Merge pull request #109 from iits-consulting/v6.0.4

v6.0.4

modules/cert_manager/README.md

@@ -1,3 +1,18 @@
+## Cert Manager
+
+A module designed to install cert-manager Helm chart with DNS challenge capabilities. 
+
+Usage example:
+```hcl
+module "cert_manager" {
+  source        = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/cert_manager"
+  version       = "6.0.2"
+  chart_version = local.chart_versions.cert-manager
+  email         = "iits@iits-consulting.de"
+  username      = "${var.stage}-dns-admin"
+}
+```
+
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
 
@@ -34,7 +49,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_email"></a> [email](#input\_email) | E-Mail to use for the ACME Registration and DNS management. | `string` | n/a | yes |
 | <a name="input_chart_name"></a> [chart\_name](#input\_chart\_name) | Name of the IITS cert-manager chart. | `string` | `"cert-manager"` | no |
-| <a name="input_chart_repository"></a> [chart\_repository](#input\_chart\_repository) | Chart repository of the IITS cert-manager chart. | `string` | `"chart.iits.tech"` | no |
+| <a name="input_chart_repository"></a> [chart\_repository](#input\_chart\_repository) | Chart repository of the IITS cert-manager chart. | `string` | `"https://charts.iits.tech"` | no |
 | <a name="input_chart_set_parameter"></a> [chart\_set\_parameter](#input\_chart\_set\_parameter) | Override the values of the IITS cert-manager chart using set. | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
 | <a name="input_chart_set_sensitive_parameter"></a> [chart\_set\_sensitive\_parameter](#input\_chart\_set\_sensitive\_parameter) | Override the values of the IITS cert-manager chart using set\_sensitive. | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
 | <a name="input_chart_values"></a> [chart\_values](#input\_chart\_values) | Override the values of the IITS cert-manager chart using value files. | `list(string)` | `[]` | no |

modules/crd_installer/README.md

@@ -1,3 +1,37 @@
+## Custom Resource Definition Installer
+
+A module designed to automatically extract the crds from Helm charts and install them on the target kubernetes cluster. The module can be used with existing CRDs without importing.
+
+Usage example:
+```hcl
+module "crds" {
+  source  = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/crd_installer"
+  version = "6.0.2"
+  charts = {
+    exampleChart1 = {
+      repository = "https://charts.iits.tech"
+      version    = "0.0.1"
+      set = [{
+        name  = "exampleChart1.installCRDs"
+        value = true
+      }]
+    }
+    exampleChart2 = {
+      repository = "https://charts.iits.tech"
+      version    = "0.0.2"
+      set = [{
+        name  = "exampleChart2.crds.install"
+        value = true
+      }]
+    }
+  }
+}
+```
+
+> **WARNING:** This module will have a large footprint on the terraform state depending on the size and number of charts.  
+> Module execution and subsequent state generation can take a longer than usual time due to the large size of the state the module generates.  
+> It is recommended to use it as standalone in its own script to separate its state from other terraform scripts.
+
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
 

modules/dedicated_loadbalancer/README.md

@@ -1,3 +1,31 @@
+## Dedicated Loadbalancer
+
+A module designed to create and manage a dedicated ELB instance with private and public IP.
+
+Usage example:
+```
+module "vpc" {
+  source     = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/vpc"
+  version    = "6.0.2"
+  name       = "${var.context}-${var.stage}-vpc"
+  cidr_block = var.vpc_cidr
+  subnets = {
+    "dmz-subnet" = cidrsubnet(var.vpc_cidr, 1, 0)
+  }
+  tags = local.tags
+}
+
+module "loadbalancer" {
+  source             = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/dedicated_loadbalancer"
+  version            = "6.0.2"
+  availability_zones = var.availability_zones
+  name_prefix        = "${var.context}-${var.stage}"
+  subnet_id          = module.vpc.subnets["dmz-subnet"].subnet_id
+  network_ids        = [module.vpc.subnets["dmz-subnet"].network_id]
+  tags               = local.tags
+}
+```
+
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
 

