Terraform testing alignment

regional/README.md

@@ -33,6 +33,8 @@ No modules.
 | [kubernetes_manifest.istio_gateway_frontendconfig](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
 | [kubernetes_manifest.istio_gateway_managed_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
 | [kubernetes_manifest.istio_service_exports](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_namespace_v1.istio_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
+| [kubernetes_namespace_v1.istio_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
 
 ## Inputs
 
@@ -45,6 +47,7 @@ No modules.
 | <a name="input_gateway_autoscale_min"></a> [gateway\_autoscale\_min](#input\_gateway\_autoscale\_min) | The minimum number of gateway replicas to run | `number` | `1` | no |
 | <a name="input_istio_chart_repository"></a> [istio\_chart\_repository](#input\_istio\_chart\_repository) | The repository to pull the Istio Helm chart from | `string` | `"https://istio-release.storage.googleapis.com/charts"` | no |
 | <a name="input_istio_config_cluster"></a> [istio\_config\_cluster](#input\_istio\_config\_cluster) | Boolean to configure a remote cluster as the config cluster for an external istiod | `bool` | `false` | no |
+| <a name="input_istio_control_plane_clusters"></a> [istio\_control\_plane\_clusters](#input\_istio\_control\_plane\_clusters) | The GKE clusters that will be used as Istio control planes | `string` | `null` | no |
 | <a name="input_istio_external_istiod"></a> [istio\_external\_istiod](#input\_istio\_external\_istiod) | Boolean to configure a remote cluster data plane controlled by an external istiod | `bool` | `false` | no |
 | <a name="input_istio_gateway_cpu_limit"></a> [istio\_gateway\_cpu\_limit](#input\_istio\_gateway\_cpu\_limit) | The CPU limit for the Istio gateway | `string` | `"2000m"` | no |
 | <a name="input_istio_gateway_cpu_request"></a> [istio\_gateway\_cpu\_request](#input\_istio\_gateway\_cpu\_request) | The CPU request for the Istio gateway | `string` | `"100m"` | no |

regional/main.tf

@@ -30,7 +30,7 @@ resource "google_dns_record_set" "istio_gateway" {
 resource "helm_release" "base" {
   chart      = "base"
   name       = "base"
-  namespace  = "istio-system"
+  namespace  = kubernetes_namespace_v1.istio_system.metadata.0.name
   repository = var.istio_chart_repository
 
   values = [
@@ -43,7 +43,7 @@ resource "helm_release" "base" {
 resource "helm_release" "istiod" {
   chart      = "istiod"
   name       = "istiod"
-  namespace  = "istio-system"
+  namespace  = kubernetes_namespace_v1.istio_system.metadata.0.name
   repository = var.istio_chart_repository
 
   set {
@@ -152,7 +152,7 @@ resource "helm_release" "gateway" {
 
   chart      = "gateway"
   name       = "gateway"
-  namespace  = "istio-ingress"
+  namespace  = kubernetes_namespace_v1.istio_ingress[0].metadata.0.name
   repository = var.istio_chart_repository
 
   set {
@@ -224,7 +224,7 @@ resource "kubernetes_ingress_v1" "istio_gateway" {
 
   metadata {
     name      = "istio-gateway"
-    namespace = "istio-ingress"
+    namespace = kubernetes_namespace_v1.istio_ingress[0].metadata.0.name
 
     annotations = {
       "kubernetes.io/ingress.allow-http"            = "false"
@@ -270,7 +270,7 @@ resource "kubernetes_manifest" "istio_gateway_backendconfig" {
     kind       = "BackendConfig"
     metadata = {
       name      = "istio-gateway-backend"
-      namespace = "istio-ingress"
+      namespace = kubernetes_namespace_v1.istio_ingress[0].metadata.0.name
     }
     spec = {
       healthCheck = {
@@ -294,7 +294,7 @@ resource "kubernetes_manifest" "istio_gateway_frontendconfig" {
     kind       = "FrontendConfig"
     metadata = {
       name      = "istio-gateway-frontend"
-      namespace = "istio-ingress"
+      namespace = kubernetes_namespace_v1.istio_ingress[0].metadata.0.name
     }
     spec = {
       sslPolicy = "default"
@@ -313,7 +313,7 @@ resource "kubernetes_manifest" "istio_gateway_managed_certificate" {
     kind       = "ManagedCertificate"
     metadata = {
       name      = "istio-gateway-tls"
-      namespace = "istio-ingress"
+      namespace = kubernetes_namespace_v1.istio_ingress[0].metadata.0.name
     }
     spec = {
       domains = local.istio_gateway_domains
@@ -330,11 +330,36 @@ resource "kubernetes_manifest" "istio_service_exports" {
 
