feat: add attached-install-mesh arguments (#718)

Author: apeabody

anthos-attached-clusters/kind/README.md

@@ -1,4 +1,4 @@
-# Sandbox Example to Attach a [kind](https://kind.sigs.k8s.io/) Cluster using Terraform
+# Sandbox Example to Attach a [kind](https://kind.sigs.k8s.io/) Cluster and install Service Mesh using Terraform
 
 ## Prerequisites
 The sample is meant just to provide a local example for experimentation. It assumes an environment where [`kind`](https://kind.sigs.k8s.io/) is available and could otherwise be run on the command line, e.g. `kind create cluster`.

anthos-attached-clusters/kind/main.tf

@@ -120,13 +120,19 @@ resource "google_container_attached_cluster" "primary" {
   ]
 }
 
+# Install Cloud Service Mesh
 module "install-mesh" {
   source = "../modules/attached-install-mesh"
 
   kubeconfig = kind_cluster.cluster.kubeconfig_path
   context    = local.cluster_context
   fleet_id   = data.google_project.project.project_id
 
+  asmcli_enable_cluster_roles      = true
+  asmcli_enable_cluster_labels     = true
+  asmcli_enable_gcp_components     = true
+  asmcli_enable_namespace_creation = true
+
   depends_on = [
     google_container_attached_cluster.primary
   ]

anthos-attached-clusters/modules/attached-install-mesh/README.md

@@ -6,11 +6,16 @@ Sample module to install [Google Cloud Service Mesh](https://cloud.google.com/pr
 
 ```
 module "install-mesh" {
-  source = "./attached-install-mesh"
+  source = "github.com/GoogleCloudPlatform/anthos-samples.git//anthos-attached-clusters/modules/attached-install-mesh?ref=3bde26802919539d27ae9295a8b936d7aa827eb3" #TODO: Use ref= release tag e.g. v0.15.4
 
-  kubeconfig = kind_cluster.cluster.kubeconfig_path
-  context    = local.cluster_context
-  fleet_id   = data.google_project.project.project_id
+  kubeconfig = "PATH TO CLUSTER CONTEXT FILE"
+  context    = "CLUSTER CONTEXT"
+  fleet_id   = "FLEET PROJECT ID"
+
+  asmcli_enable_cluster_roles      = true
+  asmcli_enable_cluster_labels     = true
+  asmcli_enable_gcp_components     = true
+  asmcli_enable_namespace_creation = true
 }
 ```
 
@@ -20,7 +25,19 @@ module "install-mesh" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | activate\_service\_account | Set to false to skip running `gcloud auth activate-service-account`. Optional. | `bool` | `true` | no |
+| asmcli\_additional\_arguments | asmcli: additional arguments | `string` | `null` | no |
+| asmcli\_ca | asmcli: certificate authority | `string` | `"mesh_ca"` | no |
 | asmcli\_download\_url | Custom asmcli download url. Optional. | `string` | `null` | no |
+| asmcli\_enable\_all | asmcli: enable all | `bool` | `false` | no |
+| asmcli\_enable\_cluster\_labels | asmcli: enable cluster labels | `bool` | `false` | no |
+| asmcli\_enable\_cluster\_roles | asmcli: enable cluster roles | `bool` | `false` | no |
+| asmcli\_enable\_gcp\_apis | asmcli: enable gcp apis | `bool` | `false` | no |
+| asmcli\_enable\_gcp\_components | asmcli: enable gcp components | `bool` | `false` | no |
+| asmcli\_enable\_gcp\_iam\_roles | asmcli: enable gcp iam roles | `bool` | `false` | no |
+| asmcli\_enable\_meshconfig\_init | asmcli: enable meshconfig init | `bool` | `false` | no |
+| asmcli\_enable\_namespace\_creation | asmcli: enable namespace creation | `bool` | `false` | no |
+| asmcli\_enable\_registration | asmcli: enable registration | `bool` | `false` | no |
+| asmcli\_verbose | asmcli: verbose | `bool` | `false` | no |
 | asmcli\_version | The asmcli version to download. Optional. | `string` | `"1.22"` | no |
 | context | The cluster contex. | `string` | n/a | yes |
 | fleet\_id | The fleet\_id. | `string` | n/a | yes |

anthos-attached-clusters/modules/attached-install-mesh/main.tf

@@ -27,8 +27,23 @@ locals {
   jq_download_url     = var.jq_download_url != null ? var.jq_download_url : "https://github.com/stedolan/jq/releases/download/jq-${var.jq_version}/jq-${local.jq_platform}64"
   asmcli_download_url = var.asmcli_download_url != null ? var.asmcli_download_url : "https://storage.googleapis.com/csm-artifacts/asm/asmcli_${var.asmcli_version}"
 
+  asmcli_options = join("", [
+    " --ca ${var.asmcli_ca}",
+    var.asmcli_enable_all ? " --enable_all" : "",
+    var.asmcli_enable_cluster_roles ? " --enable_cluster_roles" : "",
+    var.asmcli_enable_cluster_labels ? " --enable_cluster_labels" : "",
+    var.asmcli_enable_gcp_components ? " --enable_gcp_components" : "",
+    var.asmcli_enable_gcp_apis ? " --enable_gcp_apis" : "",
+    var.asmcli_enable_gcp_iam_roles ? " --enable_gcp_iam_roles" : "",
+    var.asmcli_enable_meshconfig_init ? " --enable_meshconfig_init" : "",
+    var.asmcli_enable_namespace_creation ? " --enable_namespace_creation" : "",
+    var.asmcli_enable_registration ? " --enable_registration" : "",
+    var.asmcli_verbose ? " --verbose" : "",
+    var.asmcli_additional_arguments != null ? " ${var.asmcli_additional_arguments}" : ""
+  ])
+
   cmd_entrypoint  = "${local.gcloud_bin_path}/asmcli"
-  create_cmd_body = "install --kubeconfig ${var.kubeconfig} --context ${var.context} --fleet_id ${var.fleet_id} --platform multicloud --enable_cluster_labels --enable_namespace_creation --enable_gcp_components --enable_cluster_roles --ca mesh_ca --option attached-cluster"
+  create_cmd_body = "install --kubeconfig ${var.kubeconfig} --context ${var.context} --fleet_id ${var.fleet_id} --platform multicloud --option attached-cluster${local.asmcli_options}"
 
   wait = length(null_resource.additional_components[*].triggers) + length(
     null_resource.gcloud_auth_service_account_key_file[*].triggers,

anthos-attached-clusters/modules/attached-install-mesh/variables.tf

@@ -88,3 +88,80 @@ variable "asmcli_download_url" {
   type        = string
   default     = null
 }
+
+variable "asmcli_enable_all" {
+  description = "asmcli: enable all"
+  type        = bool
+  default     = false
+}
+
+variable "asmcli_enable_cluster_roles" {
+  description = "asmcli: enable cluster roles"
+  type        = bool
+  default     = false
+}
+
+variable "asmcli_enable_cluster_labels" {
+  description = "asmcli: enable cluster labels"
+  type        = bool
+  default     = false
+}
+
+variable "asmcli_enable_gcp_components" {
+  description = "asmcli: enable gcp components"
+  type        = bool
+  default     = false
+}
+
+variable "asmcli_enable_gcp_apis" {
+  description = "asmcli: enable gcp apis"
+  type        = bool
+  default     = false
+}
+
+variable "asmcli_enable_gcp_iam_roles" {
+  description = "asmcli: enable gcp iam roles"
+  type        = bool
+  default     = false
+}
+
+variable "asmcli_enable_meshconfig_init" {
+  description = "asmcli: enable meshconfig init"
+  type        = bool
+  default     = false
+}
+
+variable "asmcli_enable_namespace_creation" {
+  description = "asmcli: enable namespace creation"
+  type        = bool
+  default     = false
+}
+
+variable "asmcli_enable_registration" {
+  description = "asmcli: enable registration "
+  type        = bool
+  default     = false
+}
+
+variable "asmcli_ca" {
+  description = "asmcli: certificate authority"
+  type        = string
+  default     = "mesh_ca"
+
+  validation {
+    condition     = contains(["mesh_ca", "gcp_cas", "citadel"], var.asmcli_ca)
+    error_message = "The asmcli_ca value must be one of: mesh_ca, gcp_cas, citadel."
+  }
+}
+
+variable "asmcli_verbose" {
+  description = "asmcli: verbose"
+  type        = bool
+  default     = false
+}
+
+variable "asmcli_additional_arguments" {
+  description = "asmcli: additional arguments"
+  type        = string
+  default     = null
+}