Merge pull request #59 from sparkfabrik/add_additional_pools

refs platform/2421: Add additional pools

README.md

@@ -103,23 +103,37 @@ Then perform the following commands on the root folder:
 | gitlab\_service\_desk\_mail\_address | Email Address for Service Desk Service | `string` | `""` | no |
 | gitlab\_smtp\_user | Setup email sender address for Gitlab smtp server to send emails. | `string` | `"user@example.com"` | no |
 | gitlab\_time\_zone | Setup timezone for gitlab containers | `string` | `"Europe/Rome"` | no |
-| gke\_cluster\_autoscaling | Setup Profile and Resources for Cluster Autoscaler - BALANCED (Default Profile) or OPTIMIZE UTILIZATION (Prioritize optimizing utilization of resources) | <pre>object({<br>    enabled             = bool<br>    autoscaling_profile = string<br>    min_cpu_cores       = number<br>    max_cpu_cores       = number<br>    min_memory_gb       = number<br>    max_memory_gb       = number<br>    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))<br>  })</pre> | <pre>{<br>  "autoscaling_profile": "BALANCED",<br>  "enabled": false,<br>  "gpu_resources": [],<br>  "max_cpu_cores": 0,<br>  "max_memory_gb": 0,<br>  "min_cpu_cores": 0,<br>  "min_memory_gb": 0<br>}</pre> | no |
+| gke\_additional\_node\_pools | Additional node pools to create in the cluster | `list(map(any))` | `[]` | no |
+| gke\_auto\_repair | Enable auto repair for the cluster. Default true | `bool` | `true` | no |
+| gke\_auto\_scaling | Enable auto scaling for the cluster. Default true | `bool` | `true` | no |
+| gke\_auto\_upgrade | Enable auto upgrade for the cluster. Default true | `bool` | `true` | no |
+| gke\_cluster\_autoscaling | Setup Profile and Resources for Cluster Autoscaler - BALANCED (Default Profile) or OPTIMIZE UTILIZATION (Prioritize optimizing utilization of resources) | <pre>object({<br>    enabled             = bool<br>    auto_repair         = bool<br>    auto_upgrade        = bool<br>    autoscaling_profile = string<br>    min_cpu_cores       = number<br>    max_cpu_cores       = number<br>    min_memory_gb       = number<br>    max_memory_gb       = number<br>    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))<br>  })</pre> | <pre>{<br>  "auto_repair": true,<br>  "auto_upgrade": true,<br>  "autoscaling_profile": "BALANCED",<br>  "enabled": false,<br>  "gpu_resources": [],<br>  "max_cpu_cores": 0,<br>  "max_memory_gb": 0,<br>  "min_cpu_cores": 0,<br>  "min_memory_gb": 0<br>}</pre> | no |
 | gke\_cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no |
 | gke\_datapath | The desired datapath provider for this cluster. By default, DATAPATH\_PROVIDER\_UNSPECIFIED enables the IPTables-based kube-proxy implementation. ADVANCED\_DATAPATH enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
 | gke\_disk\_replication | Setup replication type for disk persistent volune. Possible values none or regional-pd. Default to none. | `string` | `"none"` | no |
+| gke\_disk\_size\_gb | Define the size of the disk of the cluster. Default 100 | `number` | `100` | no |
+| gke\_disk\_type | Define the type of the disk of the cluster. Default pd-balanced | `string` | `"pd-balanced"` | no |
