Merge branch 'main' into abm-tf-user-cluster-sample-mlb

.github/auto-approve.yml

@@ -0,0 +1,23 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# https://github.com/googleapis/repo-automation-bots/tree/main/packages/auto-approve
+processes:
+  - "PythonDependency"
+  - "PythonSampleAppDependency"
+  - "JavaDependency"
+  - "JavaSampleAppDependency"
+  - "GoDependency"
+  - "NodeDependency"
+  - "DockerDependency"

.github/workflows/scorecards-analysis.yml

@@ -36,12 +36,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
+        uses: actions/checkout@96f53100ba2a5449eb71d2e6604bbcd94b9449b5
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af
+        uses: ossf/scorecard-action@fc268b13a8e514322ba05e124eb75f88ac3a1b51
         with:
           results_file: results.sarif
           results_format: sarif
@@ -64,6 +64,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@bb28e7e59e2ad6c1e5400e671795b2fa1b2fca6f
+        uses: github/codeql-action/upload-sarif@d0dd7d77b4e5a2ac9284ddbc45e6eeb88fbd961a
         with:
           sarif_file: results.sarif

CODEOWNERS

@@ -3,12 +3,13 @@
 
 # These owners will be the default owners for everything in
 # the repo. Unless a later match takes precedence.
-*                                 @GoogleCloudPlatform/anthos-dpe
+*                                 @GoogleCloudPlatform/anthos-dpe @yoshi-approver
 
 # The samples specific to observability and monitoring should be reviewed by
 # the Onyx GKE Observability team (go/onyx-observability)
-/aws-logging-monitoring/          @GoogleCloudPlatform/onyx-gke-observability
-/attached-logging-monitoring/     @GoogleCloudPlatform/onyx-gke-observability
-/anthos-multi-cloud/		  @GoogleCloudPlatform/anthos-multicloud
-/anthos-bm-utils/		  @GoogleCloudPlatform/anthos-baremetal-eng
-/anthos-bm-apigee/		  @GoogleCloudPlatform/app-mod-customer-engineers
+/aws-logging-monitoring/          @GoogleCloudPlatform/onyx-gke-observability @yoshi-approver
+/attached-logging-monitoring/     @GoogleCloudPlatform/onyx-gke-observability @yoshi-approver
+/gmp-grafana-dashboards/          @GoogleCloudPlatform/onyx-gke-observability @yoshi-approver
+/anthos-multi-cloud/		  @GoogleCloudPlatform/anthos-multicloud @yoshi-approver
+/anthos-bm-utils/		  @GoogleCloudPlatform/anthos-baremetal-eng @yoshi-approver
+/anthos-bm-apigee/		  @GoogleCloudPlatform/app-mod-customer-engineers @yoshi-approver

anthos-bm-gcp-bash/docs/hybrid.md

@@ -32,6 +32,8 @@ explanation of all the steps included in this script.
     ```sh
     export PROJECT_ID=<GCP_PROJECT_TO_USE>
     export ZONE=<GCP_ZONE_TO_USE>
+    export CLUSTER_NAME=<CLUSTER_NAME>
+    export BMCTL_VERSION=<BMCTL_VERSERION>
     ```
 
 3. Run the installation script.
@@ -73,7 +75,7 @@ explanation of all the steps included in this script.
 
     + export PROJECT_ID=abm-test-project
     + PROJECT_ID=abm-test-project
-    + export clusterid=cluster-1
+    + export CLUSTER_NAME=cluster-1
     + clusterid=cluster-1
     + bmctl create config -c cluster-1
     [2022-10-04 19:09:08+0000] Created config: bmctl-workspace/cluster-1/cluster-1.yaml

anthos-bm-gcp-bash/install_admin_cluster.sh

@@ -44,6 +44,50 @@ fi
 
 printf "\n✅ Using Project [%s], Zone [%s], Cluster name [%s] and Anthos bare metal version [%s].\n\n" "$PROJECT_ID" "$ZONE" "$ADMIN_CLUSTER_NAME" "$BMCTL_VERSION"
 
