Skip to content

Latest commit

 

History

History
104 lines (84 loc) · 7.29 KB

README.md

File metadata and controls

104 lines (84 loc) · 7.29 KB

GCP Nomad Clients

This is a simple Terraform module to create Nomad clients for your CircleCI server application on Google Cloud Platform.

Usage

A basic example is as simple as this:

provider "google-beta" {
  project = "<< GCP project id >>"
  region  = "<< GCP compute region to deploy nomad clients >>""
  zone    = "<< GCP compute zone to deploy nomad clients >>""
}

module "nomad_clients" {
  # We strongly recommend pinning the version using ref=<<release tag>> as is done here
  source = "git::https://github.com/CircleCI-Public/server-terraform.git//nomad-gcp?ref=4.0.0"

  zone            = "<< GCP compute zone to deploy nomad clients >>"
  region          = "<< GCP compute region to deploy nomad clients >>"
  network         = "default"
  server_endpoint = "<< Hostname of server installation >>"
  name            = "<< name prefix of nomad clients >>
}

output "module" {
  value = module.nomad_clients
}

There are more examples in the examples directory.

Requirements

Name Version
google ~> 3.0

Providers

Name Version
google ~> 3.0

Modules

Name Source Version
tls ./../shared/modules/tls

Resources

Name
google_compute_autoscaler
google_compute_firewall
google_compute_image
google_compute_instance_group_manager
google_compute_instance_template
google_compute_target_pool
google_workload_identity

Inputs

Name Description Type Default Required
assign_public_ip Assign public IP bool true no
autoscaling_mode Autoscaler mode. Can be
- "ON": Autoscaler will scale up and down to reach cpu target and react to cron schedules
- "OFF": Autoscaler will never scale up or down
- "ONLY_UP": Autoscaler will only scale up (default)
Warning: jobs may be interrupted on scale down. Only select "ON" if
interruptions are acceptible for your use case.		 string "ONLY_UP" no
autoscaling_schedules Autoscaler scaling schedules. Accepts the same arguments are documented
upstream here: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_autoscaler#scaling_schedules		 
list(object({
    name                  = string
    min_required_replicas = number
    schedule              = string
    time_zone             = string
    duration_sec          = number
    disabled              = bool
    description           = string
  }))
 [] no
blocked_cidrs List of CIDR blocks to block access to from inside nomad jobs list(string) [] no
docker_network_cidr CIDR block to use in Docker Network, Should not be same as subnetworks CIDR string 10.10.0.0/16 no
disk_size_gb Root disk size in GB number 300 no
disk_type Root disk type. Can be 'pd-standard', 'pd-ssd', 'pd-balanced' or 'local-ssd' string "pd-ssd" no
machine_type Instance type for nomad clients. The machine type must be large enough to fit the resource classes required. Choosing smaller instance types is an opportunity for cost savings. string "n2d-standard-8" no
max_replicas Max number of nomad clients when scaled up number 4 no
min_replicas Minimum number of nomad clients when scaled down number 1 no
name VM instance name for nomad client string "nomad" no
network Network to deploy nomad clients into. If you are using a shared vpc, provide the network endpoint rather than the name string "default" no
subnetwork Subnetwork to deploy nomad clients into. This is required if using custom subnets or a shared vpc. If you are using a shared vpc, provide the subnetwork endpoint rather than the name string "" for custom subnets and shared vpcs
nomad_auto_scaler If true, terraform will generate a service account to be used by nomad-autoscaler which will manage scaling of your nomad cluster. The service account key will be output to the file nomad-as-key.json, generated in your current working directory bool false no
preemptible Whether or not to use preemptible nodes bool false no
region GCP region to deploy nomad clients into (e.g us-east1) string n/a yes
retry_with_ssh_allowed_cidr_blocks List of source IP CIDR blocks that can use the 'retry with SSH' feature of CircleCI jobs list(string) 
[
  "0.0.0.0/0"
]
 no
server_endpoint Hostname of the server installation string n/a yes
target_cpu_utilization Target CPU utilization to trigger autoscaling number 0.5 no
unsafe_disable_mtls Disables mTLS between nomad client and servers. Compromises the authenticity and confidentiality of client-server communication. Should not be set to true in any production setting bool false no
zone GCP compute zone to deploy nomad clients into (e.g us-east1-a) string n/a yes
enable_workload_identity Enable nomad service account as gcp workload identity. Ensure Workload Identities are first enabled on your GKE cluster: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity bool false no
k8s_namespace k8s namespace where application is installed string circleci-server Yes, if enable_workload_identity is true
machine_image_project The project value used to retrieve the virtual machine image. string ubuntu-os-cloud no
machine_image_family The family value used to retrieve the virtual machine image. string ubuntu-2004-lts no

Outputs

Name Description
nomad_server_cert n/a
nomad_server_key n/a
nomad_tls_ca n/a
nomad_server_cert_base64 set this value for the nomad.server.rpc.mTLS.certificate key in the CircleCI Server's Helm values.yaml
nomad_server_key_base64 set this value for the nomad.server.rpc.mTLS.privateKey key in the CircleCI Server's Helm values.yaml
nomad_tls_ca_base64 set this value for the nomad.server.rpc.mTLS.CACertificate key in the CircleCI Server's Helm values.yaml