Exemplo de conversões da DM Convert

Os exemplos a seguir mostram conversões completas de todas as implantações atuais usando a DM Convert.

Modelo de recursos do Kubernetes (KRM) e Config Connector

A definição do Cloud Build a seguir é um exemplo completo que mostra a conversão de uma implantação atual para o KRM, a aquisição de recursos por meio do Config Connector e o abandono da implantação do Deployment Manager.

Para começar, execute este comando:

gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/container.developer

gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/deploymentmanager.editor

Salve a definição do Cloud Build em cloudbuild.yaml:

steps:
# Retrieve the DM configuration from the existing deployment
# and back it up as a build artifact in case we want to access it later
- id: '[FETCH_DM_CONFIG]'
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: 'sh'
  args:
  - '-c'
  - |
      # Fetch the latest manifest for the given deployment
      MANIFEST_NAME=$(gcloud deployment-manager deployments describe ${_DEPLOYMENT_NAME} \
        --project $PROJECT_ID --format="value(deployment.manifest)" |\
        grep -oEi "manifest-[0-9]+")
      # Fetch the expanded config for the given manifest and save
      # it to /workdir/${_DEPLOYMENT_NAME}.yaml
      gcloud deployment-manager manifests describe $$MANIFEST_NAME \
        --deployment ${_DEPLOYMENT_NAME} --project $PROJECT_ID \
        --format="value(expandedConfig)" > ${_DEPLOYMENT_NAME}.yaml

- id: '[CONVERT_DM_CONFIG]'
  name: 'us-central1-docker.pkg.dev/dm-convert-host/deployment-manager/dm-convert:public-preview'
  args: ['--config', '${_DEPLOYMENT_NAME}.yaml',
         '--project_id', '$PROJECT_ID',
          '--project_number', '$PROJECT_NUMBER',
          '--output_format', 'KRM',
          '--output_file', '${_DEPLOYMENT_NAME}-krm.yaml',
          '--deployment_name', '${_DEPLOYMENT_NAME}']

# Apply ${_DEPLOYMENT_NAME}-krm.yaml using Config Connector
# Alternatively, you can fetch the converted KRM files from
# ${_CONFIG_STORAGE_BUCKET} and run `kubectl apply -f` on it.
- id: '[APPLY_USING_CONFIG_CONNECTOR]'
  name: 'gcr.io/cloud-builders/kubectl'
  args:
  - '--namespace'
  - '${_KUBECTL_NAMESPACE}'
  - 'apply'
  - '-f'
  - '${_DEPLOYMENT_NAME}-krm.yaml'
  env:
  - 'CLOUDSDK_COMPUTE_REGION=${_CLUSTER_REGION}'
  - 'CLOUDSDK_COMPUTE_ZONE=${_CLUSTER_ZONE}'
  - 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}'

- id: '[WAIT_FOR_RESOURCES]'
  name: 'gcr.io/cloud-builders/kubectl'
  args:
  - '--namespace'
  - '${_KUBECTL_NAMESPACE}'
  - 'wait'
  - '--for=condition=Ready'
  - '--timeout=5m'
  - '-f'
  - '${_DEPLOYMENT_NAME}-krm.yaml'
  env:
  - 'CLOUDSDK_COMPUTE_REGION=${_CLUSTER_REGION}'
  - 'CLOUDSDK_COMPUTE_ZONE=${_CLUSTER_ZONE}'
  - 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}'

# Lastly, let's abandon the DM deployment to allow Config Connector to
# manage it moving forward
- id: '[ABANDON_DM_DEPLOYMENT]'
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: 'sh'
  args:
  - '-c'
  - gcloud deployment-manager deployments delete ${_DEPLOYMENT_NAME} --delete-policy=ABANDON -q

# Store the fetched DM manifest and converted KRM configuration
artifacts:
  objects:
    location: '${_BUCKET_URI}'
    paths: ['${_DEPLOYMENT_NAME}.yaml', '${_DEPLOYMENT_NAME}-krm.yaml']

substitutions:
  # Deployment Manager deployment name
  _DEPLOYMENT_NAME: ''
  # Region of the cluster, if the cluster is regional
  _CLUSTER_REGION: ''
  # Zone of the cluster, if the cluster is zonal
  _CLUSTER_ZONE: ''
  _CLUSTER_NAME: ''
  _KUBECTL_NAMESPACE: ''

Para invocar essa amostra, execute um dos seguintes comandos:

# If the GKE cluster is regional:
gcloud builds submit . --substitutions=_DEPLOYMENT_NAME=my-deployment,_BUCKET_URI=$BUCKET_URI,_KUBECTL_NAMESPACE=cnrm-system,_CLUSTER_REGION=us-west1,_CLUSTER_NAME=kcc-cluster

# If the GKE cluster is zonal:
gcloud builds submit . --substitutions=_DEPLOYMENT_NAME=my-deployment,_BUCKET_URI=$BUCKET_URI,_KUBECTL_NAMESPACE=cnrm-system,_CLUSTER_ZONE=us-west1-b,_CLUSTER_NAME=kcc-cluster

Terraform

A definição do Cloud Build a seguir é um exemplo completo da conversão de uma implantação atual para o Terraform, o abandono da implantação do Deployment Manager e o provisionamento de recursos por meio do Terraform.

Para começar, execute este comando:

gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/container.developer

gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com \
--role=roles/deploymentmanager.editor

Salve a seguinte definição do Cloud Build em cloudbuild.yaml:

steps:
# Retrieve the DM configuration from the existing deployment
# and back it up as a build artifact in case we want to access it later
- id: '[FETCH_DM_CONFIG]'
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: 'sh'
  args:
  - '-c'
  - |
      # Fetch the latest manifest for the given deployment
      MANIFEST_NAME=$(gcloud deployment-manager deployments describe ${_DEPLOYMENT_NAME} \
        --project $PROJECT_ID --format="value(deployment.manifest)" |\
        grep -oEi "manifest-[0-9]+")
      # Fetch the expanded config for the given manifest and save
      # it to /workdir/${_DEPLOYMENT_NAME}.yaml
      gcloud deployment-manager manifests describe $$MANIFEST_NAME \
        --deployment ${_DEPLOYMENT_NAME} --project $PROJECT_ID \
        --format="value(expandedConfig)" > ${_DEPLOYMENT_NAME}.yaml

- id: '[CONVERT_DM_CONFIG]'
  name: 'us-central1-docker.pkg.dev/dm-convert-host/deployment-manager/dm-convert:public-preview'
  args: ['--config', '${_DEPLOYMENT_NAME}.yaml',
         '--project_id', '$PROJECT_ID',
          '--project_number', '$PROJECT_NUMBER',
          '--output_format', 'TF',
          '--output_file', '${_DEPLOYMENT_NAME}.tf',
          '--deployment_name', '${_DEPLOYMENT_NAME}']

# Delete the DM deployment to allow Terraform to manage it moving forward
- id: '[ABANDON_DM_DEPLOYMENT]'
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: 'sh'
  args:
  - '-c'
  - |
      gcloud deployment-manager deployments delete ${_DEPLOYMENT_NAME} -q

# Apply ${_DEPLOYMENT_NAME}.yaml using Terraform
- id: '[APPLY_USING_TERRAFORM]'
  name: 'hashicorp/terraform'
  entrypoint: 'sh'
  args:
  - '-c'
  - |
      echo "*************** TERRAFORM INIT ******************"
      terraform init
      echo "*************** TERRAFORM APPLY ******************"
      terraform apply --auto-approve

# Store the fetched DM manifest and converted TF configuration
artifacts:
  objects:
    location: '${_BUCKET_URI}'
    paths: ['${_DEPLOYMENT_NAME}.yaml', '${_DEPLOYMENT_NAME}.tf']

Em seguida, execute o comando:

gcloud builds submit . --substitutions=_DEPLOYMENT_NAME=my-deployment,_BUCKET_URI=$BUCKET_URI