The purpose of this module is deploying the Caravan infrastructure upon which the Caravan cluster will reside.
The code will deploy components formed by the following graph.
The project-setup.sh
script help you to create all the necessary requirements to deploy the infrastructure.
./project-setup.sh XXXXXX-YYYYYY-ZZZZZZ 12345678901 admin-project-example project-example-id project-example us-central1
Name | Version |
---|---|
terraform | ~> 0.15.4 |
~> 3.0 |
Name | Version |
---|---|
3.88.0 | |
local | 2.1.0 |
null | 3.1.0 |
random | 3.1.0 |
tls | 3.1.0 |
Name | Source | Version |
---|---|---|
caravan-bootstrap | git::https://github.com/bitrockteam/caravan-bootstrap | refs/tags/v0.2.14 |
cloud_init_control_plane | git::https://github.com/bitrockteam/caravan-cloudinit | refs/tags/v0.1.14 |
cloud_init_worker_plane | git::https://github.com/bitrockteam/caravan-cloudinit | refs/tags/v0.1.14 |
terraform-acme-le | git::https://github.com/bitrockteam/caravan-acme-le | refs/tags/v0.0.11 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
google_account_file | Path to Google account file | string |
n/a | yes |
image | Fully qualified image name | string |
n/a | yes |
project_id | GCP Project ID | string |
n/a | yes |
zone | GCP zone | string |
n/a | yes |
admins | List of admins to add to the project | list(string) |
[] |
no |
allowed_ip_list | IP address list for SSH connection to the VMs | list(string) |
[ |
no |
base64 | Cloud init decoding | bool |
false |
no |
ca_certs | Fake certificates from staging Let's Encrypt | map(object({ |
{ |
no |
consul_license_file | Path to Consul Enterprise license | string |
null |
no |
control_plane_instance_count | Control plane instances number | string |
"3" |
no |
control_plane_machine_type | Control plane instance machine type | string |
"e2-standard-2" |
no |
control_plane_sa_name | Control plane service account name, it will be used by Vault Auth method | string |
"control-plane" |
no |
csi_volumes | Example: { "jenkins" : { "type" : "pd-ssd" "size" : "30" "replica_zones" : ["us-central1-a", "us-central1-b"] "tags" : { "application": "jenkins_master" } } } |
map(map(string)) |
{} |
no |
dc_name | Hashicorp cluster name | string |
"gcp-dc" |
no |
enable_monitoring | Enables and setup monitoring node | bool |
true |
no |
enable_nomad | Enables and setup Nomad cluster | bool |
true |
no |
external_domain | Domain used for endpoints and certs | string |
"" |
no |
google_kms_crypto_key | GCP KMS crypto key | string |
"" |
no |
google_kms_key_ring | GCP KMS key ring | string |
"" |
no |
gzip | Cloud init compressing | bool |
false |
no |
le_production_endpoint | LE's endpoint when use_le_staging==false | string |
"https://acme-v02.api.letsencrypt.org/directory" |
no |
le_staging_endpoint | LE's endpoint when use_le_staging==true | string |
"https://acme-staging-v02.api.letsencrypt.org/directory" |
no |
nomad_license_file | Path to Nomad Enterprise license | string |
null |
no |
parent_dns_project_id | GCP parent project ID | string |
"" |
no |
parent_dns_zone_name | GCP parent project DNS zone name | string |
"GCP" |
no |
preemptible_instance_type | Sets preemptible instance type | bool |
false |
no |
prefix | The prefix of the objects' names | string |
"" |
no |
region | GCP region where to deploy the cluster | string |
"us-central1" |
no |
ssh_timeout | SSH timeout | string |
"240s" |
no |
ssh_user | SSH user | string |
"centos" |
no |
subnet_prefix | The address prefix to use for the subnet | string |
"10.128.0.0/28" |
no |
use_le_staging | Use staging Let's Encrypt endpoint | bool |
false |
no |
vault_license_file | Path to Vault Enterprise license | string |
null |
no |
volume_data_size | Volume size of control plan data disk | number |
20 |
no |
volume_data_type | Volume type of data disks | string |
"pd-balanced" |
no |
volume_root_size | Volume size of control plan root disk | number |
20 |
no |
volume_root_type | Volume type of root disks | string |
"pd-standard" |
no |
worker_plane_machine_type | Worker plane instance machine type | string |
"n2-standard-2" |
no |
worker_plane_sa_name | Worker plane service account name, it will be used by Vault Auth method | string |
"worker-plane" |
no |
workers_groups | Worker instance group map | map(any) |
{ |
no |
workers_instance_templates | Worker instance template map | map(any) |
{ |
no |
Name | Description |
---|---|
PROJECT_APPSUPP_TFVAR | Caravan Application Support tfvars |
PROJECT_PLATFORM_TFVAR | Caravan Platform tfvars |
PROJECT_WORKLOAD_TFVAR | Caravan Workload tfvars |
ca_certs | Let's Encrypt staging CA certificates |
cluster-public-ips | Control plane public IP addresses |
control_plane_role_name | Control plane role name |
control_plane_service_accounts | Control plane service accounts email list |
csi_sa_key | n/a |
csi_volumes | n/a |
hashicorp_endpoints | Hashicorp clusters endpoints |
load-balancer-ip-address | Load Balancer IP address |
project_id | GCP project ID |
worker_plane_role_name | Worker plane role name |
worker_plane_service_account | Worker plane service account |
worker_plane_service_accounts | Worker plane service accounts email list |
After terraform destroy -var-file=gcp.tfvars
, for removing left resources and project, run the project-cleanup.sh
script:
./project-cleanup.sh <PROJECT_ID> <PARENT_PROJECT_ID>