Change example to use google_container_cluster

Sam Naser · Sam Naser · commit 090535988ca2 · 2022-02-01T17:51:44.000-08:00
diff --git a/examples/simple_zonal_with_asm/hub.tf b/examples/simple_zonal_with_asm/hub.tf
@@ -14,11 +14,20 @@
  * limitations under the License.
  */
 
-module "hub" {
-  source                  = "../../modules/hub"
-  project_id              = var.project_id
-  location                = module.gke.location
-  cluster_name            = module.gke.name
-  cluster_endpoint        = module.gke.endpoint
-  gke_hub_membership_name = "gke-asm-membership"
+resource "google_gke_hub_membership" "cluster_membership" {
+  provider = google-beta
+  project = var.project_id
+  membership_id = "${google_container_cluster.primary.name}-membership"
+  endpoint{
+    gke_cluster {
+      resource_link = "//container.googleapis.com/${google_container_cluster.primary.id}"
+    }
+  }
+}
+# enable Anthos Configmanagement feature on the project.
+resource "google_gke_hub_feature" "mesh_feature" {
+  name = "servicemesh"
+  project = var.project_id
+  location = "global"
+  provider = google-beta
 }
diff --git a/examples/simple_zonal_with_asm/main.tf b/examples/simple_zonal_with_asm/main.tf
@@ -21,52 +21,42 @@ locals {
 data "google_client_config" "default" {}
 
 provider "kubernetes" {
-  host                   = "https://${module.gke.endpoint}"
+  host                   = "https://${google_container_cluster.primary.endpoint}"
   token                  = data.google_client_config.default.access_token
-  cluster_ca_certificate = base64decode(module.gke.ca_certificate)
+  cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth[0].cluster_ca_certificate)
 }
 
 data "google_project" "project" {
   project_id = var.project_id
 }
 
-module "gke" {
-  source                  = "../../"
-  project_id              = var.project_id
-  name                    = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
-  regional                = false
-  region                  = var.region
-  zones                   = var.zones
-  release_channel         = "REGULAR"
-  network                 = var.network
-  subnetwork              = var.subnetwork
-  ip_range_pods           = var.ip_range_pods
-  ip_range_services       = var.ip_range_services
-  network_policy          = false
-  cluster_resource_labels = { "mesh_id" : "proj-${data.google_project.project.number}" }
-  node_pools = [
-    {
-      name         = "asm-node-pool"
-      autoscaling  = false
-      auto_upgrade = true
-      # ASM requires minimum 4 nodes and e2-standard-4
-      node_count   = 4
-      machine_type = "e2-standard-4"
-    },
-  ]
+resource "google_container_cluster" "primary" {
+  name               = "drew-barrymore"
+  project = var.project_id
+  location           = "us-central1-a"
+  initial_node_count = 3
+  workload_identity_config {
+    identity_namespace = "${var.project_id}.svc.id.goog"
+  }
+  node_config {
+    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/cloud-platform"
+    ]
+    labels = {
+      foo = "bar"
+    }
+    tags = ["foo", "bar"]
+  }
+  timeouts {
+    create = "30m"
+    update = "40m"
+  }
 }
 
 module "asm" {
   source                    = "../../modules/asm"
-  cluster_name              = module.gke.name
-  cluster_endpoint          = module.gke.endpoint
   project_id                = var.project_id
-  location                  = module.gke.location
-  enable_cluster_roles      = true
-  enable_cluster_labels     = true
-  enable_gcp_apis           = true
-  enable_gcp_components     = true
-  enable_namespace_creation = true
-  options                   = ["envoy-access-log"]
-  outdir                    = "./${module.gke.name}-outdir"
+  cluster_name              = google_container_cluster.primary.name
+  cluster_location          = google_container_cluster.primary.location
 }
diff --git a/examples/simple_zonal_with_asm/outputs.tf b/examples/simple_zonal_with_asm/outputs.tf
@@ -1,35 +0,0 @@
-/**
- * Copyright 2018 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-output "kubernetes_endpoint" {
-  sensitive = true
-  value     = module.gke.endpoint
-}
-
-output "client_token" {
-  sensitive = true
-  value     = base64encode(data.google_client_config.default.access_token)
-}
-
-output "ca_certificate" {
-  sensitive = true
-  value     = module.gke.ca_certificate
-}
-
-output "service_account" {
-  description = "The default service account used for running nodes."
-  value       = module.gke.service_account
-}
diff --git a/examples/simple_zonal_with_asm/test_outputs.tf b/examples/simple_zonal_with_asm/test_outputs.tf
@@ -1,67 +0,0 @@
-/**
- * Copyright 2018 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-// These outputs are used to test the module with kitchen-terraform
-// They do not need to be included in real-world uses of this module
-
-output "project_id" {
-  value = var.project_id
-}
-
-output "region" {
-  value = module.gke.region
-}
-
-output "cluster_name" {
-  description = "Cluster name"
-  value       = module.gke.name
-}
-
-output "network" {
-  value = var.network
-}
-
-output "subnetwork" {
-  value = var.subnetwork
-}
-
-output "location" {
-  value = module.gke.location
-}
-
-output "ip_range_pods" {
-  description = "The secondary IP range used for pods"
-  value       = var.ip_range_pods
-}
-
-output "ip_range_services" {
-  description = "The secondary IP range used for services"
-  value       = var.ip_range_services
-}
-
-output "zones" {
-  description = "List of zones in which the cluster resides"
-  value       = module.gke.zones
-}
-
-output "master_kubernetes_version" {
-  description = "The master Kubernetes version"
-  value       = module.gke.master_version
-}
-
-output "identity_namespace" {
-  value = module.gke.identity_namespace
-}
diff --git a/modules/asm/scripts/create_cpr.sh b/modules/asm/scripts/create_cpr.sh
@@ -21,6 +21,9 @@ if [ "$#" -lt 3 ]; then
     exit 1
 fi
 
+echo "Sleeping for CPR... do retries instead..."
+sleep 30
+
 REVISION_NAME=$1; shift
 CHANNEL=$1; shift
 ENABLE_CNI=$1; shift
