169163334 - Adds more configuration elements per call with Dan
This adds the start of the identity module but also cleans up a bunch of things like the LBs. Originally I was managing the LBs, but k8s manages this for us so I disabled the LBs for now.
This commit is contained in:
parent
7dbdeb3ae7
commit
ec5c3e0ce0
@ -1,7 +1,7 @@
|
||||
data "azurerm_client_config" "current" {}
|
||||
|
||||
resource "azurerm_resource_group" "keyvault" {
|
||||
name = "${var.name}-${var.environment}-rg"
|
||||
name = "${var.name}-${var.environment}-keyvault"
|
||||
location = var.region
|
||||
}
|
||||
|
||||
|
@ -19,4 +19,9 @@ resource "azurerm_lb" "lb" {
|
||||
name = "${var.name}-${var.environment}-ip"
|
||||
public_ip_address_id = azurerm_public_ip.lb.id
|
||||
}
|
||||
|
||||
tags = {
|
||||
owner = var.owner
|
||||
environment = var.environment
|
||||
}
|
||||
}
|
||||
|
11
terraform/modules/managed_identity/main.tf
Normal file
11
terraform/modules/managed_identity/main.tf
Normal file
@ -0,0 +1,11 @@
|
||||
resource "azurerm_resource_group" "identity" {
|
||||
name = "${var.name}-${var.environment}-${var.identity}"
|
||||
location = var.region
|
||||
}
|
||||
|
||||
resource "azurerm_user_assigned_identity" "identity" {
|
||||
resource_group_name = azurerm_resource_group.identity.name
|
||||
location = azurerm_resource_group.identity.location
|
||||
|
||||
name = "${var.name}-${var.environment}-${var.identity}"
|
||||
}
|
0
terraform/modules/managed_identity/outputs.tf
Normal file
0
terraform/modules/managed_identity/outputs.tf
Normal file
24
terraform/modules/managed_identity/variables.tf
Normal file
24
terraform/modules/managed_identity/variables.tf
Normal file
@ -0,0 +1,24 @@
|
||||
variable "region" {
|
||||
type = string
|
||||
description = "Region this module and resources will be created in"
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
type = string
|
||||
description = "Unique name for the services in this module"
|
||||
}
|
||||
|
||||
variable "environment" {
|
||||
type = string
|
||||
description = "Environment these resources reside (prod, dev, staging, etc)"
|
||||
}
|
||||
|
||||
variable "owner" {
|
||||
type = string
|
||||
description = "Owner of the environment and resources created in this module"
|
||||
}
|
||||
|
||||
variable "identity" {
|
||||
type = string
|
||||
description = "Name of the managed identity to create"
|
||||
}
|
@ -54,7 +54,6 @@ variable "storage_mb" {
|
||||
default = "5120"
|
||||
}
|
||||
|
||||
|
||||
variable "storage_backup_retention_days" {
|
||||
type = string
|
||||
description = "Storage backup retention (days)"
|
||||
@ -76,7 +75,7 @@ variable "storage_auto_grow" {
|
||||
variable "administrator_login" {
|
||||
type = string
|
||||
description = "Administrator login"
|
||||
default = "sqladmindude" # FIXME - Remove with wrapper using KeyVault
|
||||
default = "atat_master" # FIXME - Remove with wrapper using KeyVault
|
||||
}
|
||||
|
||||
variable "administrator_login_password" {
|
||||
@ -85,11 +84,10 @@ variable "administrator_login_password" {
|
||||
default = "eI0l7yswwtuhHpwzoVjwRKdAcuGNsg" # FIXME - Remove with wrapper using KeyVault
|
||||
}
|
||||
|
||||
|
||||
variable "postgres_version" {
|
||||
type = string
|
||||
description = "Postgres version to use"
|
||||
default = "11"
|
||||
default = "10"
|
||||
}
|
||||
|
||||
variable "ssl_enforcement" {
|
||||
|
8
terraform/providers/dev/identities.tf
Normal file
8
terraform/providers/dev/identities.tf
Normal file
@ -0,0 +1,8 @@
|
||||
module "keyvault_reader_identity" {
|
||||
source = "../../modules/managed_identity"
|
||||
name = var.name
|
||||
owner = var.owner
|
||||
environment = var.environment
|
||||
region = var.region
|
||||
identity = "${var.name}-${var.environment}-vault-reader"
|
||||
}
|
@ -9,10 +9,18 @@ module "k8s" {
|
||||
vnet_subnet_id = module.vpc.subnets #FIXME - output from module.vpc.subnets should be map
|
||||
}
|
||||
|
||||
module "lb" {
|
||||
source = "../../modules/lb"
|
||||
region = var.region
|
||||
name = var.name
|
||||
environment = var.environment
|
||||
owner = var.owner
|
||||
}
|
||||
#module "main_lb" {
|
||||
# source = "../../modules/lb"
|
||||
# region = var.region
|
||||
# name = "main-${var.name}"
|
||||
# environment = var.environment
|
||||
# owner = var.owner
|
||||
#}
|
||||
|
||||
#module "auth_lb" {
|
||||
# source = "../../modules/lb"
|
||||
# region = var.region
|
||||
# name = "auth-${var.name}"
|
||||
# environment = var.environment
|
||||
# owner = var.owner
|
||||
#}
|
||||
|
0
terraform/providers/dev/secrets-tool.log
Normal file
0
terraform/providers/dev/secrets-tool.log
Normal file
Loading…
x
Reference in New Issue
Block a user