From c54f4fcb9da74ad76577633902475b04f911f72f Mon Sep 17 00:00:00 2001
From: Devin Burnette <devin.burnette@betterment.com>
Date: Fri, 15 Apr 2022 13:58:57 -0400
Subject: [PATCH] new gke cluster

---
 .github/workflows/deploy-staging.yml |  4 +-
 .github/workflows/deploy.yml         |  6 +--
 .gitignore                           |  1 +
 deploy.sh                            |  2 +-
 kubernetes_app.yml                   | 70 +++++++++++++++++-----------
 terraform/.terraform.lock.hcl        | 20 ++++++++
 terraform/README.md                  | 65 ++++++++++++++++++++++++++
 terraform/backend.tf                 |  6 +++
 terraform/main.tf                    | 45 ++++++++++++++++++
 terraform/variables.tf               | 14 ++++++
 terraform/vpc.tf                     | 27 +++++++++++
 11 files changed, 228 insertions(+), 32 deletions(-)
 create mode 100644 terraform/.terraform.lock.hcl
 create mode 100644 terraform/README.md
 create mode 100644 terraform/backend.tf
 create mode 100644 terraform/main.tf
 create mode 100644 terraform/variables.tf
 create mode 100644 terraform/vpc.tf

diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml
index 950fc5df09..f60eef8aa6 100644
--- a/.github/workflows/deploy-staging.yml
+++ b/.github/workflows/deploy-staging.yml
@@ -8,8 +8,8 @@ on:
       - completed
 env:
   PROJECT_ID: ${{ secrets.GKE_PROJECT }}
-  GKE_CLUSTER: p5js-web-editor-cluster
-  GKE_ZONE: us-east1-c
+  GKE_CLUSTER: p5-gke-cluster
+  GKE_ZONE: us-east4
   DEPLOYMENT_NAME: web-editor-node
   IMAGE: ${{ secrets.DOCKER_USERNAME }}/p5.js-web-editor-staging
 jobs:
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index feea3249fe..b45c42286e 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -8,8 +8,8 @@ on:
       - completed
 env:
   PROJECT_ID: ${{ secrets.GKE_PROJECT }}
-  GKE_CLUSTER: p5js-web-editor-cluster
-  GKE_ZONE: us-east1-c
+  GKE_CLUSTER: p5-gke-cluster
+  GKE_ZONE: us-east4
   DEPLOYMENT_NAME: web-editor-node
   IMAGE: ${{ secrets.DOCKER_USERNAME }}/p5.js-web-editor
 jobs:
@@ -60,6 +60,6 @@ jobs:
       # Deploy the Docker image to the GKE cluster
       - name: Deploy
         run: |-
-          kubectl set image deployment/$DEPLOYMENT_NAME web-editor-app=index.docker.io/$IMAGE:$GITHUB_SHA
+          kubectl set image deployment/$DEPLOYMENT_NAME web-editor-app=index.docker.io/$IMAGE:$GITHUB_SHA --namespace=production
           kubectl get services -o wide
 
diff --git a/.gitignore b/.gitignore
index f1fd73f1a9..ffdccb7295 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,6 +16,7 @@ cert_chain.crt
 localhost.crt
 localhost.key
 privkey.pem
+terraform/.terraform/
 
 storybook-static
 duplicates.json
diff --git a/deploy.sh b/deploy.sh
index eee5f1acf8..44e8adb7b0 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -20,4 +20,4 @@ gcloud --quiet container clusters get-credentials $CLUSTER_NAME_PRD
 kubectl config view
 kubectl config current-context
 
-kubectl set image deployment/${KUBE_DEPLOYMENT_NAME} ${KUBE_DEPLOYMENT_CONTAINER_NAME}=index.docker.io/$DOCKER_USERNAME/$DOCKER_REPOSITORY:$TRAVIS_TAG
+kubectl set image deployment/${KUBE_DEPLOYMENT_NAME} ${KUBE_DEPLOYMENT_CONTAINER_NAME}=index.docker.io/$DOCKER_USERNAME/$DOCKER_REPOSITORY:$TRAVIS_TAG --namespace=production
diff --git a/kubernetes_app.yml b/kubernetes_app.yml
index ad8ccd65a2..a054e25dd9 100644
--- a/kubernetes_app.yml
+++ b/kubernetes_app.yml
@@ -1,30 +1,44 @@
-apiVersion: extensions/v1beta1
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: production
+  labels:
+    name: production
+---
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: editor-ingress
+  name: web-editor-ingress
+  namespace: production
   annotations:
-    kubernetes.io/ingress.global-static-ip-name: "web-editor-ip"
+    kubernetes.io/ingress.global-static-ip-name: "production-p5-web-editor-ip"
 spec:
-  backend:
-    serviceName: web-editor-node
-    servicePort: 8000
+  defaultBackend:
+    service:
+      name: web-editor-node
+      port:
+        number: 8000
 ---
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: preview-editor-ingress
+  namespace: production
   annotations:
     # need to make another global static ip
-    kubernetes.io/ingress.global-static-ip-name: "preview-editor-ip"
+    kubernetes.io/ingress.global-static-ip-name: "production-p5-preview-editor-ip"
 spec:
-  backend:
-    serviceName: web-editor-node
-    servicePort: 8002
+  defaultBackend:
+    service:
+      name: web-editor-node
+      port:
+        number: 8002
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: web-editor-node
+  namespace: production
   labels:
     app: web-editor
 spec:
@@ -46,11 +60,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: web-editor-node
+  namespace: production
 spec:
   selector:
     matchLabels:
       app: web-editor
-  replicas: 1
+  replicas: 3
   template:
     metadata:
       labels:
@@ -81,9 +96,8 @@ spec:
 apiVersion: autoscaling/v1
 kind: HorizontalPodAutoscaler
 metadata:
-  annotations:
   name: web-editor-node
-  namespace: default
+  namespace: production
 spec:
   maxReplicas: 6
   minReplicas: 2
@@ -142,29 +156,33 @@ metadata:
   labels:
     name: staging
 ---
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: staging-editor-ingress
+  name: web-editor-ingress
   namespace: staging
   annotations:
-    kubernetes.io/ingress.global-static-ip-name: "web-editor-staging-ip"
+    kubernetes.io/ingress.global-static-ip-name: "staging-p5-web-editor-ip"
 spec:
-  backend:
-    serviceName: web-editor-node
-    servicePort: 8001
+  defaultBackend:
+    service:
+      name: web-editor-node
+      port:
+        number: 8001
 ---
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: staging-preview-ingress
+  name: preview-editor-ingress
   namespace: staging
   annotations:
-    kubernetes.io/ingress.global-static-ip-name: "preview-staging-ip"
+    kubernetes.io/ingress.global-static-ip-name: "staging-p5-preview-editor-ip"
 spec:
-  backend:
-    serviceName: web-editor-node
-    servicePort: 8003
+  defaultBackend:
+    service:
+      name: web-editor-node
+      port:
+        number: 8003
 ---
 apiVersion: v1
 kind: Service
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
new file mode 100644
index 0000000000..a44d1b848f
--- /dev/null
+++ b/terraform/.terraform.lock.hcl
@@ -0,0 +1,20 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "4.11.0"
+  hashes = [
+    "h1:oLj+SrSeaoVgDH+IasWL3XgXHguRDb+m/S86uNsmCHU=",
+    "zh:095c627b2113e8449ab7adc854d13e521996d38f1f2ee2d51a52044e2aaf5ddf",
+    "zh:109c1ff0f51873ad4e734c1de0cc172f3c33b01b35099339f52c70a402c463a2",
+    "zh:18e6ac212be66678e1efb770d5a718969db98dd6e029c9b65932728f1754cf69",
+    "zh:550c1f671954cfc858b1d9067fb61ec9ee0024033fc4e22fd595eafc08184bd4",
+    "zh:90ddd99b1fc9488de4a0ff6108995a01645cd67d7cf97f712d5791d35019c3db",
+    "zh:a1844f823411e8df23b791d54c75961255b0ab12023b5f40c0cdac7f1864759e",
+    "zh:d4c07fd28cad663fc4a6073d5b967858a51fe04259e335e72293674682276dc4",
+    "zh:dfaa24c332794fda06d79fe81b5b48d107bb9b91aee9fa01a85c111c030c5748",
+    "zh:e74731908e670ad663b8e1d215d971131ef32d2d8bfd976399d6b477de36a66e",
+    "zh:fddb1f3399baaebcf1328e1a2bc69590904d43b9677b00e280a6880ee733dc1d",
+    "zh:ff64d718954e8134e5c51163d96d3fdd985d5b17f245484bd1b0c2e25239bd43",
+  ]
+}
diff --git a/terraform/README.md b/terraform/README.md
new file mode 100644
index 0000000000..d0eb0b5070
--- /dev/null
+++ b/terraform/README.md
@@ -0,0 +1,65 @@
+#### Running Terraform
+
+1. Auth with GCP by running:
+```
+$ gcloud auth application-default login
+```
+
+2. If it's your first time running the terraform you will need to init to download the module code:
+```
+$ terraform init
+```
+
+3. Run plan to see the changes terraform will make:
+```
+$ terraform plan
+```
+
+4. Run apply if the changes look correct and terraform will prompt you to confirm the changes:
+```
+$ terraform apply
+```
+
+#### Using Kubectl (or other clients) to interact with the cluster
+
+##### New cluster
+1. Auth with GCP by running:
+```
+$ gcloud auth login
+```
+
+2. Set the project as the default:
+```
+$ gcloud config set project p5js-web-editor-project
+```
+
+3. Download the kubeconfig from gcloud by running the following command:
+```
+gcloud container clusters get-credentials p5-gke-cluster --zone us-east4
+```
+
+4. Run kubectl commands as normal:
+```
+$ kubectl get pods
+```
+
+##### Legacy cluster
+1. Auth with GCP by running:
+```
+$ gcloud auth login
+```
+
+2. Set the project as the default:
+```
+$ gcloud config set project p5js-web-editor-project
+```
+
+3. Download the kubeconfig from gcloud by running the following command:
+```
+$ gcloud container clusters get-credentials p5js-web-editor-cluster --zone us-east1-c
+```
+
+4. Run kubectl commands as normal:
+```
+$ kubectl get pods
+```
diff --git a/terraform/backend.tf b/terraform/backend.tf
new file mode 100644
index 0000000000..e5e0e433a7
--- /dev/null
+++ b/terraform/backend.tf
@@ -0,0 +1,6 @@
+terraform {
+  backend "gcs" {
+    bucket = "p5js-terraform-state"
+    prefix = "terraform/state"
+  }
+}
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 0000000000..0c6e7300da
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,45 @@
+provider "google" {
+  project = var.project
+  region  = var.region
+}
+
+resource "google_container_cluster" "primary" {
+  name               = "p5-gke-cluster"
+  location           = var.region
+  network            = google_compute_network.p5.name
+  subnetwork         = google_compute_subnetwork.p5.name
+  min_master_version = var.gke_version
+
+  release_channel {
+    channel = "UNSPECIFIED"
+  }
+
+  # We can't create a cluster with no node pool defined, but we want to only use
+  # separately managed node pools. So we create the smallest possible default
+  # node pool and immediately delete it.
+  remove_default_node_pool = true
+  initial_node_count       = 1
+}
+
+resource "google_container_node_pool" "primary" {
+  name       = "primary-pool"
+  location   = var.region
+  cluster    = google_container_cluster.primary.name
+  version    = var.gke_version
+  node_count = 1
+
+  node_config {
+    disk_size_gb = 100
+    machine_type = "n1-standard-1"
+  }
+
+  autoscaling {
+    min_node_count = 1
+    max_node_count = 10
+  }
+
+  management {
+    auto_repair  = true
+    auto_upgrade = false
+  }
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
new file mode 100644
index 0000000000..b6cb93828e
--- /dev/null
+++ b/terraform/variables.tf
@@ -0,0 +1,14 @@
+variable "project" {
+  type    = string
+  default = "p5js-web-editor-project"
+}
+
+variable "region" {
+  type    = string
+  default = "us-east4"
+}
+
+variable "gke_version" {
+  type    = string
+  default = "1.22.8-gke.200"
+}
diff --git a/terraform/vpc.tf b/terraform/vpc.tf
new file mode 100644
index 0000000000..54924a2287
--- /dev/null
+++ b/terraform/vpc.tf
@@ -0,0 +1,27 @@
+resource "google_compute_network" "p5" {
+  name                    = "${var.project}-vpc"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "p5" {
+  name          = "${var.project}-subnet"
+  network       = google_compute_network.p5.name
+  ip_cidr_range = "10.10.0.0/24"
+  region        = var.region
+}
+
+resource "google_compute_global_address" "production_p5_web_editor_ip" {
+  name = "production-p5-web-editor-ip"
+}
+
+resource "google_compute_global_address" "production_p5_preview_editor_ip" {
+  name = "production-p5-preview-editor-ip"
+}
+
+resource "google_compute_global_address" "staging_p5_web_editor_ip" {
+  name = "staging-p5-web-editor-ip"
+}
+
+resource "google_compute_global_address" "staging_p5_preview_editor_ip" {
+  name = "staging-p5-preview-editor-ip"
+}