This module installs Anthos Service Mesh (ASM) in a Kubernetes Engine (GKE) cluster.
The ASM module requires Terraform 0.14+. There are a few prerequisites to using this module that can be done either through Terraform and/or manually:
- Enable the
mesh.googleapis.comservice - Enable the GKEhub
servicemeshfeature - Register target cluster to the servicemesh-enabled hub
- Configure the Kubernetes Provider for the target cluster, for example:
provider "kubernetes" {
host = "https://${module.gke.endpoint}"
token = data.google_client_config.default.access_token
cluster_ca_certificate = base64decode(module.gke.ca_certificate)
}
data "google_client_config" "default" {}There is a full example provided here. Detailed usage example is as follows:
module "asm" {
source = "terraform-google-modules/kubernetes-engine/google//modules/asm"
project_id = var.project_id
cluster_name = module.gke.name
cluster_location = module.gke.location
enable_cni = true
}Note that the mesh_id label on the cluster is required for metrics to get displayed on the Anthos Service Mesh pages in the Cloud console (Topology, etc.). Illustrated with the full example mentioned above, here is an example of what your cluster should have:
module "gke" {
...
cluster_resource_labels = { "mesh_id" : "proj-${data.google_project.project.number}" }
...
}To deploy this config:
- Run
terraform apply
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| channel | The channel to use for this ASM installation. | string |
"" |
no |
| cluster_location | The cluster location for this ASM installation. | string |
n/a | yes |
| cluster_name | The unique name to identify the cluster in ASM. | string |
n/a | yes |
| create_system_namespace | Determines whether the module creates the istio-system namespace. | bool |
true |
no |
| enable_cni | Determines whether to enable CNI for this ASM installation. Required to use Managed Data Plane (MDP). | bool |
false |
no |
| enable_fleet_registration | Determines whether the module registers the cluster to the fleet. | bool |
false |
no |
| enable_mesh_feature | Determines whether the module enables the mesh feature on the fleet. | bool |
false |
no |
| enable_vpc_sc | Determines whether to enable VPC-SC for this ASM installation. For more information read VPC Service Controls for Managed Anthos Service Mesh | bool |
false |
no |
| fleet_id | The fleet to use for this ASM installation. | string |
"" |
no |
| internal_ip | Use internal ip for the cluster endpoint when running kubectl commands. | bool |
false |
no |
| mesh_management | ASM Management mode. For more information, see the gke_hub_feature_membership resource documentation | string |
"" |
no |
| module_depends_on | List of modules or resources this module depends on. If multiple, all items must be the same type. | list(any) |
[] |
no |
| multicluster_mode | [Preview] Determines whether remote secrets should be autogenerated across fleet cluster. | string |
"manual" |
no |
| project_id | The project in which the resource belongs. | string |
n/a | yes |
| Name | Description |
|---|---|
| revision_name | The name of the installed managed ASM revision. |
| wait | An output to use when depending on the ASM installation finishing. |