From 26c6282e68ce3d6ae508cc452425b04a395c3e35 Mon Sep 17 00:00:00 2001 From: phandox <922425+phandox@users.noreply.github.com> Date: Fri, 24 Mar 2023 09:16:51 +0100 Subject: [PATCH] feat: add env tags to supported resources automatically can be used for filtering in Ansible --- infra-modules/common-firewall/main.tf | 16 ++++++------ infra-modules/doks/main.tf | 4 +-- infra-modules/doks/variables.tf | 17 ++++++++----- infra-modules/postgres-vm/main.tf | 2 +- infra-modules/volumes/main.tf | 26 +------------------ infra-modules/volumes/variables.tf | 36 +++++++++++++++++++++++++++ infra-modules/vpc/main.tf | 2 +- 7 files changed, 60 insertions(+), 43 deletions(-) create mode 100644 infra-modules/volumes/variables.tf diff --git a/infra-modules/common-firewall/main.tf b/infra-modules/common-firewall/main.tf index 3407390..a720b06 100644 --- a/infra-modules/common-firewall/main.tf +++ b/infra-modules/common-firewall/main.tf @@ -15,17 +15,17 @@ resource "digitalocean_firewall" "egress-internet-fw" { tags = [digitalocean_tag.egress-internet-fw.id] outbound_rule { - protocol = "tcp" - port_range = "1-65535" + protocol = "tcp" + port_range = "1-65535" destination_addresses = ["0.0.0.0/0"] } outbound_rule { - protocol = "udp" - port_range = "53" + protocol = "udp" + port_range = "53" destination_addresses = ["0.0.0.0/0"] } outbound_rule { - protocol = "icmp" + protocol = "icmp" destination_addresses = ["0.0.0.0/0"] } } @@ -34,15 +34,15 @@ resource "digitalocean_firewall" "ingress-ssh" { name = "ingress-ssh-${var.env}" tags = [digitalocean_tag.ssh-fw.id] inbound_rule { - protocol = "tcp" - port_range = "22" + protocol = "tcp" + port_range = "22" source_addresses = ["0.0.0.0/0"] } } output "fw-tags" { value = { - ssh = digitalocean_tag.ssh-fw.id + ssh = digitalocean_tag.ssh-fw.id internet-egress = digitalocean_tag.egress-internet-fw.id } description = "Tags for droplets, available to be attached" diff --git a/infra-modules/doks/main.tf b/infra-modules/doks/main.tf index a104e5c..e868f03 100644 --- a/infra-modules/doks/main.tf +++ b/infra-modules/doks/main.tf @@ -13,5 +13,5 @@ module "doks" { region = var.region size = var.size vpc_uuid = var.vpc_uuid - tags = var.tags -} \ No newline at end of file + tags = concat(var.tags, [var.env]) +} diff --git a/infra-modules/doks/variables.tf b/infra-modules/doks/variables.tf index 73e22eb..29dca4e 100644 --- a/infra-modules/doks/variables.tf +++ b/infra-modules/doks/variables.tf @@ -3,9 +3,9 @@ variable "cluster_name" { } variable "k8s_version_prefix" { - type = string + type = string description = "Major.minor version to pin the cluster to. (example - '1.25.')" - default = "1.25." + default = "1.25." } variable "region" { @@ -14,15 +14,20 @@ variable "region" { variable "size" { default = "s-1vcpu-2gb" - type = string + type = string } variable "vpc_uuid" { - type = string + type = string description = "Private VPC network where cluster should be" } +variable "env" { + type = string + description = "K8S cluster environment" +} + variable "tags" { - type = list(string) - default = [] + type = list(string) + default = [] description = "Tags applied on cluster" } diff --git a/infra-modules/postgres-vm/main.tf b/infra-modules/postgres-vm/main.tf index 13dc643..a79237d 100644 --- a/infra-modules/postgres-vm/main.tf +++ b/infra-modules/postgres-vm/main.tf @@ -14,7 +14,7 @@ resource "digitalocean_droplet" "psql-vm" { backups = false monitoring = true ssh_keys = var.ssh_keys - tags = concat([digitalocean_tag.psql-fw.id], var.tags) + tags = concat([digitalocean_tag.psql-fw.id, var.env], var.tags) vpc_uuid = var.vpc.id user_data = file("startup-script.yaml") } diff --git a/infra-modules/volumes/main.tf b/infra-modules/volumes/main.tf index 7055552..24cb8c7 100644 --- a/infra-modules/volumes/main.tf +++ b/infra-modules/volumes/main.tf @@ -1,34 +1,10 @@ -variable "name" { - type = string - description = "Name of network volume" -} -variable "region" { - type = string - default = "fra1" - description = "Region of network volume. Must match droplet" -} -variable "size" { - default = 1 - type = number - description = "Volume size in GiB" -} - -variable "fs_label" { - default = "example" - type = string - description = "Filesystem label for volume, useful for mounting" - - validation { - condition = length(var.fs_label) <= 16 - error_message = "Max 16 characters for FS label for ext4 filesystem" - } -} resource "digitalocean_volume" "volume" { name = var.name region = var.region size = var.size initial_filesystem_type = "ext4" initial_filesystem_label = var.fs_label + tags = concat(var.tags, [var.env]) } output "volume_id" { diff --git a/infra-modules/volumes/variables.tf b/infra-modules/volumes/variables.tf new file mode 100644 index 0000000..eef5c43 --- /dev/null +++ b/infra-modules/volumes/variables.tf @@ -0,0 +1,36 @@ +variable "name" { + type = string + description = "Name of network volume" +} +variable "region" { + type = string + default = "fra1" + description = "Region of network volume. Must match droplet" +} +variable "size" { + default = 1 + type = number + description = "Volume size in GiB" +} + +variable "env" { + type = string + description = "Environment for volume" +} + +variable "fs_label" { + default = "example" + type = string + description = "Filesystem label for volume, useful for mounting" + + validation { + condition = length(var.fs_label) <= 16 + error_message = "Max 16 characters for FS label for ext4 filesystem" + } +} + +variable "tags" { + default = [] + type = list(string) + description = "Additional tags to be assigned on volume" +} diff --git a/infra-modules/vpc/main.tf b/infra-modules/vpc/main.tf index 81c98eb..07f4a26 100644 --- a/infra-modules/vpc/main.tf +++ b/infra-modules/vpc/main.tf @@ -41,7 +41,7 @@ resource "digitalocean_vpc" "vpc" { output "vpc" { value = { - id = digitalocean_vpc.vpc.id + id = digitalocean_vpc.vpc.id ip_range = digitalocean_vpc.vpc.ip_range } description = "VPC values to pass for FW and Droplet resources"