feat: Update modules to use new kubectl module (terraform-google-modules#602)

BREAKING CHANGE: In-cluster resources have been updated to use the [kubectl wrapper](https://github.com/terraform-google-modules/terraform-google-gcloud/tree/master/modules/kubectl-wrapper) module. See the upgrade guide for details.

Author: bharathkkb

autogen/main/dns.tf.tmpl

@@ -20,16 +20,18 @@
  Delete default kube-dns configmap
  *****************************************/
 module "gcloud_delete_default_kube_dns_configmap" {
- source = "terraform-google-modules/gcloud/google"
- version = "~> 1.3.0"
- enabled = (local.custom_kube_dns_config || local.upstream_nameservers_config) && ! var.skip_provisioners
- additional_components = ["kubectl"]
-
- upgrade = var.gcloud_upgrade
- skip_download = var.gcloud_skip_download
-
- create_cmd_entrypoint = "${path.module}/scripts/kubectl_wrapper.sh"
- create_cmd_body = "https://${local.cluster_endpoint} ${data.google_client_config.default.access_token} ${local.cluster_ca_certificate} ${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"
+ source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper"
+ version = "~> 1.4"
+ enabled = (local.custom_kube_dns_config || local.upstream_nameservers_config) && ! var.skip_provisioners
+ cluster_name = google_container_cluster.primary.name
+ cluster_location = google_container_cluster.primary.location
+ project_id = var.project_id
+ upgrade = var.gcloud_upgrade
+ skip_download = var.gcloud_skip_download
+
+
+ kubectl_create_command = "${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"
+ kubectl_destroy_command = ""
 
  module_depends_on = concat(
  [data.google_client_config.default.access_token],

dns.tf

@@ -20,16 +20,18 @@
  Delete default kube-dns configmap
  *****************************************/
 module "gcloud_delete_default_kube_dns_configmap" {
- source = "terraform-google-modules/gcloud/google"
- version = "~> 1.3.0"
- enabled = (local.custom_kube_dns_config || local.upstream_nameservers_config) && ! var.skip_provisioners
- additional_components = ["kubectl"]
-
- upgrade = var.gcloud_upgrade
- skip_download = var.gcloud_skip_download
-
- create_cmd_entrypoint = "${path.module}/scripts/kubectl_wrapper.sh"
- create_cmd_body = "https://${local.cluster_endpoint} ${data.google_client_config.default.access_token} ${local.cluster_ca_certificate} ${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"
+ source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper"
+ version = "~> 1.4"
+ enabled = (local.custom_kube_dns_config || local.upstream_nameservers_config) && ! var.skip_provisioners
+ cluster_name = google_container_cluster.primary.name
+ cluster_location = google_container_cluster.primary.location
+ project_id = var.project_id
+ upgrade = var.gcloud_upgrade
+ skip_download = var.gcloud_skip_download
+
+
+ kubectl_create_command = "${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"
+ kubectl_destroy_command = ""
 
  module_depends_on = concat(
  [data.google_client_config.default.access_token],

examples/simple_zonal_with_asm/main.tf

@@ -54,12 +54,11 @@ module "gke" {
 }
 
 module "asm" {
- source = "../../modules/asm"
- cluster_name = module.gke.name
- cluster_endpoint = module.gke.endpoint
- project_id = var.project_id
- location = module.gke.location
- use_tf_google_credentials_env_var = true
+ source = "../../modules/asm"
+ cluster_name = module.gke.name
+ cluster_endpoint = module.gke.endpoint
+ project_id = var.project_id
+ location = module.gke.location
 }
 
 data "google_client_config" "default" {

modules/acm/README.md

@@ -54,7 +54,7 @@ By default, this module will attempt to download the ACM operator from Google di
 | policy\_dir | Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default. | string | `""` | no |
 | project\_id | GCP project_id used to reach cluster. | string | n/a | yes |
 | secret\_type | git authentication secret type, is passed through to ConfigManagement spec.git.secretType. Overriden to value 'ssh' if `create_ssh_key` is true | string | `"ssh"` | no |
-| skip\_gcloud\_download | Whether to skip downloading gcloud (assumes gcloud and kubectl already available outside the module) | bool | `"false"` | no |
+| skip\_gcloud\_download | Whether to skip downloading gcloud (assumes gcloud and kubectl already available outside the module) | bool | `"true"` | no |
 | ssh\_auth\_key | Key for Git authentication. Overrides 'create_ssh_key' variable. Can be set using 'file(path/to/file)'-function. | string | `"null"` | no |
 | sync\_branch | ACM repo Git branch. If un-set, uses Config Management default. | string | `""` | no |
 | sync\_repo | ACM Git repo address | string | n/a | yes |

modules/acm/variables.tf

@@ -90,5 +90,5 @@ variable "install_template_library" {
 variable "skip_gcloud_download" {
  description = "Whether to skip downloading gcloud (assumes gcloud and kubectl already available outside the module)"
  type = bool
- default = false
+ default = true
 }

modules/asm/README.md

@@ -46,9 +46,9 @@ To deploy this config:
 | gcloud\_sdk\_version | The gcloud sdk version to use. Minimum required version is 293.0.0 | string | `"296.0.1"` | no |
 | gke\_hub\_membership\_name | Memebership name that uniquely represents the cluster being registered on the Hub | string | `"gke-asm-membership"` | no |
 | gke\_hub\_sa\_name | Name for the GKE Hub SA stored as a secret `creds-gcp` in the `gke-connect` namespace. | string | `"gke-hub-sa"` | no |
+| internal\_ip | Use internal ip for the cluster endpoint. | bool | `"false"` | no |
 | location | The location (zone or region) this cluster has been created in. | string | n/a | yes |
 | project\_id | The project in which the resource belongs. | string | n/a | yes |
 | skip\_gcloud\_download | Whether to skip downloading gcloud (assumes gcloud and kubectl already available outside the module) | bool | `"true"` | no |
-| use\_tf\_google\_credentials\_env\_var | Optional GOOGLE_CREDENTIALS environment variable to be activated. | bool | `"false"` | no |
 
  <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/asm/main.tf

@@ -18,31 +18,22 @@ locals {
  gke_hub_sa_key = var.enable_gke_hub_registration ? google_service_account_key.gke_hub_key[0].private_key : ""
 }
 
-data "google_container_cluster" "primary" {
- name = var.cluster_name
- project = var.project_id
- location = var.location
-}
-
-data "google_client_config" "default" {
-}
-
 module "asm_install" {
- source = "terraform-google-modules/gcloud/google"
- version = "~> 1.0"
+ source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper"
+ version = "~> 1.4"
  module_depends_on = [var.cluster_endpoint]
 
- platform = "linux"
- gcloud_sdk_version = var.gcloud_sdk_version
- skip_download = var.skip_gcloud_download
- upgrade = true
- use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var
- additional_components = ["kubectl", "kpt"]
+ gcloud_sdk_version = var.gcloud_sdk_version
+ skip_download = var.skip_gcloud_download
+ upgrade = true
+ additional_components = ["kubectl", "kpt", "beta", "kustomize"]
+ cluster_name = var.cluster_name
+ cluster_location = var.location
+ project_id = var.project_id
+
 
- create_cmd_entrypoint = "${path.module}/scripts/install_asm.sh"
- create_cmd_body = "${var.project_id} ${var.cluster_name} ${var.location}"
- destroy_cmd_entrypoint = "${path.module}/scripts/kubectl_wrapper.sh"
- destroy_cmd_body = "https://${var.cluster_endpoint} ${data.google_client_config.default.access_token} ${data.google_container_cluster.primary.master_auth.0.cluster_ca_certificate} kubectl delete ns istio-system"
+ kubectl_create_command = "${path.module}/scripts/install_asm.sh ${var.project_id} ${var.cluster_name} ${var.location}"
+ kubectl_destroy_command = "kubectl delete ns istio-system"
 }
 
 resource "google_service_account" "gke_hub_sa" {
@@ -66,15 +57,14 @@ resource "google_service_account_key" "gke_hub_key" {
 
 module "gke_hub_registration" {
  source = "terraform-google-modules/gcloud/google"
- version = "~> 1.0"
+ version = "~> 1.2"
 
- platform = "linux"
- gcloud_sdk_version = var.gcloud_sdk_version
- skip_download = var.skip_gcloud_download
- upgrade = true
- enabled = var.enable_gke_hub_registration
- use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var
- module_depends_on = [module.asm_install.wait]
+ platform = "linux"
+ gcloud_sdk_version = var.gcloud_sdk_version
+ skip_download = var.skip_gcloud_download
+ upgrade = true
+ enabled = var.enable_gke_hub_registration
+ module_depends_on = [module.asm_install.wait]
 
  create_cmd_entrypoint = "${path.module}/scripts/gke_hub_registration.sh"
  create_cmd_body = "${var.gke_hub_membership_name} ${var.location} ${var.cluster_name} ${local.gke_hub_sa_key}"

modules/asm/scripts/kubectl_wrapper.sh

@@ -40,12 +40,6 @@ variable "skip_gcloud_download" {
  default = true
 }
 
-variable "use_tf_google_credentials_env_var" {
- description = "Optional GOOGLE_CREDENTIALS environment variable to be activated."
- type = bool
- default = false
-}
-
 variable "gcloud_sdk_version" {
  description = "The gcloud sdk version to use. Minimum required version is 293.0.0"
  type = string
@@ -69,3 +63,9 @@ variable "gke_hub_membership_name" {
  type = string
  default = "gke-asm-membership"
 }
+
+variable "internal_ip" {
+ description = "Use internal ip for the cluster endpoint."
+ type = bool
+ default = false
+}

modules/asm/variables.tf

@@ -20,16 +20,18 @@
  Delete default kube-dns configmap
  *****************************************/
 module "gcloud_delete_default_kube_dns_configmap" {
- source = "terraform-google-modules/gcloud/google"
- version = "~> 1.3.0"
- enabled = (local.custom_kube_dns_config || local.upstream_nameservers_config) && ! var.skip_provisioners
- additional_components = ["kubectl"]
-
- upgrade = var.gcloud_upgrade
- skip_download = var.gcloud_skip_download
-
- create_cmd_entrypoint = "${path.module}/scripts/kubectl_wrapper.sh"
- create_cmd_body = "https://${local.cluster_endpoint} ${data.google_client_config.default.access_token} ${local.cluster_ca_certificate} ${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"
+ source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper"
+ version = "~> 1.4"
+ enabled = (local.custom_kube_dns_config || local.upstream_nameservers_config) && ! var.skip_provisioners
+ cluster_name = google_container_cluster.primary.name
+ cluster_location = google_container_cluster.primary.location
+ project_id = var.project_id
+ upgrade = var.gcloud_upgrade
+ skip_download = var.gcloud_skip_download
+
+
+ kubectl_create_command = "${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"
+ kubectl_destroy_command = ""
 
  module_depends_on = concat(
  [data.google_client_config.default.access_token],