modules/dedicated_loadbalancer/main.tf

@@ -39,15 +39,3 @@ resource "opentelekomcloud_vpc_eip_v1" "ingress_eip" {
   }
   tags = var.tags
 }
-
-output "elb_id" {
-  value = opentelekomcloud_lb_loadbalancer_v3.elb.id
-}
-
-output "elb_private_ip" {
-  value = opentelekomcloud_lb_loadbalancer_v3.elb.vip_address
-}
-
-output "elb_public_ip" {
-  value = opentelekomcloud_vpc_eip_v1.ingress_eip.publicip[0].ip_address
-}

modules/dedicated_loadbalancer/output.tf

@@ -0,0 +1,11 @@
+output "elb_id" {
+  value = opentelekomcloud_lb_loadbalancer_v3.elb.id
+}
+
+output "elb_private_ip" {
+  value = opentelekomcloud_lb_loadbalancer_v3.elb.vip_address
+}
+
+output "elb_public_ip" {
+  value = opentelekomcloud_vpc_eip_v1.ingress_eip.publicip[0].ip_address
+}

modules/projects/README.md

@@ -1,3 +1,19 @@
+## Projects
+
+A module designed to create and manage projects. The module is designed to automatically add agencies required for KMS-SSE and CCE to all projects it creates. It will also add the same agencies to existing region level projects (eu-de and eu-nl).
+
+Usage example:
+```
+module "vpc" {
+  source     = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/projects"
+  version    = "6.0.2"
+  projects   = {
+    eu-de_myproject-dev  = "Development stage for the myproject."
+    eu-de_myproject-prod = "Production stage for the myproject."
+  }
+}
+```
+
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
 

modules/sfs/README.md

@@ -1,3 +1,20 @@
+## Scalable File Service (SFS)
+
+A module designed to create and manage SFS volumes with configurable encryption and backup systems.
+
+Usage example:
+```
+module "sfs" {
+  source     = "registry.terraform.io/iits-consulting/project-factory/opentelekomcloud//modules/sfs"
+  version    = "6.0.2"
+
+  availability_zone = "eu-de-01"
+  vpc_id            = module.vpc.vpc.id
+  subnet_id         = module.vpc.subnets["mysubnet"].id
+  volume_name       = "myvolume"
+}
+```
+
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
 
@@ -30,14 +47,17 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | Subnet network id where the SFS volume will be created in. | `string` | n/a | yes |
-| <a name="input_volume_name"></a> [volume\_name](#input\_volume\_name) | n/a | `string` | n/a | yes |
-| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC id where the SFS volume will be created in. | `any` | n/a | yes |
-| <a name="input_availability_zone"></a> [availability\_zone](#input\_availability\_zone) | n/a | `string` | `"eu-de-01"` | no |
-| <a name="input_kms_key_create"></a> [kms\_key\_create](#input\_kms\_key\_create) | n/a | `bool` | `true` | no |
-| <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | Existing KMS Key ID if one is already created. | `string` | `null` | no |
+| <a name="input_volume_name"></a> [volume\_name](#input\_volume\_name) | Volume name for the SFS Turbo resource. | `string` | n/a | yes |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC id where the SFS volume will be created in. | `string` | n/a | yes |
+| <a name="input_availability_zone"></a> [availability\_zone](#input\_availability\_zone) | Availability zone for the SFS Turbo resource. | `string` | `"eu-de-01"` | no |
+| <a name="input_backup_enabled"></a> [backup\_enabled](#input\_backup\_enabled) | Enable SFS volume backups via CBR Vault. | `bool` | `true` | no |
+| <a name="input_backup_retention_days"></a> [backup\_retention\_days](#input\_backup\_retention\_days) | Retention duration of SFS volume backups in days. | `number` | `13` | no |
+| <a name="input_backup_size"></a> [backup\_size](#input\_backup\_size) | Size of the SFS volume backup vault in GB. | `number` | `1000` | no |
+| <a name="input_backup_trigger_pattern"></a> [backup\_trigger\_pattern](#input\_backup\_trigger\_pattern) | Backup trigger pattern to define backup schedule (iCalender RFC 2445). See https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/1.35.7/docs/resources/cbr_policy_v3#trigger_pattern for details. | `list(string)` | <pre>[<br>  "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR,SA,SU;BYHOUR=00;BYMINUTE=00"<br>]</pre> | no |
+| <a name="input_kms_key_create"></a> [kms\_key\_create](#input\_kms\_key\_create) | Existing KMS Key ID if one is already created. | `bool` | `true` | no |
+| <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | Existing KMS Key ID for server side encryption if one is already created. | `string` | `null` | no |
 | <a name="input_share_type"></a> [share\_type](#input\_share\_type) | Filesystem type of the SFS volume. (Default: STANDARD) | `string` | `"STANDARD"` | no |
 | <a name="input_size"></a> [size](#input\_size) | Size of the SFS volume in GB. (Default: 500) | `number` | `500` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | Common tag set for project resources | `map(string)` | `{}` | no |
 
