Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add a new velero module on scaleway #2975

Merged
merged 4 commits into from
Sep 20, 2024
+240 −15
Merged

feat: add a new velero module on scaleway #2975

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e014861
feat: add velero module on scaleway
Sep 11, 2024
aad6a9a
fix: deprecated acl attribute on scaleway buckets
Sep 16, 2024
efaa2e4
fix: remove duplicate variables
Sep 16, 2024
7c5532f
docs: lint and update docs
Sep 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,7 @@ No modules.
| <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
| <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
| <a name="input_traefik"></a> [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
| <a name="input_velero"></a> [velero](#input\_velero) | Customize velero chart, see `velero.tf` for supported values | `any` | `{}` | no |
| <a name="input_victoria-metrics-k8s-stack"></a> [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |

## Outputs
Expand Down
6 changes: 0 additions & 6 deletions modules/aws/variables-aws.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,12 +82,6 @@ variable "tags" {
default = {}
}

variable "velero" {
description = "Customize velero chart, see `velero.tf` for supported values"
type = any
default = {}
}

variable "yet-another-cloudwatch-exporter" {
description = "Customize yet-another-cloudwatch-exporter chart, see `yet-another-cloudwatch-exporter.tf` for supported values"
type = any
Expand Down
1 change: 1 addition & 0 deletions modules/azure/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,7 @@ No modules.
| <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
| <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
| <a name="input_traefik"></a> [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
| <a name="input_velero"></a> [velero](#input\_velero) | Customize velero chart, see `velero.tf` for supported values | `any` | `{}` | no |
| <a name="input_victoria-metrics-k8s-stack"></a> [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |

## Outputs
Expand Down
6 changes: 0 additions & 6 deletions modules/google/variables-google.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,3 @@ variable "tags" {
type = map(any)
default = {}
}

variable "velero" {
description = "Customize velero chart, see `velero.tf` for supported values"
type = any
default = {}
}
12 changes: 12 additions & 0 deletions modules/scaleway/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ No modules.
| [helm_release.thanos-storegateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.thanos-tls-querier](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.traefik](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.velero](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.csi-external-snapshotter](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource |
Expand Down Expand Up @@ -111,6 +112,7 @@ No modules.
| [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.traefik](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.velero](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_network_policy.admiralty_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.admiralty_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
Expand Down Expand Up @@ -168,6 +170,9 @@ No modules.
| [kubernetes_network_policy.traefik_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.traefik_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.traefik_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.velero_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.velero_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.velero_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
Expand All @@ -186,6 +191,11 @@ No modules.
| [scaleway_object_bucket.kube-prometheus-stack_thanos_bucket](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket) | resource |
| [scaleway_object_bucket.loki_bucket](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket) | resource |
| [scaleway_object_bucket.thanos_bucket](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket) | resource |
| [scaleway_object_bucket.velero_bucket](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket) | resource |
| [scaleway_object_bucket_acl.kube-prometheus-stack_bucket_acl](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket_acl) | resource |
| [scaleway_object_bucket_acl.loki_bucket_acl](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket_acl) | resource |
| [scaleway_object_bucket_acl.thanos_bucket_acl](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket_acl) | resource |
| [scaleway_object_bucket_acl.velero_bucket_acl](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket_acl) | resource |
| [time_sleep.cert-manager_sleep](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
| [tls_cert_request.promtail-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
| [tls_cert_request.thanos-tls-querier-cert-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
Expand Down Expand Up @@ -250,12 +260,14 @@ No modules.
| <a name="input_scaleway"></a> [scaleway](#input\_scaleway) | Scaleway provider customization | `any` | `{}` | no |
| <a name="input_sealed-secrets"></a> [sealed-secrets](#input\_sealed-secrets) | Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values | `any` | `{}` | no |
| <a name="input_secrets-store-csi-driver"></a> [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Map of tags for Scaleway resources | `map(any)` | `{}` | no |
| <a name="input_thanos"></a> [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
| <a name="input_thanos-memcached"></a> [thanos-memcached](#input\_thanos-memcached) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
| <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
| <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
| <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
| <a name="input_traefik"></a> [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
| <a name="input_velero"></a> [velero](#input\_velero) | Customize velero chart, see `velero.tf` for supported values | `any` | `{}` | no |
| <a name="input_victoria-metrics-k8s-stack"></a> [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |

## Outputs
Expand Down
7 changes: 6 additions & 1 deletion modules/scaleway/kube-prometheus.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,7 +288,12 @@ resource "kubernetes_namespace" "kube-prometheus-stack" {
resource "scaleway_object_bucket" "kube-prometheus-stack_thanos_bucket" {
count = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_sidecar_enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? 1 : 0
name = local.kube-prometheus-stack["thanos_bucket"]
acl = "private"
}

resource "scaleway_object_bucket_acl" "kube-prometheus-stack_bucket_acl" {
count = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_sidecar_enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? 1 : 0
bucket = scaleway_object_bucket.kube-prometheus-stack_thanos_bucket.0.id
acl = "private"
}

resource "random_string" "grafana_password" {
Expand Down
3 changes: 3 additions & 0 deletions modules/scaleway/locals-scaleway.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,7 @@ locals {
var.scaleway
)

tags = var.tags


}
7 changes: 6 additions & 1 deletion modules/scaleway/loki-stack.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,12 @@ resource "kubernetes_secret" "loki-stack-ca" {
resource "scaleway_object_bucket" "loki_bucket" {
count = local.loki-stack["enabled"] && local.loki-stack["create_bucket"] ? 1 : 0
name = local.loki-stack["bucket"]
acl = "private"
}

resource "scaleway_object_bucket_acl" "loki_bucket_acl" {
count = local.loki-stack["enabled"] && local.loki-stack["create_bucket"] ? 1 : 0
bucket = scaleway_object_bucket.loki_bucket.0.id
acl = "private"
}

resource "tls_private_key" "promtail-key" {
Expand Down
7 changes: 6 additions & 1 deletion modules/scaleway/thanos.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,12 @@ locals {
resource "scaleway_object_bucket" "thanos_bucket" {
count = local.thanos["enabled"] && local.thanos["create_bucket"] ? 1 : 0
name = local.thanos["bucket"]
acl = "private"
}

resource "scaleway_object_bucket_acl" "thanos_bucket_acl" {
count = local.thanos["enabled"] && local.thanos["create_bucket"] ? 1 : 0
bucket = scaleway_object_bucket.thanos_bucket.0.id
acl = "private"
}

resource "kubernetes_namespace" "thanos" {
Expand Down
6 changes: 6 additions & 0 deletions modules/scaleway/variables-scaleway.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,9 @@ variable "cert-manager_scaleway_webhook_dns" {
type = any
default = {}
}

variable "tags" {
description = "Map of tags for Scaleway resources"
type = map(any)
default = {}
}
193 changes: 193 additions & 0 deletions modules/scaleway/velero.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,193 @@
locals {
velero = merge(
local.helm_defaults,
{
name = local.helm_dependencies[index(local.helm_dependencies.*.name, "velero")].name
chart = local.helm_dependencies[index(local.helm_dependencies.*.name, "velero")].name
repository = local.helm_dependencies[index(local.helm_dependencies.*.name, "velero")].repository
chart_version = local.helm_dependencies[index(local.helm_dependencies.*.name, "velero")].version
namespace = "velero"
service_account_name = "velero"
enabled = false
create_bucket = true
bucket = "${var.cluster-name}-velero"
bucket_force_destroy = false
default_network_policy = true
name_prefix = "${var.cluster-name}-velero"
secret_name = "velero-scaleway-credentials"
},
var.velero
)

