support to create a new vpc and improve this module

Author: xiaozhu36

.gitignore

@@ -9,3 +9,4 @@
 *.tfvars
 crash.log
 .idea/
+terraform.log

CHANGELOG.md

@@ -0,0 +1,9 @@
+## 1.1.0 (Unreleased)
+## 1.0.0 (December 3, 2019)
+
+IMPROVEMENTS:
+
+- support to create a new vpc and improve this module [GH-3](https://github.com/terraform-alicloud-modules/terraform-alicloud-managed-kubernetes/pull/3)
+- add managed kubernetes module [GH-1](https://github.com/terraform-alicloud-modules/terraform-alicloud-managed-kubernetes/pull/1)
+
+

README.md

@@ -1,17 +1,18 @@
-Alibaba Cloud terraform example for kubernetes cluster
+Alibaba Cloud Managed Kubernetes Cluster Module  
+terraform-alicloud-managed-kubernetes
 ======================================================
 
-A terraform example to launching a kubernetes cluster in alibaba cloud.
+A terraform module used to launch a managed kubernetes cluster on Alibaba Cloud.
 
 These types of the module resource are supported:
 
 - [VPC](https://www.terraform.io/docs/providers/alicloud/r/vpc.html)
-- [Subnet](https://www.terraform.io/docs/providers/alicloud/r/vswitch.html)
-- [ECS Instance](https://www.terraform.io/docs/providers/alicloud/r/instance.html)
-- [Security Group](https://www.terraform.io/docs/providers/alicloud/r/security_group.html)
+- [VSwitch](https://www.terraform.io/docs/providers/alicloud/r/vswitch.html)
+- [EIP](https://www.terraform.io/docs/providers/alicloud/r/eip.html)
 - [Nat Gateway](https://www.terraform.io/docs/providers/alicloud/r/nat_gateway.html)
-- [ManagedKubernetes](https://www.terraform.io/docs/providers/alicloud/r/cs_managed_kubernetes.html)
-
+- [Snat](https://www.terraform.io/docs/providers/alicloud/r/snat.html)
+- [SLS Project](https://www.terraform.io/docs/providers/alicloud/r/log_project.html)
+- [Managed Kubernetes](https://www.terraform.io/docs/providers/alicloud/r/cs_managed_kubernetes.html)
 
 Usage
 -----
@@ -22,69 +23,126 @@ This example can specify the following arguments to create user-defined kubernte
 * region: The ID of region in which launching resources
 * k8s_name_prefix: The name prefix of kubernetes cluster
 * worker_number: The number of worker nodes in each kubernetes cluster
-* k8s_pod_cidr: The kubernetes pod cidr block. It cannot be equals to vpc's or vswitch's and cannot be in them. If vpc's cidr block is `172.16.XX.XX/XX`,
-it had better to `192.168.XX.XX/XX` or `10.XX.XX.XX/XX`
+* k8s_pod_cidr: The kubernetes pod cidr block. It cannot be equals to vpc's or vswitch's and cannot be in them. 
 * k8s_service_cidr: The kubernetes service cidr block. Its setting rule is same as `k8s_pod_cidr`
 * Other kubernetes cluster arguments
 
-**Note:** In order to avoid some needless error, you had better to set `new_nat_gateway` to `true`.
-Otherwise, you must you must ensure you specified vswitches can access internet before running the example.
-
-Planning phase
-
-    terraform plan
-
-Apply phase
-
-	terraform apply
-
-
-Destroy
-
-    terraform destroy
-
-
-Conditional creation
---------------------
-This example can support the following creating kubernetes cluster scenario by setting different arguments.
-
-### 1. Create a new vpc, vswitches and nat gateway for the cluster.
-
-You can specify the following user-defined arguments:
-
-* vpc_name: A new vpc name
-* vpc_cidr: A new vpc cidr block
-* vswitch_name_prefix: The name prefix of several vswitches
-* vswitch_cidrs: List of cidr blocks for several new vswitches
-
-### 2. Using existing vpc and vswitches for the cluster.
-
-You can specify the following user-defined arguments:
-
-* vpc_id: A existing vpc ID
-* vswitch_ids: List of IDs for several existing vswitches
-
-### 3. Using existing vpc, vswitches and nat gateway for the cluster.
-
-You can specify the following user-defined arguments:
-
-* vpc_id: A existing vpc ID
-* vswitch_ids: List of IDs for several existing vswitches
-* new_nat_gateway: Set it to false. But you must ensure you specified vswitches can access internet.
-In other words, you must set snat entry for each vswitch before running the example.
+Usage
+-----
 