+# --------------------------------------------------------------
+# This section checks what portions of the script the user wants
+# to execute. The script does two things. (1) Set up the GCE
+# infrastrcuture where the Anthos bare metal cluster will be
+# installed and (2) Install the Anthos bare metal cluster. Thus,
+# in this section we provide the user with the option to do run
+# everything or to only one of these two things.
+# --------------------------------------------------------------
+
+RUN_ALL="All-(Setup-and-Install)"
+SETUP_ONLY="Setup-Only"
+QUIT="Quit"
+
+PS3=$'\n''Please select an installation mode: '
+options=("$RUN_ALL" "$SETUP_ONLY" "$QUIT")
+select OPT in "${options[@]}"
+do
+  case $OPT in
+    "$RUN_ALL")
+      printf "\nYou chose '%s'." "$OPT"
+      printf "This will setup the GCE infrastructure and create an Anthos bare metal admin cluster."
+      break;;
+    "$SETUP_ONLY")
+      printf "\nYou chose '%s'." "$OPT"
+      printf "This will only set up the GCE infrastructure; Anthos bare metal cluster creation will be skipped."
+      break;;
+    "$QUIT")
+      printf "Exiting..."
+      exit 0;;
+    *)
+      printf "Invalid option %s" "$REPLY";;
+  esac
+done
+
+while true; do
+  read -rp $'\n'"Please confirm selection. (Use 'Y' or 'y for Yes and 'N' or 'n' for No) " yn
+  case $yn in
+      [Yy]* ) break;;
+      [Nn]* ) exit 1;;
+      * ) echo "invalid input";;
+  esac
+done
+# --------------------------------------------------------------
+
 # create the GCP Service Account to be used by Anthos on bare metal
 printf "🔄 Creating Service Account and Service Account key...\n"
 # [START anthos_bm_gcp_bash_admin_create_sa]
@@ -148,7 +192,7 @@ do
       --machine-type "$MACHINE_TYPE" \
       --metadata "cluster_id=${ADMIN_CLUSTER_NAME},bmctl_version=${BMCTL_VERSION}"
     IP=$(gcloud compute instances describe "$vm" --zone "${ZONE}" \
-         --format='get(networkInterfaces[0].networkIP)')
+        --format='get(networkInterfaces[0].networkIP)')
     IPs+=("$IP")
 done
 # [END anthos_bm_gcp_bash_admin_create_vm]
@@ -175,21 +219,20 @@ printf "🔄 Setting up VxLAN in the GCE VMs...\n"
 i=2 # We start from 10.200.0.2/24
 for vm in "${VMs[@]}"
 do
-    gcloud compute ssh root@"$vm" --zone "${ZONE}" << EOF
-        apt-get -qq update > /dev/null
-        apt-get -qq install -y jq > /dev/null
-        set -x
-        ip link add vxlan0 type vxlan id 42 dev ens4 dstport 0
-        current_ip=\$(ip --json a show dev ens4 | jq '.[0].addr_info[0].local' -r)
-        printf "VM IP address is: \$current_ip"
-        for ip in ${IPs[@]}; do
-            if [ "\$ip" != "\$current_ip" ]; then
-                bridge fdb append to 00:00:00:00:00:00 dst \$ip dev vxlan0
-            fi
-        done
-        ip addr add 10.200.0.$i/24 dev vxlan0
-        ip link set up dev vxlan0
-
+gcloud compute ssh root@"$vm" --zone "${ZONE}" << EOF
+    apt-get -qq update > /dev/null
+    apt-get -qq install -y jq > /dev/null
+    set -x
+    ip link add vxlan0 type vxlan id 42 dev ens4 dstport 0
+    current_ip=\$(ip --json a show dev ens4 | jq '.[0].addr_info[0].local' -r)
+    printf "VM IP address is: \$current_ip"
+    for ip in ${IPs[@]}; do
+        if [ "\$ip" != "\$current_ip" ]; then
+            bridge fdb append to 00:00:00:00:00:00 dst \$ip dev vxlan0
+        fi
+    done
+    ip addr add 10.200.0.$i/24 dev vxlan0
+    ip link set up dev vxlan0
 EOF
     i=$((i+1))
 done
@@ -242,10 +285,13 @@ EOF
 # [END anthos_bm_gcp_bash_admin_add_ssh_keys]
 printf "✅ Successfully set up SSH access from admin workstation to cluster node VMs.\n\n"
 
