diff --git a/blueprints/networking/filtering-proxy-psc/main.tf b/blueprints/networking/filtering-proxy-psc/main.tf
index 910af734..6bfe8a0d 100644
--- a/blueprints/networking/filtering-proxy-psc/main.tf
+++ b/blueprints/networking/filtering-proxy-psc/main.tf
@@ -151,7 +151,8 @@ module "squid-vm" {
service_account = module.service-account-squid.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
metadata = {
- user-data = module.cos-squid.cloud_config
+ user-data = module.cos-squid.cloud_config
+ google-logging-enabled = true
}
}
diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/main.tf b/blueprints/networking/nginx-reverse-proxy-cluster/main.tf
index c361aca0..6b06cf27 100644
--- a/blueprints/networking/nginx-reverse-proxy-cluster/main.tf
+++ b/blueprints/networking/nginx-reverse-proxy-cluster/main.tf
@@ -25,7 +25,6 @@ locals {
Environment="HOME=/home/opsagent"
ExecStartPre=/usr/bin/docker-credential-gcr configure-docker
ExecStart=/usr/bin/docker run --rm --name=monitoring-agent \
- --log-driver=gcplogs \
--network host \
-v /etc/google-cloud-ops-agent/config.yaml:/etc/google-cloud-ops-agent/config.yaml \
${var.ops_agent_image}
@@ -305,7 +304,8 @@ module "proxy-vm" {
}
create_template = true
metadata = {
- user-data = !var.tls ? module.cos-nginx.0.cloud_config : module.cos-nginx-tls.0.cloud_config
+ user-data = !var.tls ? module.cos-nginx.0.cloud_config : module.cos-nginx-tls.0.cloud_config
+ google-logging-enabled = true
}
service_account = module.service-account-proxy.email
service_account_create = false
diff --git a/modules/cloud-config-container/README.md b/modules/cloud-config-container/README.md
index 2d227ad4..7ee53bdc 100644
--- a/modules/cloud-config-container/README.md
+++ b/modules/cloud-config-container/README.md
@@ -21,8 +21,6 @@ These modules are designed for several use cases:
All modules are designed to be as lightweight as possible, so that specialized modules like [compute-vm](../compute-vm) can be leveraged to manage instances or instance templates, and to allow simple forking to create custom derivatives.
-Modules use Docker's [Google Cloud Logging driver](https://docs.docker.com/config/containers/logging/gcplogs/) by default, so projects need to have the logging API enabled. If that's not desirable simply remove `--log-driver=gcplogs` from the relevant systemd unit in `cloud-config.yaml`.
-
To use the modules with instances or instance templates, simply set use their `cloud_config` output for the `user-data` metadata. When updating the metadata after a variable change remember to manually restart the instances that use a module's output, or the changes won't effect the running system.
For convenience when developing or prototyping infrastructure, an optional test instance is included in all modules. If it's not needed, the linked `*instance.tf` files can be removed from the modules without harm.
diff --git a/modules/cloud-config-container/coredns/README.md b/modules/cloud-config-container/coredns/README.md
index 22ae5439..f5a51a38 100644
--- a/modules/cloud-config-container/coredns/README.md
+++ b/modules/cloud-config-container/coredns/README.md
@@ -10,7 +10,7 @@ The resulting `cloud-config` can be customized in a number of ways:
The default instance configuration inserts iptables rules to allow traffic on the DNS TCP and UDP ports, and the 8080 port for the optional HTTP health check that can be enabled via the CoreDNS [health plugin](https://coredns.io/plugins/health/).
-Logging and monitoring are enabled via the [Google Cloud Logging driver](https://docs.docker.com/config/containers/logging/gcplogs/) configured for the CoreDNS container, and the [Node Problem Detector](https://cloud.google.com/container-optimized-os/docs/how-to/monitoring) service is started by default on boot.
+Logging and monitoring are enabled via the [Google Cloud Logging agent](https://cloud.google.com/container-optimized-os/docs/how-to/logging) configured for the instance via the `google-logging-enabled` metadata property, and the [Node Problem Detector](https://cloud.google.com/container-optimized-os/docs/how-to/monitoring) service is started by default on boot.
The module renders the generated cloud config in the `cloud_config` output, to be used in instances or instance templates via the `user-data` metadata.
