You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2020/01/02 13:30:19 UTC
[incubator-dlab] branch DLAB-1158 updated: step-ca
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push:
new d84b62b step-ca
d84b62b is described below
commit d84b62bc10760f1d38435c45691885ce509957f3
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Thu Jan 2 15:30:08 2020 +0200
step-ca
---
.../terraform/aws/endpoint/main/iam.tf | 8 +--
.../terraform/aws/endpoint/main/network.tf | 32 +++++-----
.../terraform/aws/endpoint/main/s3.tf | 8 +--
.../aws/ssn-helm-charts/main/cert-manager.tf | 18 ------
.../terraform/aws/ssn-helm-charts/main/dlab-ui.tf | 10 ++--
.../terraform/aws/ssn-helm-charts/main/secrets.tf | 11 ----
.../terraform/aws/ssn-helm-charts/main/step-ca.tf | 6 --
.../aws/ssn-helm-charts/main/variables.tf | 10 +---
.../terraform/aws/ssn-k8s/main/lb.tf | 68 ----------------------
.../terraform/aws/ssn-k8s/main/security_groups.tf | 21 -------
.../terraform/aws/ssn-k8s/main/vpc.tf | 31 +---------
.../terraform/gcp/endpoint/main/iam.tf | 6 +-
.../terraform/gcp/endpoint/main/network.tf | 4 +-
.../terraform/gcp/ssn-gke/main/modules/gke/gke.tf | 25 ++++----
.../terraform/gcp/ssn-gke/main/modules/gke/iam.tf | 11 +---
.../main/modules/helm_charts/cert-manager.tf | 6 +-
.../ssn-gke/main/modules/helm_charts/dlab-ui.tf | 12 ++--
.../main/modules/helm_charts/external-dns.tf | 2 +-
.../ssn-gke/main/modules/helm_charts/keycloak.tf | 2 +-
.../gcp/ssn-gke/main/modules/helm_charts/mysql.tf | 2 +-
.../ssn-gke/main/modules/helm_charts/step-ca.tf | 2 +-
21 files changed, 61 insertions(+), 234 deletions(-)
diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/iam.tf b/infrastructure-provisioning/terraform/aws/endpoint/main/iam.tf
index 348a44c..49d2353 100644
--- a/infrastructure-provisioning/terraform/aws/endpoint/main/iam.tf
+++ b/infrastructure-provisioning/terraform/aws/endpoint/main/iam.tf
@@ -20,9 +20,9 @@
# ******************************************************************************
locals {
- endpoint_role_name = "${var.service_base_name}-endpoint-role"
- endpoint_role_profile = "${var.service_base_name}-endpoint-profile"
- endpoint_policy_name = "${var.service_base_name}-endpoint-policy"
+ endpoint_role_name = "${var.service_base_name}-${var.endpoint_id}-role"
+ endpoint_role_profile = "${var.service_base_name}-${var.endpoint_id}-profile"
+ endpoint_policy_name = "${var.service_base_name}-${var.endpoint_id}-policy"
}
data "template_file" "endpoint_policy" {
@@ -33,7 +33,7 @@ resource "aws_iam_role" "endpoint_role" {
name = local.endpoint_role_name
assume_role_policy = file("./files/assume-policy.json")
tags = {
- Name = "${local.endpoint_role_name}"
+ Name = local.endpoint_role_name
"${local.additional_tag[0]}" = local.additional_tag[1]
"${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_role_name}"
"${var.service_base_name}-Tag" = local.endpoint_role_name
diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/network.tf b/infrastructure-provisioning/terraform/aws/endpoint/main/network.tf
index cea5be2..d123b23 100644
--- a/infrastructure-provisioning/terraform/aws/endpoint/main/network.tf
+++ b/infrastructure-provisioning/terraform/aws/endpoint/main/network.tf
@@ -20,12 +20,12 @@
# ******************************************************************************
locals {
- endpoint_subnet_name = "${var.service_base_name}-subnet"
- endpoint_sg_name = "${var.service_base_name}-sg"
- endpoint_vpc_name = "${var.service_base_name}-endpoint-vpc"
- additional_tag = split(":", var.additional_tag)
- endpoint_igw_name = "${var.service_base_name}-endpoint-igw"
- endpoint_ip_name = "${var.service_base_name}-endpoint-eip"
+ endpoint_subnet_name = "${var.service_base_name}-${var.endpoint_id}-subnet"
+ endpoint_sg_name = "${var.service_base_name}-${var.endpoint_id}-sg"
+ endpoint_vpc_name = "${var.service_base_name}-endpoint-vpc"
+ additional_tag = split(":", var.additional_tag)
+ endpoint_igw_name = "${var.service_base_name}-${var.endpoint_id}-igw"
+ endpoint_ip_name = "${var.service_base_name}-${var.endpoint_id}-eip"
}
@@ -36,10 +36,10 @@ resource "aws_vpc" "vpc_create" {
enable_dns_hostnames = true
enable_dns_support = true
tags = {
- Name = local.endpoint_vpc_name
+ Name = local.endpoint_vpc_name
"${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_vpc_name}"
- "${var.service_base_name}-Tag" = local.endpoint_vpc_name
+ "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_vpc_name}"
+ "${var.service_base_name}-Tag" = local.endpoint_vpc_name
}
}
@@ -52,7 +52,7 @@ resource "aws_internet_gateway" "gw" {
count = var.vpc_id == "" ? 1 : 0
tags = {
Name = local.endpoint_igw_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
+ "${local.additional_tag[0]}" = local.additional_tag[1]
"${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_igw_name}"
"${var.service_base_name}-Tag" = local.endpoint_igw_name
}
@@ -64,7 +64,7 @@ resource "aws_subnet" "endpoint_subnet" {
availability_zone = "${var.region}${var.zone}"
tags = {
Name = local.endpoint_subnet_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
+ "${local.additional_tag[0]}" = local.additional_tag[1]
"${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_subnet_name}"
"${var.service_base_name}-Tag" = local.endpoint_subnet_name
}
@@ -122,7 +122,7 @@ resource "aws_security_group" "endpoint_sec_group" {
tags = {
Name = local.endpoint_sg_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
+ "${local.additional_tag[0]}" = local.additional_tag[1]
"${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_sg_name}"
"${var.service_base_name}-Tag" = local.endpoint_sg_name
}
@@ -131,9 +131,9 @@ resource "aws_security_group" "endpoint_sec_group" {
resource "aws_eip" "endpoint_eip" {
vpc = true
tags = {
- Name = local.endpoint_ip_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_ip_name}"
- "${var.service_base_name}-Tag" = local.endpoint_ip_name
+ Name = local.endpoint_ip_name
+ "${local.additional_tag[0]}" = local.additional_tag[1]
+ "${var.tag_resource_id}" = "${var.service_base_name}:${local.endpoint_ip_name}"
+ "${var.service_base_name}-Tag" = local.endpoint_ip_name
}
}
diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/s3.tf b/infrastructure-provisioning/terraform/aws/endpoint/main/s3.tf
index a538555..dec9941 100644
--- a/infrastructure-provisioning/terraform/aws/endpoint/main/s3.tf
+++ b/infrastructure-provisioning/terraform/aws/endpoint/main/s3.tf
@@ -27,10 +27,10 @@ resource "aws_s3_bucket" "shared_bucket" {
bucket = local.shared_s3_name
acl = "private"
tags = {
- Name = local.shared_s3_name
- "${local.additional_tag[0]}" = local.additional_tag[1]
- "${var.tag_resource_id}" = "${var.service_base_name}:${local.shared_s3_name}"
- "${var.service_base_name}-Tag" = local.shared_s3_name
+ Name = local.shared_s3_name
+ "${local.additional_tag[0]}" = local.additional_tag[1]
+ "${var.tag_resource_id}" = "${var.service_base_name}:${local.shared_s3_name}"
+ "${var.service_base_name}-Tag" = local.shared_s3_name
}
force_destroy = true
}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/cert-manager.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/cert-manager.tf
index cb5c18f..c6b8874 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/cert-manager.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/cert-manager.tf
@@ -19,24 +19,6 @@
#
# ******************************************************************************
-//resource "null_resource" "cert_manager" {
-// provisioner "local-exec" {
-// command = "kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.9.1/cert-manager.yaml"
-// }
-// triggers = {
-// "after" = kubernetes_namespace.cert-manager-namespace.metadata[0].name
-// }
-//}
-//
-//resource "null_resource" "cert_manager_delay" {
-// provisioner "local-exec" {
-// command = "sleep 120"
-// }
-// triggers = {
-// "before" = null_resource.cert_manager.id
-// }
-//}
-
data "template_file" "cert_manager_values" {
template = file("./files/cert_manager_values.yaml")
}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
index a34cc1c..87dbf3c 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
@@ -21,11 +21,11 @@
locals {
custom_certs_enabled = lower(var.custom_certs_enabled)
- custom_cert_name = local.custom_certs_enabled == "true" ? reverse(split("/", var.custom_cert_path))[0] : "None"
- custom_key_name = local.custom_certs_enabled == "true" ? reverse(split("/", var.custom_key_path))[0] : "None"
- custom_cert = local.custom_certs_enabled == "true" ? base64encode(file("/tmp/${local.custom_cert_name}")) : "None"
- custom_key = local.custom_certs_enabled == "true" ? base64encode(file("/tmp/${local.custom_key_name}")) : "None"
- ui_host = local.custom_certs_enabled == "true" ? var.custom_certs_host : data.kubernetes_service.nginx-service.load_balancer_ingress.0.hostname
+ custom_cert_name = local.custom_certs_enabled == "true" ? reverse(split("/", var.custom_cert_path))[0] : "None"
+ custom_key_name = local.custom_certs_enabled == "true" ? reverse(split("/", var.custom_key_path))[0] : "None"
+ custom_cert = local.custom_certs_enabled == "true" ? base64encode(file("/tmp/${local.custom_cert_name}")) : "None"
+ custom_key = local.custom_certs_enabled == "true" ? base64encode(file("/tmp/${local.custom_key_name}")) : "None"
+ ui_host = local.custom_certs_enabled == "true" ? var.custom_certs_host : data.kubernetes_service.nginx-service.load_balancer_ingress.0.hostname
}
data "template_file" "dlab_ui_values" {
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
index ab58bc4..5a78c41 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
@@ -129,17 +129,6 @@ resource "kubernetes_secret" "ssn_keystore_password" {
}
}
-//resource "kubernetes_secret" "endpoint_keystore_password" {
-// metadata {
-// name = "endpoint-keystore-password"
-// namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
-// }
-//
-// data = {
-// password = var.endpoint_keystore_password
-// }
-//}
-
resource "random_string" "step_ca_password" {
length = 8
special = false
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca.tf
index 6771251..0361fa0 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca.tf
@@ -19,11 +19,6 @@
#
# ******************************************************************************
-//data "helm_repository" "smallstep" {
-// name = "smallstep"
-// url = "https://smallstep.github.io/helm-charts/"
-//}
-
data "template_file" "step_ca_values" {
template = file("./step-ca-chart/values.yaml")
vars = {
@@ -36,7 +31,6 @@ data "template_file" "step_ca_values" {
resource "helm_release" "step_ca" {
name = "step-certificates"
- // repository = data.helm_repository.smallstep.metadata.0.name
chart = "./step-ca-chart"
namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
depends_on = [null_resource.cert_manager_delay]
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf
index 915e06e..dcc5620 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf
@@ -192,12 +192,4 @@ variable "keycloak_realm_name" {
variable "keycloak_client_id" {
default = "dlab-ui"
-}
-//variable "nginx_http_port" {
-// default = "31080"
-// description = "Sets the nodePort that maps to the Ingress' port 80"
-//}
-//variable "nginx_https_port" {
-// default = "31443"
-// description = "Sets the nodePort that maps to the Ingress' port 443"
-//}
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/lb.tf b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/lb.tf
index abaa26e..4000cdd 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/lb.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/lb.tf
@@ -23,7 +23,6 @@ locals {
ssn_nlb_name = "${var.service_base_name}-ssn-nlb"
ssn_alb_name = "${var.service_base_name}-ssn-alb"
ssn_k8s_nlb_api_tg_name = "${var.service_base_name}-ssn-nlb-api-tg"
- # ssn_k8s_nlb_ss_tg_name = "${var.service_base_name}-ssn-nlb-ss-tg"
ssn_k8s_nlb_step_ca_tg_name = "${var.service_base_name}-ssn-nlb-step-ca-tg"
ssn_k8s_alb_tg_name = "${var.service_base_name}-ssn-alb-tg"
}
@@ -42,23 +41,6 @@ resource "aws_lb" "ssn_k8s_nlb" {
}
}
-//resource "aws_lb" "ssn_k8s_alb" {
-// name = local.ssn_alb_name
-// internal = false
-// load_balancer_type = "application"
-// security_groups = [aws_security_group.ssn_k8s_sg.id]
-// subnets = compact([data.aws_subnet.k8s-subnet-a-data.id, data.aws_subnet.k8s-subnet-b-data.id,
-// local.subnet_c_id])
-//
-// tags = {
-// Name = local.ssn_alb_name
-// "${local.additional_tag[0]}" = local.additional_tag[1]
-// "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_alb_name}"
-// "${var.service_base_name}-Tag" = local.ssn_alb_name
-// "kubernetes.io/cluster/${local.cluster_name}" = "owned"
-// }
-//}
-
resource "aws_lb_target_group" "ssn_k8s_nlb_api_target_group" {
name = local.ssn_k8s_nlb_api_tg_name
port = 6443
@@ -73,20 +55,6 @@ resource "aws_lb_target_group" "ssn_k8s_nlb_api_target_group" {
}
}
-//resource "aws_lb_target_group" "ssn_k8s_nlb_ss_target_group" {
-// name = local.ssn_k8s_nlb_ss_tg_name
-// port = 30433
-// protocol = "TCP"
-// vpc_id = data.aws_vpc.ssn_k8s_vpc_data.id
-// tags = {
-// Name = local.ssn_k8s_nlb_ss_tg_name
-// "${local.additional_tag[0]}" = local.additional_tag[1]
-// "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_k8s_nlb_ss_tg_name}"
-// "${var.service_base_name}-Tag" = local.ssn_k8s_nlb_ss_tg_name
-// "kubernetes.io/cluster/${local.cluster_name}" = "owned"
-// }
-//}
-
resource "aws_lb_target_group" "ssn_k8s_nlb_step_ca_target_group" {
name = local.ssn_k8s_nlb_step_ca_tg_name
port = 32433
@@ -101,31 +69,6 @@ resource "aws_lb_target_group" "ssn_k8s_nlb_step_ca_target_group" {
}
}
-//resource "aws_lb_target_group" "ssn_k8s_alb_target_group" {
-// name = local.ssn_k8s_alb_tg_name
-// port = 31080
-// protocol = "HTTP"
-// vpc_id = data.aws_vpc.ssn_k8s_vpc_data.id
-// tags = {
-// Name = local.ssn_k8s_alb_tg_name
-// "${local.additional_tag[0]}" = local.additional_tag[1]
-// "${var.tag_resource_id}" = "${var.service_base_name}:${local.ssn_k8s_alb_tg_name}"
-// "${var.service_base_name}-Tag" = local.ssn_k8s_alb_tg_name
-// "kubernetes.io/cluster/${local.cluster_name}" = "owned"
-// }
-//}
-
-//resource "aws_lb_listener" "ssn_k8s_alb_listener" {
-// load_balancer_arn = aws_lb.ssn_k8s_alb.arn
-// port = "80"
-// protocol = "HTTP"
-//
-// default_action {
-// type = "forward"
-// target_group_arn = aws_lb_target_group.ssn_k8s_alb_target_group.arn
-// }
-//}
-
resource "aws_lb_listener" "ssn_k8s_nlb_api_listener" {
load_balancer_arn = aws_lb.ssn_k8s_nlb.arn
port = "6443"
@@ -137,17 +80,6 @@ resource "aws_lb_listener" "ssn_k8s_nlb_api_listener" {
}
}
-//resource "aws_lb_listener" "ssn_k8s_nlb_ss_listener" {
-// load_balancer_arn = aws_lb.ssn_k8s_nlb.arn
-// port = "8443"
-// protocol = "TCP"
-//
-// default_action {
-// type = "forward"
-// target_group_arn = aws_lb_target_group.ssn_k8s_nlb_ss_target_group.arn
-// }
-//}
-
resource "aws_lb_listener" "ssn_k8s_nlb_step_ca_listener" {
load_balancer_arn = aws_lb.ssn_k8s_nlb.arn
port = "443"
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/security_groups.tf b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/security_groups.tf
index 92b2a06..54c1648 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/security_groups.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/security_groups.tf
@@ -19,21 +19,6 @@
#
# ******************************************************************************
-//data "aws_eip" "ssn_k8s_lb_eip_a" {