+This module used to create a managed kubernetes and it can meet several scenarios by specifying different parameters.
+
+1. Create a new vpc, several new vswitches and a new nat gateway for the cluster.
+    ```hcl
+    // Create a scaling group using autoscaling module at first.
+    module "managed-k8s" {
+      source             = "terraform-alicloud-modules/managed-kubernetes/alicloud"
+      profile            = "Your-profile-name"
+      
+      k8s_name_prefix = "my-managed-k8s-with-new-vpc"
+      new_vpc         = true
+      vpc_cidr        = "192.168.0.0/16"
+      vswitch_cidrs   = [
+        "192.168.1.0/24",
+        "192.168.2.0/24",
+        "192.168.3.0/24",
+        "192.168.4.0/24",
+      ]
+    }
+    ```
+
+  In this scenario, the module will create a new vpc with `vpc_cidr`, several vswitches with `vswitch_cidrs`, a new nat gateway, 
+  a new EIP with `new_eip_bandwidth` and several snat entries for vswitches.
+  
+1. Using existing vpc and vswitches by specifying `vswitch_ids`. Setting `new_nat_gateway=true` to add a new nat gateway in the vswitches' vpc.
+    ```hcl
+    // Create a scaling group using autoscaling module at first.
+    module "managed-k8s" {
+      source             = "terraform-alicloud-modules/managed-kubernetes/alicloud"
+      profile            = "Your-profile-name"
+      
+      k8s_name_prefix = "my-managed-k8s-with-new-vpc"
+      new_vpc         = false
+      vswitch_ids     = [
+        "vsw-12345678",
+        "vsw-09876537"
+      ]
+      new_nat_gateway = true
+    }
+    ```
+ 
+  In this scenario, if setting `new_nat_gateway=false`, you should ensure the specified vswitches can access internet.
+  In other words, the specified vpc has a nat gateway and there are several snat entries to bind the vswitches and a EIP.
+  
+**NOTE:** This module using AccessKey and SecretKey are from `profile` and `shared_credentials_file`.
+If you have not set them yet, please install [aliyun-cli](https://github.com/aliyun/aliyun-cli#installation) and configure it.
+
+## Conditional creation
+
+This moudle can set [sls project](https://www.terraform.io/docs/providers/alicloud/r/log_project.html) config for this module
+
+1. Create a new sls project with `new_sls_project`:
+    ```hcl
+    new_sls_project = true
+    ```
+
+1. Using existing sls project with `sls_project_name`:
+    ```hcl
+    sls_project_name = "Your-sls-project-name"
+    ```
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| region  | The region ID used to launch this module resources. If not set, it will be sourced from followed by ALICLOUD_REGION environment variable and profile | string  | ''  | no  |
+| profile  | The profile name as set in the shared credentials file. If not set, it will be sourced from the ALICLOUD_PROFILE environment variable. | string  | ''  | no  |
+| shared_credentials_file  | This is the path to the shared credentials file. If this is not set and a profile is specified, $HOME/.aliyun/config.json will be used. | string  | ''  | no  |
+| skip_region_validation  | Skip static validation of region ID. Used by users of alternative AlibabaCloud-like APIs or users w/ access to regions that are not public (yet). | bool  | false | no  |
+| new_vpc  | Create a new vpc for this module  | string  | false | no  |
+| vpc_cidr  | The cidr block used to launch a new vpc | string  | "192.168.0.0/16"  | no  |
+| vswitch_ids  | List Ids of existing vswitch  | string  | []  | yes  |
+| vswitch_cidrs  | List cidr blocks used to create several new vswitches when 'new_vpc' is true | string  | ["192.168.1.0/24"]  | yes  |
+| availability_zones | List available zone ids used to create several new vswitches when 'vswitch_ids' is not specified. If not set, data source `alicloud_zones` will return one automatically. | list | [] | no |
+| new_eip_bandwidth | The bandwidth used to create a new EIP when 'new_vpc' is true | int | 50 | no |
+| new_nat_gateway | Seting it to true can create a new nat gateway automatically in a existing VPC. If 'new_vpc' is true, it will be ignored | bool | false|
+| cpu_core_count | CPU core count is used to fetch instance types | int | 1 | no |
+| memory_size | Memory size used to fetch instance types | int | 2 | no |
+| worker_instance_types | The ecs instance type used to launch worker nodes. If not set, data source `alicloud_instance_types` will return one based on `cpu_core_count` and `memory_size` | list | ["ecs.n4.xlarge"] | no |
+| worker_disk_category | The system disk category used to launch one or more worker nodes| string | "cloud_efficiency" | no |
+| worker_disk_size | The system disk size used to launch one or more worker nodes| int | 40 |no |
+| ecs_password | The password of work nodes | string | "Abc12345" | no |
+| worker_number | The number of kubernetes cluster work nodes | int | 2 | no |
+| k8s_name_prefix | The name prefix used to create managed kubernetes cluster | string | "terraform-alicloud-managed-kubernetes" | no |
+| k8s_pod_cidr | The kubernetes pod cidr block. It cannot be equals to vpc's or vswitch's and cannot be in them. If vpc's cidr block is `172.16.XX.XX/XX`, it had better to `192.168.XX.XX/XX` or `10.XX.XX.XX/XX` | string | "172.20.0.0/16" | no |
+| k8s_service_cidr | The kubernetes service cidr block. It cannot be equals to vpc's or vswitch's or pod's and cannot be in them. Its setting rule is same as `k8s_pod_cidr` | string | "172.21.0.0/20" | no |
+| cluster_network_type | Network type, valid options are `flannel` and `terway` | string | "flannel" | no |
+| new_sls_project | Create a new sls project for this module | bool | false | no |
+| sls_project_name | Specify a existing sls project for this module | string | "" | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| this_k8s_id | The ID of managed kubernetes cluster |
+| this_k8s_name | The name of managed kubernetes cluster |
+| this_k8s_nodes | List worker nodes of managed kubernetes cluster |
+| this_vpc_id  | The ID of VPC  |
+| this_vswitch_ids  | List Ids of vswitches  |
+| this_security_group_id  | ID of the Security Group used to deploy kubernetes cluster  |
+| this_sls_project_name  | The sls project name used to configure cluster |
 