     "metadata" = {
       "name"      = "istiod"
-      "namespace" = "istio-system"
+      "namespace" = kubernetes_namespace_v1.istio_system.metadata.0.name
     }
   }
 
   depends_on = [
     helm_release.istiod
   ]
 }
+
+# Kubernetes Namespace Resource
+# https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1
+
+resource "kubernetes_namespace_v1" "istio_ingress" {
+  count = var.enable_istio_gateway ? 1 : 0
+
+  metadata {
+    labels = {
+      "istio-injection" = "enabled"
+    }
+
+    name = "istio-ingress"
+  }
+}
+
+resource "kubernetes_namespace_v1" "istio_system" {
+  metadata {
+    annotations = var.istio_control_plane_clusters != null ? {
+      "topology.istio.io/controlPlaneClusters" = var.istio_control_plane_clusters
+    } : {}
+
+    name = "istio-system"
+  }
+}

regional/variables.tf

@@ -39,6 +39,12 @@ variable "istio_config_cluster" {
   default     = false
 }
 
+variable "istio_control_plane_clusters" {
+  description = "The GKE clusters that will be used as Istio control planes"
+  type        = string
+  default     = null
+}
+
 variable "istio_external_istiod" {
   description = "Boolean to configure a remote cluster data plane controlled by an external istiod"
   type        = bool

tests/default.tftest.hcl

@@ -6,12 +6,26 @@ mock_provider "terraform" {
   mock_data "terraform_remote_state" {
     defaults = {
       outputs = {
-        istio_gateway_mci_global_address = "35.184.145.227"
+        istio_gateway_mci_global_address = "192.0.2.0" # https://www.rfc-editor.org/rfc/rfc5737#section-3
       }
     }
   }
 }
 
+variables {
+  environment = "mock-enviroment"
+
+  istio_gateway_dns = {
+    "mock-environment.mock-subdomain.mock-domain" = {
+      managed_zone = "mock-environment-mock-subdomain-mock-domain"
+      project      = "mock-dns-project"
+    }
+  }
+
+  project = "mock-project"
+  region  = "mock-region"
+}
+
 run "primary" {
   command = apply
 
@@ -26,6 +40,10 @@ run "primary_regional" {
   module {
     source = "./tests/fixtures/primary/regional"
   }
+  variables {
+    istio_remote_injection_path = "inject/cluster/mock-cluster/net/mock-network"
+    istio_remote_injection_url  = "https://istiod.istio-system.clusterset.local:15017"
+  }
 }
 
 run "remote" {
@@ -42,4 +60,8 @@ run "remote_regional" {
   module {
     source = "./tests/fixtures/remote/regional"
   }
+
+  variables {
+    istio_external_istiod = true
+  }
 }

tests/fixtures/primary/locals.tf

@@ -0,0 +1,12 @@
+# Local Values
+# https://www.terraform.io/docs/language/values/locals.html
+
+locals {
+  labels = {
+    cost-center = "mock-x001"
+    env         = var.environment
+    repository  = "mock-repository"
+    platform    = "mock-platform"
+    team        = "mock-team"
+  }
+}

tests/fixtures/primary/main.tf

@@ -10,31 +10,9 @@ terraform {
 }
 
 module "test" {
-
-  # This module will be consumed using the source address of the github repo and not the "../../../" used in this test.
-  # source = "github.com/osinfra-io/terraform-google-kubernetes//global?ref=v0.0.0"
-
   source = "../../../"
 
-
-  istio_gateway_dns = {
-    "gateway.test.gcp.osinfra.io" = {
-      managed_zone = "test-gcp-osinfra-io"
-      project      = var.dns_project_id
-    }
-
-    "stream-team.test.gcp.osinfra.io" = {
-      managed_zone = "test-gcp-osinfra-io"
-      project      = var.dns_project_id
-    }
-  }
-
-  labels = {
-    cost-center = "x000"
-    env         = "mock"
-    team        = "mock"
-    repository  = "mock"
-  }
-
-  project = var.project
+  istio_gateway_dns = var.istio_gateway_dns
+  labels            = local.labels
+  project           = var.project
 }

tests/fixtures/primary/outputs.tf

@@ -8,7 +8,3 @@ output "istio_gateway_mci_global_address" {
 output "istio_gateway_mci_ssl_certificate_name" {
   value = module.test.istio_gateway_mci_ssl_certificate_name
 }
-
-output "project_id" {
-  value = var.project
-}

