Git Product home page Git Product logo

terraform-google-velero's Introduction

Velero into Google Cloud Platform

Tfsec

Usage

module "velero" {
  source  = "nlamirault/velero/google"
  version = "1.0.0"

  project = var.project

  bucket_location      = var.bucket_location
  bucket_storage_class = var.bucket_storage_class
  bucket_labels        = var.bucket_labels

  namespace       = var.namespace
  service_account = var.service_account

  keyring_location = var.keyring_location
}

and variables :

project = "foo-prod"

region = "europe-west1"

##############################################################################
# Velero

bucket_location      = "europe-west1"
bucket_storage_class = "STANDARD"
bucket_labels        = {
  env      = "prod"
  service  = "velero"
  made-by  = "terraform"
}

namespace       = "storage"
service_account = "velero"

keyring_location = "europe-west1"

Documentation

Requirements

Name Version
terraform >= 1.0.0
google >= 4.0.0

Providers

Name Version
google >= 4.0.0

Modules

Name Source Version
bucket terraform-google-modules/cloud-storage/google//modules/simple_bucket 3.1.0
custom_role terraform-google-modules/iam/google//modules/custom_role_iam 7.4.0
iam_service_accounts terraform-google-modules/iam/google//modules/service_accounts_iam 7.4.0
iam_storage_buckets terraform-google-modules/iam/google//modules/storage_buckets_iam 7.4.0
kms terraform-google-modules/kms/google 2.1.0
service_account terraform-google-modules/service-accounts/google 4.0.3

Resources

Name Type
google_storage_project_service_account.gcs_account data source

Inputs

Name Description Type Default Required
bucket_labels Map of labels to apply to the bucket map(string) 
{
  "made-by": "terraform"
}
 no
bucket_location The bucket location string n/a yes
bucket_storage_class Bucket storage class. string "MULTI_REGIONAL" no
enable_kms Enable custom KMS key bool n/a yes
keyring_location The KMS keyring location string n/a yes
keys Key names. list(string) [] no
kms_labels Map of labels to apply to the KMS resources map(string) 
{
  "made-by": "terraform"
}
 no
lifecycle_rules The bucket's Lifecycle Rules configuration. 
list(object({
    # Object with keys:
    # - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.
    # - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.
    action = any

    # Object with keys:
    # - age - (Optional) Minimum age of an object in days to satisfy this condition.
    # - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
    # - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".
    # - matches_storage_class - (Optional) Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.
    # - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
    condition = any
  }))
 
[
  {
    "action": {
      "type": "Delete"
    },
    "condition": {
      "age": 365,
      "with_state": "ANY"
    }
  }
]
 no
namespace The Kubernetes namespace string n/a yes
owners List of comma-separated owners for each key declared in set_owners_for. list(string) [] no
project The project in which the resource belongs string n/a yes
service_account The Kubernetes service account string n/a yes

Outputs

Name Description
service_account Service Account for Velero
bucket_name Velero Bucket name

terraform-google-velero's People

Contributors

elsbrock avatar haraldsk avatar jfcoz avatar nlamirault avatar renovate-bot avatar renovate[bot] avatar thomassamson avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

elsbrock thomassamson ryanoatz99 jfcoz bridgecrew-perf4 artur-bolt nexus2k jjtroberts haraldsk

terraform-google-velero's Issues

Renovate Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

github-actions
.github/workflows/draft-labels.yml
  • jinmayamashita/ready-for-review 1.0.0
.github/workflows/prow-labels.yml
.github/workflows/prow-lgtm-merge.yml
  • jpmcb/prow-github-actions v1.1.3
.github/workflows/prow-lgtm-pull.yml
  • jpmcb/prow-github-actions v1.1.3
.github/workflows/prow.yml
  • jpmcb/prow-github-actions v1.1.3
.github/workflows/rebase.yml
  • actions/checkout v4@8ade135a41bc03ea155e62e844d188df1ea18608
  • cirrus-actions/rebase 1.8
.github/workflows/release-drafter.yml
  • release-drafter/release-drafter v6
.github/workflows/renovate.yml
  • actions/checkout v4@8ade135a41bc03ea155e62e844d188df1ea18608
  • peter-evans/create-pull-request v6
.github/workflows/size.yaml
  • actions/checkout v4@8ade135a41bc03ea155e62e844d188df1ea18608
  • actions-ecosystem/action-size v2
  • actions-ecosystem/action-remove-labels v1
  • actions-ecosystem/action-add-labels v1
.github/workflows/tfsec.yml
  • actions/checkout v4@8ade135a41bc03ea155e62e844d188df1ea18608
  • aquasecurity/tfsec-pr-commenter-action v1.3.1
terraform
kms.tf
  • terraform-google-modules/kms/google 2.3.0
main.tf
  • google >= 3.53.0
  • hashicorp/terraform >= 1.0.0
velero.tf
  • terraform-google-modules/cloud-storage/google 5.0.0
  • terraform-google-modules/iam/google 7.7.1
  • terraform-google-modules/iam/google 7.7.1
  • terraform-google-modules/iam/google 7.7.1
  • terraform-google-modules/service-accounts/google 4.2.2
terraform-version
.terraform-version
tflint-plugin
.tflint.hcl
  • terraform-linters/tflint-ruleset-google 0.27.1
  • Check this box to trigger a request for Renovate to run again on this repository

Why is service_account needed?

When I run the module I end up with the following error, any idea why there is a need for a kubernetes service account in the first place? The last service account itself looks weird.

module.velero.module.iam_service_accounts.google_service_account_iam_binding.service_account_iam_authoritative["default--roles/iam.workloadIdentityUser"]: Creating...
╷
│ Error: Error applying IAM policy for service account 'projects/XXXXX/serviceAccounts/[email protected]': Error setting IAM policy for service account 'projects/XXXXXXX/serviceAccounts/[email protected]': googleapi: Error 400: Invalid service account (XXXXXX.svc.id.goog[velero/[email protected]])., badRequest
│ 
│   with module.velero.module.iam_service_accounts.google_service_account_iam_binding.service_account_iam_authoritative["default--roles/iam.workloadIdentityUser"],
│   on .terraform/modules/velero.iam_service_accounts/modules/service_accounts_iam/main.tf line 31, in resource "google_service_account_iam_binding" "service_account_iam_authoritative":
│   31: resource "google_service_account_iam_binding" "service_account_iam_authoritative" {

Dependencies fail to be resolved with v1.0.0

For some reason I am unable to use v1.0.0 (previously using v0.5.0), it fails with the following error:

Initializing provider plugins...
- Finding hashicorp/google versions matching ">= 3.53.0, ~> 3.53, >= 4.0.0, < 5.0.0"...
- Finding latest version of hashicorp/random...
- Finding latest version of hashicorp/google-beta...
- Installing hashicorp/random v3.1.0...
- Installed hashicorp/random v3.1.0 (signed by HashiCorp)
- Installing hashicorp/google-beta v4.5.0...
- Installed hashicorp/google-beta v4.5.0 (signed by HashiCorp)
╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/google: no available releases match the given constraints >= 3.53.0, ~> 3.53, >= 4.0.0, < 5.0.0

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.