 | gke\_enable\_backup\_agent | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no |
 | gke\_enable\_cloudrun | Enable Google Cloudrun on GKE Cluster. Default false | `bool` | `false` | no |
 | gke\_enable\_image\_stream | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image\_type to be set to COS\_CONTAINERD. | `bool` | `false` | no |
 | gke\_enable\_istio\_addon | Enable Istio addon | `bool` | `false` | no |
+| gke\_enable\_pod\_security\_policy | Enable Pod Security Policy for the cluster. Default false | `bool` | `false` | no |
+| gke\_gce\_pd\_csi\_driver | Enable GCE Persistent Disk CSI Driver for GKE Cluster. Default false | `bool` | `false` | no |
 | gke\_gitaly\_pv\_labels | The GITALY Persistent Volume labels (a map of key/value pairs comma separeted) to match against when choosing a volume to bind. This is used in the PersistentVolumeClaim selector section | `map(string)` | `{}` | no |
 | gke\_google\_group\_rbac\_mail | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `"null"` | no |
+| gke\_image\_type | Define the image type of the cluster. Default COS\_CONTAINERD | `string` | `"COS_CONTAINERD"` | no |
 | gke\_istio\_auth | The authentication type between services in Istio | `string` | `"AUTH_MUTUAL_TLS"` | no |
 | gke\_location\_policy | Location policy specifies the algorithm used when scaling-up the node pool. Location policy is supported only in 1.24.1+ clusters.Supported values BALANCED or ANY. Default BALANCED | `string` | `"BALANCED"` | no |
 | gke\_machine\_type | Machine type used for the node-pool | `string` | `"n1-standard-4"` | no |
 | gke\_max\_node\_count | Define the maximum number of nodes of the autoscaling cluster. Default 5 | `number` | `5` | no |
 | gke\_min\_node\_count | Define the minimum number of nodes of the autoscaling cluster. Default 1 | `number` | `1` | no |
+| gke\_node\_count | Define the number of nodes of the cluster. Default 1 | `number` | `1` | no |
+| gke\_node\_pool\_description | Description of the node pool for the GitLab cluster | `string` | `"Gitlab Cluster"` | no |
+| gke\_node\_pool\_name | Name of the node pool for the GitLab cluster | `string` | `"gitlab"` | no |
+| gke\_node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | <pre>{<br>  "gitlab": []<br>}</pre> | no |
 | gke\_nodes\_subnet\_cidr | Cidr range to use for gitlab GKE nodes subnet | `string` | `"10.10.0.0/16"` | no |
 | gke\_pods\_subnet\_cidr | Cidr range to use for gitlab GKE pods subnet | `string` | `"10.30.0.0/16"` | no |
+| gke\_preemptible | Enable preemptible nodes for the cluster. Default false | `bool` | `false` | no |
 | gke\_sc\_gitlab\_backup\_disk | Storage class for Perstistent Volume used for extra space in Backup Cron Job . Default pd-sdd. | `string` | `"standard"` | no |
 | gke\_sc\_gitlab\_restore\_disk | Storage class for Perstistent Volume used for extra space in Backup Restore Job. Default pd-sdd. | `string` | `"standard"` | no |
 | gke\_services\_subnet\_cidr | Cidr range to use for gitlab GKE services subnet | `string` | `"10.20.0.0/16"` | no |

