169163334 - Adds more configuration elements per call with Dan

This adds the start of the identity module but also cleans up a bunch of
things like the LBs. Originally I was managing the LBs, but k8s manages
this for us so I disabled the LBs for now.
This commit is contained in:
Rob Gil 2019-12-20 15:10:57 -05:00
parent 7dbdeb3ae7
commit ec5c3e0ce0
9 changed files with 66 additions and 12 deletions

View File

@ -1,7 +1,7 @@
data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "keyvault" {
name = "${var.name}-${var.environment}-rg"
name = "${var.name}-${var.environment}-keyvault"
location = var.region
}

View File

@ -19,4 +19,9 @@ resource "azurerm_lb" "lb" {
name = "${var.name}-${var.environment}-ip"
public_ip_address_id = azurerm_public_ip.lb.id
}
tags = {
owner = var.owner
environment = var.environment
}
}

View File

@ -0,0 +1,11 @@
resource "azurerm_resource_group" "identity" {
name = "${var.name}-${var.environment}-${var.identity}"
location = var.region
}
resource "azurerm_user_assigned_identity" "identity" {
resource_group_name = azurerm_resource_group.identity.name
location = azurerm_resource_group.identity.location
name = "${var.name}-${var.environment}-${var.identity}"
}

View File

@ -0,0 +1,24 @@
variable "region" {
type = string
description = "Region this module and resources will be created in"
}
variable "name" {
type = string
description = "Unique name for the services in this module"
}
variable "environment" {
type = string
description = "Environment these resources reside (prod, dev, staging, etc)"
}
variable "owner" {
type = string
description = "Owner of the environment and resources created in this module"
}
variable "identity" {
type = string
description = "Name of the managed identity to create"
}

View File

@ -54,7 +54,6 @@ variable "storage_mb" {
default = "5120"
}
variable "storage_backup_retention_days" {
type = string
description = "Storage backup retention (days)"
@ -76,7 +75,7 @@ variable "storage_auto_grow" {
variable "administrator_login" {
type = string
description = "Administrator login"
default = "sqladmindude" # FIXME - Remove with wrapper using KeyVault
default = "atat_master" # FIXME - Remove with wrapper using KeyVault
}
variable "administrator_login_password" {
@ -85,11 +84,10 @@ variable "administrator_login_password" {
default = "eI0l7yswwtuhHpwzoVjwRKdAcuGNsg" # FIXME - Remove with wrapper using KeyVault
}
variable "postgres_version" {
type = string
description = "Postgres version to use"
default = "11"
default = "10"
}
variable "ssl_enforcement" {

View File

@ -0,0 +1,8 @@
module "keyvault_reader_identity" {
source = "../../modules/managed_identity"
name = var.name
owner = var.owner
environment = var.environment
region = var.region
identity = "${var.name}-${var.environment}-vault-reader"
}

View File

@ -9,10 +9,18 @@ module "k8s" {
vnet_subnet_id = module.vpc.subnets #FIXME - output from module.vpc.subnets should be map
}
module "lb" {
source = "../../modules/lb"
region = var.region
name = var.name
environment = var.environment
owner = var.owner
}
#module "main_lb" {
# source = "../../modules/lb"
# region = var.region
# name = "main-${var.name}"
# environment = var.environment
# owner = var.owner
#}
#module "auth_lb" {
# source = "../../modules/lb"
# region = var.region
# name = "auth-${var.name}"
# environment = var.environment
# owner = var.owner
#}

View File