-
Notifications
You must be signed in to change notification settings - Fork 0
/
refinery.tf
121 lines (109 loc) · 3.9 KB
/
refinery.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
/*
Copyright (c) 2023 - Present. Ritten. All rights reserved
Use of this source code is governed by a MIT license that can be found in the LICENSE file.
*/
locals {
refinery_config_path = "/etc/refinery"
source_config_path = coalesce(var.config_file_path, "${path.module}/config/config.yaml")
source_rules_path = coalesce(var.rules_file_path, "${path.module}/config/rules.yaml")
additional_metadata = {
"api-key" = "honeycomb-refinery-api-key"
"metrics-api-key" = "honeycomb-refinery-metrics-api-key"
"google-logging-enabled" = "true"
"cos-metrics-enabled" = "true"
}
}
module "refinery_gce_container" {
source = "terraform-google-modules/container-vm/google"
version = "3.1.0"
container = {
image = "honeycombio/refinery:${var.honeycomb_refinery_verison}"
volumeMounts = [
{
mountPath = local.refinery_config_path
name = "config"
readOnly = true
},
]
env = [
{
name = "REFINERY_HONEYCOMB_API_KEY"
value = data.google_secret_manager_secret_version.honeycomb_refinery_api_key.secret_data
},
{
name = "REFINERY_OTEL_METRICS_API_KEY"
value = data.google_secret_manager_secret_version.honeycomb_refinery_metrics_api_key.secret_data
},
{
name = "REFINERY_REDIS_HOST"
value = format("%s:6379", google_compute_instance.redis.network_interface.0.network_ip)
},
]
}
volumes = [
{
name = "config"
hostPath = {
path = local.refinery_config_path
}
},
]
restart_policy = "OnFailure"
}
module "refinery_instance_template" {
source = "terraform-google-modules/vm/google//modules/instance_template"
version = "10.1.1"
name_prefix = "refinery-instance-template"
project_id = var.project_id
machine_type = "n1-standard-1"
metadata = merge(local.additional_metadata, { "gce-container-declaration" = module.refinery_gce_container.metadata_value, "project-id" = var.project_id })
startup_script = templatefile("${path.module}/config/startup.sh.tpl", { config_path = local.refinery_config_path, source_config_path = local.source_config_path, source_rules_path = local.source_rules_path })
service_account = {
email = google_service_account.honeycomb_refinery.email
scopes = ["cloud-platform"]
}
tags = ["refinery"]
/* network */
subnetwork = data.google_compute_subnetwork.primary_subnetwork.id
/* image */
source_image_project = "cos-cloud"
source_image_family = "cos-stable"
source_image = reverse(split("/", module.refinery_gce_container.source_image))[0]
/* disks */
disk_size_gb = 10
disk_type = "pd-ssd"
auto_delete = true
}
module "refinery_mig" {
source = "terraform-google-modules/vm/google//modules/mig"
version = "10.1.1"
project_id = var.project_id
hostname = "honeycomb-refinery"
region = var.region
instance_template = module.refinery_instance_template.self_link
target_size = var.refinery_instance_count
named_ports = [
{
name = "http",
port = 8080
},
{
name = "peer-listener",
port = 8081
},
]
/* update */
# TODO: replace max surge and unavailable with vars (or possibly this full policy)
update_policy = [{
type = "PROACTIVE"
instance_redistribution_type = "PROACTIVE"
minimal_action = "REPLACE"
most_disruptive_allowed_action = "REPLACE"
max_surge_fixed = max(length(data.google_compute_zones.available), var.refinery_instance_count * 2)
max_surge_percent = null
max_unavailable_fixed = max(length(data.google_compute_zones.available), var.refinery_instance_count * 2)
max_unavailable_percent = null
min_ready_sec = null
replacement_method = "SUBSTITUTE"
}]
}