fix: add local-config annotations to kptfiles and functionConfigs #176
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kaariger
approved these changes
May 12, 2022
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bharathkkb, kaariger The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
New changes are detected. LGTM label has been removed. |
Merged
Rasadus03
pushed a commit
to Rasadus03/raniamoh-blueprint
that referenced
this pull request
Jun 16, 2022
kpt:{"package":"gke-clone","task":{"type":"patch","patch":{"patches":[{"file":"nodepools/setters.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: v1\nkind: ConfigMap\nmetadata: # kpt-merge: /setters\n name: setters\n annotations:\n config.kubernetes.io/local-config: \"true\"\ndata:\n # The name of the cluster to attach this node pool to\n cluster-name: example-us-east4\n # The compute location (region for a regional cluster or zone for a zonal cluster)\n location: us-east4\n # The maximum nodes per zone for this pool\n max-node-count: \"2\"\n # The name of this node pool\n nodepool-name: primary\n","patchType":"CreateFile"},{"file":"nodepools/nodepool.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: container.cnrm.cloud.google.com/v1beta1\nkind: ContainerNodePool\nmetadata: # kpt-merge: config-control/example-us-east4-primary\n name: porche-kcc-demo1-primary # kpt-set: ${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn-live\n cnrm.cloud.google.com/project-id: raniamoh-playground # kpt-set: ${project-id}\nspec:\n autoscaling:\n # maxNodeCount is per-zone, for regional clusters\n maxNodeCount: 2 # kpt-set: ${max-node-count}\n # minNodeCount is per-zone, for regional clusters\n minNodeCount: 1\n clusterRef:\n name: porche-kcc-demo1 # kpt-set: ${cluster-name}\n # At least one node is required for cluster system components.\n # initialNodeCount is per-zone, for regional clusters\n initialNodeCount: 1\n location: us-east4 # kpt-set: ${location}\n # Enable auto repairs and upgrades by default.\n # Disable if you have workloads that cannot tollerate disruption.\n management:\n autoRepair: true\n autoUpgrade: true\n # Default reduced to better fit on e2-standard-16 machines.\n # 4 pods per vCPU, 8 pods per physical core, ~1 pod per GB of memory. \n maxPodsPerNode: 64\n nodeConfig:\n labels:\n gke.io/nodepool: primary # kpt-set: ${nodepool-name}\n # diskSizeGb should include enough space for system components and the\n # container image cache, in addition to space used by user workloads.\n diskSizeGb: 100\n # Default to SSD for higher IOPS / $ vs standard disks.\n diskType: pd-ssd\n # Default to e2, the most modern \u0026 efficient machine type family.\n machineType: e2-standard-16\n # Set the scope to cloud platform and use IAM to manage permissions\n oauthScopes:\n - https://www.googleapis.com/auth/cloud-platform\n serviceAccountRef:\n name: gke-porche-kcc-demo1-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n","patchType":"CreateFile"},{"file":"setters.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: v1\nkind: ConfigMap\nmetadata: # kpt-merge: /setters\n name: setters\ndata:\n project-id: raniamoh-playground\n # The name of this cluster\n cluster-name: porche-kcc-demo1\n # The compute location (region for a regional cluster or zone for a zonal cluster)\n location: us-east4\n # The private IP range for masters to use when peering to the VPC\n #master-ip-range: 10.254.0.0/28\n # The reference to the network\n network-ref: projects/raniamoh-playground/global/networks/network1\n # The reference to the subnet\n subnet-ref: projects/raniamoh-playground/regions/region/subnetworks/network1\n # The private IP range name for pods to use, this range must already exist\n #pods-range-name: pods\n # The private IP range name for services to use, this range must already exist\n #services-range-name: services\n # The group in which to manage the list of groups that can be used for RBAC.\n # Must be named exactly 'gke-security-groups'.\n security-group: gke-security-groups@example.com\n","patchType":"CreateFile"},{"file":"README.md","contents":"--- README.md@old\n+++ README.md@new\n@@ -1,21 +1,77 @@\n-# gke-clone\n+\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n+# GKE blueprint\n \n-## Description\n-sample description\n \n+\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n+\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\n+A GKE cluster with a primary node pool. An existing subnet needs to be provided where the cluster should be created.\n+\n+## Setters\n+\n+| Name | Value | Type | Count |\n+|---------------------|----------------------------------------------------------------|------|-------|\n+| cluster-name | example-us-west4 | str | 13 |\n+| location | us-east4 | str | 2 |\n+| master-ip-range | 10.254.0.0/28 | str | 1 |\n+| max-node-count | 2 | int | 1 |\n+| network-ref | projects/network-project-id/global/networks/default | str | 1 |\n+| nodepool-name | primary | str | 11 |\n+| pods-range-name | pods | str | 1 |\n+| project-id | project-id | str | 9 |\n+| security-group | gke-security-groups@example.com | str | 1 |\n+| services-range-name | services | str | 1 |\n+| subnet-ref | projects/network-project-id/regions/region/subnetworks/default | str | 1 |\n+\n+## Sub-packages\n+\n+- [gke-cluster](cluster)\n+- [gke-nodepool](nodepools/primary)\n+\n+## Resources\n+\n+This package has no top-level resources. See sub-packages.\n+\n+## Resource References\n+\n+This package has no top-level resources. See sub-packages.\n+\n ## Usage\n \n-### Fetch the package\n-`kpt pkg get REPO_URI[.git]/PKG_PATH[@Version] gke-clone`\n-Details: https://kpt.dev/reference/cli/pkg/get/\n+1. Clone the package:\n+ ```shell\n+ kpt pkg get https://github.com/GoogleCloudPlatform/blueprints.git/catalog/gke@${VERSION}\n+ ```\n+ Replace `${VERSION}` with the desired repo branch or tag\n+ (for example, `main`).\n \n-### View package content\n-`kpt pkg tree gke-clone`\n-Details: https://kpt.dev/reference/cli/pkg/tree/\n+1. Move into the local package:\n+ ```shell\n+ cd \"./gke/\"\n+ ```\n \n-### Apply the package\n-```\n-kpt live init gke-clone\n-kpt live apply gke-clone --reconcile-timeout=2m --output=table\n-```\n-Details: https://kpt.dev/reference/cli/live/\n+1. Edit the function config file(s):\n+ - setters.yaml\n+\n+1. Execute the function pipeline\n+ ```shell\n+ kpt fn render\n+ ```\n+\n+1. Initialize the resource inventory\n+ ```shell\n+ kpt live init --namespace ${NAMESPACE}\"\n+ ```\n+ Replace `${NAMESPACE}` with the namespace in which to manage\n+ the inventory ResourceGroup (for example, `config-control`).\n+\n+1. Apply the package resources to your cluster\n+ ```shell\n+ kpt live apply\n+ ```\n+\n+1. Wait for the resources to be ready\n+ ```shell\n+ kpt live status --output table --poll-until current\n+ ```\n+\n+\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\n","patchType":"PatchFile"},{"file":"nodepools/README.md","contents":"\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n# GKE Node Pool blueprint\n\n\n\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\nA GKE node pool with a dedicated service account\n\n## Setters\n\n| Name | Value | Type | Count |\n|----------------|------------------|------|-------|\n| cluster-name | example-us-east4 | str | 11 |\n| location | us-east4 | str | 1 |\n| max-node-count | 2 | int | 1 |\n| nodepool-name | primary | str | 11 |\n| project-id | project-id | str | 5 |\n\n## Sub-packages\n\nThis package has no sub-packages.\n\n## Resources\n\n| File | APIVersion | Kind | Name | Namespace |\n|---------------|-----------------------------------------|-------------------|---------------------------------------------|----------------|\n| node-iam.yaml | iam.cnrm.cloud.google.com/v1beta1 | IAMServiceAccount | gke-example-us-east4-primary | config-control |\n| node-iam.yaml | iam.cnrm.cloud.google.com/v1beta1 | IAMPolicyMember | logwriter-gke-example-us-east4-primary | config-control |\n| node-iam.yaml | iam.cnrm.cloud.google.com/v1beta1 | IAMPolicyMember | metricwriter-gke-example-us-east4-primary | config-control |\n| node-iam.yaml | iam.cnrm.cloud.google.com/v1beta1 | IAMPolicyMember | artifactreader-gke-example-us-east4-primary | config-control |\n| nodepool.yaml | container.cnrm.cloud.google.com/v1beta1 | ContainerNodePool | example-us-east4-primary | config-control |\n\n## Resource References\n\n- [ContainerNodePool](https://cloud.google.com/config-connector/docs/reference/resource-docs/container/containernodepool)\n- [IAMPolicyMember](https://cloud.google.com/config-connector/docs/reference/resource-docs/iam/iampolicymember)\n- [IAMServiceAccount](https://cloud.google.com/config-connector/docs/reference/resource-docs/iam/iamserviceaccount)\n\n## Usage\n\n1. Clone the package:\n ```shell\n kpt pkg get https://github.com/GoogleCloudPlatform/blueprints.git/catalog/gke/nodepools/primary@${VERSION}\n ```\n Replace `${VERSION}` with the desired repo branch or tag\n (for example, `main`).\n\n1. Move into the local package:\n ```shell\n cd \"./primary/\"\n ```\n\n1. Edit the function config file(s):\n - setters.yaml\n\n1. Execute the function pipeline\n ```shell\n kpt fn render\n ```\n\n1. Initialize the resource inventory\n ```shell\n kpt live init --namespace ${NAMESPACE}\"\n ```\n Replace `${NAMESPACE}` with the namespace in which to manage\n the inventory ResourceGroup (for example, `config-control`).\n\n1. Apply the package resources to your cluster\n ```shell\n kpt live apply\n ```\n\n1. Wait for the resources to be ready\n ```shell\n kpt live status --output table --poll-until current\n ```\n\n\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\n","patchType":"CreateFile"},{"file":"cluster/README.md","contents":"\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n# GKE Cluster blueprint\n\n\n\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\nA GKE cluster with public masters and private nodes\n\n## Setters\n\n| Name | Value | Type | Count |\n|---------------------|----------------------------------------------------------------|------|-------|\n| cluster-name | example-us-west4 | str | 2 |\n| location | us-east4 | str | 1 |\n| master-ip-range | 10.254.0.0/28 | str | 1 |\n| network-ref | projects/network-project-id/global/networks/default | str | 1 |\n| pods-range-name | pods | str | 1 |\n| project-id | project-id | str | 4 |\n| security-group | gke-security-groups@example.com | str | 1 |\n| services-range-name | services | str | 1 |\n| subnet-ref | projects/network-project-id/regions/region/subnetworks/default | str | 1 |\n\n## Sub-packages\n\nThis package has no sub-packages.\n\n## Resources\n\n| File | APIVersion | Kind | Name | Namespace |\n|--------------------|--------------------------------------------|------------------|-----------------------------------|----------------|\n| cluster.yaml | container.cnrm.cloud.google.com/v1beta1 | ContainerCluster | example-us-east4 | config-control |\n| container-api.yaml | serviceusage.cnrm.cloud.google.com/v1beta1 | Service | project-id-cluster-name-container | config-control |\n\n## Resource References\n\n- [ContainerCluster](https://cloud.google.com/config-connector/docs/reference/resource-docs/container/containercluster)\n- [Service](https://cloud.google.com/config-connector/docs/reference/resource-docs/serviceusage/service)\n\n## Usage\n\n1. Clone the package:\n ```shell\n kpt pkg get https://github.com/GoogleCloudPlatform/blueprints.git/catalog/gke/cluster@${VERSION}\n ```\n Replace `${VERSION}` with the desired repo branch or tag\n (for example, `main`).\n\n1. Move into the local package:\n ```shell\n cd \"./cluster/\"\n ```\n\n1. Edit the function config file(s):\n - setters.yaml\n\n1. Execute the function pipeline\n ```shell\n kpt fn render\n ```\n\n1. Initialize the resource inventory\n ```shell\n kpt live init --namespace ${NAMESPACE}\"\n ```\n Replace `${NAMESPACE}` with the namespace in which to manage\n the inventory ResourceGroup (for example, `config-control`).\n\n1. Apply the package resources to your cluster\n ```shell\n kpt live apply\n ```\n\n1. Wait for the resources to be ready\n ```shell\n kpt live status --output table --poll-until current\n ```\n\n\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\n","patchType":"CreateFile"},{"file":"cluster/cluster.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: container.cnrm.cloud.google.com/v1beta1\nkind: ContainerCluster\nmetadata: # kpt-merge: config-control/example-us-east4\n name: porche-kcc-demo1 # kpt-set: ${cluster-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-cluster/v0.4.1,kpt-pkg-fn-live\n cnrm.cloud.google.com/project-id: raniamoh-playground # kpt-set: ${project-id}\n # Remove the default node pool after bootstrapping.\n # Explcit node pool configuration allows for more isolation and makes it\n # easier to replace node pools to change immutable fields.\n cnrm.cloud.google.com/remove-default-node-pool: \"true\"\nspec:\n addonsConfig:\n # Enable NodeLocal DNSCache by default, for increased performance and scaling.\n # https://cloud.google.com/kubernetes-engine/docs/how-to/nodelocal-dns-cache\n dnsCacheConfig:\n enabled: true\n # Enable Compute Engine persistent disk CSI Driver by default, for access to\n # volume snapshots and encryption with customer-managed encryption keys.\n # https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/gce-pd-csi-driver\n gcePersistentDiskCsiDriverConfig:\n enabled: true\n # Enable Groups for GKE, to allow role binding to Google Groups.\n authenticatorGroupsConfig:\n securityGroup: gke-security-groups@example.com # kpt-set: ${security-group}\n # Enable Binary Authorization by default, to allow configuration of constraint\n # policies and container image attestation.\n # https://cloud.google.com/binary-authorization/docs/overview\n enableBinaryAuthorization: true\n # Enable Shielded GKE Nodes by default, to protect bootstrap credentials.\n # https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes\n enableShieldedNodes: true\n # Must be at least 1 when using remove-default-node-pool.\n initialNodeCount: 1\n # Use VPC-native networking by default, with named secondary IP ranges.\n\n # ipAllocationPolicy:\n # clusterSecondaryRangeName: pods # kpt-set: ${pods-range-name}\n # servicesSecondaryRangeName: services # kpt-set: ${services-range-name}\n location: us-east4 # kpt-set: ${location}\n # Allow internet access to the GKE control plane by default.\n # This default is a deliberate compromise for ease of use over security.\n # For increased security, reduce the CIDR blocks to cover only known clients.\n masterAuthorizedNetworksConfig:\n cidrBlocks:\n - cidrBlock: 0.0.0.0/0\n displayName: Whole Internet\n networkRef:\n external: projects/raniamoh-playground/global/networks/network1 # kpt-set: ${network-ref}\n privateClusterConfig:\n # Allow public access to the GKE control plane by default.\n # This default is a deliberate compromise for ease of use over security.\n # For increased security, set to true to disable public IP access.\n enablePrivateEndpoint: false\n # Default to private nodes (no public IP).\n enablePrivateNodes: true\n # Enable global access to the GKE control plane's internal loab balancer.\n # https://cloud.google.com/load-balancing/docs/internal/setting-up-internal#ilb-global-access\n masterGlobalAccessConfig:\n enabled: true\n #masterIpv4CidrBlock: 10.254.0.0/28 # kpt-set: ${master-ip-range}\n # Enable dataplane V2\n # https://cloud.google.com/kubernetes-engine/docs/concepts/dataplane-v2\n datapathProvider: ADVANCED_DATAPATH\n # Enable logging\n loggingConfig:\n enableComponents:\n - \"SYSTEM_COMPONENTS\"\n - \"WORKLOADS\"\n # Enable monitoring\n monitoringConfig:\n enableComponents:\n - \"SYSTEM_COMPONENTS\"\n # Default to the REGULAR channel.\n # Use RAPID for faster access to features and fixes.\n # Use STABLE for less disruption.\n # Use UNSPECIFIED to unenroll from automatic updates.\n releaseChannel:\n channel: REGULAR\n # Use a dedicated subnet by default, to increase isolation and allow for\n # cluster-specific firewalls.\n subnetworkRef:\n external: projects/raniamoh-playground/regions/region/subnetworks/network1 # kpt-set: ${subnet-ref}\n # Enable Vertical Pod Autoscaling by default.\n # https://cloud.google.com/kubernetes-engine/docs/concepts/verticalpodautoscaler\n verticalPodAutoscaling:\n enabled: true\n # Enable workload identity by default.\n workloadIdentityConfig:\n identityNamespace: raniamoh-playground.svc.id.goog # kpt-set: ${project-id}.svc.id.goog\n","patchType":"CreateFile"},{"file":"cluster/setters.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: v1\nkind: ConfigMap\nmetadata: # kpt-merge: /setters\n name: setters\n annotations:\n config.kubernetes.io/local-config: \"true\"\ndata:\n # The name of this cluster\n cluster-name: example-us-west4\n # The compute location (region for a regional cluster or zone for a zonal cluster)\n location: us-east4\n # The private IP range for masters to use when peering to the VPC\n master-ip-range: 10.254.0.0/28\n # The name of the VPC in which to create this cluster\n network-ref: projects/network-project-id/global/networks/default\n # The reference to the subnet\n subnet-ref: projects/network-project-id/regions/region/subnetworks/default\n # The group in which to manage the list of groups that can be used for RBAC.\n # Must be named exactly 'gke-security-groups'.\n security-group: gke-security-groups@example.com\n","patchType":"CreateFile"},{"file":"Kptfile","contents":"--- Kptfile@old\n+++ Kptfile@new\n@@ -1,8 +1,30 @@\n apiVersion: kpt.dev/v1\n kind: Kptfile\n metadata:\n- name: gke-clone\n+ name: gke\n annotations:\n+ blueprints.cloud.google.com/title: GKE blueprint\n config.kubernetes.io/local-config: \"true\"\n+upstream:\n+ type: git\n+ git:\n+ repo: https://github.com/rasadus03/raniamoh-blueprint.git\n+ directory: gke-clone\n+ ref: main\n+upstreamLock:\n+ type: git\n+ git:\n+ repo: https://github.com/rasadus03/raniamoh-blueprint.git\n+ directory: gke-clone/v1\n+ ref: v1\n info:\n- description: sample description\n+ description: |\n+ A GKE cluster with a primary node pool. An existing subnet needs to be provided where the cluster should be created.