terraform-google-modules · YpNo · May 9, 2021 · May 9, 2021 · May 9, 2021 · May 9, 2021
@@ -19,6 +19,29 @@ module "asm" {
 }
 ```
 
+Advanced example:
+```tf
+module "asm" {
+  source           = "terraform-google-modules/kubernetes-engine/google//modules/asm"
+
+  project_id       = "my-project-id"
+  cluster_name     = "my-cluster-name"
+  location         = module.gke.location
+  cluster_endpoint = module.gke.endpoint
+
+  asm_dir              = "asm-dir-${module.gke.name}"
+  asm_version          = "1.9"
+  managed              = true
+  enable_registration  = true
+  enable_cluster_roles = true
+  custom_overlay_file  = "${path.cwd}/../asm/istio-operator.yaml"
+
+  depends_on = [
+    module.gke.google_container_node_pool
+  ]
+}
+```
+
 To deploy this config:
 1. Run `terraform apply`
 
@@ -37,11 +60,20 @@ To deploy this config:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| asm\_dir | Name of directory to keep ASM resource config files. | `string` | `"asm-dir"` | no |
-| asm\_version | ASM version to deploy. Available versions are documented in https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages | `string` | `"1.8"` | no |
+| asm\_dir | Name of directory to keep ASM resource config files. | `string` | `""` | no |
+| asm\_version | ASM version to deploy. Available versions are documented in https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages | `string` | `"1.9"` | no |
 | cluster\_endpoint | The GKE cluster endpoint. | `string` | n/a | yes |
 | cluster\_name | The unique name to identify the cluster in ASM. | `string` | n/a | yes |
-| gcloud\_sdk\_version | The gcloud sdk version to use. Minimum required version is 293.0.0 | `string` | `"296.0.1"` | no |
+| custom\_overlay\_file | Path of the custom overlay file. | `string` | `""` | no |
+| disable\_canonical\_service | Whether the canonical service should be disabled. | `bool` | `false` | no |
+| enable\_all | Whether you want to enable all asm script option. | `bool` | `false` | no |
+| enable\_cluster\_labels | Whether the ASM's GKE cluster labels should be added. | `bool` | `false` | no |
+| enable\_cluster\_roles | Whether the needed cluster roles should be added. | `bool` | `false` | no |
+| enable\_gcp\_apis | Whether the needed GCP APIs should be activated. | `bool` | `false` | no |
+| enable\_gcp\_components | Whether `workload_identity` and `stackdriver-kubernetes` should be activated. | `bool` | `false` | no |
+| enable\_gcp\_iam\_roles | Whether the `resourcemanager.projectIamAdmin` IAM roles should be set. | `bool` | `false` | no |
+| enable\_registration | Whether the cluster registration should be managed. | `bool` | `false` | no |
+| gcloud\_sdk\_version | The gcloud sdk version to use. Minimum required version is 293.0.0 | `string` | `"337.0.0"` | no |
 | location | The location (zone or region) this cluster has been created in. | `string` | n/a | yes |
 | managed | Whether the control plane should be managed. | `bool` | `false` | no |
 | project\_id | The project in which the resource belongs. | `string` | n/a | yes |
@@ -53,4 +85,5 @@ To deploy this config:
 |------|-------------|
 | asm\_wait | An output to use when you want to depend on ASM finishing |
 
- <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
@@ -19,12 +19,13 @@ data "google_project" "asm_project" {
 }
 
 locals {
-  kubectl_create_command_base = "${path.module}/scripts/install_asm.sh ${var.project_id} ${var.cluster_name} ${var.location} ${var.asm_version}"
+  options                     = "\"${var.asm_dir}\" ${var.managed} ${var.enable_all} ${var.enable_cluster_labels} ${var.enable_cluster_roles} ${var.enable_gcp_apis} ${var.enable_gcp_iam_roles} ${var.enable_gcp_components} ${var.enable_registration} ${var.disable_canonical_service} \"${var.custom_overlay_file}\""
+  kubectl_create_command_base = "${path.module}/scripts/install_asm.sh ${var.project_id} ${var.cluster_name} ${var.location} ${var.asm_version} ${local.options}"
 }
 
 module "asm_install" {
   source            = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper"
-  version           = "~> 2.0.2"
+  version           = "~> 2.0.3"
   module_depends_on = [var.cluster_endpoint]
 
   gcloud_sdk_version       = var.gcloud_sdk_version
@@ -35,6 +36,6 @@ module "asm_install" {
   project_id               = var.project_id
   service_account_key_file = var.service_account_key_file
 
-  kubectl_create_command  = var.managed ? "${local.kubectl_create_command_base} ${var.managed}" : local.kubectl_create_command_base
+  kubectl_create_command  = local.kubectl_create_command_base
   kubectl_destroy_command = "kubectl delete ns istio-system"
 }
@@ -25,7 +25,17 @@ PROJECT_ID=$1