main.tf

@@ -70,7 +70,7 @@ resource "random_id" "postgres_suffix" {
 # Services
 module "project_services" {
   source  = "terraform-google-modules/project-factory/google//modules/project_services"
-  version = "~> 13.0"
+  version = "~> 14.3.0"
 
   project_id                  = var.project_id
   disable_services_on_destroy = false
@@ -138,7 +138,7 @@ resource "random_id" "cloudnat_suffix" {
 
 module "cloud_nat" {
   source        = "terraform-google-modules/cloud-nat/google"
-  version       = "~> 2.2.0"
+  version       = "~> 4.1.0"
   project_id    = var.project_id
   region        = var.region
   router        = format("%s-router", var.project_id)
@@ -336,7 +336,7 @@ resource "google_storage_bucket_iam_binding" "gitlab_bucket_iam_binding_admin" {
 # GKE Cluster
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster"
-  version = "~> 24.0"
+  version = "~> 27.0.0"
 
   # Create an implicit dependency on service activation
   project_id = module.project_services.project_id
@@ -373,32 +373,38 @@ module "gke" {
 
   cluster_autoscaling = var.gke_cluster_autoscaling
 
-  node_pools = [
-    {
-      name                       = "gitlab"
-      description                = "Gitlab Cluster"
-      machine_type               = var.gke_machine_type
-      node_count                 = 1
-      min_count                  = var.gke_min_node_count
-      max_count                  = var.gke_max_node_count
-      disk_size_gb               = 100
-      disk_type                  = "pd-balanced"
-      image_type                 = "COS_CONTAINERD"
-      auto_repair                = true
-      auto_upgrade               = true
-      cloudrun                   = var.gke_enable_cloudrun
-      enable_pod_security_policy = false
-      preemptible                = false
-      autoscaling                = true
-      location_policy            = var.gke_location_policy
-
-      #Image Streaming
-      enable_gcfs = var.gke_enable_image_stream
-    },
-  ]
+  node_pools = concat(
+    [
+      {
+        name                       = var.gke_node_pool_name
+        description                = var.gke_node_pool_description
+        machine_type               = var.gke_machine_type
+        node_count                 = var.gke_node_count
+        min_count                  = var.gke_min_node_count
+        max_count                  = var.gke_max_node_count
+        disk_size_gb               = var.gke_disk_size_gb
+        disk_type                  = var.gke_disk_type
+        image_type                 = var.gke_image_type
+        auto_repair                = var.gke_auto_repair
+        auto_upgrade               = var.gke_auto_upgrade
+        cloudrun                   = var.gke_enable_cloudrun
+        enable_pod_security_policy = var.gke_enable_pod_security_policy
+        preemptible                = var.gke_preemptible
+        autoscaling                = var.gke_auto_scaling
+        location_policy            = var.gke_location_policy
+
+        #Image Streaming
+        enable_gcfs = var.gke_enable_image_stream
+      },
+    ],
+    var.gke_additional_node_pools
+  )
+
+  gce_pd_csi_driver = var.gke_gce_pd_csi_driver
 
   cluster_resource_labels = var.gke_cluster_resource_labels
 
+  node_pools_taints = var.gke_node_pools_taints
   node_pools_oauth_scopes = {
     all = ["https://www.googleapis.com/auth/cloud-platform"]
   }

modules/secret_manager/main.tf

@@ -12,14 +12,14 @@ resource "random_id" "gcp_secret_suffix" {
 }
 
 locals {
-   secret_id    = var.secret_id == "" ? "${var.project}-gitlab-secret-${random_id.gcp_secret_suffix[0].hex}" : var.secret_id
-   secret_value = var.secret_id == "" ? random_password.random_pass[0].result : data.google_secret_manager_secret_version.gcp_predefined_pass[0].secret_data
+  secret_id    = var.secret_id == "" ? "${var.project}-gitlab-secret-${random_id.gcp_secret_suffix[0].hex}" : var.secret_id
+  secret_value = var.secret_id == "" ? random_password.random_pass[0].result : data.google_secret_manager_secret_version.gcp_predefined_pass[0].secret_data
 }
 
 # Recover the GCP secret payload when GCP secret name is provided
 data "google_secret_manager_secret_version" "gcp_predefined_pass" {
-  secret    = local.secret_id
-  project   = var.project
+  secret  = local.secret_id
+  project = var.project
 
   count = var.secret_id != "" ? 1 : 0
 }
@@ -45,7 +45,7 @@ resource "google_secret_manager_secret" "secret" {
 resource "google_secret_manager_secret_version" "secret" {
   secret      = google_secret_manager_secret.secret[0].id
   secret_data = local.secret_value
-  
+
   count = var.secret_id == "" ? 1 : 0
 }
 
@@ -55,7 +55,7 @@ resource "kubernetes_secret" "k8s_secret" {
     name      = var.k8s_secret_name
     namespace = var.k8s_namespace
   }
-  data  = {
+  data = {
     (var.k8s_secret_key) = (local.secret_value)
   }
   count = var.k8s_create_secret ? 1 : 0

variables.tf

@@ -183,6 +183,72 @@ variable "gcs_bucket_num_newer_version" {
 #  GKE SECTION   #
 ##################
 
