From 57282d5dd3fc57754e3b488a32135290cd89c8ad Mon Sep 17 00:00:00 2001
From: Miren Esnaola <mirene@google.com>
Date: Mon, 13 Mar 2023 09:44:05 +0100
Subject: [PATCH] Autopilot fixes

---
 blueprints/gke/autopilot/README.md            | 13 ++++++-----
 .../gke/autopilot/bundle/app/nginx.yaml       | 22 ++++++++++---------
 .../gke/autopilot/bundle/locust/workers.yaml  | 11 +++++-----
 blueprints/gke/autopilot/main.tf              |  3 ++-
 blueprints/gke/autopilot/mgmt.tf              |  3 ++-
 blueprints/gke/autopilot/variables.tf         | 20 +++++++++++------
 blueprints/gke/autopilot/vpc.tf               | 10 +++++++--
 7 files changed, 50 insertions(+), 32 deletions(-)

diff --git a/blueprints/gke/autopilot/README.md b/blueprints/gke/autopilot/README.md
index 02178e5f..aa67956f 100644
--- a/blueprints/gke/autopilot/README.md
+++ b/blueprints/gke/autopilot/README.md
@@ -1,6 +1,6 @@
 # Load testing an application running on an autopilot cluster
 
-This blueprint creates an Autopilot cluster with Google-managed Prometheus enabled and install an application that scales as the traffic that is hitting the load balancer exposing it grows. It also installs the tooling required to distributed load test with [locust](https://locust.io) on that application and the monitoring tooling required to observe how things evolve in the cluster during the load test. Ansible is used to install the application and all the tooling on a management VM. 
+This blueprint creates an Autopilot cluster with Google-managed Prometheus enabled and installs an application that scales as the traffic that is hitting the load balancer exposing it grows. It also installs the tooling required to distributed load test with [locust](https://locust.io) on that application and the monitoring tooling required to observe how things evolve in the cluster during the load test. Ansible is used to install the application and all the tooling on a management VM. 
 
 The diagram below depicts the architecture.
 
@@ -64,13 +64,14 @@ Alternatively you can also check all the above using the dashboards available in
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L75) | Project ID. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L68) | Project ID. | <code>string</code> | ✓ |  |
 | [cluster_network_config](variables.tf#L17) | Cluster network configuration. | <code title="object&#40;&#123;&#10;  nodes_cidr_block              &#61; string&#10;  pods_cidr_block               &#61; string&#10;  services_cidr_block           &#61; string&#10;  master_authorized_cidr_blocks &#61; map&#40;string&#41;&#10;  master_cidr_block             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  nodes_cidr_block    &#61; &#34;10.0.1.0&#47;24&#34;&#10;  pods_cidr_block     &#61; &#34;172.16.0.0&#47;20&#34;&#10;  services_cidr_block &#61; &#34;192.168.0.0&#47;24&#34;&#10;  master_authorized_cidr_blocks &#61; &#123;&#10;    internal &#61; &#34;10.0.0.0&#47;8&#34;&#10;  &#125;&#10;  master_cidr_block &#61; &#34;10.0.0.0&#47;28&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
 | [mgmt_server_config](variables.tf#L37) | Management server configuration. | <code title="object&#40;&#123;&#10;  disk_size     &#61; number&#10;  disk_type     &#61; string&#10;  image         &#61; string&#10;  instance_type &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  disk_size     &#61; 50&#10;  disk_type     &#61; &#34;pd-ssd&#34;&#10;  image         &#61; &#34;projects&#47;ubuntu-os-cloud&#47;global&#47;images&#47;family&#47;ubuntu-2204-lts&#34;&#10;  instance_type &#61; &#34;n1-standard-2&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
 | [mgmt_subnet_cidr_block](variables.tf#L53) | Management subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.0.2.0&#47;24&#34;</code> |
-| [network](variables.tf#L59) | VPC name. | <code>string</code> |  | <code>&#34;vpc&#34;</code> |
-| [project_create](variables.tf#L66) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
-| [region](variables.tf#L80) | Region. | <code>string</code> |  | <code>&#34;europe-west1&#34;</code> |
+| [project_create](variables.tf#L59) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [region](variables.tf#L73) | Region. | <code>string</code> |  | <code>&#34;europe-west1&#34;</code> |
+| [vpc_create](variables.tf#L79) | Flag indicating whether the VPC should be created or not. | <code>bool</code> |  | <code>true</code> |
+| [vpc_name](variables.tf#L85) | VPC name. | <code>string</code> |  | <code>&#34;vpc&#34;</code> |
 
