PLAT-8825 Add EFS to NetApp migration support. (#270)

dominodatalab · Oct 24, 2024 · 9a2d18b · 9a2d18b
1 parent 5f3a20b
commit 9a2d18b
Show file tree

Hide file tree

Showing 30 changed files with 521 additions and 105 deletions.
diff --git a/examples/deploy/terraform/cluster.tfvars b/examples/deploy/terraform/cluster.tfvars
@@ -1,10 +1,9 @@
 eks = {
-  service_ipv4_cidr  = null
   cluster_addons     = null
   creation_role_name = null
   custom_role_maps   = null
   identity_providers = null
-  k8s_version        = "1.27"
+  k8s_version        = null
   kubeconfig = {
     extra_args = null
     path       = null
@@ -14,9 +13,31 @@ eks = {
     cidrs   = null
     enabled = null
   }
+  service_ipv4_cidr  = null
   ssm_log_group_name = null
   vpc_cni            = null
 }
-kms_info = null
-
+external_deployments_operator = {
+  bucket_suffix                   = "external-deployments"
+  enable_assume_any_external_role = true
+  enable_in_account_deployments   = true
+  enabled                         = false
+  namespace                       = "domino-compute"
+  operator_role_suffix            = "external-deployments-operator"
+  operator_service_account_name   = "pham-juno-operator"
+  repository_suffix               = "external-deployments"
+}
+irsa_external_dns = {
+  enabled          = false
+  hosted_zone_name = null
+  namespace        = null
+  rm_role_policy = {
+    detach_from_role = false
+    policy_name      = ""
+    remove           = false
+  }
+  serviceaccount_name = null
+}
+irsa_policies     = []
+kms_info          = null
 use_fips_endpoint = false
diff --git a/examples/deploy/terraform/cluster/main.tf b/examples/deploy/terraform/cluster/main.tf
@@ -18,7 +18,7 @@ module "eks" {
 
   ssh_key             = local.infra.ssh_key
   node_iam_policies   = local.infra.node_iam_policies
-  efs_security_group  = local.infra.efs_security_group
+  storage_info        = local.infra.storage
   eks                 = var.eks
   network_info        = local.infra.network
   kms_info            = local.kms

