Add GCP to terraform deployment examples (#433)

Adds Google Cloud deploymnet example to the "deployment-examples"
terraform directory.

deployment-examples/terraform/GCP/README.md

@@ -0,0 +1,35 @@
+# TODO
+
+Documentation coming soon.
+
+# TL;Dr
+```sh
+
+# First we need to apply the global config. This config
+# is unlikely to change much. The "dev" section below
+# depends on this "global" section to be applied first.
+# It is done this way to reduce cost of development, since
+# SSL certs costs ~$20 every time they are generated, so we
+# generate them only once and keep using the same one.
+#
+# Important: Once it is applied, you need to immediately
+# create a "NS" record to the domain specified in "gcp_dns_zone"
+# in the whatever DNS service you are using and point it to the
+# NS record specified by the GCP DNS zone it created.
+cd deployment-examples/terraform/GCP/deployments/global
+
+terraform init
+terraform apply \
+  -var gcp_project_id=project-name-goes-here \
+  -var gcp_dns_zone=my-domain.example.com \
+  -var gcp_region=us-central1 \
+  -var gcp_zone=us-central1-a
+
+# After "global" is applied we need to apply the "dev" section.
+# This is the majority of the configuration.
+cd deployment-examples/terraform/GCP/deployments/dev
+
+terraform init
+terraform apply \
+  -var gcp_project_id=project-name-goes-here
+```

deployment-examples/terraform/GCP/deployments/dev/main.tf

@@ -0,0 +1,38 @@
+# Copyright 2023 The Native Link Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "5.5.0"
+    }
+  }
+  required_version = ">= 1.6.3"
+}
+
+provider "google" {
+  project = var.gcp_project_id
+  region  = var.gcp_region
+  zone    = var.gcp_zone
+}
+
+module "native_link" {
+  source = "../../module"
+
+  gcp_project_id = var.gcp_project_id
+  gcp_region     = var.gcp_region
+  gcp_zone       = var.gcp_zone
+  project_prefix = var.project_prefix
+}

deployment-examples/terraform/GCP/deployments/dev/variables.tf

@@ -0,0 +1,33 @@
+# Copyright 2023 The Native Link Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "gcp_project_id" {
+  description = "Google cloud project ID"
+  default     = "my-gcp-project-id"
+}
+
+variable "gcp_region" {
+  description = "Google cloud region"
+  default     = "us-central1"
+}
+
+variable "gcp_zone" {
+  description = "Google cloud zone"
+  default     = "us-central1-b"
+}
+
+variable "project_prefix" {
+  description = "Prefix all names with this value"
+  default     = "nldev"
+}

deployment-examples/terraform/GCP/deployments/global/api_services.tf

@@ -0,0 +1,31 @@
+# Copyright 2023 The Native Link Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "google_project_service" "dns_api" {
+  service                    = "dns.googleapis.com"
+  disable_dependent_services = false
+  disable_on_destroy         = false
+}
+
+resource "google_project_service" "compute_api" {
+  service                    = "compute.googleapis.com"
+  disable_dependent_services = false
+  disable_on_destroy         = false
+}
+
+resource "google_project_service" "certificate_manager_api" {
+  service                    = "certificatemanager.googleapis.com"
+  disable_dependent_services = false
+  disable_on_destroy         = false
+}

deployment-examples/terraform/GCP/deployments/global/dns.tf

@@ -0,0 +1,28 @@
+# Copyright 2023 The Native Link Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "google_dns_managed_zone" "default" {
+  name        = "${var.project_prefix}-dns-zone"
+  dns_name    = "${var.gcp_dns_zone}."
+  description = "Base DNS zone for Native Link resources"
+  depends_on  = [google_project_service.dns_api]
+}
+
+resource "google_dns_record_set" "dns_authorization_wildcard_certificate" {
+  name         = google_certificate_manager_dns_authorization.default.dns_resource_record[0].name
+  managed_zone = google_dns_managed_zone.default.name
+  type         = google_certificate_manager_dns_authorization.default.dns_resource_record[0].type
+  ttl          = 300
+  rrdatas      = [google_certificate_manager_dns_authorization.default.dns_resource_record[0].data]
+}

deployment-examples/terraform/GCP/deployments/global/main.tf

@@ -0,0 +1,29 @@
+# Copyright 2023 The Native Link Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "4.84.0"
+    }
+  }
+  required_version = ">= 0.14.9"
+}
+
+provider "google" {
+  project = var.gcp_project_id
+  region  = var.gcp_region
+  zone    = var.gcp_zone
+}

