130 lines
3.5 KiB
HCL
130 lines
3.5 KiB
HCL
# TODO: put IP address ranges into variables
|
|
terraform {
|
|
backend "gcs" {
|
|
bucket = "tf-state-4b00"
|
|
prefix = "terraform/deid_test" # TODO: fix this
|
|
}
|
|
|
|
required_providers {
|
|
google = {
|
|
source = "hashicorp/google"
|
|
version = "6.21.0"
|
|
}
|
|
google-beta = {
|
|
source = "hashicorp/google-beta"
|
|
version = "6.21.0"
|
|
}
|
|
random = {
|
|
source = "hashicorp/random"
|
|
version = "3.6.2"
|
|
}
|
|
}
|
|
}
|
|
|
|
variable "provider_project" {
|
|
description = "Project ID."
|
|
type = string
|
|
default = "terraform-management-427323"
|
|
}
|
|
|
|
variable "region" {
|
|
description = "Region."
|
|
type = string
|
|
default = "us-central1"
|
|
}
|
|
|
|
variable "zone" {
|
|
description = "Zone."
|
|
type = string
|
|
default = "us-central1-f"
|
|
}
|
|
|
|
variable "public_ingress" {
|
|
description = "Set to true to make the kubernetes ingresses exposed to the public internet."
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "ingress_type" {
|
|
description = "What controller should we use to handle incoming http(s) connections."
|
|
type = string
|
|
default = "gateway"
|
|
|
|
validation {
|
|
condition = contains(["gateway", "nginx", "gce"], var.ingress_type)
|
|
error_message = "Must be either \"gateway\", \"nginx\", or \"gce\"."
|
|
}
|
|
}
|
|
|
|
variable "cluster_exists" {
|
|
description = "Set to true after the kubernetes clusters exist to install the kubernetes_manifest resources. See https://github.com/hashicorp/terraform-provider-kubernetes/issues/1775"
|
|
type = bool
|
|
}
|
|
|
|
variable "quota_email" {
|
|
description = "Contact E-Mail to put on quota increase requests."
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "quota_justification" {
|
|
description = "The reason given to Google for why the quotas need to be increased."
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "ssh_key" {
|
|
description = "SSH key to install on user machine and GKE nodes. Format: username:public key"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "enable_snat" {
|
|
description = "Whether we should enable source network address translation to the node IP address."
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
# manual step: enable cloudbilling.googleapis.com in the terraform provider project
|
|
# https://console.developers.google.com/apis/api/cloudbilling.googleapis.com/overview?project=terraform-management-427323
|
|
provider "google" {
|
|
project = var.provider_project
|
|
region = var.region
|
|
zone = var.zone
|
|
billing_project = var.provider_project
|
|
user_project_override = true
|
|
}
|
|
|
|
provider "google-beta" {
|
|
project = var.provider_project
|
|
region = var.region
|
|
zone = var.zone
|
|
billing_project = var.provider_project
|
|
user_project_override = true
|
|
}
|
|
|
|
# TODO: Switch to random_string
|
|
resource "random_id" "project" {
|
|
byte_length = 4
|
|
}
|
|
|
|
data "google_billing_account" "acct" {
|
|
display_name = "My Billing Account"
|
|
open = true
|
|
}
|
|
|
|
resource "google_project" "project" {
|
|
name = "K8s IP Demo"
|
|
project_id = "k8s-ip-demo-${random_id.project.hex}"
|
|
billing_account = data.google_billing_account.acct.id
|
|
deletion_policy = "DELETE"
|
|
}
|
|
|
|
resource "google_project_service" "service" {
|
|
# "recommender" is for enabling IP utilization metrics for GKE clusters
|
|
project = google_project.project.project_id
|
|
for_each = toset(["iam", "monitoring", "compute", "container", "logging", "recommender", "cloudquotas"])
|
|
service = "${each.key}.googleapis.com"
|
|
disable_dependent_services = true
|
|
}
|