diff --git a/build/README.md b/build/README.md index 468394c57a..eaa49aa2d1 100644 --- a/build/README.md +++ b/build/README.md @@ -379,6 +379,9 @@ The Kubernetes config file used to access the cluster. Defaults to `~/.kube/conf ### CLUSTER_NAME The (gcloud) test cluster that is being worked against. Defaults to `test-cluster` +### GCP_PROJECT +Your GCP project for deploying GKE cluster. + ### IMAGE_PULL_SECRET The name of the secret required to pull the Agones images, if needed. If unset, no pull secret will be used. @@ -530,6 +533,25 @@ Pulls down authentication information for kubectl against a cluster, name can be Creates a short lived access to Google Cloud container repositories, so that you are able to call `docker push` directly. Useful when used in combination with `make push` command. +### Terraform + +Targets used to deploy a cluster with terraform. + +#### `make terraform-init` +Install google and google-beta terraform provider and authorize + +#### `make gcloud-terraform-cluster` +Run next command with your project ID specified: +``` +GCP_PROJECT= make gcloud-terraform-cluster +``` + +#### `make gcloud-terraform-destroy-cluster` +Run `terraform destroy` on your cluster. + +#### `make terraform-clean` +Remove .terraform directory with configs + ### Minikube A set of utilities for setting up and running a [Minikube](https://github.com/kubernetes/minikube) instance, diff --git a/build/build-image/Dockerfile b/build/build-image/Dockerfile index 73358c9fb0..51dcb57129 100644 --- a/build/build-image/Dockerfile +++ b/build/build-image/Dockerfile @@ -135,6 +135,9 @@ RUN echo "export PATH=/usr/local/go/bin:/go/bin/:\$PATH" >> /root/.bashrc # make nano the editor RUN echo "export EDITOR=nano" >> /root/.bashrc +# install terraform +RUN wget -nv https://releases.hashicorp.com/terraform/0.11.13/terraform_0.11.13_linux_386.zip && unzip ./terraform_0.11.13_linux_386.zip && mv terraform /usr/local/bin/ + # code generation scripts COPY *.sh /root/ RUN chmod +x /root/*.sh diff --git a/build/gke-test-cluster/cluster.tf b/build/gke-test-cluster/cluster.tf new file mode 100644 index 0000000000..3954bacfb8 --- /dev/null +++ b/build/gke-test-cluster/cluster.tf @@ -0,0 +1,153 @@ +# Copyright 2019 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +provider "google-beta" { + zone = "${lookup(var.cluster, "zone")}" +} + +variable "cluster" { + type = "map" + default = { + "zone" = "us-west1-c" + "name" = "test-cluster" + "machineType" = "n1-standard-4" + "initialNodeCount" = "4" + "legacyAbac" = false + "project" = "agones" + } +} +resource "google_container_cluster" "primary" { + name = "${lookup(var.cluster, "name")}" + zone = "${lookup(var.cluster, "zone")}" + project = "${lookup(var.cluster, "project")}" + provider = "google-beta" + + initial_node_count = "${lookup(var.cluster, "initialNodeCount")}" + + master_auth { + username = "admin" + password = "supersecretpassword" + } + enable_legacy_abac = "${lookup(var.cluster, "legacyAbac")}" + + node_config { + machine_type = "${lookup(var.cluster, "machineType")}" + oauth_scopes = [ + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/servicecontrol", + "https://www.googleapis.com/auth/trace.append", + ] + + tags = ["game-server"] + } +} + +resource "google_container_node_pool" "system_nodes" { + name = "agones-system" + zone = "${lookup(var.cluster, "zone")}" + project = "${lookup(var.cluster, "project")}" + provider = "google-beta" + cluster = "${google_container_cluster.primary.name}" + node_count = 1 + + node_config { + preemptible = true + machine_type = "n1-standard-4" + + oauth_scopes = [ + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/servicecontrol", + "https://www.googleapis.com/auth/trace.append", + ] + labels = { + "stable.agones.dev/agones-system" = "true" + } + taint = { + key = "stable.agones.dev/agones-system" + value = "true" + effect = "NO_EXECUTE" + } + } +} + +resource "google_container_node_pool" "metric-nodes" { + name = "agones-metrics" + zone = "${lookup(var.cluster, "zone")}" + project = "${lookup(var.cluster, "project")}" + provider = "google-beta" + cluster = "${google_container_cluster.primary.name}" + node_count = 1 + + node_config { + preemptible = true + machine_type = "n1-standard-4" + + oauth_scopes = [ + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/servicecontrol", + "https://www.googleapis.com/auth/trace.append", + ] + labels = { + "stable.agones.dev/agones-metrics" = "true" + } + taint = { + key = "stable.agones.dev/agones-metrics" + value = "true" + effect = "NO_EXECUTE" + } + } +} +# The following outputs allow authentication and connectivity to the GKE Cluster +# by using certificate-based authentication. + +resource "google_compute_firewall" "default" { + name = "game-server-firewall-firewall2" + project = "${lookup(var.cluster, "project")}" + network = "${google_compute_network.default.name}" + + allow { + protocol = "udp" + ports = ["7000-8000"] + } + + source_tags = ["game-server"] +} + +resource "google_compute_network" "default" { + project = "${lookup(var.cluster, "project")}" + name = "test-network2" +} + + +output "client_certificate" { + value = "${google_container_cluster.primary.master_auth.0.client_certificate}" +} + +output "client_key" { + value = "${google_container_cluster.primary.master_auth.0.client_key}" +} + +output "cluster_ca_certificate" { + value = "${google_container_cluster.primary.master_auth.0.cluster_ca_certificate}" +} + diff --git a/build/includes/google-cloud.mk b/build/includes/google-cloud.mk index 3e249720f9..a2e113ef2b 100644 --- a/build/includes/google-cloud.mk +++ b/build/includes/google-cloud.mk @@ -35,6 +35,34 @@ gcloud-test-cluster: $(ensure-build-image) $(MAKE) gcloud-auth-cluster $(MAKE) setup-test-cluster +terraform-init: + docker run --rm -it $(common_mounts) $(DOCKER_RUN_ARGS) $(build_tag) bash -c '\ + cd $(mount_path)/build/gke-test-cluster && terraform init && \ + cd $(mount_path)/build/gke-test-cluster && gcloud auth application-default login' + +terraform-clean: + rm -r ./gke-test-cluster/.terraform + rm ./gke-test-cluster/terraform.tfstate* + +gcloud-terraform-cluster: GCP_PROJECT ?= agones-alexander +gcloud-terraform-cluster: GCP_CLUSTER_LEGACYABAC ?= false +gcloud-terraform-cluster: GCP_CLUSTER_NODEPOOL_INITIALNODECOUNT ?= 7 +gcloud-terraform-cluster: GCP_CLUSTER_NODEPOOL_MACHINETYPE ?= n1-standard-2 +gcloud-terraform-cluster: + docker run --rm -it $(common_mounts) $(DOCKER_RUN_ARGS) $(build_tag) bash -c ' \ + cd $(mount_path)/build/gke-test-cluster && terraform plan -var "cluster={zone=\"$(GCP_CLUSTER_ZONE)\"}" \ + -var "cluster={machineType=\"$(GCP_CLUSTER_NODEPOOL_MACHINETYPE)\"}" -var "cluster={name=\"$(GCP_CLUSTER_NAME)\"}" \ + -var "cluster={project=\"$(GCP_PROJECT)\"}" \ + -var "cluster={initialNodeCount=\"$(GCP_CLUSTER_NODEPOOL_INITIALNODECOUNT)\"}" -var "cluster={legacyABAC=\"$(GCP_CLUSTER_LEGACYABAC)\"}" -out tfplan' + docker run --rm -it $(common_mounts) $(DOCKER_RUN_ARGS) $(build_tag) bash -c ' \ + cd $(mount_path)/build/gke-test-cluster && terraform apply -input=false tfplan' + $(MAKE) gcloud-auth-cluster + $(MAKE) setup-test-cluster + +gcloud-terraform-destroy-cluster: + docker run --rm -it $(common_mounts) $(DOCKER_RUN_ARGS) $(build_tag) bash -c ' \ + cd $(mount_path)/build/gke-test-cluster && terraform destroy' + clean-gcloud-test-cluster: $(ensure-build-image) docker run --rm -it $(common_mounts) $(DOCKER_RUN_ARGS) $(build_tag) gcloud \ deployment-manager deployments delete $(GCP_CLUSTER_NAME)