Commit 3f776ba1 authored by Aliaksandr Lubouski (EPAM)'s avatar Aliaksandr Lubouski (EPAM) 🥑
Browse files

GONRG-2306: migrate from gke-istio to asm gke

parent 7683904e
Pipeline #53028 passed with stage
in 53 seconds
......@@ -105,7 +105,9 @@ resource "google_service_account_iam_member" "config" {
resource "kubernetes_job" "infra_config" {
depends_on = [
kubernetes_config_map.infra_config,
google_service_account_iam_member.config
google_service_account_iam_member.config,
module.kubectl,
null_resource.service-gateway
]
for_each = setunion(var.data_google_projects)
metadata {
......
......@@ -16,12 +16,6 @@ resource "google_container_cluster" "primary" {
remove_default_node_pool = true
# enabling VPC-native:
ip_allocation_policy {}
addons_config {
istio_config {
disabled = "false"
# auth = "AUTH_MUTUAL_TLS"
}
}
workload_identity_config {
identity_namespace = "${var.service_google_project}.svc.id.goog"
}
......
......@@ -17,20 +17,19 @@ resource "local_file" "frontend" {
filename = "./manifests/frontend.yaml"
}
resource "null_resource" "istio-injection" {
depends_on = [google_container_cluster.primary]
triggers = {
endpoint = google_container_cluster.primary.endpoint
}
provisioner "local-exec" {
command = "gcloud container clusters get-credentials ${google_container_cluster.primary.name} --zone=${google_container_cluster.primary.location} && kubectl label namespace default istio-injection=enabled --overwrite"
}
module "kubectl" {
source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper"
module_depends_on = [google_container_cluster.primary]
project_id = var.service_google_project
cluster_name = google_container_cluster.primary.name
cluster_location = google_container_cluster.primary.location
additional_components = ["kubectl", "kpt", "beta"]
kubectl_create_command = "${path.module}/scripts/install_asm.sh ${var.service_google_project} ${google_container_cluster.primary.name} ${google_container_cluster.primary.location} asm-downloads"
kubectl_destroy_command = "${path.module}/scripts/destroy_asm.sh"
}
resource "null_resource" "service-gateway" {
depends_on = [google_container_cluster.primary, local_file.ingress]
depends_on = [google_container_cluster.primary, local_file.ingress, module.kubectl]
triggers = {
endpoint = google_container_cluster.primary.endpoint
......
#!/usr/bin/env bash
set -e
#kubectl delete ns asm-system istio-system --ignore-not-found
#kubectl label namespaces --all istio-injection-
rm install_asm
rm -rf asm-downloads
echo "clean-up done"
#!/usr/bin/env bash
set -e
curl https://storage.googleapis.com/csm-artifacts/asm/install_asm_1.9 > install_asm
chmod u+x install_asm
PROJECT_ID=$1
CLUSTER_NAME=$2
CLUSTER_LOCATION=$3
OUTDIR=${4}
echo -e "./install_asm --verbose --project_id ${PROJECT_ID} --cluster_name ${CLUSTER_NAME} --cluster_location ${CLUSTER_LOCATION} --mode install --enable_all --output_dir ${OUTDIR}"
./install_asm --verbose --project_id ${PROJECT_ID} --cluster_name ${CLUSTER_NAME} --cluster_location ${CLUSTER_LOCATION} --mode install --enable_all --output_dir ${OUTDIR}
sleep 60
echo "Enabling automatic sidecar injection (auto-injection)"
export REVISION=$(kubectl -n istio-system get pods -l app=istiod -o=jsonpath='{.items[0].metadata.labels.istio\.io/rev}')
kubectl label namespace default istio-injection- istio.io/rev=${REVISION} --overwrite
echo "Waiting for Istio to become fully operational"
sleep 60
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment