Add workshop provisioning scripts (#137)

* Add workshop provisioning scripts Signed-off-by: Liam White <[email protected]> * parameterise billing account Signed-off-by: Liam White <[email protected]> * remove ids Signed-off-by: Liam White <[email protected]>
tetrateio · Jan 25, 2020 · 5830ef2 · 5830ef2
1 parent 7e156f2
commit 5830ef2
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 24 deletions.
diff --git a/infra/istio_test.go b/infra/istio_test.go
@@ -17,14 +17,7 @@ import (
 func TestIstioInstall(t *testing.T) {
 
 	// Install
-	runPerCluster(t, func(t *testing.T) {
-		cmd := exec.Command("istioctl", "manifest", "apply", "--set", "profile=demo", "--set", "values.global.mtls.enabled=true", "--set", "values.global.controlPlaneSecurityEnabled=true")
-		cmd.Stdout = os.Stdout
-		cmd.Stderr = os.Stderr
-		if err := cmd.Run(); err != nil {
-			t.Errorf("istio install failed: %v", err)
-		}
-	})
+	runPerCluster(t, install)
 
 	// Verify install and external LB IP
 	runPerCluster(t, func(t *testing.T) {
@@ -33,36 +26,55 @@ func TestIstioInstall(t *testing.T) {
 
 		c2.Stdin, _ = c1.StdoutPipe()
 		c2.Stdout = os.Stdout
+		c2.Stderr = os.Stderr
 		_ = c2.Start()
 		_ = c1.Run()
 		if err := c2.Wait(); err != nil {
 			t.Errorf("unable to verify istio install: %v", err)
 		}
 
 		cmd := exec.Command("kubectl", "get", "service", "-n", "istio-system", "istio-ingressgateway", "-o", "jsonpath={.status.loadBalancer.ingress[0].ip}")
+		cmd.Stderr = os.Stderr
 		output, err := cmd.Output()
 		if err != nil {
 			t.Errorf("external loadbalancer request failed: %v", err)
 		}
 		if net.ParseIP(string(output)) == nil {
 			t.Errorf("external loadbalancer check failed received: %s", output)
 		}
-		t.Logf("valid external LB IP detected: %s", output)
+		fmt.Printf("valid external LB IP detected: %s\n", output)
 	})
 
-	// Teardown
-	runPerCluster(t, func(t *testing.T) {
-		cmd := exec.Command("kubectl", "delete", "namespace", "istio-system", "--ignore-not-found=true")
-		if err := cmd.Run(); err != nil {
-			t.Errorf("istio delete failed: %v", err)
-		}
-	})
+	runPerCluster(t, teardown)
+}
+
+func install(t *testing.T) {
+	cmd := exec.Command("istioctl", "manifest", "apply", "--set", "profile=demo", "--set", "values.global.mtls.enabled=true", "--set", "values.global.controlPlaneSecurityEnabled=true")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	if err := cmd.Run(); err != nil {
+		t.Errorf("istio install failed: %v", err)
+	}
+}
+
+func teardown(t *testing.T) {
+	c1 := exec.Command("istioctl", "manifest", "generate", "--set", "profile=demo", "--set", "values.global.mtls.enabled=true", "--set", "values.global.controlPlaneSecurityEnabled=true")
+	c2 := exec.Command("kubectl", "delete", "--ignore-not-found=true", "--grace-period=0", "--force=true", "--wait=false", "-f", "-")
+
+	c2.Stdin, _ = c1.StdoutPipe()
+	c2.Stdout = os.Stdout
+	c2.Stderr = os.Stderr
+	_ = c2.Start()
+	_ = c1.Run()
+	if err := c2.Wait(); err != nil {
+		t.Errorf("istio delete failed: %v", err)
+	}
 }
 
 func runPerCluster(t *testing.T, f func(t *testing.T)) {
 	zone := "us-central1-a"
 
-	for i := 0; i < 65; i++ {
+	for i := 30; i < 65; i++ {
 		cluster := fmt.Sprintf("nist-2020-%03d", i)
 		credzCmd := exec.Command("gcloud", "container", "clusters", "get-credentials", cluster, "--zone", zone, "--project", cluster)
 		credzCmd.Stdout = os.Stdout

diff --git a/infra/main.tf b/infra/main.tf
@@ -6,8 +6,8 @@ provider "google" {
 }
 
 resource "google_folder" "training" {
-  display_name = "nist-training"
-  parent       = "organizations/775566979306"
+  display_name = var.workshop_name
+  parent       = format("organizations/%s", var.organization_id)
 }
 
 resource "google_project" "training" {
@@ -16,7 +16,7 @@ resource "google_project" "training" {
 
   project_id = format("%s-%03d", var.workshop_name, count.index)
   folder_id  = google_folder.training.name
-  billing_account = "014595-E74614-87FCAC"
+  billing_account = var.billing_account
 }
 
 resource "google_project_service" "container" {

diff --git a/infra/terraform.tfvars b/infra/terraform.tfvars
@@ -3,6 +3,12 @@
 # Download download the terraform GCP service account key (JSON) for the training-infra-owner project.
 credz_file = "/Users/liam/Downloads/training-infra-owner-70f84aa3c556.json"
 
+# Organization ID to place the project folder and projects under
+organization_id = ""
+
+# GCP Billing account to bill for the infra
+billing_account = ""
+
 # The name of the workshop or conference you'll be delivering at.
 # WARNING: This is used in IDs with a count suffix so must be unique across all GCP.
 workshop_name = "nist-2020"
@@ -11,6 +17,6 @@ workshop_name = "nist-2020"
 # WARNING: Once set only increase the number unless you definitely don't need the projects as they are much harder to recover.
 participant_count = 65
 
-# Number of kube clusters to spin up. If unset will spin down to 0.
+# Number of kube clusters to spin up. Comment out to spin down to 0, otherwise set to same value as participant_count.
 # Use this to keep other infra but spin down Kube clusters to save on $$$ when they aren't needed.
-cluster_count = 2
+cluster_count = 65
diff --git a/infra/variables.tf b/infra/variables.tf
@@ -1,7 +1,17 @@
 # Workshop
 variable "credz_file" {
-    type = string
-    description = "The fully qualified location of the terraform JSON GCP service account key for the training-infra-owner project."
+  type = string
+  description = "The fully qualified location of the terraform JSON GCP service account key for the training-infra-owner project."
+}
+
+variable "organization_id" {
+  type = string
+  description = "The GCP organization to deploy the infra into"
+}
+
+variable "billing_account" {
+  type = string
+  description = "The GCP billing account"
 }
 
 variable "region" {