Initial release of open source module

.gitignore

@@ -0,0 +1,40 @@
+# OSX leaves these everywhere on SMB shares
+._*
+
+# OSX trash
+.DS_Store
+
+# Python
+*.pyc
+
+# Emacs save files
+*~
+\#*\#
+.\#*
+
+# Vim-related files
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+
+### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+test/integration/tmp

LICENSE

@@ -1,3 +1,4 @@
+
                                  Apache License
                            Version 2.0, January 2004
                         http://www.apache.org/licenses/

Makefile

@@ -0,0 +1,69 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Make will use bash instead of sh
+SHELL := /usr/bin/env bash
+
+# All is the first target in the file so it will get picked up when you just run 'make' on its own
+all: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace
+
+# The .PHONY directive tells make that this isn't a real target and so
+# the presence of a file named 'check_shell' won't cause this target to stop
+# working
+.PHONY: check_shell
+check_shell:
+	@source test/make.sh && check_shell
+
+.PHONY: check_python
+check_python:
+	@source test/make.sh && check_python
+
+.PHONY: check_golang
+check_golang:
+	@source test/make.sh && golang
+
+.PHONY: check_terraform
+check_terraform:
+	@source test/make.sh && check_terraform
+
+.PHONY: check_docker
+check_docker:
+	@source test/make.sh && docker
+
+.PHONY: check_base_files
+check_base_files:
+	@source test/make.sh && basefiles
+
+.PHONY: check_shebangs
+check_shebangs:
+	@source test/make.sh && check_bash
+
+.PHONY: check_trailing_whitespace
+check_trailing_whitespace:
+	@source test/make.sh && check_trailing_whitespace
+
+.PHONY: test_check_headers
+test_check_headers:
+	@echo "Testing the validity of the header check"
+	@python test/test_verify_boilerplate.py
+
+.PHONY: check_headers
+check_headers:
+	@echo "Checking file headers"
+	@python test/verify_boilerplate.py
+
+# Integration tests
+.PHONY: test_integration
+test_integration:
+	./test/integration/gcloud/run.sh

