Fix internal MQTT service address (#22)

* Fix internal MQTT service address

Plus alphabetical ordering of variables.

* Export the K8S namespace

Signed-off-by: peterdeme <[email protected]>

---------

Signed-off-by: peterdeme <[email protected]>

main.tf

@@ -25,9 +25,9 @@ module "network" {
 
   enable_external_workers         = var.enable_external_workers
   ip_cidr_range                   = var.ip_cidr_range
+  region                          = var.region
   secondary_ip_range_for_pods     = var.secondary_ip_range_for_pods
   secondary_ip_range_for_services = var.secondary_ip_range_for_services
-  region                          = var.region
 }
 
 module "gke" {
@@ -37,14 +37,14 @@ module "gke" {
   app_service_account_name   = var.app_service_account_name
   backend_service_account_id = module.iam.backend_service_account_id
   compute_network_id         = module.network.network_id
-  subnetwork                 = module.network.subnetwork
-  pods_ip_range_name         = module.network.pods_ip_range_name
-  services_ip_range_name     = module.network.services_ip_range_name
   compute_network_name       = module.network.network_name
   gke_service_account_email  = module.iam.gke_service_account_email
   k8s_namespace              = var.k8s_namespace
+  pods_ip_range_name         = module.network.pods_ip_range_name
   project                    = var.project
   region                     = var.region
+  services_ip_range_name     = module.network.services_ip_range_name
+  subnetwork                 = module.network.subnetwork
 }
 
 module "db" {
@@ -74,9 +74,10 @@ module "dns" {
   source = "./modules/dns"
   seed   = random_id.seed.hex
 
-  enable_external_workers = var.enable_external_workers
-  website_domain          = var.website_domain
   compute_network_id      = module.network.network_id
+  enable_external_workers = var.enable_external_workers
   gke_public_v4_address   = module.network.gke_public_v4_address
   gke_public_v6_address   = module.network.gke_public_v6_address
+  k8s_namespace           = var.k8s_namespace
+  website_domain          = var.website_domain
 }

modules/dns/main.tf

@@ -1,12 +1,12 @@
 locals {
-  dns_name = join(".", slice(split(".", var.website_domain), length(split(".", var.website_domain))-2, length(split(".", var.website_domain))))
-  count = var.enable_external_workers ? 1 : 0
+  dns_name = join(".", slice(split(".", var.website_domain), length(split(".", var.website_domain)) - 2, length(split(".", var.website_domain))))
+  count    = var.enable_external_workers ? 1 : 0
 }
 
 resource "google_dns_managed_zone" "main" {
-  count = local.count
-  name        = "${replace(local.dns_name, ".", "-")}-${var.seed}"
-  dns_name    = "${local.dns_name}."
+  count    = local.count
+  name     = "${replace(local.dns_name, ".", "-")}-${var.seed}"
+  dns_name = "${local.dns_name}."
 
   visibility = "private"
 
@@ -18,18 +18,18 @@ resource "google_dns_managed_zone" "main" {
 }
 
 resource "google_dns_record_set" "CNAME_mqtt" {
-  count = local.count
+  count        = local.count
   managed_zone = google_dns_managed_zone.main[0].name
 
   name = "${var.mqtt_subdomain}.${var.website_domain}."
   type = "CNAME"
   ttl  = 300
 
-  rrdatas = [var.mqtt_service_alias]
+  rrdatas = [local.mqtt_service_alias]
 }
 
 resource "google_dns_record_set" "A_website_domain" {
-  count = local.count
+  count        = local.count
   managed_zone = google_dns_managed_zone.main[0].name
 
   name = "${var.website_domain}."
@@ -40,7 +40,7 @@ resource "google_dns_record_set" "A_website_domain" {
 }
 
 resource "google_dns_record_set" "AAAA_website_domain" {
-  count = local.count
+  count        = local.count
   managed_zone = google_dns_managed_zone.main[0].name
 
   name = "${var.website_domain}."

