finalize networking, scaffold postgres

main.tf

@@ -20,97 +20,107 @@ terraform {
 
 # ------ Network ------ #
 resource "google_compute_network" "main" {
-  name                    = "${var.resource_prefix}-nebuly"
+  name                    = "${var.resource_prefix}nebuly"
   description             = "The VPC network for the Nebuly platform."
   auto_create_subnetworks = false
 }
 resource "google_compute_global_address" "main" {
-  name          = "${var.resource_prefix}-nebuly"
+  name          = "private-ips"
   purpose       = "VPC_PEERING"
   address_type  = "INTERNAL"
-  prefix_length = 16
+  prefix_length = 20 # 800 usable GCP services
   network       = google_compute_network.main.id
 }
 resource "google_compute_subnetwork" "main" {
   name          = "main"
-  ip_cidr_range = "10.0.0.0/16"
+  ip_cidr_range = var.network_cidr_blocks.primary
   region        = var.region
   network       = google_compute_network.main.id
 
   secondary_ip_range {
     range_name    = "services-range"
-    ip_cidr_range = "10.4.0.0/16"
+    ip_cidr_range = var.network_cidr_blocks.secondary_gke_services
   }
 
   secondary_ip_range {
     range_name    = "pod-ranges"
-    ip_cidr_range = "10.8.0.0/16"
+    ip_cidr_range = var.network_cidr_blocks.secondary_gke_pods
   }
 }
 
 # Private Service Access for Cloud SQL private IP
-#resource "google_service_networking_connection" "main" {
-#  network                 = google_compute_network.main.id
-#  service                 = "servicenetworking.googleapis.com"
-#  reserved_peering_ranges = [google_compute_global_address.main.name]
-#}
-#resource "google_compute_network_peering_routes_config" "main" {
-#  peering              = google_service_networking_connection.main.peering
-#  network              = google_compute_network.main.name
-#  import_custom_routes = true
-#  export_custom_routes = true
-#}
+resource "google_service_networking_connection" "main" {
+  network                 = google_compute_network.main.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.main.name]
+}
+resource "google_compute_network_peering_routes_config" "main" {
+  peering              = google_service_networking_connection.main.peering
+  network              = google_compute_network.main.name
+  import_custom_routes = true
+  export_custom_routes = true
+}
 
 
 # ------ PostgreSQL ------ #
-#resource "google_sql_database_instance" "main" {
-#  name             = "${var.resource_prefix}-nebuly"
-#  database_version = "POSTGRES_16"
-#  region           = var.region
-#
-#  settings {
-#    tier = "db-f1-micro"
-#
-#    ip_configuration {
-#      ipv4_enabled    = "false"
-#      private_network = google_compute_network.main.id
-#    }
-#  }
-#
-#  deletion_protection = false # TODO
-#
-#  depends_on = [google_service_networking_connection.main]
-#}
-#resource "google_sql_database" "analytics" {
-#  name      = "analytics"
-#  instance  = google_sql_database_instance.main.name
-#  charset   = "UTF8"
-#  collation = "en_US.UTF8"
-#}
-#resource "random_password" "analytics" {
-#  length           = 16
-#  special          = true
-#  override_special = "_%@"
-#}
-#resource "google_sql_user" "analytics" {
-#  name     = "analytics"
-#  instance = google_sql_database_instance.main.name
-#  password = random_password.analytics.result
-#}
-#resource "google_sql_database" "auth" {
-#  name      = "auth"
-#  instance  = google_sql_database_instance.main.name
-#  charset   = "UTF8"
-#  collation = "en_US.UTF8"
-#}
-#resource "random_password" "auth" {
-#  length           = 16
-#  special          = true
-#  override_special = "_%@"
-#}
-#resource "google_sql_user" "auth" {
-#  name     = "auth"
-#  instance = google_sql_database_instance.main.name
-#  password = random_password.auth.result
-#}
-#
+resource "google_sql_database_instance" "main" {
+  name             = "${var.resource_prefix}nebuly"
+  database_version = "POSTGRES_16"
+  region           = var.region
+
+  settings {
+    tier = var.postgres_server_tier
+
+    availability_type = var.postgres_server_high_availability.enabled == true ? "REGIONAL" : "ZONAL"
+
+    ip_configuration {
+      ipv4_enabled    = "false"
+      private_network = google_compute_network.main.id
+    }
+
+    backup_configuration {
+      enabled                        = var.postgres_server_backup_configuration.enabled
+      point_in_time_recovery_enabled = var.postgres_server_backup_configuration.point_in_time_recovery_enabled
+      backup_retention_settings {
+        retained_backups = var.postgres_server_backup_configuration.n_retained_backups
+      }
+    }
+  }
+
+  deletion_protection = var.postgres_server_delete_protection
+
+  depends_on = [google_service_networking_connection.main]
+}
+resource "google_sql_database" "analytics" {
+  name      = "analytics"
+  instance  = google_sql_database_instance.main.name
+  charset   = "UTF8"
+  collation = "en_US.UTF8"
+}
+resource "random_password" "analytics" {
+  length           = 16
+  special          = true
+  override_special = "_%@"
+}
+resource "google_sql_user" "analytics" {
+  name     = "analytics"
+  instance = google_sql_database_instance.main.name
+  password = random_password.analytics.result
+}
+resource "google_sql_database" "auth" {
+  name      = "auth"
+  instance  = google_sql_database_instance.main.name
+  charset   = "UTF8"
+  collation = "en_US.UTF8"
+}
+resource "random_password" "auth" {
+  length           = 16
+  special          = true
+  override_special = "_%@"
+}
+resource "google_sql_user" "auth" {
+  name     = "auth"
+  instance = google_sql_database_instance.main.name
+  password = random_password.auth.result
+}
+

