Automate tenant resource provisioning #197

ferrarimarco · 2023-06-23T10:32:47Z

This PR does the following:

Provision a Cloud Source Repository to store cluster configuration.
Use a service account and workload identity to authorize Config Sync to access the provisioned Cloud Source Repository.
Automatically generate tenant configuration from the Kpt template package, according to the tenants that the blueprint user specified.
Remove the fltenant1 package because we generate it dynamically.
Update related comments and documentation.
Fix an issue with setting firewall rules that were using destination_ranges instead of ranges. It worked because the resulting resource defaults to 0.0.0.0/0, but it causes diffs and potential issues after the first terraform apply.
Use the right istio.io/rev label value to configure a managed ASM control plane.

Dependencies:

feat: support configuring ACM git service account email terraform-google-modules/terraform-google-kubernetes-engine#1685

ferrarimarco added documentation Improvements or additions to documentation enhancement New feature or request terraform Pull requests that update Terraform code labels Jun 23, 2023

ferrarimarco self-assigned this Jun 23, 2023

ferrarimarco force-pushed the multi-tenant-refactor branch from 8d35880 to 6958eb5 Compare June 23, 2023 11:48

ferrarimarco added 25 commits July 3, 2023 10:47

Automate tenant resource provisioning

0c270b7

Configure Source repo

97e67e6

Fix IAM

c0f1097

Enable source repos api

436a49b

Fix secret type

fa18117

Configure source repos DNS records

160a501

Scripts

007d982

Check args

a100e32

Check repo

35ef136

Copy

4b959fd

Fix path

bbf23a8

Tenant name output

8494363

tenant vars

4c9eb83

ACM branch

176b6f5

Fix script

628cd2a

Cname

a8ad6a8

Workload id

d248b4b

Check args

92230b7

Update docs

1177ef0

Dynamically create acm dir

63a4e5b

Don't iterate

627d80d

Self ref

ba26034

checkout

e1543e2

Triggers

3ab271b

Extract script

d9d38d4

ferrarimarco added 27 commits July 3, 2023 15:12

fix replace

d88a49f

List files

2788fb9

Generate tenant config

ac4f0ff

Fix local ref

b183e8b

Update triggers

f81ebd5

Add tenant_name

5120d34

Fix paths

48a3a2a

Fix commands

48bee5f

Fix commands

7dde228

Fix commands

ded119a

Fix commands

cd97ef1

Fix commands

c0a8efa

Fix commands

94de22b

Fix module path

1fd22d4

Use email

7e24a9e

Fix trigger id

d493f30

Fix delete command

d52da0d

Trigger on kpt package changes

4be75ee

Exclude main tenant

669d64e

Exclude main tenant

43948df

Remove unneeded outputs

9003190

Commit changes

b93c02b

Fix git command

052701d

Fix ASM label

96012c7

always run

48ade45

Deps

93ee6bb

Fix git script

e0134fd

ferrarimarco marked this pull request as ready for review July 4, 2023 14:35

ferrarimarco merged commit 3785968 into main Jul 4, 2023
6 checks passed

ferrarimarco deleted the multi-tenant-refactor branch July 4, 2023 14:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Automate tenant resource provisioning #197

Automate tenant resource provisioning #197

ferrarimarco commented Jun 23, 2023 •

edited

Loading

Automate tenant resource provisioning #197

Automate tenant resource provisioning #197

Conversation

ferrarimarco commented Jun 23, 2023 • edited Loading

ferrarimarco commented Jun 23, 2023 •

edited

Loading