-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deploy Opensearch #2341
Deploy Opensearch #2341
Changes from all commits
668d7d0
7419e02
82ff894
80b3531
b982f46
a89af33
7b5d055
1b53aa0
eeb1cdb
0b0c29d
d9209cf
2879634
3db0a7e
ccc7ec0
9944768
2ee4e7b
13f5fd8
e925f48
e090f8f
7db900a
e2f838d
a1d8ab7
18adf3e
c9f51b7
13cdf6a
fddc284
7b4babf
159621a
1303dd4
2d2fb4b
11a3308
859fb3e
df81e96
03c750f
2ed17a7
61aed8f
7b9c2a2
ba6d7d3
9fdcccd
3f84d01
a382cee
3157982
885a74a
e0b587d
c162a3f
dbd0e06
bd98fc3
bc5aea0
303dfe6
bb78f2e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -73,7 +73,7 @@ jobs: | |
# since checkov frequently adds new checks that can cause CI checks to fail unpredictably. | ||
# There is currently no way to specify the checkov version to pin to (See https://github.com/bridgecrewio/checkov-action/issues/41) | ||
# so we need to pin the version of the checkov-action, which indirectly pins the checkov version. | ||
# In this case, checkov-action v12.2874.0 is mapped to checkov v3.2.256. | ||
# In this case, checkov-action v12.2875.0 is mapped to checkov v3.2.257. | ||
uses: bridgecrewio/[email protected] | ||
with: | ||
directory: infra | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -146,3 +146,6 @@ dmypy.json | |
|
||
# vim | ||
*.swp | ||
|
||
# Terraform plan outputs | ||
*.tfplan |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
locals { | ||
search_config = local.environment_config.search_config | ||
} | ||
|
||
module "search" { | ||
count = local.search_config != null ? 1 : 0 | ||
|
||
source = "../../modules/search" | ||
|
||
service_name = "${local.prefix}${module.app_config.app_name}-${var.environment_name}" | ||
availability_zone_count = 3 | ||
zone_awareness_enabled = var.environment_name == "prod" ? true : false | ||
multi_az_with_standby_enabled = var.environment_name == "prod" ? true : false | ||
dedicated_master_enabled = var.environment_name == "prod" ? true : false | ||
dedicated_master_count = var.environment_name == "prod" ? 3 : 1 | ||
subnet_ids = slice(data.aws_subnets.database.ids, 0, var.environment_name == "prod" ? 3 : 1) | ||
cidr_block = data.aws_vpc.network.cidr_block | ||
instance_count = local.search_config.instance_count | ||
engine_version = local.search_config.engine_version | ||
dedicated_master_type = local.search_config.dedicated_master_type | ||
instance_type = local.search_config.instance_type | ||
volume_size = local.search_config.volume_size | ||
vpc_id = data.aws_vpc.network.id | ||
} |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -139,7 +139,25 @@ module "service" { | |
} : null | ||
|
||
extra_environment_variables = merge(local.service_config.extra_environment_variables, { "ENVIRONMENT" : var.environment_name }) | ||
secrets = local.service_config.secrets | ||
|
||
secrets = concat( | ||
[for secret_name in keys(local.service_config.secrets) : { | ||
name = secret_name | ||
valueFrom = module.secrets[secret_name].secret_arn | ||
}], | ||
local.environment_config.search_config != null ? [{ | ||
name = "SEARCH_USERNAME" | ||
valueFrom = data.aws_ssm_parameter.search_username_arn[0].arn | ||
}] : [], | ||
local.environment_config.search_config != null ? [{ | ||
name = "SEARCH_PASSWORD" | ||
valueFrom = data.aws_ssm_parameter.search_password_arn[0].arn | ||
}] : [], | ||
local.environment_config.search_config != null ? [{ | ||
name = "SEARCH_ENDPOINT" | ||
valueFrom = data.aws_ssm_parameter.search_endpoint_arn[0].arn | ||
}] : [] | ||
) | ||
Comment on lines
+143
to
+160
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What port do we connect to OpenSearch on? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It didn't tell me! Whatever the default is There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @chouinar env vars thing fixed o7 |
||
} | ||
|
||
module "monitoring" { | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
data "aws_ssm_parameter" "search_username_arn" { | ||
count = local.environment_config.search_config != null ? 1 : 0 | ||
name = "/search/${local.prefix}${var.environment_name}/username" | ||
} | ||
|
||
data "aws_ssm_parameter" "search_password_arn" { | ||
count = local.environment_config.search_config != null ? 1 : 0 | ||
name = "/search/${local.prefix}${var.environment_name}/password" | ||
} | ||
|
||
data "aws_ssm_parameter" "search_endpoint_arn" { | ||
count = local.environment_config.search_config != null ? 1 : 0 | ||
name = "/search/${local.prefix}${var.environment_name}/endpoint" | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
module "secrets" { | ||
for_each = local.service_config.secrets | ||
|
||
source = "../../modules/secret" | ||
|
||
# When generating secrets and storing them in parameter store, append the | ||
# terraform workspace to the secret store path if the environment is temporary | ||
# to avoid conflicts with existing environments. | ||
# Don't do this for secrets that are managed manually since the temporary | ||
# environments will need to share those secrets. | ||
secret_store_name = (each.value.manage_method == "generated" && local.is_temporary ? | ||
"${each.value.secret_store_name}/${terraform.workspace}" : | ||
each.value.secret_store_name | ||
) | ||
manage_method = each.value.manage_method | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like you undid the change you made here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ahah! Thanks