Terraform module for creating infrastructure resources needed to a cloud native Drupal on GCP
This module creates the resources needed to deploy a Cloud Native Drupal instance on Google Cloud Platform.
Prerequisites are a GCP project in which a MySQL CloudSQL instance exists, with administrator credentials needed to create the databases and users on the instance itself.
The module uses two sub-modules (gcp-application-bucket-creation-helper and gcp-mysql-db-and-user-creation-helper) that take care of database/user creation and bucket creation. The names and characteristics of the resources created are highly opinionated and configured for a Drupal project. In the event that it is necessary to create resources for a different non Drupal application, it is recommended to use and configure the individual modules.
The module accept a list of objects as input, each object represents a Drupal project and resource configuration.
The required fields for each project object are the project_name, the gitlab_project_id
used to name all resources; the database_host field is also mandatory if we want to create
the secrets for the database resources.
The variable structure is the following:
{
# The name of the project, it will be used to create the bucket name, the database name and the database user name,
# will usually match the project gitlab path, but in case of long nomenclature or multi-site project it might be
# different.
project_name = string
# The ID of the Drupal project in Gitlab, it is useful to identify the project the resources belong to.
gitlab_project_id = number
# It is the name of the release branch and is used for naming all resources (namespaces, buckets, databases, etc.)
release_branch_name = optional(string, "main")
# If not specified, the kubernetes_namespace by default it is built as
# <project_name>-<gitlab_project_id>-<release_branch_name>.
kubernetes_namespace = optional(string, null)
# By default it corresponds to the Drupal PKG release that corresponds to
# drupal-${CI_COMMIT_REF_SLUG}-${CI_PROJECT_ID} and is used for the name of secrets.
helm_release_name = optional(string, null)
# By default the name is <project_name>_<gitlab_project_id>_<release_branch_name>_dp, where dp stands for Drupal.
database_name = optional(string, null)
# By default the name is <project_name>_<gitlab_project_id>_<release_branch_name>_dp_u, where dp_u stands
# for Drupal user.
database_user_name = optional(string, null)
# The IP of the CloudSQL instance, it's mandatory to create the secret with credentials to connect to the database.
database_host = optional(string, null)
# The port of the CloudSQL instance, default to 3306.
database_port = optional(number, 3306)
# The name of the bucket, by default it is built as <project_name>-<gitlab_project_id>-<release_branch_name>.
bucket_name = optional(string, null)
# The host of the bucket, by default for Google buckets it is storage.googleapis.com.
bucket_host = optional(string, "storage.googleapis.com")
# True by default, and is used to prevent name collision for created resources.
bucket_append_random_suffix = optional(bool, true)
# The location of the bucket, by default it is the same as the project region.
bucket_location = optional(string, null)
# The storage class of the bucket (https://cloud.google.com/storage/docs/storage-classes), by default it is STANDARD.
bucket_storage_class = optional(string, "STANDARD")
# The versioning of the bucket, by default it is enabled.
bucket_enable_versioning = optional(bool, true)
# Here you can choose to enable or disable the disaster recovery bucket, by default it is enabled. You can disable it
# for example for test or development environments.
bucket_enable_disaster_recovery = optional(bool, true)
# Set to true to enable the force destroy of the bucket, by default it is false. If true, the bucket and all its objects
# will be deleted when the terraform resource is removed.
bucket_force_destroy = optional(bool, false)
# Here you can customize the path of public files inside the drupal bucket. This values are used to create
# the secrets for the application.
bucket_legacy_public_files_path = optional(string, "/public")
# The property `set_all_users_as_viewer` controls if the bucket content will be globally readable by anonymous users
# (default false).
bucket_set_all_users_as_viewer = optional(bool, false)
# Here you can also pass a map of key/value label pairs to assign to the bucket, i.e. `{ env = "stage", app = "mysite" }`.
bucket_labels = optional(map(string), {})
# You can also pass a list of tags value names (where **the name is the generated numeric id for the TagValue**,
# i.e. `["123456789012345","543210987654321"]`) to bind to the bucket using the `tag_value_name_list` property.
# The tags must exist in the project, otherwise the module will fail.
bucket_tag_value_name_list = optional(list(string), [])
}The module will create a bucket, a database and a user for each project and as output will return the application credentials for each resource.
terraform output drupal_apps_database_credentials
terraform output drupal_apps_bucket_credentials
terraform output helm_values_for_databases
terraform output helm_values_for_bucketsIf you need to import an existing bucket or database/user, you can specify the
bucket_name, database_name and database_user_name. You also need to disable
the random suffix bucket_append_random_suffix for the bucket name.
Providers
| Name | Version |
|---|---|
| kubernetes | >= 2.19 |
| template | >= 2.2.0 |
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.2 |
| >= 4.47.0 | |
| kubernetes | >= 2.19 |
| template | >= 2.2.0 |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bucket_disaster_recovery_location | The location in which the disaster recovery bucket will be created. For a list of available regions, see https://cloud.google.com/storage/docs/locations. By default, the disaster recovery bucket will be created in the same location as the primary bucket. | string |
"" |
no |
| cloudsql_instance_name | The name of the existing Google CloudSQL Instance name. Actually only a MySQL 5.7 or 8 instance is supported. | string |
"" |
no |
| cloudsql_privileged_user_name | The name of the privileged user of the Cloud SQL instance | string |
"" |
no |
| cloudsql_privileged_user_password | The password of the privileged user of the Cloud SQL instance | string |
"" |
no |
| create_buckets | If true, the module will create a bucket for each project. | bool |
true |
no |
| create_databases_and_users | If true, the module will create a user and a database for each project. | bool |
true |
no |
| drupal_projects_list | The list of Drupal projects, add a project name and this will create all infrastructure resources needed to run your project (bucket, database, user with relative credentials). Database resources are created in the CloudSQL instance you specified. Please not that you can assign only a database to a single user, the same user cannot be assigned to multiple databases. The default values are thought for a production environment, they will need to be adjusted accordingly for a stage environment. | list(object({ |
n/a | yes |
| logging_bucket_name | The name of the logging bucket. If empty, no logging bucket will be added and bucket logs will be disabled. | string |
"" |
no |
| project_id | The ID of the project in which the resource belongs. | string |
n/a | yes |
| region | The region in which the resources belongs. | string |
n/a | yes |
Outputs
| Name | Description |
|---|---|
| drupal_apps_bucket_credentials | Drupal apps bucket credentials for each Drupal project. |
| drupal_apps_database_credentials | Drupal apps database credentials for each Drupal project. |
| drupal_apps_helm_values_for_buckets | Output helm values to be used for buckets for each Drupal project. |
| drupal_apps_helm_values_for_databases | Output helm values to be used for databases for each Drupal project. |
Resources
| Name | Type |
|---|---|
| kubernetes_namespace.namespace | resource |
| kubernetes_secret.bucket_secret_name | resource |
| kubernetes_secret.database_secret_name | resource |
| template_file.helm_values_for_buckets | data source |
| template_file.helm_values_for_databases | data source |
Modules
| Name | Source | Version |
|---|---|---|
| drupal_buckets | github.com/sparkfabrik/terraform-google-gcp-application-bucket-creation-helper | 9850676 |
| drupal_databases_and_users | github.com/sparkfabrik/terraform-google-gcp-mysql-db-and-user-creation-helper | c30924e |