@@ -28,10 +28,13 @@ module "cos-coredns" {
}
# use it as metadata in a compute instance or template
-resource "google_compute_instance" "default" {
+module "vm-coredns" {
+ source = "./fabric/modules/compute-vm"
metadata = {
- user-data = module.cos-coredns.cloud_config
+ user-data = module.cos-coredns.cloud_config
+ google-logging-enabled = true
}
+}
```
### Custom CoreDNS configuration
@@ -77,9 +80,8 @@ module "cos-coredns" {
| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null |
| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and CoreDNS templates. | map(any) | | {} |
| [coredns_config](variables.tf#L29) | CoreDNS configuration path, if null default will be used. | string | | null |
-| [docker_logging](variables.tf#L35) | Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead. | bool | | true |
-| [file_defaults](variables.tf#L41) | Default owner and permissions for files. | object({…}) | | {…} |
-| [files](variables.tf#L53) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} |
+| [file_defaults](variables.tf#L35) | Default owner and permissions for files. | object({…}) | | {…} |
+| [files](variables.tf#L47) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} |
| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null |
| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} |
diff --git a/modules/cloud-config-container/coredns/cloud-config.yaml b/modules/cloud-config-container/coredns/cloud-config.yaml
index 1fe9a004..9fe929e9 100644
--- a/modules/cloud-config-container/coredns/cloud-config.yaml
+++ b/modules/cloud-config-container/coredns/cloud-config.yaml
@@ -17,8 +17,6 @@
# https://hub.docker.com/r/coredns/coredns/
# https://coredns.io/manual/toc/#installation
-# TODO: switch to the gcplogs logging driver, and set driver labels
-
write_files:
- path: /var/lib/docker/daemon.json
permissions: 0644
@@ -58,9 +56,6 @@ write_files:
Wants=gcr-online.target docker.socket docker-events-collector.service
[Service]
ExecStart=/usr/bin/docker run --rm --name=coredns \
- %{~ if docker_logging ~}
- --log-driver=gcplogs \
- %{~ endif ~}
--network host \
-v /etc/coredns:/etc/coredns \
coredns/coredns -conf /etc/coredns/Corefile
@@ -83,4 +78,4 @@ runcmd:
- iptables -I INPUT 1 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
- systemctl daemon-reload
- systemctl restart systemd-resolved.service
- - systemctl start coredns
\ No newline at end of file
+ - systemctl start coredns
diff --git a/modules/cloud-config-container/coredns/main.tf b/modules/cloud-config-container/coredns/main.tf
index 42288296..789168ca 100644
--- a/modules/cloud-config-container/coredns/main.tf
+++ b/modules/cloud-config-container/coredns/main.tf
@@ -16,9 +16,8 @@
locals {
cloud_config = templatefile(local.template, merge(var.config_variables, {
- corefile = templatefile(local.corefile, var.config_variables)
- docker_logging = var.docker_logging
- files = local.files
+ corefile = templatefile(local.corefile, var.config_variables)
+ files = local.files
}))
corefile = (
var.coredns_config == null ? "${path.module}/Corefile" : var.coredns_config
diff --git a/modules/cloud-config-container/coredns/variables.tf b/modules/cloud-config-container/coredns/variables.tf
index bc9be06e..c323017f 100644
--- a/modules/cloud-config-container/coredns/variables.tf
+++ b/modules/cloud-config-container/coredns/variables.tf
@@ -32,12 +32,6 @@ variable "coredns_config" {
default = null
}
-variable "docker_logging" {
- description = "Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead."
- type = bool
- default = true
-}
-
variable "file_defaults" {
description = "Default owner and permissions for files."
type = object({
diff --git a/modules/cloud-config-container/cos-generic-metadata/README.md b/modules/cloud-config-container/cos-generic-metadata/README.md
index 69e16235..a5abc9d4 100644
--- a/modules/cloud-config-container/cos-generic-metadata/README.md
+++ b/modules/cloud-config-container/cos-generic-metadata/README.md
@@ -2,8 +2,6 @@
This helper module manages a `cloud-config` configuration that can start a container on [Container Optimized OS](https://cloud.google.com/container-optimized-os/docs) (COS). Either a complete `cloud-config` template can be provided via the `cloud_config` variable with optional template variables via the `config_variables`, or a generic `cloud-config` can be generated based on typical parameters needed to start a container.
-Logging can be enabled via the [Google Cloud Logging docker driver](https://docs.docker.com/config/containers/logging/gcplogs/) using the `gcp_logging` variable. This is enabled by default, but requires that the service account running the COS instance have the `roles/logging.logWriter` IAM role or equivalent permissions on the project. If it doesn't, the container will fail to start unless this is disabled.
-
The module renders the generated cloud config in the `cloud_config` output, which can be directly used in instances or instance templates via the `user-data` metadata attribute.
