Fix permissions and update NVA and peering net stages for gke
This commit is contained in:
parent
259afec97d
commit
f9b808b4bc
|
@ -51,7 +51,7 @@ module "branch-gke-multitenant-prod-folder" {
|
||||||
|
|
||||||
module "branch-gke-multitenant-prod-sa" {
|
module "branch-gke-multitenant-prod-sa" {
|
||||||
source = "../../../modules/iam-service-account"
|
source = "../../../modules/iam-service-account"
|
||||||
project_id = var.automation_project_id
|
project_id = var.automation.project_id
|
||||||
name = "prod-resman-gke-0"
|
name = "prod-resman-gke-0"
|
||||||
description = "Terraform gke multitenant prod service account."
|
description = "Terraform gke multitenant prod service account."
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
|
@ -63,7 +63,7 @@ module "branch-gke-multitenant-prod-sa" {
|
||||||
|
|
||||||
module "branch-gke-multitenant-prod-gcs" {
|
module "branch-gke-multitenant-prod-gcs" {
|
||||||
source = "../../../modules/gcs"
|
source = "../../../modules/gcs"
|
||||||
project_id = var.automation_project_id
|
project_id = var.automation.project_id
|
||||||
name = "prod-resman-gke-0"
|
name = "prod-resman-gke-0"
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
versioning = true
|
versioning = true
|
||||||
|
@ -92,7 +92,7 @@ module "branch-gke-multitenant-dev-folder" {
|
||||||
|
|
||||||
module "branch-gke-multitenant-dev-sa" {
|
module "branch-gke-multitenant-dev-sa" {
|
||||||
source = "../../../modules/iam-service-account"
|
source = "../../../modules/iam-service-account"
|
||||||
project_id = var.automation_project_id
|
project_id = var.automation.project_id
|
||||||
name = "dev-resman-gke-0"
|
name = "dev-resman-gke-0"
|
||||||
description = "Terraform gke multitenant dev service account."
|
description = "Terraform gke multitenant dev service account."
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
|
@ -104,7 +104,7 @@ module "branch-gke-multitenant-dev-sa" {
|
||||||
|
|
||||||
module "branch-gke-multitenant-dev-gcs" {
|
module "branch-gke-multitenant-dev-gcs" {
|
||||||
source = "../../../modules/gcs"
|
source = "../../../modules/gcs"
|
||||||
project_id = var.automation_project_id
|
project_id = var.automation.project_id
|
||||||
name = "dev-resman-gke-0"
|
name = "dev-resman-gke-0"
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
versioning = true
|
versioning = true
|
||||||
|
|
|
@ -126,6 +126,7 @@ resource "google_project_iam_binding" "dev_spoke_project_iam_delegated" {
|
||||||
members = [
|
members = [
|
||||||
local.service_accounts.data-platform-dev,
|
local.service_accounts.data-platform-dev,
|
||||||
local.service_accounts.project-factory-dev,
|
local.service_accounts.project-factory-dev,
|
||||||
|
local.service_accounts.gke-multitenant-dev,
|
||||||
]
|
]
|
||||||
condition {
|
condition {
|
||||||
title = "dev_stage3_sa_delegated_grants"
|
title = "dev_stage3_sa_delegated_grants"
|
||||||
|
|
|
@ -126,6 +126,7 @@ resource "google_project_iam_binding" "prod_spoke_project_iam_delegated" {
|
||||||
members = [
|
members = [
|
||||||
local.service_accounts.data-platform-prod,
|
local.service_accounts.data-platform-prod,
|
||||||
local.service_accounts.project-factory-prod,
|
local.service_accounts.project-factory-prod,
|
||||||
|
local.service_accounts.gke-multitenant-prod,
|
||||||
]
|
]
|
||||||
condition {
|
condition {
|
||||||
title = "prod_stage3_sa_delegated_grants"
|
title = "prod_stage3_sa_delegated_grants"
|
||||||
|
|
|
@ -209,6 +209,8 @@ variable "service_accounts" {
|
||||||
type = object({
|
type = object({
|
||||||
data-platform-dev = string
|
data-platform-dev = string
|
||||||
data-platform-prod = string
|
data-platform-prod = string
|
||||||
|
gke-multitenant-dev = string
|
||||||
|
gke-multitenant-prod = string
|
||||||
project-factory-dev = string
|
project-factory-dev = string
|
||||||
project-factory-prod = string
|
project-factory-prod = string
|
||||||
})
|
})
|
||||||
|
|
|
@ -103,6 +103,7 @@ resource "google_project_iam_binding" "dev_spoke_project_iam_delegated" {
|
||||||
members = [
|
members = [
|
||||||
local.service_accounts.data-platform-dev,
|
local.service_accounts.data-platform-dev,
|