-// id = aws_eip.k8s-lb-eip-a.id
-// depends_on = [aws_lb_listener.ssn_k8s_nlb_listener]
-//}
-//
-//data "aws_eip" "ssn_k8s_lb_eip_a" {
-// id = aws_eip.k8s-lb-eip-b.id # Need to be refactored
-// depends_on = [aws_lb_listener.ssn_k8s_nlb_listener]
-//}
-//
-//data "aws_eip" "ssn_k8s_lb_eip_a" {
-// id = aws_eip.k8s-lb-eip-a.id
-// depends_on = [aws_lb_listener.ssn_k8s_nlb_listener]
-//}
-
locals {
ssn_sg_name = "${var.service_base_name}-ssn-sg"
}
@@ -62,12 +47,6 @@ resource "aws_security_group" "ssn_k8s_sg" {
cidr_blocks = ["0.0.0.0/0"]
description = "Need to be changed in the future"
}
-// ingress {
-// from_port = 0
-// to_port = 0 # Need to be refactored
-// protocol = -1
-// cidr_blocks = ["${data.aws_eip.ssn_k8s_lb_eip.public_ip}/32", "${data.aws_eip.ssn_k8s_lb_eip.private_ip}/32"]
-// }
egress {
from_port = 0
diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/vpc.tf b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/vpc.tf
index b268db7..2ce9d08 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/vpc.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/vpc.tf
@@ -26,9 +26,6 @@ locals {
ssn_subnet_a_name = "${var.service_base_name}-ssn-subnet-az-a"
ssn_subnet_b_name = "${var.service_base_name}-ssn-subnet-az-b"
ssn_subnet_c_name = "${var.service_base_name}-ssn-subnet-az-c"
-// # TEMPORARY
-// endpoint_ip_name = "${var.service_base_name}-endpoint-eip"
-// # TEMPORARY
endpoint_rt_name = "${var.service_base_name}-endpoint-rt"
endpoint_s3_name = "${var.service_base_name}-endpoint-s3"
}
@@ -160,30 +157,4 @@ resource "aws_vpc_endpoint" "ssn-k8s-users-s3-endpoint" {
resource "aws_vpc_endpoint_route_table_association" "ssn-k8s-users-s3-route" {
route_table_id = aws_route_table.ssn-k8s-users-route-table.id
vpc_endpoint_id = aws_vpc_endpoint.ssn-k8s-users-s3-endpoint.id
-}
-
-//resource "aws_eip" "k8s-lb-eip-a" {
-// vpc = true
-// tags = {
-// Name = "${var.service_base_name}-ssn-eip-a"
-// }
-//}
-//
-//resource "aws_eip" "k8s-lb-eip-b" {
-// vpc = true
-// tags = {
-// Name = "${var.service_base_name}-ssn-eip-b"
-// }
-//}
-//
-//resource "aws_eip" "k8s-lb-eip-c" {
-// count = var.ssn_k8s_masters_count > 2 ? 1 : 0
-// vpc = true
-// tags = {
-// Name = "${var.service_base_name}-ssn-eip-c"
-// }
-//}
-//
-//data "aws_eip" "k8s-lb-eip-c-data" {
-// id = aws_eip.k8s-lb-eip-c.0.id
-//}
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/endpoint/main/iam.tf b/infrastructure-provisioning/terraform/gcp/endpoint/main/iam.tf
index b941bb1..eda7eb5 100644
--- a/infrastructure-provisioning/terraform/gcp/endpoint/main/iam.tf
+++ b/infrastructure-provisioning/terraform/gcp/endpoint/main/iam.tf
@@ -20,9 +20,9 @@
# ******************************************************************************
locals {
- endpoint_policy_name = "${var.service_base_name}-${var.endpoint_id}-endpoint-policy"
- endpoint_role_name = "${var.service_base_name}-${var.endpoint_id}-endpoint_role"
- service_account_name = "${var.service_base_name}-${var.endpoint_id}-endt"
+ endpoint_policy_name = "${var.service_base_name}-${var.endpoint_id}-policy"
+ endpoint_role_name = "${var.service_base_name}-${var.endpoint_id}-role"
+ service_account_name = "${var.service_base_name}-${var.endpoint_id}-sa"
}
resource "google_service_account" "endpoint_sa" {
diff --git a/infrastructure-provisioning/terraform/gcp/endpoint/main/network.tf b/infrastructure-provisioning/terraform/gcp/endpoint/main/network.tf
index 6a091c1..c84621f 100644
--- a/infrastructure-provisioning/terraform/gcp/endpoint/main/network.tf
+++ b/infrastructure-provisioning/terraform/gcp/endpoint/main/network.tf
@@ -20,8 +20,8 @@
# ******************************************************************************
locals {
- vpc_id = "${var.service_base_name}-${var.endpoint_id}-endpoint-vpc"
