keep-dev: GKE metrics + env repairs #534
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Ran Plan for dir: Show OutputAn execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
-/+ destroy and then create replacement
<= read (data resources)
Terraform will perform the following actions:
- helm_release.openvpn
<= module.demo_dev_gke_cluster_metrics.data.kubernetes_service.kube_state_metrics
id: <computed>
load_balancer_ingress.#: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "helm-kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
spec.#: <computed>
+ module.demo_dev_gke_cluster_metrics.helm_release.kube_state_metrics
id: <computed>
chart: "stable/kube-state-metrics"
disable_webhooks: "false"
force_update: "false"
keyring: "/home/atlantis/.gnupg/pubring.gpg"
metadata.#: <computed>
name: "helm-kube-state-metrics"
namespace: "metrics"
recreate_pods: "false"
reuse: "false"
reuse_values: "false"
set.#: "1"
set.1510645123.name: "rbac.serviceAccountName"
set.1510645123.value: "kube-state-metrics"
timeout: "300"
verify: "false"
version: "0.13.0"
wait: "true"
+ module.demo_dev_gke_cluster_metrics.helm_release.prometheus_to_sd
id: <computed>
chart: "stable/prometheus-to-sd"
disable_webhooks: "false"
force_update: "false"
keyring: "/home/atlantis/.gnupg/pubring.gpg"
metadata.#: <computed>
name: "helm-prometheus-to-sd"
namespace: "metrics"
recreate_pods: "false"
reuse: "false"
reuse_values: "false"
set.#: "1"
set.~642634291.name: "metricsSources.kube-state-metrics"
set.~642634291.value: "http://${data.kubernetes_service.kube_state_metrics.spec.0.cluster_ip}:8080"
timeout: "300"
verify: "false"
version: "0.1.1"
wait: "true"
+ module.demo_dev_gke_cluster_metrics.kubernetes_cluster_role_binding.kube_state_metrics_cluster_role_binding
id: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "kube-state-metrics-cluster-view-binding"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
role_ref.%: "3"
role_ref.api_group: "rbac.authorization.k8s.io"
role_ref.kind: "ClusterRole"
role_ref.name: "view"
subject.#: "1"
subject.0.kind: "ServiceAccount"
subject.0.name: "kube-state-metrics"
subject.0.namespace: "metrics"
+ module.demo_dev_gke_cluster_metrics.kubernetes_namespace.metrics
id: <computed>
metadata.#: "1"
metadata.0.annotations.%: "1"
metadata.0.annotations.description: "The namespace for for installing third party Kubernetes metrics tools."
metadata.0.generation: <computed>
metadata.0.name: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
+ module.demo_dev_gke_cluster_metrics.kubernetes_service_account.kube_state_metrics
id: <computed>
automount_service_account_token: "false"
default_secret_name: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
~ module.gke_cluster.google_container_cluster.a_gke_cluster
logging_service: "logging.googleapis.com/kubernetes" => "logging.googleapis.com"
+ module.gke_cluster.google_project_service.container
id: <computed>
disable_on_destroy: "true"
project: "keep-dev-fe24"
service: "container.googleapis.com"
~ module.helm_provider_helper.kubernetes_service_account.tiller
automount_service_account_token: "" => "false"
~ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395700000002" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395700000002" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.238.255.240" => <computed>
network_interface.0.access_config.0.nat_ip: "35.238.255.240" => "35.238.255.240"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags.2790270952: "inst-keep-dev-vpc-network-nat-us-central1-a" => "inst-keep-dev-vpc-network-nat-us-central1-a"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_a.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "2428940380811452119" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "" (forces new resource)
~ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836396700000003" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836396700000003" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.226.204.36" => <computed>
network_interface.0.access_config.0.nat_ip: "35.226.204.36" => "35.226.204.36"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1062827602: "inst-keep-dev-vpc-network-nat-us-central1-b" => "inst-keep-dev-vpc-network-nat-us-central1-b"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_b.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "3731707379855754622" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "" (forces new resource)
~ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395600000001" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395600000001" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.202.214.39" => <computed>
network_interface.0.access_config.0.nat_ip: "35.202.214.39" => "35.202.214.39"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1214138052: "inst-keep-dev-vpc-network-nat-us-central1-c" => "inst-keep-dev-vpc-network-nat-us-central1-c"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_c.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "9171285365591061132" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "" (forces new resource)
Plan: 12 to add, 5 to change, 7 to destroy.
|
|
atlantis plan |
|
Ran Plan for dir: Show OutputAn execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
-/+ destroy and then create replacement
<= read (data resources)
Terraform will perform the following actions:
- helm_release.openvpn
<= module.demo_dev_gke_cluster_metrics.data.kubernetes_service.kube_state_metrics
id: <computed>
load_balancer_ingress.#: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "helm-kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
spec.#: <computed>
+ module.demo_dev_gke_cluster_metrics.helm_release.kube_state_metrics
id: <computed>
chart: "stable/kube-state-metrics"
disable_webhooks: "false"
force_update: "false"
keyring: "/home/atlantis/.gnupg/pubring.gpg"
metadata.#: <computed>
name: "helm-kube-state-metrics"
namespace: "metrics"
recreate_pods: "false"
reuse: "false"
reuse_values: "false"
set.#: "1"
set.1510645123.name: "rbac.serviceAccountName"
set.1510645123.value: "kube-state-metrics"
timeout: "300"
verify: "false"
version: "0.13.0"
wait: "true"
+ module.demo_dev_gke_cluster_metrics.helm_release.prometheus_to_sd
id: <computed>
chart: "stable/prometheus-to-sd"
disable_webhooks: "false"
force_update: "false"
keyring: "/home/atlantis/.gnupg/pubring.gpg"
metadata.#: <computed>
name: "helm-prometheus-to-sd"
namespace: "metrics"
recreate_pods: "false"
reuse: "false"
reuse_values: "false"
set.#: "1"
set.~642634291.name: "metricsSources.kube-state-metrics"
set.~642634291.value: "http://${data.kubernetes_service.kube_state_metrics.spec.0.cluster_ip}:8080"
timeout: "300"
verify: "false"
version: "0.1.1"
wait: "true"
+ module.demo_dev_gke_cluster_metrics.kubernetes_cluster_role_binding.kube_state_metrics_cluster_role_binding
id: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "kube-state-metrics-cluster-view-binding"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
role_ref.%: "3"
role_ref.api_group: "rbac.authorization.k8s.io"
role_ref.kind: "ClusterRole"
role_ref.name: "view"
subject.#: "1"
subject.0.kind: "ServiceAccount"
subject.0.name: "kube-state-metrics"
subject.0.namespace: "metrics"
+ module.demo_dev_gke_cluster_metrics.kubernetes_namespace.metrics
id: <computed>
metadata.#: "1"
metadata.0.annotations.%: "1"
metadata.0.annotations.description: "The namespace for for installing third party Kubernetes metrics tools."
metadata.0.generation: <computed>
metadata.0.name: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
+ module.demo_dev_gke_cluster_metrics.kubernetes_service_account.kube_state_metrics
id: <computed>
automount_service_account_token: "false"
default_secret_name: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
~ module.gke_cluster.google_container_cluster.a_gke_cluster
logging_service: "logging.googleapis.com/kubernetes" => "logging.googleapis.com"
+ module.gke_cluster.google_project_service.container
id: <computed>
disable_on_destroy: "true"
project: "keep-dev-fe24"
service: "container.googleapis.com"
~ module.helm_provider_helper.kubernetes_service_account.tiller
automount_service_account_token: "" => "false"
~ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395700000002" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395700000002" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.238.255.240" => <computed>
network_interface.0.access_config.0.nat_ip: "35.238.255.240" => "35.238.255.240"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags.2790270952: "inst-keep-dev-vpc-network-nat-us-central1-a" => "inst-keep-dev-vpc-network-nat-us-central1-a"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_a.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "2428940380811452119" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "" (forces new resource)
~ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836396700000003" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836396700000003" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.226.204.36" => <computed>
network_interface.0.access_config.0.nat_ip: "35.226.204.36" => "35.226.204.36"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1062827602: "inst-keep-dev-vpc-network-nat-us-central1-b" => "inst-keep-dev-vpc-network-nat-us-central1-b"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_b.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "3731707379855754622" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "" (forces new resource)
~ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395600000001" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395600000001" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.202.214.39" => <computed>
network_interface.0.access_config.0.nat_ip: "35.202.214.39" => "35.202.214.39"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1214138052: "inst-keep-dev-vpc-network-nat-us-central1-c" => "inst-keep-dev-vpc-network-nat-us-central1-c"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_c.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "9171285365591061132" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "" (forces new resource)
Plan: 12 to add, 5 to change, 7 to destroy.
|
I'm going to wrap this in a module eventually. For now I've configured openvpn in a separate config file to keep it from the perm configs.
|
Ran Plan for dir: Show OutputAn execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
~ update in-place
-/+ destroy and then create replacement
<= read (data resources)
Terraform will perform the following actions:
~ helm_release.openvpn
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
<= module.demo_dev_gke_cluster_metrics.data.kubernetes_service.kube_state_metrics
id: <computed>
load_balancer_ingress.#: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "helm-kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
spec.#: <computed>
+ module.demo_dev_gke_cluster_metrics.helm_release.kube_state_metrics
id: <computed>
chart: "stable/kube-state-metrics"
disable_webhooks: "false"
force_update: "false"
keyring: "/home/atlantis/.gnupg/pubring.gpg"
metadata.#: <computed>
name: "helm-kube-state-metrics"
namespace: "metrics"
recreate_pods: "false"
reuse: "false"
reuse_values: "false"
set.#: "1"
set.1510645123.name: "rbac.serviceAccountName"
set.1510645123.value: "kube-state-metrics"
timeout: "300"
verify: "false"
version: "0.13.0"
wait: "true"
+ module.demo_dev_gke_cluster_metrics.helm_release.prometheus_to_sd
id: <computed>
chart: "stable/prometheus-to-sd"
disable_webhooks: "false"
force_update: "false"
keyring: "/home/atlantis/.gnupg/pubring.gpg"
metadata.#: <computed>
name: "helm-prometheus-to-sd"
namespace: "metrics"
recreate_pods: "false"
reuse: "false"
reuse_values: "false"
set.#: "1"
set.~642634291.name: "metricsSources.kube-state-metrics"
set.~642634291.value: "http://${data.kubernetes_service.kube_state_metrics.spec.0.cluster_ip}:8080"
timeout: "300"
verify: "false"
version: "0.1.1"
wait: "true"
+ module.demo_dev_gke_cluster_metrics.kubernetes_cluster_role_binding.kube_state_metrics_cluster_role_binding
id: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "kube-state-metrics-cluster-view-binding"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
role_ref.%: "3"
role_ref.api_group: "rbac.authorization.k8s.io"
role_ref.kind: "ClusterRole"
role_ref.name: "view"
subject.#: "1"
subject.0.kind: "ServiceAccount"
subject.0.name: "kube-state-metrics"
subject.0.namespace: "metrics"
+ module.demo_dev_gke_cluster_metrics.kubernetes_namespace.metrics
id: <computed>
metadata.#: "1"
metadata.0.annotations.%: "1"
metadata.0.annotations.description: "The namespace for for installing third party Kubernetes metrics tools."
