I saw this tweet by @dberkholz (hi btw, long time no see; I hope all is well!), and I'm not sure which one of the 4 big cloud providers is being singled out. :)
I recently wrote #Terraform configurations to deploy (simple) #Kubernetes clusters on a dozen of cloud providers; and Oracle was not the worst experience - very far from it.
In fact, that exercise gave me the impression that if anything, Google and AWS just hate developers 馃槵
To give a bit more details:
- on Oracle, I was able to figure out by myself how to create all the things I needed (VCN, internet gateways, etc.) by reading their documentation, and it overall "made sense"
- on AWS... after spending hours trying to directly use the AWS Terraform provider, I gave up and used external modules
- on GCP, I eventually succeeded, but there was a lot of trial and error, and I kept hitting problems .../...
E.g.: out of the box, you get nodes with public IP addresses. But you can only use a handful of them per region; so you quickly run out. Fine, let's use nodes with private addresses. Oh but then you need to bring in routers and subnets and more, and oops you hit another quota limit.
My final goal was to deploy 10 small k8s clusters for a workshop; the only way to do it on GCP was to deploy them in 10 different zones.
(And of course the documentation was anything but stellar 馃槵)
@jpetazzo about Google Cloud, I would say the quota is the main issue. I've fixed it and have been able to run workshops without problems.
Quota is a security, so it makes sense to me to be opt out if you don't need it, no?
You were lucky! :)
When I contacted them, they denied the request to increase the quotas that I needed.
Also, pain points (imho) include:
- no easy way to obtain the kubeconfig file (you have to assemble it with the API server addr, cert, auth plugin, etc.), while on other providers, you usually can do something like kubernetes_cluster._.kubeconfig
- fields that are not very well named or not very well explained, for instance the "minimal_version" .../...
... for the k8s control plane; it really is an "initial_version" (and the docs didn't explain clearly the reasoning, which is to work with Terraform semantics).
Or the fact that you can have node groups inside our outside the cluster, but the docs also don't explain clearly the difference, or what you should do if you want, say, scale-to-zero node groups.
So it's a lot of trial-and-error, and the fact that clusters and nodes take a long time to provision on GCP makes it super annoying 馃槾
@jpetazzo From my point of view, the platform is still one of the most "dev friendly" one, so it's super important to get this kind of feedbacks!
About the `kubeconfig`, I just use the `gcloud` command to generate it for me. It's possible for you?
About `minimal_version`, you are in terraform or the UI?
I'll try to get information within the #GDE program. If you want to discuss about this (better than toots), don't hesitate to ping me to plan this 馃槆.
/cc @glaforge
Whoops, and I hadn't replied to the minimal_version question - that's in Terraform.
(And that's how I understand it - it wouldn't work to specify a "kubernetes_version" because GKE can update it automatically, and then it would cause a cluster re-creation when re-applying the TF configuration; so it's interpreted more like "version at the time we create the cluster")
@jpetazzo Got it!
All your problems are related to the implementation of the `terraform` module IIUC, no?
For the #Istio workshop (same strategy as you), we used `tf` and had some problems too. I tried the same thing with #ConfigConnector, it was better (fully declarative) but too young when we needed it.
So, I understand more your feedback now and it a shame a good product like this can be perceived bad because of the intermediate tooling.
I'll try to share that internally 馃槆
Yes, that part is definitely linked to Terraform :)
Another example is this issue:
https://github.com/hashicorp/terraform-provider-google/issues/10907
TLDR you *must* specify the project name in the Terraform configuration; which means poor integration between TF and the gcloud CLI.
Small details, but it hits the developer experience, especially when getting started!
Community Note Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request. Please do not leave +1 or me too comments, they ...
J茅r么me Petazzoni
Kevin Davin