Fix GKE example (#508)

* Update GKE example to use newer vrsion of the GKE beta public cluster module, and user a newer version of the Kubernetes version

* Update GKE example to use newer vrsion of the GKE beta public cluster module, and user a newer version of the Kubernetes version

* Updated the required versions for the gke module, gke example, and root module. Minor style/formatting changes.

* Was able to get the cluster created using 1.14 of GKE master version. The forseti server pod is failing because the 2.2 chart has not been published, will test this more and try to get the tests done.

* Some more version changes and similar fixes for the on_gke module.

* delete terraform.tfvars

* Fix readme lint

examples/on_gke/main.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2020 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,35 +17,18 @@
 #--------#
 # Locals #
 #--------#
-
 locals {
   node_pool_index = [for index, node_pool in data.google_container_cluster.forseti_cluster.node_pool : index if node_pool.name == var.gke_node_pool_name][0]
 }
 
-#------------------#
-# Google Providers #
-#------------------#
-
-provider "google" {
-  version = "~> 3.7"
-  project = var.project_id
-}
-
-provider "google-beta" {
-  version = "~> 3.7"
-  project = var.project_id
-}
-
 #----------------------------------#
 # Google Client Config Data Source #
 #----------------------------------#
-
 data "google_client_config" "default" {}
 
 #-------------------------#
 # GKE Cluster Data Source #
 #-------------------------#
-
 data "google_container_cluster" "forseti_cluster" {
   name     = var.gke_cluster_name
   location = var.gke_cluster_location
@@ -64,7 +47,6 @@ data "google_compute_subnetwork" "forseti_subnetwork" {
 #---------------------#
 # Kubernetes Provider #
 #---------------------#
-
 provider "kubernetes" {
   alias                  = "forseti"
   load_config_file       = false
@@ -76,7 +58,6 @@ provider "kubernetes" {
 #---------------#
 # Helm Provider #
 #---------------#
-
 provider "helm" {
   alias           = "forseti"
   service_account = var.k8s_tiller_sa_name
@@ -95,7 +76,6 @@ provider "helm" {
 #----------------------------------------#
 #  Allow GKE Service Account to read GCS #
 #----------------------------------------#
-
 resource "google_project_iam_member" "cluster_service_account-storage_reader" {
   project = var.project_id
   role    = "roles/storage.objectViewer"
@@ -105,7 +85,6 @@ resource "google_project_iam_member" "cluster_service_account-storage_reader" {
 #-----------------------#
 # Deploy Forseti on-GKE #
 #-----------------------#
-
 module "forseti" {
   providers = {
     kubernetes = "kubernetes.forseti"

examples/on_gke/outputs.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2020 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/on_gke/variables.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2020 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/on_gke/versions.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2020 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,4 +17,12 @@
 
 terraform {
   required_version = ">= 0.12"
+  required_providers {
+    google      = "~> 3.7.0"
+    google-beta = "~> 3.7.0"
+    helm        = "~> 0.10.4"
+    http        = "~> 1.1.0"
+    kubernetes  = "~> 1.10.0"
+    local       = "~> 1.4.0"
+  }
 }

examples/on_gke_end_to_end/README.md

@@ -79,7 +79,7 @@ This script will also activate necessary APIs required for Terraform to deploy F
 | k8s\_forseti\_orchestrator\_image\_tag | The tag for the container image for the Forseti orchestrator | string | `"v2.24.0"` | no |
 | k8s\_forseti\_server\_image\_tag | The tag for the container image for the Forseti server | string | `"v2.24.0"` | no |
 | k8s\_tiller\_sa\_name | The Kubernetes Service Account used by Tiller | string | `"tiller"` | no |
-| kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `"1.13.12-gke.8"` | no |
+| kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `"1.14.10-gke.17"` | no |
 | network | The name of the VPC being created | string | `"forseti-gke-network"` | no |
 | network\_description | An optional description of the network. The resource must be recreated to modify this field. | string | `""` | no |
 | org\_id | GCP Organization ID that Forseti will have purview over | string | n/a | yes |

examples/on_gke_end_to_end/main.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2020 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,26 +14,12 @@
  * limitations under the License.
  */
 
-#------------------#
-# Google Providers #
-#------------------#
-
-provider "google" {
-  version = "~> 3.7"
-  project = var.project_id
-}
-
-provider "google-beta" {
-  version = "~> 3.7"
-  project = var.project_id
-}
-
-//*****************************************
-//  Setup the Kubernetes Provider
-//*****************************************
-
+#-------------------------------#
+# Setup the Kubernetes Provider #
+#-------------------------------#
 data "google_client_config" "default" {}
 
+# Version pinned to 1.10.0 due to https://github.com/terraform-providers/terraform-provider-kubernetes/issues/759
 provider "kubernetes" {
   alias                  = "forseti"
   load_config_file       = false
@@ -42,10 +28,9 @@ provider "kubernetes" {
   cluster_ca_certificate = base64decode(module.gke.ca_certificate)
 }
 
-//*****************************************
-//  Setup Helm Provider
-//*****************************************
-
+#---------------------#
+# Setup Helm Provider #
+#---------------------#
 provider "helm" {
   alias           = "forseti"
   service_account = var.k8s_tiller_sa_name
@@ -64,10 +49,9 @@ provider "helm" {
 #--------------------#
 # Deploy Forseti VPC #
 #--------------------#
-
 module "vpc" {
   source                  = "terraform-google-modules/network/google"
-  version                 = "1.1.0"
+  version                 = "~> 2.1.0"
   project_id              = var.project_id
   network_name            = var.network
   routing_mode            = "GLOBAL"
@@ -97,10 +81,9 @@ module "vpc" {
 #----------------------------#
 # Deploy Forseti GKE Cluster #
 #----------------------------#
-
 module "gke" {
   source                   = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster"
-  version                  = "5.0.0"
+  version                  = "~> 7.2.0"
   project_id               = var.project_id
   name                     = var.gke_cluster_name
   region                   = var.region
@@ -115,7 +98,6 @@ module "gke" {
   node_metadata            = "GKE_METADATA_SERVER"
   kubernetes_version       = var.kubernetes_version
 
-
   node_pools = [{
     name               = "default-node-pool"
     machine_type       = var.default_node_pool_machine_type
@@ -142,7 +124,6 @@ module "gke" {
 #----------------------------------------#
 #  Allow GKE Service Account to read GCS #
 #----------------------------------------#
-
 resource "google_project_iam_member" "cluster_service_account-storage_reader" {
   project = var.project_id
   role    = "roles/storage.objectViewer"
@@ -152,12 +133,12 @@ resource "google_project_iam_member" "cluster_service_account-storage_reader" {
 #-----------------------#
 # Deploy Forseti on-GKE #
 #-----------------------#
-
 module "forseti" {
   providers = {
     kubernetes = "kubernetes.forseti"
     helm       = "helm.forseti"
   }
+
   source     = "../../modules/on_gke"
   domain     = var.domain
   org_id     = var.org_id
@@ -181,7 +162,6 @@ module "forseti" {
   cscc_violations_enabled = var.cscc_violations_enabled
   cscc_source_id          = var.cscc_source_id
 
-
   config_validator_enabled           = var.config_validator_enabled
   git_sync_private_ssh_key_file      = var.git_sync_private_ssh_key_file
   k8s_forseti_server_ingress_cidr    = module.vpc.subnets_ips[0]

examples/on_gke_end_to_end/outputs.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2020 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/on_gke_end_to_end/variables.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2020 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -137,7 +137,7 @@ variable "k8s_forseti_server_image_tag" {
 variable "kubernetes_version" {
   type        = string
   description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region."
-  default     = "1.13.12-gke.8"
+  default     = "1.14.10-gke.17"
 }
 
 variable "network" {

examples/on_gke_end_to_end/versions.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2020 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,7 +14,15 @@
  * limitations under the License.
  */
 
-
 terraform {
   required_version = ">= 0.12"
+  required_providers {
+    google      = "~> 3.7.0"
+    google-beta = "~> 3.7.0"
+    helm        = "~> 0.10.4"
+    http        = "~> 1.1.0"
+    kubernetes  = "~> 1.10.0"
+    local       = "~> 1.4.0"
+    tls         = "~> 2.1.1"
+  }
 }