deployment-examples/terraform/GCP/deployments/global/ssl_certs.tf

@@ -0,0 +1,55 @@
+# Copyright 2023 The Native Link Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: This call will cost $20 every time it is called.
+resource "google_certificate_manager_certificate" "default" {
+  name = "${var.project_prefix}-wildcard-ssl-certificate"
+
+  managed {
+    domains = [
+      "*.${google_certificate_manager_dns_authorization.default.domain}",
+      "${google_certificate_manager_dns_authorization.default.domain}"
+    ]
+    dns_authorizations = [
+      google_certificate_manager_dns_authorization.default.id
+    ]
+  }
+}
+
+resource "google_certificate_manager_dns_authorization" "default" {
+  name       = "${var.project_prefix}-dns-authorization"
+  domain     = var.gcp_dns_zone
+  depends_on = [google_project_service.certificate_manager_api]
+}
+
+resource "google_certificate_manager_certificate_map" "default" {
+  name       = "${var.project_prefix}-certificate-map"
+  depends_on = [google_project_service.certificate_manager_api]
+}
+
+resource "google_certificate_manager_certificate_map_entry" "default_certificate_entry" {
+  name         = "${var.project_prefix}-default-domain-entry"
+  description  = "${google_certificate_manager_dns_authorization.default.domain} certificate entry"
+  map          = google_certificate_manager_certificate_map.default.name
+  certificates = [google_certificate_manager_certificate.default.id]
+  hostname     = google_certificate_manager_dns_authorization.default.domain
+}
+
+resource "google_certificate_manager_certificate_map_entry" "sub_domain_certificate_entry" {
+  name         = "${var.project_prefix}-sub-domain-entry"
+  description  = "*.${google_certificate_manager_dns_authorization.default.domain} certificate entry"
+  map          = google_certificate_manager_certificate_map.default.name
+  certificates = [google_certificate_manager_certificate.default.id]
+  hostname     = "*.${google_certificate_manager_dns_authorization.default.domain}"
+}

deployment-examples/terraform/GCP/deployments/global/storage_buckets.tf

@@ -0,0 +1,23 @@
+# Copyright 2023 The Native Link Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "google_storage_bucket" "state_bucket" {
+  name          = "${var.project_prefix}-terraform-state-bucket-${var.gcp_project_id}"
+  force_destroy = false
+  location      = "US"
+  storage_class = "STANDARD"
+  versioning {
+    enabled = true
+  }
+}

deployment-examples/terraform/GCP/deployments/global/variables.tf

@@ -0,0 +1,38 @@
+# Copyright 2023 The Native Link Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "gcp_project_id" {
+  description = "Google cloud project ID"
+  default     = "my-gcp-project-id"
+}
+
+variable "gcp_dns_zone" {
+  description = "Base DNS zone"
+  default     = "example.com"
+}
+
+variable "gcp_region" {
+  description = "Google cloud region"
+  default     = "us-central1"
+}
+
+variable "gcp_zone" {
+  description = "Google cloud zone"
+  default     = "us-central1-b"
+}
+
+variable "project_prefix" {
+  description = "Prefix all names with this value"
+  default     = "nldev"
+}

deployment-examples/terraform/GCP/module/api_services.tf

@@ -0,0 +1,49 @@
+# Copyright 2023 The Native Link Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "google_project_service" "secret_manager_api" {
+  service                    = "secretmanager.googleapis.com"
+  disable_dependent_services = false
+  disable_on_destroy         = false
+}
+
+resource "google_project_service" "cloud_function_api" {
+  service                    = "cloudfunctions.googleapis.com"
+  disable_dependent_services = false
+  disable_on_destroy         = false
+}
+
+resource "google_project_service" "run_api" {
+  service                    = "run.googleapis.com"
+  disable_dependent_services = false
+  disable_on_destroy         = false
+}
+
+resource "google_project_service" "cloudbuild_api" {
+  service                    = "cloudbuild.googleapis.com"
+  disable_dependent_services = false
+  disable_on_destroy         = false
+}
+
+resource "google_project_service" "cloudscheduler_api" {
+  service                    = "cloudscheduler.googleapis.com"
+  disable_dependent_services = false
+  disable_on_destroy         = false
+}
+
+resource "google_project_service" "storage_api" {
+  service                    = "storage.googleapis.com"
+  disable_dependent_services = false
+  disable_on_destroy         = false
+}