 ## Outputs
 

modules/sfs/backup.tf

@@ -1,31 +1,25 @@
 resource "opentelekomcloud_cbr_policy_v3" "backup_policy" {
-  name           = "${var.volume_name}-backup-policy"
-  operation_type = "backup"
-
-  trigger_pattern = [
-    "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR,SA,SU;BYHOUR=00;BYMINUTE=00"
-  ]
+  count           = var.backup_enabled ? 1 : 0
+  name            = "${var.volume_name}-backup-policy"
+  operation_type  = "backup"
+  trigger_pattern = var.backup_trigger_pattern
   operation_definition {
-    retention_duration_days = 7
+    retention_duration_days = var.backup_retention_days
     timezone                = "UTC+02:00"
   }
-
 }
 
 resource "opentelekomcloud_cbr_vault_v3" "backup_vault" {
-  name = "${var.volume_name}-backup-vault"
-
-  description = "CBR vault for SFS Turbo instance ${var.volume_name}"
-
-  backup_policy_id = opentelekomcloud_cbr_policy_v3.backup_policy.id
-
+  count            = var.backup_enabled ? 1 : 0
+  name             = "${var.volume_name}-backup-vault"
+  description      = "CBR vault for SFS Turbo instance ${var.volume_name}"
+  backup_policy_id = opentelekomcloud_cbr_policy_v3.backup_policy[0].id
   billing {
-    size          = var.size * 2
+    size          = var.backup_size
     object_type   = "turbo"
     protect_type  = "backup"
     charging_mode = "post_paid"
   }
-
   resource {
     id   = opentelekomcloud_sfs_turbo_share_v1.sfs_volume.id
     type = "OS::Sfs::Turbo"

modules/sfs/variables.tf

@@ -1,28 +1,28 @@
 variable "volume_name" {
-  type = string
-}
-
-variable "tags" {
-  type        = map(string)
-  description = "Common tag set for project resources"
-  default     = {}
+  type        = string
+  description = "Volume name for the SFS Turbo resource."
 }
 
 variable "size" {
+  type        = number
   default     = 500
   description = "Size of the SFS volume in GB. (Default: 500)"
 }
 
 variable "share_type" {
+  type        = string
   default     = "STANDARD"
   description = "Filesystem type of the SFS volume. (Default: STANDARD)"
 }
 
 variable "availability_zone" {
-  default = "eu-de-01"
+  type        = string
+  default     = "eu-de-01"
+  description = "Availability zone for the SFS Turbo resource."
 }
 
 variable "vpc_id" {
+  type        = string
   description = "VPC id where the SFS volume will be created in."
 }
 
@@ -33,11 +33,36 @@ variable "subnet_id" {
 
 variable "kms_key_id" {
   type        = string
-  description = "Existing KMS Key ID if one is already created."
+  description = "Existing KMS Key ID for server side encryption if one is already created."
   default     = null
 }
 
 variable "kms_key_create" {
-  type    = bool
-  default = true
+  type        = bool
+  description = "Existing KMS Key ID if one is already created."
+  default     = true
 }
+
+variable "backup_enabled" {
+  type        = bool
+  default     = true
+  description = "Enable SFS volume backups via CBR Vault."
+}
+
+variable "backup_size" {
+  type        = number
+  default     = 1000
+  description = "Size of the SFS volume backup vault in GB."
+}
+
+variable "backup_trigger_pattern" {
+  type        = list(string)
+  default     = ["FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR,SA,SU;BYHOUR=00;BYMINUTE=00"]
+  description = "Backup trigger pattern to define backup schedule (iCalender RFC 2445). See https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud/1.35.7/docs/resources/cbr_policy_v3#trigger_pattern for details."
+}
+
+variable "backup_retention_days" {
+  type        = number
+  default     = 13
+  description = "Retention duration of SFS volume backups in days."
+}