feat: Update redis reserved ip range and Add deletion protection to d…

…atabase (#92)

* feat: Update redis reserved ip range

* update

* parameterize redis reserved ip range

* Adds instance deletion protection on cloud sql

* terraform-docs: automated action

* fix fmt

* update

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

README.md

@@ -112,6 +112,7 @@ No resources.
 | <a name="input_oidc_issuer"></a> [oidc\_issuer](#input\_oidc\_issuer) | A url to your Open ID Connect identity provider, i.e. https://cognito-idp.us-east-1.amazonaws.com/us-east-1_uiIFNdacd | `string` | `""` | no |
 | <a name="input_oidc_secret"></a> [oidc\_secret](#input\_oidc\_secret) | The Client secret of application in your identity provider | `string` | `""` | no |
 | <a name="input_other_wandb_env"></a> [other\_wandb\_env](#input\_other\_wandb\_env) | Extra environment variables for W&B | `map(string)` | `{}` | no |
+| <a name="input_redis_reserved_ip_range"></a> [redis\_reserved\_ip\_range](#input\_redis\_reserved\_ip\_range) | Reserved IP range for REDIS peering connection | `string` | `"10.30.0.0/16"` | no |
 | <a name="input_resource_limits"></a> [resource\_limits](#input\_resource\_limits) | Specifies the resource limits for the wandb deployment | `map(string)` | <pre>{<br>  "cpu": null,<br>  "memory": null<br>}</pre> | no |
 | <a name="input_resource_requests"></a> [resource\_requests](#input\_resource\_requests) | Specifies the resource requests for the wandb deployment | `map(string)` | <pre>{<br>  "cpu": "2000m",<br>  "memory": "2G"<br>}</pre> | no |
 | <a name="input_ssl"></a> [ssl](#input\_ssl) | Enable SSL certificate | `bool` | `true` | no |

main.tf

@@ -89,14 +89,14 @@ module "app_gke" {
 
 
 module "app_lb" {
-  source               = "./modules/app_lb"
-  namespace            = var.namespace
-  ssl                  = var.ssl
-  fqdn                 = local.fqdn
-  network              = local.network
-  group                = module.app_gke.instance_group_url
-  service_account      = module.service_accounts.service_account
-  labels               = var.labels
+  source                = "./modules/app_lb"
+  namespace             = var.namespace
+  ssl                   = var.ssl
+  fqdn                  = local.fqdn
+  network               = local.network
+  group                 = module.app_gke.instance_group_url
+  service_account       = module.service_accounts.service_account
+  labels                = var.labels
   allowed_inbound_cidrs = var.allowed_inbound_cidrs
 
   depends_on = [module.project_factory_project_services, module.app_gke]
@@ -116,12 +116,13 @@ module "database" {
 }
 
 module "redis" {
-  count          = var.create_redis ? 1 : 0
-  source         = "./modules/redis"
-  namespace      = var.namespace
-  memory_size_gb = 4
-  network        = local.network
-  labels         = var.labels
+  count             = var.create_redis ? 1 : 0
+  source            = "./modules/redis"
+  namespace         = var.namespace
+  memory_size_gb    = 4
+  network           = local.network
+  reserved_ip_range = var.redis_reserved_ip_range
+  labels            = var.labels
 }
 
 locals {
@@ -152,7 +153,7 @@ module "gke_app" {
   oidc_secret      = var.oidc_secret
   local_restore    = var.local_restore
   other_wandb_env = merge({
-    "GORILLA_DISABLE_CODE_SAVING" = var.disable_code_saving,
+    "GORILLA_DISABLE_CODE_SAVING"          = var.disable_code_saving,
     "GORILLA_CUSTOMER_SECRET_STORE_SOURCE" = local.secret_store_source
   }, var.other_wandb_env)
 

modules/database/main.tf

@@ -31,9 +31,10 @@ resource "google_sql_database_instance" "default" {
   deletion_protection = var.deletion_protection
 
   settings {
-    tier              = var.tier
-    availability_type = var.availability_type
-    user_labels       = var.labels
+    tier                        = var.tier
+    availability_type           = var.availability_type
+    user_labels                 = var.labels
+    deletion_protection_enabled = var.deletion_protection
 
     backup_configuration {
       binary_log_enabled             = true

modules/redis/main.tf

@@ -13,7 +13,7 @@ resource "google_redis_instance" "default" {
   authorized_network = var.network.id
 
   redis_version     = "REDIS_6_X"
-  reserved_ip_range = "10.30.0.0/16"
+  reserved_ip_range = var.reserved_ip_range
 
   transit_encryption_mode = "SERVER_AUTHENTICATION"
   connect_mode            = "DIRECT_PEERING"

modules/redis/variables.tf

@@ -17,4 +17,9 @@ variable "network" {
 variable "memory_size_gb" {
   description = "The amount of memory which will be allocated to the Redis instance; this value must be expressed in gibibytes."
   type        = number
+}
+
+variable "reserved_ip_range" {
+  description = "This defines the IP range for REDIS peering connection"
+  type        = string
 }

outputs.tf

@@ -17,13 +17,13 @@ output "cluster_ca_certificate" {
 }
 
 output "cluster_client_certificate" {
-  sensitive   = true
-  value = module.app_gke.cluster_client_certificate
+  sensitive = true
+  value     = module.app_gke.cluster_client_certificate
 }
 
 output "cluster_client_key" {
-  sensitive   = true
-  value = module.app_gke.cluster_client_key
+  sensitive = true
+  value     = module.app_gke.cluster_client_key
 }
 output "cluster_endpoint" {
   value       = module.app_gke.cluster_endpoint

variables.tf

@@ -180,6 +180,12 @@ variable "create_redis" {
   default     = false
 }
 
+variable "redis_reserved_ip_range" {
+  type        = string
+  description = "Reserved IP range for REDIS peering connection"
+  default     = "10.30.0.0/16"
+}
+
 ##########################################
 # External Bucket                        #
 ##########################################