diff --git a/examples/deploy/terraform/infra.tfvars b/examples/deploy/terraform/infra.tfvars
@@ -2,6 +2,9 @@ additional_node_groups = {}
 bastion                = null
 default_node_groups    = null
 deploy_id              = null
+domino_cur = {
+  provision_cost_usage_report = false
+}
 eks = {
   cluster_addons     = null
   creation_role_name = null
@@ -18,10 +21,12 @@ eks = {
     cidrs   = null
     enabled = null
   }
+  service_ipv4_cidr  = null
   ssm_log_group_name = null
   vpc_cni            = null
 }
-kms = null
+ignore_tags = []
+kms         = null
 network = {
   cidrs = {
     pod = "100.64.0.0/16"
@@ -45,6 +50,7 @@ network = {
 region           = null
 ssh_pvt_key_path = null
 storage = {
+  costs_enabled = true
   ecr = {
     force_destroy_on_deletion = true
   }
@@ -60,14 +66,38 @@ storage = {
       force_destroy = true
     }
   }
+  enable_remote_backup = false
+  filesystem_type      = "efs"
+  netapp = {
+    automatic_backup_retention_days   = 90
+    daily_automatic_backup_start_time = "00:00"
+    deployment_type                   = "SINGLE_AZ_1"
+    migrate_from_efs = {
+      datasync = {
+        enabled  = true
+        schedule = "cron(0 * * * ? *)"
+      }
+      enabled = true
+    }
+    storage_capacity = 1024
+    storage_capacity_autosizing = {
+      enabled                    = false
+      notification_email_address = ""
+      percent_capacity_increase  = 30
+      threshold                  = 70
+    }
+    throughput_capacity = 128
+    volume = {
+      create                     = true
+      junction_path              = "/domino"
+      name_suffix                = "domino_shared_storage"
+      size_in_megabytes          = 1099511
+      storage_efficiency_enabled = true
+    }
+  }
   s3 = {
     force_destroy_on_deletion = true
   }
 }
-tags = null
-
-domino_cur = {
-  provision_cost_usage_report = false
-}
-
+tags              = null
 use_fips_endpoint = false
diff --git a/examples/deploy/terraform/infra/README.md b/examples/deploy/terraform/infra/README.md
@@ -37,7 +37,7 @@ No resources.
 | <a name="input_network"></a> [network](#input\_network) | vpc = {<br>      id = Existing vpc id, it will bypass creation by this module.<br>      subnets = {<br>        private = Existing private subnets.<br>        public  = Existing public subnets.<br>        pod     = Existing pod subnets.<br>      }), {})<br>    }), {})<br>    network\_bits = {<br>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>    }<br>    cidrs = {<br>      vpc     = The IPv4 CIDR block for the VPC.<br>      pod     = The IPv4 CIDR block for the Pod subnets.<br>    }<br>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br>    vpc = optional(object({<br>      id = optional(string, null)<br>      subnets = optional(object({<br>        private = optional(list(string), [])<br>        public  = optional(list(string), [])<br>        pod     = optional(list(string), [])<br>      }), {})<br>    }), {})<br>    network_bits = optional(object({<br>      public  = optional(number, 27)<br>      private = optional(number, 19)<br>      pod     = optional(number, 19)<br>      }<br>    ), {})<br>    cidrs = optional(object({<br>      vpc = optional(string, "10.0.0.0/16")<br>      pod = optional(string, "100.64.0.0/16")<br>    }), {})<br>    use_pod_cidr = optional(bool, true)<br>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_ssh_pvt_key_path"></a> [ssh\_pvt\_key\_path](#input\_ssh\_pvt\_key\_path) | SSH private key filepath. | `string` | n/a | yes |
-| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>    }<br>  } | <pre>object({<br>    efs = optional(object({<br>      access_point_path = optional(string, "/domino")<br>      backup_vault = optional(object({<br>        create        = optional(bool, true)<br>        force_destroy = optional(bool, true)<br>        backup = optional(object({<br>          schedule           = optional(string, "0 12 * * ? *")<br>          cold_storage_after = optional(number, 35)<br>          delete_after       = optional(number, 125)<br>        }), {})<br>      }), {})<br>    }), {})<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {})<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {})<br>  })</pre> | `{}` | no |
+| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br>      filesystem\_type = File system type(netapp\|efs)<br>      efs = {<br>        access\_point\_path = Filesystem path for efs.<br>        backup\_vault = {<br>          create        = Create backup vault for EFS toggle.<br>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br>          backup = {<br>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br>            cold\_storage\_after = Move backup data to cold storage after this many days.<br>            delete\_after       = Delete backup data after this many days.<br>          }<br>        }<br>      }<br>      netapp = {<br>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br>        storage\_capacity = Filesystem Storage capacity<br>        throughput\_capacity = Filesystem throughput capacity<br>        automatic\_backup\_retention\_days = How many days to keep backups<br>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br><br>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br>          enabled                     = Enable automatic storage capacity increase.<br>          threshold                  = Used storage capacity threshold.<br>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br>          notification\_email\_address = The email address for alarm notification.<br>        }))<br>      }<br>      s3 = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br>      }<br>      ecr = {<br>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br>      }<br>      enable\_remote\_backup = Enable tagging required for cross-account backups<br>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br>    }<br>  } | <pre>object({<br>    filesystem_type = optional(string, "efs")<br>    efs = optional(object({<br>      access_point_path = optional(string, "/domino")<br>      backup_vault = optional(object({<br>        create        = optional(bool, true)<br>        force_destroy = optional(bool, true)<br>        backup = optional(object({<br>          schedule           = optional(string, "0 12 * * ? *")<br>          cold_storage_after = optional(number, 35)<br>          delete_after       = optional(number, 125)<br>        }), {})<br>      }), {})<br>    }), {})<br>    netapp = optional(object({<br>      migrate_from_efs = optional(object({<br>        enabled = optional(bool, false)<br>        datasync = optional(object({<br>          enabled  = optional(bool, false)<br>          target   = optional(string, "netapp")<br>          schedule = optional(string, "cron(0 * * * ? *)")<br>        }), {})<br>      }), {})<br>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br>      storage_capacity                  = optional(number, 1024)<br>      throughput_capacity               = optional(number, 128)<br>      automatic_backup_retention_days   = optional(number, 90)<br>      daily_automatic_backup_start_time = optional(string, "00:00")<br>      storage_capacity_autosizing = optional(object({<br>        enabled                    = optional(bool, false)<br>        threshold                  = optional(number, 70)<br>        percent_capacity_increase  = optional(number, 30)<br>        notification_email_address = optional(string, "")<br>      }), {})<br>      volume = optional(object({<br>        create                     = optional(bool, true)<br>        name_suffix                = optional(string, "domino_shared_storage")<br>        storage_efficiency_enabled = optional(bool, true)<br>        junction_path              = optional(string, "/domino")<br>        size_in_megabytes          = optional(number, 1099511)<br>      }), {})<br>    }), {})<br>    s3 = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {})<br>    ecr = optional(object({<br>      force_destroy_on_deletion = optional(bool, true)<br>    }), {}),<br>    enable_remote_backup = optional(bool, false)<br>    costs_enabled        = optional(bool, true)<br>  })</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | n/a | yes |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 

diff --git a/examples/deploy/terraform/infra/variables.tf b/examples/deploy/terraform/infra/variables.tf
@@ -201,6 +201,7 @@ variable "additional_node_groups" {
 variable "storage" {
   description = <<EOF
     storage = {
+      filesystem_type = File system type(netapp|efs)
       efs = {
         access_point_path = Filesystem path for efs.
         backup_vault = {
@@ -213,16 +214,34 @@ variable "storage" {
           }
         }
       }
+      netapp = {
+        deployment_type = netapp ontap deployment type,('MULTI_AZ_1', 'MULTI_AZ_2', 'SINGLE_AZ_1', 'SINGLE_AZ_2')
+        storage_capacity = Filesystem Storage capacity
+        throughput_capacity = Filesystem throughput capacity
+        automatic_backup_retention_days = How many days to keep backups
+        daily_automatic_backup_start_time = Start time in 'HH:MM' format to initiate backups
+
+        storage_capacity_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template
+          enabled                     = Enable automatic storage capacity increase.
+          threshold                  = Used storage capacity threshold.
+          percent_capacity_increase  = The percentage increase in storage capacity when used storage exceeds
+                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.
+          notification_email_address = The email address for alarm notification.
+        }))
+      }
       s3 = {
         force_destroy_on_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.
       }
       ecr = {
         force_destroy_on_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.
       }
+      enable_remote_backup = Enable tagging required for cross-account backups
+      costs_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage
     }
   }
   EOF
   type = object({
+    filesystem_type = optional(string, "efs")
     efs = optional(object({
       access_point_path = optional(string, "/domino")
       backup_vault = optional(object({
@@ -235,12 +254,42 @@ variable "storage" {
         }), {})
       }), {})
     }), {})
+    netapp = optional(object({
+      migrate_from_efs = optional(object({
+        enabled = optional(bool, false)
+        datasync = optional(object({
+          enabled  = optional(bool, false)
+          target   = optional(string, "netapp")
+          schedule = optional(string, "cron(0 * * * ? *)")
+        }), {})
+      }), {})
+      deployment_type                   = optional(string, "SINGLE_AZ_1")
+      storage_capacity                  = optional(number, 1024)
+      throughput_capacity               = optional(number, 128)
+      automatic_backup_retention_days   = optional(number, 90)
+      daily_automatic_backup_start_time = optional(string, "00:00")
+      storage_capacity_autosizing = optional(object({
+        enabled                    = optional(bool, false)
+        threshold                  = optional(number, 70)
+        percent_capacity_increase  = optional(number, 30)
+        notification_email_address = optional(string, "")
+      }), {})
+      volume = optional(object({
+        create                     = optional(bool, true)
+        name_suffix                = optional(string, "domino_shared_storage")
+        storage_efficiency_enabled = optional(bool, true)
+        junction_path              = optional(string, "/domino")
+        size_in_megabytes          = optional(number, 1099511)
+      }), {})
+    }), {})
     s3 = optional(object({
       force_destroy_on_deletion = optional(bool, true)
     }), {})
     ecr = optional(object({
       force_destroy_on_deletion = optional(bool, true)
-    }), {})
+    }), {}),
+    enable_remote_backup = optional(bool, false)
+    costs_enabled        = optional(bool, true)
   })
 
   default = {}

diff --git a/examples/deploy/terraform/nodes.tfvars b/examples/deploy/terraform/nodes.tfvars
@@ -1,15 +1,3 @@
-
 additional_node_groups = null
-default_node_groups = {
-  compute = {
-    availability_zone_ids = ["usw2-az1", "usw2-az2"]
-  }
-  gpu = {
-    availability_zone_ids = ["usw2-az1", "usw2-az2"]
-  }
-  platform = {
-    availability_zone_ids = ["usw2-az1", "usw2-az2"]
-  }
-}
-
-use_fips_endpoint = false
+default_node_groups    = null
+use_fips_endpoint      = false
diff --git a/examples/tfvars/netapp.tfvars b/examples/tfvars/netapp.tfvars
@@ -17,6 +17,9 @@ default_node_groups = {
 storage = {
   filesystem_type = "netapp"
   netapp = {
+    migrate_from_efs = {
+      enabled = true
+    }
     storage_capacity_autosizing = {
       enabled = true
     }