mirror of
https://github.com/google/nomulus.git
synced 2025-05-28 16:30:12 +02:00
Add MOE equivalence for 2018-09-14 sync
------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=212996616
This commit is contained in:
mcilwain
Ben McIlwain
parent
3b62a51424
commit
a483beef28
97 changed files with 1 additions and 1 deletions
|
|
@ -1,3 +0,0 @@
|
|||
provider "google" {
|
||||
project = "${var.proxy_project_name}"
|
||||
}
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
resource "google_storage_bucket" "proxy_certificate" {
|
||||
name = "${var.proxy_certificate_bucket}"
|
||||
storage_class = "MULTI_REGIONAL"
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_iam_member" "member" {
|
||||
bucket = "${google_storage_bucket.proxy_certificate.name}"
|
||||
role = "roles/storage.objectViewer"
|
||||
member = "serviceAccount:${google_service_account.proxy_service_account.email}"
|
||||
}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
module "proxy_gke_americas" {
|
||||
source = "./gke"
|
||||
proxy_cluster_region = "americas"
|
||||
proxy_service_account_email = "${google_service_account.proxy_service_account.email}"
|
||||
}
|
||||
|
||||
module "proxy_gke_emea" {
|
||||
source = "./gke"
|
||||
proxy_cluster_region = "emea"
|
||||
proxy_service_account_email = "${google_service_account.proxy_service_account.email}"
|
||||
}
|
||||
|
||||
module "proxy_gke_apac" {
|
||||
source = "./gke"
|
||||
proxy_cluster_region = "apac"
|
||||
proxy_service_account_email = "${google_service_account.proxy_service_account.email}"
|
||||
}
|
||||
|
||||
locals {
|
||||
"proxy_instance_groups" = {
|
||||
americas = "${module.proxy_gke_americas.proxy_instance_group}"
|
||||
emea = "${module.proxy_gke_emea.proxy_instance_group}"
|
||||
apac = "${module.proxy_gke_apac.proxy_instance_group}"
|
||||
}
|
||||
}
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
locals {
|
||||
proxy_cluster_zone = "${lookup(var.proxy_cluster_zones, var.proxy_cluster_region)}"
|
||||
}
|
||||
|
||||
resource "google_container_cluster" "proxy_cluster" {
|
||||
name = "proxy-cluster-${var.proxy_cluster_region}"
|
||||
zone = "${local.proxy_cluster_zone}"
|
||||
|
||||
timeouts {
|
||||
update = "30m"
|
||||
}
|
||||
|
||||
node_pool {
|
||||
name = "proxy-node-pool"
|
||||
initial_node_count = 1
|
||||
|
||||
node_config {
|
||||
tags = [
|
||||
"proxy-cluster",
|
||||
]
|
||||
|
||||
service_account = "${var.proxy_service_account_email}"
|
||||
|
||||
oauth_scopes = [
|
||||
"https://www.googleapis.com/auth/cloud-platform",
|
||||
"https://www.googleapis.com/auth/userinfo.email",
|
||||
]
|
||||
}
|
||||
|
||||
autoscaling {
|
||||
max_node_count = 5
|
||||
min_node_count = 1
|
||||
}
|
||||
|
||||
management {
|
||||
auto_repair = true
|
||||
auto_upgrade = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
variable "proxy_service_account_email" {}
|
||||
|
||||
variable "proxy_cluster_region" {}
|
||||
|
||||
variable "proxy_cluster_zones" {
|
||||
type = "map"
|
||||
|
||||
default = {
|
||||
americas = "us-east4-a"
|
||||
emea = "europe-west4-b"
|
||||
apac = "asia-northeast1-c"
|
||||
}
|
||||
}
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
output "proxy_instance_group" {
|
||||
value = "${google_container_cluster.proxy_cluster.instance_group_urls[0]}"
|
||||
}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
resource "google_service_account" "proxy_service_account" {
|
||||
account_id = "proxy-service-account"
|
||||
display_name = "Nomulus proxy service account"
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "gcr_storage_viewer" {
|
||||
project = "${var.gcr_project_name}"
|
||||
role = "roles/storage.objectViewer"
|
||||
member = "serviceAccount:${google_service_account.proxy_service_account.email}"
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "metric_writer" {
|
||||
role = "roles/monitoring.metricWriter"
|
||||
member = "serviceAccount:${google_service_account.proxy_service_account.email}"
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "log_writer" {
|
||||
role = "roles/logging.logWriter"
|
||||
member = "serviceAccount:${google_service_account.proxy_service_account.email}"