modules/dns/outputs.tf

@@ -1,4 +1,4 @@
 output "mqtt_endpoint" {
-  value       = var.enable_external_workers ? trimsuffix(google_dns_record_set.CNAME_mqtt[0].name, ".") : var.mqtt_service_alias
+  value       = var.enable_external_workers ? trimsuffix(google_dns_record_set.CNAME_mqtt[0].name, ".") : local.mqtt_service_alias
   description = "Address of the MQTT endpoint."
 }

modules/dns/variables.tf

@@ -1,3 +1,7 @@
+locals {
+  mqtt_service_alias = "spacelift-mqtt.${var.k8s_namespace}.svc.cluster.local."
+}
+
 variable "seed" {
   type = string
 }
@@ -7,7 +11,7 @@ variable "enable_external_workers" {
 }
 
 variable "website_domain" {
-  type = string
+  type        = string
   description = "Domain name for the Spacelift frontend without protocol (e.g. spacelift.mycompany.com)."
 }
 
@@ -25,11 +29,11 @@ variable "gke_public_v6_address" {
 }
 
 variable "mqtt_subdomain" {
-  type = string
+  type    = string
   default = "mqtt"
 }
 
-variable "mqtt_service_alias" {
-  type = string
-  default = "spacelift-mqtt.spacelift.svc.cluster.local."
+variable "k8s_namespace" {
+  type        = string
+  description = "The namespace in which the Spacelift backend is deployed to"
 }

