Use terraform-core-helpers child module (#50)

osinfra-io · Nov 15, 2024 · 9171be4 · 9171be4
1 parent ad350e7
commit 9171be4
Show file tree

Hide file tree

Showing 28 changed files with 185 additions and 219 deletions.
diff --git a/.github/release.yml b/.github/release.yml
@@ -10,8 +10,8 @@ changelog:
         labels:
           - dependencies
 
-    - title: 🔩 Dependencies 
+    - title: 🔩 Dependencies
       labels:
         - dependencies
 
-# This file is managed by the osinfra-io/github-organization-management repository and should not be edited directly.
+# This file is managed by the osinfra-io/github-organization-management repository and should not be edited directly.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
     hooks:
       - id: check-yaml
       - id: end-of-file-fixer
@@ -9,7 +9,7 @@ repos:
 
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.95.0
+    rev: v1.96.2
     hooks:
       - id: terraform_fmt
 
@@ -30,10 +30,12 @@ repos:
           - --hook-config=--create-file-if-not-exist=false
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: 3.2.253
+    rev: 3.2.276
     hooks:
       - id: checkov
         files: Dockerfile
         verbose: true
         args:
+          - --skip-check
+          - "CKV_TF_1,CKV_TF_2"
           - --quiet
diff --git a/deployments/regional/README.md b/deployments/regional/README.md
@@ -9,13 +9,15 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_datadog"></a> [datadog](#provider\_datadog) | 3.44.1 |
-| <a name="provider_google"></a> [google](#provider\_google) | 6.2.0 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.32.0 |
+| <a name="provider_datadog"></a> [datadog](#provider\_datadog) | 3.48.1 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.11.1 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.33.0 |
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_helpers"></a> [helpers](#module\_helpers) | github.com/osinfra-io/terraform-core-helpers//root | v0.1.2 |
 
 ## Resources
 
@@ -26,20 +28,19 @@ No modules.
 | [kubernetes_manifest.gke_info_go](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
 | [kubernetes_service_v1.gke_info_go](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_v1) | resource |
 | [kubernetes_service_v1.gke_info_go_regional](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_v1) | resource |
-| [google_client_config.current](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
+| [google_client_config.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
 | [google_container_cluster.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/container_cluster) | data source |
+| [google_project.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project) | data source |
+| [google_projects.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/projects) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_datadog_api_key"></a> [datadog\_api\_key](#input\_datadog\_api\_key) | Datadog API key | `string` | n/a | yes |
 | <a name="input_datadog_app_key"></a> [datadog\_app\_key](#input\_datadog\_app\_key) | Datadog APP key | `string` | n/a | yes |
-| <a name="input_environment"></a> [environment](#input\_environment) | The full environment name for example: `sandbox`, `non-production`, `production` | `string` | `"sandbox"` | no |
 | <a name="input_gke_info_go_replicas"></a> [gke\_info\_go\_replicas](#input\_gke\_info\_go\_replicas) | The number of replicas for the gke-info deployment | `number` | `1` | no |
 | <a name="input_gke_info_go_version"></a> [gke\_info\_go\_version](#input\_gke\_info\_go\_version) | The version of the gke-info deployment | `string` | n/a | yes |
-| <a name="input_region"></a> [region](#input\_region) | The region to deploy the resources into | `string` | n/a | yes |
-| <a name="input_zone"></a> [zone](#input\_zone) | The zone to deploy the resources to | `string` | n/a | yes |
 