- subnet_name = "${var.service_base_name}-${var.endpoint_id}-endpoint-subnet"
+ vpc_id = "${var.service_base_name}-${var.endpoint_id}-vpc"
+ subnet_name = "${var.service_base_name}-${var.endpoint_id}-subnet"
firewall_ingress_name = "${var.service_base_name}-${var.endpoint_id}-ing-rule"
firewall_egress_name = "${var.service_base_name}-${var.endpoint_id}-eg-rule"
}
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/gke/gke.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/gke/gke.tf
index 3d3f7f5..b1d1e7d 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/gke/gke.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/gke/gke.tf
@@ -20,8 +20,8 @@
# ******************************************************************************
locals {
- additional_tag = split(":", var.additional_tag)
- gke_name = "${var.service_base_name}-cluster"
+ additional_tag = split(":", var.additional_tag)
+ gke_name = "${var.service_base_name}-cluster"
gke_node_pool_name = "${var.service_base_name}-node-pool"
}
@@ -36,21 +36,19 @@ resource "random_string" "endpoint_keystore_password" {
}
resource "google_container_cluster" "ssn_k8s_gke_cluster" {
- name = local.gke_name
- location = var.region
+ name = local.gke_name
+ location = var.region
remove_default_node_pool = true
- initial_node_count = 1
- min_master_version = var.gke_cluster_version
- network = data.google_compute_network.ssn_gke_vpc_data.self_link
- subnetwork = data.google_compute_subnetwork.ssn_gke_subnet_data.self_link
- resource_labels = {
+ initial_node_count = 1
+ min_master_version = var.gke_cluster_version
+ network = data.google_compute_network.ssn_gke_vpc_data.self_link
+ subnetwork = data.google_compute_subnetwork.ssn_gke_subnet_data.self_link
+ enable_legacy_abac = true
+ resource_labels = {
name = local.gke_name
"${local.additional_tag[0]}" = local.additional_tag[1]
- # "${var.tag_resource_id}" = "${var.service_base_name}:${local.gke_name}"
"${var.service_base_name}-tag" = local.gke_name
}
- enable_legacy_abac = true
-
master_auth {
username = ""
password = ""
@@ -92,9 +90,6 @@ resource "google_container_node_pool" "ssn_k8s_gke_node_pool" {
"https://www.googleapis.com/auth/monitoring",
]
}
- # provisioner "local-exec" {
- # command = "sleep 300"
- # }
}
data "google_container_cluster" "ssn_k8s_gke_cluster" {
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/gke/iam.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/gke/iam.tf
index fdfea62..3634349 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/gke/iam.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/gke/iam.tf
@@ -27,7 +27,7 @@ locals {
resource "google_service_account" "ssn_k8s_sa" {
account_id = local.service_account_name
display_name = local.service_account_name
- project = var.project_id
+ project = var.project_id
}
resource "google_project_iam_member" "iam" {
@@ -42,11 +42,4 @@ resource "google_project_iam_member" "iam" {
resource "google_service_account_key" "nodes_sa_key" {
depends_on = [google_project_iam_member.iam]
service_account_id = google_service_account.ssn_k8s_sa.name
-}
-
-//resource "google_project_iam_custom_role" "ssn_k8s_role" {
-// role_id = local.role_name
-// title = local.role_name
-// description = "Role for GKE cluser - ${local.gke_name}"
-// permissions = ["iam.roles.list", "iam.roles.create", "iam.roles.delete"]
-//}
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager.tf
index 1f5906e..8330b84 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/cert-manager.tf
@@ -26,7 +26,7 @@ resource "null_resource" "crd_delay" {
}
data "template_file" "cert_manager_values" {
- template = file("./modules/helm_charts/files/cert_manager_values.yaml")
+ template = file("./modules/helm_charts/files/cert_manager_values.yaml")
}
resource "helm_release" "cert_manager_crd" {
@@ -37,8 +37,8 @@ resource "helm_release" "cert_manager_crd" {
}