## Examples
@@ -64,7 +62,7 @@ module "cos-envoy" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [container_image](variables.tf#L42) | Container image. | string | ✓ | |
-| [authenticate_gcr](variables.tf#L124) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | bool | | false |
+| [authenticate_gcr](variables.tf#L112) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | bool | | false |
| [boot_commands](variables.tf#L17) | List of cloud-init `bootcmd`s. | list(string) | | [] |
| [cloud_config](variables.tf#L23) | Cloud config template path. If provided, takes precedence over all other arguments. | string | | null |
| [config_variables](variables.tf#L29) | Additional variables used to render the template passed via `cloud_config`. | map(any) | | {} |
@@ -72,13 +70,11 @@ module "cos-envoy" {
| [container_name](variables.tf#L47) | Name of the container to be run. | string | | "container" |
| [container_volumes](variables.tf#L53) | List of volumes. | list(object({…})) | | [] |
| [docker_args](variables.tf#L62) | Extra arguments to be passed for docker. | string | | null |
-| [docker_logging](variables.tf#L68) | Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead. | bool | | true |
-| [file_defaults](variables.tf#L74) | Default owner and permissions for files. | object({…}) | | {…} |
-| [files](variables.tf#L86) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} |
-| [gcp_logging](variables.tf#L96) | Should container logs be sent to Google Cloud Logging. | bool | | true |
-| [run_as_first_user](variables.tf#L118) | Run as the first user if users are specified. | bool | | true |
-| [run_commands](variables.tf#L102) | List of cloud-init `runcmd`s. | list(string) | | [] |
-| [users](variables.tf#L108) | List of usernames to be created. If provided, first user will be used to run the container. | list(object({…})) | | […] |
+| [file_defaults](variables.tf#L68) | Default owner and permissions for files. | object({…}) | | {…} |
+| [files](variables.tf#L80) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} |
+| [run_as_first_user](variables.tf#L106) | Run as the first user if users are specified. | bool | | true |
+| [run_commands](variables.tf#L90) | List of cloud-init `runcmd`s. | list(string) | | [] |
+| [users](variables.tf#L96) | List of usernames to be created. If provided, first user will be used to run the container. | list(object({…})) | | […] |
## Outputs
diff --git a/modules/cloud-config-container/cos-generic-metadata/cloud-config.yaml b/modules/cloud-config-container/cos-generic-metadata/cloud-config.yaml
index 9f15f84f..a8d1f229 100644
--- a/modules/cloud-config-container/cos-generic-metadata/cloud-config.yaml
+++ b/modules/cloud-config-container/cos-generic-metadata/cloud-config.yaml
@@ -52,9 +52,6 @@ write_files:
%{~ if length(users) > 0 && run_as_first_user ~}
--user=${users[0].uid} \
%{~ endif ~}
- %{~ if docker_logging ~}
- --log-driver=gcplogs \
- %{~ endif ~}
%{~ if docker_args != null ~}
${docker_args} \
%{~ endif ~}
diff --git a/modules/cloud-config-container/cos-generic-metadata/main.tf b/modules/cloud-config-container/cos-generic-metadata/main.tf
index ff02f325..eb807c5a 100644
--- a/modules/cloud-config-container/cos-generic-metadata/main.tf
+++ b/modules/cloud-config-container/cos-generic-metadata/main.tf
@@ -22,9 +22,7 @@ locals {
container_name = var.container_name
container_volumes = var.container_volumes
docker_args = var.docker_args
- docker_logging = var.docker_logging
files = local.files
- gcp_logging = var.gcp_logging
run_commands = var.run_commands
users = var.users
authenticate_gcr = var.authenticate_gcr
diff --git a/modules/cloud-config-container/cos-generic-metadata/variables.tf b/modules/cloud-config-container/cos-generic-metadata/variables.tf
index 934c0520..1720afa1 100644
--- a/modules/cloud-config-container/cos-generic-metadata/variables.tf
+++ b/modules/cloud-config-container/cos-generic-metadata/variables.tf
@@ -65,12 +65,6 @@ variable "docker_args" {
default = null
}
-variable "docker_logging" {
- description = "Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead."
- type = bool
- default = true
-}
-
variable "file_defaults" {
description = "Default owner and permissions for files."
type = object({
@@ -93,12 +87,6 @@ variable "files" {
default = {}
}
-variable "gcp_logging" {
- description = "Should container logs be sent to Google Cloud Logging."
- type = bool
- default = true
-}
-
variable "run_commands" {
description = "List of cloud-init `runcmd`s."
type = list(string)
diff --git a/modules/cloud-config-container/envoy-traffic-director/README.md b/modules/cloud-config-container/envoy-traffic-director/README.md
index c66bf359..593cfa83 100644
--- a/modules/cloud-config-container/envoy-traffic-director/README.md
+++ b/modules/cloud-config-container/envoy-traffic-director/README.md
@@ -28,10 +28,11 @@ module "vm-cos" {
nat = false,
addresses = null
}]
- tags = ["ssh", "http"]
+ tags = ["ssh", "http"]
metadata = {
- user-data = module.cos-envoy-td.cloud_config
+ user-data = module.cos-envoy-td.cloud_config
+ google-logging-enabled = true
}
boot_disk = {
@@ -49,7 +50,6 @@ module "vm-cos" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [docker_logging](variables.tf#L23) | Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead. | bool | | true |
| [envoy_image](variables.tf#L17) | Envoy Proxy container image to use. | string | | "envoyproxy/envoy:v1.15.5" |
## Outputs
diff --git a/modules/cloud-config-container/envoy-traffic-director/main.tf b/modules/cloud-config-container/envoy-traffic-director/main.tf
index bc8bd7c3..a6da7847 100644
--- a/modules/cloud-config-container/envoy-traffic-director/main.tf
+++ b/modules/cloud-config-container/envoy-traffic-director/main.tf
@@ -44,8 +44,6 @@ module "cos-envoy-td" {
}
}
- gcp_logging = var.docker_logging
-
run_commands = [
"iptables -t nat -N ENVOY_IN_REDIRECT",
"iptables -t nat -A ENVOY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15001",
diff --git a/modules/cloud-config-container/envoy-traffic-director/variables.tf b/modules/cloud-config-container/envoy-traffic-director/variables.tf
index 7c97585d..82cdbbd6 100644
--- a/modules/cloud-config-container/envoy-traffic-director/variables.tf
+++ b/modules/cloud-config-container/envoy-traffic-director/variables.tf
@@ -19,9 +19,3 @@ variable "envoy_image" {
type = string
default = "envoyproxy/envoy:v1.15.5"
}
-
-variable "docker_logging" {
- description = "Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead."
