Setting Up a Kubernetes Cluster on GKE Using Terraform
Setting Up a Kubernetes Cluster on GKE Using Terraform
This guide describes how to configure and deploy a Terraform module to set up a GCP network and an autopilot private GKE cluster with a structured and reusable design.
Repository
Terraform GKE Cluster Repository
git clone git@github.com:thomasscothamilton/terraform-google-kubernetes-engine.git
cd terraform-google-kubernetes-engine
Prerequisites
- Install Terraform:
# Download and install Terraform
brew tap hashicorp/tap
brew install hashicorp/tap/terraform
# Verify installation
terraform -v
- Install and Configure Google Cloud SDK:
# Download and install Google Cloud SDK
curl https://sdk.cloud.google.com | bash
# Restart your shell
exec -l $SHELL
# Initialize the SDK
gcloud init
# Verify installation
gcloud version
- Service Account: Create a service account with the necessary permissions for GKE, Networking, and Storage APIs.
# Set your project ID
PROJECT_ID="your-gcp-project-id"
# Create the service account
gcloud iam service-accounts create terraform-sa --display-name "Terraform Service Account"
# Assign roles to the service account
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member "serviceAccount:terraform-sa@$PROJECT_ID.iam.gserviceaccount.com" \
--role "roles/container.admin"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member "serviceAccount:terraform-sa@$PROJECT_ID.iam.gserviceaccount.com" \
--role "roles/compute.admin"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member "serviceAccount:terraform-sa@$PROJECT_ID.iam.gserviceaccount.com" \
--role "roles/storage.admin"
# Create a key for the service account
gcloud iam service-accounts keys create ~/terraform-key.json \
--iam-account terraform-sa@$PROJECT_ID.iam.gserviceaccount.com
- Enable APIs: Ensure the following APIs are enabled:
# Enable Kubernetes Engine API
gcloud services enable container.googleapis.com
# Enable Compute Engine API
gcloud services enable compute.googleapis.com
# Enable Cloud Storage API
gcloud services enable storage.googleapis.com
- Credentials: Export Google Cloud credentials:
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/google-application-credentials.json"
Module Structure
Files
backend.tf: Configures the backend to store Terraform state in a GCS bucket.
versions.tf: Defines Terraform and provider version constraints.
provider.tf: Configures the Google Cloud provider.
variables.tf: Defines input variables for the module.
main.tf: Deploys the GKE cluster using the network module.
network.tf: Sets up the VPC and subnet configurations.
outputs.tf: Exports outputs like cluster endpoint, CA certificate, and network details.
Step 1: Initialize Terraform
Clone the repository containing the Terraform module.
Navigate to the module directory:
cd environments/dev
- Initialize Terraform:
export TF_VAR_project_id="my-gcp-project"
export TF_VAR_region="us-central1"
export TF_VAR_network="my-vpc-network"
export TF_VAR_subnetwork="my-subnet"
# Copy this command:
terraform init
Step 2: Define Input Variables
Create a terraform.tfvars file to provide values for the required variables (project_id and region).
Example terraform.tfvars
project_id = "your-gcp-project-id"
region = "your-region"
Step 3: Plan the Deployment
Generate a plan to review the changes Terraform will apply:
terraform plan -out main.tfplan
Step 4: Apply the Plan
Apply the configuration to deploy the resources:
terraform apply main.tfplan
Step 5: Review Outputs
After deployment, Terraform will display outputs defined in outputs.tf.
Example Outputs * Cluster Endpoint: Used to connect to the Kubernetes cluster. * CA Certificate: Used to authenticate with the cluster. * Network Name: The name of the created VPC.
Key Features
GCP Network Configuration (network.tf)
VPC Creation:
- Creates a custom VPC network.
- Configures subnets with secondary IP ranges for pods and services.
Subnets:
- A primary subnet for cluster nodes.
- A master subnet for GKE private endpoint authentication.
Autopilot Private GKE Cluster (main.tf)
- Creates a GKE cluster with the following features:
- Autopilot mode.
- Private nodes and private endpoints.
- Regional clusters for high availability.
- IP ranges for pods and services.