Initial implementation of the base platform (#24)

Author: arueth

.gitignore

@@ -1,4 +1,5 @@
 # IDEs
+.vscode/
 *.code-workspace
 
 # Python
@@ -7,6 +8,7 @@ __pycache__/
 venv/
 
 # Terraform
+**/tfplan
 *.terraform/
 *.terraform-*/
 *.terraform.lock.hcl

platforms/gke/base/README.md

@@ -0,0 +1 @@
+# Base GKE Accelerated Platform

platforms/gke/base/_shared_config/cluster.auto.tfvars

@@ -0,0 +1,13 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

platforms/gke/base/_shared_config/cluster_variables.tf

@@ -0,0 +1,157 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Configuration dependencies
+# - shared_config/platform_variables.tf
+#
+
+locals {
+  cluster_credentials_command_private = "gcloud container clusters get-credentials ${local.cluster_name} --internal-ip --location ${var.cluster_region} --project ${var.cluster_project_id}"
+  cluster_credentials_command_public  = "gcloud container clusters get-credentials ${local.cluster_name} --location ${var.cluster_region} --project ${var.cluster_project_id}"
+  cluster_credentials_command_gke     = var.cluster_enable_private_endpoint ? local.cluster_credentials_command_private : local.cluster_credentials_command_public
+  cluster_credentials_command_gkee    = "gcloud container fleet memberships get-credentials ${local.cluster_name} --project ${var.cluster_project_id}"
+  cluster_credentials_command         = var.cluster_use_connect_gateway ? local.cluster_credentials_command_gkee : local.cluster_credentials_command_gke
+  cluster_name                        = local.unique_identifier_prefix
+
+  kubeconfig_directory = abspath("${path.module}/../kubeconfig")
+  kubeconfig_file      = abspath("${local.kubeconfig_directory}/${var.cluster_project_id}-${local.unique_identifier_prefix}")
+}
+
+variable "cluster_binary_authorization_evaluation_mode" {
+  default     = "DISABLED"
+  description = "Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE."
+  type        = string
+
+  validation {
+    condition = contains(
+      [
+        "DISABLED",
+        "PROJECT_SINGLETON_POLICY_ENFORCE",
+      ],
+      var.cluster_binary_authorization_evaluation_mode
+    )
+    error_message = "'cluster_binary_authorization_evaluation_mode' value is invalid"
+  }
+}
+
+variable "cluster_confidential_nodes_enabled" {
+  default     = false
+  description = "Enable Confidential GKE Nodes for this node pool, to enforce encryption of data in-use"
+  type        = bool
+}
+
+variable "cluster_database_encryption_state" {
+  default     = "DECRYPTED"
+  description = "The desired state of etcd encryption. ENCRYPTED or DECRYPTED"
+  type        = string
+
+  validation {
+    condition = contains(
+      [
+        "DECRYPTED",
+        "ENCRYPTED",
+      ],
+      var.cluster_database_encryption_state
+    )
+    error_message = "'cluster_database_encryption_state' value is invalid"
+  }
+}
+
+variable "cluster_database_encryption_key_name" {
+  default     = null
+  description = "Name of CloudKMS key to use for the encryption of secrets in etcd. Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
+  type        = string
+}
+
+variable "cluster_enable_private_endpoint" {
+  default     = true
+  description = "When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. This field only applies to private clusters, when enable_private_nodes is true."
+  type        = bool
+}
+
+variable "cluster_gateway_api_config_channel" {
+  default     = "CHANNEL_STANDARD"
+  description = "Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD"
+  type        = string
+
+  validation {
+    condition = contains(
+      [
+        "CHANNEL_DISABLED",
+        "CHANNEL_EXPERIMENTAL",
+        "CHANNEL_STANDARD",
+      ],
+      var.cluster_gateway_api_config_channel
+    )
+    error_message = "'cluster_gateway_api_config_channel' value is invalid"
+  }
+}
+
+variable "cluster_gpu_driver_version" {
+  default     = "LATEST"
+  description = "Mode for how the GPU driver is installed."
+  type        = string
+
+  validation {
+    condition = contains(
+      [
+        "DEFAULT",
+        "GPU_DRIVER_VERSION_UNSPECIFIED",
+        "INSTALLATION_DISABLED",
+        "LATEST"
+      ],
+      var.cluster_gpu_driver_version
+    )
+    error_message = "'gpu_driver_version' value is invalid"
+  }
+}
+
+variable "cluster_master_global_access_enabled" {
+  default     = false
+  description = "Whether the cluster master is accessible globally or not."
+  type        = bool
+}
+
+variable "cluster_project_id" {
+  description = "The GCP project where the cluster resources will be created"
+  type        = string
+
+  validation {
+    condition     = var.cluster_project_id != ""
+    error_message = "'cluster_project_id' was not set, please set the value in the mlp.auto.tfvars file"
+  }
+}
+
+variable "cluster_region" {
+  default     = "us-central1"
+  description = "Region where cluster resources will be created."
+  type        = string
+
+  validation {
+    condition = contains(
+      [
+        "us-central1",
+        "us-east4",
+      ],
+    var.cluster_region)
+    error_message = "'cluster_region' must be one of ['us-central1', 'us-east4']"
+  }
+}
+
+variable "cluster_use_connect_gateway" {
+  default     = true
+  description = "UsevConnect gateway to connect to the cluster, require GKE Enterprise."
+  type        = bool
+}

