From ce4005273b88bea49b14f3fca6a187da60417a3d Mon Sep 17 00:00:00 2001 From: mulmuri Date: Wed, 5 Mar 2025 03:28:26 +0900 Subject: [PATCH 1/2] feat: reconstruct infra module --- projects/core/config/main.tf | 16 --- projects/core/config/terraform.tfvars | 3 - projects/core/main.tf | 23 ---- projects/core/provider.tf | 59 --------- projects/core/terraform.tfvars | 3 - projects/k8s/base/istio-system.json | 59 --------- projects/k8s/infra/configs/main.tf | 13 ++ projects/k8s/infra/configs/providers.tf | 93 +++++++++++++ .../{core => k8s/infra/configs}/variables.tf | 2 +- projects/k8s/infra/deployments/main.tf | 124 ++++++++++++++++++ .../infra/deployments}/provider.tf | 56 ++++---- .../infra/deployments}/variables.tf | 2 +- projects/k8s/vault/configs/provider.tf | 4 +- 13 files changed, 268 insertions(+), 189 deletions(-) delete mode 100644 projects/core/config/main.tf delete mode 100644 projects/core/config/terraform.tfvars delete mode 100644 projects/core/main.tf delete mode 100644 projects/core/provider.tf delete mode 100644 projects/core/terraform.tfvars delete mode 100644 projects/k8s/base/istio-system.json create mode 100644 projects/k8s/infra/configs/main.tf create mode 100644 projects/k8s/infra/configs/providers.tf rename projects/{core => k8s/infra/configs}/variables.tf (80%) create mode 100644 projects/k8s/infra/deployments/main.tf rename projects/{core/config => k8s/infra/deployments}/provider.tf (51%) rename projects/{core/config => k8s/infra/deployments}/variables.tf (80%) diff --git a/projects/core/config/main.tf b/projects/core/config/main.tf deleted file mode 100644 index 41e57bd..0000000 --- a/projects/core/config/main.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - backend "gcs" { - bucket = "goboolean-450909-terraform-state" - prefix = "core/config" - } -} - -module "vault_config" { - source = "../../../modules/infra/vault/config" - token_reviewer_jwt = local.token_reviewer_jwt - kubernetes_host = local.gke_host - kubernetes_ca_cert = local.gke_cluster_ca_certificate - providers = { - vault = vault - } -} diff --git a/projects/core/config/terraform.tfvars b/projects/core/config/terraform.tfvars deleted file mode 100644 index 9005dae..0000000 --- a/projects/core/config/terraform.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -# Google Cloud Platform -project_id = "goboolean-450909" -region = "asia-northeast3" diff --git a/projects/core/main.tf b/projects/core/main.tf deleted file mode 100644 index 95a5aa9..0000000 --- a/projects/core/main.tf +++ /dev/null @@ -1,23 +0,0 @@ -terraform { - backend "gcs" { - bucket = "goboolean-450909-terraform-state" - prefix = "core" - } -} - -module "istio_gateway" { - source = "../../modules/infra/istio/gateway" -} - -module "cert_manager_manifest" { - source = "../../modules/infra/cert-manager/manifest" - cloudflare_api_token = local.cloudflare_api_token -} - -module "vault" { - source = "../../modules/infra/vault" - project_id = var.project_id - region = var.region - key_ring_name = local.vault_kms_keyring_name - crypto_key_name = local.vault_kms_crypto_key_name -} diff --git a/projects/core/provider.tf b/projects/core/provider.tf deleted file mode 100644 index 9ee47fd..0000000 --- a/projects/core/provider.tf +++ /dev/null @@ -1,59 +0,0 @@ -terraform { - required_providers { - google = { - source = "hashicorp/google" - version = "4.84.0" - } - } - required_version = ">= 0.14" -} - -# cloudflare secrets -provider "google" { - project = var.project_id - region = var.region -} - -data "google_secret_manager_secret_version" "cloudflare_api_token" { - secret = "cloudflare_api_token" -} - -locals { - cloudflare_api_token = data.google_secret_manager_secret_version.cloudflare_api_token.secret_data -} - -# gke secrets -data "terraform_remote_state" "gcp" { - backend = "gcs" - - config = { - bucket = "goboolean-450909-terraform-state" - prefix = "gcp" - } -} - -data "google_client_config" "default" {} - -locals { - gke_host = data.terraform_remote_state.gcp.outputs.kubernetes_provider_config.host - gke_token = data.google_client_config.default.access_token - gke_cluster_ca_certificate = data.terraform_remote_state.gcp.outputs.kubernetes_provider_config.cluster_ca_certificate - - vault_kms_keyring_name = data.terraform_remote_state.gcp.outputs.vault_kms_keyring_name - vault_kms_crypto_key_name = data.terraform_remote_state.gcp.outputs.vault_kms_crypto_key_name -} - -# providers -provider "helm" { - kubernetes { - host = local.gke_host - token = local.gke_token - cluster_ca_certificate = local.gke_cluster_ca_certificate - } -} - -provider "kubernetes" { - host = local.gke_host - token = local.gke_token - cluster_ca_certificate = local.gke_cluster_ca_certificate -} diff --git a/projects/core/terraform.tfvars b/projects/core/terraform.tfvars deleted file mode 100644 index 9005dae..0000000 --- a/projects/core/terraform.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -# Google Cloud Platform -project_id = "goboolean-450909" -region = "asia-northeast3" diff --git a/projects/k8s/base/istio-system.json b/projects/k8s/base/istio-system.json deleted file mode 100644 index 5ad4111..0000000 --- a/projects/k8s/base/istio-system.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "apiVersion": "v1", - "kind": "Namespace", - "metadata": { - "creationTimestamp": "2025-02-25T14:20:09Z", - "deletionTimestamp": "2025-02-26T14:04:39Z", - "labels": { - "kubernetes.io/metadata.name": "istio-system" - }, - "name": "istio-system", - "resourceVersion": "1196581", - "uid": "1706b331-1e53-4df8-a4c6-dd0e34262fb6" - }, - "spec": { - "finalizers": [ - "kubernetes" - ] - }, - "status": { - "conditions": [ - { - "lastTransitionTime": "2025-02-26T14:04:46Z", - "message": "All resources successfully discovered", - "reason": "ResourcesDiscovered", - "status": "False", - "type": "NamespaceDeletionDiscoveryFailure" - }, - { - "lastTransitionTime": "2025-02-26T14:04:46Z", - "message": "All legacy kube types successfully parsed", - "reason": "ParsedGroupVersions", - "status": "False", - "type": "NamespaceDeletionGroupVersionParsingFailure" - }, - { - "lastTransitionTime": "2025-02-26T14:04:46Z", - "message": "All content successfully deleted, may be waiting on finalization", - "reason": "ContentDeleted", - "status": "False", - "type": "NamespaceDeletionContentFailure" - }, - { - "lastTransitionTime": "2025-02-26T14:04:46Z", - "message": "Some resources are remaining: challenges.acme.cert-manager.io has 1 resource instances", - "reason": "SomeResourcesRemain", - "status": "True", - "type": "NamespaceContentRemaining" - }, - { - "lastTransitionTime": "2025-02-26T14:04:46Z", - "message": "Some content in the namespace has finalizers remaining: finalizer.acme.cert-manager.io in 1 resource instances", - "reason": "SomeFinalizersRemain", - "status": "True", - "type": "NamespaceFinalizersRemaining" - } - ], - "phase": "Terminating" - } -} diff --git a/projects/k8s/infra/configs/main.tf b/projects/k8s/infra/configs/main.tf new file mode 100644 index 0000000..e2c6397 --- /dev/null +++ b/projects/k8s/infra/configs/main.tf @@ -0,0 +1,13 @@ +module "harbor-policy" { + source = "../../../../modules/infra/harbor/policy" + providers = { + harbor = harbor + } +} + +module "argocd-application" { + source = "../../../../modules/infra/argocd/application" + providers = { + argocd = argocd + } +} diff --git a/projects/k8s/infra/configs/providers.tf b/projects/k8s/infra/configs/providers.tf new file mode 100644 index 0000000..762b12c --- /dev/null +++ b/projects/k8s/infra/configs/providers.tf @@ -0,0 +1,93 @@ +terraform { + backend "gcs" { + bucket = "goboolean-450909-tfstate" + prefix = "452007/k8s/infra/configs" + } + + required_providers { + argocd = { + source = "argoproj-labs/argocd" + version = "7.3.0" + } + + harbor = { + source = "goharbor/harbor" + version = "3.10.19" + } + } + required_version = ">= 0.14" +} + + +data "terraform_remote_state" "gcp" { + backend = "gcs" + + config = { + bucket = "goboolean-450909-terraform-state" + prefix = "gcp" + } +} + +data "google_client_config" "default" {} + +locals { + gke_host = data.terraform_remote_state.gcp.outputs.kubernetes_provider_config.host + gke_token = data.google_client_config.default.access_token + gke_cluster_ca_certificate = data.terraform_remote_state.gcp.outputs.kubernetes_provider_config.cluster_ca_certificate +} + +provider "kubernetes" { + host = local.gke_host + token = local.gke_token + cluster_ca_certificate = local.gke_cluster_ca_certificate +} + +provider "google" { + project = var.project_id + region = var.region +} + +ephemeral "google_service_account_jwt" "vault_jwt" { + target_service_account = "atlantis@${var.project_id}.iam.gserviceaccount.com" + + payload = jsonencode({ + sub: "atlantis@${var.project_id}.iam.gserviceaccount.com", + aud: "vault/terraform", + }) + + expires_in = 1800 +} + +provider "vault" { + address = "https://vault.goboolean.io" + + auth_login { + path = "auth/gcp/login" + parameters = { + jwt = ephemeral.google_service_account_jwt.vault_jwt.jwt + role = "terraform" + } + } +} + +data "vault_kv_secret_v2" "argocd" { + mount = "kv" + name = "infra/argocd" +} + +provider "argocd" { + server_addr = "argocd.goboolean.io:443" + username = data.vault_kv_secret_v2.argocd.data["username"] + password = data.vault_kv_secret_v2.argocd.data["password"] +} + +data "vault_kv_secret_v2" "harbor" { + mount = "kv" + name = "infra/harbor" +} + +provider "harbor" { + url = "https://registry.goboolean.io" + username = data.vault_kv_secret_v2.harbor.data["username"] + password = data.vault_kv_secret_v2.harbor.data["password"] +} diff --git a/projects/core/variables.tf b/projects/k8s/infra/configs/variables.tf similarity index 80% rename from projects/core/variables.tf rename to projects/k8s/infra/configs/variables.tf index c3aa77c..d6823f7 100644 --- a/projects/core/variables.tf +++ b/projects/k8s/infra/configs/variables.tf @@ -1,7 +1,7 @@ +# Google Cloud Platform variable "project_id" { description = "project id" } - variable "region" { description = "region" } diff --git a/projects/k8s/infra/deployments/main.tf b/projects/k8s/infra/deployments/main.tf new file mode 100644 index 0000000..0e179f1 --- /dev/null +++ b/projects/k8s/infra/deployments/main.tf @@ -0,0 +1,124 @@ +terraform { + backend "gcs" { + bucket = "goboolean-450909-terraform-state" + prefix = "452007/k8s/infra/deployments" + } +} + +data "vault_kv_secret_v2" "harbor" { + mount = "kv" + name = "infra/harbor" +} + +module "harbor" { + source = "../../../../modules/infra/harbor" + harbor_username = data.vault_kv_secret_v2.harbor.data["username"] + harbor_password = data.vault_kv_secret_v2.harbor.data["password"] +} + +module "kafka" { + source = "../../../../modules/infra/kafka" + depends_on = [module.kube-prometheus-stack] +} + +module "etcd" { + source = "../../../../modules/infra/etcd" +} + +module "opentelemetry" { + source = "../../../../modules/infra/opentelemetry" +} + +module "argocd" { + source = "../../../../modules/infra/argocd" +} + + +data "vault_kv_secret_v2" "postgresql" { + mount = "kv" + name = "infra/postgresql" +} + +module "postgresql" { + source = "../../../../modules/infra/postgresql" + postgresql_username = data.vault_kv_secret_v2.postgresql.data["username"] + postgresql_password = data.vault_kv_secret_v2.postgresql.data["password"] +} + +data "vault_kv_secret_v2" "influxdb" { + mount = "kv" + name = "infra/influxdb" +} + +module "influxdb" { + source = "../../../../modules/infra/influxdb" + influxdb_username = data.vault_kv_secret_v2.influxdb.data["username"] + influxdb_password = data.vault_kv_secret_v2.influxdb.data["password"] + influxdb_token = data.vault_kv_secret_v2.influxdb.data["token"] +} + +data "vault_kv_secret_v2" "grafana" { + mount = "kv" + name = "infra/grafana" +} + +module "kube-prometheus-stack" { + source = "../../../../modules/infra/monitoring/kube-prometheus-stack" + grafana_username = data.vault_kv_secret_v2.grafana.data["username"] + grafana_password = data.vault_kv_secret_v2.grafana.data["password"] +} + +data "vault_kv_secret_v2" "airflow" { + mount = "kv" + name = "infra/airflow" +} + +module "airflow" { + source = "../../../../modules/infra/airflow" + airflow_username = data.vault_kv_secret_v2.airflow.data["username"] + airflow_password = data.vault_kv_secret_v2.airflow.data["password"] + postgres_host = "postgresql.postgresql.svc.cluster.local" + postgres_user = data.vault_kv_secret_v2.postgresql.data["username"] + postgres_password = data.vault_kv_secret_v2.postgresql.data["password"] +} + +module "loki-stack" { + source = "../../../../modules/infra/monitoring/loki-stack" + project_id = var.project_id +} + +module "dex" { + source = "../../../../modules/infra/dex" +} + +data "vault_kv_secret_v2" "github" { + mount = "kv" + name = "github" +} + +data "vault_kv_secret_v2" "atlantis" { + mount = "kv" + name = "infra/atlantis" +} + +module "atlantis" { + source = "../../../../modules/infra/atlantis" + + project_id = var.project_id + github_username = "goboolean-io" + github_token = data.vault_kv_secret_v2.github.data["admin_token"] + webhook_secret = data.vault_kv_secret_v2.github.data["atlantis_webhook_secret"] + username = data.vault_kv_secret_v2.atlantis.data["username"] + password = data.vault_kv_secret_v2.atlantis.data["password"] +} + +module "kiali" { + source = "../../../../modules/infra/kiali" + + grafana_username = data.vault_kv_secret_v2.grafana.data["username"] + grafana_password = data.vault_kv_secret_v2.grafana.data["password"] +} + +module "redis" { + source = "../../../../modules/infra/redis" +} diff --git a/projects/core/config/provider.tf b/projects/k8s/infra/deployments/provider.tf similarity index 51% rename from projects/core/config/provider.tf rename to projects/k8s/infra/deployments/provider.tf index 121da01..39a29ac 100644 --- a/projects/core/config/provider.tf +++ b/projects/k8s/infra/deployments/provider.tf @@ -2,12 +2,16 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "4.84.0" + version = "6.23.0" } vault = { source = "hashicorp/vault" version = "4.6.0" } + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.14.0" + } } required_version = ">= 0.14" } @@ -16,8 +20,8 @@ data "terraform_remote_state" "gcp" { backend = "gcs" config = { - bucket = "goboolean-450909-terraform-state" - prefix = "gcp" + bucket = "goboolean-450909-tfstate" + prefix = "452007/gcp" } } @@ -35,37 +39,45 @@ provider "kubernetes" { cluster_ca_certificate = local.gke_cluster_ca_certificate } -data "kubernetes_secret" "vault_sa_token" { - metadata { - name = "vault-sa-token" - namespace = "vault" - } -} - -locals { - token_reviewer_jwt = data.kubernetes_secret.vault_sa_token.data["token"] -} - provider "google" { project = var.project_id region = var.region } -data "google_secret_manager_secret_version" "vault_role_id" { - secret = "vault_role_id" -} +ephemeral "google_service_account_jwt" "vault_jwt" { + target_service_account = "atlantis@${var.project_id}.iam.gserviceaccount.com" + + payload = jsonencode({ + sub: "atlantis@${var.project_id}.iam.gserviceaccount.com", + aud: "vault/terraform", + }) -data "google_secret_manager_secret_version" "vault_secret_id" { - secret = "vault_secret_id" + expires_in = 1800 } provider "vault" { address = "https://vault.goboolean.io" + auth_login { - path = "auth/approle/login" + path = "auth/gcp/login" parameters = { - role_id = data.google_secret_manager_secret_version.vault_role_id.secret_data - secret_id = data.google_secret_manager_secret_version.vault_secret_id.secret_data + jwt = ephemeral.google_service_account_jwt.vault_jwt.jwt + role = "terraform" } } } + +provider "helm" { + kubernetes { + host = local.gke_host + token = local.gke_token + cluster_ca_certificate = local.gke_cluster_ca_certificate + } +} + +provider "kubectl" { + host = local.gke_host + token = local.gke_token + cluster_ca_certificate = local.gke_cluster_ca_certificate + load_config_file = false +} diff --git a/projects/core/config/variables.tf b/projects/k8s/infra/deployments/variables.tf similarity index 80% rename from projects/core/config/variables.tf rename to projects/k8s/infra/deployments/variables.tf index c3aa77c..d6823f7 100644 --- a/projects/core/config/variables.tf +++ b/projects/k8s/infra/deployments/variables.tf @@ -1,7 +1,7 @@ +# Google Cloud Platform variable "project_id" { description = "project id" } - variable "region" { description = "region" } diff --git a/projects/k8s/vault/configs/provider.tf b/projects/k8s/vault/configs/provider.tf index 4b16b97..808c9c4 100644 --- a/projects/k8s/vault/configs/provider.tf +++ b/projects/k8s/vault/configs/provider.tf @@ -16,8 +16,8 @@ data "terraform_remote_state" "gcp" { backend = "gcs" config = { - bucket = "goboolean-450909-terraform-state" - prefix = "gcp" + bucket = "goboolean-450909-tfstate" + prefix = "452007/gcp" } } From d8d5c26226b87e26c1a677f953f9a2ba90906f6c Mon Sep 17 00:00:00 2001 From: mulmuri Date: Wed, 5 Mar 2025 11:42:53 +0900 Subject: [PATCH 2/2] feat: remove moved directory --- projects/infra/main.tf | 143 -------------------------------- projects/infra/provider.tf | 106 ----------------------- projects/infra/terraform.tfvars | 5 -- projects/infra/variables.tf | 19 ----- 4 files changed, 273 deletions(-) delete mode 100644 projects/infra/main.tf delete mode 100644 projects/infra/provider.tf delete mode 100644 projects/infra/terraform.tfvars delete mode 100644 projects/infra/variables.tf diff --git a/projects/infra/main.tf b/projects/infra/main.tf deleted file mode 100644 index fd5e4d9..0000000 --- a/projects/infra/main.tf +++ /dev/null @@ -1,143 +0,0 @@ -terraform { - backend "gcs" { - bucket = "goboolean-450909-terraform-state" - prefix = "infra" - } -} - -data "vault_kv_secret_v2" "harbor" { - mount = "kv" - name = "infra/harbor" -} - -module "harbor" { - source = "../../modules/infra/harbor" - harbor_username = data.vault_kv_secret_v2.harbor.data["username"] - harbor_password = data.vault_kv_secret_v2.harbor.data["password"] -} - -module "harbor_policy" { - source = "../../modules/infra/harbor/policy" - providers = { - harbor = harbor - } -} - -module "kafka" { - source = "../../modules/infra/kafka" -} - -module "etcd" { - source = "../../modules/infra/etcd" -} - -module "opentelemetry" { - source = "../../modules/infra/opentelemetry" -} - -module "argocd" { - source = "../../modules/infra/argocd" -} - -module "argocd-application" { - source = "../../modules/infra/argocd/application" - depends_on = [module.argocd] - providers = { - argocd = argocd - } -} - -data "vault_kv_secret_v2" "postgresql" { - mount = "kv" - name = "infra/postgresql" -} - -module "postgresql" { - source = "../../modules/infra/postgresql" - postgresql_username = data.vault_kv_secret_v2.postgresql.data["username"] - postgresql_password = data.vault_kv_secret_v2.postgresql.data["password"] -} - -data "vault_kv_secret_v2" "influxdb" { - mount = "kv" - name = "infra/influxdb" -} - -module "influxdb" { - source = "../../modules/infra/influxdb" - influxdb_username = data.vault_kv_secret_v2.influxdb.data["username"] - influxdb_password = data.vault_kv_secret_v2.influxdb.data["password"] - influxdb_token = data.vault_kv_secret_v2.influxdb.data["token"] -} - -data "vault_kv_secret_v2" "grafana" { - mount = "kv" - name = "infra/grafana" -} - -module "kube-prometheus-stack" { - source = "../../modules/infra/monitoring/kube-prometheus-stack" - grafana_username = data.vault_kv_secret_v2.grafana.data["username"] - grafana_password = data.vault_kv_secret_v2.grafana.data["password"] -} - -data "vault_kv_secret_v2" "airflow" { - mount = "kv" - name = "infra/airflow" -} - -module "airflow" { - source = "../../modules/infra/airflow" - airflow_username = data.vault_kv_secret_v2.airflow.data["username"] - airflow_password = data.vault_kv_secret_v2.airflow.data["password"] - postgres_host = "postgresql.postgresql.svc.cluster.local" - postgres_user = data.vault_kv_secret_v2.postgresql.data["username"] - postgres_password = data.vault_kv_secret_v2.postgresql.data["password"] -} - -module "loki-stack" { - source = "../../modules/infra/monitoring/loki-stack" - project_id = var.project_id -} - -module "dex" { - source = "../../modules/infra/dex" -} - -data "vault_kv_secret_v2" "github" { - mount = "kv" - name = "github" -} - -data "vault_kv_secret_v2" "atlantis" { - mount = "kv" - name = "infra/atlantis" -} - -module "atlantis" { - source = "../../modules/infra/atlantis" - - project_id = var.project_id - github_username = "goboolean-io" - github_token = data.vault_kv_secret_v2.github.data["admin_token"] - webhook_secret = data.vault_kv_secret_v2.github.data["atlantis_webhook_secret"] - username = data.vault_kv_secret_v2.atlantis.data["username"] - password = data.vault_kv_secret_v2.atlantis.data["password"] -} - -module "kiali" { - source = "../../modules/infra/kiali" - - grafana_username = data.vault_kv_secret_v2.grafana.data["username"] - grafana_password = data.vault_kv_secret_v2.grafana.data["password"] -} - -module "redis" { - source = "../../modules/infra/redis" -} - -module "vault_operator" { - source = "../../modules/infra/vault/operator" - vault_role_id = local.vault_role_id - vault_secret_id = local.vault_secret_id -} diff --git a/projects/infra/provider.tf b/projects/infra/provider.tf deleted file mode 100644 index 3fdc7a3..0000000 --- a/projects/infra/provider.tf +++ /dev/null @@ -1,106 +0,0 @@ -terraform { - required_providers { - kubectl = { - source = "gavinbunney/kubectl" - version = ">= 1.14.0" - } - - vault = { - source = "hashicorp/vault" - version = "4.6.0" - } - - argocd = { - source = "argoproj-labs/argocd" - version = "7.3.0" - } - - harbor = { - source = "goharbor/harbor" - version = "3.10.19" - } - } - required_version = ">= 0.14" -} - -data "terraform_remote_state" "gcp" { - backend = "gcs" - - config = { - bucket = "goboolean-450909-terraform-state" - prefix = "gcp" - } -} - -data "google_client_config" "default" {} - -locals { - gke_host = data.terraform_remote_state.gcp.outputs.kubernetes_provider_config.host - gke_token = data.google_client_config.default.access_token - gke_cluster_ca_certificate = data.terraform_remote_state.gcp.outputs.kubernetes_provider_config.cluster_ca_certificate - - vault_role_id = data.google_secret_manager_secret_version.vault_role_id.secret_data - vault_secret_id = data.google_secret_manager_secret_version.vault_secret_id.secret_data -} - -provider "google" { - project = var.project_id - region = var.region -} - -data "google_secret_manager_secret_version" "vault_role_id" { - secret = "vault_role_id" -} - -data "google_secret_manager_secret_version" "vault_secret_id" { - secret = "vault_secret_id" -} - -provider "vault" { - address = "https://vault.goboolean.io" - auth_login { - path = "auth/approle/login" - parameters = { - role_id = local.vault_role_id - secret_id = local.vault_secret_id - } - } -} - -provider "kubernetes" { - host = local.gke_host - token = local.gke_token - cluster_ca_certificate = local.gke_cluster_ca_certificate -} - -provider "helm" { - kubernetes { - host = local.gke_host - token = local.gke_token - cluster_ca_certificate = local.gke_cluster_ca_certificate - } -} - -provider "kubectl" { - host = local.gke_host - token = local.gke_token - cluster_ca_certificate = local.gke_cluster_ca_certificate - load_config_file = false -} - -data "vault_kv_secret_v2" "argocd" { - mount = "kv" - name = "infra/argocd" -} - -provider "argocd" { - server_addr = "argocd.goboolean.io:443" - username = data.vault_kv_secret_v2.argocd.data["username"] - password = data.vault_kv_secret_v2.argocd.data["password"] -} - -provider "harbor" { - url = "https://registry.goboolean.io" - username = data.vault_kv_secret_v2.harbor.data["username"] - password = data.vault_kv_secret_v2.harbor.data["password"] -} diff --git a/projects/infra/terraform.tfvars b/projects/infra/terraform.tfvars deleted file mode 100644 index a93fc8c..0000000 --- a/projects/infra/terraform.tfvars +++ /dev/null @@ -1,5 +0,0 @@ -# Google Cloud Platform -project_id = "goboolean-450909" -region = "asia-northeast3" -zone = "asia-northeast3-a" -location = "ASIA" diff --git a/projects/infra/variables.tf b/projects/infra/variables.tf deleted file mode 100644 index cd97bf3..0000000 --- a/projects/infra/variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Google Cloud Platform -variable "project_id" { - description = "project id" -} -variable "region" { - description = "region" -} -variable "zone" { - description = "zone" -} -variable "location" { - description = "location" -} - -/* - The following infrastructure depends on Vault. - Therefore, it should be separated into a distinct module - and divided into stages. -*/