outputs.tf

@@ -160,51 +160,54 @@ output "deliveries_bucket" {
 
 output "shell" {
   sensitive = true
-  value = templatefile("${path.module}/env.tftpl", { env : {
-    GCP_PROJECT : var.project,
-    GCP_LOCATION : var.region,
-    SERVER_DOMAIN : var.website_domain,
-    WEBHOOKS_ENDPOINT : "https://${var.website_domain}/webhooks",
-
-    # IAM
-    BACKEND_SERVICE_ACCOUNT : module.iam.backend_service_account_email,
-
-    # Network
-    PUBLIC_IP_NAME : module.network.gke_public_v4_name,
-    PUBLIC_IP_ADDRESS : module.network.gke_public_v4_address,
-    PUBLIC_IPV6_NAME : module.network.gke_public_v6_name,
-    PUBLIC_IPV6_ADDRESS : module.network.gke_public_v6_address,
-    MQTT_IP_NAME : module.network.mqtt_v4_name,
-    MQTT_IP_ADDRESS : module.network.mqtt_v4_address,
-    MQTT_IPV6_NAME : module.network.mqtt_v6_name,
-    MQTT_IPV6_ADDRESS : module.network.mqtt_v6_address,
-    MQTT_BROKER_ENDPOINT : module.dns.mqtt_endpoint,
-
-    # Artifacts
-    ARTIFACT_REGISTRY_DOMAIN : module.artifacts.repository_domain,
-    BACKEND_IMAGE : "${module.artifacts.repository_url}/spacelift-backend",
-    LAUNCHER_IMAGE : "${module.artifacts.launcher_repository_url}/spacelift-launcher"
-
-    # Buckets
-    OBJECT_STORAGE_BUCKET_DELIVERIES               = module.storage.deliveries_bucket,
-    OBJECT_STORAGE_BUCKET_LARGE_QUEUE_MESSAGES     = module.storage.large_queue_messages_bucket,
-    OBJECT_STORAGE_BUCKET_MODULES                  = module.storage.modules_bucket,
-    OBJECT_STORAGE_BUCKET_POLICY_INPUTS            = module.storage.policy_inputs_bucket,
-    OBJECT_STORAGE_BUCKET_RUN_LOGS                 = module.storage.run_logs_bucket,
-    OBJECT_STORAGE_BUCKET_STATES                   = module.storage.states_bucket,
-    OBJECT_STORAGE_BUCKET_USER_UPLOADED_WORKSPACES = module.storage.user_uploaded_workspaces_bucket,
-    OBJECT_STORAGE_BUCKET_WORKSPACE                = module.storage.workspace_bucket,
-    OBJECT_STORAGE_BUCKET_METADATA                 = module.storage.metadata_bucket
-    OBJECT_STORAGE_BUCKET_UPLOADS                  = module.storage.uploads_bucket
-    OBJECT_STORAGE_BUCKET_UPLOADS_URL              = "https://storage.googleapis.com"
-
-    # Database
-    DATABASE_NAME            = module.db.database_name
-    DATABASE_USER            = module.db.database_iam_user
-    DATABASE_CONNECTION_NAME = module.db.database_connection_name
-    DB_ROOT_PASSWORD         = module.db.database_root_password
-
-    #GKE
-    GKE_CLUSTER_NAME = module.gke.gke_cluster_name
-  } })
+  value = templatefile("${path.module}/env.tftpl", {
+    env : {
+      GCP_PROJECT : var.project,
+      GCP_LOCATION : var.region,
+      SERVER_DOMAIN : var.website_domain,
+      WEBHOOKS_ENDPOINT : "https://${var.website_domain}/webhooks",
+      K8S_NAMESPACE : var.k8s_namespace,
+
+      # IAM
+      BACKEND_SERVICE_ACCOUNT : module.iam.backend_service_account_email,
+
+      # Network
+      PUBLIC_IP_NAME : module.network.gke_public_v4_name,
+      PUBLIC_IP_ADDRESS : module.network.gke_public_v4_address,
+      PUBLIC_IPV6_NAME : module.network.gke_public_v6_name,
+      PUBLIC_IPV6_ADDRESS : module.network.gke_public_v6_address,
+      MQTT_IP_NAME : module.network.mqtt_v4_name,
+      MQTT_IP_ADDRESS : module.network.mqtt_v4_address,
+      MQTT_IPV6_NAME : module.network.mqtt_v6_name,
+      MQTT_IPV6_ADDRESS : module.network.mqtt_v6_address,
+      MQTT_BROKER_ENDPOINT : module.dns.mqtt_endpoint,
+
+      # Artifacts
+      ARTIFACT_REGISTRY_DOMAIN : module.artifacts.repository_domain,
+      BACKEND_IMAGE : "${module.artifacts.repository_url}/spacelift-backend",
+      LAUNCHER_IMAGE : "${module.artifacts.launcher_repository_url}/spacelift-launcher"
+
+      # Buckets
+      OBJECT_STORAGE_BUCKET_DELIVERIES               = module.storage.deliveries_bucket,
+      OBJECT_STORAGE_BUCKET_LARGE_QUEUE_MESSAGES     = module.storage.large_queue_messages_bucket,
+      OBJECT_STORAGE_BUCKET_MODULES                  = module.storage.modules_bucket,
+      OBJECT_STORAGE_BUCKET_POLICY_INPUTS            = module.storage.policy_inputs_bucket,
+      OBJECT_STORAGE_BUCKET_RUN_LOGS                 = module.storage.run_logs_bucket,
+      OBJECT_STORAGE_BUCKET_STATES                   = module.storage.states_bucket,
+      OBJECT_STORAGE_BUCKET_USER_UPLOADED_WORKSPACES = module.storage.user_uploaded_workspaces_bucket,
+      OBJECT_STORAGE_BUCKET_WORKSPACE                = module.storage.workspace_bucket,
+      OBJECT_STORAGE_BUCKET_METADATA                 = module.storage.metadata_bucket
+      OBJECT_STORAGE_BUCKET_UPLOADS                  = module.storage.uploads_bucket
+      OBJECT_STORAGE_BUCKET_UPLOADS_URL              = "https://storage.googleapis.com"
+
+      # Database
+      DATABASE_NAME            = module.db.database_name
+      DATABASE_USER            = module.db.database_iam_user
+      DATABASE_CONNECTION_NAME = module.db.database_connection_name
+      DB_ROOT_PASSWORD         = module.db.database_root_password
+
+      #GKE
+      GKE_CLUSTER_NAME = module.gke.gke_cluster_name
+    },
+  })
 }