 ## Outputs
 
@@ -90,5 +91,5 @@ module "test" {
   }
   project_id = "my-project"
 }
-# tftest modules=10 resources=30
+# tftest modules=11 resources=34
 ```
\ No newline at end of file
diff --git a/blueprints/gke/autopilot/bundle/app/nginx.yaml b/blueprints/gke/autopilot/bundle/app/nginx.yaml
index 48a9d2c1..85f707f0 100644
--- a/blueprints/gke/autopilot/bundle/app/nginx.yaml
+++ b/blueprints/gke/autopilot/bundle/app/nginx.yaml
@@ -70,11 +70,12 @@ spec:
           initialDelaySeconds: 2
           periodSeconds: 2
           failureThreshold: 1 
-        requests:
-          cpu: 10m
-          memory: 10Mi
-        limits:
-          memory: 10Mi            
+        resources:
+          requests:
+            cpu: 10m
+            memory: 10Mi
+          limits:
+            memory: 10Mi            
       - name: nginx-prometheus-exporter
         image: nginx/nginx-prometheus-exporter:0.10.0
         ports:
@@ -83,11 +84,12 @@ spec:
         env:
         - name: SCRAPE_URI
           value: http://localhost:8080/stub_status
-        requests:
-          cpu: 5m
-          memory: 5Mi
-        limits:
-          memory: 5Mi            
+        resources:
+          requests:
+            cpu: 5m
+            memory: 5Mi
+          limits:
+            memory: 5Mi            
       volumes:
       - name: nginx-config
         configMap:
diff --git a/blueprints/gke/autopilot/bundle/locust/workers.yaml b/blueprints/gke/autopilot/bundle/locust/workers.yaml
index 7d6b41fe..d69a0dc9 100644
--- a/blueprints/gke/autopilot/bundle/locust/workers.yaml
+++ b/blueprints/gke/autopilot/bundle/locust/workers.yaml
@@ -44,8 +44,9 @@ spec:
               value: worker
             - name: LOCUST_MASTER
               value: locust-master
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            memory: 50Mi     
\ No newline at end of file
+          resources:              
+            requests:
+              cpu: 20m
+              memory: 50Mi
+            limits:
+              memory: 50Mi     
\ No newline at end of file
diff --git a/blueprints/gke/autopilot/main.tf b/blueprints/gke/autopilot/main.tf
index 9856dfaa..3244b868 100644
--- a/blueprints/gke/autopilot/main.tf
+++ b/blueprints/gke/autopilot/main.tf
@@ -29,7 +29,8 @@ module "project" {
   services = [
     "artifactregistry.googleapis.com",
     "cloudbuild.googleapis.com",
-    "container.googleapis.com"
+    "container.googleapis.com",
+    "compute.googleapis.com"
   ]
   iam = {
     "roles/monitoring.viewer"            = [module.monitoring_sa.iam_email]
diff --git a/blueprints/gke/autopilot/mgmt.tf b/blueprints/gke/autopilot/mgmt.tf
index 81b7d1db..3b9e4a6d 100644
--- a/blueprints/gke/autopilot/mgmt.tf
+++ b/blueprints/gke/autopilot/mgmt.tf
@@ -36,4 +36,5 @@ module "mgmt_server" {
     type  = var.mgmt_server_config.disk_type
     size  = var.mgmt_server_config.disk_size
   }
-}
\ No newline at end of file
+  tags = ["ssh"]
+}
diff --git a/blueprints/gke/autopilot/variables.tf b/blueprints/gke/autopilot/variables.tf
index 785cb48e..dcd40c8d 100644
--- a/blueprints/gke/autopilot/variables.tf
+++ b/blueprints/gke/autopilot/variables.tf
@@ -56,13 +56,6 @@ variable "mgmt_subnet_cidr_block" {
   default     = "10.0.2.0/24"
 }
 
-variable "network" {
-  description = "VPC name."
-  type        = string
-  default     = "vpc"
-  nullable    = false
-}
-
 variable "project_create" {
   description = "Parameters for the creation of the new project."
   type = object({
@@ -81,4 +74,17 @@ variable "region" {
   description = "Region."
   type        = string
   default     = "europe-west1"
+}
+
+variable "vpc_create" {
+  description = "Flag indicating whether the VPC should be created or not."
+  type        = bool
+  default     = true
+}
+
+variable "vpc_name" {
+  description = "VPC name."
+  type        = string
+  nullable    = false
+  default     = "vpc"
 }
\ No newline at end of file
diff --git a/blueprints/gke/autopilot/vpc.tf b/blueprints/gke/autopilot/vpc.tf
index c7cc9526..b7400162 100644
--- a/blueprints/gke/autopilot/vpc.tf
+++ b/blueprints/gke/autopilot/vpc.tf
@@ -17,8 +17,8 @@
 module "vpc" {
   source     = "../../../modules/net-vpc"
   project_id = module.project.project_id
-  name       = var.network
-  vpc_create = (var.project_create != null)
+  name       = var.vpc_name
+  vpc_create = var.vpc_create
   subnets = [
     {
       ip_cidr_range = var.mgmt_subnet_cidr_block
@@ -37,6 +37,12 @@ module "vpc" {
   ]
 }
 
+module "firewall" {
+  source     = "../../../modules/net-vpc-firewall"
+  project_id = module.project.project_id
+  network    = module.vpc.name
+}
+
 module "nat" {
   source         = "../../../modules/net-cloudnat"
   project_id     = module.project.project_id