 ## Outputs
 

diff --git a/deployments/regional/helpers.tf b/deployments/regional/helpers.tf
@@ -0,0 +1,11 @@
+# Terraform Core Helpers Module (osinfra.io)
+# https://github.com/osinfra-io/terraform-core-helpers
+
+module "helpers" {
+  source = "github.com/osinfra-io/terraform-core-helpers//root?ref=v0.1.2"
+
+  cost_center         = "x001"
+  data_classification = "public"
+  repository          = "google-cloud-kubernetes"
+  team                = "platform-google-cloud-kubernetes"
+}
diff --git a/deployments/regional/locals.tf b/deployments/regional/locals.tf
@@ -2,13 +2,13 @@
 # https://www.terraform.io/docs/language/values/locals.html
 
 locals {
-  datadog_mci_synthetic_url          = var.environment == "production" ? "https://gcp.osinfra.io/${local.datadog_synthetic_service}/metadata/cluster-name" : "https://${local.env}.gcp.osinfra.io/${local.datadog_synthetic_service}/metadata/cluster-name"
-  datadog_synthetic_message_critical = var.environment == "production" ? "@hangouts-Platform-CriticalHighPriority" : ""
-  datadog_synthetic_message_medium   = var.environment == "production" ? "@hangouts-Platform-MediumLowInfoPriority" : ""
+  datadog_mci_synthetic_url          = module.helpers.environment == "production" ? "https://gcp.osinfra.io/${local.datadog_synthetic_service}/metadata/cluster-name" : "https://${module.helpers.env}.gcp.osinfra.io/${local.datadog_synthetic_service}/metadata/cluster-name"
+  datadog_synthetic_message_critical = module.helpers.environment == "production" ? "@hangouts-Platform-CriticalHighPriority" : ""
+  datadog_synthetic_message_medium   = module.helpers.environment == "production" ? "@hangouts-Platform-MediumLowInfoPriority" : ""
   datadog_synthetic_name             = "GKE Info"
   datadog_synthetic_service          = "gke-info-go"
 
-  datadog_synthetic_tests = var.region == "us-east1" || var.zone == "b" ? {
+  datadog_synthetic_tests = module.helpers.region == "us-east1" || module.helpers.zone == "b" ? {
     "mci" = {
       locations = [
         "aws:ca-central-1",
@@ -43,7 +43,7 @@ locals {
       message          = local.datadog_synthetic_message_medium
       message_priority = "3"
       name             = "Istio MCI ${local.datadog_synthetic_name}"
-      region           = "us-east1"
+      region           = module.helpers.region
       service          = local.datadog_synthetic_service
 
       status = "paused"
@@ -61,21 +61,13 @@ locals {
       message          = local.datadog_synthetic_message_medium
       message_priority = "3"
       name             = "Istio Ingress ${local.datadog_synthetic_name}"
-      region           = "us-east1"
+      region           = module.helpers.region
       service          = local.datadog_synthetic_service
       status           = "paused"
-      url              = var.environment == "production" ? "https://us-east1.gcp.osinfra.io/${local.datadog_synthetic_service}" : "https://us-east1.${local.env}.gcp.osinfra.io/${local.datadog_synthetic_service}"
+      url              = module.helpers.environment == "production" ? "https://us-east1.gcp.osinfra.io/${local.datadog_synthetic_service}" : "https://us-east1.${module.helpers.env}.gcp.osinfra.io/${local.datadog_synthetic_service}"
     }
   } : {}
 
-  env_map = {
-    "sandbox"        = "sb"
-    "non-production" = "nonprod"
-    "production"     = "prod"
-  }
-
-  env = lookup(local.env_map, var.environment, "none")
-
-  registry           = var.environment == "sandbox" ? "us-docker.pkg.dev/plt-lz-services-tf7f-sb/plt-docker-virtual" : "us-docker.pkg.dev/plt-lz-services-tf79-prod/plt-docker-virtual"
-  kubernetes_project = var.environment == "sandbox" ? "plt-k8s-tf39-sb" : var.environment == "production" ? "plt-k8s-tf10-prod" : "plt-k8s-tf33-nonprod"
+  registry           = module.helpers.environment == "sandbox" ? "us-docker.pkg.dev/plt-lz-services-tf7f-sb/plt-docker-virtual" : "us-docker.pkg.dev/plt-lz-services-tf79-prod/plt-docker-virtual"
+  kubernetes_project = module.helpers.environment == "sandbox" ? "plt-k8s-tf39-sb" : module.helpers.environment == "production" ? "plt-k8s-tf10-prod" : "plt-k8s-tf33-nonprod"
 }
diff --git a/deployments/regional/main.tf b/deployments/regional/main.tf
@@ -1,67 +1,3 @@
-# Required Providers
-# https://www.terraform.io/docs/language/providers/requirements.html#requiring-providers
-
-terraform {
-  required_providers {
-    # Datadog Provider
-    # https://registry.terraform.io/providers/DataDog/datadog/latest/docs
-
-    datadog = {
-      source = "datadog/datadog"
-    }
-
-    # Google Cloud Provider
-    # https://www.terraform.io/docs/providers/google/index.html
-
-    google = {
-      source = "hashicorp/google"
-    }
-
-    # Kubernetes Provider
-    # https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs
-
-    kubernetes = {
-      source = "hashicorp/kubernetes"
-    }
-  }
-}
-
-# Datadog Provider
-# https://registry.terraform.io/providers/DataDog/datadog/latest/docs
-
-provider "datadog" {
-  api_key = var.datadog_api_key
-  app_key = var.datadog_app_key
-}
-
-# Kubernetes Provider
-# https://registry.terraform.io/providers/hashicorp/kubernetes/latest
-
-provider "kubernetes" {
-
-  cluster_ca_certificate = base64decode(
-    data.google_container_cluster.this.master_auth[0].cluster_ca_certificate
-  )
-
-  host  = "https://${data.google_container_cluster.this.endpoint}"
-  token = data.google_client_config.current.access_token
-}
-
-# Google Container Cluster Data Source
-# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/container_cluster
-
-data "google_container_cluster" "this" {
-  location = var.region
-  name     = "plt-${var.region}-${var.zone}"
-  project  = local.kubernetes_project
-}
-
-# Google Client Config Data Source
-# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
-
-data "google_client_config" "current" {
-}
-
 # Datadog Synthetics Test Resource
 # https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/synthetics_test
 
@@ -82,7 +18,7 @@ resource "datadog_synthetics_test" "this" {
 
   locations = each.value.locations
   message   = each.value.message
-  name      = "${each.value.name} ${each.value.region} ${var.environment}"
+  name      = "${each.value.name} ${each.value.region} ${module.helpers.environment}"
 
   options_list {
     tick_every = 300
@@ -108,10 +44,10 @@ resource "datadog_synthetics_test" "this" {
   subtype = "http"
 
   tags = [
-    "env:${var.environment}",
+    "env:${module.helpers.environment}",
     "service:${each.value.service}",
     "region:${each.value.region}",
-    "team:platform-google-cloud-kubernetes"
+    "team:${module.helpers.team}"
   ]
 
   type = "api"
@@ -140,7 +76,7 @@ resource "kubernetes_deployment_v1" "gke_info_go" {
 
   metadata {
     labels = {
-      "tags.datadoghq.com/env"     = var.environment
+      "tags.datadoghq.com/env"     = module.helpers.environment
       "tags.datadoghq.com/service" = "gke-info-go"
       "tags.datadoghq.com/version" = var.gke_info_go_version
     }
@@ -162,18 +98,17 @@ resource "kubernetes_deployment_v1" "gke_info_go" {
       metadata {
         annotations = {
           "apm.datadoghq.com/env" = jsonencode({
-            "DD_ENV"     = var.environment
+            "DD_ENV"     = module.helpers.environment
             "DD_SERVICE" = "gke-info-go"
             "DD_VERSION" = var.gke_info_go_version
           })
-          "proxy.istio.io/config" = "tracing: {}"
         }
 
         labels = {
           # Enable Admission Controller to mutate new pods part of this deployment
           "admission.datadoghq.com/enabled" = "true"
           "app"                             = "gke-info-go"
-          "tags.datadoghq.com/env"          = var.environment
+          "tags.datadoghq.com/env"          = module.helpers.environment
           "tags.datadoghq.com/service"      = "gke-info-go"
           "tags.datadoghq.com/version"      = var.gke_info_go_version
         }
@@ -216,12 +151,12 @@ resource "kubernetes_deployment_v1" "gke_info_go" {
 
           resources {
             requests = {
-              cpu    = "100m"
-              memory = "64Mi"
+              cpu    = "10m"
+              memory = "32Mi"
             }
             limits = {
-              cpu    = "200m"
-              memory = "128Mi"
+              cpu    = "20m"
+              memory = "64Mi"
             }
           }
 