\n+pipeline:\n+ mutators:\n+ - image: gcr.io/kpt-fn/apply-setters:v0.1\n+ configPath: setters.yaml\n+inventory:\n+ namespace: default\n+ name: inventory-22125298\n+ inventoryID: 7ad21ddfd1a556521bf08a70bec79db8fcaa7589-1655377970808954000\n","patchType":"PatchFile"},{"file":"cluster/Kptfile","contents":"apiVersion: kpt.dev/v1\nkind: Kptfile\nmetadata:\n name: gke-cluster\n annotations:\n blueprints.cloud.google.com/title: GKE Cluster blueprint\n config.kubernetes.io/local-config: \"true\"\ninfo:\n description: A GKE cluster with public masters and private nodes\npipeline:\n mutators:\n - image: gcr.io/kpt-fn/apply-setters:v0.1\n configPath: setters.yaml\n","patchType":"CreateFile"},{"file":"cluster/container-api.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n# Enable the Container service in the platform project\napiVersion: serviceusage.cnrm.cloud.google.com/v1beta1\nkind: Service\nmetadata: # kpt-merge: config-control/project-id-cluster-name-container\n # Use a unique name to avoid overlap with other cluster package instances.\n name: raniamoh-playground-porche-kcc-demo1-container # kpt-set: ${project-id}-${cluster-name}-container\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-cluster/v0.4.1,kpt-pkg-fn-live\n cnrm.cloud.google.com/deletion-policy: abandon\n cnrm.cloud.google.com/project-id: raniamoh-playground # kpt-set: ${project-id}\nspec:\n resourceID: container.googleapis.com\n","patchType":"CreateFile"},{"file":"nodepools/node-iam.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n# Service Account for GKE nodes\napiVersion: iam.cnrm.cloud.google.com/v1beta1\nkind: IAMServiceAccount\nmetadata: # kpt-merge: config-control/gke-example-us-east4-primary\n name: gke-porche-kcc-demo1-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn-live\n cnrm.cloud.google.com/project-id: raniamoh-playground # kpt-set: ${project-id}\nspec:\n displayName: gke-porche-kcc-demo1-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n---\n# Allow fluentd to send logs to StackDriver\napiVersion: iam.cnrm.cloud.google.com/v1beta1\nkind: IAMPolicyMember\nmetadata: # kpt-merge: config-control/logwriter-gke-example-us-east4-primary\n name: logwriter-gke-porche-kcc-demo1-primary # kpt-set: logwriter-gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn-live\nspec:\n memberFrom:\n serviceAccountRef:\n name: gke-porche-kcc-demo1-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n resourceRef:\n apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1\n kind: Project\n external: raniamoh-playground # kpt-set: ${project-id}\n role: roles/logging.logWriter\n---\n# Allow fluentd to send metrics to StackDriver\napiVersion: iam.cnrm.cloud.google.com/v1beta1\nkind: IAMPolicyMember\nmetadata: # kpt-merge: config-control/metricwriter-gke-example-us-east4-primary\n name: metricwriter-gke-porche-kcc-demo1-primary # kpt-set: metricwriter-gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn-live\nspec:\n memberFrom:\n serviceAccountRef:\n name: gke-porche-kcc-demo1-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n resourceRef:\n apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1\n kind: Project\n external: raniamoh-playground # kpt-set: ${project-id}\n role: roles/monitoring.metricWriter\n---\n# Allow kubelet/docker/containerd to read all artifacts/images in the project-id project\napiVersion: iam.cnrm.cloud.google.com/v1beta1\nkind: IAMPolicyMember\nmetadata: # kpt-merge: config-control/artifactreader-gke-example-us-east4-primary\n name: artifactreader-gke-porche-kcc-demo1-primary # kpt-set: artifactreader-gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn-live\nspec:\n memberFrom:\n serviceAccountRef:\n name: gke-porche-kcc-demo1-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n resourceRef:\n apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1\n kind: Project\n external: raniamoh-playground # kpt-set: ${project-id}\n role: roles/artifactregistry.reader\n","patchType":"CreateFile"},{"file":"CHANGELOG.md","contents":"# Changelog\n\n### [0.4.1](GoogleCloudPlatform/blueprints@gke-blueprint-v0.4.0...gke-blueprint-v0.4.1) (2022-05-24)\n\n\n### Bug Fixes\n\n* add local-config annotations to kptfiles and functionConfigs ([#176](GoogleCloudPlatform/blueprints#176)) ([0d005f0](https://github.com/GoogleCloudPlatform/blueprints/commit/0d005f0174d95d3aca1691e67deffa573c3e7db7))\n* reduce setters ([#158](GoogleCloudPlatform/blueprints#158)) ([b020765](https://github.com/GoogleCloudPlatform/blueprints/commit/b020765de49640700347d74295616ea9fc4dd812))\n\n## [0.4.0](https://www.github.com/GoogleCloudPlatform/blueprints/compare/gke-blueprint-v0.3.0...gke-blueprint-v0.4.0) (2021-12-22)\n\n\n### Features\n\n* Change cluster and node pool defaults ([#89](https://www.github.com/GoogleCloudPlatform/blueprints/issues/89)) ([32918a5](https://www.github.com/GoogleCloudPlatform/blueprints/commit/32918a5534454159fa90c8a74fcdf9defde9ebf8))\n","patchType":"CreateFile"},{"file":"nodepools/Kptfile","contents":"apiVersion: kpt.dev/v1\nkind: Kptfile\nmetadata:\n name: gke-nodepool\n annotations:\n blueprints.cloud.google.com/title: GKE Node Pool blueprint\n config.kubernetes.io/local-config: \"true\"\ninfo:\n description: A GKE node pool with a dedicated service account\npipeline:\n mutators:\n - image: gcr.io/kpt-fn/apply-setters:v0.1\n configPath: setters.yaml\n","patchType":"CreateFile"},{"file":"package-context.yaml","contents":"--- package-context.yaml@old\n+++ package-context.yaml@new\n@@ -5,4 +5,4 @@\n annotations:\n config.kubernetes.io/local-config: \"true\"\n data:\n- name: example\n+ name: gke-clone\n","patchType":"PatchFile"}]}}}
Rasadus03
pushed a commit
to Rasadus03/raniamoh-blueprint
that referenced
this pull request
Jun 17, 2022
kpt:{"package":"gke-clone","task":{"type":"patch","patch":{"patches":[{"file":"nodepools/primary/nodepool.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: container.cnrm.cloud.google.com/v1beta1\nkind: ContainerNodePool\nmetadata: # kpt-merge: config-control/example-us-east4-primary\n name: porche-demo-east-primary # kpt-set: ${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn\n cnrm.cloud.google.com/project-id: raniamoh-playground # kpt-set: ${project-id}\nspec:\n autoscaling:\n # maxNodeCount is per-zone, for regional clusters\n maxNodeCount: 2 # kpt-set: ${max-node-count}\n # minNodeCount is per-zone, for regional clusters\n minNodeCount: 1\n clusterRef:\n name: porche-demo-east # kpt-set: ${cluster-name}\n # At least one node is required for cluster system components.\n # initialNodeCount is per-zone, for regional clusters\n initialNodeCount: 1\n location: us-east4 # kpt-set: ${location}\n # Enable auto repairs and upgrades by default.\n # Disable if you have workloads that cannot tollerate disruption.\n management:\n autoRepair: true\n autoUpgrade: true\n # Default reduced to better fit on e2-standard-16 machines.\n # 4 pods per vCPU, 8 pods per physical core, ~1 pod per GB of memory. \n maxPodsPerNode: 64\n nodeConfig:\n labels:\n gke.io/nodepool: primary # kpt-set: ${nodepool-name}\n # diskSizeGb should include enough space for system components and the\n # container image cache, in addition to space used by user workloads.\n diskSizeGb: 100\n # Default to SSD for higher IOPS / $ vs standard disks.\n diskType: pd-ssd\n # Default to e2, the most modern \u0026 efficient machine type family.\n machineType: e2-standard-16\n # Set the scope to cloud platform and use IAM to manage permissions\n oauthScopes:\n - https://www.googleapis.com/auth/cloud-platform\n serviceAccountRef:\n name: gke-porche-demo-east-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n","patchType":"CreateFile"},{"file":"nodepools/primary/README.md","contents":"\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n# GKE Node Pool blueprint\n\n\n\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\nA GKE node pool with a dedicated service account\n\n## Setters\n\n| Name | Value | Type | Count |\n|----------------|------------------|------|-------|\n| cluster-name | example-us-east4 | str | 11 |\n| location | us-east4 | str | 1 |\n| max-node-count | 2 | int | 1 |\n| nodepool-name | primary | str | 11 |\n| project-id | project-id | str | 5 |\n\n## Sub-packages\n\nThis package has no sub-packages.