Temporary project artificat infrastructure

Ref: #1758. Create a GCP project allowing II Coop folks to prototype cross-cloud artifact hosting infrastructure. Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
kubernetes · Apr 23, 2021 · 5d3c27e · 5d3c27e
1 parent 494c07d
commit 5d3c27e
Show file tree

Hide file tree

Showing 5 changed files with 108 additions and 0 deletions.
diff --git a/infra/gcp/clusters/.gitignore b/infra/gcp/clusters/.gitignore
@@ -1,4 +1,13 @@
 .terraform/
+.terraform.lock.hcl
+
+# .tfstate files
+*.tfstate
 *.tfstate*
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+*override.tf*
+
 crash.log
 .envrc
diff --git a/infra/gcp/clusters/projects/artifact-management-sandbox/OWNERS b/infra/gcp/clusters/projects/artifact-management-sandbox/OWNERS
@@ -0,0 +1,7 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+- BobyMCbobs
+- hh
+- Riaankl
+
diff --git a/infra/gcp/clusters/projects/artifact-management-sandbox/main.tf b/infra/gcp/clusters/projects/artifact-management-sandbox/main.tf
@@ -0,0 +1,59 @@
+
+/**
+ * Copyright 2021 The Kubernetes Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+ locals {
+     project_id = "k8s-infra-ii-sandbox"
+ }
+
+
+data "google_billing_account" "account" {
+  billing_account = "018801-93540E-22A20E"
+}
+
+data "google_organization" "org" {
+  domain = "kubernetes.io"
+}
+
+resource "google_project" "project" {
+    name = local.project_id
+    project_id = local.project_id
+    org_id = data.google_organization.org.org_id
+    billing_account = data.google_billing_account.account.id
+}
+
+
+resource "google_project_service" "project" {
+  project = google_project.project.id
+
+  for_each = toset([
+    "cloudbuild.googleapis.com",
+    "container.googleapis.com",
+    "containeranalysis.googleapis.com",
+    "containerregistry.googleapis.com",
+    "storage-component.googleapis.com"
+  ])
+
+  service = each.key
+}
+
+// Ensure k8s-infra-ii-coop@kuberentes.io has editor access to this project
+resource "google_project_iam_member" "k8s_infra_ii_coop" {
+  project = google_project.project.id
+  role    = "roles/owner"
+  member  = "group:k8s-infra-ii-coop@kuberentes.io"
+}
+
diff --git a/infra/gcp/clusters/projects/artifact-management-sandbox/provider.tf b/infra/gcp/clusters/projects/artifact-management-sandbox/provider.tf
@@ -0,0 +1,25 @@
+/*
+This file defines:
+- Required provider versions
+- Storage backend details
+*/
+
+terraform {
+
+  backend "gcs" {
+    bucket = "k8s-infra-clusters-terraform"
+    prefix = "artifact-management-sandbox"
+  }
+
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 3.46.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 3.46.0"
+    }
+  }
+}
diff --git a/infra/gcp/clusters/projects/artifact-management-sandbox/versions.tf b/infra/gcp/clusters/projects/artifact-management-sandbox/versions.tf
@@ -0,0 +1,8 @@
+/*
+This file defines:
+- Required Terraform version
+*/
+
+terraform {
+  required_version = "~> 0.13"
+}