metadata.0.generation: <computed>
metadata.0.name: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
+ module.demo_dev_gke_cluster_metrics.kubernetes_service_account.kube_state_metrics
id: <computed>
automount_service_account_token: "false"
default_secret_name: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
~ module.gke_cluster.google_container_cluster.a_gke_cluster
logging_service: "logging.googleapis.com/kubernetes" => "logging.googleapis.com"
+ module.gke_cluster.google_project_service.container
id: <computed>
disable_on_destroy: "true"
project: "keep-dev-fe24"
service: "container.googleapis.com"
~ module.helm_provider_helper.kubernetes_service_account.tiller
automount_service_account_token: "" => "false"
~ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395700000002" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395700000002" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.238.255.240" => <computed>
network_interface.0.access_config.0.nat_ip: "35.238.255.240" => "35.238.255.240"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags.2790270952: "inst-keep-dev-vpc-network-nat-us-central1-a" => "inst-keep-dev-vpc-network-nat-us-central1-a"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_a.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "2428940380811452119" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "" (forces new resource)
~ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836396700000003" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836396700000003" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.226.204.36" => <computed>
network_interface.0.access_config.0.nat_ip: "35.226.204.36" => "35.226.204.36"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1062827602: "inst-keep-dev-vpc-network-nat-us-central1-b" => "inst-keep-dev-vpc-network-nat-us-central1-b"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_b.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "3731707379855754622" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "" (forces new resource)
~ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395600000001" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395600000001" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.202.214.39" => <computed>
network_interface.0.access_config.0.nat_ip: "35.202.214.39" => "35.202.214.39"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1214138052: "inst-keep-dev-vpc-network-nat-us-central1-c" => "inst-keep-dev-vpc-network-nat-us-central1-c"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_c.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "9171285365591061132" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "" (forces new resource)
Plan: 12 to add, 6 to change, 6 to destroy.
|
|
Trying to sort out why this plan isn't clean I don't have any of the NAT delete tasks when trying |
|
Provider versions were different (also weird), but matching them up didn't make a difference. Having a look on the Atlantis container for now. |
|
atlantis plan -d infrastructure/terraform/keep-dev |
|
Ran Plan for dir: Show OutputAn execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
~ update in-place
-/+ destroy and then create replacement
<= read (data resources)
Terraform will perform the following actions:
~ helm_release.openvpn
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
<= module.demo_dev_gke_cluster_metrics.data.kubernetes_service.kube_state_metrics
id: <computed>
load_balancer_ingress.#: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "helm-kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
spec.#: <computed>
+ module.demo_dev_gke_cluster_metrics.helm_release.kube_state_metrics
id: <computed>
chart: "stable/kube-state-metrics"
disable_webhooks: "false"
force_update: "false"
keyring: "/home/atlantis/.gnupg/pubring.gpg"
metadata.#: <computed>
name: "helm-kube-state-metrics"
namespace: "metrics"
recreate_pods: "false"
reuse: "false"
reuse_values: "false"
set.#: "1"
set.1510645123.name: "rbac.serviceAccountName"
set.1510645123.value: "kube-state-metrics"
timeout: "300"
verify: "false"
version: "0.13.0"
wait: "true"
+ module.demo_dev_gke_cluster_metrics.helm_release.prometheus_to_sd
id: <computed>
chart: "stable/prometheus-to-sd"
disable_webhooks: "false"
force_update: "false"
keyring: "/home/atlantis/.gnupg/pubring.gpg"
metadata.#: <computed>
name: "helm-prometheus-to-sd"
namespace: "metrics"
recreate_pods: "false"
reuse: "false"
reuse_values: "false"
set.#: "1"
set.~642634291.name: "metricsSources.kube-state-metrics"
set.~642634291.value: "http://${data.kubernetes_service.kube_state_metrics.spec.0.cluster_ip}:8080"
timeout: "300"
verify: "false"
version: "0.1.1"
wait: "true"
+ module.demo_dev_gke_cluster_metrics.kubernetes_cluster_role_binding.kube_state_metrics_cluster_role_binding
id: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "kube-state-metrics-cluster-view-binding"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
role_ref.%: "3"
role_ref.api_group: "rbac.authorization.k8s.io"
role_ref.kind: "ClusterRole"
role_ref.name: "view"
subject.#: "1"
subject.0.kind: "ServiceAccount"
subject.0.name: "kube-state-metrics"
subject.0.namespace: "metrics"
+ module.demo_dev_gke_cluster_metrics.kubernetes_namespace.metrics
id: <computed>
metadata.#: "1"
metadata.0.annotations.%: "1"
metadata.0.annotations.description: "The namespace for for installing third party Kubernetes metrics tools."