@@ -348,7 +283,7 @@ resource "kubernetes_service_v1" "gke_info_go" {
 
 resource "kubernetes_service_v1" "gke_info_go_regional" {
   metadata {
-    name      = "gke-info-go-${var.region}-${var.zone}"
+    name      = "gke-info-go-${module.helpers.region}-${module.helpers.zone}"
     namespace = "gke-info"
   }
 

diff --git a/deployments/regional/providers.tf b/deployments/regional/providers.tf
@@ -0,0 +1,89 @@
+# Required Providers
+# https://www.terraform.io/docs/language/providers/requirements.html#requiring-providers
+
+terraform {
+  required_providers {
+
+    datadog = {
+      source = "datadog/datadog"
+    }
+
+    # Google Cloud Provider
+    # https://www.terraform.io/docs/providers/google/index.html
+
+    google = {
+      source = "hashicorp/google"
+    }
+
+    helm = {
+      source = "hashicorp/helm"
+    }
+
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+  }
+}
+
+# Datadog Provider
+# https://registry.terraform.io/providers/DataDog/datadog/latest/docs
+
+provider "datadog" {
+  api_key = var.datadog_api_key
+  app_key = var.datadog_app_key
+}
+
+# Helm Provider
+# https://registry.terraform.io/providers/hashicorp/helm/latest
+
+provider "helm" {
+  kubernetes {
+
+    cluster_ca_certificate = base64decode(
+      data.google_container_cluster.this.master_auth.0.cluster_ca_certificate
+    )
+
+    host  = data.google_container_cluster.this.endpoint
+    token = data.google_client_config.this.access_token
+  }
+}
+
+# Kubernetes Provider
+# https://registry.terraform.io/providers/hashicorp/kubernetes/latest
+
+provider "kubernetes" {
+  cluster_ca_certificate = base64decode(
+    data.google_container_cluster.this.master_auth.0.cluster_ca_certificate
+  )
+  host  = "https://${data.google_container_cluster.this.endpoint}"
+  token = data.google_client_config.this.access_token
+}
+
+# Google Client Config Data Source
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
+
+data "google_client_config" "this" {
+}
+
+# Google Container Cluster Data Source
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/container_cluster
+
+data "google_container_cluster" "this" {
+  name     = "plt-${module.helpers.region}-${module.helpers.zone}"
+  location = module.helpers.region
+  project  = data.google_project.this.project_id
+}
+
+# Google Projects Data Source
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/projects
+
+data "google_projects" "this" {
+  filter = "name:plt-k8s-* labels.env:${module.helpers.environment}"
+}
+
+# Google Project Data Source
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project
+
+data "google_project" "this" {
+  project_id = data.google_projects.this.projects.0.project_id
+}
diff --git a/deployments/regional/tfvars/us-east1-b-non-production.tfvars b/deployments/regional/tfvars/us-east1-b-non-production.tfvars
@@ -1,3 +0,0 @@
-environment = "non-production"
-region      = "us-east1"
-zone        = "b"

diff --git a/deployments/regional/tfvars/us-east1-b-production.tfvars b/deployments/regional/tfvars/us-east1-b-production.tfvars
@@ -1,3 +0,0 @@
-environment = "production"
-region      = "us-east1"
-zone        = "b"

diff --git a/deployments/regional/tfvars/us-east1-b-sandbox.tfvars b/deployments/regional/tfvars/us-east1-b-sandbox.tfvars
@@ -1,2 +0,0 @@
-region = "us-east1"
-zone   = "b"