2021-07-08 21:54:20 -04:00
terraform {
required_providers {
google = {
source = " hashicorp/google "
version = " 3.74.0 "
}
2021-07-09 01:54:13 -04:00
google - beta = {
source = " hashicorp/google-beta "
version = " 3.74.0 "
}
2021-07-08 21:54:20 -04:00
random = {
source = " hashicorp/random "
version = " 3.1.0 "
}
}
}
2021-07-08 20:30:19 -04:00
variable " project " {
description = " Project ID. "
type = string
2021-07-09 00:50:48 -04:00
default = " hip-wharf-319304 "
2021-07-08 20:30:19 -04:00
}
variable " region " {
description = " Region. "
type = string
default = " us-central1 "
}
variable " zone " {
description = " Zone. "
type = string
default = " us-central1-c "
}
provider " google " {
project = var . project
region = var . region
zone = var . zone
}
2021-07-08 21:54:20 -04:00
data " google_project " " project " {
2021-07-09 00:50:48 -04:00
project_id = var . project
2021-07-08 21:54:20 -04:00
}
2021-07-12 00:40:01 -04:00
#################### Networking ###########################
module " networking " {
source = " ../modules/networking "
project = var . project
2021-07-13 01:30:22 -04:00
region = var . region
2021-07-12 00:40:01 -04:00
}
2021-07-09 01:54:13 -04:00
#################### Workload Identity ####################
resource " random_id " " identity_pool " {
byte_length = 4
}
resource " google_iam_workload_identity_pool " " identity_pool " {
provider = google - beta
project = var . project
workload_identity_pool_id = " identity-pool- ${ random_id . identity_pool . hex } "
}
2021-07-08 21:43:49 -04:00
#################### KMS ##################################
resource " google_project_service " " cloudkms " {
project = var . project
service = " cloudkms.googleapis.com "
disable_dependent_services = true
}
#################### GKE ##################################
2021-07-13 01:10:23 -04:00
module " gke " {
2021-07-13 01:30:22 -04:00
source = " ../modules/gke "
project = var . project
region = var . region
private_network_id = module . networking . private_network_id
private_subnetwork_id = module . networking . private_subnetwork_id
service_cloudkms = google_project_service . cloudkms
2021-07-18 18:27:24 -04:00
machine_type = " e2-standard-2 "
2021-07-08 20:30:19 -04:00
2021-07-13 20:50:43 -04:00
depends_on = [
module . networking
]
2021-07-08 20:30:19 -04:00
}
2021-07-09 00:50:48 -04:00
output " gke_connect_command " {
2021-07-13 01:10:23 -04:00
# description = "Command to run to connect to the kubernetes cluster."
value = module . gke . gke_connect_command
2021-07-09 00:50:48 -04:00
}
2021-07-12 00:06:49 -04:00
#################### SQL ##################################
module " cloudsql " {
2021-07-12 22:25:12 -04:00
source = " ../modules/cloudsql "
project = var . project
region = var . region
private_network_id = module . networking . private_network_id
depends_on = [
module . networking
]
2021-07-12 00:06:49 -04:00
}
2021-07-12 23:15:54 -04:00
2021-07-18 21:26:21 -04:00
output " cloudsql_ip_address " {
description = " IP address for cloudsql database. "
value = module . cloudsql . instance . ip_address . 0 . ip_address
}
2021-07-18 21:19:08 -04:00
output " cloudsql_server_certificate " {
2021-07-18 21:26:21 -04:00
description = " CA certificate. "
2021-07-18 21:19:08 -04:00
value = module . cloudsql . certificate . server_ca_cert
sensitive = true
}
output " cloudsql_client_certificate " {
2021-07-18 21:26:21 -04:00
description = " Client certificate. "
2021-07-18 21:19:08 -04:00
value = module . cloudsql . certificate . cert
sensitive = true
}
output " cloudsql_client_key " {
2021-07-18 21:26:21 -04:00
description = " Client key. "
2021-07-18 21:19:08 -04:00
value = module . cloudsql . certificate . private_key
sensitive = true
}
resource " local_file " " pgserver_crt " {
sensitive_content = module . cloudsql . certificate . server_ca_cert
