diff --git a/main.tf b/main.tf index 72378e5..c42b67f 100644 --- a/main.tf +++ b/main.tf @@ -25,9 +25,9 @@ module "network" { enable_external_workers = var.enable_external_workers ip_cidr_range = var.ip_cidr_range + region = var.region secondary_ip_range_for_pods = var.secondary_ip_range_for_pods secondary_ip_range_for_services = var.secondary_ip_range_for_services - region = var.region } module "gke" { @@ -37,14 +37,14 @@ module "gke" { app_service_account_name = var.app_service_account_name backend_service_account_id = module.iam.backend_service_account_id compute_network_id = module.network.network_id - subnetwork = module.network.subnetwork - pods_ip_range_name = module.network.pods_ip_range_name - services_ip_range_name = module.network.services_ip_range_name compute_network_name = module.network.network_name gke_service_account_email = module.iam.gke_service_account_email k8s_namespace = var.k8s_namespace + pods_ip_range_name = module.network.pods_ip_range_name project = var.project region = var.region + services_ip_range_name = module.network.services_ip_range_name + subnetwork = module.network.subnetwork } module "db" { @@ -74,9 +74,10 @@ module "dns" { source = "./modules/dns" seed = random_id.seed.hex - enable_external_workers = var.enable_external_workers - website_domain = var.website_domain compute_network_id = module.network.network_id + enable_external_workers = var.enable_external_workers gke_public_v4_address = module.network.gke_public_v4_address gke_public_v6_address = module.network.gke_public_v6_address + k8s_namespace = var.k8s_namespace + website_domain = var.website_domain } diff --git a/modules/dns/main.tf b/modules/dns/main.tf index 0fbfeae..68c0dd5 100644 --- a/modules/dns/main.tf +++ b/modules/dns/main.tf @@ -1,12 +1,12 @@ locals { - dns_name = join(".", slice(split(".", var.website_domain), length(split(".", var.website_domain))-2, length(split(".", var.website_domain)))) - count = var.enable_external_workers ? 1 : 0 + dns_name = join(".", slice(split(".", var.website_domain), length(split(".", var.website_domain)) - 2, length(split(".", var.website_domain)))) + count = var.enable_external_workers ? 1 : 0 } resource "google_dns_managed_zone" "main" { - count = local.count - name = "${replace(local.dns_name, ".", "-")}-${var.seed}" - dns_name = "${local.dns_name}." + count = local.count + name = "${replace(local.dns_name, ".", "-")}-${var.seed}" + dns_name = "${local.dns_name}." visibility = "private" @@ -18,18 +18,18 @@ resource "google_dns_managed_zone" "main" { } resource "google_dns_record_set" "CNAME_mqtt" { - count = local.count + count = local.count managed_zone = google_dns_managed_zone.main[0].name name = "${var.mqtt_subdomain}.${var.website_domain}." type = "CNAME" ttl = 300 - rrdatas = [var.mqtt_service_alias] + rrdatas = [local.mqtt_service_alias] } resource "google_dns_record_set" "A_website_domain" { - count = local.count + count = local.count managed_zone = google_dns_managed_zone.main[0].name name = "${var.website_domain}." @@ -40,7 +40,7 @@ resource "google_dns_record_set" "A_website_domain" { } resource "google_dns_record_set" "AAAA_website_domain" { - count = local.count + count = local.count managed_zone = google_dns_managed_zone.main[0].name name = "${var.website_domain}." diff --git a/modules/dns/outputs.tf b/modules/dns/outputs.tf index 53b4bb7..9baaa68 100644 --- a/modules/dns/outputs.tf +++ b/modules/dns/outputs.tf @@ -1,4 +1,4 @@ output "mqtt_endpoint" { - value = var.enable_external_workers ? trimsuffix(google_dns_record_set.CNAME_mqtt[0].name, ".") : var.mqtt_service_alias + value = var.enable_external_workers ? trimsuffix(google_dns_record_set.CNAME_mqtt[0].name, ".") : local.mqtt_service_alias description = "Address of the MQTT endpoint." } diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf index de4f5ad..4ab02da 100644 --- a/modules/dns/variables.tf +++ b/modules/dns/variables.tf @@ -1,3 +1,7 @@ +locals { + mqtt_service_alias = "spacelift-mqtt.