terraform-google-modules · apeabody · Oct 31, 2024
@@ -369,17 +369,17 @@ steps:
   waitFor:
     - create-all
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleZonalWithASM --stage apply --verbose']
+  args: ['/bin/bash', '-c', 'cft test run TestAll/examples/simple_zonal_with_asm --stage apply --verbose --test-dir test/integration']
 - id: verify simple-zonal-with-asm-local
   waitFor:
     - apply simple-zonal-with-asm-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleZonalWithASM --stage verify --verbose']
-- id: destroy simple-zonal-with-asm-local
+  args: ['/bin/bash', '-c', 'cft test run TestAll/examples/simple_zonal_with_asm --stage verify --verbose --test-dir test/integration']
+- id: teardown simple-zonal-with-asm-local
   waitFor:
     - verify simple-zonal-with-asm-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleZonalWithASM --stage teardown --verbose']
+  args: ['/bin/bash', '-c', 'cft test run TestAll/examples/simple_zonal_with_asm --stage teardown --verbose --test-dir test/integration']
 - id: apply simple-autopilot-private-local
   waitFor:
     - create-all

@@ -0,0 +1,40 @@
+# Upgrading to v36.0
+The v36.0 release of *kubernetes-engine* is a backwards incompatible release.
+
+### ASM Sub-Module Removal
+The ASM Sub-Module has been removed in v36.0.  Please use the [google_gke_hub_feature](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/gke_hub_feature#example-usage---enable-fleet-default-member-config-service-mesh) and [google_gke_hub_feature_membership](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/gke_hub_feature_membership#example-usage---service-mesh) resources.
+
+
+```diff
+-module "asm" {
+-  source  = "terraform-google-modules/kubernetes-engine/google//modules/asm"
+-  version = "~> 35.0"
+
+-  project_id                = var.project_id
+-  cluster_name              = module.gke.name
+-  cluster_location          = module.gke.location
+-  multicluster_mode         = "connected"
+-  enable_cni                = true
+-  enable_fleet_registration = true
+-  enable_mesh_feature       = true
+-}
+
++resource "google_gke_hub_feature" "mesh_feature" {
++  project  = var.project_id
++  location = "global"
++  name     = "servicemesh"
++}
+
++resource "google_gke_hub_feature_membership" "mesh_feature_membership" {
++  project  = var.project_id
++  location = "global"
+
++  feature             = google_gke_hub_feature.mesh_feature.name
++  membership          = module.gke.fleet_membership
++  membership_location = module.gke.region
+
++  mesh {
++    management = "MANAGEMENT_AUTOMATIC"
++  }
++}
+```
@@ -7,32 +7,25 @@ This example illustrates how to create a simple zonal cluster with ASM.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| ip\_range\_pods | The secondary ip range to use for pods | `any` | n/a | yes |
-| ip\_range\_services | The secondary ip range to use for services | `any` | n/a | yes |
-| network | The VPC network to host the cluster in | `any` | n/a | yes |
-| project\_id | The project ID to host the cluster in | `any` | n/a | yes |
-| region | The region to host the cluster in | `any` | n/a | yes |
-| subnetwork | The subnetwork to host the cluster in | `any` | n/a | yes |
-| zones | The zone to host the cluster in (required if is a zonal cluster) | `list(string)` | n/a | yes |
+| enable\_fleet\_feature | Whether to enable the Mesh feature on the fleet. | `bool` | `true` | no |
+| mesh\_management | ASM Management mode. For more information, see the [gke\_hub\_feature\_membership resource documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/gke_hub_feature_membership#nested_mesh) | `string` | `"MANAGEMENT_AUTOMATIC"` | no |
+| project\_id | The project ID to host the cluster in | `string` | n/a | yes |
+| region | The region to host the cluster in | `string` | `"us-central1"` | no |
+| zone | The zone to host the cluster in (required if is a zonal cluster) | `string` | `"us-central1-a"` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| ca\_certificate | n/a |
-| client\_token | n/a |
 | cluster\_name | Cluster name |
-| identity\_namespace | n/a |
 | ip\_range\_pods | The secondary IP range used for pods |
 | ip\_range\_services | The secondary IP range used for services |
-| kubernetes\_endpoint | n/a |
-| location | n/a |
-| master\_kubernetes\_version | The master Kubernetes version |
-| network | n/a |
-| project\_id | n/a |
-| region | n/a |
+| location | Cluster Location |
+| network | Network name |
+| project\_id | Project ID |
+| region | Cluster Region |
 | service\_account | The default service account used for running nodes. |
-| subnetwork | n/a |
+| subnetwork | Subnetwork name |
 | zones | List of zones in which the cluster resides |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,19 +14,27 @@
  * limitations under the License.
  */
 
-variable "project_ids" {
-  type        = list(string)
-  description = "The GCP projects to use for integration tests"
-}
+resource "google_gke_hub_feature" "mesh_feature" {
+  name     = "servicemesh"
+  project  = var.project_id
+  location = "global"
 