data "helm_repository" "jetstack" {
- name = "jetstack"
- url = "https://charts.jetstack.io"
+ name = "jetstack"
+ url = "https://charts.jetstack.io"
}
resource "helm_release" "cert-manager" {
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
index 93899d4..b258a87 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
@@ -21,16 +21,16 @@
locals {
custom_certs_enabled = lower(var.custom_certs_enabled)
- custom_cert_name = local.custom_certs_enabled == "true" ? reverse(split("/", var.custom_cert_path))[0] : "None"
- custom_key_name = local.custom_certs_enabled == "true" ? reverse(split("/", var.custom_key_path))[0] : "None"
- custom_cert = local.custom_certs_enabled == "true" ? base64encode(file("/tmp/${local.custom_cert_name}")) : "None"
- custom_key = local.custom_certs_enabled == "true" ? base64encode(file("/tmp/${local.custom_key_name}")) : "None"
- ui_host = local.custom_certs_enabled == "true" ? var.custom_certs_host : "${var.service_base_name}-ssn.${var.domain}"
+ custom_cert_name = local.custom_certs_enabled == "true" ? reverse(split("/", var.custom_cert_path))[0] : "None"
+ custom_key_name = local.custom_certs_enabled == "true" ? reverse(split("/", var.custom_key_path))[0] : "None"
+ custom_cert = local.custom_certs_enabled == "true" ? base64encode(file("/tmp/${local.custom_cert_name}")) : "None"
+ custom_key = local.custom_certs_enabled == "true" ? base64encode(file("/tmp/${local.custom_key_name}")) : "None"
+ ui_host = local.custom_certs_enabled == "true" ? var.custom_certs_host : "${var.service_base_name}-ssn.${var.domain}"
}
data "template_file" "dlab_ui_values" {
template = file("./modules/helm_charts/dlab-ui-chart/values.yaml")
- vars = {
+ vars = {
mongo_db_name = var.mongo_dbname
mongo_user = var.mongo_db_username
mongo_port = var.mongo_service_port
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns.tf
index 8105b5e..3a00b4f 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns.tf
@@ -21,7 +21,7 @@
data "template_file" "external_dns_values" {
template = file("./modules/helm_charts/external-dns/values.yaml")
- vars = {
+ vars = {
namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
project_id = var.project_id
domain = var.domain
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
index e07f693..ebd6d11 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
@@ -41,7 +41,7 @@ data "template_file" "configure_keycloak" {
data "template_file" "keycloak_values" {
template = file("./modules/helm_charts/files/keycloak_values.yaml")
- vars = {
+ vars = {
keycloak_user = var.keycloak_user
keycloak_password = random_string.keycloak_password.result
ssn_k8s_alb_dns_name = local.ui_host
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/mysql.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/mysql.tf
index 401ca2f..e6afb3f 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/mysql.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/mysql.tf
@@ -21,7 +21,7 @@
data "template_file" "mysql_values" {
template = file("./modules/helm_charts/files/mysql_values.yaml")
- vars = {
+ vars = {
mysql_root_password = random_string.mysql_root_password.result
mysql_user = var.mysql_user
mysql_user_password = random_string.mysql_keycloak_user_password.result
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca.tf
index 51e2988..c920367 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca.tf
@@ -46,7 +46,7 @@ resource "kubernetes_service" "step_service_lb" {
data "template_file" "step_ca_values" {
template = file("./modules/helm_charts/step-ca-chart/values.yaml")
- vars = {
+ vars = {
step_ca_password = random_string.step_ca_password.result
step_ca_provisioner_password = random_string.step_ca_provisioner_password.result
step_ca_host = kubernetes_service.step_service_lb.load_balancer_ingress.0.ip
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org