90360c591e
* Add confidential compute support to google_dataproc_cluster in the dataproc module * fix parent id lookup for networking and security stages (#2744) * Add optional automated MD5 generation in net-vlan-attachment module (#2745) * Bump path-to-regexp and express in /blueprints/gke/binauthz/image (#2749) Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 0.1.12 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together. Updates `path-to-regexp` from 0.1.10 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12) Updates `express` from 4.21.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](https://github.com/expressjs/express/compare/4.21.1...4.21.2) --- updated-dependencies: - dependency-name: path-to-regexp dependency-type: indirect - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add ability to autogenerate md5 keys in net-vpn-ha (#2748) * Add ability to optionally generate MD5 secrets in VPN module * Add ability to autogenerate MD5 keys in net-vpn-ha module * restore missing output * fix test counts --------- Co-authored-by: Luca Prete <lucaprete@google.com> Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com> * update changelog * Bump path-to-regexp and express (#2752) Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together. Updates `path-to-regexp` from 0.1.10 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12) Updates `express` from 4.21.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](https://github.com/expressjs/express/compare/4.21.1...4.21.2) --- updated-dependencies: - dependency-name: path-to-regexp dependency-type: indirect - dependency-name: express dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add support for routing mode to net-swp module (#2751) Co-authored-by: Julio Castillo <jccb@google.com> * remove default location in tag value - cloud-run-v2 tags.tf (#2755) The Parent resource has a default to europe-west1 when it should be for the resource block from where the cloud run actually is. Changed to use the var.region instead * Add path_template_match and path_template_rewrite support to net-lb-app-ext (required for React apps for example). * Add rest of load balancers. * Add path_template_match and path_template_rewrite support to internal load balancers * Add disk encyption key to the google_compute_instance_template - Sovereign support (#2750) * add disk encyption key to the google_compute_instance_template * add a condition to the kms_key_self_link * use dynamic variable for disk_encryption_key * remove the getpip from the repo --------- Co-authored-by: Julio Castillo <jccb@google.com> Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com> * Add support for password validation policy to cloudsql module (#2740) * add support for password validation policy to cloudsql module * fix defaults * update changelog * bump provider version constraint --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com> Co-authored-by: Luca Prete <preteluca@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Luca Prete <lucaprete@google.com> Co-authored-by: Julio Castillo <jccb@google.com> Co-authored-by: Matthew Callinan <47421139+Mattible@users.noreply.github.com> Co-authored-by: Taneli Leppä <taneli@google.com> Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com> Co-authored-by: Kovács Dávid <david-kovacs@t-systems.com>
Google Cloud BigTable Module
This module allows managing a single BigTable instance, including access configuration and tables.
TODO
- support bigtable_app_profile
- support IAM for tables
Examples
Instance with access configuration
module "bigtable-instance" {
source = "./fabric/modules/bigtable-instance"
project_id = "my-project"
name = "instance"
clusters = {
my-cluster = {
zone = "europe-west1-b"
}
}
tables = {
test1 = {},
test2 = {
split_keys = ["a", "b", "c"]
}
}
iam = {
"roles/bigtable.user" = ["user:viewer@testdomain.com"]
}
}
# tftest modules=1 resources=4 inventory=simple.yaml
Instance with tables and column families
module "bigtable-instance" {
source = "./fabric/modules/bigtable-instance"
project_id = "my-project"
name = "instance"
clusters = {
my-cluster = {
zone = "europe-west1-b"
}
}
tables = {
test1 = {},
test2 = {
split_keys = ["a", "b", "c"]
column_families = {
cf1 = {}
cf2 = {}
cf3 = {}
}
}
test3 = {
column_families = {
cf1 = {}
}
}
}
}
# tftest modules=1 resources=4 inventory=columns.yaml
Instance with replication enabled
module "bigtable-instance" {
source = "./fabric/modules/bigtable-instance"
project_id = "my-project"
name = "instance"
clusters = {
first-cluster = {
zone = "europe-west1-b"
}
second-cluster = {
zone = "europe-southwest1-a"
}
third-cluster = {
zone = "us-central1-b"
}
}
}
# tftest modules=1 resources=1 inventory=replication.yaml
Instance with garbage collection policy
module "bigtable-instance" {
source = "./fabric/modules/bigtable-instance"
project_id = "my-project"
name = "instance"
clusters = {
my-cluster = {
zone = "europe-west1-b"
}
}
tables = {
test1 = {
column_families = {
cf1 = {
gc_policy = {
deletion_policy = "ABANDON"
max_age = "18h"
}
}
cf2 = {}
}
}
}
}
# tftest modules=1 resources=3 inventory=gc.yaml
Instance with default garbage collection policy
The default garbage collection policy is applied to any column family that does
not specify a gc_policy. If a column family specifies a gc_policy, the
default garbage collection policy is ignored for that column family.
