Skip to content

nlamirault/terraform-google-velero

Repository files navigation

Velero into Google Cloud Platform

Tfsec

Usage

module "velero" {
  source  = "nlamirault/velero/google"
  version = "1.0.0"

  project = var.project

  bucket_location      = var.bucket_location
  bucket_storage_class = var.bucket_storage_class
  bucket_labels        = var.bucket_labels

  namespace       = var.namespace
  service_account = var.service_account

  keyring_location = var.keyring_location
}

and variables :

project = "foo-prod"

region = "europe-west1"

##############################################################################
# Velero

bucket_location      = "europe-west1"
bucket_storage_class = "STANDARD"
bucket_labels        = {
  env      = "prod"
  service  = "velero"
  made-by  = "terraform"
}

namespace       = "storage"
service_account = "velero"

keyring_location = "europe-west1"

Documentation

Requirements

Name Version
terraform >= 1.0.0
google >= 4.0.0

Providers

Name Version
google >= 4.0.0

Modules

Name Source Version
bucket terraform-google-modules/cloud-storage/google//modules/simple_bucket 3.1.0
custom_role terraform-google-modules/iam/google//modules/custom_role_iam 7.4.0
iam_service_accounts terraform-google-modules/iam/google//modules/service_accounts_iam 7.4.0
iam_storage_buckets terraform-google-modules/iam/google//modules/storage_buckets_iam 7.4.0
kms terraform-google-modules/kms/google 2.1.0
service_account terraform-google-modules/service-accounts/google 4.0.3

Resources

Name Type
google_storage_project_service_account.gcs_account data source

Inputs

Name Description Type Default Required
bucket_labels Map of labels to apply to the bucket map(string)
{
"made-by": "terraform"
}
no
bucket_location The bucket location string n/a yes
bucket_storage_class Bucket storage class. string "MULTI_REGIONAL" no
enable_kms Enable custom KMS key bool n/a yes
keyring_location The KMS keyring location string n/a yes
keys Key names. list(string) [] no
kms_labels Map of labels to apply to the KMS resources map(string)
{
"made-by": "terraform"
}
no
lifecycle_rules The bucket's Lifecycle Rules configuration.
list(object({
# Object with keys:
# - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.
# - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.
action = any

# Object with keys:
# - age - (Optional) Minimum age of an object in days to satisfy this condition.
# - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
# - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".
# - matches_storage_class - (Optional) Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.
# - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
condition = any
}))
[
{
"action": {
"type": "Delete"
},
"condition": {
"age": 365,
"with_state": "ANY"
}
}
]
no
namespace The Kubernetes namespace string n/a yes
owners List of comma-separated owners for each key declared in set_owners_for. list(string) [] no
project The project in which the resource belongs string n/a yes
service_account The Kubernetes service account string n/a yes

Outputs

Name Description
service_account Service Account for Velero
bucket_name Velero Bucket name