Autopilot fixes

blueprints/gke/autopilot/README.md

@@ -1,6 +1,6 @@
 # Load testing an application running on an autopilot cluster
 
-This blueprint creates an Autopilot cluster with Google-managed Prometheus enabled and install an application that scales as the traffic that is hitting the load balancer exposing it grows. It also installs the tooling required to distributed load test with [locust](https://locust.io) on that application and the monitoring tooling required to observe how things evolve in the cluster during the load test. Ansible is used to install the application and all the tooling on a management VM. 
+This blueprint creates an Autopilot cluster with Google-managed Prometheus enabled and installs an application that scales as the traffic that is hitting the load balancer exposing it grows. It also installs the tooling required to distributed load test with [locust](https://locust.io) on that application and the monitoring tooling required to observe how things evolve in the cluster during the load test. Ansible is used to install the application and all the tooling on a management VM. 
 
 The diagram below depicts the architecture.
 
@@ -64,13 +64,14 @@ Alternatively you can also check all the above using the dashboards available in
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L75) | Project ID. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L68) | Project ID. | <code>string</code> | ✓ |  |
 | [cluster_network_config](variables.tf#L17) | Cluster network configuration. | <code title="object&#40;&#123;&#10;  nodes_cidr_block              &#61; string&#10;  pods_cidr_block               &#61; string&#10;  services_cidr_block           &#61; string&#10;  master_authorized_cidr_blocks &#61; map&#40;string&#41;&#10;  master_cidr_block             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  nodes_cidr_block    &#61; &#34;10.0.1.0&#47;24&#34;&#10;  pods_cidr_block     &#61; &#34;172.16.0.0&#47;20&#34;&#10;  services_cidr_block &#61; &#34;192.168.0.0&#47;24&#34;&#10;  master_authorized_cidr_blocks &#61; &#123;&#10;    internal &#61; &#34;10.0.0.0&#47;8&#34;&#10;  &#125;&#10;  master_cidr_block &#61; &#34;10.0.0.0&#47;28&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
 | [mgmt_server_config](variables.tf#L37) | Management server configuration. | <code title="object&#40;&#123;&#10;  disk_size     &#61; number&#10;  disk_type     &#61; string&#10;  image         &#61; string&#10;  instance_type &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  disk_size     &#61; 50&#10;  disk_type     &#61; &#34;pd-ssd&#34;&#10;  image         &#61; &#34;projects&#47;ubuntu-os-cloud&#47;global&#47;images&#47;family&#47;ubuntu-2204-lts&#34;&#10;  instance_type &#61; &#34;n1-standard-2&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
 | [mgmt_subnet_cidr_block](variables.tf#L53) | Management subnet IP CIDR range. | <code>string</code> |  | <code>&#34;10.0.2.0&#47;24&#34;</code> |
-| [network](variables.tf#L59) | VPC name. | <code>string</code> |  | <code>&#34;vpc&#34;</code> |
-| [project_create](variables.tf#L66) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
-| [region](variables.tf#L80) | Region. | <code>string</code> |  | <code>&#34;europe-west1&#34;</code> |
+| [project_create](variables.tf#L59) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [region](variables.tf#L73) | Region. | <code>string</code> |  | <code>&#34;europe-west1&#34;</code> |
+| [vpc_create](variables.tf#L79) | Flag indicating whether the VPC should be created or not. | <code>bool</code> |  | <code>true</code> |
+| [vpc_name](variables.tf#L85) | VPC name. | <code>string</code> |  | <code>&#34;vpc&#34;</code> |
 
 ## Outputs
 
@@ -90,5 +91,5 @@ module "test" {
   }
   project_id = "my-project"
 }
-# tftest modules=10 resources=30
+# tftest modules=11 resources=34
 ```

blueprints/gke/autopilot/bundle/app/nginx.yaml

@@ -70,11 +70,12 @@ spec:
           initialDelaySeconds: 2
           periodSeconds: 2
           failureThreshold: 1 
-        requests:
-          cpu: 10m
-          memory: 10Mi
-        limits:
-          memory: 10Mi            
+        resources:
+          requests:
+            cpu: 10m
+            memory: 10Mi
+          limits:
+            memory: 10Mi            
       - name: nginx-prometheus-exporter
         image: nginx/nginx-prometheus-exporter:0.10.0
         ports:
@@ -83,11 +84,12 @@ spec:
         env:
         - name: SCRAPE_URI
           value: http://localhost:8080/stub_status
-        requests:
-          cpu: 5m
-          memory: 5Mi
-        limits:
-          memory: 5Mi            
+        resources:
+          requests:
+            cpu: 5m
+            memory: 5Mi
+          limits:
+            memory: 5Mi            
       volumes:
       - name: nginx-config
         configMap:

blueprints/gke/autopilot/bundle/locust/workers.yaml

@@ -44,8 +44,9 @@ spec:
               value: worker
             - name: LOCUST_MASTER
               value: locust-master
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            memory: 50Mi     
+          resources:              
+            requests:
+              cpu: 20m
+              memory: 50Mi
+            limits:
+              memory: 50Mi     

blueprints/gke/autopilot/main.tf

@@ -29,7 +29,8 @@ module "project" {
   services = [
     "artifactregistry.googleapis.com",
     "cloudbuild.googleapis.com",
-    "container.googleapis.com"
+    "container.googleapis.com",
+    "compute.googleapis.com"
   ]
   iam = {
     "roles/monitoring.viewer"            = [module.monitoring_sa.iam_email]

blueprints/gke/autopilot/mgmt.tf

@@ -36,4 +36,5 @@ module "mgmt_server" {
     type  = var.mgmt_server_config.disk_type
     size  = var.mgmt_server_config.disk_size
   }
-}
+  tags = ["ssh"]
+}

blueprints/gke/autopilot/variables.tf

@@ -56,13 +56,6 @@ variable "mgmt_subnet_cidr_block" {
   default     = "10.0.2.0/24"
 }
 
-variable "network" {
-  description = "VPC name."
-  type        = string
-  default     = "vpc"
-  nullable    = false
-}
-
 variable "project_create" {
   description = "Parameters for the creation of the new project."
   type = object({
@@ -81,4 +74,17 @@ variable "region" {
   description = "Region."
   type        = string
   default     = "europe-west1"
+}
+
+variable "vpc_create" {
+  description = "Flag indicating whether the VPC should be created or not."
+  type        = bool
+  default     = true
+}
+
+variable "vpc_name" {
+  description = "VPC name."
+  type        = string
+  nullable    = false
+  default     = "vpc"
 }

blueprints/gke/autopilot/vpc.tf

@@ -17,8 +17,8 @@
 module "vpc" {
   source     = "../../../modules/net-vpc"
   project_id = module.project.project_id
-  name       = var.network
-  vpc_create = (var.project_create != null)
+  name       = var.vpc_name
+  vpc_create = var.vpc_create
   subnets = [
     {
       ip_cidr_range = var.mgmt_subnet_cidr_block
@@ -37,6 +37,12 @@ module "vpc" {
   ]
 }
 
+module "firewall" {
+  source     = "../../../modules/net-vpc-firewall"
+  project_id = module.project.project_id
+  network    = module.vpc.name
+}
+
 module "nat" {
   source         = "../../../modules/net-cloudnat"
   project_id     = module.project.project_id