wip asm module

Author: bharathkkb

examples/simple_regional_with_asm/README.md

@@ -0,0 +1,44 @@
+# Simple Regional Cluster with ASM
+
+This example illustrates how to create a simple regional cluster with ASM.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| cluster\_name\_suffix | A suffix to append to the default cluster name | string | `""` | no |
+| ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes |
+| ip\_range\_services | The secondary ip range to use for services | string | n/a | yes |
+| network | The VPC network to host the cluster in | string | n/a | yes |
+| project\_id | The project ID to host the cluster in | string | n/a | yes |
+| region | The region to host the cluster in | string | n/a | yes |
+| subnetwork | The subnetwork to host the cluster in | string | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ca\_certificate |  |
+| client\_token |  |
+| cluster\_name | Cluster name |
+| identity\_namespace |  |
+| ip\_range\_pods | The secondary IP range used for pods |
+| ip\_range\_services | The secondary IP range used for services |
+| kubernetes\_endpoint |  |
+| location |  |
+| master\_kubernetes\_version | The master Kubernetes version |
+| network |  |
+| project\_id |  |
+| region |  |
+| service\_account | The default service account used for running nodes. |
+| subnetwork |  |
+| zones | List of zones in which the cluster resides |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure

examples/simple_regional_with_asm/main.tf

@@ -0,0 +1,59 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  cluster_type = "simple-regional-asm2"
+}
+
+provider "google-beta" {
+  version = "~> 3.19.0"
+  region  = var.region
+}
+
+data "google_project" "project" {
+  project_id = var.project_id
+}
+
+module "gke" {
+  source            = "../../modules/beta-public-cluster/"
+  project_id        = var.project_id
+  name              = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
+  regional          = true
+  region            = var.region
+  network           = var.network
+  subnetwork        = var.subnetwork
+  ip_range_pods     = var.ip_range_pods
+  ip_range_services = var.ip_range_services
+  network_policy    = false
+  cluster_resource_labels={"mesh_id":"proj-${data.google_project.project.number}"}
+  node_pools = [
+    {
+      name         = "asm-node-pool"
+      machine_type = "n1-standard-4"
+      min_count    = 2
+    },
+  ]
+}
+
+module "asm" {
+  source       = "../../modules/asm"
+  cluster_name = module.gke.name
+  project_id   = var.project_id
+  location     = module.gke.location
+}
+
+data "google_client_config" "default" {
+}

examples/simple_regional_with_asm/outputs.tf

@@ -0,0 +1,34 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "kubernetes_endpoint" {
+  sensitive = true
+  value     = module.gke.endpoint
+}
+
+output "client_token" {
+  sensitive = true
+  value     = base64encode(data.google_client_config.default.access_token)
+}
+
+output "ca_certificate" {
+  value = module.gke.ca_certificate
+}
+
+output "service_account" {
+  description = "The default service account used for running nodes."
+  value       = module.gke.service_account
+}

examples/simple_regional_with_asm/test_outputs.tf

@@ -0,0 +1,67 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// These outputs are used to test the module with kitchen-terraform
+// They do not need to be included in real-world uses of this module
+
+output "project_id" {
+  value = var.project_id
+}
+
+output "region" {
+  value = module.gke.region
+}
+
+output "cluster_name" {
+  description = "Cluster name"
+  value       = module.gke.name
+}
+
+output "network" {
+  value = var.network
+}
+
+output "subnetwork" {
+  value = var.subnetwork
+}
+
+output "location" {
+  value = module.gke.location
+}
+
+output "ip_range_pods" {
+  description = "The secondary IP range used for pods"
+  value       = var.ip_range_pods
+}
+
+output "ip_range_services" {
+  description = "The secondary IP range used for services"
+  value       = var.ip_range_services
+}
+
+output "zones" {
+  description = "List of zones in which the cluster resides"
+  value       = module.gke.zones
+}
+
+output "master_kubernetes_version" {
+  description = "The master Kubernetes version"
+  value       = module.gke.master_version
+}
+
+output "identity_namespace" {
+  value = module.gke.identity_namespace
+}

examples/simple_regional_with_asm/variables.tf

@@ -0,0 +1,44 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The project ID to host the cluster in"
+}
+
+variable "cluster_name_suffix" {
+  description = "A suffix to append to the default cluster name"
+  default     = ""
+}
+
+variable "region" {
+  description = "The region to host the cluster in"
+}
+
+variable "network" {
+  description = "The VPC network to host the cluster in"
+}
+
+variable "subnetwork" {
+  description = "The subnetwork to host the cluster in"
+}
+
+variable "ip_range_pods" {
+  description = "The secondary ip range to use for pods"
+}
+
+variable "ip_range_services" {
+  description = "The secondary ip range to use for services"
+}

examples/simple_regional_with_asm/versions.tf

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.12"
+}

modules/asm/main.tf

@@ -0,0 +1,43 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "asm_install" {
+  source  = "terraform-google-modules/gcloud/google"
+  version = "~> 1.0"
+
+  platform                          = "linux"
+  gcloud_sdk_version                = "292.0.0"
+  skip_download                     = var.skip_gcloud_download
+  upgrade                           = false
+  use_tf_google_credentials_env_var = true
+  additional_components             = ["kubectl", "kpt", "anthoscli", "alpha"]
+
+  create_cmd_entrypoint  = "${path.module}/scripts/install_asm.sh"
+  create_cmd_body        = "${var.project_id} ${var.cluster_name} ${var.location} ${var.asm_release_channel}"
+  destroy_cmd_entrypoint = "gcloud"
+  destroy_cmd_body       = "version"
+}
+
+resource "google_service_account" "gke_hub_sa" {
+  account_id   = "gke-hub-sa"
+  display_name = "Service Account"
+}
+
+resource "google_project_iam_member" "gke_hub_member" {
+  project = var.project_id
+  role    = "roles/gkehub.connect"
+  member  = "serviceAccount:${google_service_account.gke_hub_sa.email}"
+}

modules/asm/outputs.tf

@@ -0,0 +1,15 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */

modules/asm/scripts/install_asm.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+if [ "$#" -lt 4 ]; then
+    >&2 echo "Not all expected arguments set."
+    exit 1
+fi
+
+PROJECT_ID=$1
+CLUSTER_NAME=$2
+CLUSTER_LOCATION=$3
+ASM_CHANNEL=$4
+
+if [[ -d ./asm ]]; then
+    echo "Removing kpt asm directory"
+    rm -rf ./asm
+fi
+gcloud config set project ${PROJECT_ID}
+# gcloud auth list
+gcloud services enable meshca.googleapis.com
+kpt pkg get https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages.git/asm .
+kpt cfg set asm gcloud.core.project ${PROJECT_ID}
+kpt cfg set asm cluster-name ${CLUSTER_NAME}
+kpt cfg set asm gcloud.compute.zone ${CLUSTER_LOCATION}
+kpt cfg set asm gcloud.container.cluster.releaseChannel ${ASM_CHANNEL}
+anthoscli apply -f asm
+kubectl wait --for=condition=available --timeout=600s deployment --all -n istio-system