From b1d9b27ac3087d9f2bcc592b2818da84602088f5 Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Tue, 30 Aug 2022 20:39:47 +0200 Subject: [PATCH] Allow peering configuration to be passed as variable to fleet example. --- examples/gke-serverless/multitenant-fleet/README.md | 9 +++++---- .../multitenant-fleet/gke-clusters.tf | 10 +++------- .../gke-serverless/multitenant-fleet/variables.tf | 13 +++++++++++++ fast/stages/03-gke-multitenant/dev/README.md | 2 +- 4 files changed, 22 insertions(+), 12 deletions(-) diff --git a/examples/gke-serverless/multitenant-fleet/README.md b/examples/gke-serverless/multitenant-fleet/README.md index c1ae7476..a4d6382c 100644 --- a/examples/gke-serverless/multitenant-fleet/README.md +++ b/examples/gke-serverless/multitenant-fleet/README.md @@ -140,9 +140,9 @@ fleet_features = { | [clusters](variables.tf#L61) | | map(object({…})) | ✓ | | | | [folder_id](variables.tf#L163) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | string | ✓ | | | | [nodepools](variables.tf#L206) | | map(map(object({…}))) | ✓ | | | -| [prefix](variables.tf#L223) | Prefix used for resources that need unique names. | string | ✓ | | | -| [project_id](variables.tf#L228) | ID of the project that will contain all the clusters. | string | ✓ | | | -| [vpc_config](variables.tf#L240) | Shared VPC project and VPC details. | object({…}) | ✓ | | | +| [prefix](variables.tf#L236) | Prefix used for resources that need unique names. | string | ✓ | | | +| [project_id](variables.tf#L241) | ID of the project that will contain all the clusters. | string | ✓ | | | +| [vpc_config](variables.tf#L253) | Shared VPC project and VPC details. | object({…}) | ✓ | | | | [authenticator_security_group](variables.tf#L21) | Optional group used for Groups for GKE. | string | | null | | | [cluster_defaults](variables.tf#L32) | Default values for optional cluster configurations. | object({…}) | | {…} | | | [dns_domain](variables.tf#L94) | Domain name used for clusters, prefixed by each cluster name. Leave null to disable Cloud DNS for GKE. | string | | null | | @@ -154,7 +154,8 @@ fleet_features = { | [iam](variables.tf#L175) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | | [labels](variables.tf#L182) | Project-level labels. | map(string) | | {} | | | [nodepool_defaults](variables.tf#L188) | | object({…}) | | {…} | | -| [project_services](variables.tf#L233) | Additional project services to enable. | list(string) | | [] | | +| [peering_config](variables.tf#L223) | Configure peering with the control plane VPC. Requires compute.networks.updatePeering. Set to null if you don't want to update the default peering configuration. | object({…}) | | {…} | | +| [project_services](variables.tf#L246) | Additional project services to enable. | list(string) | | [] | | ## Outputs diff --git a/examples/gke-serverless/multitenant-fleet/gke-clusters.tf b/examples/gke-serverless/multitenant-fleet/gke-clusters.tf index f94039dc..8e04d780 100644 --- a/examples/gke-serverless/multitenant-fleet/gke-clusters.tf +++ b/examples/gke-serverless/multitenant-fleet/gke-clusters.tf @@ -73,12 +73,9 @@ module "gke-cluster" { logging_config = ["SYSTEM_COMPONENTS", "WORKLOADS"] monitoring_config = ["SYSTEM_COMPONENTS", "WORKLOADS"] - # if you don't have compute.networks.updatePeering in the host - # project, comment the next lines and ask your network admin to - # create the peering for you - peering_config = { - export_routes = true - import_routes = false + peering_config = var.peering_config == null ? null : { + export_routes = var.peering_config.export_routes + import_routes = var.peering_config.import_routes project_id = var.vpc_config.host_project_id } resource_usage_export_config = { @@ -116,5 +113,4 @@ module "gke-cluster" { # memory_max = each.value.cluster_autoscaling.memory_max # } # } - } diff --git a/examples/gke-serverless/multitenant-fleet/variables.tf b/examples/gke-serverless/multitenant-fleet/variables.tf index 2354b136..37138c37 100644 --- a/examples/gke-serverless/multitenant-fleet/variables.tf +++ b/examples/gke-serverless/multitenant-fleet/variables.tf @@ -220,6 +220,19 @@ variable "nodepools" { }))) } +variable "peering_config" { + description = "Configure peering with the control plane VPC. Requires compute.networks.updatePeering. Set to null if you don't want to update the default peering configuration." + type = object({ + export_routes = bool + import_routes = bool + }) + default = { + export_routes = true + // TODO(jccb) is there any situation where the control plane VPC would export any routes? + import_routes = false + } +} + variable "prefix" { description = "Prefix used for resources that need unique names." type = string diff --git a/fast/stages/03-gke-multitenant/dev/README.md b/fast/stages/03-gke-multitenant/dev/README.md index f7eea314..96982861 100644 --- a/fast/stages/03-gke-multitenant/dev/README.md +++ b/fast/stages/03-gke-multitenant/dev/README.md @@ -92,7 +92,7 @@ Leave all these variables unset (or set to `null`) to disable fleet management. ## Running Terraform -Once the [providers](#providers-configuration) and [variable](#variable-configuration) configuration is complete, you can apply this stage: +Once the [provider](#providers-configuration) and [variable](#variable-configuration) configuration is complete, you can apply this stage: ```bash terraform init