filename = " ${ path . module } /pgserver.crt "
file_permission = " 0600 "
directory_permission = " 0700 "
}
resource " local_file " " pgclient_crt " {
sensitive_content = module . cloudsql . certificate . cert
filename = " ${ path . module } /pgclient.crt "
file_permission = " 0600 "
directory_permission = " 0700 "
}
resource " local_file " " pgclient_key " {
sensitive_content = module . cloudsql . certificate . private_key
filename = " ${ path . module } /pgclient.key "
file_permission = " 0600 "
directory_permission = " 0700 "
}
2021-07-18 21:47:20 -04:00
output " cloudsql_connection_string " {
description = " Connection URL for main user in cloudsql. "
value = " postgresql://postgres@ ${ module . cloudsql . instance . ip_address . 0 . ip_address } /postgres?ssl=true&sslmode=verify-ca&sslcert= ${ urlencode ( abspath ( local_file . pgclient_crt . filename ) ) } &sslkey= ${ urlencode ( abspath ( local_file . pgclient_key . filename ) ) } &sslrootcert= ${ urlencode ( abspath ( local_file . pgserver_crt . filename ) ) } "
}
2021-07-18 16:55:55 -04:00
# Create a workload identity service account for IAM authentication to
# cloudsql
module " cloudsql_test_sa " {
2021-07-18 17:03:14 -04:00
source = " ../modules/workload_identity_account "
project = var . project
k8s_service_account = " test-sa "
2021-07-18 16:55:55 -04:00
}
2021-07-12 23:15:54 -04:00
#################### Redis ################################
module " redis " {
source = " ../modules/redis "
project = var . project
region = var . region
private_network_id = module . networking . private_network_id
depends_on = [
module . networking
]
}
output " redis_host " {
description = " Hostname/IP Address for redis database. "
value = module . redis . redis_host
}
output " redis_port " {
description = " Port for redis database. "
value = module . redis . redis_port
}
2021-07-20 00:04:07 -04:00
2021-07-20 22:24:32 -04:00
#################### Cloudfunction to PubSub ##############
resource " google_project_service " " cloudbuild " {
project = var . project
service = " cloudbuild.googleapis.com "
disable_dependent_services = true
}
resource " random_id " " cf_bucket_id " {
byte_length = 4
}
resource " google_storage_bucket " " bucket " {
project = var . project
name = " cloudfunc- ${ random_id . cf_bucket_id . hex } "
force_destroy = true
}
module " cf_to_pubsub " {
2021-07-21 01:35:45 -04:00
source = " ../modules/cf_to_pubsub "
project = var . project
region = var . region
function_name = " cf-to-pubsub "
function_description = " CloudFunction to PubSub "
function_source_name = " cf_to_pubsub "
source_bucket = google_storage_bucket . bucket
service_cloudbuild = google_project_service . cloudbuild
environment_variables = {
GCP_PROJECT = var . project
GCP_TOPIC = " bigquery-etl "
}
2021-07-20 22:24:32 -04:00
}
2021-07-21 01:35:45 -04:00
output " cf_to_pubsub_endpoint " {
description = " https endpoint to log to BigQuery through pubsub. "
2021-07-20 22:24:32 -04:00
value = module . cf_to_pubsub . https_trigger_url
}
2021-07-21 01:35:45 -04:00
module " cf_to_bq " {
source = " ../modules/cf_to_pubsub "
project = var . project
region = var . region
function_name = " cf-to-bq "
function_description = " CloudFunction to BigQuery "
function_source_name = " cf_to_bq "
source_bucket = google_storage_bucket . bucket
service_cloudbuild = google_project_service . cloudbuild
environment_variables = {
BQ_TABLE = " ${ var . project } .pubsub_etl.pubsub_etl "
}
}
output " cf_to_bq_endpoint " {
description = " https endpoint to log to BigQuery directly. "
value = module . cf_to_bq . https_trigger_url
}
2021-07-20 00:04:07 -04:00
#################### PubSub to BigQuery ###################
module " bigquery " {
source = " ../modules/bigquery "
project = var . project
region = var . region
service_cloudkms = google_project_service . cloudkms
}
