chore: Add example with templated and bind mounted config file (#68)

Author: karlkfi

.kitchen.yml

@@ -75,6 +75,27 @@ suites:
         key_files:
           - ./test/fixtures/instance_with_attached_disk/ssh/key
         user: user
+  - name: "instance_with_config_file"
+    driver:
+      name: "terraform"
+      command_timeout: 1800
+      root_module_directory: test/fixtures/instance_with_config_file
+    verifier:
+      name: terraform
+      color: false
+      systems:
+      - name: system
+        backend: local
+        controls:
+          - gce
+      - name: remote
+        backend: ssh
+        controls:
+          - docker
+        hosts_output: ipv4
+        key_files:
+          - ./test/fixtures/instance_with_config_file/ssh/key
+        user: user
   - name: "managed_instance_group"
     excludes:
       - local

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.12.0
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

build/int.cloudbuild.yaml

@@ -38,4 +38,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'

build/lint.cloudbuild.yaml

@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'

examples/instance_with_attached_disk/README.md

@@ -7,7 +7,7 @@ This example illustrates how to deploy and expose a container to a Google Comput
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| additional\_metadata | Additional metadata to attach to the instance | map | `<map>` | no |
+| additional\_metadata | Additional metadata to attach to the instance | map(string) | `<map>` | no |
 | client\_email | Service account email address | string | `""` | no |
 | image | The Docker image to deploy to GCE instances | string | n/a | yes |
 | image\_port | The port the image exposes for HTTP requests | string | n/a | yes |

examples/instance_with_attached_disk/variables.tf

@@ -52,7 +52,7 @@ variable "zone" {
 }
 
 variable "additional_metadata" {
-  type        = "map"
+  type        = map(string)
   description = "Additional metadata to attach to the instance"
   default     = {}
 }

examples/instance_with_config_file/.gitignore

@@ -0,0 +1,4 @@
+terraform.tfvars
+.terraform
+terraform.tfstate.d
+terraform.tfstate.backup

examples/instance_with_config_file/README.md

@@ -0,0 +1,64 @@
+# Instance with Config File
+
+This example illustrates how to deploy and expose a container to a Google Compute Engine instance in GCP, with an templated config file mounted into the container.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| additional\_metadata | Additional metadata to attach to the instance | map(string) | `<map>` | no |
+| client\_email | Service account email address | string | `""` | no |
+| cos\_image\_name | The forced COS image to use instead of latest | string | `"cos-stable-77-12371-89-0"` | no |
+| instance\_name | The desired name to assign to the deployed instance | string | `"hello-world-container-vm"` | no |
+| project\_id | The project ID to deploy resources into | string | n/a | yes |
+| subnetwork | The name of the subnetwork to deploy instances into | string | n/a | yes |
+| subnetwork\_project | The project ID where the desired subnetwork is provisioned | string | n/a | yes |
+| zone | The GCP zone to deploy instances into | string | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| container | The container metadata provided to the module |
+| instance\_name | The deployed instance name |
+| ipv4 | The public IP address of the deployed instance |
+| vm\_container\_label | The instance label containing container configuration |
+| volumes | The volume metadata provided to the module |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Running
+
+To provision this example, run the following from within this directory:
+
+- `terraform init` to get plugins
+- `terraform plan` to dry-run the infrastructure changes
+- `terraform apply` to apply the infrastructure changes
+- `terraform destroy` to tear down the created infrastructure
+
+## Debugging
+
+SSH into the VM instance (e.g. through the cloud console) and run the following commands.
+
+To verify that the startup script wrote the config file:
+
+```
+$ cat /etc/hello-app/config.json
+{
+    "instance_name": "hello-world-container-vm-60b69fa4",
+    "boot_timestamp": "2020-09-30T19:37:51,065136954+00:00",
+}
+```
+
+To verify that the config file can be read from inside the container:
+
+```
+$ docker exec "$(docker ps | grep hello-app | cut -f 1 -d ' ')" cat /config.json
+{
+    "instance_name": "hello-world-container-vm-60b69fa4",
+    "boot_timestamp": "2020-09-30T19:37:51,065136954+00:00",
+}
+```
+
+To debug the startup script, see [viewing startup script logs](https://cloud.google.com/compute/docs/startupscript#viewing_startup_script_logs) and [rerunning a startup script](https://cloud.google.com/compute/docs/startupscript#rerunthescript).

