From eadaad93714a7a4f1705d251833f6392834f989d Mon Sep 17 00:00:00 2001 From: Simon Emms Date: Wed, 21 Aug 2024 12:27:53 +0000 Subject: [PATCH] refactor: move google terraform config --- .../google}/terraform/google/data_sources.tf | 0 .../cloud/google}/terraform/google/gke.tf | 0 .../google}/terraform/google/gke/main.tf | 0 .../cloud/google}/terraform/google/gke/nat.tf | 0 .../google}/terraform/google/gke/variables.tf | 0 .../cloud/google}/terraform/google/iam.tf | 0 .../cloud/google}/terraform/google/init.tf | 0 .../cloud/google}/terraform/google/kms.tf | 0 .../terraform/google/modules/kms/main.tf | 0 .../terraform/google/modules/kms/outputs.tf | 0 .../terraform/google/modules/kms/variables.tf | 0 .../google/modules/sa/data_sources.tf | 0 .../terraform/google/modules/sa/main.tf | 0 .../terraform/google/modules/sa/outputs.tf | 0 .../terraform/google/modules/sa/variables.tf | 0 .../google/modules/storage_bucket/main.tf | 0 .../google/modules/storage_bucket/outputs.tf | 0 .../modules/storage_bucket/variables.tf | 0 .../google}/terraform/google/services.tf | 0 .../google}/terraform/google/services/main.tf | 0 .../terraform/google/services/variables.tf | 0 .../cloud/google}/terraform/google/storage.tf | 0 .../google}/terraform/google/terraform.tfvars | 0 .../google}/terraform/google/variables.tf | 0 .../cloud/google}/terraform/google/vpc.tf | 0 .../terraform/google/data_sources.tf | 37 ------ .../google-gitlab/terraform/google/gke.tf | 10 -- .../terraform/google/gke/main.tf | 109 ------------------ .../google-gitlab/terraform/google/gke/nat.tf | 16 --- .../terraform/google/gke/variables.tf | 31 ----- .../google-gitlab/terraform/google/iam.tf | 77 ------------- .../google-gitlab/terraform/google/init.tf | 16 --- .../google-gitlab/terraform/google/kms.tf | 8 -- .../terraform/google/modules/kms/main.tf | 46 -------- .../terraform/google/modules/kms/outputs.tf | 19 --- .../terraform/google/modules/kms/variables.tf | 78 ------------- .../google/modules/sa/data_sources.tf | 42 ------- .../terraform/google/modules/sa/main.tf | 68 ----------- .../terraform/google/modules/sa/outputs.tf | 7 -- .../terraform/google/modules/sa/variables.tf | 58 ---------- .../google/modules/storage_bucket/main.tf | 59 ---------- .../google/modules/storage_bucket/outputs.tf | 18 --- .../modules/storage_bucket/variables.tf | 100 ---------------- .../terraform/google/services.tf | 5 - .../terraform/google/services/main.tf | 41 ------- .../terraform/google/services/variables.tf | 4 - .../google-gitlab/terraform/google/storage.tf | 12 -- .../terraform/google/terraform.tfvars | 2 - .../terraform/google/variables.tf | 36 ------ .../google-gitlab/terraform/google/vpc.tf | 44 ------- 50 files changed, 943 deletions(-) rename {templates/google-github => common/cloud/google}/terraform/google/data_sources.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/gke.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/gke/main.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/gke/nat.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/gke/variables.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/iam.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/init.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/kms.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/modules/kms/main.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/modules/kms/outputs.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/modules/kms/variables.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/modules/sa/data_sources.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/modules/sa/main.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/modules/sa/outputs.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/modules/sa/variables.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/modules/storage_bucket/main.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/modules/storage_bucket/outputs.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/modules/storage_bucket/variables.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/services.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/services/main.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/services/variables.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/storage.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/terraform.tfvars (100%) rename {templates/google-github => common/cloud/google}/terraform/google/variables.tf (100%) rename {templates/google-github => common/cloud/google}/terraform/google/vpc.tf (100%) delete mode 100644 templates/google-gitlab/terraform/google/data_sources.tf delete mode 100644 templates/google-gitlab/terraform/google/gke.tf delete mode 100644 templates/google-gitlab/terraform/google/gke/main.tf delete mode 100644 templates/google-gitlab/terraform/google/gke/nat.tf delete mode 100644 templates/google-gitlab/terraform/google/gke/variables.tf delete mode 100644 templates/google-gitlab/terraform/google/iam.tf delete mode 100644 templates/google-gitlab/terraform/google/init.tf delete mode 100644 templates/google-gitlab/terraform/google/kms.tf delete mode 100755 templates/google-gitlab/terraform/google/modules/kms/main.tf delete mode 100755 templates/google-gitlab/terraform/google/modules/kms/outputs.tf delete mode 100755 