From dc5fa01b02959a5241e5b8cd68892a070f99a9e6 Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Thu, 16 Mar 2023 07:03:40 +0200 Subject: [PATCH] gcp: Switch placeholder integration test from Internal to Public LB --- ...s_s3_object_cluster-completed.spec_content | 2 +- .../minimal_gce_plb/in-v1alpha2.yaml | 2 +- .../minimal_gce_plb/kubernetes.tf | 61 +++++++++++++------ 3 files changed, 43 insertions(+), 22 deletions(-) diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_cluster-completed.spec_content index 1f9a7899ce..feb238fa0d 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_cluster-completed.spec_content @@ -8,7 +8,7 @@ spec: loadBalancer: subnets: - name: us-test-1 - type: Internal + type: Public useForInternalApi: true authorization: rbac: {} diff --git a/tests/integration/update_cluster/minimal_gce_plb/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_plb/in-v1alpha2.yaml index 986cc81fe5..b56f783365 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_plb/in-v1alpha2.yaml @@ -6,7 +6,7 @@ metadata: spec: api: loadBalancer: - type: Internal + type: Public useForInternalApi: true subnets: - name: us-test-1 diff --git a/tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf index bfdac90420..0f24e76fa5 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf @@ -178,14 +178,8 @@ resource "aws_s3_object" "nodeupconfig-nodes" { server_side_encryption = "AES256" } -resource "google_compute_backend_service" "api-minimal-gce-plb-example-com" { - backend { - group = google_compute_instance_group_manager.a-master-us-test1-a-minimal-gce-plb-example-com.instance_group - } - health_checks = [google_compute_health_check.api-minimal-gce-plb-example-com.id] - load_balancing_scheme = "INTERNAL_SELF_MANAGED" - name = "api-minimal-gce-plb-example-com" - protocol = "TCP" +resource "google_compute_address" "api-minimal-gce-plb-example-com" { + name = "api-minimal-gce-plb-example-com" } resource "google_compute_disk" "a-etcd-events-minimal-gce-plb-example-com" { @@ -212,6 +206,30 @@ resource "google_compute_disk" "a-etcd-main-minimal-gce-plb-example-com" { zone = "us-test1-a" } +resource "google_compute_firewall" "https-api-ipv6-minimal-gce-plb-example-com" { + allow { + ports = ["443"] + protocol = "tcp" + } + disabled = false + name = "https-api-ipv6-minimal-gce-plb-example-com" + network = google_compute_network.minimal-gce-plb-example-com.name + source_ranges = ["::/0"] + target_tags = ["minimal-gce-plb-example-com-k8s-io-role-control-plane"] +} + +resource "google_compute_firewall" "https-api-minimal-gce-plb-example-com" { + allow { + ports = ["443"] + protocol = "tcp" + } + disabled = false + name = "https-api-minimal-gce-plb-example-com" + network = google_compute_network.minimal-gce-plb-example-com.name + source_ranges = ["0.0.0.0/0"] + target_tags = ["minimal-gce-plb-example-com-k8s-io-role-control-plane"] +} + resource "google_compute_firewall" "master-to-master-minimal-gce-plb-example-com" { allow { protocol = "tcp" @@ -390,26 +408,23 @@ resource "google_compute_firewall" "ssh-external-to-node-minimal-gce-plb-example target_tags = ["minimal-gce-plb-example-com-k8s-io-role-node"] } -resource "google_compute_forwarding_rule" "us-test-1-minimal-gce-plb-example-com" { - backend_service = google_compute_backend_service.api-minimal-gce-plb-example-com.id - ip_protocol = "TCP" - load_balancing_scheme = "INTERNAL" - name = "us-test-1-minimal-gce-plb-example-com" - network = google_compute_network.minimal-gce-plb-example-com.name - ports = ["443"] - subnetwork = "us-test-1" +resource "google_compute_forwarding_rule" "api-minimal-gce-plb-example-com" { + ip_address = google_compute_address.api-minimal-gce-plb-example-com.address + ip_protocol = "TCP" + name = "api-minimal-gce-plb-example-com" + port_range = "443-443" + target = google_compute_target_pool.api-minimal-gce-plb-example-com.self_link } -resource "google_compute_health_check" "api-minimal-gce-plb-example-com" { +resource "google_compute_http_health_check" "api-minimal-gce-plb-example-com" { name = "api-minimal-gce-plb-example-com" - tcp_health_check { - port = 443 - } + port = 3990 } resource "google_compute_instance_group_manager" "a-master-us-test1-a-minimal-gce-plb-example-com" { base_instance_name = "master-us-test1-a" name = "a-master-us-test1-a-minimal-gce-plb-example-com" + target_pools = [google_compute_target_pool.api-minimal-gce-plb-example-com.self_link] target_size = 1 version { instance_template = google_compute_instance_template.master-us-test1-a-minimal-gce-plb-example-com.self_link @@ -548,6 +563,12 @@ resource "google_compute_subnetwork" "us-test1-minimal-gce-plb-example-com" { region = "us-test1" } +resource "google_compute_target_pool" "api-minimal-gce-plb-example-com" { + description = "" + name = "api-minimal-gce-plb-example-com" + session_affinity = "" +} + resource "google_project_iam_binding" "serviceaccount-control-plane" { members = ["serviceAccount:control-plane-minimal-g-1ohncl@testproject.iam.gserviceaccount.com"] project = "testproject"