Spin up and tear down Elasticsearch (source) and OpenSearch (target) clusters for testing migration scenarios.
- gcloud CLI with Application Default Credentials configured (
gcloud auth application-default login) - terraform or tofu
- kubectl
- Copy
terraform.tfvars.exampletoterraform.tfvarsin the config you want to use and set yourproject_id:
cp sources/gcp/elasticsearch-gke/terraform/terraform.tfvars.example \
sources/gcp/elasticsearch-gke/terraform/terraform.tfvars- Spin up a cluster:
./cluster.sh up sources/gcp/elasticsearch-gke
./cluster.sh up targets/gcp/opensearch-gke-
Use the printed connection details to configure the migration assistant.
-
Tear down when done:
./cluster.sh down sources/gcp/elasticsearch-gke
./cluster.sh down targets/gcp/opensearch-gkeRun ./cluster.sh with no arguments to see all available paths.
| Command | Description |
|---|---|
./cluster.sh up <path> |
Create cluster |
./cluster.sh up <path> --private-networking |
Create cluster with private networking enabled |
./cluster.sh down <path> |
Destroy cluster |
./cluster.sh info <path> |
Re-print connection details for a running cluster |
./cluster.sh specs <path> |
Print effective cluster specs without a running cluster |
By default clusters use external LoadBalancers reachable over the public internet. Two opt-in modes make migration traffic private:
- Optionally add
psc_consumer_project_ids = ["<migration-project-id>"]toterraform.tfvarsto pre-authorize the migration project. If omitted,cluster.shwill warn and you can authorize the consumer separately after deploy. - Run
./cluster.sh up <config> --private-networking. - After apply,
cluster.shprints aPSC URI— supply this assource_connectivity.service_attachmentortarget_connectivity.service_attachmentin the migration console.
The cluster owner must accept the PSC connection from the migration project before the link becomes ACTIVE.
Set the vpc_peering block in terraform.tfvars. After apply, the migration cluster must create the reciprocal peering targeting the vpc_network_self_link Terraform output. CIDRs must not overlap with 10.0.0.0/20 (nodes), 10.4.0.0/14 (pods), or 10.8.0.0/20 (services).
See terraform.tfvars.example in each config for full examples.
cluster.sh is a thin wrapper around Terraform. Each config under sources/ or targets/ has a terraform/ directory that provisions everything — GKE cluster, VPC, and workloads (via the Helm provider).
uprunsterraform init+terraform apply -auto-approve, then connects to the cluster viagcloudand queries kubectl for the LoadBalancer IP and credentials.downremoves the kubectl context and runsterraform destroy -auto-approve.infoconnects and prints the cluster details without modifying anything.
A shared module at modules/gke-cluster/ provides the common GKE infrastructure (VPC, subnet, cluster, node pool). Each config's main.tf calls this module and adds its own Helm releases.
- Create a new directory under
sources/<platform>/ortargets/<platform>/(e.g.targets/gcp/opensearch-aiven/) - Add a
terraform/directory withmain.tf,variables.tf,versions.tf,outputs.tf, andterraform.tfvars.example - Call the shared
modules/gke-clustermodule for GKE-based configs, or write platform-specific infra - Add a
softwareoutput (e.g."OpenSearch v2.19.0") and acluster_passwordoutput if the password is managed by Terraform - Update the
print_infocase statement incluster.shwith the kubectl commands to retrieve the IP and credentials for your config