${var.k8s_namespace}.svc.cluster.local." +} + variable "seed" { type = string } @@ -7,7 +11,7 @@ variable "enable_external_workers" { } variable "website_domain" { - type = string + type = string description = "Domain name for the Spacelift frontend without protocol (e.g. spacelift.mycompany.com)." } @@ -25,11 +29,11 @@ variable "gke_public_v6_address" { } variable "mqtt_subdomain" { - type = string + type = string default = "mqtt" } -variable "mqtt_service_alias" { - type = string - default = "spacelift-mqtt.spacelift.svc.cluster.local." +variable "k8s_namespace" { + type = string + description = "The namespace in which the Spacelift backend is deployed to" } diff --git a/outputs.tf b/outputs.tf index 4de4eb4..098f6e0 100644 --- a/outputs.tf +++ b/outputs.tf @@ -160,51 +160,54 @@ output "deliveries_bucket" { output "shell" { sensitive = true - value = templatefile("${path.module}/env.tftpl", { env : { - GCP_PROJECT : var.project, - GCP_LOCATION : var.region, - SERVER_DOMAIN : var.website_domain, - WEBHOOKS_ENDPOINT : "https://${var.website_domain}/webhooks", - - # IAM - BACKEND_SERVICE_ACCOUNT : module.iam.backend_service_account_email, - - # Network - PUBLIC_IP_NAME : module.network.gke_public_v4_name, - PUBLIC_IP_ADDRESS : module.network.gke_public_v4_address, - PUBLIC_IPV6_NAME : module.network.gke_public_v6_name, - PUBLIC_IPV6_ADDRESS : module.network.gke_public_v6_address, - MQTT_IP_NAME : module.network.mqtt_v4_name, - MQTT_IP_ADDRESS : module.network.mqtt_v4_address, - MQTT_IPV6_NAME : module.network.mqtt_v6_name, - MQTT_IPV6_ADDRESS : module.network.mqtt_v6_address, - MQTT_BROKER_ENDPOINT : module.dns.mqtt_endpoint, - - # Artifacts - ARTIFACT_REGISTRY_DOMAIN : module.artifacts.repository_domain, - BACKEND_IMAGE : "${module.artifacts.repository_url}/spacelift-backend", - LAUNCHER_IMAGE : "${module.artifacts.launcher_repository_url}/spacelift-launcher" - - # Buckets - OBJECT_STORAGE_BUCKET_DELIVERIES = module.storage.deliveries_bucket, - OBJECT_STORAGE_BUCKET_LARGE_QUEUE_MESSAGES = module.storage.large_queue_messages_bucket, - OBJECT_STORAGE_BUCKET_MODULES = module.storage.modules_bucket, - OBJECT_STORAGE_BUCKET_POLICY_INPUTS = module.storage.policy_inputs_bucket, - OBJECT_STORAGE_BUCKET_RUN_LOGS = module.storage.run_logs_bucket, - OBJECT_STORAGE_BUCKET_STATES = module.storage.states_bucket, - OBJECT_STORAGE_BUCKET_USER_UPLOADED_WORKSPACES = module.storage.user_uploaded_workspaces_bucket, - OBJECT_STORAGE_BUCKET_WORKSPACE = module.storage.workspace_bucket, - OBJECT_STORAGE_BUCKET_METADATA = module.storage.metadata_bucket - OBJECT_STORAGE_BUCKET_UPLOADS = module.storage.uploads_bucket - OBJECT_STORAGE_BUCKET_UPLOADS_URL = "https://storage.googleapis.com" - - # Database - DATABASE_NAME = module.db.database_name - DATABASE_USER = module.db.database_iam_user - DATABASE_CONNECTION_NAME = module.db.database_connection_name - DB_ROOT_PASSWORD = module.db.database_root_password - - #GKE - GKE_CLUSTER_NAME = module.gke.gke_cluster_name - } }) + value = templatefile("${path.module}/env.tftpl", { + env : { + GCP_PROJECT : var.project, + GCP_LOCATION : var.region, + SERVER_DOMAIN : var.website_domain, + WEBHOOKS_ENDPOINT : "https://${var.website_domain}/webhooks", + K8S_NAMESPACE : var.k8s_namespace, + + # IAM + BACKEND_SERVICE_ACCOUNT : module.iam.backend_service_account_email, + + # Network + PUBLIC_IP_NAME : module.network.gke_public_v4_name, + PUBLIC_IP_ADDRESS : module.network.gke_public_v4_address, + PUBLIC_IPV6_NAME : module.network.gke_public_v6_name, + PUBLIC_IPV6_ADDRESS : module.network.gke_public_v6_address, + MQTT_IP_NAME : module.network.mqtt_v4_name, + MQTT_IP_ADDRESS : module.network.mqtt_v4_address, + MQTT_IPV6_NAME : module.network.mqtt_v6_name, + MQTT_IPV6_ADDRESS : module.network.mqtt_v6_address, + MQTT_BROKER_ENDPOINT : module.dns.mqtt_endpoint, + + # Artifacts + ARTIFACT_REGISTRY_DOMAIN : module.artifacts.repository_domain, + BACKEND_IMAGE : "${module.artifacts.repository_url}/spacelift-backend", + LAUNCHER_IMAGE : "${module.artifacts.launcher_repository_url}/spacelift-launcher" + + # Buckets + OBJECT_STORAGE_BUCKET_DELIVERIES = module.storage.deliveries_bucket, + OBJECT_STORAGE_BUCKET_LARGE_QUEUE_MESSAGES = module.storage.large_queue_messages_bucket, + OBJECT_STORAGE_BUCKET_MODULES = module.storage.modules_bucket, + OBJECT_STORAGE_BUCKET_POLICY_INPUTS = module.storage.policy_inputs_bucket, + OBJECT_STORAGE_BUCKET_RUN_LOGS = module.storage.run_logs_bucket, + OBJECT_STORAGE_BUCKET_STATES = module.storage.states_bucket, + OBJECT_STORAGE_BUCKET_USER_UPLOADED_WORKSPACES = module.storage.user_uploaded_workspaces_bucket, + OBJECT_STORAGE_BUCKET_WORKSPACE = module.storage.workspace_bucket, + OBJECT_STORAGE_BUCKET_METADATA = module.storage.metadata_bucket + OBJECT_STORAGE_BUCKET_UPLOADS = module.storage.uploads_bucket + OBJECT_STORAGE_BUCKET_UPLOADS_URL = "https://storage.googleapis.com" + + # Database + DATABASE_NAME = module.db.database_name + DATABASE_USER = module.db.database_iam_user + DATABASE_CONNECTION_NAME = module.db.database_connection_name + DB_ROOT_PASSWORD = module.db.database_root_password + + #GKE + GKE_CLUSTER_NAME = module.gke.gke_cluster_name + }, + }) }