templates/google-gitlab/terraform/google/modules/kms/variables.tf delete mode 100644 templates/google-gitlab/terraform/google/modules/sa/data_sources.tf delete mode 100644 templates/google-gitlab/terraform/google/modules/sa/main.tf delete mode 100644 templates/google-gitlab/terraform/google/modules/sa/outputs.tf delete mode 100644 templates/google-gitlab/terraform/google/modules/sa/variables.tf delete mode 100755 templates/google-gitlab/terraform/google/modules/storage_bucket/main.tf delete mode 100755 templates/google-gitlab/terraform/google/modules/storage_bucket/outputs.tf delete mode 100755 templates/google-gitlab/terraform/google/modules/storage_bucket/variables.tf delete mode 100644 templates/google-gitlab/terraform/google/services.tf delete mode 100644 templates/google-gitlab/terraform/google/services/main.tf delete mode 100755 templates/google-gitlab/terraform/google/services/variables.tf delete mode 100644 templates/google-gitlab/terraform/google/storage.tf delete mode 100644 templates/google-gitlab/terraform/google/terraform.tfvars delete mode 100644 templates/google-gitlab/terraform/google/variables.tf delete mode 100644 templates/google-gitlab/terraform/google/vpc.tf diff --git a/templates/google-github/terraform/google/data_sources.tf b/common/cloud/google/terraform/google/data_sources.tf similarity index 100% rename from templates/google-github/terraform/google/data_sources.tf rename to common/cloud/google/terraform/google/data_sources.tf diff --git a/templates/google-github/terraform/google/gke.tf b/common/cloud/google/terraform/google/gke.tf similarity index 100% rename from templates/google-github/terraform/google/gke.tf rename to common/cloud/google/terraform/google/gke.tf diff --git a/templates/google-github/terraform/google/gke/main.tf b/common/cloud/google/terraform/google/gke/main.tf similarity index 100% rename from templates/google-github/terraform/google/gke/main.tf rename to common/cloud/google/terraform/google/gke/main.tf diff --git a/templates/google-github/terraform/google/gke/nat.tf b/common/cloud/google/terraform/google/gke/nat.tf similarity index 100% rename from templates/google-github/terraform/google/gke/nat.tf rename to common/cloud/google/terraform/google/gke/nat.tf diff --git a/templates/google-github/terraform/google/gke/variables.tf b/common/cloud/google/terraform/google/gke/variables.tf similarity index 100% rename from templates/google-github/terraform/google/gke/variables.tf rename to common/cloud/google/terraform/google/gke/variables.tf diff --git a/templates/google-github/terraform/google/iam.tf b/common/cloud/google/terraform/google/iam.tf similarity index 100% rename from templates/google-github/terraform/google/iam.tf rename to common/cloud/google/terraform/google/iam.tf diff --git a/templates/google-github/terraform/google/init.tf b/common/cloud/google/terraform/google/init.tf similarity index 100% rename from templates/google-github/terraform/google/init.tf rename to common/cloud/google/terraform/google/init.tf diff --git a/templates/google-github/terraform/google/kms.tf b/common/cloud/google/terraform/google/kms.tf similarity index 100% rename from templates/google-github/terraform/google/kms.tf rename to common/cloud/google/terraform/google/kms.tf diff --git a/templates/google-github/terraform/google/modules/kms/main.tf b/common/cloud/google/terraform/google/modules/kms/main.tf similarity index 100% rename from templates/google-github/terraform/google/modules/kms/main.tf rename to common/cloud/google/terraform/google/modules/kms/main.tf diff --git a/templates/google-github/terraform/google/modules/kms/outputs.tf b/common/cloud/google/terraform/google/modules/kms/outputs.tf similarity index 100% rename from templates/google-github/terraform/google/modules/kms/outputs.tf rename to common/cloud/google/terraform/google/modules/kms/outputs.tf diff --git a/templates/google-github/terraform/google/modules/kms/variables.tf b/common/cloud/google/terraform/google/modules/kms/variables.tf similarity index 100% rename from templates/google-github/terraform/google/modules/kms/variables.tf rename to common/cloud/google/terraform/google/modules/kms/variables.tf diff --git a/templates/google-github/terraform/google/modules/sa/data_sources.tf b/common/cloud/google/terraform/google/modules/sa/data_sources.tf similarity index 100% rename from templates/google-github/terraform/google/modules/sa/data_sources.tf rename to common/cloud/google/terraform/google/modules/sa/data_sources.tf diff --git a/templates/google-github/terraform/google/modules/sa/main.tf b/common/cloud/google/terraform/google/modules/sa/main.tf similarity index 100% rename from templates/google-github/terraform/google/modules/sa/main.tf rename to common/cloud/google/terraform/google/modules/sa/main.tf diff --git a/templates/google-github/terraform/google/modules/sa/outputs.tf b/common/cloud/google/terraform/google/modules/sa/outputs.tf similarity index 100% rename from templates/google-github/terraform/google/modules/sa/outputs.tf rename to common/cloud/google/terraform/google/modules/sa/outputs.tf diff --git a/templates/google-github/terraform/google/modules/sa/variables.tf b/common/cloud/google/terraform/google/modules/sa/variables.tf similarity index 100% rename from templates/google-github/terraform/google/modules/sa/variables.tf