KNFSD DNS Round Robin module

This Terraform module configures Cloud DNS to use DNS Round Robin for
a KNFSD proxy cluster. This offers an alternative to using the load
balancer.

Change-Id: Iffd3b8c52ab239e9a643749dfc661d1a0949cdf2

Author: chris-chilvers-qodea

deployment/README.md

@@ -23,7 +23,7 @@
 resource "google_compute_address" "nfsproxy_static" {
   # This module will be made optional later, set the count to 1 so that the
   # correct refactoring can be created and tested.
-  count = 1
+  count = var.TRAFFIC_DISTRIBUTION_MODE == "loadbalancer" ? 1 : 0
 
   project      = var.PROJECT
   region       = var.REGION
@@ -41,11 +41,10 @@ resource "google_compute_address" "nfsproxy_static" {
   }
 }
 
-
 module "loadbalancer" {
   # This module will be made optional later, set the count to 1 so that the
   # correct refactoring can be created and tested.
-  count  = 1
+  count  = var.TRAFFIC_DISTRIBUTION_MODE == "loadbalancer" ? 1 : 0
   source = "./modules/loadbalancer"
 
   PROJECT        = var.PROJECT
@@ -60,6 +59,31 @@ module "loadbalancer" {
   INSTANCE_GROUP = google_compute_instance_group_manager.proxy-group.instance_group
 }
 
+resource "null_resource" "dns_round_robin" {
+  count = var.TRAFFIC_DISTRIBUTION_MODE == "dns_round_robin" ? 1 : 0
+  lifecycle {
+    precondition {
+      condition     = var.ASSIGN_STATIC_IPS
+      error_message = "ASSIGN_STATIC_IPS must be enabled when using DNS round robin."
+    }
+
+    precondition {
+      condition     = !var.ENABLE_KNFSD_AUTOSCALING
+      error_message = "ENABLE_KNFSD_AUTOSCALING cannot be enabled when using DNS round robin."
+    }
+  }
+}
+
+module "dns_round_robin" {
+  count          = var.TRAFFIC_DISTRIBUTION_MODE == "dns_round_robin" ? 1 : 0
+  source         = "./modules/dns_round_robin"
+  project        = var.PROJECT
+  instance_group = google_compute_instance_group_manager.proxy-group.instance_group
+  proxy_basename = var.PROXY_BASENAME
+  dns_name       = var.DNS_NAME
+  knfsd_nodes    = var.KNFSD_NODES
+}
+
 moved {
   from = google_compute_address.nfsproxy_static
   to   = google_compute_address.nfsproxy_static[0]

deployment/terraform-module-knfsd/loadbalancer.tf

@@ -0,0 +1,32 @@
+# KNFSD DNS Round Robin Module
+
+This Terraform module configures Cloud DNS to use DNS Round Robin for a KNFSD proxy cluster. This offers an alternative to using the load balancer.
+
+This module is not generally intended to be used directly, and is included by the main KNFSD proxy module when `TRAFFIC_DISTRIBUTION_MODE = "dns_round_robin"`.
+
+## Prerequisites
+
+To use DNS Round Robin the KNFSD proxy cluster must be configured with:
+
+* `ENABLE_KNFSD_AUTOSCALING = false`
+* `ASSIGN_STATIC_IPS        = true`
+
+## Inputs
+
+* `project` - (optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
+
+* `networks` - (optional) Set of networks to attach Cloud DNS to. These should be formatted like `projects/{project}/global/networks/{network}` or `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`. This defaults to the same network as the KNFSD proxy cluster.
+
+* `instance_group` - The full URL (self link) of the KNFSD proxy instance group.
+
+* `proxy_basename` - The proxy basename of the KNFSD proxy cluster.
+
+* `dns_name` - (optional) The fully qualified domain name (FQDN) to assign the KNFSD proxy cluster. This defaults to `{proxy_basename}.knfsd.internal.`.
+
+* `knfsd_nodes` - The number of instances (size) of the KNFSD instance group.
+
+## Outputs
+
+* `dns_name` - The DNS name that was created for the KNFSD proxy cluster.
+
+**NOTE:** `dns_name` is useful if you're creating other resources in the same Terraform configuration that depend on the DNS entry to create a dependency between the DNS entry and the other resources.

