From 4acb524fc76a53bbf70b01bd8c23b8f6c6a067f3 Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Mon, 13 May 2024 22:59:25 +0000 Subject: [PATCH 1/4] feat(GKE): add reservation sample --- gke/autopilot/reservation/main.tf | 195 +++++++++++++++++++++++++ gke/autopilot/reservation/test.yaml | 20 +++ gke/standard/zonal/reservation/main.tf | 112 ++++++++++++++ 3 files changed, 327 insertions(+) create mode 100644 gke/autopilot/reservation/main.tf create mode 100644 gke/autopilot/reservation/test.yaml create mode 100644 gke/standard/zonal/reservation/main.tf diff --git a/gke/autopilot/reservation/main.tf b/gke/autopilot/reservation/main.tf new file mode 100644 index 00000000..f48a178e --- /dev/null +++ b/gke/autopilot/reservation/main.tf @@ -0,0 +1,195 @@ +/** +* Copyright 2024 Google LLC +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +data "google_client_config" "default" {} + +resource "google_container_cluster" "default" { + name = "gke-autopilot-cluster" + location = "us-central1" + + enable_autopilot = true + + # Set `deletion_protection` to `true` will ensure that one cannot + # accidentally delete this instance by use of Terraform. + deletion_protection = false +} + +# [START gke_autopilot_reservation_specific] +resource "google_compute_reservation" "specific_pod" { + name = "specific-reservation-pod" + zone = "us-central1-a" + + specific_reservation { + count = 1 + + instance_properties { + machine_type = "c3-standard-4-lssd" + + local_ssds { + disk_size_gb = 375 + interface = "NVME" + } + } + } + + specific_reservation_required = true +} +# [END gke_autopilot_reservation_specific] + +# [START gke_autopilot_reservation_specific] +resource "google_compute_reservation" "specific_accelerator" { + name = "specific-reservation-accelerator" + zone = "us-central1-a" + + specific_reservation { + count = 1 + + instance_properties { + #min_cpu_platform = "Intel Cascade Lake" + machine_type = "g2-standard-4" + + guest_accelerators { + accelerator_count = 1 + accelerator_type = "nvidia-l4" + } + } + } + + specific_reservation_required = true +} +# [END gke_autopilot_reservation_specific] + +provider "kubernetes" { + host = "https://${google_container_cluster.default.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(google_container_cluster.default.master_auth[0].cluster_ca_certificate) + + ignore_annotations = [ + "^autopilot\\.gke\\.io\\/.*", + "^cloud\\.google\\.com\\/cluster_autoscaler_.*" + ] +} + +# [START gke_autopilot_reservation_specific_pod] +resource "kubernetes_pod_v1" "default_pod" { + metadata { + name = "specific-same-project-pod" + } + + spec { + node_selector = { + "cloud.google.com/compute-class" = "Performance" + "cloud.google.com/machine-family" = "c3" + "cloud.google.com/reservation-name" = google_compute_reservation.specific_pod.name + "cloud.google.com/reservation-affinity" = "specific" + } + + container { + name = "my-container" + image = "k8s.gcr.io/pause" + + resources { + requests = { + cpu = 2 + memory = "8Gi" + ephemeral-storage = "1Gi" + } + } + + security_context { + allow_privilege_escalation = false + run_as_non_root = false + + capabilities { + add = [] + drop = ["NET_RAW"] + } + } + } + + security_context { + run_as_non_root = false + supplemental_groups = [] + + seccomp_profile { + type = "RuntimeDefault" + } + } + } + + depends_on = [ + google_compute_reservation.specific_pod + ] +} +# [END gke_autopilot_reservation_specific_pod] + +# [START gke_autopilot_reservation_specific_accelerator] +resource "kubernetes_pod_v1" "default_accelerator" { + metadata { + name = "specific-same-project-accelerator" + } + + spec { + node_selector = { + "cloud.google.com/compute-class" = "Accelerator" + "cloud.google.com/gke-accelerator" = "nvidia-l4" + "cloud.google.com/reservation-name" = google_compute_reservation.specific_accelerator.name + "cloud.google.com/reservation-affinity" = "specific" + } + + container { + name = "my-container" + image = "k8s.gcr.io/pause" + + resources { + requests = { + cpu = 2 + memory = "7Gi" + ephemeral-storage = "1Gi" + "nvidia.com/gpu" = 1 + + } + limits = { + "nvidia.com/gpu" = 1 + } + } + + security_context { + allow_privilege_escalation = false + run_as_non_root = false + + capabilities { + add = [] + drop = ["NET_RAW"] + } + } + } + + security_context { + run_as_non_root = false + supplemental_groups = [] + + seccomp_profile { + type = "RuntimeDefault" + } + } + } + + depends_on = [ + google_compute_reservation.specific_accelerator + ] +} +# [END gke_autopilot_reservation_specific_accelerator] diff --git a/gke/autopilot/reservation/test.yaml b/gke/autopilot/reservation/test.yaml new file mode 100644 index 00000000..e1b48e40 --- /dev/null +++ b/gke/autopilot/reservation/test.yaml @@ -0,0 +1,20 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintTest +metadata: + name: gke_autopilot_reservation +spec: + skip: true diff --git a/gke/standard/zonal/reservation/main.tf b/gke/standard/zonal/reservation/main.tf new file mode 100644 index 00000000..9a2a4e20 --- /dev/null +++ b/gke/standard/zonal/reservation/main.tf @@ -0,0 +1,112 @@ +/** +* Copyright 2024 Google LLC +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +# [START gke_standard_zonal_reservation_any_reservation] +resource "google_compute_reservation" "any-reservation" { + name = "any-reservation" + zone = "us-central1-a" + + specific_reservation { + count = 3 + + instance_properties { + machine_type = "e2-medium" + } + } +} +# [END gke_standard_zonal_reservation_any_reservation] + +# [START gke_standard_zonal_reservation_any_cluster] +resource "google_container_cluster" "default" { + name = "gke-standard-zonal-cluster" + location = "us-central1-a" + + initial_node_count = 1 + + node_config { + machine_type = "e2-medium" + + reservation_affinity { + consume_reservation_type = "ANY_RESERVATION" + } + } + + depends_on = [ + google_compute_reservation.any-reservation + ] + + # Set `deletion_protection` to `true` will ensure that one cannot + # accidentally delete this instance by use of Terraform. + deletion_protection = false +} +# [END gke_standard_zonal_reservation_any_cluster] + +# [START gke_standard_zonal_reservation_any_node_pool] +resource "google_container_node_pool" "any-node_pool" { + name = "gke-standard-regional-any-node-pool" + cluster = google_container_cluster.default.name + location = google_container_cluster.default.location + + initial_node_count = 3 + node_config { + machine_type = "e2-medium" + + reservation_affinity { + consume_reservation_type = "ANY_RESERVATION" + } + } +} +# [END gke_standard_zonal_reservation_any_node_pool] + +# [START gke_standard_zonal_reservation_specific_reservation] +resource "google_compute_reservation" "specific-reservation" { + name = "specific-reservation" + zone = "us-central1-a" + + specific_reservation { + count = 1 + + instance_properties { + machine_type = "e2-medium" + } + } + + specific_reservation_required = true +} +# [END gke_standard_zonal_reservation_specific_reservation] + +# [START gke_standard_zonal_reservation_specific_node_pool] +resource "google_container_node_pool" "specific-node-pool" { + name = "gke-standard-regional-specific-node-pool" + cluster = google_container_cluster.default.name + location = google_container_cluster.default.location + + initial_node_count = 1 + node_config { + machine_type = "e2-medium" + + reservation_affinity { + consume_reservation_type = "SPECIFIC_RESERVATION" + key = "compute.googleapis.com/reservation-name" + values = [google_compute_reservation.specific-reservation.name] + } + } + + depends_on = [ + google_compute_reservation.specific-reservation + ] +} +# [END gke_standard_zonal_reservation_specific_node_pool] From b806be92a30161ec604375f5c277f64afbcab861 Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Wed, 15 May 2024 15:14:10 +0000 Subject: [PATCH 2/4] fix typos --- gke/autopilot/reservation/main.tf | 10 +++++----- gke/standard/zonal/reservation/main.tf | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/gke/autopilot/reservation/main.tf b/gke/autopilot/reservation/main.tf index f48a178e..d3f15e7a 100644 --- a/gke/autopilot/reservation/main.tf +++ b/gke/autopilot/reservation/main.tf @@ -18,7 +18,7 @@ data "google_client_config" "default" {} resource "google_container_cluster" "default" { name = "gke-autopilot-cluster" - location = "us-central1" + location = "us-central1-a" enable_autopilot = true @@ -27,7 +27,7 @@ resource "google_container_cluster" "default" { deletion_protection = false } -# [START gke_autopilot_reservation_specific] +# [START gke_autopilot_reservation_specific_reservation] resource "google_compute_reservation" "specific_pod" { name = "specific-reservation-pod" zone = "us-central1-a" @@ -47,9 +47,9 @@ resource "google_compute_reservation" "specific_pod" { specific_reservation_required = true } -# [END gke_autopilot_reservation_specific] +# [END gke_autopilot_reservation_specific_reservation] -# [START gke_autopilot_reservation_specific] +# [START gke_autopilot_reservation_specific_cluster] resource "google_compute_reservation" "specific_accelerator" { name = "specific-reservation-accelerator" zone = "us-central1-a" @@ -70,7 +70,7 @@ resource "google_compute_reservation" "specific_accelerator" { specific_reservation_required = true } -# [END gke_autopilot_reservation_specific] +# [END gke_autopilot_reservation_specific_cluster] provider "kubernetes" { host = "https://${google_container_cluster.default.endpoint}" diff --git a/gke/standard/zonal/reservation/main.tf b/gke/standard/zonal/reservation/main.tf index 9a2a4e20..051e6882 100644 --- a/gke/standard/zonal/reservation/main.tf +++ b/gke/standard/zonal/reservation/main.tf @@ -56,7 +56,7 @@ resource "google_container_cluster" "default" { # [START gke_standard_zonal_reservation_any_node_pool] resource "google_container_node_pool" "any-node_pool" { - name = "gke-standard-regional-any-node-pool" + name = "gke-standard-zonal-any-node-pool" cluster = google_container_cluster.default.name location = google_container_cluster.default.location @@ -90,7 +90,7 @@ resource "google_compute_reservation" "specific-reservation" { # [START gke_standard_zonal_reservation_specific_node_pool] resource "google_container_node_pool" "specific-node-pool" { - name = "gke-standard-regional-specific-node-pool" + name = "gke-standard-zonal-specific-node-pool" cluster = google_container_cluster.default.name location = google_container_cluster.default.location From 3d413485524a7f814c788a97962c0d763633cb44 Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Wed, 15 May 2024 10:05:49 -0700 Subject: [PATCH 3/4] Update main.tf --- gke/autopilot/reservation/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gke/autopilot/reservation/main.tf b/gke/autopilot/reservation/main.tf index d3f15e7a..385a365a 100644 --- a/gke/autopilot/reservation/main.tf +++ b/gke/autopilot/reservation/main.tf @@ -18,7 +18,7 @@ data "google_client_config" "default" {} resource "google_container_cluster" "default" { name = "gke-autopilot-cluster" - location = "us-central1-a" + location = "us-central1" enable_autopilot = true From 7eb813875a69f3a72aa0154c4929d50029583cd3 Mon Sep 17 00:00:00 2001 From: Katie McLaughlin Date: Thu, 16 May 2024 10:27:50 +1000 Subject: [PATCH 4/4] style: resource names should use underscores --- gke/standard/zonal/reservation/main.tf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/gke/standard/zonal/reservation/main.tf b/gke/standard/zonal/reservation/main.tf index 051e6882..463c1c4d 100644 --- a/gke/standard/zonal/reservation/main.tf +++ b/gke/standard/zonal/reservation/main.tf @@ -15,7 +15,7 @@ */ # [START gke_standard_zonal_reservation_any_reservation] -resource "google_compute_reservation" "any-reservation" { +resource "google_compute_reservation" "any_reservation" { name = "any-reservation" zone = "us-central1-a" @@ -45,7 +45,7 @@ resource "google_container_cluster" "default" { } depends_on = [ - google_compute_reservation.any-reservation + google_compute_reservation.any_reservation ] # Set `deletion_protection` to `true` will ensure that one cannot @@ -55,7 +55,7 @@ resource "google_container_cluster" "default" { # [END gke_standard_zonal_reservation_any_cluster] # [START gke_standard_zonal_reservation_any_node_pool] -resource "google_container_node_pool" "any-node_pool" { +resource "google_container_node_pool" "any_node_pool" { name = "gke-standard-zonal-any-node-pool" cluster = google_container_cluster.default.name location = google_container_cluster.default.location @@ -72,7 +72,7 @@ resource "google_container_node_pool" "any-node_pool" { # [END gke_standard_zonal_reservation_any_node_pool] # [START gke_standard_zonal_reservation_specific_reservation] -resource "google_compute_reservation" "specific-reservation" { +resource "google_compute_reservation" "specific_reservation" { name = "specific-reservation" zone = "us-central1-a" @@ -89,7 +89,7 @@ resource "google_compute_reservation" "specific-reservation" { # [END gke_standard_zonal_reservation_specific_reservation] # [START gke_standard_zonal_reservation_specific_node_pool] -resource "google_container_node_pool" "specific-node-pool" { +resource "google_container_node_pool" "specific_node_pool" { name = "gke-standard-zonal-specific-node-pool" cluster = google_container_cluster.default.name location = google_container_cluster.default.location @@ -101,12 +101,12 @@ resource "google_container_node_pool" "specific-node-pool" { reservation_affinity { consume_reservation_type = "SPECIFIC_RESERVATION" key = "compute.googleapis.com/reservation-name" - values = [google_compute_reservation.specific-reservation.name] + values = [google_compute_reservation.specific_reservation.name] } } depends_on = [ - google_compute_reservation.specific-reservation + google_compute_reservation.specific_reservation ] } # [END gke_standard_zonal_reservation_specific_node_pool]