feat: add dns bucket submodule (#59)

* feat: add dns bucket submodule

* Update

main.tf

@@ -161,9 +161,9 @@ locals {
 module "gke" {
   count   = var.enable_private_gke ? 0 : 1
   source  = "terraform-google-modules/kubernetes-engine/google"
-  name    = var.cluster_name
   version = "30.3.0"
 
+  name                              = var.cluster_name
   add_cluster_firewall_rules        = var.add_cluster_firewall_rules
   add_master_webhook_firewall_rules = var.add_master_webhook_firewall_rules
   add_shadow_firewall_rules         = var.add_shadow_firewall_rules
@@ -200,12 +200,11 @@ module "gke" {
 }
 
 module "gke_private" {
-  count  = var.enable_private_gke ? 1 : 0
-  source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
-
-  name    = var.cluster_name
+  count   = var.enable_private_gke ? 1 : 0
+  source  = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
   version = "30.3.0"
 
+  name                              = var.cluster_name
   add_cluster_firewall_rules        = var.add_cluster_firewall_rules
   add_master_webhook_firewall_rules = var.add_master_webhook_firewall_rules
   add_shadow_firewall_rules         = var.add_shadow_firewall_rules

modules/dns-bucket/README.md

@@ -0,0 +1,69 @@
+<!--
+  ~ Copyright 2023 StreamNative, Inc.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+-->
+
+# DNS and Bucket Module
+A basic module used to create Cloud DNS Zone and Storage Buckets.
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.2.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_google.source"></a> [google.source](#provider\_google.source) | n/a |
+| <a name="provider_google.target"></a> [google.target](#provider\_google.target) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_dns_managed_zone.zone](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone) | resource |
+| [google_dns_record_set.delegate](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_record_set) | resource |
+| [google_storage_bucket.tiered_storage](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket) | resource |
+| [google_storage_bucket.velero](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket) | resource |
+| [google_dns_managed_zone.sn](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/dns_managed_zone) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_bucket_cluster_backup_soft_delete"></a> [bucket\_cluster\_backup\_soft\_delete](#input\_bucket\_cluster\_backup\_soft\_delete) | Set the soft deletion policy, if false soft deletes will be disabled. | `bool` | `true` | no |
+| <a name="input_bucket_encryption_kms_key_id"></a> [bucket\_encryption\_kms\_key\_id](#input\_bucket\_encryption\_kms\_key\_id) | KMS key id to use for bucket encryption. If not set, the gcp default key will be used | `string` | `null` | no |
+| <a name="input_bucket_location"></a> [bucket\_location](#input\_bucket\_location) | The location of the bucket | `string` | n/a | yes |
+| <a name="input_bucket_tiered_storage_soft_delete"></a> [bucket\_tiered\_storage\_soft\_delete](#input\_bucket\_tiered\_storage\_soft\_delete) | Set the soft deletion policy, if false soft deletes will be disabled. | `bool` | `true` | no |
+| <a name="input_bucket_uniform_bucket_level_access"></a> [bucket\_uniform\_bucket\_level\_access](#input\_bucket\_uniform\_bucket\_level\_access) | Enables Uniform bucket-level access access to a bucket. | `bool` | `true` | no |
+| <a name="input_custom_dns_zone_id"></a> [custom\_dns\_zone\_id](#input\_custom\_dns\_zone\_id) | if specified, then a streamnative zone will not be created, and this zone will be used instead. Otherwise, we will provision a new zone and delegate access | `string` | `""` | no |
+| <a name="input_custom_dns_zone_name"></a> [custom\_dns\_zone\_name](#input\_custom\_dns\_zone\_name) | must be passed if custom\_dns\_zone\_id is passed, this is the zone name to use | `string` | `""` | no |
+| <a name="input_parent_zone_name"></a> [parent\_zone\_name](#input\_parent\_zone\_name) | The parent zone in which we create the delegation records | `string` | n/a | yes |
+| <a name="input_pm_name"></a> [pm\_name](#input\_pm\_name) | The name of the poolmember, for new clusters, this should be like `pm-<xxxxx>` | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_backup_bucket"></a> [backup\_bucket](#output\_backup\_bucket) | n/a |
+| <a name="output_zone_id"></a> [zone\_id](#output\_zone\_id) | n/a |
+| <a name="output_zone_name"></a> [zone\_name](#output\_zone\_name) | n/a |
+<!-- END_TF_DOCS -->