\n\n## Resources\n\n| File | APIVersion | Kind | Name | Namespace |\n|---------------|-----------------------------------------|-------------------|---------------------------------------------|----------------|\n| node-iam.yaml | iam.cnrm.cloud.google.com/v1beta1 | IAMServiceAccount | gke-example-us-east4-primary | config-control |\n| node-iam.yaml | iam.cnrm.cloud.google.com/v1beta1 | IAMPolicyMember | logwriter-gke-example-us-east4-primary | config-control |\n| node-iam.yaml | iam.cnrm.cloud.google.com/v1beta1 | IAMPolicyMember | metricwriter-gke-example-us-east4-primary | config-control |\n| node-iam.yaml | iam.cnrm.cloud.google.com/v1beta1 | IAMPolicyMember | artifactreader-gke-example-us-east4-primary | config-control |\n| nodepool.yaml | container.cnrm.cloud.google.com/v1beta1 | ContainerNodePool | example-us-east4-primary | config-control |\n\n## Resource References\n\n- [ContainerNodePool](https://cloud.google.com/config-connector/docs/reference/resource-docs/container/containernodepool)\n- [IAMPolicyMember](https://cloud.google.com/config-connector/docs/reference/resource-docs/iam/iampolicymember)\n- [IAMServiceAccount](https://cloud.google.com/config-connector/docs/reference/resource-docs/iam/iamserviceaccount)\n\n## Usage\n\n1. Clone the package:\n ```shell\n kpt pkg get https://github.com/GoogleCloudPlatform/blueprints.git/catalog/gke/nodepools/primary@${VERSION}\n ```\n Replace `${VERSION}` with the desired repo branch or tag\n (for example, `main`).\n\n1. Move into the local package:\n ```shell\n cd \"./primary/\"\n ```\n\n1. Edit the function config file(s):\n - setters.yaml\n\n1. Execute the function pipeline\n ```shell\n kpt fn render\n ```\n\n1. Initialize the resource inventory\n ```shell\n kpt live init --namespace ${NAMESPACE}\"\n ```\n Replace `${NAMESPACE}` with the namespace in which to manage\n the inventory ResourceGroup (for example, `config-control`).\n\n1. Apply the package resources to your cluster\n ```shell\n kpt live apply\n ```\n\n1. Wait for the resources to be ready\n ```shell\n kpt live status --output table --poll-until current\n ```\n\n\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\n","patchType":"CreateFile"},{"file":"nodepools/primary/Kptfile","contents":"apiVersion: kpt.dev/v1\nkind: Kptfile\nmetadata:\n name: gke-nodepool\n annotations:\n blueprints.cloud.google.com/title: GKE Node Pool blueprint\n config.kubernetes.io/local-config: \"true\"\ninfo:\n description: A GKE node pool with a dedicated service account\npipeline:\n mutators:\n - image: gcr.io/kpt-fn/apply-setters:v0.1\n configPath: setters.yaml\n","patchType":"CreateFile"},{"file":"cluster/setters.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: v1\nkind: ConfigMap\nmetadata: # kpt-merge: /setters\n name: setters\n annotations:\n config.kubernetes.io/local-config: \"true\"\ndata:\n # The name of this cluster\n cluster-name: example-us-west4\n # The compute location (region for a regional cluster or zone for a zonal cluster)\n location: us-east4\n # The private IP range for masters to use when peering to the VPC\n master-ip-range: 10.254.0.0/28\n # The name of the VPC in which to create this cluster\n network-ref: projects/network-project-id/global/networks/default\n # The reference to the subnet\n subnet-ref: projects/network-project-id/regions/region/subnetworks/default\n # The group in which to manage the list of groups that can be used for RBAC.\n # Must be named exactly 'gke-security-groups'.\n security-group: gke-security-groups@example.com\n","patchType":"CreateFile"},{"file":"Kptfile","contents":"--- Kptfile@old\n+++ Kptfile@new\n@@ -3,6 +3,19 @@\n metadata:\n name: gke-clone\n annotations:\n+ blueprints.cloud.google.com/title: GKE blueprint\n config.kubernetes.io/local-config: \"true\"\n+upstream:\n+ type: git\n+ git:\n+ repo: https://github.com/Rasadus03/raniamoh-blueprint\n+ directory: gke-clone\n+ ref: v1\n+ updateStrategy: resource-merge\n info:\n- description: sample description\n+ description: |\n+ A GKE cluster with a primary node pool. An existing subnet needs to be provided where the cluster should be created.\n+pipeline:\n+ mutators:\n+ - image: gcr.io/kpt-fn/apply-setters:v0.1\n+ configPath: setters.yaml\n","patchType":"PatchFile"},{"file":"cluster/package-context.yaml","contents":"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: kptfile.kpt.dev\n annotations:\n config.kubernetes.io/local-config: \"true\"\ndata:\n name: gke-clone/cluster\n","patchType":"CreateFile"},{"file":"cluster/cluster.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: container.cnrm.cloud.google.com/v1beta1\nkind: ContainerCluster\nmetadata: # kpt-merge: config-control/example-us-east4\n name: porche-demo-east # kpt-set: ${cluster-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-cluster/v0.4.1,kpt-pkg-fn\n cnrm.cloud.google.com/project-id: raniamoh-playground # kpt-set: ${project-id}\n # Remove the default node pool after bootstrapping.\n # Explcit node pool configuration allows for more isolation and makes it\n # easier to replace node pools to change immutable fields.\n cnrm.cloud.google.com/remove-default-node-pool: \"true\"\nspec:\n addonsConfig:\n # Enable NodeLocal DNSCache by default, for increased performance and scaling.\n # https://cloud.google.com/kubernetes-engine/docs/how-to/nodelocal-dns-cache\n dnsCacheConfig:\n enabled: true\n # Enable Compute Engine persistent disk CSI Driver by default, for access to\n # volume snapshots and encryption with customer-managed encryption keys.\n # https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/gce-pd-csi-driver\n gcePersistentDiskCsiDriverConfig:\n enabled: true\n # Enable Groups for GKE, to allow role binding to Google Groups.\n #authenticatorGroupsConfig:\n # securityGroup: gke-security-group@example.com # kpt-set: ${security-group}\n # Enable Binary Authorization by default, to allow configuration of constraint\n # policies and container image attestation.\n # https://cloud.google.com/binary-authorization/docs/overview\n #enableBinaryAuthorization: true\n # Enable Shielded GKE Nodes by default, to protect bootstrap credentials.\n # https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes\n # enableShieldedNodes: true\n\n # Must be at least 1 when using remove-default-node-pool.\n initialNodeCount: 1\n networkingMode: VPC_NATIVE\n # Use VPC-native networking by default, with named secondary IP ranges.\n\n # ipAllocationPolicy:\n # clusterSecondaryRangeName: pods # kpt-set: ${pods-range-name}\n # servicesSecondaryRangeName: services # kpt-set: ${services-range-name}\n location: us-east4 # kpt-set: ${location}\n # Allow internet access to the GKE control plane by default.\n # This default is a deliberate compromise for ease of use over security.\n # For increased security, reduce the CIDR blocks to cover only known clients.\n masterAuthorizedNetworksConfig:\n cidrBlocks:\n - cidrBlock: 0.0.0.0/0\n displayName: Whole Internet\n networkRef:\n external: projects/raniamoh-playground/global/networks/network1 # kpt-set: ${network-ref}\n # privateClusterConfig:\n # Allow public access to the GKE control plane by default.\n # This default is a deliberate compromise for ease of use over security.\n # For increased security, set to true to disable public IP access.\n\n # enablePrivateEndpoint: false\n # Default to private nodes (no public IP).\n # enablePrivateNodes: true\n # Enable global access to the GKE control plane's internal loab balancer.\n # https://cloud.google.com/load-balancing/docs/internal/setting-up-internal#ilb-global-access\n masterGlobalAccessConfig:\n enabled: true\n # masterIpv4CidrBlock: 10.254.0.0/28 # kpt-set: ${master-ip-range}\n # Enable dataplane V2\n # https://cloud.google.com/kubernetes-engine/docs/concepts/dataplane-v2\n datapathProvider: ADVANCED_DATAPATH\n # Enable logging\n loggingConfig:\n enableComponents:\n - \"SYSTEM_COMPONENTS\"\n - \"WORKLOADS\"\n # Enable monitoring\n monitoringConfig:\n enableComponents:\n - \"SYSTEM_COMPONENTS\"\n # Default to the REGULAR channel.\n # Use RAPID for faster access to features and fixes.\n # Use STABLE for less disruption.\n # Use UNSPECIFIED to unenroll from automatic updates.\n releaseChannel:\n channel: REGULAR\n # Use a dedicated subnet by default, to increase isolation and allow for\n # cluster-specific firewalls.\n subnetworkRef:\n external: projects/raniamoh-playground/regions/region/subnetworks/network1 # kpt-set: ${subnet-ref}\n # Enable Vertical Pod Autoscaling by default.\n # https://cloud.google.com/kubernetes-engine/docs/concepts/verticalpodautoscaler\n verticalPodAutoscaling:\n enabled: true\n # Enable workload identity by default.\n workloadIdentityConfig:\n identityNamespace: raniamoh-playground.svc.id.goog # kpt-set: ${project-id}.svc.id.goog\n","patchType":"CreateFile"},{"file":"setters.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: v1\nkind: ConfigMap\nmetadata: # kpt-merge: /setters\n name: setters\ndata:\n project-id: raniamoh-playground\n # The name of this cluster\n cluster-name: porche-demo-east\n # The compute location (region for a regional cluster or zone for a zonal cluster)\n location: us-east4\n # The private IP range for masters to use when peering to the VPC\n #master-ip-range: 10.254.0.0/28\n # The reference to the network\n network-ref: projects/raniamoh-playground/global/networks/network1\n # The reference to the subnet\n subnet-ref: projects/raniamoh-playground/regions/region/subnetworks/network1\n # The private IP range name for pods to use, this range must already exist\n# pods-range-name: pods\n# The private IP range name for services to use, this range must already exist\n#services-range-name: services\n# The group in which to manage the list of groups that can be used for RBAC.\n# Must be named exactly 'gke-security-groups'.\n#security-group: gke-security-groups@example.com\n","patchType":"CreateFile"},{"file":"package-context.yaml","contents":"--- package-context.yaml@old\n+++ package-context.yaml@new\n@@ -5,4 +5,4 @@\n annotations:\n config.kubernetes.io/local-config: \"true\"\n data:\n- name: example\n+ name: gke-clone\n","patchType":"PatchFile"},{"file":"cluster/README.md","contents":"\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n# GKE Cluster blueprint\n\n\n\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\nA GKE cluster with public masters and private nodes\n\n## Setters\n\n| Name | Value | Type | Count |\n|---------------------|----------------------------------------------------------------|------|-------|\n| cluster-name | example-us-west4 | str | 2 |\n| location | us-east4 | str | 1 |\n| master-ip-range | 10.254.0.0/28 | str | 1 |\n| network-ref | projects/network-project-id/global/networks/default | str | 1 |\n| pods-range-name | pods | str | 1 |\n| project-id | project-id | str | 4 |\n| security-group | gke-security-groups@example.com | str | 1 |\n| services-range-name | services | str | 1 |\n| subnet-ref | projects/network-project-id/regions/region/subnetworks/default | str | 1 |\n\n## Sub-packages\n\nThis package has no sub-packages.\n\n## Resources\n\n| File | APIVersion | Kind | Name | Namespace |\n|--------------------|--------------------------------------------|------------------|-----------------------------------|----------------|\n| cluster.yaml | container.cnrm.cloud.google.com/v1beta1 | ContainerCluster | example-us-east4 | config-control |\n| container-api.yaml | serviceusage.cnrm.cloud.google.com/v1beta1 | Service | project-id-cluster-name-container | config-control |\n\n## Resource References\n\n- [ContainerCluster](https://cloud.google.com/config-connector/docs/reference/resource-docs/container/containercluster)\n- [Service](https://cloud.google.com/config-connector/docs/reference/resource-docs/serviceusage/service)\n\n## Usage\n\n1. Clone the package:\n ```shell\n kpt pkg get https://github.com/GoogleCloudPlatform/blueprints.git/catalog/gke/cluster@${VERSION}\n ```\n Replace `${VERSION}` with the desired repo branch or tag\n (for example, `main`).\n\n1. Move into the local package:\n ```shell\n cd \"./cluster/\"\n ```\n\n1. Edit the function config file(s):\n - setters.yaml\n\n1. Execute the function pipeline\n ```shell\n kpt fn render\n ```\n\n1. Initialize the resource inventory\n ```shell\n kpt live init --namespace ${NAMESPACE}\"\n ```\n Replace `${NAMESPACE}` with the namespace in which to manage\n the inventory ResourceGroup (for example, `config-control`).\n\n1. Apply the package resources to your cluster\n ```shell\n kpt live apply\n ```\n\n1. Wait for the resources to be ready\n ```shell\n kpt live status --output table --poll-until current\n ```\n\n\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\n","patchType":"CreateFile"},{"file":"nodepools/primary/package-context.yaml","contents":"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: kptfile.kpt.dev\n annotations:\n config.kubernetes.io/local-config: \"true\"\ndata:\n name: gke-clone/nodepools/primary\n","patchType":"CreateFile"},{"file":"CHANGELOG.md","contents":"# Changelog\n\n### [0.4.1](GoogleCloudPlatform/blueprints@gke-blueprint-v0.4.0...gke-blueprint-v0.4.1) (2022-05-24)\n\n\n### Bug Fixes\n\n* add local-config annotations to kptfiles and functionConfigs ([#176](GoogleCloudPlatform/blueprints#176)) ([0d005f0](https://github.com/GoogleCloudPlatform/blueprints/commit/0d005f0174d95d3aca1691e67deffa573c3e7db7))\n* reduce setters ([#158](GoogleCloudPlatform/blueprints#158)) ([b020765](https://github.com/GoogleCloudPlatform/blueprints/commit/b020765de49640700347d74295616ea9fc4dd812))\n\n## [0.4.0](https://www.github.com/GoogleCloudPlatform/blueprints/compare/gke-blueprint-v0.3.0...gke-blueprint-v0.4.0) (2021-12-22)\n\n\n### Features\n\n* Change cluster and node pool defaults ([#89](https://www.github.com/GoogleCloudPlatform/blueprints/issues/89)) ([32918a5](https://www.github.com/GoogleCloudPlatform/blueprints/commit/32918a5534454159fa90c8a74fcdf9defde9ebf8))\n","patchType":"CreateFile"},{"file":"README.md","contents":"--- README.md@old\n+++ README.md@new\n@@ -1,21 +1,77 @@\n-# gke-clone\n+\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n+# GKE blueprint\n \n-## Description\n-sample description\n \n+\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n+\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\n+A GKE cluster with a primary node pool. An existing subnet needs to be provided where the cluster should be created.\n+\n+## Setters\n+\n+| Name | Value | Type | Count |\n+|---------------------|----------------------------------------------------------------|------|-------|\n+| cluster-name | example-us-west4 | str | 13 |\n+| location | us-east4 | str | 2 |\n+| master-ip-range | 10.254.0.0/28 | str | 1 |\n+| max-node-count | 2 | int | 1 |\n+| network-ref | projects/network-project-id/global/networks/default | str | 1 |\n+| nodepool-name | primary | str | 11 |\n+| pods-range-name | pods | str | 1 |\n+| project-id | project-id | str | 9 |\n+| security-group | gke-security-groups@example.com | str | 1 |\n+| services-range-name | services | str | 1 |\n+| subnet-ref | projects/network-project-id/regions/region/subnetworks/default | str | 1 |\n+\n+## Sub-packages\n+\n+- [gke-cluster](cluster)\n+- [gke-nodepool](nodepools/primary)\n+\n+## Resources\n+\n+This package has no top-level resources. See sub-packages.\n+\n+## Resource References\n+\n+This package has no top-level resources. See sub-packages.\n+\n ## Usage\n \n-### Fetch the package\n-`kpt pkg get REPO_URI[.git]/PKG_PATH[@Version] gke-clone`\n-Details: https://kpt.dev/reference/cli/pkg/get/\n+1. Clone the package:\n+ ```shell\n+ kpt pkg get https://github.com/GoogleCloudPlatform/blueprints.git/catalog/gke@${VERSION}\n+ ```\n+ Replace `${VERSION}` with the desired repo branch or tag\n+ (for example, `main`).\n \n-### View package content\n-`kpt pkg tree gke-clone`\n-Details: https://kpt.dev/reference/cli/pkg/tree/\n+1. Move into the local package:\n+ ```shell\n+ cd \"./gke/\"\n+ ```\n \n-### Apply the package\n-```\n-kpt live init gke-clone\n-kpt live apply gke-clone --reconcile-timeout=2m --output=table\n-```\n-Details: https://kpt.dev/reference/cli/live/\n+1. Edit the function config file(s):\n+ - setters.yaml\n+\n+1. Execute the function pipeline\n+ ```shell\n+ kpt fn render\n+ ```\n+\n+1. Initialize the resource inventory\n+ ```shell\n+ kpt live init --namespace ${NAMESPACE}\"\n+ ```\n+ Replace `${NAMESPACE}` with the namespace in which to manage\n+ the inventory ResourceGroup (for example, `config-control`).\n+\n+1. Apply the package resources to your cluster\n+ ```shell\n+ kpt live apply\n+ ```\n+\n+1. Wait for the resources to be ready\n+ ```shell\n+ kpt live status --output table --poll-until current\n+ ```\n+\n+\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\n","patchType":"PatchFile"},{"file":"nodepools/primary/node-iam.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n# Service Account for GKE nodes\napiVersion: iam.cnrm.cloud.google.com/v1beta1\nkind: IAMServiceAccount\nmetadata: # kpt-merge: config-control/gke-example-us-east4-primary\n name: gke-porche-demo-east-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn\n cnrm.cloud.google.com/project-id: raniamoh-playground # kpt-set: ${project-id}\nspec:\n displayName: gke-porche-demo-east-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n---\n# Allow fluentd to send logs to StackDriver\napiVersion: iam.cnrm.cloud.google.com/v1beta1\nkind: IAMPolicyMember\nmetadata: # kpt-merge: config-control/logwriter-gke-example-us-east4-primary\n name: logwriter-gke-porche-demo-east-primary # kpt-set: logwriter-gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn\nspec:\n memberFrom:\n serviceAccountRef:\n name: gke-porche-demo-east-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n resourceRef:\n apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1\n kind: Project\n external: raniamoh-playground # kpt-set: ${project-id}\n role: roles/logging.logWriter\n---\n# Allow fluentd to send metrics to StackDriver\napiVersion: iam.cnrm.cloud.google.com/v1beta1\nkind: IAMPolicyMember\nmetadata: # kpt-merge: config-control/metricwriter-gke-example-us-east4-primary\n name: metricwriter-gke-porche-demo-east-primary # kpt-set: metricwriter-gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn\nspec:\n memberFrom:\n serviceAccountRef:\n name: gke-porche-demo-east-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n resourceRef:\n apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1\n kind: Project\n external: raniamoh-playground # kpt-set: ${project-id}\n role: roles/monitoring.metricWriter\n---\n# Allow kubelet/docker/containerd to read all artifacts/images in the project-id project\napiVersion: iam.cnrm.cloud.google.com/v1beta1\nkind: IAMPolicyMember\nmetadata: # kpt-merge: config-control/artifactreader-gke-example-us-east4-primary\n name: artifactreader-gke-porche-demo-east-primary # kpt-set: artifactreader-gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn\nspec:\n memberFrom:\n serviceAccountRef:\n name: gke-porche-demo-east-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n resourceRef:\n apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1\n kind: Project\n external: raniamoh-playground # kpt-set: ${project-id}\n role: roles/artifactregistry.reader\n","patchType":"CreateFile"},{"file":"cluster/container-api.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n# Enable the Container service in the platform project\napiVersion: serviceusage.cnrm.cloud.google.com/v1beta1\nkind: Service\nmetadata: # kpt-merge: config-control/project-id-cluster-name-container\n # Use a unique name to avoid overlap with other cluster package instances.\n name: raniamoh-playground-porche-demo-east-container # kpt-set: ${project-id}-${cluster-name}-container\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-cluster/v0.4.1,kpt-pkg-fn\n cnrm.cloud.google.com/deletion-policy: abandon\n cnrm.cloud.google.com/project-id: raniamoh-playground # kpt-set: ${project-id}\nspec:\n resourceID: container.googleapis.com\n","patchType":"CreateFile"},{"file":"nodepools/primary/setters.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: v1\nkind: ConfigMap\nmetadata: # kpt-merge: /setters\n name: setters\n annotations:\n config.kubernetes.io/local-config: \"true\"\ndata:\n # The name of the cluster to attach this node pool to\n cluster-name: example-us-east4\n # The compute location (region for a regional cluster or zone for a zonal cluster)\n location: us-east4\n # The maximum nodes per zone for this pool\n max-node-count: \"2\"\n # The name of this node pool\n nodepool-name: primary\n","patchType":"CreateFile"},{"file":"cluster/Kptfile","contents":"apiVersion: kpt.dev/v1\nkind: Kptfile\nmetadata:\n name: gke-cluster\n annotations:\n blueprints.cloud.google.com/title: GKE Cluster blueprint\n config.kubernetes.io/local-config: \"true\"\ninfo:\n description: A GKE cluster with public masters and private nodes\npipeline:\n mutators:\n - image: gcr.io/kpt-fn/apply-setters:v0.1\n configPath: setters.yaml\n","patchType":"CreateFile"}]}}}
Rasadus03
pushed a commit
to Rasadus03/raniamoh-deployment
that referenced
this pull request
Jun 17, 2022
kpt:{"package":"gke-clone","task":{"type":"patch","patch":{"patches":[{"file":"setters.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: v1\nkind: ConfigMap\nmetadata: # kpt-merge: /setters\n name: setters\ndata:\n project-id: raniamoh-playground\n # The name of this cluster\n cluster-name: porche-demo-east\n # The compute location (region for a regional cluster or zone for a zonal cluster)\n location: us-east4\n # The private IP range for masters to use when peering to the VPC\n #master-ip-range: 10.254.0.0/28\n # The reference to the network\n network-ref: projects/raniamoh-playground/global/networks/network1\n # The reference to the subnet\n subnet-ref: projects/raniamoh-playground/regions/region/subnetworks/network1\n # The private IP range name for pods to use, this range must already exist\n# pods-range-name: pods\n# The private IP range name for services to use, this range must already exist\n#services-range-name: services\n# The group in which to manage the list of groups that can be used for RBAC.\n# Must be named exactly 'gke-security-groups'.\n#security-group: gke-security-groups@example.com\n","patchType":"CreateFile"},{"file":"Kptfile","contents":"--- Kptfile@old\n+++ Kptfile@new\n@@ -3,6 +3,26 @@\n metadata:\n name: gke-clone\n annotations:\n+ blueprints.cloud.google.com/title: GKE blueprint\n config.kubernetes.io/local-config: \"true\"\n+upstream:\n+ type: git\n+ git:\n+ repo: https://github.com/Rasadus03/raniamoh-blueprint\n+ directory: /gke-clone\n+ ref: v1\n+ updateStrategy: resource-merge\n+upstreamLock:\n+ type: git\n+ git:\n+ repo: https://github.com/Rasadus03/raniamoh-blueprint\n+ directory: /gke-clone\n+ ref: gke-clone/v1\n+ commit: 03e261f3e491003c75e44648c0bad1a23d9e6e6c\n info:\n- description: sample description\n+ description: |\n+ A GKE cluster with a primary node pool. An existing subnet needs to be provided where the cluster should be created.\n+pipeline:\n+ mutators:\n+ - image: gcr.io/kpt-fn/apply-setters:v0.1\n+ configPath: setters.yaml\n","patchType":"PatchFile"},{"file":"CHANGELOG.md","contents":"# Changelog\n\n### [0.4.1](GoogleCloudPlatform/blueprints@gke-blueprint-v0.4.0...gke-blueprint-v0.4.1) (2022-05-24)\n\n\n### Bug Fixes\n\n* add local-config annotations to kptfiles and functionConfigs ([#176](GoogleCloudPlatform/blueprints#176)) ([0d005f0](https://github.com/GoogleCloudPlatform/blueprints/commit/0d005f0174d95d3aca1691e67deffa573c3e7db7))\n* reduce setters ([#158](GoogleCloudPlatform/blueprints#158)) ([b020765](https://github.com/GoogleCloudPlatform/blueprints/commit/b020765de49640700347d74295616ea9fc4dd812))\n\n## [0.4.0](https://www.github.com/GoogleCloudPlatform/blueprints/compare/gke-blueprint-v0.3.0...gke-blueprint-v0.4.0) (2021-12-22)\n\n\n### Features\n\n* Change cluster and node pool defaults ([#89](https://www.github.com/GoogleCloudPlatform/blueprints/issues/89)) ([32918a5](https://www.github.com/GoogleCloudPlatform/blueprints/commit/32918a5534454159fa90c8a74fcdf9defde9ebf8))\n","patchType":"CreateFile"},{"file":"nodepools/primary/Kptfile","contents":"apiVersion: kpt.dev/v1\nkind: Kptfile\nmetadata:\n name: gke-nodepool\n annotations:\n blueprints.cloud.google.com/title: GKE Node Pool blueprint\n config.kubernetes.io/local-config: \"true\"\ninfo:\n description: A GKE node pool with a dedicated service account\npipeline:\n mutators:\n - image: gcr.io/kpt-fn/apply-setters:v0.1\n configPath: setters.yaml\n","patchType":"CreateFile"},{"file":"cluster/Kptfile","contents":"apiVersion: kpt.dev/v1\nkind: Kptfile\nmetadata:\n name: gke-cluster\n annotations:\n blueprints.cloud.google.com/title: GKE Cluster blueprint\n config.kubernetes.io/local-config: \"true\"\ninfo:\n description: A GKE cluster with public masters and private nodes\npipeline:\n mutators:\n - image: gcr.io/kpt-fn/apply-setters:v0.1\n configPath: setters.yaml\n","patchType":"CreateFile"},{"file":"nodepools/primary/README.md","contents":"\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n# GKE Node Pool blueprint\n\n\n\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\nA GKE node pool with a dedicated service account\n\n## Setters\n\n| Name | Value | Type | Count |\n|----------------|------------------|------|-------|\n| cluster-name | example-us-east4 | str | 11 |\n| location | us-east4 | str | 1 |\n| max-node-count | 2 | int | 1 |\n| nodepool-name | primary | str | 11 |\n| project-id | project-id | str | 5 |\n\n## Sub-packages\n\nThis package has no sub-packages.\n\n## Resources\n\n| File | APIVersion | Kind | Name | Namespace |\n|---------------|-----------------------------------------|-------------------|---------------------------------------------|----------------|\n| node-iam.yaml | iam.cnrm.cloud.google.com/v1beta1 | IAMServiceAccount | gke-example-us-east4-primary | config-control |\n| node-iam.yaml | iam.cnrm.cloud.google.com/v1beta1 | IAMPolicyMember | logwriter-gke-example-us-east4-primary | config-control |\n| node-iam.yaml | iam.cnrm.cloud.google.com/v1beta1 | IAMPolicyMember | metricwriter-gke-example-us-east4-primary | config-control |\n| node-iam.yaml | iam.cnrm.cloud.google.com/v1beta1 | IAMPolicyMember | artifactreader-gke-example-us-east4-primary | config-control |\n| nodepool.yaml | container.cnrm.cloud.google.com/v1beta1 | ContainerNodePool | example-us-east4-primary | config-control |\n\n## Resource References\n\n- [ContainerNodePool](https://cloud.google.com/config-connector/docs/reference/resource-docs/container/containernodepool)\n- [IAMPolicyMember](https://cloud.google.com/config-connector/docs/reference/resource-docs/iam/iampolicymember)\n- [IAMServiceAccount](https://cloud.google.com/config-connector/docs/reference/resource-docs/iam/iamserviceaccount)\n\n## Usage\n\n1. Clone the package:\n ```shell\n kpt pkg get https://github.com/GoogleCloudPlatform/blueprints.git/catalog/gke/nodepools/primary@${VERSION}\n ```\n Replace `${VERSION}` with the desired repo branch or tag\n (for example, `main`).\n\n1. Move into the local package:\n ```shell\n cd \"./primary/\"\n ```\n\n1. Edit the function config file(s):\n - setters.yaml\n\n1. Execute the function pipeline\n ```shell\n kpt fn render\n ```\n\n1. Initialize the resource inventory\n ```shell\n kpt live init --namespace ${NAMESPACE}\"\n ```\n Replace `${NAMESPACE}` with the namespace in which to manage\n the inventory ResourceGroup (for example, `config-control`).\n\n1. Apply the package resources to your cluster\n ```shell\n kpt live apply\n ```\n\n1. Wait for the resources to be ready\n ```shell\n kpt live status --output table --poll-until current\n ```\n\n\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\n","patchType":"CreateFile"},{"file":"README.md","contents":"--- README.md@old\n+++ README.md@new\n@@ -1,21 +1,77 @@\n-# gke-clone\n+\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n+# GKE blueprint\n \n-## Description\n-sample description\n \n+\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n+\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\n+A GKE cluster with a primary node pool. An existing subnet needs to be provided where the cluster should be created.\n+\n+## Setters\n+\n+| Name | Value | Type | Count |\n+|---------------------|----------------------------------------------------------------|------|-------|\n+| cluster-name | example-us-west4 | str | 13 |\n+| location | us-east4 | str | 2 |\n+| master-ip-range | 10.254.0.0/28 | str | 1 |\n+| max-node-count | 2 | int | 1 |\n+| network-ref | projects/network-project-id/global/networks/default | str | 1 |\n+| nodepool-name | primary | str | 11 |\n+| pods-range-name | pods | str | 1 |\n+| project-id | project-id | str | 9 |\n+| security-group | gke-security-groups@example.com | str | 1 |\n+| services-range-name | services | str | 1 |\n+| subnet-ref | projects/network-project-id/regions/region/subnetworks/default | str | 1 |\n+\n+## Sub-packages\n+\n+- [gke-cluster](cluster)\n+- [gke-nodepool](nodepools/primary)\n+\n+## Resources\n+\n+This package has no top-level resources. See sub-packages.\n+\n+## Resource References\n+\n+This package has no top-level resources. See sub-packages.\n+\n ## Usage\n \n-### Fetch the package\n-`kpt pkg get REPO_URI[.git]/PKG_PATH[@Version] gke-clone`\n-Details: https://kpt.dev/reference/cli/pkg/get/\n+1. Clone the package:\n+ ```shell\n+ kpt pkg get https://github.com/GoogleCloudPlatform/blueprints.git/catalog/gke@${VERSION}\n+ ```\n+ Replace `${VERSION}` with the desired repo branch or tag\n+ (for example, `main`).\n \n-### View package content\n-`kpt pkg tree gke-clone`\n-Details: https://kpt.dev/reference/cli/pkg/tree/\n+1. Move into the local package:\n+ ```shell\n+ cd \"./gke/\"\n+ ```\n \n-### Apply the package\n-```\n-kpt live init gke-clone\n-kpt live apply gke-clone --reconcile-timeout=2m --output=table\n-```\n-Details: https://kpt.dev/reference/cli/live/\n+1. Edit the function config file(s):\n+ - setters.yaml\n+\n+1. Execute the function pipeline\n+ ```shell\n+ kpt fn render\n+ ```\n+\n+1. Initialize the resource inventory\n+ ```shell\n+ kpt live init --namespace ${NAMESPACE}\"\n+ ```\n+ Replace `${NAMESPACE}` with the namespace in which to manage\n+ the inventory ResourceGroup (for example, `config-control`).\n+\n+1. Apply the package resources to your cluster\n+ ```shell\n+ kpt live apply\n+ ```\n+\n+1. Wait for the resources to be ready\n+ ```shell\n+ kpt live status --output table --poll-until current\n+ ```\n+\n+\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\n","patchType":"PatchFile"},{"file":"nodepools/primary/setters.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: v1\nkind: ConfigMap\nmetadata: # kpt-merge: /setters\n name: setters\n annotations:\n config.kubernetes.io/local-config: \"true\"\ndata:\n # The name of the cluster to attach this node pool to\n cluster-name: example-us-east4\n # The compute location (region for a regional cluster or zone for a zonal cluster)\n location: us-east4\n # The maximum nodes per zone for this pool\n max-node-count: \"2\"\n # The name of this node pool\n nodepool-name: primary\n","patchType":"CreateFile"},{"file":"cluster/cluster.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: container.cnrm.cloud.google.com/v1beta1\nkind: ContainerCluster\nmetadata: # kpt-merge: config-control/example-us-east4\n name: porche-demo-east # kpt-set: ${cluster-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-cluster/v0.4.1,kpt-pkg-fn\n cnrm.cloud.google.com/project-id: raniamoh-playground # kpt-set: ${project-id}\n # Remove the default node pool after bootstrapping.\n # Explcit node pool configuration allows for more isolation and makes it\n # easier to replace node pools to change immutable fields.\n cnrm.cloud.google.com/remove-default-node-pool: \"true\"\nspec:\n addonsConfig:\n # Enable NodeLocal DNSCache by default, for increased performance and scaling.\n # https://cloud.google.com/kubernetes-engine/docs/how-to/nodelocal-dns-cache\n dnsCacheConfig:\n enabled: true\n # Enable Compute Engine persistent disk CSI Driver by default, for access to\n # volume snapshots and encryption with customer-managed encryption keys.\n # https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/gce-pd-csi-driver\n gcePersistentDiskCsiDriverConfig:\n enabled: true\n # Enable Groups for GKE, to allow role binding to Google Groups.\n #authenticatorGroupsConfig:\n # securityGroup: gke-security-group@example.com # kpt-set: ${security-group}\n # Enable Binary Authorization by default, to allow configuration of constraint\n # policies and container image attestation.\n # https://cloud.google.com/binary-authorization/docs/overview\n #enableBinaryAuthorization: true\n # Enable Shielded GKE Nodes by default, to protect bootstrap credentials.\n # https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes\n # enableShieldedNodes: true\n\n # Must be at least 1 when using remove-default-node-pool.\n initialNodeCount: 1\n networkingMode: VPC_NATIVE\n # Use VPC-native networking by default, with named secondary IP ranges.\n\n # ipAllocationPolicy:\n # clusterSecondaryRangeName: pods # kpt-set: ${pods-range-name}\n # servicesSecondaryRangeName: services # kpt-set: ${services-range-name}\n location: us-east4 # kpt-set: ${location}\n # Allow internet access to the GKE control plane by default.\n # This default is a deliberate compromise for ease of use over security.\n # For increased security, reduce the CIDR blocks to cover only known clients.\n masterAuthorizedNetworksConfig:\n cidrBlocks:\n - cidrBlock: 0.0.0.0/0\n displayName: Whole Internet\n networkRef:\n external: projects/raniamoh-playground/global/networks/network1 # kpt-set: ${network-ref}\n # privateClusterConfig:\n # Allow public access to the GKE control plane by default.\n # This default is a deliberate compromise for ease of use over security.\n # For increased security, set to true to disable public IP access.\n\n # enablePrivateEndpoint: false\n # Default to private nodes (no public IP).\n # enablePrivateNodes: true\n # Enable global access to the GKE control plane's internal loab balancer.\n # https://cloud.google.com/load-balancing/docs/internal/setting-up-internal#ilb-global-access\n masterGlobalAccessConfig:\n enabled: true\n # masterIpv4CidrBlock: 10.254.0.0/28 # kpt-set: ${master-ip-range}\n # Enable dataplane V2\n # https://cloud.google.com/kubernetes-engine/docs/concepts/dataplane-v2\n datapathProvider: ADVANCED_DATAPATH\n # Enable logging\n loggingConfig:\n enableComponents:\n - \"SYSTEM_COMPONENTS\"\n - \"WORKLOADS\"\n # Enable monitoring\n monitoringConfig:\n enableComponents:\n - \"SYSTEM_COMPONENTS\"\n # Default to the REGULAR channel.\n # Use RAPID for faster access to features and fixes.\n # Use STABLE for less disruption.\n # Use UNSPECIFIED to unenroll from automatic updates.\n releaseChannel:\n channel: REGULAR\n # Use a dedicated subnet by default, to increase isolation and allow for\n # cluster-specific firewalls.\n subnetworkRef:\n external: projects/raniamoh-playground/regions/region/subnetworks/network1 # kpt-set: ${subnet-ref}\n # Enable Vertical Pod Autoscaling by default.\n # https://cloud.google.com/kubernetes-engine/docs/concepts/verticalpodautoscaler\n verticalPodAutoscaling:\n enabled: true\n # Enable workload identity by default.\n workloadIdentityConfig:\n identityNamespace: raniamoh-playground.svc.id.goog # kpt-set: ${project-id}.svc.id.goog\n","patchType":"CreateFile"},{"file":"nodepools/primary/package-context.yaml","contents":"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: kptfile.kpt.dev\n annotations:\n config.kubernetes.io/local-config: \"true\"\ndata:\n name: gke-clone/nodepools/primary\n","patchType":"CreateFile"},{"file":"cluster/package-context.yaml","contents":"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: kptfile.kpt.dev\n annotations:\n config.kubernetes.io/local-config: \"true\"\ndata:\n name: gke-clone/cluster\n","patchType":"CreateFile"},{"file":"nodepools/primary/nodepool.