From 5437cf555c61c44b29787ec988a90f292ac721f2 Mon Sep 17 00:00:00 2001 From: Max Xu Date: Fri, 13 Dec 2024 16:19:43 +0800 Subject: [PATCH] feat: add dns bucket submodule (#59) * feat: add dns bucket submodule * Update --- main.tf | 9 ++--- modules/dns-bucket/README.md | 69 +++++++++++++++++++++++++++++++++ modules/dns-bucket/bucket.tf | 51 ++++++++++++++++++++++++ modules/dns-bucket/dns.tf | 52 +++++++++++++++++++++++++ modules/dns-bucket/outputs.tf | 25 ++++++++++++ modules/dns-bucket/variables.tf | 64 ++++++++++++++++++++++++++++++ modules/dns-bucket/versions.tf | 33 ++++++++++++++++ 7 files changed, 298 insertions(+), 5 deletions(-) create mode 100644 modules/dns-bucket/README.md create mode 100644 modules/dns-bucket/bucket.tf create mode 100644 modules/dns-bucket/dns.tf create mode 100644 modules/dns-bucket/outputs.tf create mode 100644 modules/dns-bucket/variables.tf create mode 100644 modules/dns-bucket/versions.tf diff --git a/main.tf b/main.tf index 7c5af6f..7fbfc5f 100644 --- a/main.tf +++ b/main.tf @@ -161,9 +161,9 @@ locals { module "gke" { count = var.enable_private_gke ? 0 : 1 source = "terraform-google-modules/kubernetes-engine/google" - name = var.cluster_name version = "30.3.0" + name = var.cluster_name add_cluster_firewall_rules = var.add_cluster_firewall_rules add_master_webhook_firewall_rules = var.add_master_webhook_firewall_rules add_shadow_firewall_rules = var.add_shadow_firewall_rules @@ -200,12 +200,11 @@ module "gke" { } module "gke_private" { - count = var.enable_private_gke ? 1 : 0 - source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" - - name = var.cluster_name + count = var.enable_private_gke ? 1 : 0 + source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" version = "30.3.0" + name = var.cluster_name add_cluster_firewall_rules = var.add_cluster_firewall_rules add_master_webhook_firewall_rules = var.add_master_webhook_firewall_rules add_shadow_firewall_rules = var.add_shadow_firewall_rules diff --git a/modules/dns-bucket/README.md b/modules/dns-bucket/README.md new file mode 100644 index 0000000..4723511 --- /dev/null +++ b/modules/dns-bucket/README.md @@ -0,0 +1,69 @@ + + +# DNS and Bucket Module +A basic module used to create Cloud DNS Zone and Storage Buckets. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >=1.2.0 | + +## Providers + +| Name | Version | +|------|---------| +| [google.source](#provider\_google.source) | n/a | +| [google.target](#provider\_google.target) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [google_dns_managed_zone.zone](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone) | resource | +| [google_dns_record_set.delegate](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_record_set) | resource | +| [google_storage_bucket.tiered_storage](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket) | resource | +| [google_storage_bucket.velero](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket) | resource | +| [google_dns_managed_zone.sn](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/dns_managed_zone) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [bucket\_cluster\_backup\_soft\_delete](#input\_bucket\_cluster\_backup\_soft\_delete) | Set the soft deletion policy, if false soft deletes will be disabled. | `bool` | `true` | no | +| [bucket\_encryption\_kms\_key\_id](#input\_bucket\_encryption\_kms\_key\_id) | KMS key id to use for bucket encryption. If not set, the gcp default key will be used | `string` | `null` | no | +| [bucket\_location](#input\_bucket\_location) | The location of the bucket | `string` | n/a | yes | +| [bucket\_tiered\_storage\_soft\_delete](#input\_bucket\_tiered\_storage\_soft\_delete) | Set the soft deletion policy, if false soft deletes will be disabled. | `bool` | `true` | no | +| [bucket\_uniform\_bucket\_level\_access](#input\_bucket\_uniform\_bucket\_level\_access) | Enables Uniform bucket-level access access to a bucket. | `bool` | `true` | no | +| [custom\_dns\_zone\_id](#input\_custom\_dns\_zone\_id) | if specified, then a streamnative zone will not be created, and this zone will be used instead. Otherwise, we will provision a new zone and delegate access | `string` | `""` | no | +| [custom\_dns\_zone\_name](#input\_custom\_dns\_zone\_name) | must be passed if custom\_dns\_zone\_id is passed, this is the zone name to use | `string` | `""` | no | +| [parent\_zone\_name](#input\_parent\_zone\_name) | The parent zone in which we create the delegation records | `string` | n/a | yes | +| [pm\_name](#input\_pm\_name) | The name of the poolmember, for new clusters, this should be like `pm-` | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [backup\_bucket](#output\_backup\_bucket) | n/a | +| [zone\_id](#output\_zone\_id) | n/a | +| [zone\_name](#output\_zone\_name) | n/a | + \ No newline at end of file diff --git a/modules/dns-bucket/bucket.tf b/modules/dns-bucket/bucket.tf new file mode 100644 index 0000000..612fe09 --- /dev/null +++ b/modules/dns-bucket/bucket.tf @@ -0,0 +1,51 @@ +# Copyright 2023 StreamNative, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "google_storage_bucket" "velero" { + name = format("%s-cluster-backup", var.pm_name) + provider = google.target + + location = var.bucket_location + uniform_bucket_level_access = var.bucket_uniform_bucket_level_access + force_destroy = true + encryption { + default_kms_key_name = var.bucket_encryption_kms_key_id + } + + dynamic "soft_delete_policy" { + for_each = !var.bucket_cluster_backup_soft_delete ? ["apply"] : [] + content { + retention_duration_seconds = 0 + } + } +} + +resource "google_storage_bucket" "tiered_storage" { + name = format("%s-tiered-storage", var.pm_name) + provider = google.target + + location = var.bucket_location + uniform_bucket_level_access = var.bucket_uniform_bucket_level_access + force_destroy = true + encryption { + default_kms_key_name = var.bucket_encryption_kms_key_id + } + + dynamic "soft_delete_policy" { + for_each = !var.bucket_cluster_backup_soft_delete ? ["apply"] : [] + content { + retention_duration_seconds = 0 + } + } +} diff --git a/modules/dns-bucket/dns.tf b/modules/dns-bucket/dns.tf new file mode 100644 index 0000000..fcaf570 --- /dev/null +++ b/modules/dns-bucket/dns.tf @@ -0,0 +1,52 @@ +# Copyright 2023 StreamNative, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +locals { + dns_zone_name = try(data.google_dns_managed_zone.sn[0].dns_name, "") + new_zone_name = "${var.pm_name}.${local.dns_zone_name}" + new_zone_id = var.pm_name + zone_name = var.custom_dns_zone_name != "" ? var.custom_dns_zone_name : try(google_dns_managed_zone.zone[0].dns_name, "") + zone_id = var.custom_dns_zone_id != "" ? var.custom_dns_zone_id : try(google_dns_managed_zone.zone[0].name, "") +} + +resource "google_dns_managed_zone" "zone" { + count = var.custom_dns_zone_id == "" ? 1 : 0 + provider = google.target + + name = local.new_zone_id + dns_name = local.new_zone_name + force_destroy = true + + cloud_logging_config { + enable_logging = false + } +} + +data "google_dns_managed_zone" "sn" { + count = var.custom_dns_zone_id == "" ? 1 : 0 + provider = google.source + + name = var.parent_zone_name +} + +resource "google_dns_record_set" "delegate" { + count = var.custom_dns_zone_id == "" ? 1 : 0 + provider = google.source + + managed_zone = data.google_dns_managed_zone.sn[0].name + name = google_dns_managed_zone.zone[0].dns_name + type = "NS" + ttl = "300" + rrdatas = google_dns_managed_zone.zone[0].name_servers +} diff --git a/modules/dns-bucket/outputs.tf b/modules/dns-bucket/outputs.tf new file mode 100644 index 0000000..ff722dd --- /dev/null +++ b/modules/dns-bucket/outputs.tf @@ -0,0 +1,25 @@ +# Copyright 2023 StreamNative, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +output "zone_id" { + value = local.zone_id +} + +output "zone_name" { + value = local.zone_name +} + +output "backup_bucket" { + value = google_storage_bucket.velero.name +} diff --git a/modules/dns-bucket/variables.tf b/modules/dns-bucket/variables.tf new file mode 100644 index 0000000..8bd2ef5 --- /dev/null +++ b/modules/dns-bucket/variables.tf @@ -0,0 +1,64 @@ +# Copyright 2023 StreamNative, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +variable "pm_name" { + type = string + description = "The name of the poolmember, for new clusters, this should be like `pm-`" +} + +variable "parent_zone_name" { + type = string + description = "The parent zone in which we create the delegation records" +} + +variable "custom_dns_zone_id" { + type = string + default = "" + description = "if specified, then a streamnative zone will not be created, and this zone will be used instead. Otherwise, we will provision a new zone and delegate access" +} + +variable "custom_dns_zone_name" { + type = string + default = "" + description = "must be passed if custom_dns_zone_id is passed, this is the zone name to use" +} + +variable "bucket_location" { + type = string + description = "The location of the bucket" +} + +variable "bucket_encryption_kms_key_id" { + type = string + default = null + description = "KMS key id to use for bucket encryption. If not set, the gcp default key will be used" +} + +variable "bucket_uniform_bucket_level_access" { + type = bool + default = true + description = "Enables Uniform bucket-level access access to a bucket." +} + +variable "bucket_tiered_storage_soft_delete" { + type = bool + default = true + description = "Set the soft deletion policy, if false soft deletes will be disabled." +} + +variable "bucket_cluster_backup_soft_delete" { + type = bool + default = true + description = "Set the soft deletion policy, if false soft deletes will be disabled." +} diff --git a/modules/dns-bucket/versions.tf b/modules/dns-bucket/versions.tf new file mode 100644 index 0000000..86798ff --- /dev/null +++ b/modules/dns-bucket/versions.tf @@ -0,0 +1,33 @@ +# Copyright 2023 StreamNative, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +terraform { + required_version = ">=1.2.0" + + required_providers { + google = { + source = "hashicorp/google" + # NOTE! we required two different providers in this module this is because we need to create a zone in the target and then create the delegations in the source + configuration_aliases = [google.target, google.source] + } + } +} + +provider "google" { + alias = "target" +} + +provider "google" { + alias = "source" +} \ No newline at end of file