Sample DM Convert conversions

The following samples show complete, end-to-end conversions of existing deployments using DM Convert.

Kubernetes Resource Model (KRM) and Config Connector

The following Cloud Build definition is a complete end-to-end example that shows the conversion of an existing deployment to KRM, the acquisition of resources through Config Connector, and the abandonment of the Deployment Manager deployment.

To begin, run the following command:

gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/container.developer

gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/deploymentmanager.editor

Save the Cloud Build definition to cloudbuild.yaml:

steps:
# Retrieve the DM configuration from the existing deployment
# and back it up as a build artifact in case we want to access it later
- id: '[FETCH_DM_CONFIG]'
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: 'sh'
  args: 
  - '-c'
  - |
      # Fetch the latest manifest for the given deployment
      MANIFEST_NAME=$(gcloud deployment-manager deployments describe ${_DEPLOYMENT_NAME} \
        --project $PROJECT_ID --format="value(deployment.manifest)" |\
        grep -oEi "manifest-[0-9]+")
      # Fetch the expanded config for the given manifest and save
      # it to /workdir/${_DEPLOYMENT_NAME}.yaml
      gcloud deployment-manager manifests describe $$MANIFEST_NAME \
        --deployment ${_DEPLOYMENT_NAME} --project $PROJECT_ID \
        --format="value(expandedConfig)" > ${_DEPLOYMENT_NAME}.yaml

- id: '[CONVERT_DM_CONFIG]'
  name: 'us-central1-docker.pkg.dev/dm-convert-host/deployment-manager/dm-convert:public-preview'
  args: ['--config', '${_DEPLOYMENT_NAME}.yaml',
         '--project_id', '$PROJECT_ID',
          '--project_number', '$PROJECT_NUMBER',
          '--output_format', 'KRM',
          '--output_file', '${_DEPLOYMENT_NAME}-krm.yaml',
          '--deployment_name', '${_DEPLOYMENT_NAME}']

# Apply ${_DEPLOYMENT_NAME}-krm.yaml using Config Connector
# Alternatively, you can fetch the converted KRM files from
# ${_CONFIG_STORAGE_BUCKET} and run `kubectl apply -f` on it.
- id: '[APPLY_USING_CONFIG_CONNECTOR]'
  name: 'gcr.io/cloud-builders/kubectl'
  args:
  - '--namespace'
  - '${_KUBECTL_NAMESPACE}'
  - 'apply'
  - '-f'
  - '${_DEPLOYMENT_NAME}-krm.yaml'
  env:
  - 'CLOUDSDK_COMPUTE_REGION=${_CLUSTER_REGION}'
  - 'CLOUDSDK_COMPUTE_ZONE=${_CLUSTER_ZONE}'
  - 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}'

- id: '[WAIT_FOR_RESOURCES]'
  name: 'gcr.io/cloud-builders/kubectl'
  args:
  - '--namespace'
  - '${_KUBECTL_NAMESPACE}'
  - 'wait'
  - '--for=condition=Ready'
  - '--timeout=5m'
  - '-f'
  - '${_DEPLOYMENT_NAME}-krm.yaml'
  env:
  - 'CLOUDSDK_COMPUTE_REGION=${_CLUSTER_REGION}'
  - 'CLOUDSDK_COMPUTE_ZONE=${_CLUSTER_ZONE}'
  - 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}'

# Lastly, let's abandon the DM deployment to allow Config Connector to
# manage it moving forward
- id: '[ABANDON_DM_DEPLOYMENT]'
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: 'sh'
  args: 
  - '-c'
  - gcloud deployment-manager deployments delete ${_DEPLOYMENT_NAME} --delete-policy=ABANDON -q