-variable "region" {
-  description = "The GCP region to create and test resources in"
-  default     = "us-central1"
+  count = var.enable_fleet_feature ? 1 : 0
 }
 
-variable "zones" {
-  type        = list(string)
-  description = "The GCP zones to create and test resources in, for applicable tests"
-  default     = ["us-central1-a", "us-central1-b", "us-central1-c"]
-}
+resource "google_gke_hub_feature_membership" "mesh_feature_membership" {
+  project  = var.project_id
+  location = "global"
+
+  feature             = "servicemesh"
+  membership          = module.gke.fleet_membership
+  membership_location = module.gke.region
 
+  mesh {
+    management = var.mesh_management
+  }
+
+  depends_on = [
+    google_gke_hub_feature.mesh_feature
+  ]
+}
@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2018-2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,36 +14,24 @@
  * limitations under the License.
  */
 
-data "google_client_config" "default" {}
-
-provider "kubernetes" {
-  host                   = "https://${module.gke.endpoint}"
-  token                  = data.google_client_config.default.access_token
-  cluster_ca_certificate = base64decode(module.gke.ca_certificate)
-}
-
-data "google_project" "project" {
-  project_id = var.project_id
-}
-
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google"
   version = "~> 35.0"
 
-  project_id              = var.project_id
-  name                    = "test-prefix-cluster-test-suffix"
-  regional                = false
-  region                  = var.region
-  zones                   = var.zones
-  release_channel         = "REGULAR"
-  network                 = var.network
-  subnetwork              = var.subnetwork
-  ip_range_pods           = var.ip_range_pods
-  ip_range_services       = var.ip_range_services
-  network_policy          = false
-  cluster_resource_labels = { "mesh_id" : "proj-${data.google_project.project.number}" }
-  identity_namespace      = "${var.project_id}.svc.id.goog"
-  deletion_protection     = false
+  project_id      = var.project_id
+  fleet_project   = var.project_id
+  name            = "test-prefix-cluster-test-suffix"
+  regional        = false
+  region          = var.region
+  zones           = [var.zone]
+  release_channel = "REGULAR"
+
+  network           = google_compute_network.main.name
+  subnetwork        = google_compute_subnetwork.main.name
+  ip_range_pods     = google_compute_subnetwork.main.secondary_ip_range[0].range_name
+  ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name
+
+  deletion_protection = false
   node_pools = [
     {
       name         = "asm-node-pool"
@@ -54,17 +42,3 @@ module "gke" {
     },
   ]
 }
-
-module "asm" {
-  source  = "terraform-google-modules/kubernetes-engine/google//modules/asm"
-  version = "~> 35.0"
-
-  project_id                = var.project_id
-  cluster_name              = module.gke.name
-  cluster_location          = module.gke.location
-  multicluster_mode         = "connected"
-  enable_cni                = true
-  enable_fleet_registration = true
-  enable_mesh_feature       = true
-
-}
@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2021-2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,16 +20,14 @@ resource "random_string" "suffix" {
   upper   = false
 }
 
-provider "google" {
-  project = var.project_ids[2]
-}
-
 resource "google_compute_network" "main" {
+  project                 = var.project_id
   name                    = "cft-gke-test-${random_string.suffix.result}"
   auto_create_subnetworks = false
 }
 
 resource "google_compute_subnetwork" "main" {
+  project       = var.project_id
   name          = "cft-gke-test-${random_string.suffix.result}"
   ip_cidr_range = "10.0.0.0/17"
   region        = var.region

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2018-2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,22 +14,53 @@
  * limitations under the License.
  */
 
-output "kubernetes_endpoint" {
-  sensitive = true
-  value     = module.gke.endpoint
+output "service_account" {
+  description = "The default service account used for running nodes."
+  value       = module.gke.service_account
 }
 
-output "client_token" {
-  sensitive = true
-  value     = base64encode(data.google_client_config.default.access_token)
+# Standard test outputs
+output "project_id" {
+  description = "Project ID"
+  value       = var.project_id
 }
 
-output "ca_certificate" {
-  sensitive = true
-  value     = module.gke.ca_certificate
+output "region" {
+  description = " Cluster Region"
+  value       = module.gke.region
 }
 
-output "service_account" {
-  description = "The default service account used for running nodes."
-  value       = module.gke.service_account
+output "cluster_name" {
+  description = "Cluster name"
+  value       = module.gke.name
+}
+
+output "network" {
+  description = "Network name"
+  value       = google_compute_network.main.name
+}
+
+output "subnetwork" {
+  description = "Subnetwork name"
+  value       = google_compute_subnetwork.main.name
+}
+
+output "location" {
+  description = "Cluster Location"
+  value       = module.gke.location
+}
+
+output "ip_range_pods" {
+  description = "The secondary IP range used for pods"
+  value       = google_compute_subnetwork.main.secondary_ip_range[0].range_name
+}
+
+output "ip_range_services" {
+  description = "The secondary IP range used for services"
+  value       = google_compute_subnetwork.main.secondary_ip_range[1].range_name
+}
+
+output "zones" {
+  description = "List of zones in which the cluster resides"
+  value       = module.gke.zones
 }