diff --git a/CHANGELOG.md b/CHANGELOG.md index 13297f54..87ec9ddf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +## [3.5.0] - 2020-10-27 + - end to end example for scheduled Cloud Asset Inventory export to Bigquery - decouple Cloud Run from Istio in GKE cluster module - depend views on tables in bigquery dataset module @@ -15,6 +17,7 @@ All notable changes to this project will be documented in this file. - add examples of alias IPs in `compute-vm` module - fix support for creating disks from images in `compute-vm` - allow creating single-sided peerings in `net-vpc` and `net-vpc-peering` +- use service project registration to Shared VPC in GKE example to remove need for two-step apply ## [3.4.0] - 2020-09-24 @@ -207,7 +210,8 @@ All notable changes to this project will be documented in this file. - merge development branch with suite of new modules and end-to-end examples -[Unreleased]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.4.0...HEAD +[Unreleased]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.5.0...HEAD +[3.5.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.4.0...v3.5.0 [3.4.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.3.0...v3.4.0 [3.3.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.2.0...v3.3.0 [3.2.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.1.1...v3.2.0 diff --git a/networking/ilb-next-hop/README.md b/networking/ilb-next-hop/README.md index 4124d783..961ec81c 100644 --- a/networking/ilb-next-hop/README.md +++ b/networking/ilb-next-hop/README.md @@ -6,7 +6,7 @@ The following diagram shows the resources created by this example ![High-level diagram](diagram.png "High-level diagram") -Two ILBs are configured on the primary and secondary interfaces of gateway VMs with active health checks, but only the single one is used as next hop by default to simplify testing. The second (right-side) VPC has default routes that point to the gateway VMs, to also use the right-side ILB as next hop set the `ilb_right_enable` variable to `true`. +Two ILBs are configured on the primary and secondary interfaces of gateway VMs with active health checks, but only a single one is used as next hop by default to simplify testing. The second (right-side) VPC has default routes that point to the gateway VMs, to also use the right-side ILB as next hop set the `ilb_right_enable` variable to `true`. ## Testing diff --git a/networking/shared-vpc-gke/README.md b/networking/shared-vpc-gke/README.md index 2215d765..2bc72fda 100644 --- a/networking/shared-vpc-gke/README.md +++ b/networking/shared-vpc-gke/README.md @@ -6,19 +6,6 @@ The sample has been purposefully kept simple so that it can be used as a basis f ![High-level diagram](diagram.png "High-level diagram") -## Applying the example - -The example cannot be applied from scratch with a single `terraform apply` command, as Terraform is unable to manage Shared VPC project registration for multiple projects, before those are created and exist in state. To apply the example from scratch, follow this order: - -```bash -tf apply \ - -target module.project-svc-gce \ - -target module.project-svc-gke -tf apply -``` - -Once the first command has run successfully, the service projects exist in state and can be referenced by the multiple resource in the host project module that manages project registration. - ## Accessing the bastion instance and GKE cluster The bastion VM has no public address so access is mediated via [IAP](https://cloud.google.com/iap/docs), which is supported transparently in the `gcloud compute ssh` command. Authentication is via OS Login set as a project default. diff --git a/networking/shared-vpc-gke/main.tf b/networking/shared-vpc-gke/main.tf index a31185ec..ef6ee338 100644 --- a/networking/shared-vpc-gke/main.tf +++ b/networking/shared-vpc-gke/main.tf @@ -27,11 +27,8 @@ module "project-host" { name = "net" services = concat(var.project_services, ["dns.googleapis.com"]) shared_vpc_host_config = { - enabled = true - service_projects = [ - module.project-svc-gce.project_id, - module.project-svc-gke.project_id - ] + enabled = true + service_projects = [] # defined later } iam_members = { "roles/container.hostServiceAgentUser" = [ @@ -50,6 +47,10 @@ module "project-svc-gce" { services = var.project_services oslogin = true oslogin_admins = var.owners_gce + shared_vpc_service_config = { + attach = true + host_project = module.project-host.project_id + } iam_members = { "roles/logging.logWriter" = [module.vm-bastion.service_account_iam_email], "roles/monitoring.metricWriter" = [module.vm-bastion.service_account_iam_email], @@ -67,6 +68,10 @@ module "project-svc-gke" { prefix = var.prefix name = "gke" services = var.project_services + shared_vpc_service_config = { + attach = true + host_project = module.project-host.project_id + } iam_members = { "roles/container.developer" = [module.vm-bastion.service_account_iam_email], "roles/logging.logWriter" = [module.service-account-gke-node.iam_email], diff --git a/tests/networking/shared_vpc_gke/test_plan.py b/tests/networking/shared_vpc_gke/test_plan.py index 41e5f7c0..c0c0b1c6 100644 --- a/tests/networking/shared_vpc_gke/test_plan.py +++ b/tests/networking/shared_vpc_gke/test_plan.py @@ -22,9 +22,6 @@ FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture') def test_resources(e2e_plan_runner): "Test that plan works and the numbers of resources is as expected." - modules, resources = e2e_plan_runner(FIXTURES_DIR, targets=[ - "module.test.module.project-svc-gce", - "module.test.module.project-svc-gke" - ]) - assert len(modules) == 4 - assert len(resources) == 16 + modules, resources = e2e_plan_runner(FIXTURES_DIR) + assert len(modules) == 11 + assert len(resources) == 43