-
Notifications
You must be signed in to change notification settings - Fork 24
/
main.tf
116 lines (101 loc) · 2.52 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# Reserved IP address for the `web` instances.
#
# This is needed so that we can have a static IP that `hush-house.pivotal.io`
# can point.
#
resource "google_compute_address" "hush-house" {
name = "hush-house"
}
# Instantiates the GKE Kubernetes cluster.
#
module "cluster" {
source = "./cluster"
name = "hush-house"
zone = "${var.zone}"
region = "${var.region}"
node-pools = {
"generic-1" = {
auto-upgrade = false
disk-size = "50"
disk-type = "pd-ssd"
image = "COS"
local-ssds = 0
machine-type = "e2-highcpu-8"
max = 6
min = 1
preemptible = false
version = "1.18.20-gke.901"
},
"workers-3" = {
auto-upgrade = false
disk-size = "50"
disk-type = "pd-ssd"
image = "UBUNTU"
local-ssds = 0
machine-type = "e2-highmem-4"
max = 25
min = 1
preemptible = false
version = "1.18.20-gke.901"
},
}
}
# Creates the CloudSQL Postgres database to be used by the `hush-house`
# Concourse deployment.
#
module "database" {
source = "./database"
name = "hush-house"
cpus = "6"
memory_mb = "10240"
region = "${var.region}"
zone = "${var.zone}"
max_connections = "300"
}
# gkms key for vault unseal
# Concourse deployment.
#
resource "google_kms_key_ring" "keyring" {
name = "vault-helm-unseal-kr"
location = "global"
}
# crypto key for vault unseal
# Concourse deployment.
#
resource "google_kms_crypto_key" "vault-helm-unseal-key" {
name = "vault-helm-unseal-key"
key_ring = google_kms_key_ring.keyring.self_link
lifecycle {
prevent_destroy = true
}
}
# gkms key for vault-nci unseal
# Concourse deployment.
#
resource "google_kms_key_ring" "keyring-nci" {
name = "vault-helm-unseal-kr-nci"
location = "global"
}
# crypto key for vault-nci unseal
# Concourse deployment.
#
resource "google_kms_crypto_key" "vault-helm-unseal-key-nci" {
name = "vault-helm-unseal-key-nci"
key_ring = google_kms_key_ring.keyring-nci.self_link
lifecycle {
prevent_destroy = true
}
}
# Creates the CloudSQL Postgres database to be used by the `vault`
# Concourse deployment.
#
module "vault-database" {
source = "./database"
name = "vault"
cpus = "4"
disk_size_gb = "10"
memory_mb = "5120"
region = "${var.region}"
zone = "${var.zone}"
max_connections = "100"
}