metadata.0.generation: <computed>
metadata.0.name: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
+ module.demo_dev_gke_cluster_metrics.kubernetes_service_account.kube_state_metrics
id: <computed>
automount_service_account_token: "false"
default_secret_name: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
~ module.gke_cluster.google_container_cluster.a_gke_cluster
logging_service: "logging.googleapis.com/kubernetes" => "logging.googleapis.com"
+ module.gke_cluster.google_project_service.container
id: <computed>
disable_on_destroy: "true"
project: "keep-dev-fe24"
service: "container.googleapis.com"
~ module.helm_provider_helper.kubernetes_service_account.tiller
automount_service_account_token: "" => "false"
~ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395700000002" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395700000002" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.238.255.240" => <computed>
network_interface.0.access_config.0.nat_ip: "35.238.255.240" => "35.238.255.240"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags.2790270952: "inst-keep-dev-vpc-network-nat-us-central1-a" => "inst-keep-dev-vpc-network-nat-us-central1-a"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_a.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "2428940380811452119" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "" (forces new resource)
~ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836396700000003" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836396700000003" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.226.204.36" => <computed>
network_interface.0.access_config.0.nat_ip: "35.226.204.36" => "35.226.204.36"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1062827602: "inst-keep-dev-vpc-network-nat-us-central1-b" => "inst-keep-dev-vpc-network-nat-us-central1-b"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_b.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "3731707379855754622" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "" (forces new resource)
~ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395600000001" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395600000001" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.202.214.39" => <computed>
network_interface.0.access_config.0.nat_ip: "35.202.214.39" => "35.202.214.39"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1214138052: "inst-keep-dev-vpc-network-nat-us-central1-c" => "inst-keep-dev-vpc-network-nat-us-central1-c"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_c.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "9171285365591061132" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "" (forces new resource)
Plan: 12 to add, 6 to change, 6 to destroy.
|
|
Going to run this apply locally and see what happens. |
|
Totally clean locally |
|
atlantis plan |
|
Ran Plan for dir: Show OutputAn execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
~ update in-place
-/+ destroy and then create replacement
<= read (data resources)
Terraform will perform the following actions:
~ helm_release.openvpn
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
<= module.demo_dev_gke_cluster_metrics.data.kubernetes_service.kube_state_metrics
id: <computed>
load_balancer_ingress.#: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "helm-kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
spec.#: <computed>
~ module.demo_dev_gke_cluster_metrics.helm_release.kube_state_metrics
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
~ module.demo_dev_gke_cluster_metrics.helm_release.prometheus_to_sd
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
set.1429516357.name: "metricsSources.kube-state-metrics" => ""
set.1429516357.value: "http://10.102.100.47:8080" => ""
set.~642634291.name: "" => "metricsSources.kube-state-metrics"
set.~642634291.value: "" => "http://${data.kubernetes_service.kube_state_metrics.spec.0.cluster_ip}:8080"
~ module.demo_dev_gke_cluster_metrics.kubernetes_service_account.kube_state_metrics
automount_service_account_token: "" => "false"
~ module.gke_cluster.google_container_cluster.a_gke_cluster
logging_service: "logging.googleapis.com/kubernetes" => "logging.googleapis.com"
+ module.gke_cluster.google_project_service.container
id: <computed>
disable_on_destroy: "true"
project: "keep-dev-fe24"
service: "container.googleapis.com"
~ module.helm_provider_helper.kubernetes_service_account.tiller
automount_service_account_token: "" => "false"
~ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395700000002" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395700000002" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.238.255.240" => <computed>
network_interface.0.access_config.0.nat_ip: "35.238.255.240" => "35.238.255.240"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags.2790270952: "inst-keep-dev-vpc-network-nat-us-central1-a" => "inst-keep-dev-vpc-network-nat-us-central1-a"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_a.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "2428940380811452119" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "" (forces new resource)
~ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836396700000003" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836396700000003" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.226.204.36" => <computed>
network_interface.0.access_config.0.nat_ip: "35.226.204.36" => "35.226.204.36"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1062827602: "inst-keep-dev-vpc-network-nat-us-central1-b" => "inst-keep-dev-vpc-network-nat-us-central1-b"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_b.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "3731707379855754622" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "" (forces new resource)
~ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395600000001" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395600000001" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.202.214.39" => <computed>
network_interface.0.access_config.0.nat_ip: "35.202.214.39" => "35.202.214.39"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1214138052: "inst-keep-dev-vpc-network-nat-us-central1-c" => "inst-keep-dev-vpc-network-nat-us-central1-c"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_c.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "9171285365591061132" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "" (forces new resource)
Plan: 7 to add, 9 to change, 6 to destroy.
