Skip to content

Commit

Permalink
feat!: migrate ASM
Browse files Browse the repository at this point in the history
  • Loading branch information
apeabody committed Nov 1, 2024
1 parent d18755a commit c5de12c
Show file tree
Hide file tree
Showing 26 changed files with 200 additions and 909 deletions.
10 changes: 0 additions & 10 deletions .kitchen.yml
Original file line number Diff line number Diff line change
Expand Up @@ -226,16 +226,6 @@ suites:
systems:
- name: safer_cluster_iap_bastion
backend: local
- name: "simple_zonal_with_asm"
transport:
root_module_directory: test/fixtures/simple_zonal_with_asm
verifier:
systems:
- name: simple_zonal_with_asm
backend: local
controls:
- gcloud
- kubectl
- name: "simple_autopilot_private"
transport:
root_module_directory: test/fixtures/simple_autopilot_private
Expand Down
35 changes: 15 additions & 20 deletions build/int.cloudbuild.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -430,26 +430,6 @@ steps:
- verify safer-cluster-iap-bastion-local
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy safer-cluster-iap-bastion-local']
- id: init simple-zonal-with-asm-local
waitFor:
- create-all
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'cft test run TestSimpleZonalWithASM --stage init --verbose']
- id: apply simple-zonal-with-asm-local
waitFor:
- init simple-zonal-with-asm-local
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'cft test run TestSimpleZonalWithASM --stage apply --verbose']
- id: verify simple-zonal-with-asm-local
waitFor:
- apply simple-zonal-with-asm-local
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'cft test run TestSimpleZonalWithASM --stage verify --verbose']
- id: destroy simple-zonal-with-asm-local
waitFor:
- verify simple-zonal-with-asm-local
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'cft test run TestSimpleZonalWithASM --stage teardown --verbose']
- id: init simple-autopilot-private-local
waitFor:
- create-all
Expand Down Expand Up @@ -531,6 +511,21 @@ steps:
- verify private-zonal-with-networking
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'cft test run TestPrivateZonalWithNetworking --stage teardown --verbose --test-dir test/integration']
- id: apply simple-zonal-with-asm
waitFor:
- create-all
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'cft test run TestAll/examples/simple_zonal_with_asm --stage apply --verbose --test-dir test/integration']
- id: verify simple-zonal-with-asm
waitFor:
- apply simple-zonal-with-asm
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'cft test run TestAll/examples/simple_zonal_with_asm --stage verify --verbose --test-dir test/integration']
- id: teardown simple-zonal-with-asm
waitFor:
- verify simple-zonal-with-asm
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'cft test run TestAll/examples/simple_zonal_with_asm --stage teardown --verbose --test-dir test/integration']
- id: init simple-autopilot-private-non-default-sa
waitFor:
- create-all
Expand Down
38 changes: 38 additions & 0 deletions docs/upgrading_to_v35.0.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,41 @@ The v35.0 release of *kubernetes-engine* is a backwards incompatible release.

### Google Cloud Platform Provider upgrade
The Terraform Kubernetes Engine Module now requires version 6 of the Google Cloud Platform Providers. See the [Terraform Google Provider 6.0.0 Upgrade Guide](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_6_upgrade) for more details.

### ASM Sub-Module Removal
The ASM Sub-Module has been removed in v35.0. Please use the [google_gke_hub_feature](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/gke_hub_feature#example-usage---enable-fleet-default-member-config-service-mesh) and [google_gke_hub_feature_membership](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/gke_hub_feature_membership#example-usage---service-mesh) resources.


```diff
-module "asm" {
- source = "terraform-google-modules/kubernetes-engine/google//modules/asm"
- version = "~> 34.0"

- project_id = var.project_id
- cluster_name = module.gke.name
- cluster_location = module.gke.location
- multicluster_mode = "connected"
- enable_cni = true
- enable_fleet_registration = true
- enable_mesh_feature = true
-}

+resource "google_gke_hub_feature" "mesh_feature" {
+ project = var.project_id
+ location = "global"
+ name = "servicemesh"
+}

+resource "google_gke_hub_feature_membership" "mesh_feature_membership" {
+ project = var.project_id
+ location = "global"

+ feature = google_gke_hub_feature.mesh_feature.name
+ membership = module.gke.fleet_membership
+ membership_location = module.gke.region

+ mesh {
+ management = "MANAGEMENT_AUTOMATIC"
+ }
+}
```
27 changes: 10 additions & 17 deletions examples/simple_zonal_with_asm/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,32 +7,25 @@ This example illustrates how to create a simple zonal cluster with ASM.

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| ip\_range\_pods | The secondary ip range to use for pods | `any` | n/a | yes |
| ip\_range\_services | The secondary ip range to use for services | `any` | n/a | yes |
| network | The VPC network to host the cluster in | `any` | n/a | yes |
| project\_id | The project ID to host the cluster in | `any` | n/a | yes |
| region | The region to host the cluster in | `any` | n/a | yes |
| subnetwork | The subnetwork to host the cluster in | `any` | n/a | yes |
| zones | The zone to host the cluster in (required if is a zonal cluster) | `list(string)` | n/a | yes |
| enable\_fleet\_feature | Whether to enable the Mesh feature on the fleet. | `bool` | `true` | no |
| mesh\_management | ASM Management mode. For more information, see the [gke\_hub\_feature\_membership resource documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/gke_hub_feature_membership#nested_mesh) | `string` | `"MANAGEMENT_AUTOMATIC"` | no |
| project\_id | The project ID to host the cluster in | `string` | n/a | yes |
| region | The region to host the cluster in | `string` | `"us-central1"` | no |
| zone | The zone to host the cluster in (required if is a zonal cluster) | `string` | `"us-central1-a"` | no |

