zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

readme updates, removed default prefix, completed vpc-sc compatibility

This commit is contained in:
Maurizio Noseda Pedraglio 2022-11-10 12:44:17 +01:00
parent 06c2ae3d52
commit 2bc60e6dee
3 changed files with 40 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
blueprints/cloud-operations/network-dashboard/README.md
View File

@ -18,20 +18,22 @@ Clone this repository, then go through the following steps to create resources:
```tfvars
- organization_id = "<YOUR-ORG-ID>"
- billing_account = "<YOUR-BILLING-ACCOUNT>"
- monitoring_project_id = "<YOUR-MONITORING-PROJECT>" # Monitoring project where the dashboard will be created and the solution deployed, a project named "mon-network-dahshboard" will be created if left blank
- monitoring_project_id = "<YOUR-MONITORING-PROJECT>" # Monitoring project where the dashboard will be created and the solution deployed, a project named "<YOUR-PREFIX>-network-dahshboard" will be created if left blank
- metrics_project_id = "<YOUR-METRICS-PROJECT>" # Optional, overrides monitoring_project_id for metrics writing and dashboard deployment
- monitored_projects_list = ["project-1", "project2"] # Projects to be monitored by the solution
- monitored_folders_list = ["folder_id"] # Folders to be monitored by the solution
- prefix = "<YOUR-PREFIX>" # Monitoring project name prefix, monitoring project name is <YOUR-PREFIX>-network-dashboard, ignored if monitoring_project_id variable is provided
- v2 = true|false # Set to true to use V2 Cloud Functions environment
- vpc_connector_name = "<YOUR-VPC-CONNECTOR-NAME>" # when using vpc service controls, it is mandatory to use VPC Connectors, refer to [VPC-SC compliant Cloud Functions deployment documentation](https://cloud.google.com/functions/docs/securing/using-vpc-service-controls#deploy-compliant-functions) for a full reference of requirements.
```
- `terraform init`
- `terraform apply`
Once the resources are deployed, go to the following page to see the dashboard: https://console.cloud.google.com/monitoring/dashboards?project=<YOUR-MONITORING-PROJECT>.
Once the resources are deployed, go to the following page to see the dashboard: https://console.cloud.google.com/monitoring/dashboards?project=<YOUR-MONITORING-PROJECT> (or <YOUR-METRICS-PROJECT> if populated)
A dashboard called "quotas-utilization" should be created.
The Cloud Function runs every 10 minutes by default so you should start getting some data points after a few minutes.
You can use the metric explorer to view the data points for the different custom metrics created: https://console.cloud.google.com/monitoring/metrics-explorer?project=<YOUR-MONITORING-PROJECT>.
You can use the metric explorer to view the data points for the different custom metrics created: https://console.cloud.google.com/monitoring/metrics-explorer?project=<YOUR-MONITORING-PROJECT> (or <YOUR-METRICS-PROJECT> if populated).
You can change this frequency by modifying the "schedule_cron" variable in variables.tf.
Note that some charts in the dashboard align values over 1h so you might need to wait 1h to see charts on the dashboard views.
@ -67,7 +69,8 @@ Note that metrics are created in the cloud-function/metrics.yaml file. You can a
- The CF assumes global routing is ON, this impacts dynamic routes usage calculation
- The CF assumes custom routes importing/exporting is ON, this impacts static and dynamic routes usage calculation
- The CF assumes all networks in peering groups have the same global routing and custom routes sharing configuration
- When using VPC-SC, it is assumed that <YOUR-VPC-CONNECTOR-NAME> exists before the CF deployment starts
- If provided, <YOUR-METRICS-PROJECT> is assumed to exist before the CF deployment starts
## Next steps and ideas
In a future release, we could support:

18
blueprints/cloud-operations/network-dashboard/main.tf
View File

@ -21,6 +21,8 @@ locals {
folder_ids = toset(var.monitored_folders_list)
folders = join(",", local.folder_ids)
monitoring_project = var.monitoring_project_id == "" ? module.project-monitoring[0].project_id : var.monitoring_project_id
metrics_project = var.metrics_project_id == "" ? (var.monitoring_project_id == "" ? module.project-monitoring[0].project_id : var.monitoring_project_id) : var.metrics_project_id
}
################################################
@ -61,7 +63,7 @@ module "service-account-function" {
}
iam_project_roles = {
"${local.monitoring_project}" = [
"${local.metrics_project}" = [
"roles/monitoring.metricWriter",
]
}
@ -142,6 +144,13 @@ module "cloud-function" {
lifecycle_delete_age = null
}
region = var.region
vpc_connector = (var.vpc_connector_name != "" ?
{
create = false
name = var.vpc_connector_name
egress_settings = "ALL_TRAFFIC"
} : null)
bundle_config = {
source_dir = "cloud-function"
@ -161,7 +170,7 @@ module "cloud-function" {
environment_variables = {
MONITORED_PROJECTS_LIST = local.projects
MONITORED_FOLDERS_LIST = local.folders
MONITORING_PROJECT_ID = local.monitoring_project
MONITORING_PROJECT_ID = local.metrics_project
ORGANIZATION_ID = var.organization_id
CF_VERSION = var.cf_version
}
@ -170,6 +179,9 @@ module "cloud-function" {
# Internal only doesn't seem to work with CFv2:
ingress_settings = var.cf_version == "V2" ? "ALLOW_ALL" : "ALLOW_INTERNAL_ONLY"
trigger_config = {
event = "google.pubsub.topic.publish"
resource = module.pubsub.topic.id
@ -183,5 +195,5 @@ module "cloud-function" {
resource "google_monitoring_dashboard" "dashboard" {
dashboard_json = file("${path.module}/dashboards/quotas-utilization.json")
project = local.monitoring_project
project = local.metrics_project
}

20
blueprints/cloud-operations/network-dashboard/variables.tf
View File

@ -39,10 +39,17 @@ variable "monitored_projects_list" {
}
variable "monitoring_project_id" {
description = "Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string"
description = "Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string, if metrics_project_id is provided, metrics and dashboard will be deployed there "
default = ""
}
variable "metrics_project_id" {
description = "Optional, populate to write metrics and deploy the dashboard in a separated project"
default = ""
}
variable "organization_id" {
description = "The organization id for the associated services"
@ -50,7 +57,6 @@ variable "organization_id" {
variable "prefix" {
description = "Customer name to use as prefix for monitoring project"
default = "mon"
}
@ -88,3 +94,13 @@ variable "schedule_cron" {
description = "Cron format schedule to run the Cloud Function. Default is every 10 minutes."
default = "*/10 * * * *"
}
variable "vpc_connector_name" {
description = "Serverless VPC connection name for the Cloud Function"
default = ""
}