ctrlplanedev · adityachoudhari26 · Aug 27, 2024 · Aug 25, 2024 · Aug 25, 2024 · Aug 25, 2024
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/example/.terraform.lock.hcl b/example/.terraform.lock.hcl
diff --git a/example/main.tf b/example/main.tf
@@ -0,0 +1,16 @@
+provider "google" {
+  project = var.project_id
+  region  = var.region
+  zone    = var.zone
+}
+
+provider "google-beta" {
+  project = var.project_id
+  region  = var.region
+  zone    = var.zone
+}
+
+module "ctrlplane" {
+  source    = "../"
+  namespace = var.namespace
+}
diff --git a/example/variables.tf b/example/variables.tf
@@ -0,0 +1,19 @@
+variable "project_id" {
+  type        = string
+  description = "Project ID"
+}
+
+variable "region" {
+  type        = string
+  description = "Google region"
+}
+
+variable "zone" {
+  type        = string
+  description = "Google zone"
+}
+
+variable "namespace" {
+  type        = string
+  description = "Namespace prefix used for resources"
+}
diff --git a/main.tf b/main.tf
@@ -0,0 +1,62 @@
+module "project_factory_project_services" {
+  source                      = "terraform-google-modules/project-factory/google//modules/project_services"
+  version                     = "~> 16.0"
+  project_id                  = null
+  disable_dependent_services  = false
+  disable_services_on_destroy = false
+  activate_apis = [
+    "sqladmin.googleapis.com",          // Database
+    "networkmanagement.googleapis.com", // Networking
+    "servicenetworking.googleapis.com", // Networking
+  ]
+}
+
+module "networking" {
+  source    = "./modules/networking"
+  namespace = var.namespace
+
+  depends_on = [module.project_factory_project_services]
+}
+
+module "database" {
+  source    = "./modules/database"
+  namespace = var.namespace
+
+  network_connection_string = module.networking.network_connection_string
+
+  postgres_tier    = var.postgres_tier
+  postgres_version = var.postgres_version
+
+  deletion_protection = var.deletion_protection
+
+  depends_on = [module.networking]
+}
+
+module "redis" {
+  source    = "./modules/redis"
+  namespace = var.namespace
+
+  tier           = var.redis_tier
+  memory_size_gb = var.redis_memory_size_gb
+
+  network_id = module.networking.network_id
+}
+
+module "service_accounts" {
+  source    = "./modules/service_accounts"
+  namespace = var.namespace
+}
+
+module "gke" {
+  source    = "./modules/gke"
+  namespace = var.namespace
+
+  deletion_protection = var.deletion_protection
+
+  network_self_link    = module.networking.network_self_link
+  subnetwork_self_link = module.networking.subnetwork_self_link
+
+  service_account_email = module.service_accounts.service_account_email
+
+  depends_on = [module.networking, module.service_accounts]
+}
diff --git a/modules/database/main.tf b/modules/database/main.tf
@@ -0,0 +1,43 @@
+resource "random_string" "this" {
+  length  = 32
+  special = false
+}
+
+resource "random_pet" "this" {
+  length = 2
+  keepers = {
+    namespace = var.postgres_version
+  }
+}
+
+locals {
+  database_name        = "ctrlplane"
+  master_username      = "ctrlplane"
+  master_password      = random_string.this.result
+  master_instance_name = "${var.namespace}-${random_pet.this.id}"
+}
+
+resource "google_sql_database_instance" "this" {
+  name             = local.master_instance_name
+  database_version = var.postgres_version
+
+  settings {
+    tier = var.postgres_tier
+    ip_configuration {
+      ipv4_enabled    = false
+      private_network = var.network_connection_string
+    }
+  }
+}
+
+resource "google_sql_database" "this" {
+  name     = local.database_name
+  instance = google_sql_database_instance.this.name
+}
+
+resource "google_sql_user" "this" {
+  instance = google_sql_database_instance.this.name
+  name     = local.master_username
+  password = local.master_password
+}
+
diff --git a/modules/database/outputs.tf b/modules/database/outputs.tf
@@ -0,0 +1,19 @@
+output "database_name" {
+  value       = google_sql_database.this.name
+  description = "The name of the database."
+}
+
+output "sql_user_username" {
+  value       = google_sql_user.this.name
+  description = "The name of the database user."
+}
+
+output "sql_user_password" {
+  value       = google_sql_user.this.password
+  description = "The password of the database user."
+}
+
+output "database_instance_private_ip_address" {
+  value       = google_sql_database_instance.this.private_ip_address
+  description = "The private IP address of the database instance."
+}
diff --git a/modules/database/variables.tf b/modules/database/variables.tf
@@ -0,0 +1,26 @@
+variable "namespace" {
+  description = "Namespace for the database"
+  type        = string
+}
+
+variable "postgres_version" {
+  description = "Version for Postgres"
+  type        = string
+  default     = "POSTGRES_16"
+}
+
+variable "network_connection_string" {
+  description = "The private service networking connection string that will connect Postgres to the network."
+  type        = string
+}
+
+variable "postgres_tier" {
+  description = "The tier for the Postgres instance"
+  type        = string
+}
+
+variable "deletion_protection" {
+  description = "Whether to enable deletion protection for the database instance."
+  type        = bool
+  default     = true
+}
diff --git a/modules/gke/main.tf b/modules/gke/main.tf
@@ -0,0 +1,24 @@
+resource "google_container_cluster" "this" {
+  name = "${var.namespace}-cluster"
+
+  network    = var.network_self_link
+  subnetwork = var.subnetwork_self_link
+
+  enable_autopilot = true
+
+  deletion_protection = var.deletion_protection
+
+  node_config {
+    service_account = var.service_account_email
+  }
+
+  release_channel {
+    channel = "STABLE"
+  }
+
+  master_auth {
+    client_certificate_config {
+      issue_client_certificate = false
+    }
+  }
+}
diff --git a/modules/gke/outputs.tf b/modules/gke/outputs.tf
@@ -0,0 +1 @@
+
diff --git a/modules/gke/variables.tf b/modules/gke/variables.tf
@@ -0,0 +1,25 @@
+variable "namespace" {
+  description = "Namespace for the GKE cluster"
+  type        = string
+}
+
+variable "service_account_email" {
+  description = "The service account email associated with the GKE cluster instances to host Ctrlplane."
+  type        = string
+}
+
+variable "network_self_link" {
+  description = "The network self link."
+  type        = string
+}
+
+variable "subnetwork_self_link" {
+  description = "The subnetwork self link."
+  type        = string
+}
+
+variable "deletion_protection" {
+  description = "Whether to enable deletion protection for the database instance."
+  type        = bool
+  default     = true
+}
diff --git a/modules/networking/main.tf b/modules/networking/main.tf
@@ -0,0 +1,25 @@
+resource "google_compute_network" "this" {
+  name                    = "${var.namespace}-vpc"
+  description             = "Ctrlplane VPC Network"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "this" {
+  name          = "${var.namespace}-subnet"
+  ip_cidr_range = "10.10.0.0/16"
+  network       = google_compute_network.this.self_link
+}
+
+resource "google_compute_global_address" "this" {
+  name          = "${var.namespace}-private-ip-address"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.this.id
+}
+
+resource "google_service_networking_connection" "this" {
+  network                 = google_compute_network.this.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.this.name]
+}
diff --git a/modules/networking/outputs.tf b/modules/networking/outputs.tf
@@ -0,0 +1,19 @@
+output "network_id" {
+  value       = google_compute_network.this.id
+  description = "The network id."
+}
+
+output "network_self_link" {
+  value       = google_compute_network.this.self_link
+  description = "The network self link."
+}
+
+output "subnetwork_self_link" {
+  value       = google_compute_subnetwork.this.self_link
+  description = "The subnetwork self link."
+}
+
+output "network_connection_string" {
+  description = "The private connection string between the network and GCP services."
+  value       = google_service_networking_connection.this.network
+}
diff --git a/modules/networking/variables.tf b/modules/networking/variables.tf
@@ -0,0 +1,4 @@
+variable "namespace" {
+  type        = string
+  description = "The name prefix for all resources created."
+}
diff --git a/modules/redis/main.tf b/modules/redis/main.tf
@@ -0,0 +1,13 @@
+resource "google_redis_instance" "this" {
+  name         = "${var.namespace}-redis"
+  display_name = "${var.namespace} Ctrlplane Instance"
+
+  tier           = var.tier
+  memory_size_gb = var.memory_size_gb
+
+  authorized_network = var.network_id
+
+  auth_enabled = true
+
+  transit_encryption_mode = "SERVER_AUTHENTICATION"
+}