|
|
Alright so after the clean apply locally, plan still leaves the bits that don't exist in my local state on the branch. Mostly expected ~ makes things a little easier to look at. |
|
atlantis plan |
|
Ran Plan for dir: Show OutputAn execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
~ update in-place
-/+ destroy and then create replacement
<= read (data resources)
Terraform will perform the following actions:
~ helm_release.openvpn
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
<= module.demo_dev_gke_cluster_metrics.data.kubernetes_service.kube_state_metrics
id: <computed>
load_balancer_ingress.#: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "helm-kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
spec.#: <computed>
~ module.demo_dev_gke_cluster_metrics.helm_release.kube_state_metrics
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
~ module.demo_dev_gke_cluster_metrics.helm_release.prometheus_to_sd
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
set.1429516357.name: "metricsSources.kube-state-metrics" => ""
set.1429516357.value: "http://10.102.100.47:8080" => ""
set.~642634291.name: "" => "metricsSources.kube-state-metrics"
set.~642634291.value: "" => "http://${data.kubernetes_service.kube_state_metrics.spec.0.cluster_ip}:8080"
~ module.demo_dev_gke_cluster_metrics.kubernetes_service_account.kube_state_metrics
automount_service_account_token: "" => "false"
~ module.gke_cluster.google_container_cluster.a_gke_cluster
logging_service: "logging.googleapis.com/kubernetes" => "logging.googleapis.com"
+ module.gke_cluster.google_project_service.container
id: <computed>
disable_on_destroy: "true"
project: "keep-dev-fe24"
service: "container.googleapis.com"
~ module.helm_provider_helper.kubernetes_service_account.tiller
automount_service_account_token: "" => "false"
~ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395700000002" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395700000002" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.238.255.240" => <computed>
network_interface.0.access_config.0.nat_ip: "35.238.255.240" => "35.238.255.240"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags.2790270952: "inst-keep-dev-vpc-network-nat-us-central1-a" => "inst-keep-dev-vpc-network-nat-us-central1-a"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_a.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "2428940380811452119" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "" (forces new resource)
~ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836396700000003" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836396700000003" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.226.204.36" => <computed>
network_interface.0.access_config.0.nat_ip: "35.226.204.36" => "35.226.204.36"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1062827602: "inst-keep-dev-vpc-network-nat-us-central1-b" => "inst-keep-dev-vpc-network-nat-us-central1-b"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_b.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "3731707379855754622" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "" (forces new resource)
~ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395600000001" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395600000001" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.202.214.39" => <computed>
network_interface.0.access_config.0.nat_ip: "35.202.214.39" => "35.202.214.39"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1214138052: "inst-keep-dev-vpc-network-nat-us-central1-c" => "inst-keep-dev-vpc-network-nat-us-central1-c"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_c.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "9171285365591061132" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "" (forces new resource)
Plan: 7 to add, 9 to change, 6 to destroy.
|
|
So I had Markus pull this branch and run a plan locally. His plan looks like the Atlantis plan which makes my local the odd duck out. Will look into this more on Monday. Found another tiny bug in the data source for |
|
hashicorp/terraform#11806 the aforementioned data source issue I'm seeing |
|
So, I killed my |
|
atlantis plan |
|
Ran Plan for dir: Show OutputAn execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
~ update in-place
-/+ destroy and then create replacement
<= read (data resources)
Terraform will perform the following actions:
~ helm_release.openvpn
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
<= module.demo_dev_gke_cluster_metrics.data.kubernetes_service.kube_state_metrics
id: <computed>
load_balancer_ingress.#: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "helm-kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
spec.#: <computed>
~ module.demo_dev_gke_cluster_metrics.helm_release.kube_state_metrics
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
~ module.demo_dev_gke_cluster_metrics.helm_release.prometheus_to_sd
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
set.1429516357.name: "metricsSources.kube-state-metrics" => ""
set.1429516357.value: "http://10.102.100.47:8080" => ""
set.~642634291.name: "" => "metricsSources.kube-state-metrics"
set.~642634291.value: "" => "http://${data.kubernetes_service.kube_state_metrics.spec.0.cluster_ip}:8080"
~ module.demo_dev_gke_cluster_metrics.kubernetes_service_account.kube_state_metrics
automount_service_account_token: "" => "false"
~ module.gke_cluster.google_container_cluster.a_gke_cluster
logging_service: "logging.googleapis.com/kubernetes" => "logging.googleapis.com"
+ module.gke_cluster.google_project_service.container
id: <computed>
disable_on_destroy: "true"
project: "keep-dev-fe24"
service: "container.googleapis.com"
~ module.helm_provider_helper.kubernetes_service_account.tiller
automount_service_account_token: "" => "false"
~ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_a.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395700000002" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395700000002" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.238.255.240" => <computed>
network_interface.0.access_config.0.nat_ip: "35.238.255.240" => "35.238.255.240"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags.2790270952: "inst-keep-dev-vpc-network-nat-us-central1-a" => "inst-keep-dev-vpc-network-nat-us-central1-a"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_a.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "2428940380811452119" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395700000002" => "" (forces new resource)
~ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_b.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836396700000003" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836396700000003" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.226.204.36" => <computed>
network_interface.0.access_config.0.nat_ip: "35.226.204.36" => "35.226.204.36"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1062827602: "inst-keep-dev-vpc-network-nat-us-central1-b" => "inst-keep-dev-vpc-network-nat-us-central1-b"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_b.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "3731707379855754622" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836396700000003" => "" (forces new resource)
~ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_group_manager.default
instance_template: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "${google_compute_instance_template.default.self_link}"
-/+ module.nat_gateway_zone_c.module.nat-gateway.google_compute_instance_template.default (new resource required)
id: "default-20181115162836395600000001" => <computed> (forces new resource)
can_ip_forward: "true" => "true"
disk.#: "1" => "1"
disk.0.auto_delete: "true" => "true"
disk.0.boot: "true" => "true"
disk.0.device_name: "persistent-disk-0" => <computed>
disk.0.disk_size_gb: "0" => "0"
disk.0.disk_type: "pd-ssd" => "pd-ssd"
disk.0.interface: "SCSI" => <computed>
disk.0.mode: "READ_WRITE" => "READ_WRITE"
disk.0.source_image: "projects/debian-cloud/global/images/family/debian-9" => "projects/debian-cloud/global/images/family/debian-9"
disk.0.type: "PERSISTENT" => "PERSISTENT"
labels.%: "3" => "3"
labels.contact: "sthompson22" => "sthompson22"
labels.environment: "keep-dev" => "keep-dev"
labels.vertical: "keep" => "keep"
machine_type: "n1-standard-1" => "n1-standard-1"
metadata.%: "2" => "2"
metadata.startup-script: "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" => "#!/bin/bash -xe\n\n# Enable ip forwarding and nat\nsysctl -w net.ipv4.ip_forward=1\n\n# Make forwarding persistent.\nsed -i= 's/^[# ]*net.ipv4.ip_forward=[[:digit:]]/net.ipv4.ip_forward=1/g' /etc/sysctl.conf\n\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\napt-get update\n\n# Install nginx for instance http health check\napt-get install -y nginx\n\nENABLE_SQUID=\"false\"\n\nif [[ \"$$ENABLE_SQUID\" == \"true\" ]]; then\n apt-get install -y squid3\n\n cat - > /etc/squid/squid.conf <<'EOM'\nshutdown_lifetime 3 seconds\n\nhttp_access allow all\n\nhttp_port 3128\nhttp_port 3129 transparent\n\n# Anonymous proxy settings\nvia off\nforwarded_for off\n\nrequest_header_access Allow allow all \nrequest_header_access Authorization allow all \nrequest_header_access WWW-Authenticate allow all \nrequest_header_access Proxy-Authorization allow all \nrequest_header_access Proxy-Authenticate allow all \nrequest_header_access Cache-Control allow all \nrequest_header_access Content-Encoding allow all \nrequest_header_access Content-Length allow all \nrequest_header_access Content-Type allow all \nrequest_header_access Date allow all \nrequest_header_access Expires allow all \nrequest_header_access Host allow all \nrequest_header_access If-Modified-Since allow all \nrequest_header_access Last-Modified allow all \nrequest_header_access Location allow all \nrequest_header_access Pragma allow all \nrequest_header_access Accept allow all \nrequest_header_access Accept-Charset allow all \nrequest_header_access Accept-Encoding allow all \nrequest_header_access Accept-Language allow all \nrequest_header_access Content-Language allow all \nrequest_header_access Mime-Version allow all \nrequest_header_access Retry-After allow all \nrequest_header_access Title allow all \nrequest_header_access Connection allow all \nrequest_header_access Proxy-Connection allow all \nrequest_header_access User-Agent allow all \nrequest_header_access Cookie allow all \nrequest_header_access All deny all\nEOM\n\n systemctl reload squid\nfi\n" (forces new resource)
metadata.tf_depends_id: "" => ""
metadata_fingerprint: "vXOUEBeWCe8=" => <computed>
name: "default-20181115162836395600000001" => <computed>
name_prefix: "default-" => "default-"
network_interface.#: "1" => "1"
network_interface.0.access_config.#: "1" => "1"
network_interface.0.access_config.0.assigned_nat_ip: "35.202.214.39" => <computed>
network_interface.0.access_config.0.nat_ip: "35.202.214.39" => "35.202.214.39"
network_interface.0.access_config.0.network_tier: "PREMIUM" => <computed>
network_interface.0.address: "" => <computed>
network_interface.0.network_ip: "" => <computed>
network_interface.0.subnetwork: "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1" => "https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/regions/us-central1/subnetworks/keep-dev-vpc-subnet-pub-us-central1"
network_interface.0.subnetwork_project: "keep-dev-fe24" => "keep-dev-fe24"
project: "keep-dev-fe24" => "keep-dev-fe24"
region: "us-central1" => "us-central1"
scheduling.#: "1" => "1"
scheduling.0.automatic_restart: "true" => "true"
scheduling.0.on_host_maintenance: "MIGRATE" => <computed>
scheduling.0.preemptible: "false" => "false"
self_link: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => <computed>
service_account.#: "1" => "1"
service_account.0.email: "default" => "default"
service_account.0.scopes.#: "4" => "4"
service_account.0.scopes.1693978638: "https://www.googleapis.com/auth/devstorage.full_control" => "https://www.googleapis.com/auth/devstorage.full_control"
service_account.0.scopes.172152165: "https://www.googleapis.com/auth/logging.write" => "https://www.googleapis.com/auth/logging.write"
service_account.0.scopes.299962681: "https://www.googleapis.com/auth/compute" => "https://www.googleapis.com/auth/compute"
service_account.0.scopes.4177124133: "https://www.googleapis.com/auth/monitoring.write" => "https://www.googleapis.com/auth/monitoring.write"
tags.#: "3" => "3"
tags.1214138052: "inst-keep-dev-vpc-network-nat-us-central1-c" => "inst-keep-dev-vpc-network-nat-us-central1-c"
tags.1990099075: "inst-keep-dev-vpc-network-nat-us-central1" => "inst-keep-dev-vpc-network-nat-us-central1"
tags.2542268873: "allow-ssh" => "allow-ssh"
tags_fingerprint: "" => <computed>
-/+ module.nat_gateway_zone_c.module.nat-gateway.null_resource.dummy_dependency (new resource required)
id: "9171285365591061132" => <computed> (forces new resource)
triggers.%: "1" => <computed> (forces new resource)
triggers.instance_template: "https://www.googleapis.com/compute/beta/projects/keep-dev-fe24/global/instanceTemplates/default-20181115162836395600000001" => "" (forces new resource)
Plan: 7 to add, 9 to change, 6 to destroy.
