coreos · squat · Oct 26, 2017 · Oct 17, 2017 · Oct 20, 2017
diff --git a/Documentation/variables/gcp.md b/Documentation/variables/gcp.md
@@ -15,6 +15,7 @@ This document gives an overview of variables used in the Google Cloud platform o
 | tectonic_gcp_master_disktype | The type of disk (pd-standard or pd-ssd) for the master nodes. | string | `pd-standard` |
 | tectonic_gcp_master_gce_type | Instance size for the master node(s). Example: `n1-standard-2`. | string | `n1-standard-2` |
 | tectonic_gcp_region | The GCP region to use. Some regions only have 2 zones. | string | - |
+| tectonic_gcp_ssh_key | (required) Path to an SSH public key file to be provisioned as the SSH key for the 'core' user. | string | - |
 | tectonic_gcp_worker_disk_size | The size of the disk in gigabytes for the root block device of worker nodes. | string | `30` |
 | tectonic_gcp_worker_disktype | The type of disk (pd-standard or pd-ssd) for the worker nodes. | string | `pd-standard` |
 | tectonic_gcp_worker_gce_type | Instance size for the worker node(s). Example: `n1-standard-2`. | string | `n1-standard-2` |

diff --git a/Makefile b/Makefile
@@ -184,6 +184,8 @@ tests/smoke: bin/smoke smoke-test-env-docker-image
 	-e GOOGLE_CREDENTIALS \
 	-e GOOGLE_CLOUD_KEYFILE_JSON \
 	-e GCLOUD_KEYFILE_JSON \
+	-e GOOGLE_PROJECT \
+	-e TF_VAR_tectonic_gcp_ssh_key \
 	-e TF_VAR_tectonic_aws_region \
 	-e TF_VAR_tectonic_aws_ssh_key \
 	-e TF_VAR_tectonic_azure_location \

diff --git a/examples/terraform.tfvars.gcp b/examples/terraform.tfvars.gcp
@@ -145,6 +145,9 @@ tectonic_gcp_master_gce_type = "n1-standard-2"
 // The GCP region to use. Some regions only have 2 zones.
 tectonic_gcp_region = ""
 
+// (required) Path to an SSH public key file to be provisioned as the SSH key for the 'core' user.
+tectonic_gcp_ssh_key = ""
+
 // The size of the disk in gigabytes for the root block device of worker nodes.
 tectonic_gcp_worker_disk_size = "30"
 

diff --git a/modules/gcp/etcd/etcd.tf b/modules/gcp/etcd/etcd.tf
@@ -41,6 +41,7 @@ resource "google_compute_instance" "etcd-node" {
 
   metadata = {
     user-data = "${data.ignition_config.etcd.*.rendered[count.index]}"
+    sshKeys   = "core:${file(var.public_ssh_key)}"
   }
 
   service_account {

diff --git a/modules/gcp/etcd/variables.tf b/modules/gcp/etcd/variables.tf
@@ -99,3 +99,7 @@ variable "tls_peer_crt_pem" {
 variable "ign_etcd_dropin_id_list" {
   type = "list"
 }
+
+variable "public_ssh_key" {
+  default = ""
+}
diff --git a/modules/gcp/master-igm/master.tf b/modules/gcp/master-igm/master.tf
@@ -39,6 +39,7 @@ resource "google_compute_instance_template" "master-it" {
 
   metadata = {
     user-data = "${data.ignition_config.main.rendered}"
+    sshKeys   = "core:${file(var.public_ssh_key)}"
   }
 
   service_account {

diff --git a/modules/gcp/master-igm/variables.tf b/modules/gcp/master-igm/variables.tf
@@ -96,3 +96,7 @@ variable "image_re" {
   description = "(internal) Regular expression used to extract repo and tag components from image strings"
   type        = "string"
 }
+
+variable "public_ssh_key" {
+  default = ""
+}
diff --git a/modules/gcp/network/loadbalancer.tf b/modules/gcp/network/loadbalancer.tf
@@ -1,5 +1,6 @@
 resource "google_compute_target_pool" "master-targetpool" {
-  name = "${var.cluster_name}-master-targetpool"
+  name             = "${var.cluster_name}-master-targetpool"
+  session_affinity = "CLIENT_IP_PROTO"
 }
 
 resource "google_compute_target_pool" "worker-targetpool" {
@@ -35,6 +36,15 @@ resource "google_compute_address" "ingress-ip" {
   name = "${var.cluster_name}-ingress-ip"
 }
 
+resource "google_compute_forwarding_rule" "api-external-ssh-fwd-rule" {
+  load_balancing_scheme = "EXTERNAL"
+  name                  = "${var.cluster_name}-api-external-ssh-fwd-rule"
+  ip_address            = "${google_compute_address.masters-ip.address}"
+  region                = "${var.gcp_region}"
+  target                = "${google_compute_target_pool.master-targetpool.self_link}"
+  port_range            = "22"
+}
+
 resource "google_compute_forwarding_rule" "ingress-external-http-fwd-rule" {
   load_balancing_scheme = "EXTERNAL"
   name                  = "${var.cluster_name}-ingress-external-http-fwd-rule"

diff --git a/modules/gcp/worker-igm/variables.tf b/modules/gcp/worker-igm/variables.tf
@@ -59,3 +59,7 @@ variable "disk_size" {
 variable "ign_gcs_puller_id" {
   type = "string"
 }
+
+variable "public_ssh_key" {
+  default = ""
+}
diff --git a/modules/gcp/worker-igm/worker.tf b/modules/gcp/worker-igm/worker.tf
@@ -39,6 +39,7 @@ resource "google_compute_instance_template" "worker-it" {
 
   metadata = {
     user-data = "${data.ignition_config.main.rendered}"
+    sshKeys   = "core:${file(var.public_ssh_key)}"
   }
 
   service_account {

diff --git a/platforms/gcp/main.tf b/platforms/gcp/main.tf
@@ -19,6 +19,13 @@ provider "google" {
   version = "1.1.0"
 }
 
+module "container_linux" {
+  source = "../../modules/container_linux"
+
+  channel = "${var.tectonic_container_linux_channel}"
+  version = "${var.tectonic_container_linux_version}"
+}
+
 module "network" {
   source = "../../modules/gcp/network"
 
@@ -73,6 +80,7 @@ module "etcd" {
   machine_type      = "${var.tectonic_gcp_etcd_gce_type}"
   managed_zone_name = "${var.tectonic_gcp_ext_google_managedzone_name}"
   cluster_name      = "${var.tectonic_cluster_name}"
+  public_ssh_key    = "${var.tectonic_gcp_ssh_key}"
   base_domain       = "${var.tectonic_base_domain}"
   container_image   = "${var.tectonic_container_images["etcd"]}"
 
@@ -103,6 +111,7 @@ module "masters" {
   zone_list           = "${var.tectonic_gcp_zones}"
   machine_type        = "${var.tectonic_gcp_master_gce_type}"
   cluster_name        = "${var.tectonic_cluster_name}"
+  public_ssh_key      = "${var.tectonic_gcp_ssh_key}"
   assets_gcs_location = "${google_storage_bucket.tectonic.name}/${google_storage_bucket_object.tectonic-assets.name}"
 
   master_subnetwork_name      = "${module.network.master_subnetwork_name}"
@@ -137,6 +146,7 @@ module "workers" {
   zone_list      = "${var.tectonic_gcp_zones}"
   machine_type   = "${var.tectonic_gcp_worker_gce_type}"
   cluster_name   = "${var.tectonic_cluster_name}"
+  public_ssh_key = "${var.tectonic_gcp_ssh_key}"
 
   worker_subnetwork_name      = "${module.network.worker_subnetwork_name}"
   worker_targetpool_self_link = "${module.network.worker_targetpool_self_link}"