- type = bool
- default = true
-}
diff --git a/modules/cloud-config-container/mysql/README.md b/modules/cloud-config-container/mysql/README.md
index e6fcab4e..535a77af 100644
--- a/modules/cloud-config-container/mysql/README.md
+++ b/modules/cloud-config-container/mysql/README.md
@@ -12,7 +12,7 @@ The resulting `cloud-config` can be customized in a number of ways:
The default instance configuration inserts a sngle iptables rule to allow traffic on the default MySQL port.
-Logging and monitoring are enabled via the [Google Cloud Logging driver](https://docs.docker.com/config/containers/logging/gcplogs/) configured for the CoreDNS container, and the [Node Problem Detector](https://cloud.google.com/container-optimized-os/docs/how-to/monitoring) service started by default on boot.
+Logging and monitoring are enabled via the [Google Cloud Logging agent](https://cloud.google.com/container-optimized-os/docs/how-to/logging) configured for the instance via the `google-logging-enabled` metadata property, and the [Node Problem Detector](https://cloud.google.com/container-optimized-os/docs/how-to/monitoring) service started by default on boot.
The module renders the generated cloud config in the `cloud_config` output, to be used in instances or instance templates via the `user-data` metadata.
@@ -31,10 +31,13 @@ module "cos-mysql" {
}
# use it as metadata in a compute instance or template
-resource "google_compute_instance" "default" {
+module "vm-mysql" {
+ source = "./fabric/modules/compute-vm"
metadata = {
- user-data = module.cos-mysql.cloud_config
+ user-data = module.cos-mysql.cloud_config
+ google-logging-enabled = true
}
+}
```
### Custom MySQL configuration and KMS encrypted password
@@ -79,14 +82,13 @@ module "cos-mysql" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [mysql_password](variables.tf#L64) | MySQL root password. If an encrypted password is set, use the kms_config variable to specify KMS configuration. | string | ✓ | |
+| [mysql_password](variables.tf#L58) | MySQL root password. If an encrypted password is set, use the kms_config variable to specify KMS configuration. | string | ✓ | |
| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null |
| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config template. | map(any) | | {} |
-| [docker_logging](variables.tf#L29) | Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead. | bool | | true |
-| [image](variables.tf#L35) | MySQL container image. | string | | "mysql:5.7" |
-| [kms_config](variables.tf#L41) | Optional KMS configuration to decrypt passed-in password. Leave null if a plaintext password is used. | object({…}) | | null |
-| [mysql_config](variables.tf#L52) | MySQL configuration file content, if null container default will be used. | string | | null |
-| [mysql_data_disk](variables.tf#L58) | MySQL data disk name in /dev/disk/by-id/ including the google- prefix. If null the boot disk will be used for data. | string | | null |
+| [image](variables.tf#L29) | MySQL container image. | string | | "mysql:5.7" |
+| [kms_config](variables.tf#L35) | Optional KMS configuration to decrypt passed-in password. Leave null if a plaintext password is used. | object({…}) | | null |
+| [mysql_config](variables.tf#L46) | MySQL configuration file content, if null container default will be used. | string | | null |
+| [mysql_data_disk](variables.tf#L52) | MySQL data disk name in /dev/disk/by-id/ including the google- prefix. If null the boot disk will be used for data. | string | | null |
| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null |
| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} |
diff --git a/modules/cloud-config-container/mysql/cloud-config.yaml b/modules/cloud-config-container/mysql/cloud-config.yaml
index e3bf831f..07706ae2 100644
--- a/modules/cloud-config-container/mysql/cloud-config.yaml
+++ b/modules/cloud-config-container/mysql/cloud-config.yaml
@@ -96,9 +96,6 @@ write_files:
ExecStartPre=/bin/chown -R 2000 /run/mysql/secrets /run/mysql/data
ExecStart=/usr/bin/docker run --rm --name=mysql \
--user 2000:2000 \
- %{~ if docker_logging ~}
- --log-driver=gcplogs \
- %{~ endif ~}
--network host \
-e MYSQL_ROOT_PASSWORD_FILE=/etc/secrets/mysql-passwd.txt \
-v /run/mysql/secrets:/etc/secrets \
@@ -116,4 +113,4 @@ bootcmd:
runcmd:
- iptables -I INPUT 1 -p tcp -m tcp --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
- systemctl daemon-reload
- - systemctl start mysql
\ No newline at end of file
+ - systemctl start mysql
diff --git a/modules/cloud-config-container/mysql/main.tf b/modules/cloud-config-container/mysql/main.tf
index 1dc3908d..4e44c469 100644
--- a/modules/cloud-config-container/mysql/main.tf
+++ b/modules/cloud-config-container/mysql/main.tf
@@ -16,7 +16,6 @@
locals {
cloud_config = templatefile(local.template, merge(var.config_variables, {
- docker_logging = var.docker_logging
image = var.image
kms_config = var.kms_config
mysql_config = var.mysql_config
diff --git a/modules/cloud-config-container/mysql/variables.tf b/modules/cloud-config-container/mysql/variables.tf
index d15ecfdd..52bb3dbb 100644
--- a/modules/cloud-config-container/mysql/variables.tf
+++ b/modules/cloud-config-container/mysql/variables.tf
@@ -26,12 +26,6 @@ variable "config_variables" {
default = {}
}
-variable "docker_logging" {
- description = "Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead."
