Exemples de conversions DM Convert

Les exemples suivants illustrent les conversions complètes de bout en bout des déploiements existants à l'aide de DM Convert.

Modèle de ressource Kubernetes (KRM) et Config Connector

La définition Cloud Build suivante est un exemple complet de bout en bout qui montre la conversion d'un déploiement existant vers KRM, l'acquisition de ressources via Config Connector et l'abandon du déploiement de Deployment Manager.

Pour commencer, exécutez la commande suivante :

gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/container.developer

gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/deploymentmanager.editor

Enregistrez la définition Cloud Build dans cloudbuild.yaml :

steps:
# Retrieve the DM configuration from the existing deployment
# and back it up as a build artifact in case we want to access it later
- id: '[FETCH_DM_CONFIG]'
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: 'sh'
  args:
  - '-c'
  - |
      # Fetch the latest manifest for the given deployment
      MANIFEST_NAME=$(gcloud deployment-manager deployments describe ${_DEPLOYMENT_NAME} \
        --project $PROJECT_ID --format="value(deployment.manifest)" |\
        grep -oEi "manifest-[0-9]+")
      # Fetch the expanded config for the given manifest and save
      # it to /workdir/${_DEPLOYMENT_NAME}.yaml
      gcloud deployment-manager manifests describe $$MANIFEST_NAME \
        --deployment ${_DEPLOYMENT_NAME} --project $PROJECT_ID \
        --format="value(expandedConfig)" > ${_DEPLOYMENT_NAME}.yaml

- id: '[CONVERT_DM_CONFIG]'
  name: 'us-central1-docker.pkg.dev/dm-convert-host/deployment-manager/dm-convert:public-preview'
  args: ['--config', '${_DEPLOYMENT_NAME}.yaml',
         '--project_id', '$PROJECT_ID',
          '--project_number', '$PROJECT_NUMBER',
          '--output_format', 'KRM',
          '--output_file', '${_DEPLOYMENT_NAME}-krm.yaml',
          '--deployment_name', '${_DEPLOYMENT_NAME}']

# Apply ${_DEPLOYMENT_NAME}-krm.yaml using Config Connector
# Alternatively, you can fetch the converted KRM files from
# ${_CONFIG_STORAGE_BUCKET} and run `kubectl apply -f` on it.
- id: '[APPLY_USING_CONFIG_CONNECTOR]'
  name: 'gcr.io/cloud-builders/kubectl'
  args:
  - '--namespace'
  - '${_KUBECTL_NAMESPACE}'
  - 'apply'
  - '-f'
  - '${_DEPLOYMENT_NAME}-krm.yaml'
  env:
  - 'CLOUDSDK_COMPUTE_REGION=${_CLUSTER_REGION}'
  - 'CLOUDSDK_COMPUTE_ZONE=${_CLUSTER_ZONE}'
  - 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}'

- id: '[WAIT_FOR_RESOURCES]'
  name: 'gcr.io/cloud-builders/kubectl'
  args:
  - '--namespace'
  - '${_KUBECTL_NAMESPACE}'
  - 'wait'
  - '--for=condition=Ready'
  - '--timeout=5m'
  - '-f'
  - '${_DEPLOYMENT_NAME}-krm.yaml'
  env:
  - 'CLOUDSDK_COMPUTE_REGION=${_CLUSTER_REGION}'
  - 'CLOUDSDK_COMPUTE_ZONE=${_CLUSTER_ZONE}'
  - 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}'

# Lastly, let's abandon the DM deployment to allow Config Connector to
# manage it moving forward
- id: '[ABANDON_DM_DEPLOYMENT]'
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: 'sh'
  args:
  - '-c'
  - gcloud deployment-manager deployments delete ${_DEPLOYMENT_NAME} --delete-policy=ABANDON -q