 Terraform version
 -----------------
-Terraform version 0.11.0 or newer and Provider version 1.57.2 or newer are required for this example to work.
+Terraform version 0.12.0 or newer and Provider version 1.57.2 or newer are required for this example to work.
 
 Authors
 -------
-Created and maintained by Meng Xiaobing(@menglingwei, menglingwei@gmail.com)
+Created and maintained by Meng Xiaobing(@menglingwei, menglingwei@gmail.com, @xiaozhu36, heguimin36@163.com)
 
 License
 -------
-Mozilla Public License 2.0. See LICENSE for full details.
+Apache 2 Licensed. See LICENSE for full details.
 
 Reference
 ---------

locals.tf

@@ -0,0 +1,14 @@
+locals {
+  k8s_name     = substr(join("-", [var.k8s_name_prefix, "", random_uuid.this.result]), 0, 63)
+  new_vpc_name = "for-${local.k8s_name}"
+  new_vpc_tags = {
+    Created = "Terraform"
+    For     = "modules/terraform-alicloud-managed-kubernetes"
+    K8s     = local.k8s_name
+  }
+  vswitch_ids    = length(var.vswitch_ids) > 0 ? var.vswitch_ids : alicloud_vswitch.new.*.id
+  sls_project    = var.sls_project_name == "" ? alicloud_log_project.new.0.id : var.sls_project_name
+  instance_types = length(var.worker_instance_types) > 0 ? var.worker_instance_types : [data.alicloud_instance_types.default.ids.0]
+}
+
+resource "random_uuid" "this" {}

main.tf

@@ -1,106 +1,36 @@
 // Provider specific configs
 provider "alicloud" {
-  version              = ">=1.57.2"
-  region               = var.region != "" ? var.region : null
-  configuration_source = "terraform-alicloud-modules/kubernetes"
+  version                 = ">=1.57.2"
+  profile                 = var.profile != "" ? var.profile : null
+  shared_credentials_file = var.shared_credentials_file != "" ? var.shared_credentials_file : null
+  region                  = var.region != "" ? var.region : null
+  skip_region_validation  = var.skip_region_validation
+  configuration_source    = "terraform-alicloud-modules/managed-kubernetes"
 }
 