+variable "gke_node_pool_name" {
+  type        = string
+  description = "Name of the node pool for the GitLab cluster"
+  default     = "gitlab"
+}
+
+variable "gke_node_pool_description" {
+  type        = string
+  description = "Description of the node pool for the GitLab cluster"
+  default     = "Gitlab Cluster"
+}
+
+variable "gke_node_count" {
+  type        = number
+  description = "Define the number of nodes of the cluster. Default 1"
+  default     = 1
+}
+
+variable "gke_disk_size_gb" {
+  type        = number
+  description = "Define the size of the disk of the cluster. Default 100"
+  default     = 100
+}
+
+variable "gke_disk_type" {
+  type        = string
+  description = "Define the type of the disk of the cluster. Default pd-balanced"
+  default     = "pd-balanced"
+}
+
+variable "gke_image_type" {
+  type        = string
+  description = "Define the image type of the cluster. Default COS_CONTAINERD"
+  default     = "COS_CONTAINERD"
+}
+
+variable "gke_auto_repair" {
+  type        = bool
+  description = "Enable auto repair for the cluster. Default true"
+  default     = true
+}
+
+variable "gke_auto_upgrade" {
+  type        = bool
+  description = "Enable auto upgrade for the cluster. Default true"
+  default     = true
+}
+
+variable "gke_enable_pod_security_policy" {
+  type        = bool
+  description = "Enable Pod Security Policy for the cluster. Default false"
+  default     = false
+}
+
+variable "gke_preemptible" {
+  type        = bool
+  description = "Enable preemptible nodes for the cluster. Default false"
+  default     = false
+}
+
+variable "gke_auto_scaling" {
+  type        = bool
+  description = "Enable auto scaling for the cluster. Default true"
+  default     = true
+}
+
 variable "gke_min_node_count" {
   type        = number
   description = "Define the minimum number of nodes of the autoscaling cluster. Default 1"
@@ -312,6 +378,8 @@ variable "gke_gitaly_pv_labels" {
 variable "gke_cluster_autoscaling" {
   type = object({
     enabled             = bool
+    auto_repair         = bool
+    auto_upgrade        = bool
     autoscaling_profile = string
     min_cpu_cores       = number
     max_cpu_cores       = number
@@ -323,6 +391,8 @@ variable "gke_cluster_autoscaling" {
   default = {
     "autoscaling_profile" : "BALANCED",
     "enabled" : false,
+    "auto_repair" : true,
+    "auto_upgrade" : true,
     "gpu_resources" : [],
     "max_cpu_cores" : 0,
     "max_memory_gb" : 0,
@@ -336,12 +406,32 @@ variable "gke_location_policy" {
   description = "Location policy specifies the algorithm used when scaling-up the node pool. Location policy is supported only in 1.24.1+ clusters.Supported values BALANCED or ANY. Default BALANCED"
   default     = "BALANCED"
 }
+
+variable "gke_additional_node_pools" {
+  type        = list(map(any))
+  description = "Additional node pools to create in the cluster"
+  default     = []
+}
+
+variable "gke_node_pools_taints" {
+  type        = map(list(object({ key = string, value = string, effect = string })))
+  description = "Map of lists containing node taints by node-pool name"
+  default = {
+    gitlab = []
+  }
+}
+
+variable "gke_gce_pd_csi_driver" {
+  type        = bool
+  description = "Enable GCE Persistent Disk CSI Driver for GKE Cluster. Default false"
+  default     = false
+}
+
 ##################
 # GITLAB SECTION #
 ##################
 
 # Gitlab Version Helm CHart
-
 variable "helm_chart_version" {
   type        = string
   default     = "5.9.3"
@@ -366,7 +456,6 @@ variable "gcp_existing_db_secret_name" {
   default     = ""
 }
 
-
 variable "gcp_existing_smtp_secret_name" {
   type        = string
   description = "Only if STMP is enabled. Setup the GCP secret name where to retrieve the password value that will be used for Smtp Account."