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: container.cnrm.cloud.google.com/v1beta1\nkind: ContainerNodePool\nmetadata: # kpt-merge: config-control/example-us-east4-primary\n name: porche-demo-east-primary # kpt-set: ${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn\n cnrm.cloud.google.com/project-id: raniamoh-playground # kpt-set: ${project-id}\nspec:\n autoscaling:\n # maxNodeCount is per-zone, for regional clusters\n maxNodeCount: 2 # kpt-set: ${max-node-count}\n # minNodeCount is per-zone, for regional clusters\n minNodeCount: 1\n clusterRef:\n name: porche-demo-east # kpt-set: ${cluster-name}\n # At least one node is required for cluster system components.\n # initialNodeCount is per-zone, for regional clusters\n initialNodeCount: 1\n location: us-east4 # kpt-set: ${location}\n # Enable auto repairs and upgrades by default.\n # Disable if you have workloads that cannot tollerate disruption.\n management:\n autoRepair: true\n autoUpgrade: true\n # Default reduced to better fit on e2-standard-16 machines.\n # 4 pods per vCPU, 8 pods per physical core, ~1 pod per GB of memory. \n maxPodsPerNode: 64\n nodeConfig:\n labels:\n gke.io/nodepool: primary # kpt-set: ${nodepool-name}\n # diskSizeGb should include enough space for system components and the\n # container image cache, in addition to space used by user workloads.\n diskSizeGb: 100\n # Default to SSD for higher IOPS / $ vs standard disks.\n diskType: pd-ssd\n # Default to e2, the most modern \u0026 efficient machine type family.\n machineType: e2-standard-16\n # Set the scope to cloud platform and use IAM to manage permissions\n oauthScopes:\n - https://www.googleapis.com/auth/cloud-platform\n serviceAccountRef:\n name: gke-porche-demo-east-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n","patchType":"CreateFile"},{"file":"cluster/README.md","contents":"\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n# GKE Cluster blueprint\n\n\n\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:TITLE --\u003e\n\u003c!-- BEGINNING OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\nA GKE cluster with public masters and private nodes\n\n## Setters\n\n| Name | Value | Type | Count |\n|---------------------|----------------------------------------------------------------|------|-------|\n| cluster-name | example-us-west4 | str | 2 |\n| location | us-east4 | str | 1 |\n| master-ip-range | 10.254.0.0/28 | str | 1 |\n| network-ref | projects/network-project-id/global/networks/default | str | 1 |\n| pods-range-name | pods | str | 1 |\n| project-id | project-id | str | 4 |\n| security-group | gke-security-groups@example.com | str | 1 |\n| services-range-name | services | str | 1 |\n| subnet-ref | projects/network-project-id/regions/region/subnetworks/default | str | 1 |\n\n## Sub-packages\n\nThis package has no sub-packages.\n\n## Resources\n\n| File | APIVersion | Kind | Name | Namespace |\n|--------------------|--------------------------------------------|------------------|-----------------------------------|----------------|\n| cluster.yaml | container.cnrm.cloud.google.com/v1beta1 | ContainerCluster | example-us-east4 | config-control |\n| container-api.yaml | serviceusage.cnrm.cloud.google.com/v1beta1 | Service | project-id-cluster-name-container | config-control |\n\n## Resource References\n\n- [ContainerCluster](https://cloud.google.com/config-connector/docs/reference/resource-docs/container/containercluster)\n- [Service](https://cloud.google.com/config-connector/docs/reference/resource-docs/serviceusage/service)\n\n## Usage\n\n1. Clone the package:\n ```shell\n kpt pkg get https://github.com/GoogleCloudPlatform/blueprints.git/catalog/gke/cluster@${VERSION}\n ```\n Replace `${VERSION}` with the desired repo branch or tag\n (for example, `main`).\n\n1. Move into the local package:\n ```shell\n cd \"./cluster/\"\n ```\n\n1. Edit the function config file(s):\n - setters.yaml\n\n1. Execute the function pipeline\n ```shell\n kpt fn render\n ```\n\n1. Initialize the resource inventory\n ```shell\n kpt live init --namespace ${NAMESPACE}\"\n ```\n Replace `${NAMESPACE}` with the namespace in which to manage\n the inventory ResourceGroup (for example, `config-control`).\n\n1. Apply the package resources to your cluster\n ```shell\n kpt live apply\n ```\n\n1. Wait for the resources to be ready\n ```shell\n kpt live status --output table --poll-until current\n ```\n\n\u003c!-- END OF PRE-COMMIT-BLUEPRINT DOCS HOOK:BODY --\u003e\n","patchType":"CreateFile"},{"file":"nodepools/primary/node-iam.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n# Service Account for GKE nodes\napiVersion: iam.cnrm.cloud.google.com/v1beta1\nkind: IAMServiceAccount\nmetadata: # kpt-merge: config-control/gke-example-us-east4-primary\n name: gke-porche-demo-east-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn\n cnrm.cloud.google.com/project-id: raniamoh-playground # kpt-set: ${project-id}\nspec:\n displayName: gke-porche-demo-east-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n---\n# Allow fluentd to send logs to StackDriver\napiVersion: iam.cnrm.cloud.google.com/v1beta1\nkind: IAMPolicyMember\nmetadata: # kpt-merge: config-control/logwriter-gke-example-us-east4-primary\n name: logwriter-gke-porche-demo-east-primary # kpt-set: logwriter-gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn\nspec:\n memberFrom:\n serviceAccountRef:\n name: gke-porche-demo-east-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n resourceRef:\n apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1\n kind: Project\n external: raniamoh-playground # kpt-set: ${project-id}\n role: roles/logging.logWriter\n---\n# Allow fluentd to send metrics to StackDriver\napiVersion: iam.cnrm.cloud.google.com/v1beta1\nkind: IAMPolicyMember\nmetadata: # kpt-merge: config-control/metricwriter-gke-example-us-east4-primary\n name: metricwriter-gke-porche-demo-east-primary # kpt-set: metricwriter-gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn\nspec:\n memberFrom:\n serviceAccountRef:\n name: gke-porche-demo-east-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n resourceRef:\n apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1\n kind: Project\n external: raniamoh-playground # kpt-set: ${project-id}\n role: roles/monitoring.metricWriter\n---\n# Allow kubelet/docker/containerd to read all artifacts/images in the project-id project\napiVersion: iam.cnrm.cloud.google.com/v1beta1\nkind: IAMPolicyMember\nmetadata: # kpt-merge: config-control/artifactreader-gke-example-us-east4-primary\n name: artifactreader-gke-porche-demo-east-primary # kpt-set: artifactreader-gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-nodepool/v0.4.1,kpt-pkg-fn\nspec:\n memberFrom:\n serviceAccountRef:\n name: gke-porche-demo-east-primary # kpt-set: gke-${cluster-name}-${nodepool-name}\n namespace: config-control\n resourceRef:\n apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1\n kind: Project\n external: raniamoh-playground # kpt-set: ${project-id}\n role: roles/artifactregistry.reader\n","patchType":"CreateFile"},{"file":"cluster/setters.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\napiVersion: v1\nkind: ConfigMap\nmetadata: # kpt-merge: /setters\n name: setters\n annotations:\n config.kubernetes.io/local-config: \"true\"\ndata:\n # The name of this cluster\n cluster-name: example-us-west4\n # The compute location (region for a regional cluster or zone for a zonal cluster)\n location: us-east4\n # The private IP range for masters to use when peering to the VPC\n master-ip-range: 10.254.0.0/28\n # The name of the VPC in which to create this cluster\n network-ref: projects/network-project-id/global/networks/default\n # The reference to the subnet\n subnet-ref: projects/network-project-id/regions/region/subnetworks/default\n # The group in which to manage the list of groups that can be used for RBAC.\n # Must be named exactly 'gke-security-groups'.\n security-group: gke-security-groups@example.com\n","patchType":"CreateFile"},{"file":"cluster/container-api.yaml","contents":"# Copyright 2021 Google LLC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n# Enable the Container service in the platform project\napiVersion: serviceusage.cnrm.cloud.google.com/v1beta1\nkind: Service\nmetadata: # kpt-merge: config-control/project-id-cluster-name-container\n # Use a unique name to avoid overlap with other cluster package instances.\n name: raniamoh-playground-porche-demo-east-container # kpt-set: ${project-id}-${cluster-name}-container\n namespace: config-control\n annotations:\n cnrm.cloud.google.com/blueprint: cnrm/gke:gke-cluster/v0.4.1,kpt-pkg-fn\n cnrm.cloud.google.com/deletion-policy: abandon\n cnrm.cloud.google.com/project-id: raniamoh-playground # kpt-set: ${project-id}\nspec:\n resourceID: container.googleapis.com\n","patchType":"CreateFile"}]}}}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
part of #174