Patch: Please refer to changelog for v1.2.1. Added IDS Endpoint, Dele…

…tionProtection \ Policy for SQL resources. Add ability to specify custom annotations on some resources
PurseChicken · Oct 19, 2024 · f2b4762 · f2b4762
1 parent b87b1f7
commit f2b4762
Show file tree

Hide file tree

Showing 17 changed files with 175 additions and 44 deletions.
diff --git a/charts/cnrm-chart/CHANGELOG.md b/charts/cnrm-chart/CHANGELOG.md
@@ -16,6 +16,37 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Deprecated
 - Removed -->
 
+## [v1.2.1] - 2024-10-18
+
+### Added
+
+- Ability to enable DeletionProtection for SQLInstance.
+- Ability to set Deletion Policy on SQL Database resources.
+- Automatically generate DNSManagedZone metadata name from name supplied in values.
+- Cloud IDS Endpoint resources can now be specified.
+- Ability to specify custom Annotations on the following resources:
+    - VPC Network
+    - Kubernetes Clusters
+    - Kubernetes Node Pools
+    - IAM Service Accounts
+    - Cloud SQL Instances
+    - Cloud IDS Endpoints
+
+### Fixed
+
+- Missing yaml extension on Compute Security Policy
+- Spacing in ChangeLog
+- "End" Templating
+
+### Removed
+
+- DNSManagedZone metadata name
+
+### Updated
+
+- Added Cloud IDS as supported resource in ReadMe.
+- Improved ReadMe verbiage.
+
 ## [v1.2.0] - 2023-11-7
 
 ### Added
@@ -88,6 +119,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 - Changed hardcoded stackType to be specified in values (defaults to 'IPV4_ONLY') in ComputeSubnetwork (VPC subnet)
 - stackType is omitted if setting purpose to 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'
+
 ## [v1.0.9] - 2023-06-01
 
 ### Added
@@ -99,6 +131,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Added
 
 - Added ability to configure cloud logging buckets (Org, Billing and Project levels)
+
 ## [v1.0.7] - 2023-04-10
 
 ### Changed
@@ -135,7 +168,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 - N/A
 
-
 ## [v1.0.0] - 2023-03-01
 
 ### Added

diff --git a/charts/cnrm-chart/README.md b/charts/cnrm-chart/README.md
@@ -12,7 +12,7 @@ This chart evolved from what was needed in specific use cases for an Organizatio
 
 # Prerequisites
 
-The methodology for the charts use is that you have an existing Kubernetes cluster running Config Connector. This Config Connector instance Service account must have "Project Creator" IAM permissions on the GCP Organization. This will allow you to use that Project\Cluster as your configuration cluster to then deploy all your other projects \ infrastructure from.
+The methodology for this charts use is that you have an existing Kubernetes cluster running Config Connector, or have a working instance of Config Connector that can be used to deploy everything from. This source Config Connector instance's Service account must have "Project Creator" IAM permissions on the GCP Organization where all of your Projects and resources will be deployed under. This will allow you to use your source Config Connector instance \ cluster to then deploy GCP projects and resources \ Infrastructure from.
 
 NOTE: This chart includes the option to include secrets using the [external-secrets operator](https://external-secrets.io/latest/). If you want to use this, you must ensure the operator is installed and configured correctly.
 
@@ -25,8 +25,10 @@ NOTE: This chart includes the option to include secrets using the [external-secr
 - Projects
 - API's
 - VPC networks
-- Kubernetes Clusters & Node Pools
-- IAM
+- Kubernetes Clusters
+- Kubernetes Node Pools
+- IAM Service Accounts
+- IAM Policies
 - Compute Addresses
 - Service Networking Connections
 - Cloud DNS
@@ -36,6 +38,7 @@ NOTE: This chart includes the option to include secrets using the [external-secr
 - Cloud SQL
 - Logging Buckets
 - Security Policies
+- Cloud IDS
 
 # Usage
 

diff --git a/charts/cnrm-chart/templates/cloudsql.yaml b/charts/cnrm-chart/templates/cloudsql.yaml
@@ -13,6 +13,11 @@ metadata:
     {{- else }}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     {{- end }}
+    {{- if .customAnnotations }}
+    {{- range $key, $value := .customAnnotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- end }}
     cnrm.cloud.google.com/project-id: {{ $projectName }}
   name: {{ $projectName }}-{{ .name }}
 spec:
@@ -26,8 +31,9 @@ spec:
     backupConfiguration:
       enabled: true
       pointInTimeRecoveryEnabled: true
-    # Not available until config connector 1.100.0
-    # deletionProtectionEnabled: true
+    {{- if .deletionProtectionEnabled }}
+    deletionProtectionEnabled: true
+    {{- end }}
     {{- if .databaseFlags }}
     databaseFlags:
       {{- range .databaseFlags }}
@@ -104,11 +110,12 @@ metadata:
   name: {{ $projectName }}-{{ $instanceName }}-{{ mustRegexReplaceAll "_" .name "-" }}
 spec:
   resourceID: {{ .name }}
-  # Not available until configconnector version 1.99.0
-  # deletionPolicy: "ABANDON"
+  {{- if .deletionPolicy }}
+  deletionPolicy: {{ .deletionPolicy | quote }}
+  {{- end }}
   instanceRef:
     name: {{ $projectName }}-{{ $instanceName }}
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/cnrm-chart/templates/computeaddress.yaml b/charts/cnrm-chart/templates/computeaddress.yaml
@@ -29,5 +29,5 @@ spec:
   networkRef:
     name: {{ $projectName }}-{{ .networkRef.name }}
   {{- end }}
-{{- end }}
-{{- end }}
+{{- end -}}
+{{- end -}}
diff --git a/...nrm-chart/templates/computesecuritypolicy → ...hart/templates/computesecuritypolicy.yaml b/...nrm-chart/templates/computesecuritypolicy → ...hart/templates/computesecuritypolicy.yaml
diff --git a/charts/cnrm-chart/templates/dns.yaml b/charts/cnrm-chart/templates/dns.yaml
@@ -15,7 +15,7 @@ metadata:
     cnrm.cloud.google.com/deletion-policy: "abandon"
     {{- end }}
     cnrm.cloud.google.com/project-id: {{ $projectName }}
-  name: {{ .metadataName }}
+  name: {{ mustRegexReplaceAll "\\." .name "-" }}
 spec:
   description: {{ .description }}
   dnsName: {{ .name }}.
@@ -52,6 +52,6 @@ spec:
   rrdatas:
     {{- toYaml .rrdatas | nindent 4 }}
   {{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/cnrm-chart/templates/externalsecrets.yaml b/charts/cnrm-chart/templates/externalsecrets.yaml
@@ -21,5 +21,5 @@ spec:
       remoteRef:
         key: {{ .remoteSecretKey }}
     {{- end }}
-{{- end }}
-{{- end }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/cnrm-chart/templates/gke.yaml b/charts/cnrm-chart/templates/gke.yaml
@@ -13,6 +13,11 @@ metadata:
     {{- else }}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     {{- end }}
+    {{- if .customAnnotations }}
+    {{- range $key, $value := .customAnnotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- end }}
     cnrm.cloud.google.com/project-id: {{ $projectName }}
     cnrm.cloud.google.com/remove-default-node-pool: "true"
   name: {{ $projectName }}-{{ .clusterName }}
@@ -55,11 +60,11 @@ spec:
   {{- if .monitoringConfig }}
   monitoringConfig:
     {{- toYaml .monitoringConfig | nindent 4 }}
-  {{- end -}}
+  {{- end }}
   {{- if .gatewayApiConfig }}
   gatewayApiConfig:
     channel: {{ .gatewayApiConfig.channel }}
-  {{- end -}}
+  {{- end }}
   {{- if .costManagementConfig }}
   costManagementConfig:
     enabled: true
@@ -77,6 +82,11 @@ metadata:
     {{- else }}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     {{- end }}
+    {{- if .customAnnotations }}
+    {{- range $key, $value := .customAnnotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- end }}
     cnrm.cloud.google.com/project-id: {{ $projectName }}
   name: {{ $projectName }}-{{ .name }}
 spec:

diff --git a/charts/cnrm-chart/templates/gkehub.yaml b/charts/cnrm-chart/templates/gkehub.yaml
@@ -55,7 +55,7 @@ spec:
       configMembershipRef:
         name: {{ $projectName }}-{{ .multiClusterIngress.mciName }}
   {{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/cnrm-chart/templates/iam.yaml b/charts/cnrm-chart/templates/iam.yaml
@@ -14,6 +14,11 @@ metadata:
     {{- else }}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     {{- end }}
+    {{- if .customAnnotations }}
+    {{- range $key, $value := .customAnnotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- end }}
     cnrm.cloud.google.com/project-id: {{ $projectName }}
   name: {{ $projectName }}-{{ .name }}
 spec:
@@ -64,7 +69,7 @@ spec:
     {{- end }}
   bindings:
     {{- toYaml .bindings | nindent 4 }}
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/cnrm-chart/templates/ids.yaml b/charts/cnrm-chart/templates/ids.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.ids }}
+{{- $allowResourceDeletion := .Values.allowResourceDeletion }}
+{{- $myprojectName := .Values.projectName | default .Release.Name }}
+{{- $projectName := .Values.projectID | default $myprojectName }}
+{{- range .Values.ids }}
+---
+apiVersion: cloudids.cnrm.cloud.google.com/v1beta1
+kind: CloudIDSEndpoint
+metadata:
+  annotations:
+    {{- if $allowResourceDeletion }}
+    cnrm.cloud.google.com/deletion-policy: "none"
+    {{- else }}
+    cnrm.cloud.google.com/deletion-policy: "abandon"
+    {{- end }}
+    {{- if .customAnnotations }}
+    {{- range $key, $value := .customAnnotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- end }}
+  name: {{ $projectName }}-{{ .name }}
+spec:
+  networkRef:
+    name: {{ $projectName }}-{{ .networkRefName }}
+  severity: {{ .severity }}
+  location: {{ .location }}
+  projectRef:
+    external: {{ $projectName }}
+  {{- if .threatExceptions }}
+  threatExceptions:
+    {{- toYaml .threatExceptions | nindent 4 }}
+  {{- end }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/cnrm-chart/templates/logging.yaml b/charts/cnrm-chart/templates/logging.yaml
@@ -38,7 +38,7 @@ spec:
   {{- if .retentionDays }}
   retentionDays: {{ .retentionDays }}
   {{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/cnrm-chart/templates/monitoring.yaml b/charts/cnrm-chart/templates/monitoring.yaml
@@ -80,7 +80,7 @@ metadata:
 spec:
   metricsScope: {{ .name }}
   resourceID: {{ $projectName }}
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/cnrm-chart/templates/project.yaml b/charts/cnrm-chart/templates/project.yaml
@@ -27,4 +27,4 @@ spec:
   billingAccountRef:
     external: {{ .Values.billingAccountId | quote }}
   {{- end }}
-{{- end }}
+{{- end -}}
diff --git a/charts/cnrm-chart/templates/servicenetworkingconnection.yaml b/charts/cnrm-chart/templates/servicenetworkingconnection.yaml
@@ -23,5 +23,5 @@ spec:
     - name: {{ $projectName }}-{{ .name }}
     {{- end }}
   service: {{ .service }}
-{{- end }}
-{{- end }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/cnrm-chart/templates/vpcnetwork.yaml b/charts/cnrm-chart/templates/vpcnetwork.yaml
@@ -13,6 +13,11 @@ metadata:
     {{- else }}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     {{- end }}
+    {{- if .customAnnotations }}
+    {{- range $key, $value := .customAnnotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- end }}
     cnrm.cloud.google.com/project-id: {{ $projectName }}
   name: {{ $projectName }}-{{ .networkName }}
 spec: