Commit a8cf70db authored by Armen  Gasparyan (EPAM)'s avatar Armen Gasparyan (EPAM)
Browse files

initial commit

parent f0a6416f
Pipeline #67661 passed with stage
in 1 minute and 12 seconds
locals {
workload_notification_sa = "workload-notification-sa"
notification_name = "notification"
notification_image = "community.opengroup.org:5555/osdu/platform/system/notification/osdu-gcp:latest"
notification_roles_name = [
"roles/iam.serviceAccountTokenCreator"
]
}
resource "google_service_account" "notification_sa" {
# GCP service account ids must be < 30 chars matching regex ^[a-z](?:[-a-z0-9]{4,28}[a-z0-9])$
# KSA do not have this naming restriction.
depends_on = [google_container_node_pool.cluster_node_pool]
account_id = local.workload_notification_sa
display_name = substr("GCP SA bound to K8S SA ${local.notification_name}", 0, 100)
project = var.service_google_project
}
resource "kubernetes_service_account" "notification-k8s" {
depends_on = [google_container_node_pool.cluster_node_pool, google_service_account.notification_sa]
metadata {
name = "gke-${local.notification_name}-sa"
namespace = "default"
annotations = {
"iam.gke.io/gcp-service-account" = google_service_account.notification_sa.email
}
}
}
resource "google_project_iam_member" "iam-member-notification" {
depends_on = [google_container_node_pool.cluster_node_pool, google_service_account.notification_sa]
for_each = toset(local.notification_roles_name)
project = var.service_google_project
role = each.value
member = "serviceAccount:${google_service_account.notification_sa.email}"
}
resource "google_service_account_iam_member" "notification-k8s" {
depends_on = [kubernetes_service_account.notification-k8s]
service_account_id = google_service_account.notification_sa.name
role = "roles/iam.workloadIdentityUser"
member = "serviceAccount:${var.service_google_project}.svc.id.goog[default/${kubernetes_service_account.notification-k8s.metadata[0].name}]"
}
# Apply configmap from helm chart
resource "helm_release" "notification-config" {
depends_on = [
google_container_node_pool.cluster_node_pool
]
name = "notification-configmap"
repository = "https://community.opengroup.org/osdu/platform/system/notification/-/jobs/artifacts/gcp-helm-release-0-1/raw/helm-charts/?job=osdu-gcp-helm-charts"
chart = "gcp-notification-configmap"
namespace = "default"
recreate_pods = true
set {
name = "data.log_level"
value = var.log_level
}
set {
name = "data.app_project"
value = var.service_google_project
}
set {
name = "data.app_entitlements"
value = "http://${local.ent_name}.default.svc.cluster.local/api/entitlements/v2"
}
set {
name = "data.app_register"
value = "https://os-register-attcrcktoa-uc.a.run.app/api/register/v1"
}
set {
name = "data.app_googleaudience"
value = var.audiences
}
set {
name = "data.partition_api"
value = "http://${local.partition_name}.default.svc.cluster.local/api/partition/v1"
}
set {
name = "data.google_audiences"
value = var.audiences
}
}
# Apply deploy from helm chart
resource "helm_release" "notification-deploy" {
depends_on = [
helm_release.notification-config,
]
name = "notification-deploy"
repository = "https://community.opengroup.org/osdu/platform/system/notification/-/jobs/artifacts/gcp-helm-release-0-1/raw/helm-charts/?job=osdu-gcp-helm-charts"
chart = "gcp-notification-deploy"
namespace = "default"
recreate_pods = true
set {
name = "data.image"
value = local.notification_image
}
set {
name = "data.serviceAccountName"
value = kubernetes_service_account.notification-k8s.metadata[0].name
}
set {
name = "conf.app_name"
value = local.notification_name
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment