feat: (PSKD-709) Add support for Google NetApp volumes

Author: riragh

docs/CONFIG-VARS.md

@@ -17,7 +17,8 @@ Supported configuration variables are listed in the table below.  All variables
     - [Additional Nodepools](#additional-nodepools)
   - [Storage](#storage)
     - [For `storage_type=standard` only (NFS server VM)](#for-storage_typestandard-only-nfs-server-vm)
-    - [For `storage_type=ha` only (Google Filestore)](#for-storage_typeha-only-google-filestore) #TODO
+    - [For `storage_type=ha` with Google Filestore](#for-storage_typeha-with-google-filestore)
+    - [For `storage_type=ha` with Google NetApp Volumes](#for-storage_typeha-with-google-netapp-volumes)
   - [Google Artifact Registry (GAR) and Google Container Registry (GCR)](#google-artifact-registry-gar-and-google-container-registry-gcr)
   - [Postgres Servers](#postgres-servers)
   - [Monitoring](#monitoring)
@@ -212,6 +213,7 @@ stateful = {
 | Name | Description | Type | Default | Notes |
 | :--- | ---: | ---: | ---: | ---: |
 | storage_type | Type of Storage. Valid Values: "standard", "ha"  | string | "standard" |  "standard" creates NFS server VM, "ha" Google Filestore instance |
+| storage_type_backend | The storage backend for the chosen `storage_type`. | string | If `storage_type=standard` the default is "nfs";<br>If `storage_type=ha` the default is "filestore" | Valid Values: "nfs" if `storage_type=standard`; "filestore" or "netapp" if `storage_type=ha` |
 
 ### For `storage_type=standard` only (NFS server VM)
 
@@ -221,13 +223,26 @@ stateful = {
 | nfs_vm_admin | OS Admin User for the NFS server VM | string | "nfsuser" | The NFS server VM is only created when storage_type="standard" |
 | nfs_raid_disk_size | Size in Gb for each disk of the RAID5 cluster on the NFS server VM | number | 1000 | The NFS server VM is only created when storage_type="standard" |
 
-### For `storage_type=ha` only (Google Filestore)
+### For `storage_type=ha` with Google Filestore
 
 | Name | Description | Type | Default | Notes |
 | :--- | ---: | ---: | ---: | ---: |
 | filestore_tier | The service tier for the Google Filestore Instance | string | "BASIC_HDD" | Valid Values: "BASIC_HDD", "BASIC_SSD" (previously called "STANDARD" and "PREMIUM" respectively.)  |
 | filestore_size_in_gb | Size in GB of Filesystem in the Google Filestore Instance | number | 1024 for BASIC_HDD, 2560 for BASIC_SDD | 2560 GB is the minimum size for the BASIC_SSD tier. The BASIC_HDD tier allows a minimum size of 1024 GB. |
 
+### For `storage_type=ha` with Google NetApp Volumes
+
+When `storage_type=ha` and `storage_type_backend=netapp` are specified, [Google NetApp Volumes](https://cloud.google.com/netapp/volumes/docs/discover/overview) service is created. Before using this storage option,
+- Enable the Google Cloud NetApp Volumes API for your project, see how to enable [here](https://cloud.google.com/netapp/volumes/docs/get-started/configure-access/initiate-console-settings#enable_the_api).
+- Grant access to NetApp Volumes operations by granting IAM roles to users. The two predefined roles are `roles/netapp.admin` and `roles/netapp.viewer`. You can assign these roles to specific users or service accounts.
+
+| Name | Description | Type | Default | Notes |
+| :--- | ---: | ---: | ---: | ---: |
+| netapp_service_level | The service level of the storage pool. | string | "PREMIUM" | Valid Values are: PREMIUM, EXTREME, STANDARD, FLEX. |
+| netapp_protocols | The target volume protocol expressed as a list. | list(string) | Each value may be one of: NFSV3, NFSV4, SMB. Currently, only NFS is supported. |
+| netapp_capacity_gib | Capacity of the storage pool (in GiB). Storage Pool capacity specified must be between 2048 GiB and 10485760 GiB. | string | "2048" | |
+| netapp_volume_path | A unique file path for the volume. Used when creating mount targets. Needs to be unique per location.| string | "export" | |
+
 ## Google Artifact Registry (GAR) and Google Container Registry (GCR)
 
 | Name | Description | Type | Default | Notes |

examples/sample-input-ha.tfvars

@@ -94,5 +94,6 @@ jump_vm_admin         = "jumpuser"
 # Storage for Viya Compute Services
 # Supported storage_type values
 #    "standard" - Custom managed NFS Server VM and disks
-#    "ha"       - Google Filestore  
+#    "ha"       - Google Filestore  or Google NetApp Volumes
 storage_type = "ha"
+storage_type_backend = "filestore"  # "filestore" is the default, use "netapp" to create Google NetApp Volumes

