about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <tazjin@google.com>2019-08-16T15·52+0100
committerVincent Ambo <tazjin@google.com>2019-08-16T15·52+0100
commitba063178361db71731e3f9ba8292848255303643 (patch)
tree279c49664ad97c40ea79a9ac6c8a450c41eab61a
parent27036e18f5b8aa9c15da52dfd6906670977f4183 (diff)
feat(infra/gcp): Add Terraform configuration for GKE & friends r/35
Sets up Terraform itself, a GKE cluster, a storage bucket and all the
other little things required to get the basics running.
-rw-r--r--infra/gcp/.gitignore3
-rw-r--r--infra/gcp/default.tf87
2 files changed, 90 insertions, 0 deletions
diff --git a/infra/gcp/.gitignore b/infra/gcp/.gitignore
new file mode 100644
index 000000000000..96c7538dda8a
--- /dev/null
+++ b/infra/gcp/.gitignore
@@ -0,0 +1,3 @@
+.terraform
+*.tfstate
+*.tfstate.backup
diff --git a/infra/gcp/default.tf b/infra/gcp/default.tf
new file mode 100644
index 000000000000..8174dc25157b
--- /dev/null
+++ b/infra/gcp/default.tf
@@ -0,0 +1,87 @@
+# Terraform configuration for the GCP project 'tazjins-infrastructure'
+
+provider "google" {
+  project = "tazjins-infrastructure"
+  region  = "europe-north1"
+}
+
+# Configure a storage bucket in which to keep Terraform state and
+# other data, such as Nixery's layers.
+resource "google_storage_bucket" "tazjins-data" {
+  name     = "tazjins-data"
+  location = "EU"
+}
+
+terraform {
+  backend "gcs" {
+    bucket = "tazjins-data"
+    prefix = "terraform"
+  }
+}
+
+# Configure enabled APIs
+resource "google_project_services" "primary" {
+  project = "tazjins-infrastructure"
+  services = [
+    "bigquery-json.googleapis.com",
+    "bigquerystorage.googleapis.com",
+    "cloudapis.googleapis.com",
+    "clouddebugger.googleapis.com",
+    "cloudtrace.googleapis.com",
+    "datastore.googleapis.com",
+    "logging.googleapis.com",
+    "monitoring.googleapis.com",
+    "servicemanagement.googleapis.com",
+    "serviceusage.googleapis.com",
+    "sql-component.googleapis.com",
+    "storage-api.googleapis.com",
+    "storage-component.googleapis.com",
+    "container.googleapis.com",
+    "iam.googleapis.com",
+    "compute.googleapis.com",
+    "iamcredentials.googleapis.com",
+    "oslogin.googleapis.com",
+    "pubsub.googleapis.com",
+    "containerregistry.googleapis.com",
+    "sourcerepo.googleapis.com",
+  ]
+}
+
+
+# Configure the main Kubernetes cluster in which services are deployed
+resource "google_container_cluster" "primary" {
+  name     = "tazjin-cluster"
+  location = "europe-north1"
+
+  remove_default_node_pool = true
+  initial_node_count       = 1
+}
+
+resource "google_container_node_pool" "primary_nodes" {
+  name       = "primary-nodes"
+  location   = "europe-north1"
+  cluster    = google_container_cluster.primary.name
+  node_count = 1
+
+  node_config {
+    preemptible  = true
+    machine_type = "n1-standard-2"
+
+    oauth_scopes = [
+      "storage-rw",
+      "logging-write",
+      "monitoring",
+    ]
+  }
+}
+
+# Configure a service account for which GCS URL signing keys can be created.
+resource "google_service_account" "nixery" {
+  account_id   = "nixery"
+  display_name = "Nixery service account"
+}
+
+# Configure a git repository in which to store my monorepo
+resource "google_sourcerepo_repository" "monorepo" {
+  name = "monorepo"
+}