- type = bool
- default = true
-}
-
variable "image" {
description = "MySQL container image."
type = string
diff --git a/modules/cloud-config-container/nginx-tls/README.md b/modules/cloud-config-container/nginx-tls/README.md
index 45cf1196..fbd048fd 100644
--- a/modules/cloud-config-container/nginx-tls/README.md
+++ b/modules/cloud-config-container/nginx-tls/README.md
@@ -31,7 +31,8 @@ module "vm-nginx-tls" {
}]
metadata = {
- user-data = module.cos-nginx-tls.cloud_config
+ user-data = module.cos-nginx-tls.cloud_config
+ google-logging-enabled = true
}
boot_disk = {
@@ -49,12 +50,11 @@ module "vm-nginx-tls" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [docker_logging](variables.tf#L23) | Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead. | bool | | true |
-| [files](variables.tf#L41) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | null |
+| [files](variables.tf#L35) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | null |
| [nginx_image](variables.tf#L17) | Nginx container image to use. | string | | "nginx:1.23.1" |
-| [runcmd_post](variables.tf#L35) | Extra commands to run after starting nginx. | list(string) | | [] |
-| [runcmd_pre](variables.tf#L29) | Extra commands to run before starting nginx. | list(string) | | [] |
-| [users](variables.tf#L51) | Additional list of usernames to be created. | list(object({…})) | | […] |
+| [runcmd_post](variables.tf#L29) | Extra commands to run after starting nginx. | list(string) | | [] |
+| [runcmd_pre](variables.tf#L23) | Extra commands to run before starting nginx. | list(string) | | [] |
+| [users](variables.tf#L45) | Additional list of usernames to be created. | list(object({…})) | | […] |
## Outputs
diff --git a/modules/cloud-config-container/nginx-tls/main.tf b/modules/cloud-config-container/nginx-tls/main.tf
index 6a4e4ea6..809e9a8a 100644
--- a/modules/cloud-config-container/nginx-tls/main.tf
+++ b/modules/cloud-config-container/nginx-tls/main.tf
@@ -59,8 +59,6 @@ module "cos-envoy-td" {
files = local.files
- gcp_logging = var.docker_logging
-
run_commands = concat(var.runcmd_pre, [
"iptables -I INPUT 1 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT",
"iptables -I INPUT 1 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT",
diff --git a/modules/cloud-config-container/nginx-tls/variables.tf b/modules/cloud-config-container/nginx-tls/variables.tf
index dc2295f8..fd7f6625 100644
--- a/modules/cloud-config-container/nginx-tls/variables.tf
+++ b/modules/cloud-config-container/nginx-tls/variables.tf
@@ -20,12 +20,6 @@ variable "nginx_image" {
default = "nginx:1.23.1"
}
-variable "docker_logging" {
- description = "Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead."
- type = bool
- default = true
-}
-
variable "runcmd_pre" {
description = "Extra commands to run before starting nginx."
type = list(string)
diff --git a/modules/cloud-config-container/nginx/README.md b/modules/cloud-config-container/nginx/README.md
index 104255c4..25cbc98c 100644
--- a/modules/cloud-config-container/nginx/README.md
+++ b/modules/cloud-config-container/nginx/README.md
@@ -10,7 +10,7 @@ The resulting `cloud-config` can be customized in a number of ways:
The default instance configuration inserts iptables rules to allow traffic on port 80.
-Logging and monitoring are enabled via the [Google Cloud Logging driver](https://docs.docker.com/config/containers/logging/gcplogs/) configured for the CoreDNS container, and the [Node Problem Detector](https://cloud.google.com/container-optimized-os/docs/how-to/monitoring) service started by default on boot.
+Logging and monitoring are enabled via the [Google Cloud Logging agent](https://cloud.google.com/container-optimized-os/docs/how-to/logging) configured for the instance via the `google-logging-enabled` metadata property, and the [Node Problem Detector](https://cloud.google.com/container-optimized-os/docs/how-to/monitoring) service started by default on boot.
The module renders the generated cloud config in the `cloud_config` output, to be used in instances or instance templates via the `user-data` metadata.