deployment/terraform-module-knfsd/modules/dns_round_robin/README.md

@@ -0,0 +1,88 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">=1.2.0"
+}
+
+data "google_compute_instance_group" "proxy" {
+  project   = var.project
+  self_link = var.instance_group
+
+  lifecycle {
+    postcondition {
+      condition     = self.instances != null
+      error_message = "No compute instances found for instance group \"${var.instance_group}\"."
+    }
+
+    postcondition {
+      condition     = length(self.instances) == var.knfsd_nodes
+      error_message = "Incorrect number of compute instances found, expected ${var.knfsd_nodes} but was ${length(self.instances)}."
+    }
+  }
+}
+
+data "google_compute_instance" "proxy" {
+  count     = var.knfsd_nodes
+  self_link = local.instances[count.index]
+}
+
+locals {
+  instances = tolist(data.google_compute_instance_group.proxy.instances)
+
+  ip_addresses = toset([
+    for vm in data.google_compute_instance.proxy :
+    vm.network_interface[0].network_ip
+  ])
+}
+
+resource "google_dns_managed_zone" "proxy" {
+  project     = var.project
+  name        = var.proxy_basename
+  dns_name    = coalesce(var.dns_name, "${var.proxy_basename}.knfsd.internal.")
+  description = "Internal DNS for KNFSD proxies"
+  visibility  = "private"
+
+  private_visibility_config {
+    dynamic "networks" {
+      for_each = coalesce(var.networks, [data.google_compute_instance_group.proxy.network])
+      content {
+        network_url = networks.value
+      }
+    }
+  }
+}
+
+resource "google_dns_record_set" "proxy" {
+  project      = var.project
+  managed_zone = google_dns_managed_zone.proxy.name
+
+  name = google_dns_managed_zone.proxy.dns_name
+  type = "A"
+  ttl  = 300
+
+  routing_policy {
+    dynamic "wrr" {
+      for_each = local.ip_addresses
+      iterator = ip
+
+      content {
+        weight  = 1
+        rrdatas = [ip.value]
+      }
+    }
+  }
+}

deployment/terraform-module-knfsd/modules/dns_round_robin/main.tf

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "dns_name" {
+  # Even though this effectively just echoes back var.dns_name this is still
+  # useful as it allows other resources to depend upon the A record having been
+  # created.
+  value = google_dns_record_set.proxy.name
+}

deployment/terraform-module-knfsd/modules/dns_round_robin/outputs.tf

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project" {
+  type    = string
+  default = ""
+}
+
+variable "networks" {
+  type    = set(string)
+  default = null
+}
+
+variable "instance_group" {
+  type = string
+}
+
+variable "proxy_basename" {
+  type = string
+}
+
+variable "dns_name" {
+  type = string
+}
+
+variable "knfsd_nodes" {
+  type = number
+}

deployment/terraform-module-knfsd/modules/dns_round_robin/variables.tf

@@ -2,7 +2,7 @@
 
 This module supports deploying an Internal TCP Load Balancer TCP (and optionally UDP) for the KNFSD proxy cluster.
 
-This module is not generally intended to be used directly, and is included by the main KNFSD proxy module when `LOADBALANCING_MODE = "loadbalancer"`.
+This module is not generally intended to be used directly, and is included by the main KNFSD proxy module when `TRAFFIC_DISTRIBUTION_MODE = "loadbalancer"`.
 
 ## Prerequisites
 

deployment/terraform-module-knfsd/modules/loadbalancer/README.md

@@ -14,25 +14,32 @@
  * limitations under the License.
  */
 
-// The IP Address of the Internal Load Balancer
 output "nfsproxy_loadbalancer_ipaddress" {
-  description = "The internal ip address for the nfsProxy load balancer:"
+  description = "The internal IP address of the load balancer."
   value       = one(google_compute_address.nfsproxy_static.*.address)
 }
 
-# The Internal DNS name of the Internal Load Balancer
 output "nfsproxy_loadbalancer_dnsaddress" {
-  description = "The internal dns entry address for the nfsProxy load balancer:"
+  description = "The internal DNS name of the load balancer."
   value       = one(module.loadbalancer.*.dns_name)
 }
 
+output "dns_name" {
+  description = "The internal DNS name of the KNFSD proxy instance group."
+  value = (
+    var.TRAFFIC_DISTRIBUTION_MODE == "loadbalancer" ? one(module.loadbalancer.*.dns_name) :
+    var.TRAFFIC_DISTRIBUTION_MODE == "dns_round_robin" ? one(module.dns_round_robin.*.dns_name) :
+    null
+  )
+}
+
 output "instance_group" {
-  description = "Full URL of the KNFSD proxy instance group."
+  description = "Full URL (self link) of the KNFSD proxy instance group."
   value       = google_compute_instance_group_manager.proxy-group.instance_group
 }
 
 output "instance_group_manager" {
-  description = "Full URL of the KNFSD proxy instance group manager."
+  description = "Full URL (self link) of the KNFSD proxy instance group manager."
   value       = google_compute_instance_group_manager.proxy-group.self_link
 }
 

deployment/terraform-module-knfsd/outputs.tf

@@ -100,11 +100,29 @@ variable "AUTO_CREATE_FIREWALL_RULES" {
   type    = bool
 }
 
+variable "TRAFFIC_DISTRIBUTION_MODE" {
+  type = string
+  validation {
+    condition     = contains(["dns_round_robin", "loadbalancer", "none"], var.TRAFFIC_DISTRIBUTION_MODE)
+    error_message = "Valid values for TRAFFIC_DISTRIBUTION_MODE are 'dns_round_robin', 'loadbalancer', and 'none'."
+  }
+}
+
 variable "LOADBALANCER_IP" {
   default = null
   type    = string
 }
 
+variable "DNS_NAME" {
+  default = ""
+  type    = string
+
+  validation {
+    condition     = var.DNS_NAME == "" || endswith(var.DNS_NAME, ".")
+    error_message = "DNS_NAME must end with tailing dot, for example \"knfsd.example.\" (note the tailing dot)."
+  }
+}
+
 variable "SERVICE_LABEL" {
   default = "dns"
   type    = string