|
|
Alright, I was able to locally reproduce the |
|
andddd here's a fresh bug report regarding the funky Not just me :wipe: , going to see if I can fix this bug and open a PR on the Google Nat Gateway module. |
|
hashicorp/terraform-provider-template@b80e43a Think this is where we'll find our issue. |
added 3 commits
February 7, 2019 15:13
Providers are our interface into the various APIs Terraform needs to interact with to provision our infrastructure. They're all managed and versioned independently. Without versioning our providers we run the risk of breaking our currently deployed infra by a provider update. Here we version all providers, and rollback a the template provider from version 2.0.0 to 1.0.0 to prevent some unsavory behavior in the Google managed NAT module.
…changes on the flyyyyy
|
Ran Plan for dir: Plan Error Show Output |
|
Did you mean to use |
|
atlantis plan |
|
Ran Plan for dir: Show OutputAn execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
<= module.gke_cluster_metrics.data.kubernetes_service.kube_state_metrics
id: <computed>
load_balancer_ingress.#: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "helm-kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
spec.#: <computed>
+ module.gke_cluster_metrics.helm_release.kube_state_metrics
id: <computed>
chart: "stable/kube-state-metrics"
disable_webhooks: "false"
force_update: "false"
keyring: "/home/atlantis/.gnupg/pubring.gpg"
metadata.#: <computed>
name: "helm-kube-state-metrics"
namespace: "metrics"
recreate_pods: "false"
reuse: "false"
reuse_values: "false"
set.#: "1"
set.1510645123.name: "rbac.serviceAccountName"
set.1510645123.value: "kube-state-metrics"
timeout: "300"
verify: "false"
version: "0.13.0"
wait: "true"
+ module.gke_cluster_metrics.helm_release.prometheus_to_sd
id: <computed>
chart: "stable/prometheus-to-sd"
disable_webhooks: "false"
force_update: "false"
keyring: "/home/atlantis/.gnupg/pubring.gpg"
metadata.#: <computed>
name: "helm-prometheus-to-sd"
namespace: "metrics"
recreate_pods: "false"
reuse: "false"
reuse_values: "false"
set.#: "1"
set.~642634291.name: "metricsSources.kube-state-metrics"
set.~642634291.value: "http://${data.kubernetes_service.kube_state_metrics.spec.0.cluster_ip}:8080"
timeout: "300"
verify: "false"
version: "0.1.1"
wait: "true"
Plan: 2 to add, 0 to change, 0 to destroy.
|
|
atlantis apply -d infrastructure/terraform/keep-dev |
|
Ran Apply for dir: Apply Error Show Output |
|
@lispmeister This is ready to go now, I ended up running the apply locally while debugging Atlantis. |
|
Ran Plan for dir: Show OutputAn execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
<= read (data resources)
Terraform will perform the following actions:
~ helm_release.openvpn
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
<= module.gke_cluster_metrics.data.kubernetes_service.kube_state_metrics
id: <computed>
load_balancer_ingress.#: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "helm-kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
spec.#: <computed>
~ module.gke_cluster_metrics.helm_release.kube_state_metrics
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
~ module.gke_cluster_metrics.helm_release.prometheus_to_sd
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
set.2278855196.name: "metricsSources.kube-state-metrics" => ""
set.2278855196.value: "http://10.102.100.169:8080" => ""
set.~642634291.name: "" => "metricsSources.kube-state-metrics"
set.~642634291.value: "" => "http://${data.kubernetes_service.kube_state_metrics.spec.0.cluster_ip}:8080"
Plan: 0 to add, 3 to change, 0 to destroy.
|
added 2 commits
February 13, 2019 10:08
Using this module will create a data read and an update for the prometheus-to-sd resource on each Terraform planand apply run. These updates will do nothing and are an artifact of the depends_on in the modules data resource. Terraform team is aware and have a proposed fix in the works.
|
Ran Plan for dir: Show OutputAn execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
<= read (data resources)
Terraform will perform the following actions:
~ helm_release.openvpn
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
<= module.gke_cluster_metrics.data.kubernetes_service.kube_state_metrics
id: <computed>
load_balancer_ingress.#: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "helm-kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
spec.#: <computed>
~ module.gke_cluster_metrics.helm_release.kube_state_metrics
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
~ module.gke_cluster_metrics.helm_release.prometheus_to_sd
keyring: "/Users/sthompson22/.gnupg/pubring.gpg" => "/home/atlantis/.gnupg/pubring.gpg"
set.2278855196.name: "metricsSources.kube-state-metrics" => ""
set.2278855196.value: "http://10.102.100.169:8080" => ""
set.~642634291.name: "" => "metricsSources.kube-state-metrics"
set.~642634291.value: "" => "http://${data.kubernetes_service.kube_state_metrics.spec.0.cluster_ip}:8080"
Plan: 0 to add, 3 to change, 0 to destroy.
