diff --git a/.gitignore b/.gitignore
index 5dfe310..a092b20 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
.terraform*
terraform.tfstate*
+plan.out*
diff --git a/README.md b/README.md
index f971f97..8ce52e1 100644
--- a/README.md
+++ b/README.md
@@ -116,15 +116,15 @@ No modules.
| [google_cloud_run_service.probers](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_service) | resource |
| [google_cloud_run_service_iam_policy.noauths](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_service_iam_policy) | resource |
| [google_compute_backend_service.probers](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_backend_service) | resource |
-| [google_compute_global_address.static-ip](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_address) | resource |
-| [google_compute_global_forwarding_rule.forwarding-rule](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_forwarding_rule) | resource |
-| [google_compute_managed_ssl_certificate.prober-cert](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_managed_ssl_certificate) | resource |
+| [google_compute_global_address.static_ip](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_address) | resource |
+| [google_compute_global_forwarding_rule.forwarding_rule](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_forwarding_rule) | resource |
+| [google_compute_managed_ssl_certificate.prober_cert](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_managed_ssl_certificate) | resource |
| [google_compute_region_network_endpoint_group.neg](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_region_network_endpoint_group) | resource |
| [google_compute_target_https_proxy.prober](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_target_https_proxy) | resource |
| [google_compute_url_map.probers](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_url_map) | resource |
-| [google_dns_record_set.prober-dns](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_record_set) | resource |
-| [google_monitoring_uptime_check_config.global-uptime-check](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/monitoring_uptime_check_config) | resource |
-| [google_monitoring_uptime_check_config.regional-uptime-check](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/monitoring_uptime_check_config) | resource |
+| [google_dns_record_set.prober_dns](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_record_set) | resource |
+| [google_monitoring_uptime_check_config.global_uptime_check](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/monitoring_uptime_check_config) | resource |
+| [google_monitoring_uptime_check_config.regional_uptime_check](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/monitoring_uptime_check_config) | resource |
| [google_service_account.prober](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource |
| [ko_image.image](https://registry.terraform.io/providers/chainguard-dev/ko/latest/docs/resources/image) | resource |
| [random_password.secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
@@ -147,5 +147,6 @@ No modules.
| Name | Description |
|------|-------------|
-| [uptime-check](#output\_uptime-check) | n/a |
+| [uptime\_check](#output\_uptime\_check) | n/a |
+| [uptime\_check\_name](#output\_uptime\_check\_name) | n/a |
diff --git a/examples/basic/example.tf b/examples/basic/example.tf
index 1b664b3..25ce483 100644
--- a/examples/basic/example.tf
+++ b/examples/basic/example.tf
@@ -31,3 +31,50 @@ module "prober" {
EXAMPLE_ENV = "honk"
}
}
+
+// Create an alert policy based on the uptime check above.
+resource "google_monitoring_alert_policy" "prober_uptime" {
+ project = var.project_id
+ # In the absence of data, incident will auto-close in 7 days
+ alert_strategy {
+ auto_close = "604800s"
+ }
+ combiner = "OR"
+
+ conditions {
+ condition_threshold {
+ aggregations {
+ alignment_period = "300s"
+ cross_series_reducer = "REDUCE_COUNT_FALSE"
+ group_by_fields = ["resource.*"]
+ per_series_aligner = "ALIGN_NEXT_OLDER"
+ }
+
+ comparison = "COMPARISON_GT"
+ duration = "60s"
+ filter = format("metric.type=\"monitoring.googleapis.com/uptime_check/check_passed\" resource.type=\"uptime_url\" metric.label.\"check_id\"=\"%s\"", module.prober.uptime_check)
+
+ threshold_value = "1"
+
+ trigger {
+ count = "1"
+ percent = "0"
+ }
+ }
+
+ display_name = "${module.prober.uptime_check_name} probe failure"
+ }
+
+ display_name = "${module.prober.uptime_check_name} prober failed alert"
+ enabled = "true"
+
+ documentation {
+ content = <<-EOT
+ < Add your documentation or link to a playbook here >
+ EOT
+ }
+
+ depends_on = [
+ module.prober
+ ]