main.tf

@@ -307,13 +307,13 @@ module "google_netapp" {
 
   count = var.storage_type == "ha" && var.storage_type_backend == "netapp" ? 1 : 0
 
-  prefix             = var.prefix
-  region             = local.region
-  network            = module.vpc.network_name
-  service_level      = var.netapp_service_level
-  capacity_gib       = var.netapp_capacity_gib
-  protocols          = var.netapp_protocols
+  prefix        = var.prefix
+  region        = local.region
+  network       = module.vpc.network_name
+  service_level = var.netapp_service_level
+  capacity_gib  = var.netapp_capacity_gib
+  protocols     = var.netapp_protocols
   # netapp_subnet_cidr = var.netapp_subnet_cidr
-  volume_path        = "${var.prefix}-${var.netapp_volume_path}"
-  allowed_clients    = join(",", [local.gke_subnet_cidr, local.misc_subnet_cidr])
+  volume_path     = "${var.prefix}-${var.netapp_volume_path}"
+  allowed_clients = join(",", [local.gke_subnet_cidr, local.misc_subnet_cidr])
 }

modules/google_netapp/main.tf

@@ -19,6 +19,10 @@ resource "google_service_networking_connection" "default" {
   network                 = var.network
   service                 = "netapp.servicenetworking.goog"
   reserved_peering_ranges = [google_compute_global_address.private_ip_alloc.name]
+
+  depends_on = [
+    google_compute_global_address.private_ip_alloc
+  ]
 }
 
 # Modify the PSA Connection to allow import/export of custom routes
@@ -36,6 +40,10 @@ resource "google_netapp_storage_pool" "netapp-tf-pool" {
   service_level = var.service_level
   capacity_gib  = var.capacity_gib
   network       = var.network
+
+  lifecycle {
+    ignore_changes = [network]
+  }
 }
 
 resource "google_netapp_volume" "netapp-nfs-volume" {

outputs.tf

@@ -28,7 +28,7 @@ output "rwx_filestore_endpoint" {
   value = (var.storage_type == "none"
     ? null
     : var.storage_type == "ha" && var.storage_type_backend == "filestore" ? google_filestore_instance.rwx[0].networks[0].ip_addresses[0]
-    : var.storage_type == "ha" && var.storage_type_backend == "netapp" ? try(module.google_netapp.mountpath, null) : module.nfs_server[0].private_ip # TODO
+    : var.storage_type == "ha" && var.storage_type_backend == "netapp" ? module.google_netapp[0].export_ip : module.nfs_server[0].private_ip
   )
 }
 
@@ -37,7 +37,7 @@ output "rwx_filestore_path" {
   value = (var.storage_type == "none"
     ? null
     : var.storage_type == "ha" && var.storage_type_backend == "filestore" ? "/${google_filestore_instance.rwx[0].file_shares[0].name}"
-    : var.storage_type == "ha" && var.storage_type_backend == "netapp" ? try("/${module.google_netapp.mountpath}", null) : "/export"
+    : var.storage_type == "ha" && var.storage_type_backend == "netapp" ? "${module.google_netapp[0].mountpath}" : "/export"
   )
 }
 

variables.tf

@@ -451,9 +451,14 @@ variable "netapp_service_level" {
 }
 
 variable "netapp_protocols" {
-  description = "The target volume protocol expressed as a list. Allowed combinations are ['NFSV3'], ['NFSV4'], ['SMB'], ['NFSV3', 'NFSV4'], ['SMB', 'NFSV3'] and ['SMB', 'NFSV4']. Each value may be one of: NFSV3, NFSV4, SMB."
+  description = "The target volume protocol expressed as a list. Each value may be one of: NFSV3, NFSV4, SMB. Currently, only NFS is supported."
   type        = list(string)
   default     = ["NFSV4"]
+
+  validation {
+    condition     = var.netapp_protocols != null ? startswith(var.netapp_protocols[0], "NFS") : null
+    error_message = "ERROR: Currently, only NFS protocol is supported."
+  }
 }
 
 variable "netapp_capacity_gib" {

vms.tf

@@ -12,6 +12,8 @@ locals {
     : var.storage_type == "ha" && var.storage_type_backend == "filestore" ? "/${google_filestore_instance.rwx[0].file_shares[0].name}"
     : var.storage_type == "ha" && var.storage_type_backend == "netapp" ? "/${module.google_netapp[0].mountpath}" : "/export"
   )
+  protocol_version = var.storage_type == "ha" && var.storage_type_backend == "netapp" ? split("V", var.netapp_protocols[0])[1] == "4" ? "4.1" : "3" : "3"
+
 }
 
 module "nfs_server" {
@@ -70,7 +72,7 @@ module "jump_server" {
         ["${local.rwx_filestore_endpoint}:${local.rwx_filestore_path}",
           var.jump_rwx_filestore_path,
           "nfs",
-          "_netdev,auto,x-systemd.automount,x-systemd.mount-timeout=10,timeo=14,x-systemd.idle-timeout=1min,relatime,hard,rsize=65536,wsize=65536,vers=3,tcp,namlen=255,retrans=2,sec=sys,local_lock=none",
+          "_netdev,auto,x-systemd.automount,x-systemd.mount-timeout=10,timeo=14,x-systemd.idle-timeout=1min,relatime,hard,rsize=65536,wsize=65536,vers=${local.protocol_version},tcp,namlen=255,retrans=2,sec=sys,local_lock=none",
           "0",
           "0"
       ])