## Outputs

| Name | Description |
|------|-------------|
| ca\_certificate | n/a |
| client\_token | n/a |
| cluster\_name | Cluster name |
| identity\_namespace | n/a |
| ip\_range\_pods | The secondary IP range used for pods |
| ip\_range\_services | The secondary IP range used for services |
| kubernetes\_endpoint | n/a |
| location | n/a |
| master\_kubernetes\_version | The master Kubernetes version |
| network | n/a |
| project\_id | n/a |
| region | n/a |
| location | Cluster Location |
| network | Network name |
| project\_id | Project ID |
| region | Cluster Region |
| service\_account | The default service account used for running nodes. |
| subnetwork | n/a |
| subnetwork | Subnetwork name |
| zones | List of zones in which the cluster resides |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2018 Google LLC
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand All @@ -14,19 +14,27 @@
* limitations under the License.
*/

variable "project_ids" {
type = list(string)
description = "The GCP projects to use for integration tests"
}
resource "google_gke_hub_feature" "mesh_feature" {
name = "servicemesh"
project = var.project_id
location = "global"

variable "region" {
description = "The GCP region to create and test resources in"
default = "us-central1"
count = var.enable_fleet_feature ? 1 : 0
}

variable "zones" {
type = list(string)
description = "The GCP zones to create and test resources in, for applicable tests"
default = ["us-central1-a", "us-central1-b", "us-central1-c"]
}
resource "google_gke_hub_feature_membership" "mesh_feature_membership" {
project = var.project_id
location = "global"

feature = "servicemesh"
membership = module.gke.fleet_membership
membership_location = module.gke.region

mesh {
management = var.mesh_management
}

depends_on = [
google_gke_hub_feature.mesh_feature
]
}
56 changes: 15 additions & 41 deletions examples/simple_zonal_with_asm/main.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2018 Google LLC
* Copyright 2018-2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand All @@ -14,36 +14,24 @@
* limitations under the License.
*/

data "google_client_config" "default" {}

provider "kubernetes" {
host = "https://${module.gke.endpoint}"
token = data.google_client_config.default.access_token
cluster_ca_certificate = base64decode(module.gke.ca_certificate)
}

data "google_project" "project" {
project_id = var.project_id
}

module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
version = "~> 34.0"

project_id = var.project_id
name = "test-prefix-cluster-test-suffix"
regional = false
region = var.region
zones = var.zones
release_channel = "REGULAR"
network = var.network
subnetwork = var.subnetwork
ip_range_pods = var.ip_range_pods
ip_range_services = var.ip_range_services
network_policy = false
cluster_resource_labels = { "mesh_id" : "proj-${data.google_project.project.number}" }
identity_namespace = "${var.project_id}.svc.id.goog"
deletion_protection = false
project_id = var.project_id
fleet_project = var.project_id
name = "test-prefix-cluster-test-suffix"
regional = false
region = var.region
zones = [var.zone]
release_channel = "REGULAR"

network = google_compute_network.main.name
subnetwork = google_compute_subnetwork.main.name
ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name
ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name

deletion_protection = false
node_pools = [
{
name = "asm-node-pool"
Expand All @@ -54,17 +42,3 @@ module "gke" {
},
]
}

module "asm" {
source = "terraform-google-modules/kubernetes-engine/google//modules/asm"
version = "~> 34.0"

project_id = var.project_id
cluster_name = module.gke.name
cluster_location = module.gke.location
multicluster_mode = "connected"
enable_cni = true
enable_fleet_registration = true
enable_mesh_feature = true

}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2018 Google LLC
* Copyright 2021-2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand All @@ -20,16 +20,14 @@ resource "random_string" "suffix" {
upper = false
}

provider "google" {
project = var.project_ids[2]
}

resource "google_compute_network" "main" {
project = var.project_id
name = "cft-gke-test-${random_string.suffix.result}"
auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "main" {
project = var.project_id
name = "cft-gke-test-${random_string.suffix.result}"
ip_cidr_range = "10.0.0.0/17"
region = var.region
Expand Down
57 changes: 44 additions & 13 deletions examples/simple_zonal_with_asm/outputs.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2018 Google LLC
* Copyright 2018-2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand All @@ -14,22 +14,53 @@
* limitations under the License.
*/

output "kubernetes_endpoint" {
sensitive = true
value = module.gke.endpoint
output "service_account" {
description = "The default service account used for running nodes."
value = module.gke.service_account
}

output "client_token" {
sensitive = true
value = base64encode(data.google_client_config.default.access_token)
# Standard test outputs
output "project_id" {
description = "Project ID"
value = var.project_id
}

output "ca_certificate" {
sensitive = true
value = module.gke.ca_certificate
output "region" {
description = " Cluster Region"
value = module.gke.region
}

output "service_account" {
description = "The default service account used for running nodes."
value = module.gke.service_account
output "cluster_name" {
description = "Cluster name"
value = module.gke.name
}

output "network" {
description = "Network name"
value = google_compute_network.main.name
}

output "subnetwork" {
description = "Subnetwork name"
value = google_compute_subnetwork.main.name
}

output "location" {
description = "Cluster Location"
value = module.gke.location
}

output "ip_range_pods" {
description = "The secondary IP range used for pods"
value = google_compute_subnetwork.main.secondary_ip_range[0].range_name
}

output "ip_range_services" {
description = "The secondary IP range used for services"
value = google_compute_subnetwork.main.secondary_ip_range[1].range_name
}

output "zones" {
description = "List of zones in which the cluster resides"
value = module.gke.zones
}
Loading

0 comments on commit c5de12c

Please sign in to comment.