talexander/infra_snippets
1
0
Fork 0
Code Issues Pull Requests Releases Activity
infra_snippets/terraform/basic_gke/main.tf

256 lines
6.7 KiB
HCL
Raw Blame History

terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "3.74.0"
}
google-beta = {
source = "hashicorp/google-beta"
version = "3.74.0"
}
random = {
source = "hashicorp/random"
version = "3.1.0"
}
}
}
variable "project" {
description = "Project ID."
type = string
default = "hip-wharf-319304"
}
variable "region" {
description = "Region."
type = string
default = "us-central1"
}
variable "zone" {
description = "Zone."
type = string
default = "us-central1-c"
}
provider "google" {
project = var.project
region = var.region
zone = var.zone
}
data "google_project" "project" {
project_id = var.project
}
#################### Networking ###########################
module "networking" {
source = "../modules/networking"
project = var.project
region = var.region
}
#################### Workload Identity ####################
resource "random_id" "identity_pool" {
byte_length = 4
}
resource "google_iam_workload_identity_pool" "identity_pool" {
provider = google-beta
project = var.project
workload_identity_pool_id = "identity-pool-${random_id.identity_pool.hex}"
}
#################### KMS ##################################
resource "google_project_service" "cloudkms" {
project = var.project
service = "cloudkms.googleapis.com"
disable_dependent_services = true
}
#################### GKE ##################################
module "gke" {
source = "../modules/gke"
project = var.project
region = var.region
private_network_id = module.networking.private_network_id
private_subnetwork_id = module.networking.private_subnetwork_id
service_cloudkms = google_project_service.cloudkms
machine_type = "e2-standard-2"
depends_on = [
module.networking
]
}
output "gke_connect_command" {
# description = "Command to run to connect to the kubernetes cluster."
value = module.gke.gke_connect_command
}
#################### SQL ##################################
module "cloudsql" {
source = "../modules/cloudsql"
project = var.project
region = var.region
private_network_id = module.networking.private_network_id
depends_on = [
module.networking
]
}
output "cloudsql_ip_address" {
description = "IP address for cloudsql database."
value = module.cloudsql.instance.ip_address.0.ip_address
}
output "cloudsql_server_certificate" {
description = "CA certificate."
value = module.cloudsql.certificate.server_ca_cert
sensitive = true
}
output "cloudsql_client_certificate" {
description = "Client certificate."
value = module.cloudsql.certificate.cert
sensitive = true
}
output "cloudsql_client_key" {
description = "Client key."
value = module.cloudsql.certificate.private_key
sensitive = true
}
resource "local_file" "pgserver_crt" {
sensitive_content = module.cloudsql.certificate.server_ca_cert
filename = "${path.module}/pgserver.crt"
file_permission = "0600"
directory_permission = "0700"
}
resource "local_file" "pgclient_crt" {
sensitive_content = module.cloudsql.certificate.cert
filename = "${path.module}/pgclient.crt"
file_permission = "0600"
directory_permission = "0700"
}
resource "local_file" "pgclient_key" {
sensitive_content = module.cloudsql.certificate.private_key
filename = "${path.module}/pgclient.key"
file_permission = "0600"
directory_permission = "0700"
}
output "cloudsql_connection_string" {
description = "Connection URL for main user in cloudsql."
value = "postgresql://postgres@${module.cloudsql.instance.ip_address.0.ip_address}/postgres?ssl=true&sslmode=verify-ca&sslcert=${urlencode(abspath(local_file.pgclient_crt.filename))}&sslkey=${urlencode(abspath(local_file.pgclient_key.filename))}&sslrootcert=${urlencode(abspath(local_file.pgserver_crt.filename))}"
}
# Create a workload identity service account for IAM authentication to
# cloudsql
module "cloudsql_test_sa" {
source = "../modules/workload_identity_account"
project = var.project
k8s_service_account = "test-sa"
}
#################### Redis ################################
module "redis" {
source = "../modules/redis"
project = var.project
region = var.region
private_network_id = module.networking.private_network_id
depends_on = [
module.networking
]
}
output "redis_host" {
description = "Hostname/IP Address for redis database."
value = module.redis.redis_host
}
output "redis_port" {
description = "Port for redis database."
value = module.redis.redis_port
}
#################### Cloudfunction to PubSub ##############
resource "google_project_service" "cloudbuild" {
project = var.project
service = "cloudbuild.googleapis.com"
disable_dependent_services = true
}
resource "random_id" "cf_bucket_id" {
byte_length = 4
}
resource "google_storage_bucket" "bucket" {
project = var.project
name = "cloudfunc-${random_id.cf_bucket_id.hex}"
force_destroy = true
}
module "cf_to_pubsub" {
source = "../modules/cf_to_pubsub"
project = var.project
region = var.region
function_name = "cf-to-pubsub"
function_description = "CloudFunction to PubSub"
function_source_name = "cf_to_pubsub"
source_bucket = google_storage_bucket.bucket
service_cloudbuild = google_project_service.cloudbuild
environment_variables = {
GCP_PROJECT = var.project
GCP_TOPIC = "bigquery-etl"
}
}
output "cf_to_pubsub_endpoint" {
description = "https endpoint to log to BigQuery through pubsub."
value = module.cf_to_pubsub.https_trigger_url
}
module "cf_to_bq" {
source = "../modules/cf_to_pubsub"
project = var.project
region = var.region
function_name = "cf-to-bq"
function_description = "CloudFunction to BigQuery"
function_source_name = "cf_to_bq"
source_bucket = google_storage_bucket.bucket
service_cloudbuild = google_project_service.cloudbuild
environment_variables = {
BQ_TABLE = "${var.project}.pubsub_etl.pubsub_etl"
}
}
output "cf_to_bq_endpoint" {
description = "https endpoint to log to BigQuery directly."
value = module.cf_to_bq.https_trigger_url
}
#################### PubSub to BigQuery ###################
module "bigquery" {
source = "../modules/bigquery"
project = var.project
region = var.region
service_cloudkms = google_project_service.cloudkms
}
Reference in New Issue View Git Blame Copy Permalink