diff --git a/examples/simple_zonal_with_asm/hub.tf b/examples/simple_zonal_with_asm/hub.tf index 2cbfd291e8..79d9fdb2b6 100644 --- a/examples/simple_zonal_with_asm/hub.tf +++ b/examples/simple_zonal_with_asm/hub.tf @@ -15,10 +15,10 @@ */ resource "google_gke_hub_membership" "cluster_membership" { - provider = google-beta - project = var.project_id + provider = google-beta + project = var.project_id membership_id = "${module.gke.name}-membership" - endpoint{ + endpoint { gke_cluster { resource_link = "//container.googleapis.com/${module.gke.cluster_id}" } diff --git a/examples/simple_zonal_with_asm/main.tf b/examples/simple_zonal_with_asm/main.tf index 4538268116..a1f30659f5 100644 --- a/examples/simple_zonal_with_asm/main.tf +++ b/examples/simple_zonal_with_asm/main.tf @@ -57,9 +57,9 @@ module "gke" { } module "asm" { - source = "../../modules/asm" - cluster_name = module.gke.name - cluster_location = module.gke.location - project_id = var.project_id - location = module.gke.location + source = "../../modules/asm" + cluster_name = module.gke.name + cluster_location = module.gke.location + project_id = var.project_id + location = module.gke.location } diff --git a/modules/asm/main.tf b/modules/asm/main.tf index cef31f2f3a..473a34b70b 100644 --- a/modules/asm/main.tf +++ b/modules/asm/main.tf @@ -16,19 +16,19 @@ locals { // GKE release channel is a list with max length 1 https://github.com/hashicorp/terraform-provider-google/blob/9d5f69f9f0f74f1a8245f1a52dd6cffb572bbce4/google/resource_container_cluster.go#L954 - gke_release_channel = length(data.google_container_cluster.asm_cluster.release_channel) > 0 ? data.google_container_cluster.asm_cluster.release_channel[0].channel : "" + gke_release_channel = length(data.google_container_cluster.asm_cluster.release_channel) > 0 ? data.google_container_cluster.asm_cluster.release_channel[0].channel : "" gke_release_channel_fixed = local.gke_release_channel == "UNSPECIFIED" ? "" : local.gke_release_channel // In order or precedence, use (1) user specified channel, (2) GKE release channel, and (3) regular channel - channel = lower(coalesce(var.channel, local.gke_release_channel_fixed, "regular")) - revision_name = "asm-managed${local.channel == "regular" ? "" : "-${local.channel}"}" + channel = lower(coalesce(var.channel, local.gke_release_channel_fixed, "regular")) + revision_name = "asm-managed${local.channel == "regular" ? "" : "-${local.channel}"}" mesh_config_name = "istio-${local.revision_name}" // CNI should be enabled if either enable_cni or enable_mdp are set enable_cni = var.enable_cni || var.enable_mdp } data "google_container_cluster" "asm_cluster" { - project = var.project_id - name = var.cluster_name + project = var.project_id + name = var.cluster_name location = var.cluster_location // This evaluates during planning phase unless we explicitly require a dependency on @@ -44,21 +44,21 @@ resource "kubernetes_namespace" "system_namespace" { } resource "kubernetes_config_map" "mesh_config" { - metadata { - name = local.mesh_config_name - namespace = kubernetes_namespace.system_namespace.metadata[0].name - labels = { - "istio.io/rev" = local.revision_name - } - } - data = { - mesh = yamlencode(var.mesh_config) + metadata { + name = local.mesh_config_name + namespace = kubernetes_namespace.system_namespace.metadata[0].name + labels = { + "istio.io/rev" = local.revision_name } + } + data = { + mesh = yamlencode(var.mesh_config) + } } resource "kubernetes_config_map" "asm_options" { metadata { - name = "asm-options" + name = "asm-options" namespace = kubernetes_namespace.system_namespace.metadata[0].name } @@ -68,18 +68,18 @@ resource "kubernetes_config_map" "asm_options" { } resource "google_gke_hub_feature" "mesh_feature" { - name = "servicemesh" - project = var.project_id + name = "servicemesh" + project = var.project_id location = "global" provider = google-beta } module "cpr" { - source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper" + source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper" - project_id = var.project_id - cluster_name = var.cluster_name - cluster_location = var.cluster_location + project_id = var.project_id + cluster_name = var.cluster_name + cluster_location = var.cluster_location kubectl_create_command = "${path.module}/scripts/create_cpr.sh ${local.revision_name} ${local.channel} ${local.enable_cni}" kubectl_destroy_command = "${path.module}/scripts/destroy_cpr.sh ${local.revision_name}" diff --git a/modules/asm/outputs.tf b/modules/asm/outputs.tf index 969ff8699c..4a82664e70 100644 --- a/modules/asm/outputs.tf +++ b/modules/asm/outputs.tf @@ -15,6 +15,6 @@ */ output "revision_name" { - value = local.revision_name + value = local.revision_name description = "The name of the installed managed ASM revision." } diff --git a/modules/asm/scripts/create_cpr.sh b/modules/asm/scripts/create_cpr.sh index dc706757a9..2cf074b84c 100755 --- a/modules/asm/scripts/create_cpr.sh +++ b/modules/asm/scripts/create_cpr.sh @@ -23,8 +23,17 @@ fi # Wait for the CRD to get created before creating the CPR. readonly CPR_RESOURCE=controlplanerevisions.mesh.cloud.google.com -for i in {1..6}; do kubectl get crd ${CPR_RESOURCE} && break || sleep 10; done -kubectl wait --for condition=established --timeout=60s crd/${CPR_RESOURCE} +for _i in {1..6}; do + echo "Ensuring ControlPlaneRevision exists in cluster... attempt ${_i}" + if kubectl get crd "${CPR_RESOURCE}" + then + break + else + sleep 10 + fi +done + +kubectl wait --for condition=established --timeout=60s crd/"${CPR_RESOURCE}" REVISION_NAME=$1; shift CHANNEL=$1; shift @@ -43,4 +52,4 @@ spec: channel: "${CHANNEL}" EOF -kubectl wait -n istio-system --for=condition=Reconciled controlplanerevision/${REVISION_NAME} --timeout 5m +kubectl wait -n istio-system --for=condition=Reconciled controlplanerevision/"${REVISION_NAME}" --timeout 5m diff --git a/modules/asm/scripts/destroy_cpr.sh b/modules/asm/scripts/destroy_cpr.sh index 752c8d8bf2..6c8b4f8e71 100755 --- a/modules/asm/scripts/destroy_cpr.sh +++ b/modules/asm/scripts/destroy_cpr.sh @@ -23,6 +23,6 @@ fi REVISION_NAME=$1; shift -if !kubectl delete controlplanerevision -n istio-system ${REVISION_NAME} ; then +if ! kubectl delete controlplanerevision -n istio-system "${REVISION_NAME}" ; then echo "ControlPlaneRevision ${REVISION_NAME} not found" fi diff --git a/modules/asm/variables.tf b/modules/asm/variables.tf index 54223325ec..7885ceea29 100644 --- a/modules/asm/variables.tf +++ b/modules/asm/variables.tf @@ -16,22 +16,22 @@ variable "project_id" { description = "The project in which the resource belongs." - type = string + type = string } variable "cluster_name" { description = "The unique name to identify the cluster in ASM." - type = string + type = string } variable "cluster_location" { description = "The cluster location for this ASM installation." - type = string + type = string } variable "channel" { description = "The channel to use for this ASM installation." - type = string + type = string validation { condition = anytrue([ var.channel == "rapid", @@ -46,26 +46,26 @@ variable "channel" { variable "enable_cni" { description = "Determines whether to enable CNI for this ASM installation." - type = bool - default = true + type = bool + default = true } // This should be validated so that it cannot be enabled while CNI is disabled // but validating based on other variables is not possible today (https://github.com/hashicorp/terraform/issues/25609) variable "enable_mdp" { description = "Determines whether to enable Managed Data Plane (MDP) for this ASM installation." - type = bool - default = true + type = bool + default = true } variable "enable_cross_cluster_service_discovery" { description = "Determines whether to enable cross-cluster service discovery between this cluster and other clusters in the fleet." - type = bool - default = false + type = bool + default = false } variable "mesh_config" { description = "MeshConfig specifies configuration available to the control plane. The full list of options can be found at https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig" - type = map - default = {} + type = map(any) + default = {} }