forked from raystack/terraform-google-cortex
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
130 lines (116 loc) · 4.17 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
resource "google_storage_bucket" "cortex_data" {
name = var.app_name
location = "asia"
project = var.project_name
storage_class = "MULTI_REGIONAL"
labels = merge(local.labels, { component = "bucket" })
}
resource "google_storage_bucket" "cortex_configs" {
name = "${var.app_name}-configs"
location = "asia"
project = var.project_name
storage_class = "MULTI_REGIONAL"
labels = merge(local.labels, { component = "bucket" })
}
resource "google_memcache_instance" "cortex" {
provider = google-beta
name = "${var.app_name}-memcache"
region = var.region
authorized_network = "projects/${var.project_name}/global/networks/${var.network_name}"
node_count = var.memcached_config.node_count
memcache_version = "MEMCACHE_1_5"
node_config {
cpu_count = var.memcached_config.node_config.cpu_count
memory_size_mb = var.memcached_config.node_config.memory_size_mb
}
labels = merge(local.labels, { component = "memcache" })
}
resource "google_service_account" "service_account" {
project = var.project_name
account_id = var.app_name
}
resource "google_service_account_key" "service_account_key" {
service_account_id = google_service_account.service_account.name
}
resource "kubernetes_secret" "cortex-google-credentials" {
metadata {
name = "${var.app_name}-google-credentials"
namespace = var.namespace
labels = merge(var.labels, { app = var.app_name })
annotations = {
"kubernetes.io/service-account.name" = "${var.app_name}-google-credentials"
}
}
data = {
"gcs.json" = base64decode(google_service_account_key.service_account_key.private_key)
}
depends_on = [
helm_release.consul,
]
type = "Opaque"
}
resource "google_storage_bucket_iam_member" "data_buckets_access" {
bucket = google_storage_bucket.cortex_data.name
role = "roles/storage.admin"
member = "serviceAccount:${google_service_account.service_account.email}"
}
resource "google_storage_bucket_iam_member" "configs_buckets_access" {
bucket = google_storage_bucket.cortex_configs.name
role = "roles/storage.admin"
member = "serviceAccount:${google_service_account.service_account.email}"
}
resource "helm_release" "consul" {
name = "${var.app_name}-consul"
namespace = var.namespace
create_namespace = true
repository = var.consul_helm_release_config.repository
chart = var.consul_helm_release_config.chart
version = var.consul_helm_release_config.version
wait = var.consul_helm_release_config.wait
timeout = var.consul_helm_release_config.timeout
values = [
templatefile("${path.module}/templates/consul.yaml", {
"labels" = jsonencode(local.labels)
}),
var.consul_helm_release_config.values_override
]
}
resource "helm_release" "cortex" {
name = var.app_name
namespace = var.namespace
repository = var.cortex_helm_release_config.repository
chart = var.cortex_helm_release_config.chart
version = var.cortex_helm_release_config.version
wait = var.cortex_helm_release_config.wait
timeout = var.cortex_helm_release_config.timeout
create_namespace = true
dependency_update = true
values = [
templatefile("${path.module}/templates/cortex.yaml", {
memcached = {
addresses = google_memcache_instance.cortex.discovery_endpoint
}
"gcs" = {
"data_bucket_name" = google_storage_bucket.cortex_data.id
"configs_bucket_name" = google_storage_bucket.cortex_configs.id
},
"consul" = {
host = "${var.app_name}-consul.${var.namespace}.svc.cluster.local:8500"
},
"host_ingress" = var.ingress_dns
"app_name" = var.app_name
}),
var.cortex_helm_release_config.values_override
]
depends_on = [
kubernetes_secret.cortex-google-credentials,
]
}
resource "aws_route53_record" "dns_ingress" {
count = (var.ingress_enabled) ? 1 : 0
zone_id = var.aws_zone_id
name = var.ingress_dns
type = "A"
ttl = "300"
records = [data.kubernetes_service.cortex.load_balancer_ingress[0].ip]
}