From 5d3c27e6b9f00f6a25bc5905341cc7a77ea3dc6e Mon Sep 17 00:00:00 2001
From: Arnaud Meukam <ameukam@gmail.com>
Date: Fri, 23 Apr 2021 00:21:09 +0200
Subject: [PATCH] Temporary project artificat infrastructure

Ref: https://github.com/kubernetes/k8s.io/issues/1758.

Create a GCP project allowing II Coop folks to prototype cross-cloud
artifact hosting infrastructure.

Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
---
 infra/gcp/clusters/.gitignore                 |  9 +++
 .../artifact-management-sandbox/OWNERS        |  7 +++
 .../artifact-management-sandbox/main.tf       | 59 +++++++++++++++++++
 .../artifact-management-sandbox/provider.tf   | 25 ++++++++
 .../artifact-management-sandbox/versions.tf   |  8 +++
 5 files changed, 108 insertions(+)
 create mode 100644 infra/gcp/clusters/projects/artifact-management-sandbox/OWNERS
 create mode 100644 infra/gcp/clusters/projects/artifact-management-sandbox/main.tf
 create mode 100644 infra/gcp/clusters/projects/artifact-management-sandbox/provider.tf
 create mode 100644 infra/gcp/clusters/projects/artifact-management-sandbox/versions.tf

diff --git a/infra/gcp/clusters/.gitignore b/infra/gcp/clusters/.gitignore
index b1fcfbefad6b..16a418f636a0 100644
--- a/infra/gcp/clusters/.gitignore
+++ b/infra/gcp/clusters/.gitignore
@@ -1,4 +1,13 @@
 .terraform/
+.terraform.lock.hcl
+
+# .tfstate files
+*.tfstate
 *.tfstate*
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+*override.tf*
+
 crash.log
 .envrc
diff --git a/infra/gcp/clusters/projects/artifact-management-sandbox/OWNERS b/infra/gcp/clusters/projects/artifact-management-sandbox/OWNERS
new file mode 100644
index 000000000000..e5dda929b970
--- /dev/null
+++ b/infra/gcp/clusters/projects/artifact-management-sandbox/OWNERS
@@ -0,0 +1,7 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+- BobyMCbobs
+- hh
+- Riaankl
+
diff --git a/infra/gcp/clusters/projects/artifact-management-sandbox/main.tf b/infra/gcp/clusters/projects/artifact-management-sandbox/main.tf
new file mode 100644
index 000000000000..0ae64e063ba8
--- /dev/null
+++ b/infra/gcp/clusters/projects/artifact-management-sandbox/main.tf
@@ -0,0 +1,59 @@
+
+/**
+ * Copyright 2021 The Kubernetes Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+ locals {
+     project_id = "k8s-infra-ii-sandbox"
+ }
+
+
+data "google_billing_account" "account" {
+  billing_account = "018801-93540E-22A20E"
+}
+
+data "google_organization" "org" {
+  domain = "kubernetes.io"
+}
+
+resource "google_project" "project" {
+    name = local.project_id
+    project_id = local.project_id
+    org_id = data.google_organization.org.org_id
+    billing_account = data.google_billing_account.account.id
+}
+
+
+resource "google_project_service" "project" {
+  project = google_project.project.id
+
+  for_each = toset([
+    "cloudbuild.googleapis.com",
+    "container.googleapis.com",
+    "containeranalysis.googleapis.com",
+    "containerregistry.googleapis.com",
+    "storage-component.googleapis.com"
+  ])
+
+  service = each.key
+}
+
+// Ensure k8s-infra-ii-coop@kuberentes.io has editor access to this project
+resource "google_project_iam_member" "k8s_infra_ii_coop" {
+  project = google_project.project.id
+  role    = "roles/owner"
+  member  = "group:k8s-infra-ii-coop@kuberentes.io"
+}
+
diff --git a/infra/gcp/clusters/projects/artifact-management-sandbox/provider.tf b/infra/gcp/clusters/projects/artifact-management-sandbox/provider.tf
new file mode 100644
index 000000000000..4352a6e96fe1
--- /dev/null
+++ b/infra/gcp/clusters/projects/artifact-management-sandbox/provider.tf
@@ -0,0 +1,25 @@
+/*
+This file defines:
+- Required provider versions
+- Storage backend details
+*/
+
+terraform {
+
+  backend "gcs" {
+    bucket = "k8s-infra-clusters-terraform"
+    prefix = "artifact-management-sandbox"
+  }
+
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 3.46.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 3.46.0"
+    }
+  }
+}
diff --git a/infra/gcp/clusters/projects/artifact-management-sandbox/versions.tf b/infra/gcp/clusters/projects/artifact-management-sandbox/versions.tf
new file mode 100644
index 000000000000..adf46849d8bd
--- /dev/null
+++ b/infra/gcp/clusters/projects/artifact-management-sandbox/versions.tf
@@ -0,0 +1,8 @@
+/*
+This file defines:
+- Required Terraform version
+*/
+
+terraform {
+  required_version = "~> 0.13"
+}