Very preliminary tf scripting.

2025-04-04 10:32:40 -07:00 · 2021-05-30 08:14:36 -07:00 · 2021-05-30 08:14:36 -07:00 · f1844c1a4e
commit f1844c1a4e
parent 0266d9ee8a
8 changed files with 275 additions and 0 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,86 @@
+# ---> Go
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+bin/
+tfenv/
+vendor/
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+
+# Ignore various IDE
+.idea
+*.iml
+*.ipr
+.vscode
+debug
+
+# Ignore various temporary files
+*.swp
+*.tmp
+*.bak
+*.log
+*.pid
+
+# Ignore various Drone CI support files
+.drone.secrets
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Ignore  Terraform lock files as they are managed by terraform init
+.terraform.lock*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+*tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+
--- a/.gitignore
+++ b/.gitignore
@ -43,3 +43,40 @@ debug
 # Ignore various Drone CI support files
 .drone.secrets

+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Ignore  Terraform lock files as they are managed by terraform init
+.terraform.lock*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
--- a/tfenv/_provider.tf
+++ b/tfenv/_provider.tf
@ -0,0 +1,9 @@
+provider "aws" {
+  alias      = "us-west-2"
+  region     = "us-west-2"
+}
+
+provider "aws" {
+  alias      = "us-east-1"
+  region     = "us-east-1"
+}
--- a/tfenv/cluster/subnets.tf
+++ b/tfenv/cluster/subnets.tf
@ -0,0 +1,84 @@
+# variable "vpc_id" {}
+
+data "aws_vpc" "selected" {
+  id                 = var.vpc_id
+}
+
+variable "regional_cidr_blocks" {
+  description = "A simple map of subnets used by region"
+  type        = map
+  default     = {
+    "us-west-2a-private" = "10.172.64.0/23",
+    "us-west-2b-private" = "10.172.66.0/23",
+    "us-west-2a-public"  = "10.172.68.0/26",
+    "us-west-2b-public"  = "10.172.68.64/26",
+    "us-east-1a-private" = "10.172.0.0/23",
+    "us-east-1b-private" = "10.172.2.0/23",
+    "us-east-1a-public"  = "10.172.4.0/26",
+    "us-east-1b-public"  = "10.172.4.64/26"
+  }
+}
+
+resource "aws_subnet" "aza-private" {
+  depends_on         = [data.aws_vpc.selected]
+  vpc_id             = data.aws_vpc.id
+  availability_zone  = format("%sa", var.region)
+  cidr_block         = var.regional_cidr_blocks[
+    format("%sa-private", var.region)
+  ]
+  tags               = merge(
+    var.extra_tags,
+    {
+      Name = "aza-private"
+      tier = "private"
+    }
+  )
+}
+
+# resource "aws_subnet" "aza-public" {
+#   depends_on         = [data.aws_vpc.selected]
+#   vpc_id             = data.aws_vpc.selected.id
+#   availability_zone  = format("%sa", var.region)
+#   cidr_block         = var.regional_cidr_blocks[
+#     format("%sa-public", var.region)
+#   ]
+#   tags               = merge(
+#     var.extra_tags,
+#     {
+#       Name = "aza-public"
+#       tier = "public"
+#     }
+#   )
+# }
+# 
+# resource "aws_subnet" "azb-private" {
+#   depends_on         = [data.aws_vpc.selected]
+#   vpc_id             = data.aws_vpc.selected.id
+#   availability_zone  = format("%sb", var.region)
+#   cidr_block         = var.regional_cidr_blocks[
+#     format("%sb-private", var.region)
+#   ]
+#   tags               = merge(
+#     var.extra_tags,
+#     {
+#       Name = "azb-private"
+#       tier = "private"
+#     }
+#   )
+# }
+# 
+# resource "aws_subnet" "azb-public" {
+#   depends_on         = [data.aws_vpc.selected]
+#   vpc_id             = data.aws_vpc.selected.id
+#   availability_zone  = format("%sb", var.region)
+#   cidr_block         = var.regional_cidr_blocks[
+#     format("%sb-public", var.region)
+#   ]
+#   tags               = merge(
+#     var.extra_tags,
+#     {
+#       Name = "azb-public"
+#       tier = "public"
+#     }
+#   )
+# }
--- a/tfenv/cluster/variables.tf
+++ b/tfenv/cluster/variables.tf
@ -0,0 +1,9 @@
+variable "extra_tags" {
+  description        = "Tags required on all resources"
+  type               = map
+  default            = {
+    "org"            = "dragonheim"
+    "service"        = "gagent"
+    "maintained_by"  = "jwells@dragonheim.net"
+  }
+}
--- a/tfenv/cluster/vpc.tf
+++ b/tfenv/cluster/vpc.tf
@ -0,0 +1,23 @@
+variable "region" {}
+variable "provider_alias" {}
+
+variable "regional_vpc_cidr" {
+  description = "A simple map of VPC subnets used by region"
+  type        = map
+  default     = {
+    "us-west-2" = "10.172.64.0/19",
+    "us-east-1" = "10.172.0.0/19",
+  }
+}
+
+resource "aws_vpc" "gagent" {
+  instance_tenancy   = "default"
+  enable_dns_support = true
+  cidr_block         = var.regional_vpc_cidr[var.region]
+  tags = merge(
+    var.extra_tags,
+    {
+      Name = "gagent"
+    }
+  )
+}
--- a/tfenv/main.tf
+++ b/tfenv/main.tf
@ -0,0 +1,18 @@
+# main.tf
+module "us-east-1" {
+  source    = "./cluster"
+  region    = "us-east-1"
+  provider_alias = us-west-2
+  providers = {
+    aws = "aws.us-east-1"
+  }
+}
+
+module "us-west-2" {
+  source    = "./cluster"
+  region    = "us-west-2"
+  provider_alias = us-west-2
+  providers = {
+    aws = "aws.us-west-2"
+  }
+}
--- a/tfenv/terraform.tf
+++ b/tfenv/terraform.tf
@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 0.15.3"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.42.0"
+    }
+  }
+}