diff --git a/modules/cloudflare/main.tf b/modules/cloudflare/dns/main.tf similarity index 100% rename from modules/cloudflare/main.tf rename to modules/cloudflare/dns/main.tf diff --git a/modules/cloudflare/provider.tf b/modules/cloudflare/dns/provider.tf similarity index 100% rename from modules/cloudflare/provider.tf rename to modules/cloudflare/dns/provider.tf diff --git a/modules/cloudflare/variables.tf b/modules/cloudflare/dns/variables.tf similarity index 100% rename from modules/cloudflare/variables.tf rename to modules/cloudflare/dns/variables.tf diff --git a/projects/dev/main.tf b/projects/dev/main.tf deleted file mode 100644 index 9adeb6d..0000000 --- a/projects/dev/main.tf +++ /dev/null @@ -1,210 +0,0 @@ -terraform { - backend "gcs" { - bucket = "goboolean-terraform-state" - prefix = "dev" - } -} - -module "service" { - source = "../../modules/gcp/service" - project_id = var.project_id -} - -module "iam" { - source = "../../modules/gcp/iam" - project_id = var.project_id - region = var.region -} - -module "gce" { - source = "../../modules/gcp/gce" - zone = var.zone - service_account_email = module.iam.atlantis_service_account_email -} - -module "cloudflare" { - source = "../../modules/cloudflare" - api_token = var.cloudflare_api_token - zone_id = var.cloudflare_zone_id - ip_address = module.istio.istio_gateway_ip -} - -module "acme" { - source = "../../modules/cloudflare/acme" - - cloudflare_email = var.cloudflare_email - cloudflare_api_token = var.cloudflare_api_token - cloudflare_zone_id = var.cloudflare_zone_id - cloudflare_api_key = var.cloudflare_api_key -} - -module "gcs" { - source = "../../modules/gcp/gcs" - project_id = var.project_id - location = var.location -} - -module "gke" { - source = "../../modules/gcp/gke" - region = var.region - project_id = var.project_id - zone = var.zone -} - -module "namespace" { - source = "../../modules/gcp/gke/namespace" -} - -module "istio" { - source = "../../modules/infra/istio" - depends_on = [module.gke, module.namespace] -} - -module "cert_manager" { - source = "../../modules/infra/cert-manager" - depends_on = [module.gke, module.namespace] - cloudflare_api_token = var.cloudflare_api_token -} - -module "vault" { - source = "../../modules/infra/vault" - depends_on = [module.gke, module.namespace] -} - -module "argocd" { - source = "../../modules/infra/argocd" - depends_on = [module.gke, module.namespace] -} - -module "kafka" { - source = "../../modules/infra/kafka" - depends_on = [module.gke, module.namespace] -} - -module "etcd" { - source = "../../modules/infra/etcd" - depends_on = [module.gke, module.namespace] -} - -module "opentelemetry" { - source = "../../modules/infra/opentelemetry" - depends_on = [module.gke, module.namespace] -} - -/* - The following infrastructure depends on Vault. - Therefore, it should be separated into a distinct module - and divided into stages. -*/ -# module "argocd-application" { -# source = "../../modules/infra/argocd/application" -# depends_on = [module.argocd, module.namespace] -# providers = { -# argocd = argocd -# } -# } - -data "vault_kv_secret_v2" "harbor" { - mount = "kv-v2" - name = "infra/harbor" -} - -module "harbor" { - source = "../../modules/infra/harbor" - depends_on = [module.gke, module.namespace] - harbor_url = data.vault_kv_secret_v2.harbor.data["url"] - harbor_username = data.vault_kv_secret_v2.harbor.data["username"] - harbor_password = data.vault_kv_secret_v2.harbor.data["password"] - providers = { - harbor = harbor - } -} - -data "vault_kv_secret_v2" "postgresql" { - mount = "kv-v2" - name = "infra/postgresql" -} - -module "postgresql" { - source = "../../modules/infra/postgresql" - depends_on = [module.gke, module.namespace] - postgresql_username = data.vault_kv_secret_v2.postgresql.data["username"] - postgresql_password = data.vault_kv_secret_v2.postgresql.data["password"] -} - -# module "fetch-system-util" { -# source = "../../modules/infra/argocd/job/fetch-system.util" -# depends_on = [module.argocd, module.postgresql, module.namespace] -# providers = { -# argocd = argocd -# } -# } - -data "vault_kv_secret_v2" "influxdb" { - mount = "kv-v2" - name = "infra/influxdb" -} - -module "influxdb" { - source = "../../modules/infra/influxdb" - depends_on = [module.gke, module.namespace] - influxdb_username = data.vault_kv_secret_v2.influxdb.data["username"] - influxdb_password = data.vault_kv_secret_v2.influxdb.data["password"] - influxdb_token = data.vault_kv_secret_v2.influxdb.data["token"] -} - -module "telegraf" { - source = "../../modules/infra/fetch-system/telegraf" - depends_on = [module.gke, module.namespace] - influxdb_token = data.vault_kv_secret_v2.influxdb.data["token"] -} - -data "vault_kv_secret_v2" "grafana" { - mount = "kv-v2" - name = "infra/grafana" -} - -# module "grafana" { -# source = "../../modules/infra/grafana" -# depends_on = [module.gke, module.namespace] -# grafana_username = data.vault_kv_secret_v2.grafana.data["username"] -# grafana_password = data.vault_kv_secret_v2.grafana.data["password"] -# influxdb_token = data.vault_kv_secret_v2.influxdb.data["token"] -# } - -module "kube-prometheus-stack" { - source = "../../modules/infra/monitoring/kube-prometheus-stack" - depends_on = [module.gke, module.namespace] - grafana_username = data.vault_kv_secret_v2.grafana.data["username"] - grafana_password = data.vault_kv_secret_v2.grafana.data["password"] -} - -data "vault_kv_secret_v2" "airflow" { - mount = "kv-v2" - name = "infra/airflow" -} - -module "airflow" { - source = "../../modules/infra/airflow" - depends_on = [module.gke, module.namespace] - airflow_username = data.vault_kv_secret_v2.airflow.data["username"] - airflow_password = data.vault_kv_secret_v2.airflow.data["password"] - postgres_host = "postgresql.postgresql.svc.cluster.local" - postgres_user = data.vault_kv_secret_v2.postgresql.data["username"] - postgres_password = data.vault_kv_secret_v2.postgresql.data["password"] -} - -module "loki-stack" { - source = "../../modules/infra/monitoring/loki-stack" - depends_on = [module.iam, module.gke, module.namespace] - project_id = var.project_id -} - -module "github" { - source = "../../modules/github" -} - -module "dex" { - source = "../../modules/infra/dex" - depends_on = [module.gke, module.namespace] -} diff --git a/projects/dev/provider.tf b/projects/dev/provider.tf deleted file mode 100644 index f8f15c0..0000000 --- a/projects/dev/provider.tf +++ /dev/null @@ -1,121 +0,0 @@ -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = "4.84.0" - } - - cloudflare = { - source = "cloudflare/cloudflare" - version = "5.0.0-rc1" - } - - acme = { - source = "vancluever/acme" - version = "2.29.0" - } - - kubectl = { - source = "gavinbunney/kubectl" - version = ">= 1.14.0" - } - - /* - The following infrastructure depends on Vault. - Therefore, it should be separated into a distinct module - and divided into stages. - */ - vault = { - source = "hashicorp/vault" - version = "4.6.0" - } - - argocd = { - source = "argoproj-labs/argocd" - version = "7.3.0" - } - - harbor = { - source = "goharbor/harbor" - version = "3.10.19" - } - } - required_version = ">= 0.14" -} - -provider "google" { - project = var.project_id - region = var.region -} - -provider "cloudflare" { - api_token = var.cloudflare_api_token -} - -provider "acme" { - server_url = "https://acme-staging-v02.api.letsencrypt.org/directory" -} - -provider "kubernetes" { - host = module.gke.kubernetes_provider_config.host - token = module.gke.kubernetes_provider_config.token - cluster_ca_certificate = module.gke.kubernetes_provider_config.cluster_ca_certificate -} - -provider "helm" { - kubernetes { - host = module.gke.kubernetes_provider_config.host - token = module.gke.kubernetes_provider_config.token - cluster_ca_certificate = module.gke.kubernetes_provider_config.cluster_ca_certificate - } -} - -provider "kubectl" { - host = module.gke.kubernetes_provider_config.host - token = module.gke.kubernetes_provider_config.token - cluster_ca_certificate = module.gke.kubernetes_provider_config.cluster_ca_certificate - load_config_file = false -} - -/* - The following infrastructure depends on Vault. - Therefore, it should be separated into a distinct module - and divided into stages. -*/ -provider "vault" { - address = "https://vault.goboolean.io" - auth_login { - path = "auth/approle/login" - parameters = { - role_id = var.vault_role_id - secret_id = var.vault_secret_id - } - } -} - -data "vault_kv_secret_v2" "argocd" { - mount = "kv-v2" - name = "infra/argocd" -} - -provider "argocd" { - server_addr = "argocd.goboolean.io:443" - username = data.vault_kv_secret_v2.argocd.data["username"] - password = data.vault_kv_secret_v2.argocd.data["password"] -} - -provider "harbor" { - url = data.vault_kv_secret_v2.harbor.data["url"] - username = data.vault_kv_secret_v2.harbor.data["username"] - password = data.vault_kv_secret_v2.harbor.data["password"] -} - -data "vault_kv_secret_v2" "github" { - mount = "kv-v2" - name = "infra/github" -} - -provider "github" { - owner = "goboolean" - token = data.vault_kv_secret_v2.github.data["admin_token"] -} diff --git a/projects/dev/terraform.tfvars b/projects/dev/terraform.tfvars deleted file mode 100644 index cd33ecd..0000000 --- a/projects/dev/terraform.tfvars +++ /dev/null @@ -1,5 +0,0 @@ -# Google Cloud Platform -project_id = "goboolean-448812" -region = "asia-northeast3" -zone = "asia-northeast3-a" -location = "ASIA" diff --git a/projects/dev/variables.tf b/projects/dev/variables.tf deleted file mode 100644 index 4c02f4c..0000000 --- a/projects/dev/variables.tf +++ /dev/null @@ -1,39 +0,0 @@ -# Google Cloud Platform -variable "project_id" { - description = "project id" -} -variable "region" { - description = "region" -} -variable "zone" { - description = "zone" -} -variable "location" { - description = "location" -} - -# Cloudflare -variable "cloudflare_email" { - description = "cloudflare email" -} -variable "cloudflare_api_token" { - description = "cloudflare api token" -} -variable "cloudflare_zone_id" { - description = "cloudflare zone id" -} -variable "cloudflare_api_key" { - description = "cloudflare api key" -} - -/* - The following infrastructure depends on Vault. - Therefore, it should be separated into a distinct module - and divided into stages. -*/ -variable "vault_role_id" { - description = "vault role id" -} -variable "vault_secret_id" { - description = "vault secret id" -} diff --git a/projects/domain/main.tf b/projects/domain/main.tf index eb3ba18..facbbc8 100644 --- a/projects/domain/main.tf +++ b/projects/domain/main.tf @@ -9,8 +9,8 @@ module "istio" { source = "../../modules/infra/istio" } -module "cloudflare" { - source = "../../modules/cloudflare" +module "dns" { + source = "../../modules/cloudflare/dns" api_token = local.cloudflare_api_token zone_id = local.cloudflare_zone_id ip_address = module.istio.istio_gateway_ip