Add AKS, GKE and Helm terraform modules (#756)

Add configuration for deploying cluster and installing Agones on AKS.
googleforgames · May 16, 2019 · fe5450c · fe5450c
1 parent fd1bf69
commit fe5450c
Show file tree

Hide file tree

Showing 12 changed files with 796 additions and 6 deletions.
diff --git a/build/modules/aks/aks.tf b/build/modules/aks/aks.tf
@@ -0,0 +1,106 @@
+# Copyright 2019 Google LLC All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+provider "azuread" {
+  version = "=0.1.0"
+}
+
+# Create Service Principal password
+resource "azuread_service_principal_password" "aks" {
+  end_date             = "2299-12-30T23:00:00Z"                        # Forever
+  service_principal_id = "${azuread_service_principal.aks.id}"
+  value                = "${random_string.password.result}"
+}
+
+# Create Azure AD Application for Service Principal
+resource "azuread_application" "aks" {
+  name = "agones-sp"
+}
+
+# Create Service Principal
+resource "azuread_service_principal" "aks" {
+  application_id = "${azuread_application.aks.application_id}"
+}
+
+# Generate random string to be used for Service Principal Password
+resource "random_string" "password" {
+  length  = 32
+  special = true
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "agonesRG"
+  location = "East US"
+}
+
+resource "azurerm_kubernetes_cluster" "test" {
+  name                = "${var.cluster_name}"
+  location            = "${azurerm_resource_group.test.location}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+  dns_prefix          = "agones"
+  // Version 1.11.8 has issues with RBAC on AKS
+  // So this parameter is commented out
+  //kubernetes_version  = "1.11.8"
+
+
+  agent_pool_profile {
+  name            = "default"
+    count           = 2
+    vm_size         = "${var.machine_type}"
+    os_type         = "Linux"
+    os_disk_size_gb = 30
+  }
+
+  service_principal {
+    client_id     = "${azuread_application.aks.application_id}"
+    client_secret = "${azuread_service_principal_password.aks.value}"
+  }
+  tags = {
+    Environment = "Production"
+  }
+}
+resource "azurerm_network_security_group" "test" {
+  name                = "agonesSecurityGroup"
+  location            = "${azurerm_resource_group.test.location}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+}
+
+resource "azurerm_network_security_rule" "gameserver" {
+    name                        = "gameserver"
+    priority                    = 100
+    direction                   = "Inbound"
+    access                      = "Allow"
+    protocol                    = "UDP"
+    source_port_range           = "*"
+    destination_port_range      = "7000-8000"
+    source_address_prefix       = "*"
+    destination_address_prefix  = "*"
+    resource_group_name         = "${azurerm_resource_group.test.name}"
+    network_security_group_name = "${azurerm_network_security_group.test.name}"
+}
+
+
+resource "azurerm_network_security_rule" "outbound" {
+  name                        = "outbound"
+  priority                    = 100
+  direction                   = "Outbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = "*"
+  source_address_prefix       = "*"
+  destination_address_prefix  = "*"
+  resource_group_name         = "${azurerm_resource_group.test.name}"
+  network_security_group_name = "${azurerm_network_security_group.test.name}"
+}
diff --git a/build/modules/aks/outputs.tf b/build/modules/aks/outputs.tf
@@ -0,0 +1,34 @@
+# Copyright 2019 Google LLC All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+output "cluster_ca_certificate" {
+  value = "${base64decode(azurerm_kubernetes_cluster.test.kube_config.0.cluster_ca_certificate)}"
+}
+
+output "client_certificate" {
+  value = "${azurerm_kubernetes_cluster.test.kube_config.0.client_certificate}"
+}
+
+output "kube_config" {
+  value = "${azurerm_kubernetes_cluster.test.kube_config_raw}"
+}
+
+output "host" {
+  value = "${azurerm_kubernetes_cluster.test.kube_config.0.host}"
+}
+
+output "token" {
+  value = "${azurerm_kubernetes_cluster.test.kube_config.0.password}"
+}
+
diff --git a/build/modules/aks/variables.tf b/build/modules/aks/variables.tf
@@ -0,0 +1,21 @@
+# Copyright 2019 Google LLC All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "machine_type" {
+  default = "Standard_D2_v2"
+}
+
+variable "cluster_name" {
+  default="test-cluster"
+}
diff --git a/build/modules/gke/cluster.tf b/build/modules/gke/cluster.tf
@@ -0,0 +1,169 @@
+# Copyright 2019 Google LLC All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+provider "google-beta" {
+  version = "~> 2.4"
+  zone      = "${lookup(var.cluster, "zone")}"
+}
+
+/*
+provider "google" {
+  version = "~> 2.4"
+}
+*/
+
+data "google_client_config" "default" {}
+
+# echo command used for debugging purpose
+# Run `terraform taint null_resource.test-setting-variables` before second execution
+resource "null_resource" "test-setting-variables" {
+    provisioner "local-exec" {
+      command = "${"${format("echo Current variables set as following - name: %s, project: %s, machineType: %s, initialNodeCount: %s, zone: %s, legacyAbac: %s",
