kubernetes_ip_demo/terraform/main.tf

terraform {
  backend "gcs" {
    bucket = "tf-state-4b00"
    prefix = "terraform/deid_test" # TODO: fix this
  }

  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "6.21.0"
    }
    google-beta = {
      source  = "hashicorp/google-beta"
      version = "6.21.0"
    }
    random = {
      source  = "hashicorp/random"
      version = "3.6.2"
    }
  }
}

variable "provider_project" {
  description = "Project ID."
  type        = string
  default     = "terraform-management-427323"
}

variable "region" {
  description = "Region."
  type        = string
  default     = "us-central1"
}

variable "zone" {
  description = "Zone."
  type        = string
  default     = "us-central1-f"
}

variable "public_ingress" {
  description = "Set to true to make the kubernetes ingresses exposed to the public internet."
  type        = bool
  default     = false
}

variable "ingress_type" {
  description = "What controller should we use to handle incoming http(s) connections."
  type        = string
  default     = "gateway"

  validation {
    condition     = contains(["gateway", "nginx"], var.ingress_type)
    error_message = "Must be either \"gateway\" or \"nginx\"."
  }
}

variable "cluster_exists" {
  description = "Set to true after the kubernetes clusters exist to install the kubernetes_manifest resources. See https://github.com/hashicorp/terraform-provider-kubernetes/issues/1775"
  type        = bool
}

variable "quota_email" {
  description = "Contact E-Mail to put on quota increase requests."
  type        = string
  default     = null
}

variable "quota_justification" {
  description = "The reason given to Google for why the quotas need to be increased."
  type        = string
  default     = null
}

variable "ssh_key" {
  description = "SSH key to install on user machine and GKE nodes. Format: username:public key"
  type        = string
  default     = null
}

variable "enable_snat" {
  description = "Whether we should enable source network address translation to the node IP address."
  type        = bool
  default     = false
}

# manual step: enable cloudbilling.googleapis.com in the terraform provider project
# https://console.developers.google.com/apis/api/cloudbilling.googleapis.com/overview?project=terraform-management-427323
provider "google" {
  project               = var.provider_project
  region                = var.region
  zone                  = var.zone
  billing_project       = var.provider_project
  user_project_override = true
}

provider "google-beta" {
  project               = var.provider_project
  region                = var.region
  zone                  = var.zone
  billing_project       = var.provider_project
  user_project_override = true
}

# TODO: Switch to random_string
resource "random_id" "project" {
  byte_length = 4
}

data "google_billing_account" "acct" {
  display_name = "My Billing Account"
  open         = true
}

resource "google_project" "project" {
  name            = "K8s IP Demo"
  project_id      = "k8s-ip-demo-${random_id.project.hex}"
  billing_account = data.google_billing_account.acct.id
  deletion_policy = "DELETE"
}

resource "google_project_service" "service" {
  # "recommender" is for enabling IP utilization metrics for GKE clusters
  project                    = google_project.project.project_id
  for_each                   = toset(["iam", "monitoring", "compute", "container", "logging", "recommender", "cloudquotas"])
  service                    = "${each.key}.googleapis.com"
  disable_dependent_services = true
}
Demonstrate conservative RFC1918 IP address use on GKE. This is a terraform config demonstrating spinning up 14 clusters in only a /26 (64 addresses) to demonstrate the GKE clusters do not need to consume large amounts of RFC1918 IP addresses. 2025-03-15 15:27:42 -04:00			`terraform {`
			`backend "gcs" {`
			`bucket = "tf-state-4b00"`
			`prefix = "terraform/deid_test" # TODO: fix this`
			`}`

			`required_providers {`
			`google = {`
			`source = "hashicorp/google"`
			`version = "6.21.0"`
			`}`
			`google-beta = {`
			`source = "hashicorp/google-beta"`
			`version = "6.21.0"`
			`}`
			`random = {`
			`source = "hashicorp/random"`
			`version = "3.6.2"`
			`}`
			`}`
			`}`

			`variable "provider_project" {`
			`description = "Project ID."`
			`type = string`
			`default = "terraform-management-427323"`
			`}`

			`variable "region" {`
			`description = "Region."`
			`type = string`
			`default = "us-central1"`
			`}`

			`variable "zone" {`
			`description = "Zone."`
			`type = string`
			`default = "us-central1-f"`
			`}`

			`variable "public_ingress" {`
			`description = "Set to true to make the kubernetes ingresses exposed to the public internet."`
			`type = bool`
			`default = false`
			`}`

			`variable "ingress_type" {`
			`description = "What controller should we use to handle incoming http(s) connections."`
			`type = string`
			`default = "gateway"`
Fix support for the nginx ingress controller. 2025-03-22 16:11:04 -04:00
			`validation {`
			`condition = contains(["gateway", "nginx"], var.ingress_type)`
			`error_message = "Must be either \"gateway\" or \"nginx\"."`
			`}`
Demonstrate conservative RFC1918 IP address use on GKE. This is a terraform config demonstrating spinning up 14 clusters in only a /26 (64 addresses) to demonstrate the GKE clusters do not need to consume large amounts of RFC1918 IP addresses. 2025-03-15 15:27:42 -04:00			`}`

			`variable "cluster_exists" {`
			`description = "Set to true after the kubernetes clusters exist to install the kubernetes_manifest resources. See https://github.com/hashicorp/terraform-provider-kubernetes/issues/1775"`
			`type = bool`
			`}`

			`variable "quota_email" {`
			`description = "Contact E-Mail to put on quota increase requests."`
			`type = string`
			`default = null`
			`}`

			`variable "quota_justification" {`
			`description = "The reason given to Google for why the quotas need to be increased."`
			`type = string`
			`default = null`
			`}`

			`variable "ssh_key" {`
			`description = "SSH key to install on user machine and GKE nodes. Format: username:public key"`
			`type = string`
			`default = null`
			`}`

Add explanation for Pod IP addresses. 2025-03-15 16:25:25 -04:00			`variable "enable_snat" {`
			`description = "Whether we should enable source network address translation to the node IP address."`
			`type = bool`
			`default = false`
			`}`

Demonstrate conservative RFC1918 IP address use on GKE. This is a terraform config demonstrating spinning up 14 clusters in only a /26 (64 addresses) to demonstrate the GKE clusters do not need to consume large amounts of RFC1918 IP addresses. 2025-03-15 15:27:42 -04:00			`# manual step: enable cloudbilling.googleapis.com in the terraform provider project`
			`# https://console.developers.google.com/apis/api/cloudbilling.googleapis.com/overview?project=terraform-management-427323`
			`provider "google" {`
			`project = var.provider_project`
			`region = var.region`
			`zone = var.zone`
			`billing_project = var.provider_project`
			`user_project_override = true`
			`}`

			`provider "google-beta" {`
			`project = var.provider_project`
			`region = var.region`
			`zone = var.zone`
			`billing_project = var.provider_project`
			`user_project_override = true`
			`}`

			`# TODO: Switch to random_string`
			`resource "random_id" "project" {`
			`byte_length = 4`
			`}`

			`data "google_billing_account" "acct" {`
			`display_name = "My Billing Account"`
			`open = true`
			`}`

			`resource "google_project" "project" {`
			`name = "K8s IP Demo"`
			`project_id = "k8s-ip-demo-${random_id.project.hex}"`
			`billing_account = data.google_billing_account.acct.id`
			`deletion_policy = "DELETE"`
			`}`

			`resource "google_project_service" "service" {`
			`# "recommender" is for enabling IP utilization metrics for GKE clusters`
			`project = google_project.project.project_id`
			`for_each = toset(["iam", "monitoring", "compute", "container", "logging", "recommender", "cloudquotas"])`
			`service = "${each.key}.googleapis.com"`
			`disable_dependent_services = true`
			`}`