@@ -28,10 +28,13 @@ module "cos-nginx" {
}
# use it as metadata in a compute instance or template
-resource "google_compute_instance" "default" {
+module "vm-nginx" {
+ source = "./fabric/modules/compute-vm"
metadata = {
- user-data = module.cos-nginx.cloud_config
+ user-data = module.cos-nginx.cloud_config
+ google-logging-enabled = true
}
+}
```
### Nginx instance
@@ -59,16 +62,15 @@ module "cos-nginx" {
|---|---|:---:|:---:|:---:|
| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null |
| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Nginx templates. | map(any) | | {} |
-| [docker_logging](variables.tf#L29) | Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead. | bool | | true |
-| [file_defaults](variables.tf#L47) | Default owner and permissions for files. | object({…}) | | {…} |
-| [files](variables.tf#L59) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} |
-| [image](variables.tf#L35) | Nginx container image. | string | | "nginxdemos/hello:plain-text" |
-| [nginx_config](variables.tf#L41) | Nginx configuration path, if null container default will be used. | string | | null |
-| [runcmd_post](variables.tf#L75) | Extra commands to run after starting nginx. | list(string) | | [] |
-| [runcmd_pre](variables.tf#L69) | Extra commands to run before starting nginx. | list(string) | | [] |
+| [file_defaults](variables.tf#L41) | Default owner and permissions for files. | object({…}) | | {…} |
+| [files](variables.tf#L53) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} |
+| [image](variables.tf#L29) | Nginx container image. | string | | "nginxdemos/hello:plain-text" |
+| [nginx_config](variables.tf#L35) | Nginx configuration path, if null container default will be used. | string | | null |
+| [runcmd_post](variables.tf#L69) | Extra commands to run after starting nginx. | list(string) | | [] |
+| [runcmd_pre](variables.tf#L63) | Extra commands to run before starting nginx. | list(string) | | [] |
| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null |
| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} |
-| [users](variables.tf#L81) | List of additional usernames to be created. | list(object({…})) | | […] |
+| [users](variables.tf#L75) | List of additional usernames to be created. | list(object({…})) | | […] |
## Outputs
diff --git a/modules/cloud-config-container/nginx/cloud-config.yaml b/modules/cloud-config-container/nginx/cloud-config.yaml
index af3116a3..f4d05bc4 100644
--- a/modules/cloud-config-container/nginx/cloud-config.yaml
+++ b/modules/cloud-config-container/nginx/cloud-config.yaml
@@ -59,9 +59,6 @@ write_files:
Environment="HOME=/home/nginx"
ExecStartPre=/usr/bin/docker-credential-gcr configure-docker
ExecStart=/usr/bin/docker run --rm --name=nginx \
- %{~ if docker_logging ~}
- --log-driver=gcplogs \
- %{~ endif ~}
--network host \
%{~ if etc_mount ~}
-v /etc/nginx/conf.d:/etc/nginx/conf.d \
diff --git a/modules/cloud-config-container/nginx/main.tf b/modules/cloud-config-container/nginx/main.tf
index 608e7fa2..39c59930 100644
--- a/modules/cloud-config-container/nginx/main.tf
+++ b/modules/cloud-config-container/nginx/main.tf
@@ -16,7 +16,6 @@
locals {
cloud_config = templatefile(local.template, merge(var.config_variables, {
- docker_logging = var.docker_logging
etc_mount = (
var.nginx_config != null || length([
for name in keys(var.files) :
diff --git a/modules/cloud-config-container/nginx/variables.tf b/modules/cloud-config-container/nginx/variables.tf
index ab77d774..62f58944 100644
--- a/modules/cloud-config-container/nginx/variables.tf
+++ b/modules/cloud-config-container/nginx/variables.tf
@@ -26,12 +26,6 @@ variable "config_variables" {
default = {}
}
-variable "docker_logging" {
- description = "Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead."
- type = bool
- default = true
-}
-
variable "image" {
description = "Nginx container image."
type = string
diff --git a/modules/cloud-config-container/squid/README.md b/modules/cloud-config-container/squid/README.md
index b7ff9bee..b28fe72a 100644
--- a/modules/cloud-config-container/squid/README.md
+++ b/modules/cloud-config-container/squid/README.md
@@ -10,7 +10,7 @@ The resulting `cloud-config` can be customized in a number of ways:
The default instance configuration inserts iptables rules to allow traffic on TCP port 3128. With the default `squid.conf`, deny rules take precedence over allow rules.
-Logging and monitoring are enabled via the [Google Cloud Logging driver](https://docs.docker.com/config/containers/logging/gcplogs/) configured for the Squid container, and the [Node Problem Detector](https://cloud.google.com/container-optimized-os/docs/how-to/monitoring) service started by default on boot.
+Logging and monitoring are enabled via the [Google Cloud Logging agent](https://cloud.google.com/container-optimized-os/docs/how-to/logging) configured for the instance via the `google-logging-enabled` metadata property, and the [Node Problem Detector](https://cloud.google.com/container-optimized-os/docs/how-to/monitoring) service started by default on boot.
The module renders the generated cloud config in the `cloud_config` output, to be used in instances or instance templates via the `user-data` metadata.
@@ -30,10 +30,13 @@ module "cos-squid" {
}
# use it as metadata in a compute instance or template
-resource "google_compute_instance" "default" {
+module "vm-squid" {
+ source = "./fabric/modules/compute-vm"
metadata = {
- user-data = module.cos-squid.cloud_config
+ user-data = module.cos-squid.cloud_config
+ google-logging-enabled = true
}
+}
```
### Test Squid instance
@@ -61,16 +64,15 @@ module "cos-squid" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [allow](variables.tf#L63) | List of domains Squid will allow connections to. | list(string) | | [] |
-| [clients](variables.tf#L75) | List of CIDR ranges from which Squid will allow connections. | list(string) | | [] |
+| [allow](variables.tf#L57) | List of domains Squid will allow connections to. | list(string) | | [] |
+| [clients](variables.tf#L69) | List of CIDR ranges from which Squid will allow connections. | list(string) | | [] |
| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null |
| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Squid templates. | map(any) | | {} |
-| [default_action](variables.tf#L81) | Default action for domains not matching neither the allow or deny lists. | string | | "deny" |
-| [deny](variables.tf#L69) | List of domains Squid will deny connections to. | list(string) | | [] |
-| [docker_logging](variables.tf#L29) | Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead. | bool | | true |
-| [file_defaults](variables.tf#L41) | Default owner and permissions for files. | object({…}) | | {…} |
-| [files](variables.tf#L53) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} |
-| [squid_config](variables.tf#L35) | Squid configuration path, if null default will be used. | string | | null |
+| [default_action](variables.tf#L75) | Default action for domains not matching neither the allow or deny lists. | string | | "deny" |
+| [deny](variables.tf#L63) | List of domains Squid will deny connections to. | list(string) | | [] |
+| [file_defaults](variables.tf#L35) | Default owner and permissions for files. | object({…}) | | {…} |
+| [files](variables.tf#L47) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} |
+| [squid_config](variables.tf#L29) | Squid configuration path, if null default will be used. | string | | null |
| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null |
| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} |
diff --git a/modules/cloud-config-container/squid/cloud-config.yaml b/modules/cloud-config-container/squid/cloud-config.yaml
index 8fef77b3..cd10aa24 100644
--- a/modules/cloud-config-container/squid/cloud-config.yaml
+++ b/modules/cloud-config-container/squid/cloud-config.yaml
@@ -14,8 +14,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-# TODO: switch to the gcplogs logging driver, and set driver labels
-
users:
- name: squid
uid: 2000
@@ -71,9 +69,6 @@ write_files:
Environment="HOME=/home/squid"
ExecStartPre=/usr/bin/docker-credential-gcr configure-docker
ExecStart=/usr/bin/docker run --rm --name=squid \
- %{~ if docker_logging ~}
- --log-driver=gcplogs \
- %{~ endif ~}
--network host \
-v /etc/squid:/etc/squid \
gcr.io/pso-cft-fabric/squid:0.10
diff --git a/modules/cloud-config-container/squid/main.tf b/modules/cloud-config-container/squid/main.tf
index 81538c60..ad895c17 100644
--- a/modules/cloud-config-container/squid/main.tf
+++ b/modules/cloud-config-container/squid/main.tf
@@ -16,9 +16,8 @@
locals {
cloud_config = templatefile(local.template, merge(local.config_variables, {
- docker_logging = var.docker_logging
- squid_config = templatefile(local.squid_config, local.config_variables)
- files = local.files
+ squid_config = templatefile(local.squid_config, local.config_variables)
+ files = local.files
}))
squid_config = (
var.squid_config == null ? "${path.module}/squid.conf" : var.squid_config
diff --git a/modules/cloud-config-container/squid/variables.tf b/modules/cloud-config-container/squid/variables.tf
index 6e65e779..5180c6d3 100644
--- a/modules/cloud-config-container/squid/variables.tf
+++ b/modules/cloud-config-container/squid/variables.tf
@@ -26,12 +26,6 @@ variable "config_variables" {
default = {}
}
-variable "docker_logging" {
- description = "Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead."
- type = bool
- default = true
-}
-
variable "squid_config" {
description = "Squid configuration path, if null default will be used."
type = string
diff --git a/modules/compute-mig/README.md b/modules/compute-mig/README.md
index 895f0517..c14f69d8 100644
--- a/modules/compute-mig/README.md
+++ b/modules/compute-mig/README.md
@@ -19,7 +19,7 @@ module "nginx-template" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
name = "nginx-template"
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
tags = ["http-server", "ssh"]
network_interfaces = [{
network = var.vpc.self_link
@@ -62,7 +62,7 @@ module "nginx-template" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
name = "nginx-template"
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
tags = ["http-server", "ssh"]
network_interfaces = [{
network = var.vpc.self_link
@@ -75,7 +75,7 @@ module "nginx-template" {
type = "pd-ssd"
size = 10
}
- create_template = true
+ create_template = true
metadata = {
user-data = module.cos-nginx.cloud_config
}
@@ -113,7 +113,7 @@ module "nginx-template" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
name = "nginx-template"
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
tags = ["http-server", "ssh"]
network_interfaces = [{
network = var.vpc.self_link,
@@ -126,7 +126,7 @@ module "nginx-template" {
type = "pd-ssd"
size = 10
}
- create_template = true
+ create_template = true
metadata = {
user-data = module.cos-nginx.cloud_config
}
@@ -165,7 +165,7 @@ module "nginx-template" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
name = "nginx-template"