values_velero = <<VALUES
metrics:
serviceMonitor:
enabled: ${local.kube-prometheus-stack.enabled || local.victoria-metrics-k8s-stack.enabled}
configuration:
namespace: ${local.velero.namespace}
backupStorageLocation:
- name: aws
provider: aws
bucket: ${local.velero.bucket}
default: true
deployNodeAgent: true
nodeAgent:
tolerations:
- effect: NoSchedule
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
snapshotsEnabled: false
serviceAccount:
server:
name: ${local.velero.service_account_name}
priorityClassName: ${local.priority-class-ds.create ? kubernetes_priority_class.kubernetes_addons_ds[0].metadata[0].name : ""}
credentials:
useSecret: true
existingSecret: ${local.velero.secret_name}
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.10.1
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
VALUES
}

resource "scaleway_object_bucket" "velero_bucket" {
count = local.velero.enabled && local.velero.create_bucket ? 1 : 0
name = local.velero.bucket

versioning {
enabled = true
}

force_destroy = local.velero.bucket_force_destroy

tags = local.tags
}

resource "scaleway_object_bucket_acl" "velero_bucket_acl" {
count = local.velero.enabled && local.velero.create_bucket ? 1 : 0
bucket = scaleway_object_bucket.velero_bucket.0.id
acl = "private"
}

resource "kubernetes_namespace" "velero" {
count = local.velero.enabled ? 1 : 0

metadata {
labels = {
name = local.velero.namespace
}

name = local.velero.namespace
}
}

resource "helm_release" "velero" {
count = local.velero.enabled ? 1 : 0
repository = local.velero.repository
name = local.velero.name
chart = local.velero.chart
version = local.velero.chart_version
timeout = local.velero.timeout
force_update = local.velero.force_update
recreate_pods = local.velero.recreate_pods
wait = local.velero.wait
atomic = local.velero.atomic
cleanup_on_fail = local.velero.cleanup_on_fail
dependency_update = local.velero.dependency_update
disable_crd_hooks = local.velero.disable_crd_hooks
disable_webhooks = local.velero.disable_webhooks
render_subchart_notes = local.velero.render_subchart_notes
replace = local.velero.replace
reset_values = local.velero.reset_values
reuse_values = local.velero.reuse_values
skip_crds = local.velero.skip_crds
verify = local.velero.verify
values = compact([
local.values_velero,
local.velero.extra_values
])
namespace = kubernetes_namespace.velero.*.metadata.0.name[count.index]

depends_on = [
kubectl_manifest.prometheus-operator_crds
]
}

resource "kubernetes_network_policy" "velero_default_deny" {
count = local.velero.enabled && local.velero.default_network_policy ? 1 : 0

metadata {
name = "${kubernetes_namespace.velero.*.metadata.0.name[count.index]}-default-deny"
namespace = kubernetes_namespace.velero.*.metadata.0.name[count.index]
}

spec {
pod_selector {
}
policy_types = ["Ingress"]
}
}

resource "kubernetes_network_policy" "velero_allow_namespace" {
count = local.velero.enabled && local.velero.default_network_policy ? 1 : 0

metadata {
name = "${kubernetes_namespace.velero.*.metadata.0.name[count.index]}-allow-namespace"
namespace = kubernetes_namespace.velero.*.metadata.0.name[count.index]
}

spec {
pod_selector {
}

ingress {
from {
namespace_selector {
match_labels = {
name = kubernetes_namespace.velero.*.metadata.0.name[count.index]
}
}
}
}

policy_types = ["Ingress"]
}
}

resource "kubernetes_network_policy" "velero_allow_monitoring" {
count = local.velero.enabled && local.velero.default_network_policy ? 1 : 0

metadata {
name = "${kubernetes_namespace.velero.*.metadata.0.name[count.index]}-allow-monitoring"
namespace = kubernetes_namespace.velero.*.metadata.0.name[count.index]
}

spec {
pod_selector {
}

ingress {
ports {
port = "8085"
protocol = "TCP"
}

from {
namespace_selector {
match_labels = {
"${local.labels_prefix}/component" = "monitoring"
}
}
}
}

policy_types = ["Ingress"]
}
}
6 changes: 6 additions & 0 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,3 +231,9 @@ variable "reloader" {
type = any
default = {}
}

variable "velero" {
description = "Customize velero chart, see `velero.tf` for supported values"
type = any
default = {}
}