-# initiate Anthos on bare metal installation from the admin workstation
-printf "🔄 Installing Anthos on bare metal...\n"
-# [START anthos_bm_gcp_bash_admin_install_abm]
-gcloud compute ssh root@$VM_WS --zone "${ZONE}" <<EOF
+
+if [[ "$OPT" == "$RUN_ALL" ]];
+then
+  # initiate Anthos on bare metal installation from the admin workstation
+  printf "🔄 Installing Anthos on bare metal...\n"
+  # [START anthos_bm_gcp_bash_admin_install_abm]
+  gcloud compute ssh root@"$VM_WS" --zone "${ZONE}" <<EOF
 set -x
 export PROJECT_ID=\$(gcloud config get-value project)
 ADMIN_CLUSTER_NAME=\$(curl http://metadata.google.internal/computeMetadata/v1/instance/attributes/cluster_id -H "Metadata-Flavor: Google")
@@ -313,17 +359,34 @@ EOB
 
 bmctl create cluster -c \$ADMIN_CLUSTER_NAME
 EOF
-# [END anthos_bm_gcp_bash_admin_install_abm]
-
-# [START anthos_bm_gcp_bash_admin_gce_info]
-printf "✅ Installation complete. Please check the logs for any errors!!!\n\n"
-printf "✅ If you do not see any errors in the output log, then you now have the following setup:\n\n"
-printf "|---------------------------------------------------------------------------------------------------------|\n"
-printf "| VM Name               | L2 Network IP (VxLAN) | INFO                                                    |\n"
-printf "|---------------------------------------------------------------------------------------------------------|\n"
-printf "| abm-admin-cluster-cp  | 10.200.0.3            | Has control plane of admin cluster running inside       |\n"
-printf "| abm-user-cluster-cp   | 10.200.0.4            | 🌟 Ready for use as control plane for the user cluster  |\n"
-printf "| abm-user-cluster-w1   | 10.200.0.5            | 🌟 Ready for use as worker for the user cluster         |\n"
-printf "| abm-user-cluster-w2   | 10.200.0.6            | 🌟 Ready for use as worker for the user cluster         |\n"
-printf "|---------------------------------------------------------------------------------------------------------|\n\n"
-# [END anthos_bm_gcp_bash_admin_gce_info]
+  # [END anthos_bm_gcp_bash_admin_install_abm]
+fi
+
+if [[ "$OPT" == "$SETUP_ONLY" ]];
+then
+  # [START anthos_bm_gcp_bash_admin_gce_info_setup_only]
+  printf "✅ GCE Infrastructure setup complete. Please check the logs for any errors!!!\n\n"
+  printf "✅ If you do not see any errors in the output log, then you now have the following setup:\n\n"
+  printf "|---------------------------------------------------------------------------------------------------------|\n"
+  printf "| VM Name               | L2 Network IP (VxLAN) | INFO                                                    |\n"
+  printf "|---------------------------------------------------------------------------------------------------------|\n"
+  printf "| abm-admin-cluster-cp  | 10.200.0.3            | 🌟 Ready for use as control plane for the admin cluster |\n"
+  printf "| abm-user-cluster-cp   | 10.200.0.4            | 🌟 Ready for use as control plane for the user cluster  |\n"
+  printf "| abm-user-cluster-w1   | 10.200.0.5            | 🌟 Ready for use as worker for the user cluster         |\n"
+  printf "| abm-user-cluster-w2   | 10.200.0.6            | 🌟 Ready for use as worker for the user cluster         |\n"
+  printf "|---------------------------------------------------------------------------------------------------------|\n\n"
+  # [END anthos_bm_gcp_bash_admin_gce_info_setup_only]
+else
+  # [START anthos_bm_gcp_bash_admin_gce_info]
+  printf "✅ Installation complete. Please check the logs for any errors!!!\n\n"
+  printf "✅ If you do not see any errors in the output log, then you now have the following setup:\n\n"
+  printf "|---------------------------------------------------------------------------------------------------------|\n"
+  printf "| VM Name               | L2 Network IP (VxLAN) | INFO                                                    |\n"
+  printf "|---------------------------------------------------------------------------------------------------------|\n"
+  printf "| abm-admin-cluster-cp  | 10.200.0.3            | Has control plane of admin cluster running inside       |\n"
+  printf "| abm-user-cluster-cp   | 10.200.0.4            | 🌟 Ready for use as control plane for the user cluster  |\n"
+  printf "| abm-user-cluster-w1   | 10.200.0.5            | 🌟 Ready for use as worker for the user cluster         |\n"
+  printf "| abm-user-cluster-w2   | 10.200.0.6            | 🌟 Ready for use as worker for the user cluster         |\n"
+  printf "|---------------------------------------------------------------------------------------------------------|\n\n"
+  # [END anthos_bm_gcp_bash_admin_gce_info]
+fi

anthos-bm-gcp-terraform/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## [0.15.1](https://github.com/GoogleCloudPlatform/anthos-samples/compare/v0.15.0...v0.15.1) (2023-07-27)
+
+
+### Bug Fixes
+
+* **deps:** update module github.com/stretchr/testify to v1.8.4 ([#628](https://github.com/GoogleCloudPlatform/anthos-samples/issues/628)) ([df5cdc2](https://github.com/GoogleCloudPlatform/anthos-samples/commit/df5cdc2450de2719fec854d64dda5ec11799ea2b))
+
+## [0.15.0](https://github.com/GoogleCloudPlatform/anthos-samples/compare/v0.14.0...v0.15.0) (2023-06-29)
+
+
+### Features
+
+* add user cluster create with terraform sample (metallb) ([#593](https://github.com/GoogleCloudPlatform/anthos-samples/issues/593)) ([eecb1da](https://github.com/GoogleCloudPlatform/anthos-samples/commit/eecb1da249ac6a2deab32402137c4421714ab6d7))
+
 ## [0.14.0](https://github.com/GoogleCloudPlatform/anthos-samples/compare/v0.13.1...v0.14.0) (2023-02-08)
 
 

anthos-bm-gcp-terraform/test/go.mod

@@ -5,7 +5,7 @@ go 1.19
 require (
 	github.com/gruntwork-io/terratest v0.41.10
 	github.com/icrowley/fake v0.0.0-20221112152111-d7b7e2276db2
-	github.com/stretchr/testify v1.8.1
+	github.com/stretchr/testify v1.8.4
 	gopkg.in/yaml.v2 v2.4.0
 )
 
@@ -27,7 +27,7 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/cli v20.10.7+incompatible // indirect
 	github.com/docker/distribution v2.8.0+incompatible // indirect
-	github.com/docker/docker v20.10.7+incompatible // indirect
+	github.com/docker/docker v20.10.24+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.6.3 // indirect
 	github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c // indirect
 	github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect

anthos-bm-gcp-terraform/test/go.sum

@@ -419,8 +419,9 @@ github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.8.0+incompatible h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY=
 github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.7+incompatible h1:Z6O9Nhsjv+ayUEeI1IojKbYcsGdgYSNqxe1s2MYzUhQ=
 github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.24+incompatible h1:Ugvxm7a8+Gz6vqQYQQ2W7GYq5EUPaAiuPgIfVyI3dYE=
+github.com/docker/docker v20.10.24+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.3 h1:zI2p9+1NQYdnG6sMU26EX4aVGlqbInSQxQXLvzJ4RPQ=
 github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
@@ -932,6 +933,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=

anthos-bm-gcp-terraform/versions.tf

@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= v0.15.5, < 1.4" # this line should not change during a release
+  required_version = ">= v0.15.1, < 1.4" # this line should not change during a release
   required_providers {
     google = {
       source  = "hashicorp/google"
@@ -28,7 +28,7 @@ terraform {
   }
 
   provider_meta "google" {
-    module_name = "anthos-samples/terraform/anthos-bm-terraform:gce/v0.14.0"
+    module_name = "anthos-samples/terraform/anthos-bm-terraform:gce/v0.15.1"
   }
 }
 

anthos-multi-cloud/AWS/modules/iam/main.tf

@@ -60,6 +60,8 @@ data "aws_iam_policy_document" "api_policy_document" {
       "autoscaling:DeleteAutoScalingGroup",
       "autoscaling:DeleteTags",
       "autoscaling:DescribeAutoScalingGroups",
+      "autoscaling:DisableMetricsCollection",
+      "autoscaling:EnableMetricsCollection",
       "autoscaling:TerminateInstanceInAutoScalingGroup",
       "autoscaling:UpdateAutoScalingGroup",
       "ec2:AuthorizeSecurityGroupEgress",
@@ -72,11 +74,15 @@ data "aws_iam_policy_document" "api_policy_document" {
       "ec2:DeleteLaunchTemplate",
       "ec2:DeleteNetworkInterface",
       "ec2:DeleteSecurityGroup",
+      "ec2:DeleteTags",
       "ec2:DeleteVolume",
       "ec2:DescribeAccountAttributes",
+      "ec2:DescribeInstances",
       "ec2:DescribeInternetGateways",
       "ec2:DescribeKeyPairs",
+      "ec2:DescribeLaunchTemplates",
       "ec2:DescribeNetworkInterfaces",
+      "ec2:DescribeSecurityGroupRules",
       "ec2:DescribeSecurityGroups",
       "ec2:DescribeSubnets",
       "ec2:DescribeVpcs",

anthos-onprem-terraform/README.md

@@ -13,8 +13,8 @@ For more information, see the reference documentation for each resource.
 
 | Type             | Sample _(by loadbalancer type)_                  | Terraform resources | 
 | ---------------- | ----------------------------------------------   | ------------------- |
-| **user** cluster | Bundled [MetalLB](./abm_user_cluster_metallb/)   | [google_gkeonprem_bare_metal_cluster](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/gkeonprem_bare_metal_cluster) </br> [google_gkeonprem_vmware_node_pool](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/gkeonprem_vmware_node_pool) | 
-| **user** cluster | Bundled [ManualLB](./abm_user_cluster_manuallb/) | [google_gkeonprem_bare_metal_cluster](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/gkeonprem_bare_metal_cluster) </br> [google_gkeonprem_vmware_node_pool](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/gkeonprem_vmware_node_pool) | 
+| **user** cluster | Bundled [MetalLB](./abm_user_cluster_metallb/)   | [google_gkeonprem_bare_metal_cluster](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/gkeonprem_bare_metal_cluster) </br> [google_gkeonprem_bare_metal_node_pool](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/gkeonprem_bare_metal_node_pool) | 
+| **user** cluster | [ManualLB](./abm_user_cluster_manuallb/)         | [google_gkeonprem_bare_metal_cluster](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/gkeonprem_bare_metal_cluster) </br> [google_gkeonprem_bare_metal_node_pool](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/gkeonprem_bare_metal_node_pool) | 
 
 ---