From 3a804ae9e39dd4b83d9b6fd12e5400bd55cb6ec3 Mon Sep 17 00:00:00 2001 From: Ritika Patil Date: Fri, 11 Oct 2024 16:17:36 -0500 Subject: [PATCH] feat: (PSKD-709) Initial draft for NetApp volume --- docs/CONFIG-VARS.md | 2 +- locals.tf | 6 +++++ main.tf | 8 ++++++ modules/google_netapp/main.tf | 39 ++++++++++++++++++++++++++++++ modules/google_netapp/outputs.tf | 3 +++ modules/google_netapp/variables.tf | 17 +++++++++++++ network.tf | 2 +- variables.tf | 12 +++++++++ vms.tf | 6 +++-- 9 files changed, 91 insertions(+), 4 deletions(-) create mode 100644 modules/google_netapp/main.tf create mode 100644 modules/google_netapp/outputs.tf create mode 100644 modules/google_netapp/variables.tf diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 9f80726..d1ffb13 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -17,7 +17,7 @@ Supported configuration variables are listed in the table below. All variables - [Additional Nodepools](#additional-nodepools) - [Storage](#storage) - [For `storage_type=standard` only (NFS server VM)](#for-storage_typestandard-only-nfs-server-vm) - - [For `storage_type=ha` only (Google Filestore)](#for-storage_typeha-only-google-filestore) + - [For `storage_type=ha` only (Google Filestore)](#for-storage_typeha-only-google-filestore) #TODO - [Google Artifact Registry (GAR) and Google Container Registry (GCR)](#google-artifact-registry-gar-and-google-container-registry-gcr) - [Postgres Servers](#postgres-servers) - [Monitoring](#monitoring) diff --git a/locals.tf b/locals.tf index 763bb18..e184431 100644 --- a/locals.tf +++ b/locals.tf @@ -25,6 +25,12 @@ locals { : null ) + # Storage + storage_type_backend = (var.storage_type == "none" ? "none" + : var.storage_type == "standard" ? "nfs" + : var.storage_type == "ha" && var.storage_type_backend == "netapp" ? "netapp" + : var.storage_type == "ha" ? "filestore" : "none") + # Kubernetes kubeconfig_path = var.iac_tooling == "docker" ? "/workspace/${var.prefix}-gke-kubeconfig.conf" : "${var.prefix}-gke-kubeconfig.conf" diff --git a/main.tf b/main.tf index 5b8f47c..77b7601 100644 --- a/main.tf +++ b/main.tf @@ -301,3 +301,11 @@ module "sql_proxy_sa" { project_roles = ["${var.project}=>roles/cloudsql.admin"] display_name = "IAC-managed service account for cluster ${var.prefix} and sql-proxy integration." } + +module "google_netapp" { + source = "./modules/google_netapp" + project = var.project + count = var.storage_type == "standard" && var.storage_type_backend == "netapp" ? 1 : 0 + name = "${var.prefix}-netapp" + region = local.region +} diff --git a/modules/google_netapp/main.tf b/modules/google_netapp/main.tf new file mode 100644 index 0000000..3de0944 --- /dev/null +++ b/modules/google_netapp/main.tf @@ -0,0 +1,39 @@ +# Copyright © 2021-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# Terraform Registry : https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/netapp_volume +# GitHub Repository : https://github.com/terraform-google-modules +# + +resource "google_netapp_storage_pool" "my-tf-pool" { + name = "${var.name}-storage-pool" + location = var.region + service_level = "PREMIUM" + capacity_gib = 2048 + network = data.google_compute_network.my-vpc.id +} + +resource "google_netapp_volume" "my-nfsv3-volume" { + location = var.region + name = "${var.name}-volume" + capacity_gib = 1024 # Size can be up to space available in pool + share_name = "my-nfsv3-volume" + storage_pool = google_netapp_storage_pool.my-tf-pool.name + protocols = ["NFSV4.1"] + unix_permissions = "0777" + export_policy { + # Order of rules matters! Go from most specific to most generic + rules { + access_type = "READ_WRITE" + allowed_clients = "10.10.10.17" + has_root_access = true + nfsv3 = true + } + rules { + access_type = "READ_ONLY" + allowed_clients = "10.10.0.0/16" + has_root_access = false + nfsv3 = true + } + } +} diff --git a/modules/google_netapp/outputs.tf b/modules/google_netapp/outputs.tf new file mode 100644 index 0000000..f0b57b8 --- /dev/null +++ b/modules/google_netapp/outputs.tf @@ -0,0 +1,3 @@ +output "mountpath" { + value = google_netapp_volume.my-nfsv3-volume.mount_options[0].export_full +} diff --git a/modules/google_netapp/variables.tf b/modules/google_netapp/variables.tf new file mode 100644 index 0000000..9ce5f68 --- /dev/null +++ b/modules/google_netapp/variables.tf @@ -0,0 +1,17 @@ +# Copyright © 2021-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +variable "name" { + description = "Name of the VM to be created" + type = string +} + +variable "project" { + description = "The GCP Project to create the VM resources in" + type = string +} + +variable "region" { + description = "The region to create the VM in" + type = string +} \ No newline at end of file diff --git a/network.tf b/network.tf index 511accc..2f08a47 100644 --- a/network.tf +++ b/network.tf @@ -72,7 +72,7 @@ resource "google_service_networking_connection" "private_vpc_connection" { # required as of hashicorp/google v5.12.0 when using google_service_networking_connection in # conjunction with CloudSQL instances in order to cleanly delete resources # https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_networking_connection - deletion_policy = "ABANDON" + deletion_policy = "ABANDON" } resource "google_compute_firewall" "nfs_vm_cluster_firewall" { diff --git a/variables.tf b/variables.tf index e50c25c..0c98fa6 100644 --- a/variables.tf +++ b/variables.tf @@ -184,6 +184,18 @@ variable "storage_type" { } } +variable "storage_type_backend" { + description = "The storage backend used for the chosen storage type. Defaults to 'nfs' for storage_type='standard'. Defaults to 'filestore for storage_type='ha'. 'filestore' and 'netapp' are valid choices for storage_type='ha'." + type = string + default = "nfs" + # If storage_type is standard, this will be set to "nfs" + + validation { + condition = contains(["nfs", "filestore", "netapp", "none"], lower(var.storage_type_backend)) + error_message = "ERROR: Supported values for `storage_type_backend` are nfs, filestore, netapp and none." + } +} + variable "minimum_initial_nodes" { description = "Number of initial nodes to aim for to overcome the Ingress quota limit of 100" type = number diff --git a/vms.tf b/vms.tf index 3b1fcfa..b4563f6 100644 --- a/vms.tf +++ b/vms.tf @@ -4,11 +4,13 @@ locals { rwx_filestore_endpoint = (var.storage_type == "none" ? "" - : var.storage_type == "ha" ? google_filestore_instance.rwx[0].networks[0].ip_addresses[0] : module.nfs_server[0].private_ip + : var.storage_type == "ha" && var.storage_type_backend == "filestore" ? google_filestore_instance.rwx[0].networks[0].ip_addresses[0] + : var.storage_type == "ha" && var.storage_type_backend == "netapp" ? google_filestore_instance.rwx[0].networks[0].ip_addresses[0] : module.nfs_server[0].private_ip # TODO ) rwx_filestore_path = (var.storage_type == "none" ? "" - : var.storage_type == "ha" ? "/${google_filestore_instance.rwx[0].file_shares[0].name}" : "/export" + : var.storage_type == "ha" && var.storage_type_backend == "filestore" ? "/${google_filestore_instance.rwx[0].file_shares[0].name}" + : var.storage_type == "ha" && var.storage_type_backend == "netapp" ? "/${google_filestore_instance.rwx[0].file_shares[0].name}" : "/export" #TODO ) }