From 720213593e018cb799e039ce568124f9b3b9b011 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= Date: Wed, 18 Jan 2023 14:56:12 +0100 Subject: [PATCH 1/4] Use google_gkehub_feature_membership Use google_gkehub_feature_membership to provision ASM on clusters. Ensure that the cluster membership is refreshed on cluster recreation. --- .../ansible/roles/install/tasks/install.yaml | 19 ------------------- modules/gke-hub/main.tf | 16 +++++++++++++++- 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/install.yaml b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/install.yaml index b81c49622a..f59f03e3da 100644 --- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/install.yaml +++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/install.yaml @@ -23,25 +23,6 @@ set_fact: context: "gke_{{ project_id }}_{{ region }}_{{ cluster }}" -- name: Install ASM in cluster - shell: > - gcloud container fleet mesh update \ - --control-plane automatic \ - --memberships {{ cluster }} \ - --project {{ project_id }} - -- name: Wait until MCP is provisioned - shell: > - for i in $(seq 12); do - result=$(gcloud container fleet mesh describe --project {{ project_id }} --format json \ - | jq -r '.membershipStates | to_entries[] | select(.key | endswith("{{ cluster }}")) | .value.servicemesh.controlPlaneManagement.state') - if [ "$result" = "ACTIVE" ]; then - break - fi - echo "ASM control plane is not ready yet..." - sleep 60 - done - - name: Get endpoint IP shell: > gcloud container clusters describe "{{ cluster }}" \ diff --git a/modules/gke-hub/main.tf b/modules/gke-hub/main.tf index f433d32274..aa89c1dc03 100644 --- a/modules/gke-hub/main.tf +++ b/modules/gke-hub/main.tf @@ -38,7 +38,7 @@ resource "google_gke_hub_membership" "default" { provider = google-beta for_each = var.clusters project = var.project_id - membership_id = each.key + membership_id = reverse(split("/", each.value))[0] # forces re-enrollment of the cluster in the fleet in case when cluster is recreated endpoint { gke_cluster { resource_link = each.value @@ -70,6 +70,20 @@ resource "google_gke_hub_feature" "default" { } } +resource "google_gke_hub_feature_membership" "servicemesh" { + provider = google-beta + for_each = var.features.servicemesh ? var.clusters : {} + project = var.project_id + location = "global" + feature = google_gke_hub_feature.default["servicemesh"].name + membership = google_gke_hub_membership.default[each.key].membership_id + + mesh { + management = "MANAGEMENT_AUTOMATIC" + control_plane = "AUTOMATIC" + } +} + resource "google_gke_hub_feature_membership" "default" { provider = google-beta for_each = local.cluster_cm_config From 10e462d5941ddcc88066bcdb9df385713f304928 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= Date: Wed, 18 Jan 2023 15:29:02 +0100 Subject: [PATCH 2/4] Fix tests for servicemesh --- modules/gke-hub/README.md | 2 +- tests/modules/gke_hub/fixture/variables.tf | 2 +- tests/modules/gke_hub/test_plan.py | 6 +++++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/modules/gke-hub/README.md b/modules/gke-hub/README.md index 0f4c5ae8fd..de17b52004 100644 --- a/modules/gke-hub/README.md +++ b/modules/gke-hub/README.md @@ -295,7 +295,7 @@ module "hub" { ] } -# tftest modules=8 resources=28 +# tftest modules=8 resources=38 ``` diff --git a/tests/modules/gke_hub/fixture/variables.tf b/tests/modules/gke_hub/fixture/variables.tf index 5c5c106f28..1d76d4f978 100644 --- a/tests/modules/gke_hub/fixture/variables.tf +++ b/tests/modules/gke_hub/fixture/variables.tf @@ -31,7 +31,7 @@ variable "features" { configmanagement = true identityservice = false multiclusteringress = null - servicemesh = false + servicemesh = true multiclusterservicediscovery = false } } diff --git a/tests/modules/gke_hub/test_plan.py b/tests/modules/gke_hub/test_plan.py index 3552181341..8a71d12b57 