+}
diff --git a/gclb.tf b/gclb.tf
index e33194f..3426633 100644
--- a/gclb.tf
+++ b/gclb.tf
@@ -1,17 +1,22 @@
+/*
+Copyright 2022 Chainguard, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
locals {
# GCLB is expensive, so we only provision one when we have to put multiple
# Cloud Run locations behind one.
use_gclb = length(var.locations) > 1
}
-resource "google_compute_global_address" "static-ip" {
+resource "google_compute_global_address" "static_ip" {
count = local.use_gclb ? 1 : 0
project = var.project_id
name = "${var.name}-prober"
}
-resource "google_compute_global_forwarding_rule" "forwarding-rule" {
+resource "google_compute_global_forwarding_rule" "forwarding_rule" {
count = local.use_gclb ? 1 : 0
project = var.project_id
@@ -19,11 +24,11 @@ resource "google_compute_global_forwarding_rule" "forwarding-rule" {
ip_protocol = "TCP"
load_balancing_scheme = "EXTERNAL"
port_range = 443
- ip_address = google_compute_global_address.static-ip[0].id
+ ip_address = google_compute_global_address.static_ip[0].id
target = google_compute_target_https_proxy.prober[0].id
}
-resource "google_dns_record_set" "prober-dns" {
+resource "google_dns_record_set" "prober_dns" {
count = local.use_gclb ? 1 : 0
project = var.project_id
@@ -33,17 +38,17 @@ resource "google_dns_record_set" "prober-dns" {
ttl = 60
rrdatas = [
- google_compute_global_address.static-ip[0].address
+ google_compute_global_address.static_ip[0].address
]
}
-resource "google_compute_managed_ssl_certificate" "prober-cert" {
+resource "google_compute_managed_ssl_certificate" "prober_cert" {
count = local.use_gclb ? 1 : 0
name = "${var.name}-prober"
managed {
- domains = [google_dns_record_set.prober-dns[0].name]
+ domains = [google_dns_record_set.prober_dns[0].name]
}
}
@@ -54,7 +59,7 @@ resource "google_compute_target_https_proxy" "prober" {
name = "${var.name}-prober"
url_map = google_compute_url_map.probers[0].id
- ssl_certificates = [google_compute_managed_ssl_certificate.prober-cert[0].id]
+ ssl_certificates = [google_compute_managed_ssl_certificate.prober_cert[0].id]
}
resource "google_compute_url_map" "probers" {
diff --git a/main.tf b/main.tf
index 1254989..fdb1a56 100644
--- a/main.tf
+++ b/main.tf
@@ -1,3 +1,8 @@
+/*
+Copyright 2022 Chainguard, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
terraform {
required_providers {
ko = {
@@ -88,7 +93,7 @@ resource "google_cloud_run_service_iam_policy" "noauths" {
// This is the uptime check, which will send traffic to the Cloud Run
// application every few minutes (from several locations) to ensure
// things are operating as expected.
-resource "google_monitoring_uptime_check_config" "regional-uptime-check" {
+resource "google_monitoring_uptime_check_config" "regional_uptime_check" {
count = local.use_gclb ? 0 : 1
display_name = "${var.name}-uptime-regional"
@@ -127,7 +132,7 @@ resource "google_monitoring_uptime_check_config" "regional-uptime-check" {
// This is the uptime check, which will send traffic to the GCLB
// address every few minutes (from several locations) to ensure
// things are operating as expected.
-resource "google_monitoring_uptime_check_config" "global-uptime-check" {
+resource "google_monitoring_uptime_check_config" "global_uptime_check" {
count = local.use_gclb ? 1 : 0
display_name = "${var.name}-uptime-global"
diff --git a/outputs.tf b/outputs.tf
index 53a68fd..379135b 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,3 +1,12 @@
-output "uptime-check" {
- value = local.use_gclb ? google_monitoring_uptime_check_config.global-uptime-check[0].uptime_check_id : google_monitoring_uptime_check_config.regional-uptime-check[0].uptime_check_id
+/*
+Copyright 2022 Chainguard, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+output "uptime_check" {
+ value = local.use_gclb ? google_monitoring_uptime_check_config.global_uptime_check[0].uptime_check_id : google_monitoring_uptime_check_config.regional_uptime_check[0].uptime_check_id
+}
+
+output "uptime_check_name" {
+ value = local.use_gclb ? google_monitoring_uptime_check_config.global_uptime_check[0].display_name : google_monitoring_uptime_check_config.regional_uptime_check[0].display_name
}
diff --git a/variables.tf b/variables.tf
index a2636da..97afda4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,3 +1,8 @@
+/*
+Copyright 2022 Chainguard, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
variable "name" {
description = "Name to prefix to created resources."
}