feat: (PSKD-709) Initial draft for NetApp volume

docs/CONFIG-VARS.md

@@ -17,7 +17,7 @@ Supported configuration variables are listed in the table below.  All variables
     - [Additional Nodepools](#additional-nodepools)
   - [Storage](#storage)
     - [For `storage_type=standard` only (NFS server VM)](#for-storage_typestandard-only-nfs-server-vm)
-    - [For `storage_type=ha` only (Google Filestore)](#for-storage_typeha-only-google-filestore)
+    - [For `storage_type=ha` only (Google Filestore)](#for-storage_typeha-only-google-filestore) #TODO
   - [Google Artifact Registry (GAR) and Google Container Registry (GCR)](#google-artifact-registry-gar-and-google-container-registry-gcr)
   - [Postgres Servers](#postgres-servers)
   - [Monitoring](#monitoring)

locals.tf

@@ -25,6 +25,12 @@ locals {
     : null
   )
 
+  # Storage
+  storage_type_backend = (var.storage_type == "none" ? "none"
+    : var.storage_type == "standard" ? "nfs"
+    : var.storage_type == "ha" && var.storage_type_backend == "netapp" ? "netapp"
+  : var.storage_type == "ha" ? "filestore" : "none")
+
   # Kubernetes
   kubeconfig_path = var.iac_tooling == "docker" ? "/workspace/${var.prefix}-gke-kubeconfig.conf" : "${var.prefix}-gke-kubeconfig.conf"
 

main.tf

@@ -301,3 +301,11 @@ module "sql_proxy_sa" {
   project_roles = ["${var.project}=>roles/cloudsql.admin"]
   display_name  = "IAC-managed service account for cluster ${var.prefix} and sql-proxy integration."
 }
+
+module "google_netapp" {
+  source  = "./modules/google_netapp"
+  project = var.project
+  count   = var.storage_type == "standard" && var.storage_type_backend == "netapp" ? 1 : 0
+  name    = "${var.prefix}-netapp"
+  region  = local.region
+}

modules/google_netapp/main.tf

@@ -0,0 +1,39 @@
+# Copyright © 2021-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Terraform Registry : https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/netapp_volume
+# GitHub Repository  : https://github.com/terraform-google-modules
+#
+
+resource "google_netapp_storage_pool" "my-tf-pool" {
+  name          = "${var.name}-storage-pool"
+  location      = var.region
+  service_level = "PREMIUM"
+  capacity_gib  = 2048
+  network       = data.google_compute_network.my-vpc.id
+}
+
+resource "google_netapp_volume" "my-nfsv3-volume" {
+  location         = var.region
+  name             = "${var.name}-volume"
+  capacity_gib     = 1024 # Size can be up to space available in pool
+  share_name       = "my-nfsv3-volume"
+  storage_pool     = google_netapp_storage_pool.my-tf-pool.name
+  protocols        = ["NFSV4.1"]
+  unix_permissions = "0777"
+  export_policy {
+    # Order of rules matters! Go from most specific to most generic
+    rules {
+      access_type     = "READ_WRITE"
+      allowed_clients = "10.10.10.17"
+      has_root_access = true
+      nfsv3           = true
+    }
+    rules {
+      access_type     = "READ_ONLY"
+      allowed_clients = "10.10.0.0/16"
+      has_root_access = false
+      nfsv3           = true
+    }
+  }
+}

modules/google_netapp/outputs.tf

@@ -0,0 +1,3 @@
+output "mountpath" {
+  value = google_netapp_volume.my-nfsv3-volume.mount_options[0].export_full
+}

modules/google_netapp/variables.tf

@@ -0,0 +1,17 @@
+# Copyright © 2021-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+variable "name" {
+  description = "Name of the VM to be created"
+  type        = string
+}
+
+variable "project" {
+  description = "The GCP Project to create the VM resources in"
+  type        = string
+}
+
+variable "region" {
+  description = "The region to create the VM in"
+  type        = string
+}

network.tf

@@ -72,7 +72,7 @@ resource "google_service_networking_connection" "private_vpc_connection" {
   # required as of hashicorp/google v5.12.0 when using google_service_networking_connection in
   # conjunction with CloudSQL instances in order to cleanly delete resources
   # https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_networking_connection
-  deletion_policy         = "ABANDON"
+  deletion_policy = "ABANDON"
 }
 
 resource "google_compute_firewall" "nfs_vm_cluster_firewall" {

variables.tf

@@ -184,6 +184,18 @@ variable "storage_type" {
   }
 }
 
+variable "storage_type_backend" {
+  description = "The storage backend used for the chosen storage type. Defaults to 'nfs' for storage_type='standard'. Defaults to 'filestore for storage_type='ha'. 'filestore' and 'netapp' are valid choices for storage_type='ha'."
+  type        = string
+  default     = "nfs"
+  # If storage_type is standard, this will be set to "nfs"
+
+  validation {
+    condition     = contains(["nfs", "filestore", "netapp", "none"], lower(var.storage_type_backend))
+    error_message = "ERROR: Supported values for `storage_type_backend` are nfs, filestore, netapp and none."
+  }
+}
+
 variable "minimum_initial_nodes" {
   description = "Number of initial nodes to aim for to overcome the Ingress quota limit of 100"
   type        = number

vms.tf

@@ -4,11 +4,13 @@
 locals {
   rwx_filestore_endpoint = (var.storage_type == "none"
     ? ""
-    : var.storage_type == "ha" ? google_filestore_instance.rwx[0].networks[0].ip_addresses[0] : module.nfs_server[0].private_ip
+    : var.storage_type == "ha" && var.storage_type_backend == "filestore" ? google_filestore_instance.rwx[0].networks[0].ip_addresses[0]
+    : var.storage_type == "ha" && var.storage_type_backend == "netapp" ? google_filestore_instance.rwx[0].networks[0].ip_addresses[0] : module.nfs_server[0].private_ip # TODO
   )
   rwx_filestore_path = (var.storage_type == "none"
     ? ""
-    : var.storage_type == "ha" ? "/${google_filestore_instance.rwx[0].file_shares[0].name}" : "/export"
+    : var.storage_type == "ha" && var.storage_type_backend == "filestore" ? "/${google_filestore_instance.rwx[0].file_shares[0].name}"
+    : var.storage_type == "ha" && var.storage_type_backend == "netapp" ? "/${google_filestore_instance.rwx[0].file_shares[0].name}" : "/export" #TODO
   )
 }