tests/dev-provisioning/apply.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+if [ "$1" == 'init' ]
+  then
+    terraform init --backend-config backend.tfvars
+    shift 
+fi
+terraform apply --var-file backend.tfvars "$@"

tests/dev-provisioning/main.tf

@@ -28,7 +28,12 @@ module "platform" {
   source = "../.."
 
   region          = var.region
-  resource_prefix = "nbllab"
+  resource_prefix = "dev-"
+
+  postgres_server_delete_protection = false
+  postgres_server_high_availability = {
+    enabled = false
+  }
 
   openai_api_key              = ""
   openai_endpoint             = ""

variables.tf

@@ -21,6 +21,64 @@ variable "platform_domain" {
   }
 }
 
+
+# ------ Networking ------ #
+variable "network_cidr_blocks" {
+  description = <<EOT
+  The CIDR blocks of the VPC network used by Nebuly.
+
+  - primary: The primary CIDR block of the VPC network.
+  - secondary_gke_pods: The secondary CIDR block used by GKE for pods.
+  - secondary_gke_services: The secondary CIDR block used by GKE for services.
+  EOT
+  type = object({
+    primary : string
+    secondary_gke_pods : string
+    secondary_gke_services : string
+  })
+  default = {
+    primary                = "10.0.0.0/16"
+    secondary_gke_pods     = "10.4.0.0/16"
+    secondary_gke_services = "10.6.0.0/16"
+  }
+}
+
+
+# ------ PostgreSQL ------ #
+variable "postgres_server_tier" {
+  description = "The tier of the PostgreSQL server. Default value: 4 vCPU, 16GB memory."
+  type        = string
+  default     = "db-custom-4-61440"
+}
+variable "postgres_server_delete_protection" {
+  description = "Whether the PostgreSQL server should have delete protection enabled."
+  type        = bool
+  default     = true
+}
+variable "postgres_server_backup_configuration" {
+  description = "The backup settings of the PostgreSQL server."
+  type = object({
+    enabled                        = bool
+    point_in_time_recovery_enabled = bool
+    n_retained_backups             = number
+  })
+  default = {
+    enabled                        = true
+    point_in_time_recovery_enabled = true
+    n_retained_backups             = 14
+  }
+}
+variable "postgres_server_high_availability" {
+  description = "The high availability configuration for the PostgreSQL server."
+  type = object({
+    enabled : bool
+  })
+  default = {
+    enabled = true
+  }
+}
+
+
 # ------ External credentials ------ #
 variable "openai_api_key" {
   description = "The API Key used for authenticating with OpenAI."