|
|
atlantis apply -d infrastructure/terraform/keep-dev |
|
Ran Apply for dir: Apply Error Show Output |
|
Ran Plan for dir: Show OutputAn execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
<= read (data resources)
Terraform will perform the following actions:
<= module.gke_cluster_metrics.data.kubernetes_service.kube_state_metrics
id: <computed>
load_balancer_ingress.#: <computed>
metadata.#: "1"
metadata.0.generation: <computed>
metadata.0.name: "helm-kube-state-metrics"
metadata.0.namespace: "metrics"
metadata.0.resource_version: <computed>
metadata.0.self_link: <computed>
metadata.0.uid: <computed>
spec.#: <computed>
~ module.gke_cluster_metrics.helm_release.prometheus_to_sd
set.2278855196.name: "metricsSources.kube-state-metrics" => ""
set.2278855196.value: "http://10.102.100.169:8080" => ""
set.~642634291.name: "" => "metricsSources.kube-state-metrics"
set.~642634291.value: "" => "http://${data.kubernetes_service.kube_state_metrics.spec.0.cluster_ip}:8080"
Plan: 0 to add, 1 to change, 0 to destroy.
|
|
atlantis apply -d infrastructure/terraform/keep-dev |
|
Ran Apply for dir: Show Outputmodule.gke_cluster_metrics.data.kubernetes_service.kube_state_metrics: Refreshing state...
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
atlantis_external_ip = 35.244.176.50
backend_bucket_name = keep-dev-tf-backend-bucket
contacts = sthompson22
environment = keep-dev
nat_gateway_external_ips = [
35.238.255.240,
35.226.204.36,
35.202.214.39
]
nat_gateway_region_route_tag = keep-dev-vpc-network-nat-us-central1
nat_gateway_zone_a_instance = [
https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/zones/us-central1-a/instances/keep-dev-vpc-network-nat-gateway-us-central1-a-k0cm
]
nat_gateway_zone_a_route_tag = keep-dev-vpc-network-nat-us-central1-a
nat_gateway_zone_b_instance = [
https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/zones/us-central1-b/instances/keep-dev-vpc-network-nat-gateway-us-central1-b-4r66
]
nat_gateway_zone_b_route_tag = keep-dev-vpc-network-nat-us-central1-b
nat_gateway_zone_c_instance = [
https://www.googleapis.com/compute/v1/projects/keep-dev-fe24/zones/us-central1-c/instances/keep-dev-vpc-network-nat-gateway-us-central1-c-cr11
]
nat_gateway_zone_c_route_tag = keep-dev-vpc-network-nat-us-central1-c
project_id = keep-dev-fe24
project_name = keep-dev
project_owner_members = [
user:[email protected],
user:[email protected],
user:[email protected],
serviceAccount:[email protected]
]
region_data = {
region = us-central1
zone_a = us-central1-a
zone_b = us-central1-b
zone_c = us-central1-c
zone_f = us-central1-f
}
vertical = keep
vpc_network_gateway_ip =
vpc_network_name = keep-dev-vpc-network
vpc_private_subnet_name = keep-dev-vpc-subnet-pri-us-central1
vpc_public_subnet_name = keep-dev-vpc-subnet-pub-us-central1
|
|
Finally a clean apply. |
|
Ok now this is ready ready =) |
added 2 commits
February 21, 2019 21:01
A recent GKE upgrade resulted in openvpn connections not working. Specifically, a client can connect to the vpn but requests to the tun0 interface are not routed. After exhaustive research we could not find a misconfiguration between server and client. Because the demo-dev environment continued to work post upgrade and does not have network policies enabled we rebuilt the cluster with policies disabled. This corrected the openvpn connection. For now were disabling network policies so that we can use the environment. We need to look into Calico routing.
|
@lispmeister Would like to have this merged sooner than later please. |
sthompson22
commented
Feb 25, 2019
| @@ -121,11 +121,11 @@ module "gke_cluster" { | |||
| gke_cluster { | |||
| name = "${var.gke_cluster["name"]}" | |||
| private_cluster = "${var.gke_cluster["private_cluster"]}" | |||
| subnetwork = "${module.vpc.vpc_private_subnet_self_link}" | |||
There was a problem hiding this comment.
Took this out because it's superfluous. This param is actually ignored by the module.
sthompson22
changed the title
sthompson22
changed the title
|
@lispmeister pinging here again. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related RFC: https://github.com/thesis/infrastructure/pull/42
Parent PR: https://github.com/thesis/infrastructure/pull/44
After prototyping shipping
kube-state-metricsto Stackdriver we've codified the process in a Terraform module.I've uninstalled all the manual work done in
keep-devas part of that prototype and here we put it back proper.We've started being explicit about configuring providers and provider versions for some env. I went ahead and did that here as well.
BONUS: This PR ended up taking the config changes related to getting
keep-devworking again after the VPN trouble. This is really one change, disabling network policies.