tests/fixtures/primary/regional/locals.tf

@@ -2,5 +2,14 @@
 # https://www.terraform.io/language/values/locals
 
 locals {
+  labels = {
+    cost-center = "mock-x001"
+    env         = var.environment
+    repository  = "mock-repository"
+    platform    = "mock-platform"
+    team        = "mock-team"
+  }
+
   regional = data.terraform_remote_state.regional.outputs
+
 }

tests/fixtures/primary/regional/main.tf

@@ -56,43 +56,25 @@ data "google_client_config" "current" {
 
 data "terraform_remote_state" "regional" {
   backend   = "gcs"
-  workspace = "kitchen-terraform-gke-fleet-host-regional-gcp"
+  workspace = "mock-workspace"
 
   config = {
-    bucket = "plt-lz-testing-2c8b-sb"
+    bucket = "mock-bucket"
   }
 }
 
 module "test" {
-
-  # This module will be consumed using the source address of the github repo and not the "../../../" used in this test.
-  # source = "[email protected]:osinfra-io/terraform-google-kubernetes-engine//regional/istio?ref=v0.0.0"
-
-  source                = "../../../../regional"
-  artifact_registry     = "us-docker.pkg.dev/test-default-tf75-sb/test-virtual"
-  cluster_prefix        = "fleet-host"
-  enable_istio_gateway  = true
-  istio_external_istiod = true
-
-  istio_gateway_dns = {
-    "gateway-us-east1-b.test.gcp.osinfra.io" = {
-      managed_zone = "test-gcp-osinfra-io"
-      project      = var.dns_project_id
-    }
-
-    "stream-team-us-east1-b.test.gcp.osinfra.io" = {
-      managed_zone = "test-gcp-osinfra-io"
-      project      = var.dns_project_id
-    }
-  }
-
-  labels = {
-    cost-center = "x000"
-    env         = "mock"
-    team        = "mock"
-    repository  = "mock"
-  }
-
-  project = var.project
-  region  = var.region
+  source = "../../../../regional"
+
+  artifact_registry            = "mock-docker.pkg.dev/mock-project/mock-virtual"
+  cluster_prefix               = "mock"
+  enable_istio_gateway         = true
+  istio_external_istiod        = var.istio_external_istiod
+  istio_control_plane_clusters = var.istio_control_plane_clusters
+  istio_gateway_dns            = var.istio_gateway_dns
+  istio_remote_injection_path  = var.istio_remote_injection_path
+  istio_remote_injection_url   = var.istio_remote_injection_url
+  labels                       = local.labels
+  project                      = var.project
+  region                       = var.region
 }

tests/fixtures/primary/regional/variables.tf

@@ -1,17 +1,41 @@
 # Input Variables
 # https://www.terraform.io/language/values/variables
 
-variable "dns_project_id" {
+variable "environment" {
+  type = string
+}
+
+variable "istio_control_plane_clusters" {
   type    = string
-  default = "test-default-tf75-sb"
+  default = null
 }
 
-variable "project" {
+variable "istio_gateway_dns" {
+  type = map(object({
+    managed_zone = string
+    project      = string
+  }))
+}
+
+variable "istio_external_istiod" {
+  type    = bool
+  default = false
+}
+
+variable "istio_remote_injection_path" {
   type    = string
-  default = "test-gke-fleet-host-tf64-sb"
+  default = "/inject"
 }
 
-variable "region" {
+variable "istio_remote_injection_url" {
   type    = string
-  default = "us-east1"
+  default = ""
+}
+
+variable "project" {
+  type = string
+}
+
+variable "region" {
+  type = string
 }

tests/fixtures/primary/variables.tf

@@ -1,23 +1,17 @@
 # Input Variables
 # https://www.terraform.io/language/values/variables
 
-variable "dns_project_id" {
-  type    = string
-  default = "test-default-tf75-sb"
+variable "environment" {
+  type = string
 }
 
-variable "google_service_account" {
-  type    = string
-  default = "plt-lz-testing-github@ptl-lz-terraform-tf91-sb.iam.gserviceaccount.com"
-}
-
-variable "istio_gateway_domain" {
-  description = "The top level domain for the Istio gateway"
-  type        = string
-  default     = "test.gcp.osinfra.io"
+variable "istio_gateway_dns" {
+  type = map(object({
+    managed_zone = string
+    project      = string
+  }))
 }
 
 variable "project" {
-  type    = string
-  default = "test-gke-fleet-host-tf64-sb"
+  type = string
 }