Skip to content

Commit

Permalink
Add AKS, GKE and Helm terraform modules
Browse files Browse the repository at this point in the history 
Add configuration for deploying cluster and installing Agones on AKS.
  • Loading branch information
@aLekSer
aLekSer committed May 13, 2019
1 parent e1f6807 commit 6f30051
Show file tree
Hide file tree
Showing 12 changed files with 789 additions and 6 deletions.
106 changes: 106 additions & 0 deletions build/modules/aks/aks.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
# Copyright 2019 Google LLC All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

provider "azuread" {
version = "=0.1.0"
}

# Create Service Principal password
resource "azuread_service_principal_password" "aks" {
end_date = "2299-12-30T23:00:00Z" # Forever
service_principal_id = "${azuread_service_principal.aks.id}"
value = "${random_string.password.result}"
}

# Create Azure AD Application for Service Principal
resource "azuread_application" "aks" {
name = "agones-sp"
}

# Create Service Principal
resource "azuread_service_principal" "aks" {
application_id = "${azuread_application.aks.application_id}"
}

# Generate random string to be used for Service Principal Password
resource "random_string" "password" {
length = 32
special = true
}

resource "azurerm_resource_group" "test" {
name = "agonesRG"
location = "East US"
}

resource "azurerm_kubernetes_cluster" "test" {
name = "${var.cluster_name}"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
dns_prefix = "agones"
// Version 1.11.8 has issues with RBAC on AKS
// So this parameter is commented out
//kubernetes_version = "1.11.8"


agent_pool_profile {
name = "default"
count = 2
vm_size = "${var.machine_type}"
os_type = "Linux"
os_disk_size_gb = 30
}

service_principal {
client_id = "${azuread_application.aks.application_id}"
client_secret = "${azuread_service_principal_password.aks.value}"
}
tags = {
Environment = "Production"
}
}
resource "azurerm_network_security_group" "test" {
name = "agonesSecurityGroup"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
}

resource "azurerm_network_security_rule" "gameserver" {
name = "gameserver"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "UDP"
source_port_range = "*"
destination_port_range = "7000-8000"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.test.name}"
network_security_group_name = "${azurerm_network_security_group.test.name}"
}


resource "azurerm_network_security_rule" "outbound" {
name = "outbound"
priority = 100
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${azurerm_resource_group.test.name}"
network_security_group_name = "${azurerm_network_security_group.test.name}"
}
34 changes: 34 additions & 0 deletions build/modules/aks/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# Copyright 2019 Google LLC All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

output "cluster_ca_certificate" {
value = "${base64decode(azurerm_kubernetes_cluster.test.kube_config.0.cluster_ca_certificate)}"
}

output "client_certificate" {
value = "${azurerm_kubernetes_cluster.test.kube_config.0.client_certificate}"
}

output "kube_config" {
value = "${azurerm_kubernetes_cluster.test.kube_config_raw}"
}

output "host" {
value = "${azurerm_kubernetes_cluster.test.kube_config.0.host}"
}

output "token" {
value = "${azurerm_kubernetes_cluster.test.kube_config.0.password}"
}

21 changes: 21 additions & 0 deletions build/modules/aks/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Copyright 2019 Google LLC All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

variable "machine_type" {
default = "Standard_D2_v2"
}

variable "cluster_name" {
default="test-cluster"
}
162 changes: 162 additions & 0 deletions build/modules/gke/cluster.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
# Copyright 2019 Google LLC All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

provider "google-beta" {
version = "~> 2.4"
zone = "${lookup(var.cluster, "zone")}"
}