modules/dns-bucket/bucket.tf

@@ -0,0 +1,51 @@
+# Copyright 2023 StreamNative, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "google_storage_bucket" "velero" {
+  name     = format("%s-cluster-backup", var.pm_name)
+  provider = google.target
+
+  location                    = var.bucket_location
+  uniform_bucket_level_access = var.bucket_uniform_bucket_level_access
+  force_destroy               = true
+  encryption {
+    default_kms_key_name = var.bucket_encryption_kms_key_id
+  }
+
+  dynamic "soft_delete_policy" {
+    for_each = !var.bucket_cluster_backup_soft_delete ? ["apply"] : []
+    content {
+      retention_duration_seconds = 0
+    }
+  }
+}
+
+resource "google_storage_bucket" "tiered_storage" {
+  name     = format("%s-tiered-storage", var.pm_name)
+  provider = google.target
+
+  location                    = var.bucket_location
+  uniform_bucket_level_access = var.bucket_uniform_bucket_level_access
+  force_destroy               = true
+  encryption {
+    default_kms_key_name = var.bucket_encryption_kms_key_id
+  }
+
+  dynamic "soft_delete_policy" {
+    for_each = !var.bucket_cluster_backup_soft_delete ? ["apply"] : []
+    content {
+      retention_duration_seconds = 0
+    }
+  }
+}

modules/dns-bucket/dns.tf

@@ -0,0 +1,52 @@
+# Copyright 2023 StreamNative, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+locals {
+  dns_zone_name = try(data.google_dns_managed_zone.sn[0].dns_name, "")
+  new_zone_name = "${var.pm_name}.${local.dns_zone_name}"
+  new_zone_id   = var.pm_name
+  zone_name     = var.custom_dns_zone_name != "" ? var.custom_dns_zone_name : try(google_dns_managed_zone.zone[0].dns_name, "")
+  zone_id       = var.custom_dns_zone_id != "" ? var.custom_dns_zone_id : try(google_dns_managed_zone.zone[0].name, "")
+}
+
+resource "google_dns_managed_zone" "zone" {
+  count    = var.custom_dns_zone_id == "" ? 1 : 0
+  provider = google.target
+
+  name          = local.new_zone_id
+  dns_name      = local.new_zone_name
+  force_destroy = true
+
+  cloud_logging_config {
+    enable_logging = false
+  }
+}
+
+data "google_dns_managed_zone" "sn" {
+  count    = var.custom_dns_zone_id == "" ? 1 : 0
+  provider = google.source
+
+  name = var.parent_zone_name
+}
+
+resource "google_dns_record_set" "delegate" {
+  count    = var.custom_dns_zone_id == "" ? 1 : 0
+  provider = google.source
+
+  managed_zone = data.google_dns_managed_zone.sn[0].name
+  name         = google_dns_managed_zone.zone[0].dns_name
+  type         = "NS"
+  ttl          = "300"
+  rrdatas      = google_dns_managed_zone.zone[0].name_servers
+}

modules/dns-bucket/outputs.tf

@@ -0,0 +1,25 @@
+# Copyright 2023 StreamNative, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+output "zone_id" {
+  value = local.zone_id
+}
+
+output "zone_name" {
+  value = local.zone_name
+}
+
+output "backup_bucket" {
+  value = google_storage_bucket.velero.name
+}

modules/dns-bucket/variables.tf

@@ -0,0 +1,64 @@
+# Copyright 2023 StreamNative, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "pm_name" {
+  type        = string
+  description = "The name of the poolmember, for new clusters, this should be like `pm-<xxxxx>`"
+}
+
+variable "parent_zone_name" {
+  type        = string
+  description = "The parent zone in which we create the delegation records"
+}
+
+variable "custom_dns_zone_id" {
+  type        = string
+  default     = ""
+  description = "if specified, then a streamnative zone will not be created, and this zone will be used instead. Otherwise, we will provision a new zone and delegate access"
+}
+
+variable "custom_dns_zone_name" {
+  type        = string
+  default     = ""
+  description = "must be passed if custom_dns_zone_id is passed, this is the zone name to use"
+}
+
+variable "bucket_location" {
+  type        = string
+  description = "The location of the bucket"
+}
+
+variable "bucket_encryption_kms_key_id" {
+  type        = string
+  default     = null
+  description = "KMS key id to use for bucket encryption. If not set, the gcp default key will be used"
+}
+
+variable "bucket_uniform_bucket_level_access" {
+  type        = bool
+  default     = true
+  description = "Enables Uniform bucket-level access access to a bucket."
+}
+
+variable "bucket_tiered_storage_soft_delete" {
+  type        = bool
+  default     = true
+  description = "Set the soft deletion policy, if false soft deletes will be disabled."
+}
+
+variable "bucket_cluster_backup_soft_delete" {
+  type        = bool
+  default     = true
+  description = "Set the soft deletion policy, if false soft deletes will be disabled."
+}

modules/dns-bucket/versions.tf

@@ -0,0 +1,33 @@
+# Copyright 2023 StreamNative, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+  required_version = ">=1.2.0"
+
+  required_providers {
+    google = {
+      source = "hashicorp/google"
+      # NOTE! we required two different providers in this module this is because we need to create a zone in the target and then create the delegations in the source
+      configuration_aliases = [google.target, google.source]
+    }
+  }
+}
+
+provider "google" {
+  alias = "target"
+}
+
+provider "google" {
+  alias = "source"
+}