-// Instance_types data source for instance_type
-data "alicloud_instance_types" "default" {
-  cpu_core_count = var.cpu_core_count
-  memory_size    = var.memory_size
-}
-
-// Zones data source for availability_zone
-data "alicloud_zones" "default" {
-  available_instance_type = data.alicloud_instance_types.default.instance_types[0].id
-}
-
-// If there is not specifying vpc_id, the module will launch a new vpc
-resource "alicloud_vpc" "vpc" {
-  count      = var.vpc_id == "" ? 1 : 0
-  cidr_block = var.vpc_cidr
-  name       = var.vpc_name == "" ? var.example_name : var.vpc_name
-}
-
-// According to the vswitch cidr blocks to launch several vswitches
-resource "alicloud_vswitch" "vswitches" {
-  count             = length(var.vswitch_ids) > 0 ? 0 : length(var.vswitch_cidrs)
-  vpc_id            = var.vpc_id == "" ? join("", alicloud_vpc.vpc.*.id) : var.vpc_id
-  cidr_block        = var.vswitch_cidrs[count.index]
-  availability_zone = data.alicloud_zones.default.zones[count.index % length(data.alicloud_zones.default.zones)]["id"]
-  name = var.vswitch_name_prefix == "" ? format(
-  "%s-%s",
-  var.example_name,
-  format(var.number_format, count.index + 1),
-  ) : format(
-  "%s-%s",
-  var.vswitch_name_prefix,
-  format(var.number_format, count.index + 1),
-  )
-}
-
-resource "alicloud_nat_gateway" "default" {
-  count  = var.new_nat_gateway == "true" ? 1 : 0
-  vpc_id = var.vpc_id == "" ? join("", alicloud_vpc.vpc.*.id) : var.vpc_id
-  name   = var.example_name
-}
-
-resource "alicloud_eip" "default" {
-  count     = var.new_nat_gateway == "true" ? 1 : 0
-  bandwidth = 100
-}
-
-resource "alicloud_eip_association" "default" {
-  count         = var.new_nat_gateway == "true" ? 1 : 0
-  allocation_id = alicloud_eip.default[0].id
-  instance_id   = alicloud_nat_gateway.default[0].id
-}
-
-resource "alicloud_snat_entry" "default" {
-  count         = var.new_nat_gateway == "false" ? 0 : length(var.vswitch_ids) > 0 ? length(var.vswitch_ids) : length(var.vswitch_cidrs)
-  snat_table_id = alicloud_nat_gateway.default[0].snat_table_ids
-  source_vswitch_id = length(var.vswitch_ids) > 0 ? split(",", join(",", var.vswitch_ids))[count.index % length(split(",", join(",", var.vswitch_ids)))] : length(var.vswitch_cidrs) < 1 ? "" : split(",", join(",", alicloud_vswitch.vswitches.*.id))[count.index % length(split(",", join(",", alicloud_vswitch.vswitches.*.id)))]
-  snat_ip = alicloud_eip.default[0].ip_address
-}
-
-resource "alicloud_log_project" "log" {
-  name    = var.k8s_name_prefix == "" ? format(
-  "%s-managed-sls",
-  var.example_name,
-  ) : format(
-  "%s-managed-sls",
-  var.k8s_name_prefix,
-  )
+resource "alicloud_log_project" "new" {
+  count       = var.new_sls_project == true ? 1 : 0
+  name        = "for-${local.k8s_name}"
   description = "created by terraform for managedkubernetes cluster"
 }
 
-resource "alicloud_cs_managed_kubernetes" "k8s" {
-  count = 1
-  name = var.k8s_name_prefix == "" ? format(
-  "%s-%s",
-  var.example_name,
-  format(var.number_format, count.index + 1),
-  ) : format(
-  "%s-%s",
-  var.k8s_name_prefix,
-  format(var.number_format, count.index + 1),
-  )
-  vswitch_ids = [length(var.vswitch_ids) > 0 ? split(",", join(",", var.vswitch_ids))[count.index%length(split(",", join(",", var.vswitch_ids)))] : length(var.vswitch_cidrs) < 1 ? "" : split(",", join(",", alicloud_vswitch.vswitches.*.id))[count.index%length(split(",", join(",", alicloud_vswitch.vswitches.*.id)))]]
-  new_nat_gateway       = false
+resource "alicloud_cs_managed_kubernetes" "this" {
+  count                 = length(local.vswitch_ids) > 0 ? 1 : 0
+  name                  = local.k8s_name
+  vswitch_ids           = local.vswitch_ids
+  new_nat_gateway       = var.new_vpc == true ? false : var.new_nat_gateway
   worker_disk_category  = var.worker_disk_category
   password              = var.ecs_password
   pod_cidr              = var.k8s_pod_cidr
   service_cidr          = var.k8s_service_cidr
-  slb_internet_enabled            = true
+  slb_internet_enabled  = true
   install_cloud_monitor = true
   cluster_network_type  = var.cluster_network_type
-
-  depends_on = [alicloud_snat_entry.default]
   worker_instance_types = var.worker_instance_types
-  worker_number = var.worker_number
+  worker_number         = var.worker_number
   log_config {
-    type = "SLS"
-    project = alicloud_log_project.log.name
+    type    = local.sls_project == "" ? null : "SLS"
+    project = local.sls_project == "" ? null : local.sls_project
   }
+  depends_on = [alicloud_snat_entry.new]
 }