From 720213593e018cb799e039ce568124f9b3b9b011 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= <wiktorn@google.com>
Date: Wed, 18 Jan 2023 14:56:12 +0100
Subject: [PATCH] Use google_gkehub_feature_membership

Use google_gkehub_feature_membership to provision ASM on clusters.

Ensure that the cluster membership is refreshed on cluster recreation.
---
 .../ansible/roles/install/tasks/install.yaml  | 19 -------------------
 modules/gke-hub/main.tf                       | 16 +++++++++++++++-
 2 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/install.yaml b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/install.yaml
index b81c49622..f59f03e3d 100644
--- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/install.yaml
+++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/install.yaml
@@ -23,25 +23,6 @@
   set_fact:
     context: "gke_{{ project_id }}_{{ region }}_{{ cluster }}"
 
-- name: Install ASM in cluster
-  shell: > 
-    gcloud container fleet mesh update \
-    --control-plane automatic \
-    --memberships {{ cluster }} \
-    --project {{ project_id }}
-
-- name: Wait until MCP is provisioned
-  shell: > 
-    for i in $(seq 12); do
-      result=$(gcloud container fleet mesh describe --project {{ project_id }} --format json \
-      | jq -r '.membershipStates | to_entries[] | select(.key | endswith("{{ cluster }}")) | .value.servicemesh.controlPlaneManagement.state')
-      if [ "$result" = "ACTIVE" ]; then
-        break
-      fi
-      echo "ASM control plane is not ready yet..."
-      sleep 60
-    done
- 
 - name: Get endpoint IP
   shell: > 
     gcloud container clusters describe "{{ cluster }}" \
diff --git a/modules/gke-hub/main.tf b/modules/gke-hub/main.tf
index f433d3227..aa89c1dc0 100644
--- a/modules/gke-hub/main.tf
+++ b/modules/gke-hub/main.tf
@@ -38,7 +38,7 @@ resource "google_gke_hub_membership" "default" {
   provider      = google-beta
   for_each      = var.clusters
   project       = var.project_id
-  membership_id = each.key
+  membership_id = reverse(split("/", each.value))[0] # forces re-enrollment of the cluster in the fleet in case when cluster is recreated
   endpoint {
     gke_cluster {
       resource_link = each.value
@@ -70,6 +70,20 @@ resource "google_gke_hub_feature" "default" {
   }
 }
 
+resource "google_gke_hub_feature_membership" "servicemesh" {
+  provider   = google-beta
+  for_each   = var.features.servicemesh ? var.clusters : {}
+  project    = var.project_id
+  location   = "global"
+  feature    = google_gke_hub_feature.default["servicemesh"].name
+  membership = google_gke_hub_membership.default[each.key].membership_id
+
+  mesh {
+    management    = "MANAGEMENT_AUTOMATIC"
+    control_plane = "AUTOMATIC"
+  }
+}
+
 resource "google_gke_hub_feature_membership" "default" {
   provider   = google-beta
   for_each   = local.cluster_cm_config