pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

169163334 - Adds more configuration elements per call with Dan

Browse Source 
This adds the start of the identity module but also cleans up a bunch of
things like the LBs. Originally I was managing the LBs, but k8s manages
this for us so I disabled the LBs for now.
This commit is contained in:
Rob Gil 2019-12-20 15:10:57 -05:00
parent 7dbdeb3ae7
commit ec5c3e0ce0
9 changed files with 66 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
terraform/modules/keyvault/main.tf
View File

@ -1,7 +1,7 @@
data "azurerm_client_config" "current" {} data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "keyvault" { resource "azurerm_resource_group" "keyvault" {
name = "${var.name}-${var.environment}-rg" name = "${var.name}-${var.environment}-keyvault"
location = var.region location = var.region
} }

5
terraform/modules/lb/main.tf
View File

@ -19,4 +19,9 @@ resource "azurerm_lb" "lb" {
name = "${var.name}-${var.environment}-ip" name = "${var.name}-${var.environment}-ip"
public_ip_address_id = azurerm_public_ip.lb.id public_ip_address_id = azurerm_public_ip.lb.id
} }
tags = {
owner = var.owner
environment = var.environment
}
} }

11
terraform/modules/managed_identity/main.tf Normal file
View File

@ -0,0 +1,11 @@
resource "azurerm_resource_group" "identity" {
name = "${var.name}-${var.environment}-${var.identity}"
location = var.region
}
resource "azurerm_user_assigned_identity" "identity" {
resource_group_name = azurerm_resource_group.identity.name
location = azurerm_resource_group.identity.location
name = "${var.name}-${var.environment}-${var.identity}"
}

0
terraform/modules/managed_identity/outputs.tf Normal file
View File

24
terraform/modules/managed_identity/variables.tf Normal file
View File

@ -0,0 +1,24 @@
variable "region" {
type = string
description = "Region this module and resources will be created in"
}
variable "name" {
type = string
description = "Unique name for the services in this module"
}
variable "environment" {
type = string
description = "Environment these resources reside (prod, dev, staging, etc)"
}
variable "owner" {
type = string
description = "Owner of the environment and resources created in this module"
}
variable "identity" {
type = string
description = "Name of the managed identity to create"
}

6
terraform/modules/postgres/variables.tf
View File

@ -54,7 +54,6 @@ variable "storage_mb" {
default = "5120" default = "5120"
} }
variable "storage_backup_retention_days" { variable "storage_backup_retention_days" {
type = string type = string
description = "Storage backup retention (days)" description = "Storage backup retention (days)"
@ -76,7 +75,7 @@ variable "storage_auto_grow" {
variable "administrator_login" { variable "administrator_login" {
type = string type = string
description = "Administrator login" description = "Administrator login"
default = "sqladmindude" # FIXME - Remove with wrapper using KeyVault default = "atat_master" # FIXME - Remove with wrapper using KeyVault
} }
variable "administrator_login_password" { variable "administrator_login_password" {
@ -85,11 +84,10 @@ variable "administrator_login_password" {
default = "eI0l7yswwtuhHpwzoVjwRKdAcuGNsg" # FIXME - Remove with wrapper using KeyVault default = "eI0l7yswwtuhHpwzoVjwRKdAcuGNsg" # FIXME - Remove with wrapper using KeyVault
} }
variable "postgres_version" { variable "postgres_version" {
type = string type = string
description = "Postgres version to use" description = "Postgres version to use"
default = "11" default = "10"
} }
variable "ssl_enforcement" { variable "ssl_enforcement" {

8
terraform/providers/dev/identities.tf Normal file
View File

@ -0,0 +1,8 @@
module "keyvault_reader_identity" {
source = "../../modules/managed_identity"
name = var.name
owner = var.owner
environment = var.environment
region = var.region
identity = "${var.name}-${var.environment}-vault-reader"
}

22
terraform/providers/dev/k8s.tf
View File

@ -9,10 +9,18 @@ module "k8s" {
vnet_subnet_id = module.vpc.subnets #FIXME - output from module.vpc.subnets should be map vnet_subnet_id = module.vpc.subnets #FIXME - output from module.vpc.subnets should be map
} }
module "lb" { #module "main_lb" {
source = "../../modules/lb" # source = "../../modules/lb"
region = var.region # region = var.region
name = var.name # name = "main-${var.name}"
environment = var.environment # environment = var.environment
owner = var.owner # owner = var.owner
} #}
#module "auth_lb" {
# source = "../../modules/lb"
# region = var.region
# name = "auth-${var.name}"
# environment = var.environment
# owner = var.owner
#}

0
terraform/providers/dev/secrets-tool.log Normal file
View File