# Store the fetched DM manifest and converted KRM configuration
artifacts:
  objects:
    location: '${_BUCKET_URI}'
    paths: ['${_DEPLOYMENT_NAME}.yaml', '${_DEPLOYMENT_NAME}-krm.yaml']

substitutions:
  # Deployment Manager deployment name
  _DEPLOYMENT_NAME: ''
  # Region of the cluster, if the cluster is regional
  _CLUSTER_REGION: ''
  # Zone of the cluster, if the cluster is zonal
  _CLUSTER_ZONE: ''
  _CLUSTER_NAME: ''
  _KUBECTL_NAMESPACE: ''

To invoke this sample, run one of the following commands:

# If the GKE cluster is regional:
gcloud builds submit . --substitutions=_DEPLOYMENT_NAME=my-deployment,_BUCKET_URI=$BUCKET_URI,_KUBECTL_NAMESPACE=cnrm-system,_CLUSTER_REGION=us-west1,_CLUSTER_NAME=kcc-cluster

# If the GKE cluster is zonal:
gcloud builds submit . --substitutions=_DEPLOYMENT_NAME=my-deployment,_BUCKET_URI=$BUCKET_URI,_KUBECTL_NAMESPACE=cnrm-system,_CLUSTER_ZONE=us-west1-b,_CLUSTER_NAME=kcc-cluster

Terraform

The following Cloud Build definition is a complete, end-to-end example of the conversion of an existing deployment to Terraform, the abandonment of the Deployment Manager deployment, and the provisioning of resources through Terraform.

To begin, run the following command:

gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/container.developer

gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/deploymentmanager.editor

Save the following Cloud Build definition to cloudbuild.yaml:

steps:
# Retrieve the DM configuration from the existing deployment
# and back it up as a build artifact in case we want to access it later
- id: '[FETCH_DM_CONFIG]'
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: 'sh'
  args:
  - '-c'
  - |
      # Fetch the latest manifest for the given deployment
      MANIFEST_NAME=$(gcloud deployment-manager deployments describe ${_DEPLOYMENT_NAME} \
        --project $PROJECT_ID --format="value(deployment.manifest)" |\
        grep -oEi "manifest-[0-9]+")
      # Fetch the expanded config for the given manifest and save
      # it to /workdir/${_DEPLOYMENT_NAME}.yaml
      gcloud deployment-manager manifests describe $$MANIFEST_NAME \
        --deployment ${_DEPLOYMENT_NAME} --project $PROJECT_ID \
        --format="value(expandedConfig)" > ${_DEPLOYMENT_NAME}.yaml

- id: '[CONVERT_DM_CONFIG]'
  name: 'us-central1-docker.pkg.dev/dm-convert-host/deployment-manager/dm-convert:public-preview'
  args: ['--config', '${_DEPLOYMENT_NAME}.yaml',
         '--project_id', '$PROJECT_ID',
          '--project_number', '$PROJECT_NUMBER',
          '--output_format', 'TF',
          '--output_file', '${_DEPLOYMENT_NAME}.tf',
          '--deployment_name', '${_DEPLOYMENT_NAME}']

# Delete the DM deployment to allow Terraform to manage it moving forward
- id: '[ABANDON_DM_DEPLOYMENT]'
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: 'sh'
  args:
  - '-c'
  - |
      gcloud deployment-manager deployments delete ${_DEPLOYMENT_NAME} -q

# Apply ${_DEPLOYMENT_NAME}.yaml using Terraform
- id: '[APPLY_USING_TERRAFORM]'
  name: 'hashicorp/terraform'
  entrypoint: 'sh'
  args:
  - '-c'
  - |
      echo "*************** TERRAFORM INIT ******************"
      terraform init
      echo "*************** TERRAFORM APPLY ******************"
      terraform apply --auto-approve

# Store the fetched DM manifest and converted TF configuration
artifacts:
  objects:
    location: '${_BUCKET_URI}'
    paths: ['${_DEPLOYMENT_NAME}.yaml', '${_DEPLOYMENT_NAME}.tf']

Then, run the following command:

gcloud builds submit . --substitutions=_DEPLOYMENT_NAME=my-deployment,_BUCKET_URI=$BUCKET_URI