examples/instance_with_config_file/main.tf

@@ -0,0 +1,109 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "google" {
+  project = var.project_id
+  version = "~> 2.20"
+}
+
+provider "template" {
+  version = "~> 2.1"
+}
+
+locals {
+  instance_name = format("%s-%s", var.instance_name, substr(md5(module.gce-container.container.image), 0, 8))
+  config_path   = "/etc/hello-app/config.json"
+}
+
+module "gce-container" {
+  source = "../../"
+
+  cos_image_name = var.cos_image_name
+
+  container = {
+    image = "gcr.io/google-samples/hello-app:1.0"
+
+    volumeMounts = [
+      {
+        mountPath = "/config.json"
+        name      = "config"
+        readOnly  = true
+      },
+    ]
+  }
+
+  volumes = [
+    {
+      name = "config"
+      hostPath = {
+        path = local.config_path
+      }
+    },
+  ]
+
+  restart_policy = "Always"
+}
+
+data "template_file" "startup_script" {
+  template = "${file("${path.module}/startup.sh.tpl")}"
+  vars = {
+    instance_name = local.instance_name
+    config_path   = local.config_path
+  }
+}
+
+resource "google_compute_instance" "vm" {
+  project      = var.project_id
+  name         = local.instance_name
+  machine_type = "n1-standard-1"
+  zone         = var.zone
+
+  boot_disk {
+    initialize_params {
+      image = module.gce-container.source_image
+    }
+  }
+
+  network_interface {
+    subnetwork_project = var.subnetwork_project
+    subnetwork         = var.subnetwork
+    access_config {}
+  }
+
+  tags = ["container-vm-example"]
+
+  metadata = merge(
+    {
+      gce-container-declaration = module.gce-container.metadata_value
+      google-logging-enabled    = "true"
+      google-monitoring-enabled = "true"
+    },
+    var.additional_metadata,
+  )
+
+  labels = {
+    container-vm = module.gce-container.vm_container_label
+  }
+
+  service_account {
+    email = var.client_email
+    scopes = [
+      "https://www.googleapis.com/auth/cloud-platform",
+    ]
+  }
+
+  metadata_startup_script = data.template_file.startup_script.rendered
+}

examples/instance_with_config_file/outputs.tf

@@ -0,0 +1,40 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "instance_name" {
+  description = "The deployed instance name"
+  value       = google_compute_instance.vm.name
+}
+
+output "vm_container_label" {
+  description = "The instance label containing container configuration"
+  value       = module.gce-container.vm_container_label
+}
+
+output "container" {
+  description = "The container metadata provided to the module"
+  value       = module.gce-container.container
+}
+
+output "volumes" {
+  description = "The volume metadata provided to the module"
+  value       = module.gce-container.volumes
+}
+
+output "ipv4" {
+  description = "The public IP address of the deployed instance"
+  value       = google_compute_instance.vm.network_interface.0.access_config.0.nat_ip
+}

examples/instance_with_config_file/startup.sh.tpl

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Generates a config file with templated values.
+#
+# Terraform interpolation uses standard shell interpolation syntax ($).
+# So shell interpolation inside a Terraform template must be escaped ($$).
+# Command substitution does not need escaping ($).
+
+set -o errexit -o nounset -o pipefail -o posix
+
+boot_timestamp="$(date --iso-8601=ns)"
+
+mkdir -p "$(dirname "${config_path}")"
+
+cat > "${config_path}" << EOF
+{
+    "instance_name": "${instance_name}",
+    "boot_timestamp": "$${boot_timestamp}",
+}
+EOF

examples/instance_with_config_file/variables.tf

@@ -0,0 +1,54 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The project ID to deploy resources into"
+}
+
+variable "subnetwork_project" {
+  description = "The project ID where the desired subnetwork is provisioned"
+}
+
+variable "subnetwork" {
+  description = "The name of the subnetwork to deploy instances into"
+}
+
+variable "instance_name" {
+  description = "The desired name to assign to the deployed instance"
+  default     = "hello-world-container-vm"
+}
+
+variable "zone" {
+  description = "The GCP zone to deploy instances into"
+  type        = string
+}
+
+variable "additional_metadata" {
+  type        = map(string)
+  description = "Additional metadata to attach to the instance"
+  default     = {}
+}
+
+variable "client_email" {
+  description = "Service account email address"
+  type        = string
+  default     = ""
+}
+
+variable "cos_image_name" {
+  description = "The forced COS image to use instead of latest"
+  default     = "cos-stable-77-12371-89-0"
+}