cloud-foundation-fabric/modules/service-directory/README.md

Google Cloud Service Directory Module

This module allows managing a single Service Directory namespace, including multiple services, endpoints and IAM bindings at the namespace and service levels.

It can be used in conjunction with the DNS module to create service-directory based DNS zones, offloading IAM control of A and SRV records at the namespace or service level to Service Directory. The last examples shows how to wire the two modules together.

Examples

Namespace with IAM

module "service-directory" {
  source      = "./modules/service-directory"
  project_id  = "my-project
  location    = "europe-west1"
  name        = "sd-1"
  iam_members = {
    "roles/servicedirectory.editor" = [
      "serviceAccount:namespace-editor@example.com"
    ]
  }
  iam_roles = [
    "roles/servicedirectory.editor"
  ]

Services with IAM and endpoints

module "service-directory" {
  source      = "./modules/service-directory"
  project_id  = "my-project
  location    = "europe-west1"
  name        = "sd-1"
  services = {
    one = {
      endpoints = ["first", "second"]
      metadata  = null
    }
  }
  service_iam_members = {
    one = {
      "roles/servicedirectory.editor" = [
        "serviceAccount:service-editor.example.com"
      ]
    }
  }
  service_iam_roles = {
    one = ["roles/servicedirectory.editor"]
  }
  endpoint_config = {
    "one/first"  = { address = "127.0.0.1", port = 80, metadata = {} }
    "one/second" = { address = "127.0.0.2", port = 80, metadata = {} }
  }
}

DNS based zone

TODO

module "service-directory" {
  source      = "./modules/service-directory"
  project_id  = "my-project
  location    = "europe-west1"
  name        = "sd-1"
}

Variables

name	description	type	required	default
location	Namespace location.	string	✓
name	Namespace name.	string	✓
project_id	Project used for resources.	string	✓
endpoint_config	Map of endpoint attributes, keys are in service/endpoint format.	map(object({...}))		{}
iam_members	IAM members for each namespace role.	map(list(string))		{}
iam_roles	IAM roles for the namespace.	list(string)		[]
labels	Labels.	map(string)		{}
service_iam_members	IAM members for each service and role.	map(map(list(string)))		{}
service_iam_roles	IAM roles for each service.	map(list(string))		{}
services	Service configuration, using service names as keys.	map(object({...}))		{}

Outputs

name	description	sensitive
endpoints	Endpoint resources.
id	Namespace id (short name).
name	Namespace name (long name).
namespace	Namespace resource.
service_id	Service ids (short names).
service_names	Service ids (long names).
services	Service resources.