platforms/gke/base/_shared_config/initialize.auto.tfvars

@@ -0,0 +1,13 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

platforms/gke/base/_shared_config/initialize_variables.tf

@@ -0,0 +1,18 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Configuration dependencies
+# - shared_config/platform_variables.tf
+#

platforms/gke/base/_shared_config/networking.auto.tfvars

@@ -0,0 +1,13 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

platforms/gke/base/_shared_config/networking_variables.tf

@@ -0,0 +1,47 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Configuration dependencies
+# - shared_config/platform_variables.tf
+#
+
+locals {
+  network_name    = var.network_name != null ? var.network_name : local.unique_identifier_prefix
+  subnetwork_name = var.subnetwork_name != null ? var.subnetwork_name : local.unique_identifier_prefix
+}
+
+variable "dynamic_routing_mode" {
+  default     = "GLOBAL"
+  description = "VPC dynamic routing mode"
+  type        = string
+}
+
+variable "network_name" {
+  default     = null
+  description = "Name of the VPC network"
+  type        = string
+}
+
+variable "subnet_cidr_range" {
+  default     = "10.40.0.0/22"
+  description = "CIDR range for the regional subnet"
+  type        = string
+}
+
+variable "subnetwork_name" {
+  default     = null
+  description = "Name of the regional subnet"
+  type        = string
+}

platforms/gke/base/_shared_config/outputs.tf

@@ -0,0 +1,41 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+output "cluster_name" {
+  value = local.cluster_name
+}
+
+output "cluster_project_id" {
+  value = var.cluster_project_id
+}
+
+output "platform_name" {
+  value = var.platform_name
+}
+
+output "terraform_bucket_name" {
+  value = local.terraform_bucket_name
+}
+
+output "terraform_project_id" {
+  value = var.terraform_project_id
+}
+
+output "resource_name_prefix" {
+  value = var.resource_name_prefix
+}
+
+output "unique_identifier_prefix" {
+  value = local.unique_identifier_prefix
+}

platforms/gke/base/_shared_config/platform.auto.tfvars

@@ -0,0 +1,13 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

platforms/gke/base/_shared_config/platform_variables.tf

@@ -0,0 +1,34 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Configuration dependencies
+# - shared_config/platform_variables.tf
+#
+
+locals {
+  unique_identifier_prefix = "${var.resource_name_prefix}-${var.platform_name}"
+}
+
+variable "platform_name" {
+  default     = "dev"
+  description = "Name of the environment"
+  type        = string
+}
+
+variable "resource_name_prefix" {
+  default     = "acp"
+  description = "The prefix to add before each resource's name"
+  type        = string
+}