||||||
local.service_accounts.project-factory-dev,
|
local.service_accounts.project-factory-dev,
|
||||||
|
local.service_accounts.gke-multitenant-dev,
|
||||||
]
|
]
|
||||||
condition {
|
condition {
|
||||||
title = "dev_stage3_sa_delegated_grants"
|
title = "dev_stage3_sa_delegated_grants"
|
||||||
|
|
|
@ -103,6 +103,7 @@ resource "google_project_iam_binding" "prod_spoke_project_iam_delegated" {
|
||||||
members = [
|
members = [
|
||||||
local.service_accounts.data-platform-prod,
|
local.service_accounts.data-platform-prod,
|
||||||
local.service_accounts.project-factory-prod,
|
local.service_accounts.project-factory-prod,
|
||||||
|
local.service_accounts.gke-multitenant-prod,
|
||||||
]
|
]
|
||||||
condition {
|
condition {
|
||||||
title = "prod_stage3_sa_delegated_grants"
|
title = "prod_stage3_sa_delegated_grants"
|
||||||
|
|
|
@ -187,6 +187,8 @@ variable "service_accounts" {
|
||||||
type = object({
|
type = object({
|
||||||
data-platform-dev = string
|
data-platform-dev = string
|
||||||
data-platform-prod = string
|
data-platform-prod = string
|
||||||
|
gke-multitenant-dev = string
|
||||||
|
gke-multitenant-prod = string
|
||||||
project-factory-dev = string
|
project-factory-dev = string
|
||||||
project-factory-prod = string
|
project-factory-prod = string
|
||||||
})
|
})
|
||||||
|
|
|
@ -44,6 +44,7 @@ module "gke-cluster" {
|
||||||
config_connector_config = true
|
config_connector_config = true
|
||||||
kalm_config = false
|
kalm_config = false
|
||||||
gcp_filestore_csi_driver_config = false
|
gcp_filestore_csi_driver_config = false
|
||||||
|
gke_backup_agent_config = false
|
||||||
# enable only if enable_dataplane_v2 is changed to false below
|
# enable only if enable_dataplane_v2 is changed to false below
|
||||||
network_policy_config = false
|
network_policy_config = false
|
||||||
istio_config = {
|
istio_config = {
|
||||||
|
|
|
@ -35,6 +35,8 @@ module "stage" {
|
||||||
service_accounts = {
|
service_accounts = {
|
||||||
data-platform-dev = "string"
|
data-platform-dev = "string"
|
||||||
data-platform-prod = "string"
|
data-platform-prod = "string"
|
||||||
|
gke-multitenant-dev = "string"
|
||||||
|
gke-multitenant-prod = "string"
|
||||||
project-factory-dev = "string"
|
project-factory-dev = "string"
|
||||||
project-factory-prod = "string"
|
project-factory-prod = "string"
|
||||||
}
|
}
|
||||||
|
|
|
@ -35,6 +35,8 @@ module "stage" {
|
||||||
service_accounts = {
|
service_accounts = {
|
||||||
data-platform-dev = "string"
|
data-platform-dev = "string"
|
||||||
data-platform-prod = "string"
|
data-platform-prod = "string"
|
||||||
|
gke-multitenant-dev = "string"
|
||||||
|
gke-multitenant-prod = "string"
|
||||||
project-factory-dev = "string"
|
project-factory-dev = "string"
|
||||||
project-factory-prod = "string"
|
project-factory-prod = "string"
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,11 +23,11 @@ def resources(plan_runner):
|
||||||
|
|
||||||
def test_resource_count(resources):
|
def test_resource_count(resources):
|
||||||
"Test number of resources created."
|
"Test number of resources created."
|
||||||
assert len(resources) == 8
|
assert len(resources) == 6
|
||||||
assert sorted(r['address'] for r in resources) == [
|
assert sorted(r['address'] for r in resources) == [
|
||||||
'module.hub.google_gke_hub_feature.configmanagement["1"]',
|
'module.hub.google_gke_hub_feature.configmanagement["1"]',
|
||||||
'module.hub.google_gke_hub_feature.mci["mycluster1"]',
|
# 'module.hub.google_gke_hub_feature.mci["mycluster1"]',
|
||||||
'module.hub.google_gke_hub_feature.mci["mycluster2"]',
|
# 'module.hub.google_gke_hub_feature.mci["mycluster2"]',
|
||||||
'module.hub.google_gke_hub_feature.mcs["1"]',
|
'module.hub.google_gke_hub_feature.mcs["1"]',
|
||||||
'module.hub.google_gke_hub_feature_membership.feature_member["mycluster1"]',
|
'module.hub.google_gke_hub_feature_membership.feature_member["mycluster1"]',
|
||||||
'module.hub.google_gke_hub_feature_membership.feature_member["mycluster2"]',
|
'module.hub.google_gke_hub_feature_membership.feature_member["mycluster2"]',
|
||||||
|
|
Loading…
Reference in New Issue