Update GKE SVPC example to prevent -target usage
This commit is contained in:
parent
7ab87d0790
commit
f919a8dba0
|
@ -6,19 +6,6 @@ The sample has been purposefully kept simple so that it can be used as a basis f
|
|||
|
||||
![High-level diagram](diagram.png "High-level diagram")
|
||||
|
||||
## Applying the example
|
||||
|
||||
The example cannot be applied from scratch with a single `terraform apply` command, as Terraform is unable to manage Shared VPC project registration for multiple projects, before those are created and exist in state. To apply the example from scratch, follow this order:
|
||||
|
||||
```bash
|
||||
tf apply \
|
||||
-target module.project-svc-gce \
|
||||
-target module.project-svc-gke
|
||||
tf apply
|
||||
```
|
||||
|
||||
Once the first command has run successfully, the service projects exist in state and can be referenced by the multiple resource in the host project module that manages project registration.
|
||||
|
||||
## Accessing the bastion instance and GKE cluster
|
||||
|
||||
The bastion VM has no public address so access is mediated via [IAP](https://cloud.google.com/iap/docs), which is supported transparently in the `gcloud compute ssh` command. Authentication is via OS Login set as a project default.
|
||||
|
|
|
@ -27,11 +27,8 @@ module "project-host" {
|
|||
name = "net"
|
||||
services = concat(var.project_services, ["dns.googleapis.com"])
|
||||
shared_vpc_host_config = {
|
||||
enabled = true
|
||||
service_projects = [
|
||||
module.project-svc-gce.project_id,
|
||||
module.project-svc-gke.project_id
|
||||
]
|
||||
enabled = true
|
||||
service_projects = [] # defined later
|
||||
}
|
||||
iam_roles = [
|
||||
"roles/container.hostServiceAgentUser", "roles/owner"
|
||||
|
@ -53,6 +50,10 @@ module "project-svc-gce" {
|
|||
services = var.project_services
|
||||
oslogin = true
|
||||
oslogin_admins = var.owners_gce
|
||||
shared_vpc_service_config = {
|
||||
attach = true
|
||||
host_project = module.project-host.project_id
|
||||
}
|
||||
iam_roles = [
|
||||
"roles/logging.logWriter",
|
||||
"roles/monitoring.metricWriter",
|
||||
|
@ -75,6 +76,10 @@ module "project-svc-gke" {
|
|||
prefix = var.prefix
|
||||
name = "gke"
|
||||
services = var.project_services
|
||||
shared_vpc_service_config = {
|
||||
attach = true
|
||||
host_project = module.project-host.project_id
|
||||
}
|
||||
iam_roles = [
|
||||
"roles/container.developer",
|
||||
"roles/logging.logWriter",
|
||||
|
|
|
@ -22,9 +22,6 @@ FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
|
|||
|
||||
def test_resources(e2e_plan_runner):
|
||||
"Test that plan works and the numbers of resources is as expected."
|
||||
modules, resources = e2e_plan_runner(FIXTURES_DIR, targets=[
|
||||
"module.test.module.project-svc-gce",
|
||||
"module.test.module.project-svc-gke"
|
||||
])
|
||||
assert len(modules) == 4
|
||||
assert len(resources) == 16
|
||||
modules, resources = e2e_plan_runner(FIXTURES_DIR)
|
||||
assert len(modules) == 11
|
||||
assert len(resources) == 43
|
||||
|
|
Loading…
Reference in New Issue