feat!: migrate ASM

Author: apeabody

build/int.cloudbuild.yaml

@@ -430,26 +430,6 @@ steps:
     - verify safer-cluster-iap-bastion-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy safer-cluster-iap-bastion-local']
-- id: init simple-zonal-with-asm-local
-  waitFor:
-    - create-all
-  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleZonalWithASM --stage init --verbose']
-- id: apply simple-zonal-with-asm-local
-  waitFor:
-    - init simple-zonal-with-asm-local
-  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleZonalWithASM --stage apply --verbose']
-- id: verify simple-zonal-with-asm-local
-  waitFor:
-    - apply simple-zonal-with-asm-local
-  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleZonalWithASM --stage verify --verbose']
-- id: destroy simple-zonal-with-asm-local
-  waitFor:
-    - verify simple-zonal-with-asm-local
-  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleZonalWithASM --stage teardown --verbose']
 - id: init simple-autopilot-private-local
   waitFor:
     - create-all

docs/upgrading_to_v35.0.md

@@ -3,3 +3,45 @@ The v35.0 release of *kubernetes-engine* is a backwards incompatible release.
 
 ### Google Cloud Platform Provider upgrade
 The Terraform Kubernetes Engine Module now requires version 6 of the Google Cloud Platform Providers.  See the [Terraform Google Provider 6.0.0 Upgrade Guide](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_6_upgrade) for more details.
+
+### ASM Sub-Module Removal
+The ASM Sub-Module has been removed in v35.0.  Please use the [google_gke_hub_feature](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/gke_hub_feature#example-usage---enable-fleet-default-member-config-service-mesh) and [google_gke_hub_feature_membership](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/gke_hub_feature_membership#example-usage---service-mesh) resources.
+
+
+```
+- module "asm" {
+-   source  = "terraform-google-modules/kubernetes-engine/google//modules/asm"
+-   version = "~> 34.0"
+
+-   project_id                = var.project_id
+-   cluster_name              = module.gke.name
+-   cluster_location          = module.gke.location
+-   multicluster_mode         = "connected"
+-   enable_cni                = true
+-   enable_fleet_registration = true
+-   enable_mesh_feature       = true
+- }
+
++ resource "google_gke_hub_feature" "mesh_feature" {
++   project  = var.project_id
++   location = "global"
++   name     = "servicemesh"
++ }
+
++ resource "google_gke_hub_feature_membership" "mesh_feature_membership" {
++   project  = var.project_id
++   location = "global"
+
++   feature             = "servicemesh"
++   membership          = module.gke.fleet_membership
++   membership_location = module.gke.region
+
+ +  mesh {
+ +    management = "MANAGEMENT_AUTOMATIC"
+ +  }
+
++   depends_on = [
++     google_gke_hub_feature.mesh_feature
++   ]
++ }
+```

examples/simple_zonal_with_asm/README.md

@@ -7,32 +7,25 @@ This example illustrates how to create a simple zonal cluster with ASM.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| ip\_range\_pods | The secondary ip range to use for pods | `any` | n/a | yes |
-| ip\_range\_services | The secondary ip range to use for services | `any` | n/a | yes |
-| network | The VPC network to host the cluster in | `any` | n/a | yes |
-| project\_id | The project ID to host the cluster in | `any` | n/a | yes |
-| region | The region to host the cluster in | `any` | n/a | yes |
-| subnetwork | The subnetwork to host the cluster in | `any` | n/a | yes |
-| zones | The zone to host the cluster in (required if is a zonal cluster) | `list(string)` | n/a | yes |
+| enable\_fleet\_feature | Whether to enable the Mesh feature on the fleet. | `bool` | `true` | no |
+| mesh\_management | ASM Management mode. For more information, see the [gke\_hub\_feature\_membership resource documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/gke_hub_feature_membership#nested_mesh) | `string` | `"MANAGEMENT_AUTOMATIC"` | no |
+| project\_id | The project ID to host the cluster in | `string` | n/a | yes |
+| region | The region to host the cluster in | `string` | `"us-central1"` | no |
+| zone | The zone to host the cluster in (required if is a zonal cluster) | `string` | `"us-central1-a"` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| ca\_certificate | n/a |
-| client\_token | n/a |
 | cluster\_name | Cluster name |
-| identity\_namespace | n/a |
 | ip\_range\_pods | The secondary IP range used for pods |
 | ip\_range\_services | The secondary IP range used for services |
-| kubernetes\_endpoint | n/a |
-| location | n/a |
-| master\_kubernetes\_version | The master Kubernetes version |
-| network | n/a |
-| project\_id | n/a |
-| region | n/a |
+| location | Cluster Location |
+| network | Network name |
+| project\_id | Project ID |
+| region | Cluster Region |
 | service\_account | The default service account used for running nodes. |
-| subnetwork | n/a |
+| subnetwork | Subnetwork name |
 | zones | List of zones in which the cluster resides |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

test/fixtures/simple_zonal_with_asm/variables.tf renamed to examples/simple_zonal_with_asm/asm.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,19 +14,27 @@
  * limitations under the License.
  */
 
-variable "project_ids" {
-  type        = list(string)
-  description = "The GCP projects to use for integration tests"
-}
+resource "google_gke_hub_feature" "mesh_feature" {
+  name     = "servicemesh"
+  project  = var.project_id
+  location = "global"
 
-variable "region" {
-  description = "The GCP region to create and test resources in"
-  default     = "us-central1"
+  count = var.enable_fleet_feature ? 1 : 0
 }
 
-variable "zones" {
-  type        = list(string)
-  description = "The GCP zones to create and test resources in, for applicable tests"
-  default     = ["us-central1-a", "us-central1-b", "us-central1-c"]
-}
+resource "google_gke_hub_feature_membership" "mesh_feature_membership" {
+  project  = var.project_id
+  location = "global"
+
+  feature             = "servicemesh"
+  membership          = module.gke.fleet_membership
+  membership_location = module.gke.region
 
+  mesh {
+    management = var.mesh_management
+  }
+
+  depends_on = [
+    google_gke_hub_feature.mesh_feature
+  ]
+}

examples/simple_zonal_with_asm/main.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2018-2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,32 +14,23 @@
  * limitations under the License.
  */
 
-data "google_client_config" "default" {}
-
-provider "kubernetes" {
-  host                   = "https://${module.gke.endpoint}"
-  token                  = data.google_client_config.default.access_token
-  cluster_ca_certificate = base64decode(module.gke.ca_certificate)
-}
-
-data "google_project" "project" {
-  project_id = var.project_id
-}
-
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google"
   version = "~> 34.0"
 
-  project_id              = var.project_id
-  name                    = "test-prefix-cluster-test-suffix"
-  regional                = false
-  region                  = var.region
-  zones                   = var.zones
-  release_channel         = "REGULAR"
-  network                 = var.network
-  subnetwork              = var.subnetwork
-  ip_range_pods           = var.ip_range_pods
-  ip_range_services       = var.ip_range_services
+  project_id      = var.project_id
+  fleet_project   = var.project_id
+  name            = "test-prefix-cluster-test-suffix"
+  regional        = false
+  region          = var.region
+  zones           = [var.zone]
+  release_channel = "REGULAR"
+
+  network           = google_compute_network.main.name
+  subnetwork        = google_compute_subnetwork.main.name
+  ip_range_pods     = google_compute_subnetwork.main.secondary_ip_range[0].range_name
+  ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name
+
   network_policy          = false
   cluster_resource_labels = { "mesh_id" : "proj-${data.google_project.project.number}" }
   identity_namespace      = "${var.project_id}.svc.id.goog"
@@ -54,17 +45,3 @@ module "gke" {
     },
   ]
 }
-
-module "asm" {
-  source  = "terraform-google-modules/kubernetes-engine/google//modules/asm"
-  version = "~> 34.0"
-
-  project_id                = var.project_id
-  cluster_name              = module.gke.name
-  cluster_location          = module.gke.location
-  multicluster_mode         = "connected"
-  enable_cni                = true
-  enable_fleet_registration = true
-  enable_mesh_feature       = true
-
-}

test/fixtures/simple_zonal_with_asm/network.tf renamed to examples/simple_zonal_with_asm/network.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2021-2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,16 +20,14 @@ resource "random_string" "suffix" {
   upper   = false
 }
 
-provider "google" {
-  project = var.project_ids[2]
-}
-
 resource "google_compute_network" "main" {
+  project                 = var.project_id
   name                    = "cft-gke-test-${random_string.suffix.result}"
   auto_create_subnetworks = false
 }
 
 resource "google_compute_subnetwork" "main" {
+  project       = var.project_id
   name          = "cft-gke-test-${random_string.suffix.result}"
   ip_cidr_range = "10.0.0.0/17"
   region        = var.region

examples/simple_zonal_with_asm/outputs.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2018-2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,22 +14,53 @@
  * limitations under the License.
  */
 
-output "kubernetes_endpoint" {
-  sensitive = true
-  value     = module.gke.endpoint
+output "service_account" {
+  description = "The default service account used for running nodes."
+  value       = module.gke.service_account
 }
 
-output "client_token" {
-  sensitive = true
-  value     = base64encode(data.google_client_config.default.access_token)
+# Standard test outputs
+output "project_id" {
+  description = "Project ID"
+  value       = var.project_id
 }
 
-output "ca_certificate" {
-  sensitive = true
-  value     = module.gke.ca_certificate
+output "region" {
+  description = " Cluster Region"
+  value       = module.gke.region
 }
 
-output "service_account" {
-  description = "The default service account used for running nodes."
-  value       = module.gke.service_account
+output "cluster_name" {
+  description = "Cluster name"
+  value       = module.gke.name
+}
+
+output "network" {
+  description = "Network name"
+  value       = google_compute_network.main.name
+}
+
+output "subnetwork" {
+  description = "Subnetwork name"
+  value       = google_compute_subnetwork.main.name
+}
+
+output "location" {
+  description = "Cluster Location"
+  value       = module.gke.location
+}
+
+output "ip_range_pods" {
+  description = "The secondary IP range used for pods"
+  value       = google_compute_subnetwork.main.secondary_ip_range[0].range_name
+}
+
+output "ip_range_services" {
+  description = "The secondary IP range used for services"
+  value       = google_compute_subnetwork.main.secondary_ip_range[1].range_name
+}
+
+output "zones" {
+  description = "List of zones in which the cluster resides"
+  value       = module.gke.zones
 }