+      "${lookup(var.cluster, "name")}", "${lookup(var.cluster, "project")}",
+      "${lookup(var.cluster, "machineType")}", "${lookup(var.cluster, "initialNodeCount")}",
+      "${lookup(var.cluster, "zone")}", "${lookup(var.cluster, "legacyAbac")}")}"}"
+    }
+}
+
+
+locals {
+  username = "${var.password != "" ? var.username : ""}"
+}
+
+# assert that password has correct length
+# before creating the cluster to avoid 
+# unfinished configurations
+resource "null_resource" "check-password-length" {
+  count = "${length(var.password) >= 16 || length(var.password) == 0 ? 0 : 1}"
+  "Password must be more than 16 chars in length" = true
+}
+
+resource "google_container_cluster" "primary" {
+  name     = "${lookup(var.cluster, "name")}"
+  location     = "${lookup(var.cluster, "zone")}"
+  project  = "${lookup(var.cluster, "project")}"
+  provider = "google-beta"
+  # Setting an empty username and password explicitly disables basic auth
+  master_auth {
+    username = "${local.username}"
+    password = "${var.password}"
+  }
+  remove_default_node_pool = true
+  enable_legacy_abac = "${lookup(var.cluster, "legacyAbac")}"
+  initial_node_count = "${lookup(var.cluster, "initialNodeCount") + 2}"
+}
+
+resource "google_container_node_pool" "agones-gameserver" {
+  name       = "default"
+  cluster   = "${google_container_cluster.primary.name}"
+  location    = "${google_container_cluster.primary.location}"
+  project  = "${lookup(var.cluster, "project")}"
+  provider = "google-beta"
+  node_count = "${lookup(var.cluster, "initialNodeCount")}"
+  node_config = {
+    machine_type = "${lookup(var.cluster, "machineType")}"
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring",
+      "https://www.googleapis.com/auth/service.management.readonly",
+      "https://www.googleapis.com/auth/servicecontrol",
+      "https://www.googleapis.com/auth/trace.append",
+    ]
+
+    tags = ["game-server"]
+    timeouts = {
+      create = "30m"
+      update = "40m"
+    }
+  }
+}
+
+resource "google_container_node_pool" "agones-system" {
+  name       = "agones-system"
+  cluster   = "${google_container_cluster.primary.name}"
+  location    = "${google_container_cluster.primary.location}"
+  project  = "${lookup(var.cluster, "project")}"
+  provider = "google-beta"
+  node_count = 1
+  node_config = {
+    preemptible  = true
+    machine_type = "n1-standard-4"
+
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring",
+      "https://www.googleapis.com/auth/service.management.readonly",
+      "https://www.googleapis.com/auth/servicecontrol",
+      "https://www.googleapis.com/auth/trace.append",
+    ]
+    labels = {
+      "stable.agones.dev/agones-system" = "true"
+    }
+    taint = {
+        key = "stable.agones.dev/agones-system"
+        value = "true"
+        effect = "NO_EXECUTE"
+    }
+  }
+}
+
+resource "google_container_node_pool" "agones-metrics" {
+  name       = "agones-metrics"
+  cluster   = "${google_container_cluster.primary.name}"
+  location    = "${google_container_cluster.primary.location}"
+  project  = "${lookup(var.cluster, "project")}"
+  provider = "google-beta"
+  node_count = 1
+  node_config = {
+    preemptible  = true
+    machine_type = "n1-standard-4"
+
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring",
+      "https://www.googleapis.com/auth/service.management.readonly",
+      "https://www.googleapis.com/auth/servicecontrol",
+      "https://www.googleapis.com/auth/trace.append",
+    ]
+    labels = {
+      "stable.agones.dev/agones-metrics" = "true"
+    }
+    taint = {
+        key = "stable.agones.dev/agones-metrics"
+        value = "true"
+        effect = "NO_EXECUTE"
+    }
+  }
+}
+
+resource "google_compute_firewall" "default" {
+  name    = "game-server-firewall-firewall-${lookup(var.cluster, "name")}"
+  project = "${lookup(var.cluster, "project")}"
+  network = "${google_compute_network.default.name}"
+
+  allow {
+    protocol = "udp"
+    ports    = ["${var.ports}"]
+  }
+
+  source_tags = ["game-server"]
+}
+
+resource "google_compute_network" "default" {
+  project = "${lookup(var.cluster, "project")}"
+  name    = "agones-network-${lookup(var.cluster, "name")}"
+}
diff --git a/build/modules/gke/outputs.tf b/build/modules/gke/outputs.tf
@@ -0,0 +1,35 @@
+# Copyright 2019 Google LLC All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The following outputs allow authentication and connectivity to the GKE Cluster
+# by using certificate-based authentication.
+output "client_certificate" {
+  value = "${google_container_cluster.primary.master_auth.0.client_certificate}"
+}
+
+output "client_key" {
+  value = "${google_container_cluster.primary.master_auth.0.client_key}"
+}
+
+output "cluster_ca_certificate" {
+  value = "${base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)}"
+}
+
+output "host" {
+  value = "https://${google_container_cluster.primary.endpoint}"
+}
+
+output "token" {
+  value = "${data.google_client_config.default.access_token}"
+}