Caravan Infra GCP¶
Module description¶
The purpose of this module is deploying the Caravan infrastructure upon which the Caravan cluster will reside.
The code will deploy components formed by the following graph.
Prepare¶
The project-setup.sh
script help you to create all the necessary requirements to deploy the infrastructure.
./project-setup.sh XXXXXX-YYYYYY-ZZZZZZ 12345678901 admin-project-example project-example-id project-example us-central1
Modules¶
Name |
Source |
Version |
---|---|---|
git::https://github.com/bitrockteam/caravan-bootstrap |
refs/tags/v0.2.20 |
|
git::https://github.com/bitrockteam/caravan-cloudinit |
refs/tags/v0.1.20 |
|
git::https://github.com/bitrockteam/caravan-cloudinit |
refs/tags/v0.1.18 |
|
git::https://github.com/bitrockteam/caravan-acme-le |
refs/tags/v0.0.16 |
Resources¶
Name |
Type |
---|---|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
google_compute_global_forwarding_rule.global_forwarding_rule |
resource |
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
google_compute_region_instance_group_manager.default_workers |
resource |
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
google_project_iam_binding.pd_csi_service_account_iam_binding |
resource |
google_project_iam_binding.pd_csi_service_account_storage_admin_iam_binding |
resource |
google_project_iam_binding.pd_csi_service_account_user_iam_binding |
resource |
google_project_iam_custom_role.gcp_compute_persistent_disk_csi_driver |
resource |
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
google_service_account_iam_binding.key_account_iam_control_plane |
resource |
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
data source |
|
data source |
|
data source |
|
data source |
Inputs¶
Name |
Description |
Type |
Default |
Required |
---|---|---|---|---|
Path to Google account file |
|
n/a |
yes |
|
Fully qualified image name |
|
n/a |
yes |
|
GCP Project ID |
|
n/a |
yes |
|
GCP zone |
|
n/a |
yes |
|
List of admins to add to the project |
|
|
no |
|
IP address list for SSH connection to the VMs |
|
[ |
no |
|
Cloud init decoding |
|
|
no |
|
Fake certificates from staging Let’s Encrypt |
map(object({ |
{ |
no |
|
Path to Consul Enterprise license |
|
|
no |
|
Control plane instances number |
|
|
no |
|
Control plane instance machine type |
|
|
no |
|
Control plane service account name, it will be used by Vault Auth method |
|
|
no |
|
Example: |
|
|
no |
|
Hashicorp cluster name |
|
|
no |
|
Enables and setup monitoring node |
|
|
no |
|
Enables and setup Nomad cluster |
|
|
no |
|
Domain used for endpoints and certs |
|
|
no |
|
GCP KMS crypto key |
|
|
no |
|
GCP KMS key ring |
|
|
no |
|
Cloud init compressing |
|
|
no |
|
LE’s endpoint when use_le_staging==false |
|
|
no |
|
LE’s endpoint when use_le_staging==true |
|
|
no |
|
Path to Nomad Enterprise license |
|
|
no |
|
GCP parent project ID |
|
|
no |
|
GCP parent project DNS zone name |
|
|
no |
|
Sets preemptible instance type |
|
|
no |
|
The prefix of the objects’ names |
|
|
no |
|
GCP region where to deploy the cluster |
|
|
no |
|
SSH timeout |
|
|
no |
|
SSH user |
|
|
no |
|
The address prefix to use for the subnet |
|
|
no |
|
Use staging Let’s Encrypt endpoint |
|
|
no |
|
Path to Vault Enterprise license |
|
|
no |
|
Volume size of control plan data disk |
|
|
no |
|
Volume type of data disks |
|
|
no |
|
Volume size of control plan root disk |
|
|
no |
|
Volume type of root disks |
|
|
no |
|
Worker plane instance machine type |
|
|
no |
|
Worker plane service account name, it will be used by Vault Auth method |
|
|
no |
|
Worker instance group map |
|
{ |
no |
|
Worker instance template map |
|
{ |
no |
Outputs¶
Name |
Description |
---|---|
Caravan Application Support tfvars |
|
Caravan Platform tfvars |
|
Caravan Workload tfvars |
|
Let’s Encrypt staging CA certificates |
|
Control plane public IP addresses |
|
Control plane role name |
|
Control plane service accounts email list |
|
n/a |
|
n/a |
|
Hashicorp clusters endpoints |
|
Load Balancer IP address |
|
GCP project ID |
|
Worker plane role name |
|
Worker plane service account |
|
Worker plane service accounts email list |
Cleaning up¶
After terraform destroy -var-file=gcp.tfvars
, for removing left resources and project, run the project-cleanup.sh
script:
./project-cleanup.sh <PROJECT_ID> <PARENT_PROJECT_ID>