Add mesh_id label from ASM module

[Monkeyanator]

Up to now users have added the mesh_id label to their clusters after running the TF apply (usually after they realize metrics aren't working for their ASM install). This labels the cluster as part of the ASM module.

Not ideal since it adds another imperative step to the module but this is an important thing to get right out of the box and won't be needed at some point in the future.

[comment-bot-dev]

Thanks for the PR! 🚀
✅ Lint checks have passed.

[bharathkkb]

Thanks for the PR @Monkeyanator

[bharathkkb]

This will cause a diff when users manage clusters via TF. If users are managing ASM via TF, it seems reasonable to assume they will be managing clusters via TF too which means they can follow the docs in #1284

[Monkeyanator]

I see, so the suggestion is to keep this as a documented step instead of including in the module? I'm fine with that as well.

[bharathkkb]

Yes, I think docs is easiest. Something we could investigate is if we can fail fast and surface error using https://www.terraform.io/language/meta-arguments/lifecycle#custom-condition-checks.

resource "kubernetes_namespace" "system" {
  metadata {
    name = "istio-system"
  }
    lifecycle {
    # The cluster must have mesh-id label
    precondition {
      condition     = contains( keys(data. google_container_cluster.asm.labels), "mesh_id") && maybe validate value too
      error_message = "The GKE cluster must have mesh_id label"
    }
  }
}

This will be a breaking change (due to min TF version bump) and require customers to upgrade to TF 1.2

[Monkeyanator]

Sounds good. Do we know how long before we expect it's reasonable to allow 1.2 features in our modules? Looks like it just released <1 month ago.