zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into terraform-0.13

This commit is contained in:
Julio Castillo 2020-10-30 00:25:37 +01:00
parent fc5017cc24 846bd29d77
commit bf86fb8a96
5 changed files with 19 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -4,6 +4,8 @@ All notable changes to this project will be documented in this file.
## [Unreleased]
## [3.5.0] - 2020-10-27
- end to end example for scheduled Cloud Asset Inventory export to Bigquery
- decouple Cloud Run from Istio in GKE cluster module
- depend views on tables in bigquery dataset module
@ -15,6 +17,7 @@ All notable changes to this project will be documented in this file.
- add examples of alias IPs in `compute-vm` module
- fix support for creating disks from images in `compute-vm`
- allow creating single-sided peerings in `net-vpc` and `net-vpc-peering`
- use service project registration to Shared VPC in GKE example to remove need for two-step apply
## [3.4.0] - 2020-09-24
@ -207,7 +210,8 @@ All notable changes to this project will be documented in this file.
- merge development branch with suite of new modules and end-to-end examples
[Unreleased]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.4.0...HEAD
[Unreleased]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.5.0...HEAD
[3.5.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.4.0...v3.5.0
[3.4.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.3.0...v3.4.0
[3.3.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.2.0...v3.3.0
[3.2.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.1.1...v3.2.0

2
networking/ilb-next-hop/README.md
View File

@ -6,7 +6,7 @@ The following diagram shows the resources created by this example
![High-level diagram](diagram.png "High-level diagram")
Two ILBs are configured on the primary and secondary interfaces of gateway VMs with active health checks, but only the single one is used as next hop by default to simplify testing. The second (right-side) VPC has default routes that point to the gateway VMs, to also use the right-side ILB as next hop set the `ilb_right_enable` variable to `true`.
Two ILBs are configured on the primary and secondary interfaces of gateway VMs with active health checks, but only a single one is used as next hop by default to simplify testing. The second (right-side) VPC has default routes that point to the gateway VMs, to also use the right-side ILB as next hop set the `ilb_right_enable` variable to `true`.
## Testing

13
networking/shared-vpc-gke/README.md
View File

@ -6,19 +6,6 @@ The sample has been purposefully kept simple so that it can be used as a basis f
![High-level diagram](diagram.png "High-level diagram")
## Applying the example
The example cannot be applied from scratch with a single `terraform apply` command, as Terraform is unable to manage Shared VPC project registration for multiple projects, before those are created and exist in state. To apply the example from scratch, follow this order:
```bash
tf apply \
-target module.project-svc-gce \
-target module.project-svc-gke
tf apply
```
Once the first command has run successfully, the service projects exist in state and can be referenced by the multiple resource in the host project module that manages project registration.
## Accessing the bastion instance and GKE cluster
The bastion VM has no public address so access is mediated via [IAP](https://cloud.google.com/iap/docs), which is supported transparently in the `gcloud compute ssh` command. Authentication is via OS Login set as a project default.

15
networking/shared-vpc-gke/main.tf
View File

@ -27,11 +27,8 @@ module "project-host" {
name = "net"
services = concat(var.project_services, ["dns.googleapis.com"])
shared_vpc_host_config = {
enabled = true
service_projects = [
module.project-svc-gce.project_id,
module.project-svc-gke.project_id
]
enabled = true
service_projects = [] # defined later
}
iam_members = {
"roles/container.hostServiceAgentUser" = [
@ -50,6 +47,10 @@ module "project-svc-gce" {
services = var.project_services
oslogin = true
oslogin_admins = var.owners_gce
shared_vpc_service_config = {
attach = true
host_project = module.project-host.project_id
}
iam_members = {
"roles/logging.logWriter" = [module.vm-bastion.service_account_iam_email],
"roles/monitoring.metricWriter" = [module.vm-bastion.service_account_iam_email],
@ -67,6 +68,10 @@ module "project-svc-gke" {
prefix = var.prefix
name = "gke"
services = var.project_services
shared_vpc_service_config = {
attach = true
host_project = module.project-host.project_id
}
iam_members = {
"roles/container.developer" = [module.vm-bastion.service_account_iam_email],
"roles/logging.logWriter" = [module.service-account-gke-node.iam_email],

9
tests/networking/shared_vpc_gke/test_plan.py
View File

@ -22,9 +22,6 @@ FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner(FIXTURES_DIR, targets=[
"module.test.module.project-svc-gce",
"module.test.module.project-svc-gke"
])
assert len(modules) == 4
assert len(resources) == 16
modules, resources = e2e_plan_runner(FIXTURES_DIR)
assert len(modules) == 11
assert len(resources) == 43