README.md

@@ -1,2 +1,193 @@
-# terraform-google-kubernetes-engine
-A Cloud Foundation Toolkit Module: Opinionated Google Cloud Platform project creation and configuration with Shared VPC, IAM, APIs, etc.
+# Terraform Kubernetes Engine Module
+
+This module handles opinionated Google Cloud Platform Kubernetes Engine cluster creation and configuration with Node Pools, IP MASQ, Network Policy, etc.
+
+## Requirements
+### Google Cloud SDK
+- [gcloud](https://cloud.google.com/sdk/install)
+### Kubectl
+- [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
+### Terraform plugins
+- [Terraform](https://www.terraform.io/downloads.html) 0.10.x
+- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) plugin v1.8.0
+
+### Configure a Service Account
+In order to execute this module you must have a Service Account with the following:
+
+#### Roles
+The service account with the following roles:
+- roles/compute.viewer on the project
+- roles/container.clusterAdmin on the project
+
+### Enable API's
+In order to operate with the Service Account you must activate the following APIs on the project where the Service Account was created:
+
+- Compute Engine API - compute.googleapis.com
+- Kubernetes Engine API - container.googleapis.com
+
+## Install
+
+### Terraform
+Be sure you have the correct Terraform version (0.10.x), you can choose the binary here:
+- https://releases.hashicorp.com/terraform/
+
+## Usage
+There are multiple examples included in the [examples](./examples/) folder but simple usage is as follows:
+
+```hcl
+module "gke" {
+  source                     = "github.com/terraform-google-modules/terraform-google-kubernetes-engine"
+  credentials_path           = "${local.credentials_file_path}"
+  project_id                 = "<PROJECT ID>"
+  cluster_name               = "gke-test-1"
+  region                     = "us-central1"
+  network                    = "vpc-01"
+  subnetwork                 = "us-central1-01"
+  ip_range_pods              = "us-central1-01-gke-01-pods"
+  ip_range_services          = "us-central1-01-gke-01-services"
+  node_service_account       = "project-service-account@<PROJECT ID>.iam.gserviceaccount.com"
+  http_load_balancing        = false
+  horizontal_pod_autoscaling = true
+  kubernetes_dashboard       = true
+  network_policy             = true
+
+  node_pools = [
+    {
+      name         = "default-node-pool"
+      machine_type = "n1-standard-2"
+      min_count    = 1
+      max_count    = 100
+      disk_size_gb = 100
+      disk_type    = "pd-standard"
+      image_type   = "COS"
+      auto_repair  = true
+      auto_upgrade = true
+    },
+  ]
+
+  node_pools_labels = {
+    all = {}
+
+    default-node-pool = {
+      default-node-pool = "true"
+    }
+  }
+
+  node_pools_taints = {
+    all = []
+
+    default-node-pool = [
+      {
+        key    = "default-node-pool"
+        value  = "true"
+        effect = "PREFER_NO_SCHEDULE"
+      },
+    ]
+  }
+
+  node_pools_tags = {
+    all = []
+
+    default-node-pool = [
+      "default-node-pool",
+    ]
+  }
+}
+```
+
+Then perform the following commands on the root folder:
+
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure
+
+#### Variables
+Please refer the /variables.tf file for the required and optional variables.
+
+#### Outputs
+Please refer the /outputs.tf file for the outputs that you can get with the `terraform output` command
+
+## Infrastructure
+The resources/services/activations/deletions that this module will create/trigger are:
+- Create a GKE cluster with the provided addons
+- Create GKE Node Pool(s) with provided configuration and attach to cluster
+- Replace the default kube-dns configmap if `stub_domains` are provided
+- Activate network policy if `network_policy` is true
+- Add `ip-masq-agent` configmap with provided `masq_non_masquerade_cidrs` if `network_policy` is true or `masq_config_enabled` is true
+
+## File structure
+The project has the following folders and files:
+
+- /: root folder
+- /examples: examples for using this module
+- /scripts: Scripts for specific tasks on module (see Infrastructure section on this file)
+- /test: Folders with files for testing the module (see Testing section on this file)
+- /main.tf: main file for this module, contains all the resources to create
+- /variables.tf: all the variables for the module
+- /output.tf: the outputs of the module
+- /readme.MD: this file
+
+## Testing
+
+### Requirements
+- [bats](https://github.com/sstephenson/bats) 0.4.0
+- [jq](https://stedolan.github.io/jq/) 1.5
+
+### Integration test
+##### Terraform integration tests
+The integration tests for this module are built with bats, basically the test checks the following:
+- Perform `terraform init` command
+- Perform `terraform get` command
+- Perform `terraform plan` command and check that it'll create *n* resources, modify 0 resources and delete 0 resources
+- Perform `terraform apply -auto-approve` command and check that it has created the *n* resources, modified 0 resources and deleted 0 resources
+- Perform `terraform plan` command and check that it'll create 0 resources, modify 1 resources and delete 0 resources
+- Perform `terraform apply -auto-approve` command and check that it has created 0 resources, modified 1 resources and deleted 0 resources
+- Perform `gcloud` commands and check the infrastructure is in the desired state
+- Perform `kubectl` commands and check the infrastructure is in the desired state
+- Perform `terraform destroy -force` command and check that it has destroyed the *n* resources
+
+You can use the following command to run the integration test in the root folder
+
+  `test/integration/gcloud/run.sh`
+
+### Linting
+The makefile in this project will lint or sometimes just format any shell,
+Python, golang, Terraform, or Dockerfiles. The linters will only be run if
+the makefile finds files with the appropriate file extension.
+
+All of the linter checks are in the default make target, so you just have to
+run
+
+```
+make -s
+```
+
+The -s is for 'silent'. Successful output looks like this
+
+```
+Running shellcheck
+Running flake8
+Running go fmt and go vet
+Running terraform validate
+Running hadolint on Dockerfiles
+Checking for required files
+Testing the validity of the header check
+..
+----------------------------------------------------------------------
+Ran 2 tests in 0.026s
+
+OK
+Checking file headers
+The following lines have trailing whitespace
+```
+
+The linters
+are as follows:
+* Shell - shellcheck. Can be found in homebrew
+* Python - flake8. Can be installed with 'pip install flake8'
+* Golang - gofmt. gofmt comes with the standard golang installation. golang
+is a compiled language so there is no standard linter.
+* Terraform - terraform has a built-in linter in the 'terraform validate'
+command.
+* Dockerfiles - hadolint. Can be found in homebrew

auth.tf

@@ -0,0 +1,30 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/******************************************
+  Retrieve authentication token
+ *****************************************/
+data "google_client_config" "default" {}
+
+/******************************************
+  Configure provider
+ *****************************************/
+provider "kubernetes" {
+  load_config_file       = false
+  host                   = "https://${google_container_cluster.primary.endpoint}"
+  token                  = "${data.google_client_config.default.access_token}"
+  cluster_ca_certificate = "${base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)}"
+}

dns.tf

@@ -0,0 +1,52 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/******************************************
+  Delete default kube-dns configmap
+ *****************************************/
+resource "null_resource" "delete_default_kube_dns_configmap" {
+  count = "${local.custom_kube_dns_config ? 1 : 0}"
+
+  provisioner "local-exec" {
+    command = "${path.module}/scripts/kube_auth_wrapper.sh ${var.project_id} ${var.credentials_path} ${var.region} ${var.cluster_name} ${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"
+  }
+
+  depends_on = ["google_container_cluster.primary", "google_container_node_pool.pools"]
+}
+
+/******************************************
+  Create kube-dns confimap
+ *****************************************/
+resource "kubernetes_config_map" "kube-dns" {
+  count = "${local.custom_kube_dns_config ? 1 : 0}"
+
+  metadata {
+    name      = "kube-dns"
+    namespace = "kube-system"
+
+    labels {
+      maintained_by = "terraform"
+    }
+  }
+
+  data {
+    stubDomains = <<EOF
+${jsonencode(var.stub_domains)}
+EOF
+  }
+
+  depends_on = ["null_resource.delete_default_kube_dns_configmap", "google_container_cluster.primary", "google_container_node_pool.pools"]
+}