module "bigtable-instance" {
source = "./fabric/modules/bigtable-instance"
project_id = "my-project"
name = "instance"
clusters = {
my-cluster = {
zone = "europe-west1-b"
}
}
default_gc_policy = {
deletion_policy = "ABANDON"
max_age = "18h"
max_version = 7
}
tables = {
test1 = {
column_families = {
cf1 = {}
cf2 = {}
}
}
}
}
# tftest modules=1 resources=4
Instance with static number of nodes
If you are not using autoscaling settings, you must set a specific number of nodes with the variable num_nodes.
module "bigtable-instance" {
source = "./fabric/modules/bigtable-instance"
project_id = "my-project"
name = "instance"
clusters = {
my-cluster = {
zone = "europe-west1-b"
num_nodes = 5
}
}
}
# tftest modules=1 resources=1 inventory=static.yaml
Instance with autoscaling (based on CPU only)
If you use autoscaling, you should not set the variable num_nodes.
module "bigtable-instance" {
source = "./fabric/modules/bigtable-instance"
project_id = "my-project"
name = "instance"
clusters = {
my-cluster = {
zone = "europe-southwest1-b"
autoscaling = {
min_nodes = 3
max_nodes = 7
cpu_target = 70
}
}
}
}
# tftest modules=1 resources=1 inventory=autoscaling1.yaml
Instance with autoscaling (based on CPU and/or storage)
module "bigtable-instance" {
source = "./fabric/modules/bigtable-instance"
project_id = "my-project"
name = "instance"
clusters = {
my-cluster = {
zone = "europe-southwest1-a"
storage_type = "SSD"
autoscaling = {
min_nodes = 3
max_nodes = 7
cpu_target = 70
storage_target = 4096
}
}
}
}
# tftest modules=1 resources=1 inventory=autoscaling2.yaml
Variables
| name | description | type | required | default |
|---|---|---|---|---|
| clusters | Clusters to be created in the BigTable instance. Set more than one cluster to enable replication. If you set autoscaling, num_nodes will be ignored. | map(object({…})) |
✓ | |
| name | The name of the Cloud Bigtable instance. | string |
✓ | |
| project_id | Id of the project where datasets will be created. | string |
✓ | |
| default_autoscaling | Default settings for autoscaling of clusters. This will be the default autoscaling for any cluster not specifying any autoscaling details. | object({…}) |
null |
|
| default_gc_policy | Default garbage collection policy, to be applied to all column families and all tables. Can be override in the tables variable for specific column families. | object({…}) |
null |
|
| deletion_protection | Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail. | bool |
true |
|
| display_name | The human-readable display name of the Bigtable instance. | string |
null |
|
| encryption_key | The KMS key id to used for encryption of the Bigtable instance. | string |
null |
|
| iam | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) |
{} |
|
| labels | Labels to be attached to the instance. | map(string) |
{} |
|
| tables | Tables to be created in the BigTable instance. | map(object({…})) |
{} |
Outputs
| name | description | sensitive |
|---|---|---|
| id | Fully qualified instance id. | |
| instance | BigTable instance. | |
| table_ids | Map of fully qualified table ids keyed by table name. | |
| tables | Table resources. |