 CLUSTER_NAME=$2
 CLUSTER_LOCATION=$3
 ASM_VERSION=$4
-MANAGED=$5
+ASM_CONFIG_OUTPUT_PATH=$5
+MANAGED=${6:-false}
+ENABLE_ALL=${7:-false}
+ENABLE_CLUSTER_LABELS=${8:-false}
+ENABLE_CLUSTER_ROLES=${9:-false}
+ENABLE_GCP_APIS=${10:-false}
+ENABLE_GCP_IAM_ROLES=${11:-false}
+ENABLE_GCP_COMPONENTS=${12:-false}
+ENABLE_REGISTRATION=${13:-false}
+DISABLE_CANNONICAL_SERVICE=${14:-false}
+CUSTOM_OVERLAY_FILE=${15}
 MODE="install"
 
 # Download the correct version of the install_asm script
@@ -38,15 +48,53 @@ declare -a params=(
     "--cluster_name ${CLUSTER_NAME}"
     "--cluster_location ${CLUSTER_LOCATION}"
     "--mode ${MODE}"
-    "--enable_cluster_labels"
-    "--enable_cluster_roles"
 )
 
+# Add the --output_dir param if ASM_CONFIG_OUTPUT_PATH is not empty
+if [[ -n "${ASM_CONFIG_OUTPUT_PATH}" ]]; then
+    params+=("--output_dir ${ASM_CONFIG_OUTPUT_PATH}")
+fi
+
 # Add the --managed param if MANAGED is set to true
 if [[ "${MANAGED}" == true ]]; then
     params+=("--managed")
 fi
 
+# Add the --enable_all param if ENABLE_ALL is set to true
+# Otherwise the script will check value of all "ENABLE_*" variables and add them to the command line if they are set to true
+if [[ "${ENABLE_ALL}" == true ]]; then
+    params+=("--enable_all")
+else
+    if [[ "${ENABLE_CLUSTER_LABELS}" == true ]]; then
+        params+=("--enable_cluster_labels")
+    fi
+    if [[ "${ENABLE_CLUSTER_ROLES}" == true ]]; then
+        params+=("--enable_cluster_roles")
+    fi
+    if [[ "${ENABLE_GCP_APIS}" == true ]]; then
+        params+=("--enable_gcp_apis")
+    fi
+    if [[ "${ENABLE_GCP_IAM_ROLES}" == true ]]; then
+        params+=("--enable_gcp_iam_roles")
+    fi
+    if [[ "${ENABLE_GCP_COMPONENTS}" == true ]]; then
+        params+=("--enable_gcp_components")
+    fi
+    if [[ "${ENABLE_REGISTRATION}" == true ]]; then
+        params+=("--enable_registration")
+    fi
+fi
+
+# Add --disable_canonical_service param if DISABLE_CANNONICAL_SERVICE is set to true
+if [[ "${DISABLE_CANNONICAL_SERVICE}" == true ]]; then
+    params+=("--disable_canonical_service")
+fi
+
+# Add --custom_overlay param if file set with DISABLE_CANNONICAL_SERVICE variable exists
+if [[ -f "${CUSTOM_OVERLAY_FILE}" ]]; then
+    params+=("--custom_overlay ${CUSTOM_OVERLAY_FILE}")
+fi
+
 # Run the script with appropriate flags
 echo "Running ./install_asm" "${params[@]}"
 

@@ -37,13 +37,13 @@ variable "location" {
 variable "gcloud_sdk_version" {
   description = "The gcloud sdk version to use. Minimum required version is 293.0.0"
   type        = string
-  default     = "296.0.1"
+  default     = "337.0.0"
 }
 
 variable "asm_dir" {
   description = "Name of directory to keep ASM resource config files."
   type        = string
-  default     = "asm-dir"
+  default     = ""
 }
 
 variable "service_account_key_file" {
@@ -54,11 +54,65 @@ variable "service_account_key_file" {
 variable "asm_version" {
   description = "ASM version to deploy. Available versions are documented in https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages"
   type        = string
-  default     = "1.8"
+  default     = "1.9"
 }
 
 variable "managed" {
   description = "Whether the control plane should be managed."
   type        = bool
   default     = false
 }
+
+variable "enable_all" {
+  description = "Whether you want to enable all asm script option."
+  type        = bool
+  default     = false
+}
+
+variable "enable_cluster_labels" {
+  description = "Whether the ASM's GKE cluster labels should be added."
+  type        = bool
+  default     = false
+}
+
+variable "enable_cluster_roles" {
+  description = "Whether the needed cluster roles should be added."
+  type        = bool
+  default     = false
+}
+
+variable "enable_gcp_apis" {
+  description = "Whether the needed GCP APIs should be activated."
+  type        = bool
+  default     = false
+}
+
+variable "enable_gcp_iam_roles" {
+  description = "Whether the `resourcemanager.projectIamAdmin` IAM roles should be set."
+  type        = bool
+  default     = false
+}
+
+variable "enable_gcp_components" {
+  description = "Whether `workload_identity` and `stackdriver-kubernetes` should be activated."
+  type        = bool
+  default     = false
+}
+
+variable "enable_registration" {
+  description = "Whether the cluster registration should be managed."
+  type        = bool
+  default     = false
+}
+
+variable "disable_canonical_service" {
+  description = "Whether the canonical service should be disabled."
+  type        = bool
+  default     = false
+}
+
+variable "custom_overlay_file" {
+  description = "Path of the custom overlay file."
+  type        = string
+  default     = ""
+}