From 2bc60e6dee1bab837e12403cbabef7cbb551d61f Mon Sep 17 00:00:00 2001 From: Maurizio Noseda Pedraglio Date: Thu, 10 Nov 2022 12:44:17 +0100 Subject: [PATCH] readme updates, removed default prefix, completed vpc-sc compatibility --- .../network-dashboard/README.md | 11 ++++++---- .../network-dashboard/main.tf | 18 ++++++++++++++--- .../network-dashboard/variables.tf | 20 +++++++++++++++++-- 3 files changed, 40 insertions(+), 9 deletions(-) diff --git a/blueprints/cloud-operations/network-dashboard/README.md b/blueprints/cloud-operations/network-dashboard/README.md index 15f06dae..995467a2 100644 --- a/blueprints/cloud-operations/network-dashboard/README.md +++ b/blueprints/cloud-operations/network-dashboard/README.md @@ -18,20 +18,22 @@ Clone this repository, then go through the following steps to create resources: ```tfvars - organization_id = "" - billing_account = "" - - monitoring_project_id = "" # Monitoring project where the dashboard will be created and the solution deployed, a project named "mon-network-dahshboard" will be created if left blank + - monitoring_project_id = "" # Monitoring project where the dashboard will be created and the solution deployed, a project named "-network-dahshboard" will be created if left blank + - metrics_project_id = "" # Optional, overrides monitoring_project_id for metrics writing and dashboard deployment - monitored_projects_list = ["project-1", "project2"] # Projects to be monitored by the solution - monitored_folders_list = ["folder_id"] # Folders to be monitored by the solution - prefix = "" # Monitoring project name prefix, monitoring project name is -network-dashboard, ignored if monitoring_project_id variable is provided - v2 = true|false # Set to true to use V2 Cloud Functions environment + - vpc_connector_name = "" # when using vpc service controls, it is mandatory to use VPC Connectors, refer to [VPC-SC compliant Cloud Functions deployment documentation](https://cloud.google.com/functions/docs/securing/using-vpc-service-controls#deploy-compliant-functions) for a full reference of requirements. ``` - `terraform init` - `terraform apply` -Once the resources are deployed, go to the following page to see the dashboard: https://console.cloud.google.com/monitoring/dashboards?project=. +Once the resources are deployed, go to the following page to see the dashboard: https://console.cloud.google.com/monitoring/dashboards?project= (or if populated) A dashboard called "quotas-utilization" should be created. The Cloud Function runs every 10 minutes by default so you should start getting some data points after a few minutes. -You can use the metric explorer to view the data points for the different custom metrics created: https://console.cloud.google.com/monitoring/metrics-explorer?project=. +You can use the metric explorer to view the data points for the different custom metrics created: https://console.cloud.google.com/monitoring/metrics-explorer?project= (or if populated). You can change this frequency by modifying the "schedule_cron" variable in variables.tf. Note that some charts in the dashboard align values over 1h so you might need to wait 1h to see charts on the dashboard views. @@ -67,7 +69,8 @@ Note that metrics are created in the cloud-function/metrics.yaml file. You can a - The CF assumes global routing is ON, this impacts dynamic routes usage calculation - The CF assumes custom routes importing/exporting is ON, this impacts static and dynamic routes usage calculation - The CF assumes all networks in peering groups have the same global routing and custom routes sharing configuration - +- When using VPC-SC, it is assumed that exists before the CF deployment starts +- If provided, is assumed to exist before the CF deployment starts ## Next steps and ideas In a future release, we could support: diff --git a/blueprints/cloud-operations/network-dashboard/main.tf b/blueprints/cloud-operations/network-dashboard/main.tf index 9d6122ca..a55b6316 100644 --- a/blueprints/cloud-operations/network-dashboard/main.tf +++ b/blueprints/cloud-operations/network-dashboard/main.tf @@ -21,6 +21,8 @@ locals { folder_ids = toset(var.monitored_folders_list) folders = join(",", local.folder_ids) monitoring_project = var.monitoring_project_id == "" ? module.project-monitoring[0].project_id : var.monitoring_project_id + + metrics_project = var.metrics_project_id == "" ? (var.monitoring_project_id == "" ? module.project-monitoring[0].project_id : var.monitoring_project_id) : var.metrics_project_id } ################################################ @@ -61,7 +63,7 @@ module "service-account-function" { } iam_project_roles = { - "${local.monitoring_project}" = [ + "${local.metrics_project}" = [ "roles/monitoring.metricWriter", ] } @@ -142,6 +144,13 @@ module "cloud-function" { lifecycle_delete_age = null } region = var.region + vpc_connector = (var.vpc_connector_name != "" ? + { + create = false + name = var.vpc_connector_name + egress_settings = "ALL_TRAFFIC" + } : null) + bundle_config = { source_dir = "cloud-function" @@ -161,7 +170,7 @@ module "cloud-function" { environment_variables = { MONITORED_PROJECTS_LIST = local.projects MONITORED_FOLDERS_LIST = local.folders - MONITORING_PROJECT_ID = local.monitoring_project + MONITORING_PROJECT_ID = local.metrics_project ORGANIZATION_ID = var.organization_id CF_VERSION = var.cf_version } @@ -170,6 +179,9 @@ module "cloud-function" { # Internal only doesn't seem to work with CFv2: ingress_settings = var.cf_version == "V2" ? "ALLOW_ALL" : "ALLOW_INTERNAL_ONLY" + + + trigger_config = { event = "google.pubsub.topic.publish" resource = module.pubsub.topic.id @@ -183,5 +195,5 @@ module "cloud-function" { resource "google_monitoring_dashboard" "dashboard" { dashboard_json = file("${path.module}/dashboards/quotas-utilization.json") - project = local.monitoring_project + project = local.metrics_project } diff --git a/blueprints/cloud-operations/network-dashboard/variables.tf b/blueprints/cloud-operations/network-dashboard/variables.tf index b370cd08..708ddc33 100644 --- a/blueprints/cloud-operations/network-dashboard/variables.tf +++ b/blueprints/cloud-operations/network-dashboard/variables.tf @@ -39,10 +39,17 @@ variable "monitored_projects_list" { } variable "monitoring_project_id" { - description = "Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string" + description = "Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string, if metrics_project_id is provided, metrics and dashboard will be deployed there " default = "" } +variable "metrics_project_id" { + description = "Optional, populate to write metrics and deploy the dashboard in a separated project" + default = "" +} + + + variable "organization_id" { description = "The organization id for the associated services" @@ -50,7 +57,6 @@ variable "organization_id" { variable "prefix" { description = "Customer name to use as prefix for monitoring project" - default = "mon" } @@ -88,3 +94,13 @@ variable "schedule_cron" { description = "Cron format schedule to run the Cloud Function. Default is every 10 minutes." default = "*/10 * * * *" } + + +variable "vpc_connector_name" { + description = "Serverless VPC connection name for the Cloud Function" + default = "" +} + + + +