|
||||
}
|
||||
|
|
@ -1,47 +0,0 @@
|
|||
# GCP project in which the proxy runs.
|
||||
variable "proxy_project_name" {}
|
||||
|
||||
# GCP project from which the proxy image is pulled.
|
||||
variable "gcr_project_name" {}
|
||||
|
||||
# The base domain name of the proxy, without the whois. or epp. part.
|
||||
variable "proxy_domain_name" {}
|
||||
|
||||
# The GCS bucket that stores the encrypted SSL certificate.
|
||||
variable "proxy_certificate_bucket" {}
|
||||
|
||||
# Cloud KMS keyring name
|
||||
variable "proxy_key_ring" {
|
||||
default = "proxy-key-ring"
|
||||
}
|
||||
|
||||
# Cloud KMS key name
|
||||
variable "proxy_key" {
|
||||
default = "proxy-key"
|
||||
}
|
||||
|
||||
# Node ports exposed by the proxy.
|
||||
variable "proxy_ports" {
|
||||
type = "map"
|
||||
|
||||
default = {
|
||||
health_check = 30000
|
||||
whois = 30001
|
||||
epp = 30002
|
||||
http-whois = 30010
|
||||
https-whois = 30011
|
||||
}
|
||||
}
|
||||
|
||||
# Node ports exposed by the canary proxy.
|
||||
variable "proxy_ports_canary" {
|
||||
type = "map"
|
||||
|
||||
default = {
|
||||
health_check = 31000
|
||||
whois = 31001
|
||||
epp = 31002
|
||||
http-whois = 31010
|
||||
https-whois = 31011
|
||||
}
|
||||
}
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
resource "google_kms_key_ring" "proxy_key_ring" {
|
||||
name = "${var.proxy_key_ring}"
|
||||
location = "global"
|
||||
}
|
||||
|
||||
resource "google_kms_crypto_key" "proxy_key" {
|
||||
name = "${var.proxy_key}"
|
||||
key_ring = "${google_kms_key_ring.proxy_key_ring.id}"
|
||||
}
|
||||
|
||||
resource "google_kms_crypto_key_iam_member" "ssl_key_decrypter" {
|
||||
crypto_key_id = "${google_kms_crypto_key.proxy_key.id}"
|
||||
role = "roles/cloudkms.cryptoKeyDecrypter"
|
||||
member = "serviceAccount:${google_service_account.proxy_service_account.email}"
|
||||
}
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
resource "google_dns_managed_zone" "proxy_domain" {
|
||||
name = "proxy-domain"
|
||||
dns_name = "${var.proxy_domain_name}."
|
||||
}
|
||||
|
||||
module "proxy_networking" {
|
||||
source = "./networking"
|
||||
proxy_instance_groups = "${local.proxy_instance_groups}"
|
||||
proxy_ports = "${var.proxy_ports}"
|
||||
proxy_domain = "${google_dns_managed_zone.proxy_domain.name}"
|
||||
proxy_domain_name = "${google_dns_managed_zone.proxy_domain.dns_name}"
|
||||
}
|
||||
|
||||
module "proxy_networking_canary" {
|
||||
source = "./networking"
|
||||
proxy_instance_groups = "${local.proxy_instance_groups}"
|
||||
suffix = "-canary"
|
||||
proxy_ports = "${var.proxy_ports_canary}"
|
||||
proxy_domain = "${google_dns_managed_zone.proxy_domain.name}"
|
||||
proxy_domain_name = "${google_dns_managed_zone.proxy_domain.dns_name}"
|
||||
}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
output "proxy_name_servers" {
|
||||
value = "${google_dns_managed_zone.proxy_domain.name_servers}"
|
||||
}
|
||||
|
||||
output "proxy_instance_groups" {
|
||||
value = "${local.proxy_instance_groups}"
|
||||
}
|
||||
|
||||
output "proxy_service_account" {
|
||||
value = {
|
||||
email = "${google_service_account.proxy_service_account.email}"
|
||||
client_id = "${google_service_account.proxy_service_account.unique_id}"
|
||||
}
|
||||
}
|
||||
|
||||
output "proxy_ip_addresses" {
|
||||
value = {
|
||||
ipv4 = "${module.proxy_networking.proxy_ipv4_address}"
|
||||
ipv6 = "${module.proxy_networking.proxy_ipv6_address}"
|
||||
ipv4_canary = "${module.proxy_networking_canary.proxy_ipv4_address}"
|
||||
ipv6_canary = "${module.proxy_networking_canary.proxy_ipv6_address}"
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue