From 5830ef285883cae1748860e8e5dfb8d3e1b4ea65 Mon Sep 17 00:00:00 2001 From: Liam White Date: Sat, 25 Jan 2020 09:36:58 -0500 Subject: [PATCH] Add workshop provisioning scripts (#137) * Add workshop provisioning scripts Signed-off-by: Liam White * parameterise billing account Signed-off-by: Liam White * remove ids Signed-off-by: Liam White --- infra/istio_test.go | 46 ++++++++++++++++++++++++++---------------- infra/main.tf | 6 +++--- infra/terraform.tfvars | 10 +++++++-- infra/variables.tf | 14 +++++++++++-- 4 files changed, 52 insertions(+), 24 deletions(-) diff --git a/infra/istio_test.go b/infra/istio_test.go index 6f71b0e..dec11ac 100644 --- a/infra/istio_test.go +++ b/infra/istio_test.go @@ -17,14 +17,7 @@ import ( func TestIstioInstall(t *testing.T) { // Install - runPerCluster(t, func(t *testing.T) { - cmd := exec.Command("istioctl", "manifest", "apply", "--set", "profile=demo", "--set", "values.global.mtls.enabled=true", "--set", "values.global.controlPlaneSecurityEnabled=true") - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - if err := cmd.Run(); err != nil { - t.Errorf("istio install failed: %v", err) - } - }) + runPerCluster(t, install) // Verify install and external LB IP runPerCluster(t, func(t *testing.T) { @@ -33,6 +26,7 @@ func TestIstioInstall(t *testing.T) { c2.Stdin, _ = c1.StdoutPipe() c2.Stdout = os.Stdout + c2.Stderr = os.Stderr _ = c2.Start() _ = c1.Run() if err := c2.Wait(); err != nil { @@ -40,6 +34,7 @@ func TestIstioInstall(t *testing.T) { } cmd := exec.Command("kubectl", "get", "service", "-n", "istio-system", "istio-ingressgateway", "-o", "jsonpath={.status.loadBalancer.ingress[0].ip}") + cmd.Stderr = os.Stderr output, err := cmd.Output() if err != nil { t.Errorf("external loadbalancer request failed: %v", err) @@ -47,22 +42,39 @@ func TestIstioInstall(t *testing.T) { if net.ParseIP(string(output)) == nil { t.Errorf("external loadbalancer check failed received: %s", output) } - t.Logf("valid external LB IP detected: %s", output) + fmt.Printf("valid external LB IP detected: %s\n", output) }) - // Teardown - runPerCluster(t, func(t *testing.T) { - cmd := exec.Command("kubectl", "delete", "namespace", "istio-system", "--ignore-not-found=true") - if err := cmd.Run(); err != nil { - t.Errorf("istio delete failed: %v", err) - } - }) + runPerCluster(t, teardown) +} + +func install(t *testing.T) { + cmd := exec.Command("istioctl", "manifest", "apply", "--set", "profile=demo", "--set", "values.global.mtls.enabled=true", "--set", "values.global.controlPlaneSecurityEnabled=true") + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + if err := cmd.Run(); err != nil { + t.Errorf("istio install failed: %v", err) + } +} + +func teardown(t *testing.T) { + c1 := exec.Command("istioctl", "manifest", "generate", "--set", "profile=demo", "--set", "values.global.mtls.enabled=true", "--set", "values.global.controlPlaneSecurityEnabled=true") + c2 := exec.Command("kubectl", "delete", "--ignore-not-found=true", "--grace-period=0", "--force=true", "--wait=false", "-f", "-") + + c2.Stdin, _ = c1.StdoutPipe() + c2.Stdout = os.Stdout + c2.Stderr = os.Stderr + _ = c2.Start() + _ = c1.Run() + if err := c2.Wait(); err != nil { + t.Errorf("istio delete failed: %v", err) + } } func runPerCluster(t *testing.T, f func(t *testing.T)) { zone := "us-central1-a" - for i := 0; i < 65; i++ { + for i := 30; i < 65; i++ { cluster := fmt.Sprintf("nist-2020-%03d", i) credzCmd := exec.Command("gcloud", "container", "clusters", "get-credentials", cluster, "--zone", zone, "--project", cluster) credzCmd.Stdout = os.Stdout diff --git a/infra/main.tf b/infra/main.tf index e128e10..f5c4336 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -6,8 +6,8 @@ provider "google" { } resource "google_folder" "training" { - display_name = "nist-training" - parent = "organizations/775566979306" + display_name = var.workshop_name + parent = format("organizations/%s", var.organization_id) } resource "google_project" "training" { @@ -16,7 +16,7 @@ resource "google_project" "training" { project_id = format("%s-%03d", var.workshop_name, count.index) folder_id = google_folder.training.name - billing_account = "014595-E74614-87FCAC" + billing_account = var.billing_account } resource "google_project_service" "container" { diff --git a/infra/terraform.tfvars b/infra/terraform.tfvars index 42d8eee..9760ac1 100644 --- a/infra/terraform.tfvars +++ b/infra/terraform.tfvars @@ -3,6 +3,12 @@ # Download download the terraform GCP service account key (JSON) for the training-infra-owner project. credz_file = "/Users/liam/Downloads/training-infra-owner-70f84aa3c556.json" +# Organization ID to place the project folder and projects under +organization_id = "" + +# GCP Billing account to bill for the infra +billing_account = "" + # The name of the workshop or conference you'll be delivering at. # WARNING: This is used in IDs with a count suffix so must be unique across all GCP. workshop_name = "nist-2020" @@ -11,6 +17,6 @@ workshop_name = "nist-2020" # WARNING: Once set only increase the number unless you definitely don't need the projects as they are much harder to recover. participant_count = 65 -# Number of kube clusters to spin up. If unset will spin down to 0. +# Number of kube clusters to spin up. Comment out to spin down to 0, otherwise set to same value as participant_count. # Use this to keep other infra but spin down Kube clusters to save on $$$ when they aren't needed. -cluster_count = 2 +cluster_count = 65 diff --git a/infra/variables.tf b/infra/variables.tf index bf7cb07..8a6752b 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -1,7 +1,17 @@ # Workshop variable "credz_file" { - type = string - description = "The fully qualified location of the terraform JSON GCP service account key for the training-infra-owner project." + type = string + description = "The fully qualified location of the terraform JSON GCP service account key for the training-infra-owner project." +} + +variable "organization_id" { + type = string + description = "The GCP organization to deploy the infra into" +} + +variable "billing_account" { + type = string + description = "The GCP billing account" } variable "region" {