Google Cloud Load Balancers (#1797)

* Add: External LB and IP address

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Fix: backend names

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Fix: Terraform Cloud backends

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Fix: missing subnetwork

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Fix: missing subnet name

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: APIGateway for GKE

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: Whereami component using APIGateway

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

.github/workflows/tf-deploy-gcp.yml

@@ -134,6 +134,40 @@ jobs:
       run: terraform apply -auto-approve
       working-directory: terraform/gcp/external-ips/cloud-nat/${{ github.event.inputs.env }}
 
+  gcp_external_ip_external_lb:
+    needs: gcp_vpc
+    runs-on: ubuntu-latest
+    steps:
+    - run: |
+        echo "External IP for External Load Balancer / ${{ github.event.inputs.env }}"
+
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v1
+      with:
+        terraform_version: ${{ github.event.inputs.tf_version }}
+        cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+    # - name: Configure GCP credentials
+    #   uses: google-github-actions/setup-gcloud@v0.2.1
+    #   with:
+    #     version: 324.0.0
+    #     service_account_key: ${{ secrets.GCP_SA_KEY_PROD }}
+    #     export_default_credentials: true
+
+    # - name: Use gcloud CLI
+    #   run: gcloud info
+
+    - name: Terraform Init
+      run: terraform init -upgrade
+      working-directory: terraform/gcp/external-ips/external-lb/${{ github.event.inputs.env }}
+
+    - name: Terraform Apply
+      run: terraform apply -auto-approve
+      working-directory: terraform/gcp/external-ips/external-lb/${{ github.event.inputs.env }}
+
   gcp_cloud_nat:
     needs: gcp_external_ip_cloud_nat
     runs-on: ubuntu-latest
@@ -309,6 +343,7 @@ jobs:
       - gcp_cloud_nat
       - gcp_artifact_registry
       - gcp_pubsub
+      - gcp_external_ip_external_lb
       - gcp_internal_ip_internal_lb
     runs-on: ubuntu-latest
     steps:

.github/workflows/tf-undeploy-gcp.yml

@@ -446,8 +446,42 @@ jobs:
       run: terraform destroy -auto-approve
       working-directory: terraform/gcp/external-ips/cloud-nat/${{ github.event.inputs.env }}
 
+  gcp_external_ip_external_lb:
+    needs: gcp_gke
+    runs-on: ubuntu-latest
+    steps:
+    - run: |
+        echo "External IP for External Load Balancer / ${{ github.event.inputs.env }}"
+
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v1
+      with:
+        terraform_version: ${{ github.event.inputs.tf_version }}
+        cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+    # - name: Configure GCP credentials
+    #   uses: google-github-actions/setup-gcloud@v0.2.1
+    #   with:
+    #     version: 324.0.0
+    #     service_account_key: ${{ secrets.GCP_SA_KEY_PROD }}
+    #     export_default_credentials: true
+
+    # - name: Use gcloud CLI
+    #   run: gcloud info
+
+    - name: Terraform Init
+      run: terraform init -upgrade
+      working-directory: terraform/gcp/external-ips/external-lb/${{ github.event.inputs.env }}
+
+    - name: Terraform Destroy
+      run: terraform destroy -auto-approve
+      working-directory: terraform/gcp/external-ips/external-lb/${{ github.event.inputs.env }}
+
   gcp_internal_ip_internal_lb:
-    needs: gcp_cloud_nat
+    needs: gcp_gke
     runs-on: ubuntu-latest
     steps:
     - run: |
@@ -488,6 +522,7 @@ jobs:
       - gcp_pubsub
       - gcp_artifact_registry
       - gcp_external_ip_cloud_nat
+      - gcp_external_ip_external_lb
       - gcp_internal_ip_internal_lb
     runs-on: ubuntu-latest
     steps:

gitops/fluxcd/clusters/gcp/prod/apigateway.yaml

@@ -0,0 +1,38 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: apigateway
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  # dependsOn:
+  #   - name: kube-prometheus-stack-crd
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./gitops/fluxcd/kubernetes/overlays/gcp/dev/apigateway/gke
+  prune: true
+  healthChecks:
+    - apiVersion: networking.x-k8s.io/v1alpha1
+      kind: Gateway
+      name: external-http
+      namespace: apigateway
+    - apiVersion: networking.x-k8s.io/v1alpha1
+      kind: Gateway
+      name: internal-http
+      namespace: apigateway

gitops/fluxcd/clusters/gcp/prod/whereami.yaml

@@ -0,0 +1,46 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: whereami
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  # dependsOn:
+  #   - name: kube-prometheus-stack-crd
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./gitops/fluxcd/kubernetes/overlays/gcp/dev/whereami/whereami
+  prune: true
+  healthChecks:
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: whereami-foo
+      namespace: whereami
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: whereami-bar
+      namespace: whereami
+    - apiVersion: networking.x-k8s.io/v1alpha1
+      kind: HTTPRoute
+      name: whereami-foo
+      namespace: whereami
+    - apiVersion: networking.x-k8s.io/v1alpha1
+      kind: HTTPRoute
+      name: whereami-bar
+      namespace: whereami

gitops/fluxcd/kubernetes/base/apigateway/gke/external-gateway.yaml

@@ -0,0 +1,36 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+kind: Gateway
+apiVersion: networking.x-k8s.io/v1alpha1
+metadata:
+  name: external-http
+spec:
+  gatewayClassName: gke-l7-gxlb
+  listeners:
+  - protocol: HTTPS
+    port: 443
+    routes:
+      kind: HTTPRoute
+      selector:
+        matchLabels:
+          gateway: external-http
+    # tls:
+    #   mode: Terminate
+    #   options:
+    #     networking.gke.io/pre-shared-certs: portefaix-dev-cert
+  addresses:
+  - type: NamedAddress
+    value: ADDRESS_NAME

gitops/fluxcd/kubernetes/base/apigateway/gke/internal-gateway.yaml

@@ -0,0 +1,32 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+kind: Gateway
+apiVersion: networking.x-k8s.io/v1alpha1
+metadata:
+  name: internal-http
+spec:
+  gatewayClassName: gke-l7-rilb
+  listeners:
+  - protocol: HTTP
+    port: 80
+    routes:
+      kind: HTTPRoute
+      selector:
+        matchLabels:
+          gateway: internal-gateway
+  addresses:
+  - type: NamedAddress
+    value: ADDRESS_NAME

gitops/fluxcd/kubernetes/base/apigateway/gke/kustomization.yaml

@@ -0,0 +1,21 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../namespace
+- ./external-gateway.yaml
+- ./internal-gateway.yaml

gitops/fluxcd/kubernetes/base/whereami/namespace/kustomization.yaml

@@ -0,0 +1,19 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./namespace.yaml

gitops/fluxcd/kubernetes/base/whereami/namespace/namespace.yaml

@@ -0,0 +1,19 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: whereami

gitops/fluxcd/kubernetes/base/whereami/whereami/kustomization.yaml

@@ -0,0 +1,22 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+transformers:
+- labels.yaml
+resources:
+- ../namespace
+- ./whereami.yaml

gitops/fluxcd/kubernetes/base/whereami/whereami/labels.yaml

@@ -0,0 +1,37 @@
+# Copyright (C) 2021 Nicolas Lamirault <nicolas.lamirault@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: builtin
+kind: LabelTransformer
+metadata:
+  name: labels
+labels:
+  app.kubernetes.io/name: whereami
+  app.kubernetes.io/instance: whereami-app
+  app.kubernetes.io/component: whereami
+  app.kubernetes.io/version: v1.2.6
+  app.kubernetes.io/part-of: whereami
+  app.kubernetes.io/managed-by: kustomize
+  portefaix.xyz/version: v0.30.0
+fieldSpecs:
+- path: metadata/labels
+  create: true
+- path: spec/selector
+  create: true
+  version: v1
+  kind: Service
+- path: spec/selector/matchLabels
+  create: true
+  kind: Deployment