diff --git a/platforms/gcp/variables.tf b/platforms/gcp/variables.tf
@@ -92,3 +92,8 @@ variable "tectonic_gcp_etcd_disk_size" {
   default     = "30"
   description = "The size of the disk in gigabytes for the root block device of etcd nodes."
 }
+
+variable "tectonic_gcp_ssh_key" {
+  type        = "string"
+  description = "(required) Path to an SSH public key file to be provisioned as the SSH key for the 'core' user."
+}
diff --git a/tests/rspec/lib/container_linux.rb b/tests/rspec/lib/container_linux.rb
@@ -16,13 +16,13 @@
 module ContainerLinux
   def self.version(cluster)
     v, err, = ssh_exec(cluster.master_ip_address, SSH_CMD_CONTAINER_LINUX_VERSION)
-    raise "failed to get Container Linux version for #{cluster.master_ip_address}" if err != ''
+    raise "failed to get Container Linux version for #{cluster.master_ip_address}: #{err}" if err != ''
     v.chomp
   end
 
   def self.channel(cluster)
     c, err, = ssh_exec(cluster.master_ip_address, SSH_CMD_CONTAINER_LINUX_CHANNEL)
-    raise "failed to get Container Linux channel for #{cluster.master_ip_address}" if err != ''
+    raise "failed to get Container Linux channel for #{cluster.master_ip_address}: #{err}" if err != ''
     c.chomp
   end
 end
diff --git a/tests/rspec/lib/gcp_cluster.rb b/tests/rspec/lib/gcp_cluster.rb
@@ -24,6 +24,32 @@ def credentials_defined?
       GCLOUD_KEYFILE_JSON
       GOOGLE_APPLICATION_CREDENTIALS
     ]
-    EnvVar.contains_any(credential_vars)
+    EnvVar.contains_any?(credential_vars)
+  end
+
+  def master_ip_addresses
+    ip_addresses = []
+    Dir.chdir(@build_path) do
+      ip_address = `echo module.network.master_ip | terraform console ../../platforms/gcp`.chomp
+      if ip_address.empty?
+        raise 'should get the master_ip_address to use in the tests.'
+      end
+      ip_addresses.push(ip_address)
+      ip_addresses
+    end
+  end
+
+  def master_ip_address
+    master_ip_addresses[0]
+  end
+
+  def tectonic_console_url
+    Dir.chdir(@build_path) do
+      console_url = `echo module.dns.kube_ingress_fqdn | terraform console ../../platforms/gcp`.chomp
+      if console_url.empty?
+        raise 'should get the console url to use in the UI tests.'
+      end
+      console_url
+    end
   end
 end
diff --git a/tests/smoke/gcp/vars/gcp.tfvars.json b/tests/smoke/gcp/vars/gcp.tfvars.json
@@ -1,23 +1,17 @@
 {
-  "tectonic_cluster_name": "test-cluster",
-  "tectonic_gcp_project_id": "project-id",
+  "tectonic_bootstrap_upgrade_cl": "false",
   "tectonic_gcp_region": "us-central1",
-  "google_managedzone_name": "managedzone-name",
-  "tectonic_base_domain": "tectonic.dev.coreos.systems",
+  "tectonic_gcp_zones" : ["us-central1-a","us-central1-b"],
+  "tectonic_gcp_ext_google_managedzone_name": "testing",
+  "tectonic_gcp_ssh_key": "~/.ssh/id_rsa.pub",
+  "tectonic_base_domain": "tectonic.gcp.dev.coreos.systems",
   "tectonic_gcp_credentials": "",
-  "tectonic_master_count": "3",
-  "tectonic_worker_count": "2",
-  "tectonic_etcd_count": "3",
-  "tectonic_cl_channel": "stable",
+  "tectonic_master_count": "1",
+  "tectonic_worker_count": "1",
+  "tectonic_etcd_count": "1",
   "tectonic_gcp_master_gce_type": "n1-standard-2",
   "tectonic_gcp_worker_gce_type": "n1-standard-2",
   "tectonic_gcp_etcd_gce_type": "n1-standard-1",
   "tectonic_gcp_etcd_disktype": "pd-standard",
-  "tectonic_gcp_etcd_disk_size": 30,
-  "tectonic_update_server": "",
-  "tectonic_update_channel": "",
-  "tectonic_update_app_id": "",
-  "tectonic_gcp_network_masters_cidr_range": "10.10.0.0/16",
-  "tectonic_gcp_network_workers_cidr_range": "10.11.0.0/16",
   "tectonic_etcd_servers": []
 }