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
tags = ["http-server", "ssh"]
network_interfaces = [{
network = var.vpc.self_link
@@ -178,7 +178,7 @@ module "nginx-template" {
type = "pd-ssd"
size = 10
}
- create_template = true
+ create_template = true
metadata = {
user-data = module.cos-nginx.cloud_config
}
@@ -216,7 +216,7 @@ module "nginx-template" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
name = "nginx-template"
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
tags = ["http-server", "ssh"]
network_interfaces = [{
network = var.vpc.self_link
@@ -229,7 +229,7 @@ module "nginx-template" {
type = "pd-ssd"
size = 10
}
- create_template = true
+ create_template = true
metadata = {
user-data = module.cos-nginx.cloud_config
}
@@ -273,7 +273,7 @@ module "nginx-template" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
name = "nginx-template"
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
tags = ["http-server", "ssh"]
network_interfaces = [{
network = var.vpc.self_link
@@ -297,7 +297,7 @@ module "nginx-template" {
type = "PERSISTENT"
}
}]
- create_template = true
+ create_template = true
metadata = {
user-data = module.cos-nginx.cloud_config
}
@@ -343,7 +343,7 @@ module "nginx-template" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
name = "nginx-template"
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
tags = ["http-server", "ssh"]
network_interfaces = [{
network = var.vpc.self_link
@@ -367,7 +367,7 @@ module "nginx-template" {
type = "PERSISTENT"
}
}]
- create_template = true
+ create_template = true
metadata = {
user-data = module.cos-nginx.cloud_config
}
@@ -398,7 +398,7 @@ module "nginx-mig" {
preserved_state = {
disks = {
persistent-disk-1 = {
- source = "test-disk",
+ source = "test-disk",
}
}
metadata = {
diff --git a/modules/compute-vm/README.md b/modules/compute-vm/README.md
index 170a2e9d..3cf99403 100644
--- a/modules/compute-vm/README.md
+++ b/modules/compute-vm/README.md
@@ -17,7 +17,7 @@ The simplest example leverages defaults for the boot disk image and size, and us
module "simple-vm-example" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
name = "test"
network_interfaces = [{
network = var.vpc.self_link
@@ -37,11 +37,11 @@ module "simple-vm-example" {
module "spot-vm-example" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
name = "test"
options = {
- spot = true
- termination_action = "STOP"
+ spot = true
+ termination_action = "STOP"
}
network_interfaces = [{
network = var.vpc.self_link
@@ -68,7 +68,7 @@ This is an example of attaching a pre-existing regional PD to a new instance:
module "simple-vm-example" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
- zone = "${var.region}-b"
+ zone = "${var.region}-b"
name = "test"
network_interfaces = [{
network = var.vpc.self_link
@@ -94,7 +94,7 @@ And the same example for an instance template (where not using the full self lin
module "simple-vm-example" {
source = "./fabric/modules/compute-vm"
project_id = var.project_id
- zone = "${var.region}-b"
+ zone = "${var.region}-b"
name = "test"
network_interfaces = [{
network = var.vpc.self_link
@@ -110,7 +110,7 @@ module "simple-vm-example" {
}
}]
service_account_create = true
- create_template = true
+ create_template = true
}
# tftest modules=1 resources=2
```
@@ -137,11 +137,11 @@ module "kms-vm-example" {
]
service_account_create = true
boot_disk = {
- image = "projects/debian-cloud/global/images/family/debian-10"
+ image = "projects/debian-cloud/global/images/family/debian-10"
}
encryption = {
- encrypt_boot = true
- kms_key_self_link = var.kms_key.self_link
+ encrypt_boot = true
+ kms_key_self_link = var.kms_key.self_link
}
}
# tftest modules=1 resources=3
@@ -199,7 +199,7 @@ module "vm-with-gvnic" {
project_id = "my-project"
zone = "europe-west1-b"
name = "test"
- boot_disk = {
+ boot_disk = {
image = google_compute_image.cos-gvnic.self_link
type = "pd-ssd"
}
@@ -221,23 +221,23 @@ This example shows how to use the module to manage an instance template that def
module "cos-test" {
source = "./fabric/modules/compute-vm"
project_id = "my-project"
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
name = "test"
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}]
- boot_disk = {
+ boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
}
attached_disks = [
{
- name = "disk-1"
- size = 10
+ name = "disk-1"
+ size = 10
}
]
- service_account = "vm-default@my-project.iam.gserviceaccount.com"
- create_template = true
+ service_account = "vm-default@my-project.iam.gserviceaccount.com"
+ create_template = true
}
# tftest modules=1 resources=1
```
@@ -254,7 +254,7 @@ locals {
module "instance-group" {
source = "./fabric/modules/compute-vm"
project_id = "my-project"
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
name = "ilb-test"
network_interfaces = [{
network = var.vpc.self_link
diff --git a/modules/compute-vm/variables.tf b/modules/compute-vm/variables.tf
index 4f3fb3f9..4287999f 100644
--- a/modules/compute-vm/variables.tf
+++ b/modules/compute-vm/variables.tf
@@ -282,5 +282,3 @@ variable "zone" {
description = "Compute zone."
type = string
}
-
-
diff --git a/modules/net-ilb/README.md b/modules/net-ilb/README.md
index 9916f736..619a1275 100644
--- a/modules/net-ilb/README.md
+++ b/modules/net-ilb/README.md
@@ -65,9 +65,9 @@ module "cos-nginx" {
module "instance-group" {
source = "./fabric/modules/compute-vm"
- for_each = toset(["b", "c"])
+ for_each = toset(["b", "c"])
project_id = var.project_id
- zone = "europe-west1-${each.key}"
+ zone = "europe-west1-${each.key}"
name = "ilb-test-${each.key}"
network_interfaces = [{
network = var.vpc.self_link
@@ -97,7 +97,7 @@ module "ilb" {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
}
- ports = [80]
+ ports = [80]
backends = [
for z, mod in module.instance-group : {
group = mod.group.self_link