Fix/update acm asm

[dkassab]

Updating documentation and fixing formatting issues.

[daniel-cit]

Hi @dkassab Thanks for the PR
there are two lint errors:

• A missing newline

Step #1 - "lint-tests": Checking for missing newline at end of file
Step #1 - "lint-tests": Error: No newline at end of file ./6-anthos-install/README.md

• A missing required argument

Step #1 - "lint-tests": terraform_validate ./app-foundation/4-projects/shared 
Step #1 - "lint-tests": 
Step #1 - "lint-tests": Error: Missing required argument
Step #1 - "lint-tests": 
Step #1 - "lint-tests":   on infra_pipeline.tf line 44, in module "infra_pipelines":
Step #1 - "lint-tests":   44: module "infra_pipelines" {
Step #1 - "lint-tests": 
Step #1 - "lint-tests": The argument "impersonate_service_account" is required, but no definition was
Step #1 - "lint-tests": found

The missing required argument was fixed in PR #40
It should be fixed if you rebase with the current version of main

[daniel-cit]

• There are some changes that need to be reverted,
  which are the ones related to gcr.io/bank-of-anthos,
  they are marked individually in the files.
  The text gcr.io/bank-of-anthos is replaced automatically in step 7.

• It would help the user if all the variables that depende in the output of previous steps
  would be defined in the define-required-environment-variables
  section for example these variable cloud be move to the section:

export CICD_PROJECT_ID=YOUR_CICD_PROJECT_ID

and

export SQL_PROJECT_ID=YOUR_SQL_PROJECT_ID
export SQL_INSTANCE_NAME_WEST=YOUR_SQL_INSTANCE_NAME_WEST
export SQL_INSTANCE_NAME_EAST=YOUR_SQL_INSTANCE_NAME_EAST

• We have three project IDs in the README.md for step 6 and
  it would help the user if they were consistentelly named in the environement variable
  and in the replace tokens inside the yaml files
  • the GKE project ID:
    • PROJECT_ID -> GKE_PROJECT_ID (env var)
    • PROJECT_ID -> GKE_PROJECT_ID (yaml)
  • the CI/CD project ID
    • PROJECT_ID -> CICD_PROJECT_ID (env var)
    • PROJECT_ID -> CICD_PROJECT_ID (yaml
  • the SQL project ID
    • SQL_PROJECT_ID -> SQL_PROJECT_ID (env var)(keep)

for example, this command at the end of the readme

gcloud iam service-accounts add-iam-policy-binding \
--role roles/iam.workloadIdentityUser \
--member "serviceAccount:$PROJECT_ID.svc.id.goog[transactions/transactions]" \
boa-gsa@$PROJECT_ID.iam.gserviceaccount.com

should be using

• PROJECT_ID -> GKE_PROJECT_ID

Since the boa-gsa service account is create in the GKE project.

[google-cla]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[rutalreja-deloitte]

@googlebot I consent.

[rutalreja-deloitte]

Fixes in c599738

• Merged main and lint pass
• Changes requested in @daniel-cit 's comment
• Remove --cluster-labels not needed
• Add missing instruction for frontend-sa.yaml
• Instruction update that was merged in Update README to similar format as in Terraform Foundation repository #49

[rutalreja-deloitte]

@dkassab and @daniel-cit
Noticed missing instructions for

• acm root-sync yaml in ReadME, line should also have GKE_PROJECT_ID instead of PROJECT_ID
• cloud-sql-admin-secret yaml instruction to update this in ReadME
• app-secret-front yaml instruction to update this in ReadME as well as the correct project env variable GKE most likely

P.S Also a lot of files in the 6-anthos-install/acm-repos/root-config-repo/namespaces/boa/ repo folders are entirely commented out, maybe some instructions in the README are required to inform user what role the files play and at what stage

[dkassab]

@dkassab and @daniel-cit
Noticed missing instructions for

• acm root-sync yaml in ReadME, line should also have GKE_PROJECT_ID instead of PROJECT_ID
• cloud-sql-admin-secret yaml instruction to update this in ReadME
• app-secret-front yaml instruction to update this in ReadME as well as the correct project env variable GKE most likely

P.S Also a lot of files in the 6-anthos-install/acm-repos/root-config-repo/namespaces/boa/ repo folders are entirely commented out, maybe some instructions in the README are required to inform user what role the files play and at what stage

• I fixed acm root-sync.yaml file.
• cloud-sql-admin-secret is not needed anymore, I removed it.
• This secret is not needed for this phase, but will need it once we implement secret manager and CSI secret driver.

[rutalreja-deloitte]

Fixes #51

• Exposed bastion_members in 5-infra/env/main.tf and added supporting instruction in 6-README
• Added missing Readme instruction for acm-repo-sync
• Commented out app-secret-front

[rutalreja-deloitte]

LGTM
@daniel-cit and @bharathkkb please review when you get a chance

[daniel-cit]

This version has many improvements but there are still a few issues to fix

[daniel-cit]

Suggested change

	./istioctl x create-remote-secret \
	istioctl x create-remote-secret \

[bharathkkb]

It maybe valuable to keep ./. If the user has an older version of istioctl in PATH then it may error out with these configs

[daniel-cit]

Suggested change

	./istioctl x create-remote-secret \
	istioctl x create-remote-secret \

[daniel-cit]

is this repo in the CICD_PROJECT_ID ?

[daniel-cit]

I got:

gcloud source repos clone root-config-repo --project ${CICD_PROJECT_ID}
WARNING:          You are using a Google-hosted repository with a
         git version 1.8.3.1
which is older than 2.0.1. If you upgrade
         to 2.0.1 or later, gcloud can handle authentication to
         this repository. Otherwise, to authenticate, use your Google
         account and the password found by running the following command.
          $ gcloud auth print-access-token

and I had to use as user boa-gce-bastion-d-sa@prj-bu1-d-boa-gke-04d8.iam.gserviceaccount.com
and the password generated by gcloud auth print-access-token

[daniel-cit]

failed with

error: failed to create secret namespaces "accounts" not found

It works after fixing

kubectl apply --context=${CTX_2} -f ${HOME}/terraform-example-foundation-app/6-anthos-install/acm-configs/config-management-west.yaml

[daniel-cit]

failed with

error: failed to create secret namespaces "frontend" not found

It works after fixing

kubectl apply --context=${CTX_2} -f ${HOME}/terraform-example-foundation-app/6-anthos-install/acm-configs/config-management-west.yaml

[daniel-cit]

The file ${HOME}/terraform-example-foundation-app/6-anthos-install/db-scripts/populate-ledger-db.yaml does not exist

[daniel-cit]

The file ${HOME}/terraform-example-foundation-app/6-anthos-install/db-scripts/populate-ledger-db.yaml does not exist

[daniel-cit]

the populate script is in the Bank of Anthos repo

cd ${HOME}

git clone https://github.com/GoogleCloudPlatform/bank-of-anthos.git

kubectl apply -n transactions --context ${CTX_1} -f ${HOME}/bank-of-anthos/extras/cloudsql/populate-jobs/populate-ledger-db.yaml

kubectl apply -n transactions --context ${CTX_2} -f ${HOME}/bank-of-anthos/extras/cloudsql/populate-jobs/populate-ledger-db.yaml