Enhance GKE support - Githubissues

endzyme commented 5 years ago

I'd like to improve the usability of the GCP project generator. Since we don't really do GCP projects without GKE, we'd be generating both the GKE aspects as well as any information about the GCP project. I will likely (unintentionally) use the term GKE and GCP interchangeably, sorry in advance and call it out if it's unclear.

Below, this issue outlines a general feature request of expectations. If something doesn't make sense or needs more clarification, please don't hesitate to start a discussion.

Feature Request Story

I would like to be able to generate a GCP inventory which creates things pertinent to accessing the GCP account specifically. I expect the following directory structure [fig2] after running the example command [fig1]. After this command I should be able to run terraform (after initializing the bucket) and have both a google stable provider and a beta provider [fig6].

I expect to be able to run another command to add a gke cluster [fig4] and have it add a few files to the provided inventory path [fig5]. After generating the cluster I should be able to run terraform and it should create a default cluster based on our external terraform module(s).

Example Inventory Command

Figure 1

%> pentagon add inventory.gcp my-gcp-project-name
#> Maybe some prompt questions: abcdef<enter>

Example Config Tree

Figure 2

%> tree inventory/my-gcp-project-name/
my-gcp-project-name
├── clusters/
├── config/
│   ├── local/
│   │   ├── local-config-init
│   │   └── vars.yml
│   └── private/
│       └── .gitignore
└── terraform/
    ├── backend.tf
    ├── .gitignore
    └── provider.tf

Example Variables File

Figure 3

# ./config/local/vars.yml
KUBECONFIG: "${INFRASTRUCTURE_REPO}/inventory/${INVENTORY}/config/private/kube_config"
HELM_HOME: "${INFRASTRUCTURE_REPO}/helm"
INFRASTRUCTURE_BUCKET: "some-bucket-name-collected-earier"
CLOUDSDK_CORE_PROJECT: "my-gcp-project-name"
CLOUDSDK_COMPUTE_REGION: "us-central1"
CLOUDSDK_COMPUTE_ZONE: "us-central1-a"
TILLER_NAMESPACE: "tiller"  ## NOTE this is up for debate

Example GKE Cluster Command

Figure 4

%> pentagon add gke.cluster inventory/my-gcp-project-name
I've detected gcp-region [us-central1]: Use this? (Y/n)> _
I have generated a cluster name [cluster-1]: Use this? (Y/n)> _
I default to cluster type [public-vpc-native]: Use this? (Y/n)> _
...

Example New Cluster Tree

Figure 5

%> tree inventory/my-gcp-project-name/
my-gcp-project-name
├── clusters/
│   └── cluster-1/   ## NEW Folder
│       ├── kubernetes/  ## NEW Folder
│       └── resources/  ## NEW Folder
├── config/
│   ├── local/
│   │   ├── local-config-init
│   │   └── vars.yml
│   └── private/
│       └── .gitignore
└── terraform/
    ├── backend.tf
    ├── .gitignore
    ├── gke-cluster-1.tf ## **NEW FILE w/ module: cluster-type: public-vpc-native
    └── provider.tf

Example provider.tf

Figure 6
This allows us to have the beta provider when we need it but default to google provider for all other resources.

# terraform/provider.tf
provider "google" {
  version = "~> 2.0"
  project = "example-ephemeral-4"
  region  = "us-central1"
}

provider "google-beta" {
  version = "~> 2.0"
  project = "example-ephemeral-4"
  region  = "us-central1"
}

# terraform/example-beta-provider-usage.tf
resource "google_example_resource" "my_fake_resource" {
  provider        = "google-beta"
  name            = "some name"
  some-beta-param = "can be used due to provider above"
}

ejether commented 5 years ago

I support the improvement of this process! The interactive prompt might be a nice stretch goal. I think it will be fraught with peril so I suggest coming up with a 1-2 week work timeline where you prioritize the option driven interface that matches what we have currently and deliver that first. I'd prefer that the interactive prompt work not block the GKE/GCP/KFC improvements.

endzyme commented 5 years ago

This is almost done from work on PR #185. PR #190 adds the tiller_namespace change.

Things that are not complete:

Standardizing and forcing the version pinning on provider.tf.
Supporting the beta alias provider
Documenting how to use the add inventory.gcp and add gcp.cluster individually.

Things that cant easily be done today:

Supporting dynamic names in filenames to match one cluster-<n>.tf per generator
Confirming each entry (would take too long due to how the inheritance structure works) (Instead we confirm each component run)

I think based on the current work and having something working today - we can drop the above items for later improvements.

endzyme commented 5 years ago

please reopen if anyone feels this isn't done yet

ejether commented 5 years ago

Can you expand on what you mean by this:

Supporting dynamic names in filenames to match one cluster-.tf per generator I don't think I understand

Confirming each entry (would take too long due to how the inheritance structure works) (Instead we confirm each component run)

I completely agree.

endzyme commented 5 years ago

Supporting dynamic names in filesnames..

My specification above outlined naming the cluster.tf filename with the cluster ID that was specified in the pentagon run. Example pentagon add gcp.cluster ... --cluster-number 2 ... would yield:

%> tree inventory/my-gcp-project-name/
my-gcp-project-name
├── clusters/
...
└── terraform/
...
    ├── gke-cluster-2.tf # Note the -2 here
    └── provider.tf

FairwindsOps / pentagon

Enhance GKE support #181

Feature Request Story

Example Inventory Command

Example Config Tree

Example Variables File

Example GKE Cluster Command

Example New Cluster Tree

Example provider.tf