/*
provider "google" {
version = "~> 2.4"
}
*/

data "google_client_config" "default" {}

# echo command used for debugging purpose
# Run `terraform taint null_resource.test-setting-variables` before second execution
resource "null_resource" "test-setting-variables" {
provisioner "local-exec" {
command = "${"${format("echo Current variables set as following - name: %s, project: %s, machineType: %s, initialNodeCount: %s, zone: %s, legacyAbac: %s",
"${lookup(var.cluster, "name")}", "${lookup(var.cluster, "project")}",
"${lookup(var.cluster, "machineType")}", "${lookup(var.cluster, "initialNodeCount")}",
"${lookup(var.cluster, "zone")}", "${lookup(var.cluster, "legacyAbac")}")}"}"
}
}


locals {
username = "${var.password != "" ? var.username : ""}"
}

# assert that password has correct length
# before creating the cluster to avoid
# unfinished configurations
resource "null_resource" "check-password-length" {
count = "${length(var.password) >= 16 || length(var.password) == 0 ? 0 : 1}"
"Password must be more than 16 chars in length" = true
}

resource "google_container_cluster" "primary" {
name = "${lookup(var.cluster, "name")}"
location = "${lookup(var.cluster, "zone")}"
project = "${lookup(var.cluster, "project")}"
provider = "google-beta"

# Setting an empty username and password explicitly disables basic auth
master_auth {
username = "${local.username}"
password = "${var.password}"
}
enable_legacy_abac = "${lookup(var.cluster, "legacyAbac")}"

name = "default"
initial_node_count = "${lookup(var.cluster, "initialNodeCount")}"
node_config = {
machine_type = "${lookup(var.cluster, "machineType")}"
oauth_scopes = [
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
"https://www.googleapis.com/auth/service.management.readonly",
"https://www.googleapis.com/auth/servicecontrol",
"https://www.googleapis.com/auth/trace.append",
]

tags = ["game-server"]
timeouts = {
create = "30m"
update = "40m"
}
}
}

resource "google_container_node_pool" "agones-system" {
name = "agones-system"
cluster = "${google_container_cluster.primary.name}"
location = "${google_container_cluster.primary.location}"
project = "${lookup(var.cluster, "project")}"
provider = "google-beta"
node_count = 1
node_config = {
preemptible = true
machine_type = "n1-standard-4"

oauth_scopes = [
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
"https://www.googleapis.com/auth/service.management.readonly",
"https://www.googleapis.com/auth/servicecontrol",
"https://www.googleapis.com/auth/trace.append",
]
labels = {
"stable.agones.dev/agones-system" = "true"
}
taint = {
key = "stable.agones.dev/agones-system"
value = "true"
effect = "NO_EXECUTE"
}
}
}

resource "google_container_node_pool" "agones-metrics" {
name = "agones-metrics"
cluster = "${google_container_cluster.primary.name}"
location = "${google_container_cluster.primary.location}"
project = "${lookup(var.cluster, "project")}"
provider = "google-beta"
node_count = 1
node_config = {
preemptible = true
machine_type = "n1-standard-4"

oauth_scopes = [
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
"https://www.googleapis.com/auth/service.management.readonly",
"https://www.googleapis.com/auth/servicecontrol",
"https://www.googleapis.com/auth/trace.append",
]
labels = {
"stable.agones.dev/agones-metrics" = "true"
}
taint = {
key = "stable.agones.dev/agones-metrics"
value = "true"
effect = "NO_EXECUTE"
}
}
}

resource "google_compute_firewall" "default" {
name = "game-server-firewall-firewall-${lookup(var.cluster, "name")}"
project = "${lookup(var.cluster, "project")}"
network = "${google_compute_network.default.name}"

allow {
protocol = "udp"
ports = ["${var.ports}"]
}

source_tags = ["game-server"]
}

resource "google_compute_network" "default" {
project = "${lookup(var.cluster, "project")}"
name = "agones-network-${lookup(var.cluster, "name")}"
}
35 changes: 35 additions & 0 deletions build/modules/gke/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Copyright 2019 Google LLC All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# The following outputs allow authentication and connectivity to the GKE Cluster
# by using certificate-based authentication.
output "client_certificate" {
value = "${google_container_cluster.primary.master_auth.0.client_certificate}"
}

output "client_key" {
value = "${google_container_cluster.primary.master_auth.0.client_key}"
}

output "cluster_ca_certificate" {
value = "${base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)}"
}

output "host" {
value = "https://${google_container_cluster.primary.endpoint}"
}

output "token" {
value = "${data.google_client_config.default.access_token}"
}
Loading

0 comments on commit 6f30051

Please sign in to comment.