-  name                    = "${var.network_name}"
-  description             = "${var.network_description}"
+  name                    = var.network_name
   routing_mode            = "GLOBAL"
-  auto_create_subnetworks = "false"
+  auto_create_subnetworks = false
 }
 
 /* note that for secondary ranges necessary for GKE Alias IPs, the ranges have
  to be manually specified with terraform currently -- no GKE automagic allowed here. */
 resource "google_compute_subnetwork" "subnetwork" {
-  name                     = "${var.subnetwork_name}"
-  ip_cidr_range            = "${var.subnetwork_range}"
-  network                  = "${google_compute_network.network.self_link}"
-  region                   = "${var.region}"
+  name                     = var.subnetwork_name
+  ip_cidr_range            = var.subnetwork_range
+  network                  = google_compute_network.network.self_link
+  region                   = var.region
   private_ip_google_access = true
-  enable_flow_logs         = "${var.enable_flow_logs}"
+  enable_flow_logs         = var.enable_flow_logs
 
-  secondary_ip_range = {
+  secondary_ip_range {
     range_name    = "gke-pods-1"
-    ip_cidr_range = "${var.subnetwork_pods}"
+    ip_cidr_range = var.subnetwork_pods
   }
 
-  secondary_ip_range = {
+  secondary_ip_range {
     range_name    = "gke-services-1"
-    ip_cidr_range = "${var.subnetwork_services}"
+    ip_cidr_range = var.subnetwork_services
   }
 
   /* We ignore changes on secondary_ip_range because terraform doesn't list
     them in the same order every time during runs. */
   lifecycle {
-    ignore_changes = ["secondary_ip_range"]
+    ignore_changes = [secondary_ip_range]
   }
 }
 
+resource "google_compute_router" "router" {
+  count   = local.enable_cloud_nat
+  name    = var.network_name
+  network = google_compute_network.network.name
+  region  = var.region
+}
+
+resource "google_compute_address" "ip_address" {
+  count  = local.cloud_nat_address_count
+  name   = "nat-external-address-${count.index}"
+  region = var.region
+}
+
+resource "google_compute_router_nat" "nat_router" {
+  count                              = local.enable_cloud_nat
+  name                               = var.network_name
+  router                             = google_compute_router.router.0.name
+  region                             = var.region
+  nat_ip_allocate_option             = var.nat_ip_allocate_option
+  nat_ips                            = local.nat_ips
+  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+}
+
 /** provide outputs to be used in GKE cluster creation **/
 output "network_self_link" {
-  value = "${google_compute_network.network.self_link}"
+  value = google_compute_network.network.self_link
 }
 
 output "subnetwork" {
-  value = "${google_compute_subnetwork.subnetwork.self_link}"
+  value = google_compute_subnetwork.subnetwork.self_link
 }
 
 output "subnetwork_self_link" {
-  value = "${google_compute_subnetwork.subnetwork.self_link}"
+  value = google_compute_subnetwork.subnetwork.self_link
+}
+
+output "router_self_link" {
+  value = local.enable_cloud_nat == 1 ? google_compute_router.router.*.self_link : null
 }
 
 output "subnetwork_pods" {
-  value = "${var.subnetwork_pods}"
+  value = var.subnetwork_pods
 }
 
 output "subnetwork_range" {
-  value = "${var.subnetwork_range}"
+  value = var.subnetwork_range
 }
 
 /* provide the literal names of the secondary IP ranges for the pods and services.
@@ -103,3 +152,4 @@ output "gke_pods_1" {
 output "gke_services_1" {
   value = "gke-services-1"
 }
+
diff --git a/default/versions.tf b/default/versions.tf
@@ -0,0 +1,7 @@
+
+terraform {
+  required_version = ">= 0.12"
+  required_providers {
+    google = ">=2.5.0"
+  }
+}
diff --git a/shared-vpc/CHANGELOG.md b/shared-vpc/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## 2.0.0
+
+## Breaking
+
+* Upgraded module to support terraform 0.12.x
 
 ## 1.0.0
 

diff --git a/shared-vpc/network/main.tf b/shared-vpc/network/main.tf
@@ -15,7 +15,7 @@ variable "region" {
 #######################
 
 resource "google_compute_network" "shared_vpc" {
-  name                    = "${var.network_name}"
+  name                    = var.network_name
   routing_mode            = "GLOBAL"
   auto_create_subnetworks = "false"
 }
@@ -24,10 +24,11 @@ resource "google_compute_network" "shared_vpc" {
 # Provide outputs to be used in subnetwork and GKE cluster creation
 #######################
 output "shared_vpc" {
-  value = "${google_compute_network.shared_vpc.self_link}"
+  value = google_compute_network.shared_vpc.self_link
 }
 
 output "region" {
   description = "The region in which this network exists"
-  value       = "${var.region}"
-}
+  value       = var.region
+}
+
diff --git a/shared-vpc/network/versions.tf b/shared-vpc/network/versions.tf
@@ -0,0 +1,7 @@
+
+terraform {
+  required_version = ">= 0.12"
+  required_providers {
+    google = ">=2.5.0"
+  }
+}