100644 --- a/tests/modules/gke_hub/test_plan.py +++ b/tests/modules/gke_hub/test_plan.py @@ -23,11 +23,14 @@ def resources(plan_runner): def test_resource_count(resources): "Test number of resources created." - assert len(resources) == 5 + assert len(resources) == 8 assert sorted(r['address'] for r in resources) == [ 'module.hub.google_gke_hub_feature.default["configmanagement"]', + 'module.hub.google_gke_hub_feature.default["servicemesh"]', 'module.hub.google_gke_hub_feature_membership.default["cluster-1"]', 'module.hub.google_gke_hub_feature_membership.default["cluster-2"]', + 'module.hub.google_gke_hub_feature_membership.servicemesh["cluster-1"]', + 'module.hub.google_gke_hub_feature_membership.servicemesh["cluster-2"]', 'module.hub.google_gke_hub_membership.default["cluster-1"]', 'module.hub.google_gke_hub_membership.default["cluster-2"]' ] @@ -58,6 +61,7 @@ def test_configmanagement_setup(resources): 'sync_wait_secs': None }], + 'oci': [], 'prevent_drift': False, 'source_format': 'hierarchy' }], From b38ef22572afd18182ac78c38a37dea7f7b2090a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= Date: Wed, 18 Jan 2023 16:10:20 +0100 Subject: [PATCH 3/4] Even more test fixes --- blueprints/gke/multitenant-fleet/README.md | 2 +- modules/gke-hub/README.md | 2 +- .../gke/multi_cluster_mesh_gke_fleet_api/test_plan.py | 2 +- tests/modules/gke_hub/test_plan.py | 1 - 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/blueprints/gke/multitenant-fleet/README.md b/blueprints/gke/multitenant-fleet/README.md index 52f26ceddc..ce14b5a0f2 100644 --- a/blueprints/gke/multitenant-fleet/README.md +++ b/blueprints/gke/multitenant-fleet/README.md @@ -224,7 +224,7 @@ module "gke" { } } -# tftest modules=8 resources=35 +# tftest modules=8 resources=37 ``` diff --git a/modules/gke-hub/README.md b/modules/gke-hub/README.md index de17b52004..17d7b427a4 100644 --- a/modules/gke-hub/README.md +++ b/modules/gke-hub/README.md @@ -295,7 +295,7 @@ module "hub" { ] } -# tftest modules=8 resources=38 +# tftest modules=8 resources=30 ``` diff --git a/tests/blueprints/gke/multi_cluster_mesh_gke_fleet_api/test_plan.py b/tests/blueprints/gke/multi_cluster_mesh_gke_fleet_api/test_plan.py index 270a142d1d..2379849dcc 100644 --- a/tests/blueprints/gke/multi_cluster_mesh_gke_fleet_api/test_plan.py +++ b/tests/blueprints/gke/multi_cluster_mesh_gke_fleet_api/test_plan.py @@ -16,4 +16,4 @@ def test_resources(e2e_plan_runner): "Test that plan works and the numbers of resources is as expected." modules, resources = e2e_plan_runner() assert len(modules) == 12 - assert len(resources) == 53 + assert len(resources) == 55 diff --git a/tests/modules/gke_hub/test_plan.py b/tests/modules/gke_hub/test_plan.py index 8a71d12b57..51258c8316 100644 --- a/tests/modules/gke_hub/test_plan.py +++ b/tests/modules/gke_hub/test_plan.py @@ -61,7 +61,6 @@ def test_configmanagement_setup(resources): 'sync_wait_secs': None }], - 'oci': [], 'prevent_drift': False, 'source_format': 'hierarchy' }], From 0ea769e70ff4a16942e29c5e397a0d4f9e3a99b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= Date: Thu, 19 Jan 2023 10:54:27 +0100 Subject: [PATCH 4/4] Revert to use each.key for membership It's not needed to force recreation of membership when workload identity is configured. --- modules/gke-hub/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/gke-hub/main.tf b/modules/gke-hub/main.tf index aa89c1dc03..ddd35a4627 100644 --- a/modules/gke-hub/main.tf +++ b/modules/gke-hub/main.tf @@ -38,7 +38,7 @@ resource "google_gke_hub_membership" "default" { provider = google-beta for_each = var.clusters project = var.project_id - membership_id = reverse(split("/", each.value))[0] # forces re-enrollment of the cluster in the fleet in case when cluster is recreated + membership_id = each.key endpoint { gke_cluster { resource_link = each.value