rename to common/cloud/google/terraform/google/modules/sa/variables.tf diff --git a/templates/google-github/terraform/google/modules/storage_bucket/main.tf b/common/cloud/google/terraform/google/modules/storage_bucket/main.tf similarity index 100% rename from templates/google-github/terraform/google/modules/storage_bucket/main.tf rename to common/cloud/google/terraform/google/modules/storage_bucket/main.tf diff --git a/templates/google-github/terraform/google/modules/storage_bucket/outputs.tf b/common/cloud/google/terraform/google/modules/storage_bucket/outputs.tf similarity index 100% rename from templates/google-github/terraform/google/modules/storage_bucket/outputs.tf rename to common/cloud/google/terraform/google/modules/storage_bucket/outputs.tf diff --git a/templates/google-github/terraform/google/modules/storage_bucket/variables.tf b/common/cloud/google/terraform/google/modules/storage_bucket/variables.tf similarity index 100% rename from templates/google-github/terraform/google/modules/storage_bucket/variables.tf rename to common/cloud/google/terraform/google/modules/storage_bucket/variables.tf diff --git a/templates/google-github/terraform/google/services.tf b/common/cloud/google/terraform/google/services.tf similarity index 100% rename from templates/google-github/terraform/google/services.tf rename to common/cloud/google/terraform/google/services.tf diff --git a/templates/google-github/terraform/google/services/main.tf b/common/cloud/google/terraform/google/services/main.tf similarity index 100% rename from templates/google-github/terraform/google/services/main.tf rename to common/cloud/google/terraform/google/services/main.tf diff --git a/templates/google-github/terraform/google/services/variables.tf b/common/cloud/google/terraform/google/services/variables.tf similarity index 100% rename from templates/google-github/terraform/google/services/variables.tf rename to common/cloud/google/terraform/google/services/variables.tf diff --git a/templates/google-github/terraform/google/storage.tf b/common/cloud/google/terraform/google/storage.tf similarity index 100% rename from templates/google-github/terraform/google/storage.tf rename to common/cloud/google/terraform/google/storage.tf diff --git a/templates/google-github/terraform/google/terraform.tfvars b/common/cloud/google/terraform/google/terraform.tfvars similarity index 100% rename from templates/google-github/terraform/google/terraform.tfvars rename to common/cloud/google/terraform/google/terraform.tfvars diff --git a/templates/google-github/terraform/google/variables.tf b/common/cloud/google/terraform/google/variables.tf similarity index 100% rename from templates/google-github/terraform/google/variables.tf rename to common/cloud/google/terraform/google/variables.tf diff --git a/templates/google-github/terraform/google/vpc.tf b/common/cloud/google/terraform/google/vpc.tf similarity index 100% rename from templates/google-github/terraform/google/vpc.tf rename to common/cloud/google/terraform/google/vpc.tf diff --git a/templates/google-gitlab/terraform/google/data_sources.tf b/templates/google-gitlab/terraform/google/data_sources.tf deleted file mode 100644 index 395f28196..000000000 --- a/templates/google-gitlab/terraform/google/data_sources.tf +++ /dev/null @@ -1,37 +0,0 @@ -################ -# Data Sources # -################ - -# IAM - -data "google_iam_role" "artifactregistry_reader" { - name = "roles/artifactregistry.reader" -} - -data "google_iam_role" "crypto_key_encrypter_decrypter" { - name = "roles/cloudkms.cryptoKeyEncrypterDecrypter" -} - -data "google_iam_role" "dns_admin" { - name = "roles/dns.admin" -} - -data "google_iam_role" "owner" { - name = "roles/owner" -} - -data "google_iam_role" "secretmanager_secretaccessor" { - name = "roles/secretmanager.secretAccessor" -} - -data "google_iam_role" "storage_admin" { - name = "roles/storage.admin" -} - -data "google_iam_role" "storage_objectadmin" { - name = "roles/storage.objectAdmin" -} - -data "google_iam_role" "workload_identity_user" { - name = "roles/iam.workloadIdentityUser" -} diff --git a/templates/google-gitlab/terraform/google/gke.tf b/templates/google-gitlab/terraform/google/gke.tf deleted file mode 100644 index 448a2c431..000000000 --- a/templates/google-gitlab/terraform/google/gke.tf +++ /dev/null @@ -1,10 +0,0 @@ -module "gke" { - source = "./gke" - - cluster_name = local.cluster_name - google_region = var.google_region - project = var.project - - network = module.vpc.network_name - subnetwork = lookup(module.vpc.subnets, "${var.google_region}/subnet-01-${local.cluster_name}").name -} diff --git a/templates/google-gitlab/terraform/google/gke/main.tf b/templates/google-gitlab/terraform/google/gke/main.tf deleted file mode 100644 index f98329292..000000000 --- a/templates/google-gitlab/terraform/google/gke/main.tf +++ /dev/null @@ -1,109 +0,0 @@ -# google_client_config and kubernetes provider must be explicitly specified like the following. - -data "google_client_config" "default" {} - -provider "kubernetes" { - host = "https://${module.gke.endpoint}" - token = data.google_client_config.default.access_token - cluster_ca_certificate = base64decode(module.gke.ca_certificate) -} - -module "gke" { - source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" - - name = var.cluster_name - project_id = var.project - region = var.google_region - release_channel = "STABLE" - - deletion_protection = false - - // External availability - enable_private_endpoint = false - enable_private_nodes = true - - // Service Account - create_service_account = true - - // Networking - network = var.network - subnetwork = var.subnetwork - ip_range_pods = "${var.subnetwork}-gke-01-pods" - ip_range_services = "${var.subnetwork}-gke-01-services" - - // Addons - dns_cache = true - enable_shielded_nodes = true - filestore_csi_driver = false - gce_pd_csi_driver = true - horizontal_pod_autoscaling = false - http_load_balancing = false - network_policy = false - - // Node Pools - node_pools = [ - { - name = "kubefirst" - node_type = var.instance_type - - // Autoscaling - // PER ZONE - min_count = tonumber("") # tonumber() is used for a string token value - // PER ZONE - max_count = tonumber("") # tonumber() is used for a string token value - // PER ZONE - initial_node_count = tonumber("") # tonumber() is used for a string token value - - local_ssd_count = 0 - spot = false - disk_size_gb = 100 - disk_type = "pd-standard" - image_type = "COS_CONTAINERD" - enable_gcfs = false - enable_gvnic = false - auto_repair = true - auto_upgrade = true - preemptible = false - }, - ] - - node_pools_oauth_scopes = { - all = [ - "https://www.googleapis.com/auth/logging.write", - "https://www.googleapis.com/auth/monitoring", - "https://www.googleapis.com/auth/devstorage.read_only", - ] - } - - node_pools_labels = { - all = {} - - default-node-pool = { - default-node-pool = true - } - } - - node_pools_metadata = { - all = {} - - default-node-pool = { - node-pool-metadata-custom-value = var.cluster_name - } - } - - node_pools_taints = { - all = [] - - default-node-pool = [] - } - - node_pools_tags = { - all = [ - var.cluster_name, - ] - - default-node-pool = [ - "default-node-pool", - ] - } -} diff --git a/templates/google-gitlab/terraform/google/gke/nat.tf b/templates/google-gitlab/terraform/google/gke/nat.tf deleted file mode 100644 index 764edd943..000000000 --- a/templates/google-gitlab/terraform/google/gke/nat.tf +++ /dev/null @@ -1,16 +0,0 @@ -resource "google_compute_router" "router" { - name = "gke-cloud-router-${var.cluster_name}" - project = var.project - network = var.network - region = var.google_region -} - -module "cloud-nat" { - name = "gke-nat-config-${var.cluster_name}" - source = "terraform-google-modules/cloud-nat/google" - version = "~> 4.0" - project_id = var.project - region = var.google_region - router = google_compute_router.router.name - source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" -} diff --git a/templates/google-gitlab/terraform/google/gke/variables.tf b/templates/google-gitlab/terraform/google/gke/variables.tf deleted file mode 100644 index 3a5b0bf5f..000000000 --- a/templates/google-gitlab/terraform/google/gke/variables.tf +++ /dev/null @@ -1,31 +0,0 @@ -variable "cluster_name" { - description = "GKE Cluster Name" - type = string -} - -variable "google_region" { - description = "Google Region" - type = string -} - -variable "instance_type" { - description = "Instance type to use on cluster Nodes." - type = string - - default = "" -} - -variable "network" { - description = "The network to use with the cluster." - type = string -} - -variable "project" { - description = "Google Project ID" - type = string -} - -variable "subnetwork" { - description = "The subnetwork to use with the cluster." - type = string -} diff --git a/templates/google-gitlab/terraform/google/iam.tf b/templates/google-gitlab/terraform/google/iam.tf deleted file mode 100644 index 9ae21274e..000000000 --- a/templates/google-gitlab/terraform/google/iam.tf +++ /dev/null @@ -1,77 +0,0 @@ -module "argo_workflows" { - source = "./modules/sa" - - service_account_name = "argo-server-${local.cluster_name}" - kubernetes_service_account_name = "argo-server" - display_name = "Atlantis Service Account" - project = var.project - - service_account_namespace = "argo" - role = data.google_iam_role.owner.name -} - -module "atlantis" { - source = "./modules/sa" - - service_account_name = "atlantis-${local.cluster_name}" - kubernetes_service_account_name = "atlantis" - display_name = "Atlantis Service Account" - project = var.project - - service_account_namespace = "atlantis" - role = data.google_iam_role.owner.name -} - -module "cert_manager" { - source = "./modules/sa" - - service_account_name = "cert-manager-${local.cluster_name}" - kubernetes_service_account_name = "cert-manager" - display_name = "cert-manager Service Account" - project = var.project - - service_account_namespace = "cert-manager" - role = data.google_iam_role.dns_admin.name -} - -module "chartmuseum" { - source = "./modules/sa" - - service_account_name = "chartmuseum-${local.cluster_name}" - kubernetes_service_account_name = "chartmuseum" - display_name = "Chart Museum Service Account" - project = var.project - - service_account_namespace = "chartmuseum" - role = data.google_iam_role.storage_admin.name -} - -module "external_dns" { - source = "./modules/sa" - - service_account_name = "external-dns-${local.cluster_name}" - kubernetes_service_account_name = "external-dns" - display_name = "External DNS Service Account" - project = var.project - - service_account_namespace = "external-dns" - role = data.google_iam_role.dns_admin.name -} - -module "vault" { - source = "./modules/sa" - - service_account_name = "vault-${local.cluster_name}" - kubernetes_service_account_name = "vault" - display_name = "Vault Service Account" - project = var.project - - service_account_namespace = "vault" - role = data.google_iam_role.dns_admin.name - - create_bucket_iam_access = true - bucket_name = module.vault_data_bucket.name - - create_service_account_key = true - keyring = module.vault_keys.keyring -} diff --git a/templates/google-gitlab/terraform/google/init.tf b/templates/google-gitlab/terraform/google/init.tf deleted file mode 100644 index 31c53cd88..000000000 --- a/templates/google-gitlab/terraform/google/init.tf +++ /dev/null @@ -1,16 +0,0 @@ -provider "google" { - project = var.project - region = var.google_region -} - -provider "google-beta" { - project = var.project - region = var.google_region -} - -terraform { - backend "gcs" { - bucket = "" - prefix = "terraform/google/terraform.tfstate" - } -} diff --git a/templates/google-gitlab/terraform/google/kms.tf b/templates/google-gitlab/terraform/google/kms.tf deleted file mode 100644 index 810ef9453..000000000 --- a/templates/google-gitlab/terraform/google/kms.tf +++ /dev/null @@ -1,8 +0,0 @@ -module "vault_keys" { - source = "./modules/kms" - - keyring = "vault-${local.cluster_name}-${lower(var.uniqueness)}" - keys = ["vault-unseal", "vault-encrypt"] - location = "global" - project = var.project -} diff --git a/templates/google-gitlab/terraform/google/modules/kms/main.tf b/templates/google-gitlab/terraform/google/modules/kms/main.tf deleted file mode 100755 index 6ff6fe515..000000000 --- a/templates/google-gitlab/terraform/google/modules/kms/main.tf +++ /dev/null @@ -1,46 +0,0 @@ -################ -# KMS Key Ring # -################ - -# A key ring must exist for subsequent keys to be created and stored in. -resource "google_kms_key_ring" "key_ring" { - name = var.keyring - - project = var.project - location = var.location -} - -# Keys - -resource "google_kms_crypto_key" "key" { - count = length(var.keys) - - name = var.keys[count.index] - - key_ring = google_kms_key_ring.key_ring.id - rotation_period = var.key_rotation_period -} - -resource "google_kms_crypto_key_iam_binding" "owners" { - count = length(var.set_owners_for) - - role = "roles/owner" - crypto_key_id = local.keys_by_name[var.set_owners_for[count.index]] - members = compact(split(",", var.owners[count.index])) -} - -resource "google_kms_crypto_key_iam_binding" "decrypters" { - count = length(var.set_decrypters_for) - - role = "roles/cloudkms.cryptoKeyDecrypter" - crypto_key_id = local.keys_by_name[var.set_decrypters_for[count.index]] - members = compact(split(",", var.decrypters[count.index])) -} - -resource "google_kms_crypto_key_iam_binding" "encrypters" { - count = length(var.set_encrypters_for) - - role = "roles/cloudkms.cryptoKeyEncrypter" - crypto_key_id = local.keys_by_name[element(var.set_encrypters_for, count.index)] - members = compact(split(",", var.encrypters[count.index])) -} diff --git a/templates/google-gitlab/terraform/google/modules/kms/outputs.tf b/templates/google-gitlab/terraform/google/modules/kms/outputs.tf deleted file mode 100755 index fc5c595e8..000000000 --- a/templates/google-gitlab/terraform/google/modules/kms/outputs.tf +++ /dev/null @@ -1,19 +0,0 @@ -########### -# Outputs # -########### - -output "keyring" { - value = google_kms_key_ring.key_ring.id -} - -output "keyring_resource" { - value = google_kms_key_ring.key_ring -} - -output "keys" { - value = local.keys_by_name -} - -output "keyring_name" { - value = google_kms_key_ring.key_ring.name -} diff --git a/templates/google-gitlab/terraform/google/modules/kms/variables.tf b/templates/google-gitlab/terraform/google/modules/kms/variables.tf deleted file mode 100755 index 646e97632..000000000 --- a/templates/google-gitlab/terraform/google/modules/kms/variables.tf +++ /dev/null @@ -1,78 +0,0 @@ -locals { - keys_by_name = zipmap(var.keys, google_kms_crypto_key.key[*].id) -} - -variable "project" { - description = "Google Project ID" - type = string -} - - -variable "decrypters" { - description = "List of comma-separated owners for each key declared in set_decrypters_for." - type = list(string) - - default = [] -} - -variable "encrypters" { - description = "List of comma-separated owners for each key declared in set_encrypters_for." - type = list(string) - - default = [] -} - -variable "keyring" { - description = "The name of the KeyRing that will be created." - - type = string -} - -variable "keys" { - description = "Key names for keys that will be created and added to the KeyRing." - type = list(string) - - default = [] -} - -variable "key_rotation_period" { - description = "Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds)." - type = string - - default = "100000s" -} - -variable "location" { - description = "The location for the KeyRing." - type = string - - default = "global" -} - -variable "owners" { - description = "List of comma-separated owners for each key declared in set_owners_for." - type = list(string) - - default = [] -} - -variable "set_decrypters_for" { - description = "Name of keys for which decrypters will be set." - type = list(string) - - default = [] -} - -variable "set_encrypters_for" { - description = "Name of keys for which encrypters will be set." - type = list(string) - - default = [] -} - -variable "set_owners_for" { - description = "Name of keys for which owners will be set." - type = list(string) - - default = [] -} diff --git a/templates/google-gitlab/terraform/google/modules/sa/data_sources.tf b/templates/google-gitlab/terraform/google/modules/sa/data_sources.tf deleted file mode 100644 index 44926d0b8..000000000 --- a/templates/google-gitlab/terraform/google/modules/sa/data_sources.tf +++ /dev/null @@ -1,42 +0,0 @@ -################ -# Data Sources # -################ - -# IAM - -data "google_iam_role" "artifactregistry_reader" { - name = "roles/artifactregistry.reader" -} - -data "google_iam_role" "crypto_key_encrypter_decrypter" { - name = "roles/cloudkms.cryptoKeyEncrypterDecrypter" -} - -data "google_iam_role" "admin" { - name = "roles/cloudkms.admin" -} - - -data "google_iam_role" "dns_admin" { - name = "roles/dns.admin" -} - -data "google_iam_role" "owner" { - name = "roles/owner" -} - -data "google_iam_role" "secretmanager_secretaccessor" { - name = "roles/secretmanager.secretAccessor" -} - -data "google_iam_role" "storage_admin" { - name = "roles/storage.admin" -} - -data "google_iam_role" "storage_objectadmin" { - name = "roles/storage.objectAdmin" -} - -data "google_iam_role" "workload_identity_user" { - name = "roles/iam.workloadIdentityUser" -} diff --git a/templates/google-gitlab/terraform/google/modules/sa/main.tf b/templates/google-gitlab/terraform/google/modules/sa/main.tf deleted file mode 100644 index bcd9c7dd4..000000000 --- a/templates/google-gitlab/terraform/google/modules/sa/main.tf +++ /dev/null @@ -1,68 +0,0 @@ -################################### -# IAM For Kubernetes Applications # -################################### - -# Service Account - -resource "google_service_account" "this" { - account_id = var.service_account_name - display_name = var.display_name - project = var.project -} - -# Binding Service Account to Kubernetes Service Account - -resource "google_service_account_iam_member" "this" { - service_account_id = google_service_account.this.name - role = data.google_iam_role.workload_identity_user.name - - member = "serviceAccount:${var.project}.svc.id.goog[${var.service_account_namespace}/${var.kubernetes_service_account_name}]" -} - -# Role Memberships - -resource "google_project_iam_member" "this" { - member = "serviceAccount:${google_service_account.this.email}" - project = var.project - role = var.role -} - -# Key - -resource "google_service_account_key" "this" { - count = var.create_service_account_key ? 1 : 0 - - service_account_id = google_service_account.this.name -} - -# Binding Service Account to Key Ring - -resource "google_kms_key_ring_iam_member" "this-crypto_key_encrypter_decrypter" { - count = var.create_service_account_key ? 1 : 0 - - key_ring_id = var.keyring - role = data.google_iam_role.crypto_key_encrypter_decrypter.name - - member = "serviceAccount:${google_service_account.this.email}" -} - -# Binding Service Account to Key Ring - -resource "google_kms_key_ring_iam_member" "this" { - count = var.create_service_account_key ? 1 : 0 - - key_ring_id = var.keyring - role = data.google_iam_role.admin.name - - member = "serviceAccount:${google_service_account.this.email}" -} - -# Permissions for Bucket - -resource "google_storage_bucket_iam_member" "this" { - count = var.create_bucket_iam_access ? 1 : 0 - - bucket = var.bucket_name - role = data.google_iam_role.storage_objectadmin.name - member = "serviceAccount:${google_service_account.this.email}" -} diff --git a/templates/google-gitlab/terraform/google/modules/sa/outputs.tf b/templates/google-gitlab/terraform/google/modules/sa/outputs.tf deleted file mode 100644 index effc1f44c..000000000 --- a/templates/google-gitlab/terraform/google/modules/sa/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "service_account_email" { - value = google_service_account.this.email -} - -output "service_account_id" { - value = google_service_account.this.id -} diff --git a/templates/google-gitlab/terraform/google/modules/sa/variables.tf b/templates/google-gitlab/terraform/google/modules/sa/variables.tf deleted file mode 100644 index 7c0759f05..000000000 --- a/templates/google-gitlab/terraform/google/modules/sa/variables.tf +++ /dev/null @@ -1,58 +0,0 @@ -variable "service_account_name" { - description = "The name of the service account in Google." - type = string -} - -variable "kubernetes_service_account_name" { - description = "The Kubernetes Service Account name." - type = string -} - -variable "display_name" { - description = "Display name (description) for the service account." - type = string -} - -variable "project" { - description = "Google Project ID" - type = string -} - - -variable "service_account_namespace" { - description = "The Kubernetes Namespace for the role." - type = string -} - -variable "role" { - description = "IAM role to assign to the service account." - type = string -} - -variable "create_service_account_key" { - description = "" - type = bool - - default = false -} - -variable "keyring" { - description = "" - type = string - - default = "" -} - -variable "create_bucket_iam_access" { - description = "" - type = bool - - default = false -} - -variable "bucket_name" { - description = "" - type = string - - default = "" -} diff --git a/templates/google-gitlab/terraform/google/modules/storage_bucket/main.tf b/templates/google-gitlab/terraform/google/modules/storage_bucket/main.tf deleted file mode 100755 index 3d9acf675..000000000 --- a/templates/google-gitlab/terraform/google/modules/storage_bucket/main.tf +++ /dev/null @@ -1,59 +0,0 @@ -################## -# Storage Bucket # -################## - -# Bucket -resource "google_storage_bucket" "bucket" { - name = var.bucket_name - - uniform_bucket_level_access = var.uniform_bucket_policy - - dynamic "encryption" { - for_each = var.kms_encryption_key - content { - default_kms_key_name = lookup(encryption.value, "key_name") - } - } - - force_destroy = var.force_destroy - - labels = merge(local.implicit_labels, var.bucket_labels) - - location = var.location - - dynamic "lifecycle_rule" { - for_each = var.lifecycle_rules - content { - action { - type = lifecycle_rule.value.action.type - storage_class = lookup(lifecycle_rule.value.action, "storage_class", null) - } - condition { - age = lookup(lifecycle_rule.value.condition, "age", null) - created_before = lookup(lifecycle_rule.value.condition, "created_before", null) - custom_time_before = lookup(lifecycle_rule.value.condition, "custom_time_before", null) - days_since_custom_time = lookup(lifecycle_rule.value.condition, "days_since_custom_time", null) - days_since_noncurrent_time = lookup(lifecycle_rule.value.condition, "days_since_noncurrent_time", null) - matches_storage_class = lookup(lifecycle_rule.value.condition, "matches_storage_class", null) - noncurrent_time_before = lookup(lifecycle_rule.value.condition, "noncurrent_time_before", null) - num_newer_versions = lookup(lifecycle_rule.value.condition, "num_newer_versions", null) - } - } - } - - dynamic "logging" { - for_each = var.logging_configuration - content { - log_bucket = lookup(logging.value, "bucket") - log_object_prefix = lookup(logging.value, "prefix") - } - } - - project = var.project - - storage_class = var.storage_class - - versioning { - enabled = var.versioning_enabled - } -} diff --git a/templates/google-gitlab/terraform/google/modules/storage_bucket/outputs.tf b/templates/google-gitlab/terraform/google/modules/storage_bucket/outputs.tf deleted file mode 100755 index 939d820fa..000000000 --- a/templates/google-gitlab/terraform/google/modules/storage_bucket/outputs.tf +++ /dev/null @@ -1,18 +0,0 @@ -########### -# Outputs # -########### - -output "name" { - value = join("", google_storage_bucket.bucket.*.name) - description = "The name of bucket." -} - -output "self_link" { - value = join("", google_storage_bucket.bucket.*.self_link) - description = "The URI of the created bucket resource." -} - -output "url" { - value = join("", google_storage_bucket.bucket.*.url) - description = "The base URL of the bucket, in the format: gs://" -} diff --git a/templates/google-gitlab/terraform/google/modules/storage_bucket/variables.tf b/templates/google-gitlab/terraform/google/modules/storage_bucket/variables.tf deleted file mode 100755 index e55b00c2b..000000000 --- a/templates/google-gitlab/terraform/google/modules/storage_bucket/variables.tf +++ /dev/null @@ -1,100 +0,0 @@ -locals { - bucket_name = "${var.project}-${var.bucket_name}" - logging_prefix = "${var.bucket_name}/" - - implicit_labels = { - name = var.bucket_name - project = var.project - } -} - -variable "project" { - description = "Google Project ID" - type = string -} - - -variable "bucket_labels" { - description = "A set of key/value label pairs to assign to the bucket." - - type = map(string) - default = {} -} - -variable "bucket_name" { - description = "The name for the bucket." - - type = string - default = "" -} - -variable "force_destroy" { - description = "When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run." - - type = bool - default = false -} - -# https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys -variable "kms_encryption_key" { - description = "A Cloud KMS key that will be used to encrypt objects inserted into this bucket. Must be a single item list containing the name of the key." - - type = list(any) - default = [] -} - -# https://cloud.google.com/storage/docs/lifecycle -variable "lifecycle_rules" { - description = "The bucket's lifecycle rules configuration." - type = list(object({ - action = any - condition = any - })) - default = [] -} - -# https://cloud.google.com/storage/docs/bucket-locations -variable "location" { - description = "The GCS location." - - type = string - default = "us" -} - -# https://cloud.google.com/storage/docs/access-logs -variable "logging_configuration" { - description = "The bucket's Access & Storage Logs configuration." - - type = list(string) - default = [] -} - -variable "name_override" { - description = "Override automatic bucket name creation. This will result in the name format project-name_override." - - type = string - default = "" -} - -# https://cloud.google.com/storage/docs/storage-classes -variable "storage_class" { - description = "The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE." - - type = string - default = "STANDARD" -} - -# https://cloud.google.com/storage/docs/access-control/?_ga=2.144606653.-922453139.1594828062 -variable "uniform_bucket_policy" { - description = "Whether to enforce uniform access on the bucket. This applies to all objects and removes fine grained control." - - type = bool - default = true -} - -variable "versioning_enabled" { - description = "Whether or not to enable versioning for the bucket." - - type = bool - default = true -} diff --git a/templates/google-gitlab/terraform/google/services.tf b/templates/google-gitlab/terraform/google/services.tf deleted file mode 100644 index 8a5383e65..000000000 --- a/templates/google-gitlab/terraform/google/services.tf +++ /dev/null @@ -1,5 +0,0 @@ -module "services" { - source = "./services" - - project = var.project -} diff --git a/templates/google-gitlab/terraform/google/services/main.tf b/templates/google-gitlab/terraform/google/services/main.tf deleted file mode 100644 index 2b043e2c4..000000000 --- a/templates/google-gitlab/terraform/google/services/main.tf +++ /dev/null @@ -1,41 +0,0 @@ -resource "google_project_service" "cloud_kms" { - project = var.project - service = "cloudkms.googleapis.com" - - disable_on_destroy = false -} - -resource "google_project_service" "cloud_resource_manager" { - project = var.project - service = "cloudresourcemanager.googleapis.com" - - disable_on_destroy = false -} - -resource "google_project_service" "compute_engine" { - project = var.project - service = "compute.googleapis.com" - - disable_on_destroy = false -} - -resource "google_project_service" "iam" { - project = var.project - service = "iam.googleapis.com" - - disable_on_destroy = false -} - -resource "google_project_service" "iam_sa" { - project = var.project - service = "iamcredentials.googleapis.com" - - disable_on_destroy = false -} - -resource "google_project_service" "kubernetes_engine" { - project = var.project - service = "container.googleapis.com" - - disable_on_destroy = false -} diff --git a/templates/google-gitlab/terraform/google/services/variables.tf b/templates/google-gitlab/terraform/google/services/variables.tf deleted file mode 100755 index ea6db9c87..000000000 --- a/templates/google-gitlab/terraform/google/services/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "project" { - description = "Google Project ID" - type = string -} diff --git a/templates/google-gitlab/terraform/google/storage.tf b/templates/google-gitlab/terraform/google/storage.tf deleted file mode 100644 index d1a8264b7..000000000 --- a/templates/google-gitlab/terraform/google/storage.tf +++ /dev/null @@ -1,12 +0,0 @@ -module "vault_data_bucket" { - source = "./modules/storage_bucket" - - bucket_name = "" - force_destroy = var.force_destroy - # https://cloud.google.com/storage/docs/locations#location-dr - # https://cloud.google.com/storage/docs/key-terms#geo-redundant - # Dual-Region buckets are geo redundant. - location = "nam4" - project = var.project - versioning_enabled = true -} diff --git a/templates/google-gitlab/terraform/google/terraform.tfvars b/templates/google-gitlab/terraform/google/terraform.tfvars deleted file mode 100644 index eef6e0815..000000000 --- a/templates/google-gitlab/terraform/google/terraform.tfvars +++ /dev/null @@ -1,2 +0,0 @@ -force_destroy = "" -uniqueness = "" diff --git a/templates/google-gitlab/terraform/google/variables.tf b/templates/google-gitlab/terraform/google/variables.tf deleted file mode 100644 index 1e9ba5f67..000000000 --- a/templates/google-gitlab/terraform/google/variables.tf +++ /dev/null @@ -1,36 +0,0 @@ -locals { - cluster_name = "" -} - -variable "google_region" { - description = "Google Cloud Region" - type = string - - default = "" -} - -variable "network_name" { - description = "The name of the created network." - type = string - - default = "kubefirst" -} - -variable "project" { - description = "Google Project ID" - type = string - - default = "" -} - -variable "force_destroy" { - description = "variable used to control bucket force destroy" - type = bool - - default = "false" -} - -variable "uniqueness" { - description = "variable used to acoid collision amongst immutable resource names" - type = string -} diff --git a/templates/google-gitlab/terraform/google/vpc.tf b/templates/google-gitlab/terraform/google/vpc.tf deleted file mode 100644 index d12729994..000000000 --- a/templates/google-gitlab/terraform/google/vpc.tf +++ /dev/null @@ -1,44 +0,0 @@ -module "vpc" { - source = "terraform-google-modules/network/google" - version = "~> 7.0" - - project_id = var.project - network_name = "${var.network_name}-${local.cluster_name}" - routing_mode = "GLOBAL" - - subnets = [ - { - subnet_name = "subnet-01-${local.cluster_name}" - subnet_ip = "10.10.10.0/24" - subnet_region = var.google_region - subnet_private_access = "true" - subnet_flow_logs = "true" - description = "This base subnet." - }, - ] - - secondary_ranges = { - "subnet-01-${local.cluster_name}" = [ - { - range_name = "subnet-01-${local.cluster_name}-gke-01-pods" - ip_cidr_range = "10.13.0.0/16" - }, - { - range_name = "subnet-01-${local.cluster_name}-gke-01-services" - ip_cidr_range = "10.14.0.0/16" - }, - ] - } - - routes = [ - { - name = "egress-internet-${local.cluster_name}" - description = "route through IGW to access internet" - destination_range = "0.0.0.0/0" - tags = "egress-inet" - next_hop_internet = "true" - }, - ] - - depends_on = [module.services] -}