# Store the fetched DM manifest and converted KRM configuration
artifacts:
  objects:
    location: '${_BUCKET_URI}'
    paths: ['${_DEPLOYMENT_NAME}.yaml', '${_DEPLOYMENT_NAME}-krm.yaml']

substitutions:
  # Deployment Manager deployment name
  _DEPLOYMENT_NAME: ''
  # Region of the cluster, if the cluster is regional
  _CLUSTER_REGION: ''
  # Zone of the cluster, if the cluster is zonal
  _CLUSTER_ZONE: ''
  _CLUSTER_NAME: ''
  _KUBECTL_NAMESPACE: ''

Pour appeler cet exemple, exécutez l'une des commandes suivantes :

# If the GKE cluster is regional:
gcloud builds submit . --substitutions=_DEPLOYMENT_NAME=my-deployment,_BUCKET_URI=$BUCKET_URI,_KUBECTL_NAMESPACE=cnrm-system,_CLUSTER_REGION=us-west1,_CLUSTER_NAME=kcc-cluster

# If the GKE cluster is zonal:
gcloud builds submit . --substitutions=_DEPLOYMENT_NAME=my-deployment,_BUCKET_URI=$BUCKET_URI,_KUBECTL_NAMESPACE=cnrm-system,_CLUSTER_ZONE=us-west1-b,_CLUSTER_NAME=kcc-cluster

Terraform

La définition Cloud Build suivante est un exemple complet de bout en bout de la conversion d'un déploiement existant vers Terraform, de l'abandon du déploiement de Deployment Manager et du provisionnement des ressources via Terraform.

Pour commencer, exécutez la commande suivante :

gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/container.developer

gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/deploymentmanager.editor

Enregistrez la définition Cloud Build suivante dans cloudbuild.yaml :

steps:
# Retrieve the DM configuration from the existing deployment
# and back it up as a build artifact in case we want to access it later
- id: '[FETCH_DM_CONFIG]'
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: 'sh'
  args:
  - '-c'
  - |
      # Fetch the latest manifest for the given deployment
      MANIFEST_NAME=$(gcloud deployment-manager deployments describe ${_DEPLOYMENT_NAME} \
        --project $PROJECT_ID --format="value(deployment.manifest)" |\
        grep -oEi "manifest-[0-9]+")
      # Fetch the expanded config for the given manifest and save
      # it to /workdir/${_DEPLOYMENT_NAME}.yaml
      gcloud deployment-manager manifests describe $$MANIFEST_NAME \
        --deployment ${_DEPLOYMENT_NAME} --project $PROJECT_ID \
        --format="value(expandedConfig)" > ${_DEPLOYMENT_NAME}.yaml

- id: '[CONVERT_DM_CONFIG]'
  name: 'us-central1-docker.pkg.dev/dm-convert-host/deployment-manager/dm-convert:public-preview'
  args: ['--config', '${_DEPLOYMENT_NAME}.yaml',
         '--project_id', '$PROJECT_ID',
          '--project_number', '$PROJECT_NUMBER',
          '--output_format', 'TF',
          '--output_file', '${_DEPLOYMENT_NAME}.tf',
          '--deployment_name', '${_DEPLOYMENT_NAME}']

# Delete the DM deployment to allow Terraform to manage it moving forward
- id: '[ABANDON_DM_DEPLOYMENT]'
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: 'sh'
  args:
  - '-c'
  - |
      gcloud deployment-manager deployments delete ${_DEPLOYMENT_NAME} -q

# Apply ${_DEPLOYMENT_NAME}.yaml using Terraform
- id: '[APPLY_USING_TERRAFORM]'
  name: 'hashicorp/terraform'
  entrypoint: 'sh'
  args:
  - '-c'
  - |
      echo "*************** TERRAFORM INIT ******************"
      terraform init
      echo "*************** TERRAFORM APPLY ******************"
      terraform apply --auto-approve

# Store the fetched DM manifest and converted TF configuration
artifacts:
  objects:
    location: '${_BUCKET_URI}'
    paths: ['${_DEPLOYMENT_NAME}.yaml', '${_DEPLOYMENT_NAME}.tf']

Exécutez ensuite la commande suivante :

gcloud builds submit . --substitutions=_DEPLOYMENT_NAME=my-deployment,_BUCKET_URI=$BUCKET_URI