The v20.0 release of kubernetes-engine is a backwards incompatible release for the Anthos Service Mesh (ASM) module.
The ASM submodule has been rewritten to use the ControlPlaneRevision API to provision
a managed control plane rather than using an installer script. Due to implementation differences, there are migration steps required to safely move from
an installation performed with the old module to using the new module. NOTE: these migration steps are best-effort and have not been tested against all possible ASM configurations.
- Run
terraform state rm module.asm - Update the module version to v20.0
- Import the system namespace into the new module with
terraform import module.asm.kubernetes_namespace.system istio-system - Run
terraform apply
There should be two ASM revisions present at this point (in-cluster or managed, depending on whether the previous installation was managed). Now, we must perform a canary upgrade to move workloads onto the new ASM revision. To do this:
- Relabel namespaces to use the revision label from the managed revision (
asm-managed,asm-managed-stable, orasm-managed-rapid) - Rollout workloads in those namespaces to get them onto the new ASM version
- [Optional] Remove the previous revision with
istioctl x uninstall --revision ...(if the previous installation was in-cluster)
Another difference from the previous module is that the new ASM module does not provide variables for option configuration (e.g. custom_overlay, options). For the new version these should be managed separately
outside the module. This is because those options were tightly coupled to pulling down an installer which the new module does not do. To use options specified in the previous module with the new module find the corresponding configuration here and move the
config to the mesh configuration for the managed revision.
The Terraform Kubernetes Engine Module now requires version 4.10 or higher of the Google Cloud Platform Provider and 4.10 or higher of the Google Cloud Platform Beta Provider.