Note: The default ITS GitLab runner is a shared resource and is subject to slowdowns during heavy usage.
You can run your own GitLab runner that is dedicated just to your group if you need to avoid processing delays.

main.tf 3.37 KB
Newer Older
1
# Still need:
Kenny Moore's avatar
Kenny Moore committed
2

3
# write to DB
Kenny Moore's avatar
Kenny Moore committed
4

Kenny Moore's avatar
Kenny Moore committed
5
6
7
8
9
resource "random_id" "id" {
    byte_length = 2
}

locals{
10
11
12
13
14
15
16
17
    project_name_string = substr(lower(replace(var.project_name, "/\\s/", "-")), 0, 25)
    filter_string = "logName=\"projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity\""
    default_cidr = "10.255.0.0/16"
    default_subnets = {for x in var.vpc_regions : x => cidrsubnet(local.default_cidr,4,index(var.vpc_regions, x))}
    pods_cidr = "10.255.128.0/17"
    pods_range = {for x in var.vpc_regions : x => cidrsubnet(local.pods_cidr,3,index(var.vpc_regions, x))}
    services_cidr = "10.255.224.0/19"
    services_range = {for x in var.vpc_regions : x => cidrsubnet(local.services_cidr,3,index(var.vpc_regions, x))}
Kenny Moore's avatar
Kenny Moore committed
18
19
}

20
resource "google_project" "gcp_project" {    
Kenny Moore's avatar
Kenny Moore committed
21
    name = var.project_name
Kenny Moore's avatar
Kenny Moore committed
22
    project_id = var.project_id == "" ? "${local.project_name_string}-${random_id.id.hex}" : var.project_id
23
    folder_id = var.folder_id
Kenny Moore's avatar
Kenny Moore committed
24
    billing_account = var.billing_id
Kenny Moore's avatar
Kenny Moore committed
25
    auto_create_network = false
26
    labels = {
Kenny Moore's avatar
Kenny Moore committed
27
        "shortcode" = var.shortcode 
28
    }
29
30
}

31
resource "google_project_iam_member" "project_iam" {
Kenny Moore's avatar
Kenny Moore committed
32
    project = google_project.gcp_project.project_id
33
    role    = "roles/editor"
34
    member  = "group:${var.mcomm_group_email}"
35
}
36

37
38
39
resource "google_project_service" "compute_api" {
  project = google_project.gcp_project.project_id
  service = "compute.googleapis.com"
Kenny Moore's avatar
Kenny Moore committed
40
41
}

Kenny Moore's avatar
Kenny Moore committed
42
resource "google_project_service" "pubsub_api" {    
Kenny Moore's avatar
Kenny Moore committed
43
    project = google_project.gcp_project.project_id
Kenny Moore's avatar
Kenny Moore committed
44
    service = "pubsub.googleapis.com"
Kenny Moore's avatar
Kenny Moore committed
45
46
}

Kenny Moore's avatar
Kenny Moore committed
47
resource "google_logging_project_sink" "log_export" {
Kenny Moore's avatar
Kenny Moore committed
48
    project = google_project.gcp_project.project_id
Kenny Moore's avatar
Kenny Moore committed
49
    name = "${google_project.gcp_project.project_id}-log-export"
Kenny Moore's avatar
Kenny Moore committed
50
    destination = var.log_export_destination
51
    # filter = "projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity" # Need this
Kenny Moore's avatar
Kenny Moore committed
52
    filter = local.filter_string
Kenny Moore's avatar
Kenny Moore committed
53
    unique_writer_identity = true    
Kenny Moore's avatar
Kenny Moore committed
54
55
}

Kenny Moore's avatar
Kenny Moore committed
56
# Give unique writer permission to publish/write to pub/sub topic
57
resource "google_pubsub_topic_iam_member" "publisher" {
58
    project = "vci-mcloud-service" # should make this a var    
Kenny Moore's avatar
Kenny Moore committed
59
    topic = var.log_export_destination
60
61
62
63
    role = "roles/pubsub.publisher"
    member = google_logging_project_sink.log_export.writer_identity      
}

Kenny Moore's avatar
Kenny Moore committed
64
resource "google_compute_network" "default_vpc" {
Kenny Moore's avatar
Kenny Moore committed
65
    project = google_project.gcp_project.project_id
66
    name = "${var.vpc_prefix}-default-vpc"
Kenny Moore's avatar
Kenny Moore committed
67
    routing_mode = "GLOBAL"
68
69
70
    auto_create_subnetworks = false    
}

Kenny Moore's avatar
Kenny Moore committed
71
72
resource "google_compute_subnetwork" "default_subnet" {
    for_each = local.default_subnets
Kenny Moore's avatar
Kenny Moore committed
73
    project = google_project.gcp_project.project_id
Kenny Moore's avatar
Kenny Moore committed
74
    name = "default-${each.key}"
Kenny Moore's avatar
Kenny Moore committed
75
76
    region = each.key
    ip_cidr_range = each.value
77
    network = google_compute_network.default_vpc.self_link 
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
    secondary_ip_range = var.gke_vpc_ranges ? [{range_name = "${each.key}-pods", ip_cidr_range = local.pods_range[each.key]},{range_name = "${each.key}-services", ip_cidr_range = local.services_range[each.key]}] : []
}

module "vpn" {
    source = "./modules/terraform-google-gcp-at-um-vpn"
    count = var.vpn == true ? 1 : 0

    project_id      = google_project.gcp_project.project_id
    regions         = var.vpc_regions
    vpc_prefix      = var.vpc_prefix
    network_size    = var.vpn_network_size
    bgp_network     = var.vpn_bgp_network
    cloud_asn       = var.vpn_cloud_asn
    um_vpn_endpoint = var.um_vpn_endpoint
}