From c5ec02738cb4a047c44e8e8b14cb85c0c9620034 Mon Sep 17 00:00:00 2001 From: venky-wandb <92930965+venky-wandb@users.noreply.github.com> Date: Fri, 15 Dec 2023 13:04:26 -0800 Subject: [PATCH] feat: Update redis reserved ip range and Add deletion protection to database (#92) * feat: Update redis reserved ip range * update * parameterize redis reserved ip range * Adds instance deletion protection on cloud sql * terraform-docs: automated action * fix fmt * update --------- Co-authored-by: github-actions[bot] --- README.md | 1 + main.tf | 31 ++++++++++++++++--------------- modules/database/main.tf | 7 ++++--- modules/redis/main.tf | 2 +- modules/redis/variables.tf | 5 +++++ outputs.tf | 8 ++++---- variables.tf | 6 ++++++ 7 files changed, 37 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 227472bb..35ff176e 100644 --- a/README.md +++ b/README.md @@ -112,6 +112,7 @@ No resources. | [oidc\_issuer](#input\_oidc\_issuer) | A url to your Open ID Connect identity provider, i.e. https://cognito-idp.us-east-1.amazonaws.com/us-east-1_uiIFNdacd | `string` | `""` | no | | [oidc\_secret](#input\_oidc\_secret) | The Client secret of application in your identity provider | `string` | `""` | no | | [other\_wandb\_env](#input\_other\_wandb\_env) | Extra environment variables for W&B | `map(string)` | `{}` | no | +| [redis\_reserved\_ip\_range](#input\_redis\_reserved\_ip\_range) | Reserved IP range for REDIS peering connection | `string` | `"10.30.0.0/16"` | no | | [resource\_limits](#input\_resource\_limits) | Specifies the resource limits for the wandb deployment | `map(string)` | 
{
  "cpu": null,
  "memory": null
}
| no | | [resource\_requests](#input\_resource\_requests) | Specifies the resource requests for the wandb deployment | `map(string)` | 
{
  "cpu": "2000m",
  "memory": "2G"
}
| no | | [ssl](#input\_ssl) | Enable SSL certificate | `bool` | `true` | no | diff --git a/main.tf b/main.tf index 3bee933e..9507ef94 100644 --- a/main.tf +++ b/main.tf @@ -89,14 +89,14 @@ module "app_gke" { module "app_lb" { - source = "./modules/app_lb" - namespace = var.namespace - ssl = var.ssl - fqdn = local.fqdn - network = local.network - group = module.app_gke.instance_group_url - service_account = module.service_accounts.service_account - labels = var.labels + source = "./modules/app_lb" + namespace = var.namespace + ssl = var.ssl + fqdn = local.fqdn + network = local.network + group = module.app_gke.instance_group_url + service_account = module.service_accounts.service_account + labels = var.labels allowed_inbound_cidrs = var.allowed_inbound_cidrs depends_on = [module.project_factory_project_services, module.app_gke] @@ -116,12 +116,13 @@ module "database" { } module "redis" { - count = var.create_redis ? 1 : 0 - source = "./modules/redis" - namespace = var.namespace - memory_size_gb = 4 - network = local.network - labels = var.labels + count = var.create_redis ? 1 : 0 + source = "./modules/redis" + namespace = var.namespace + memory_size_gb = 4 + network = local.network + reserved_ip_range = var.redis_reserved_ip_range + labels = var.labels } locals { @@ -152,7 +153,7 @@ module "gke_app" { oidc_secret = var.oidc_secret local_restore = var.local_restore other_wandb_env = merge({ - "GORILLA_DISABLE_CODE_SAVING" = var.disable_code_saving, + "GORILLA_DISABLE_CODE_SAVING" = var.disable_code_saving, "GORILLA_CUSTOMER_SECRET_STORE_SOURCE" = local.secret_store_source }, var.other_wandb_env) diff --git a/modules/database/main.tf b/modules/database/main.tf index 154b4ea5..5b18c8dc 100644 --- a/modules/database/main.tf +++ b/modules/database/main.tf @@ -31,9 +31,10 @@ resource "google_sql_database_instance" "default" { deletion_protection = var.deletion_protection settings { - tier = var.tier - availability_type = var.availability_type - user_labels = var.labels + tier = var.tier + availability_type = var.availability_type + user_labels = var.labels + deletion_protection_enabled = var.deletion_protection backup_configuration { binary_log_enabled = true diff --git a/modules/redis/main.tf b/modules/redis/main.tf index 22dc70b3..0cc996aa 100644 --- a/modules/redis/main.tf +++ b/modules/redis/main.tf @@ -13,7 +13,7 @@ resource "google_redis_instance" "default" { authorized_network = var.network.id redis_version = "REDIS_6_X" - reserved_ip_range = "10.30.0.0/16" + reserved_ip_range = var.reserved_ip_range transit_encryption_mode = "SERVER_AUTHENTICATION" connect_mode = "DIRECT_PEERING" diff --git a/modules/redis/variables.tf b/modules/redis/variables.tf index 06b52a46..fbc1c8d3 100644 --- a/modules/redis/variables.tf +++ b/modules/redis/variables.tf @@ -17,4 +17,9 @@ variable "network" { variable "memory_size_gb" { description = "The amount of memory which will be allocated to the Redis instance; this value must be expressed in gibibytes." type = number +} + +variable "reserved_ip_range" { + description = "This defines the IP range for REDIS peering connection" + type = string } \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index 0a576ba4..a2b38087 100644 --- a/outputs.tf +++ b/outputs.tf @@ -17,13 +17,13 @@ output "cluster_ca_certificate" { } output "cluster_client_certificate" { - sensitive = true - value = module.app_gke.cluster_client_certificate + sensitive = true + value = module.app_gke.cluster_client_certificate } output "cluster_client_key" { - sensitive = true - value = module.app_gke.cluster_client_key + sensitive = true + value = module.app_gke.cluster_client_key } output "cluster_endpoint" { value = module.app_gke.cluster_endpoint diff --git a/variables.tf b/variables.tf index b55c642a..a25b21ca 100644 --- a/variables.tf +++ b/variables.tf @@ -180,6 +180,12 @@ variable "create_redis" { default = false } +variable "redis_reserved_ip_range" { + type = string + description = "Reserved IP range for REDIS peering connection" + default = "10.30.0.0/16" +} + ########################################## # External Bucket # ##########################################