forked from Skatteetaten/terraform-nomad-hive
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
76 lines (64 loc) · 2.92 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
locals {
datacenters = join(",", var.nomad_datacenters)
buckets = var.hive_bucket # output variable for presto
hive_env_vars = join("\n",
concat([
"JUST_EXAMPLE_ENV=some-value",
], var.hive_container_environment_variables)
)
vault_provider = var.postgres_vault_secret.use_vault_provider || var.minio_vault_secret.use_vault_provider
vault_kv_policy_name = jsonencode(
concat(
[var.postgres_vault_secret.vault_kv_policy_name],
[var.minio_vault_secret.vault_kv_policy_name]
)
)
}
data "template_file" "template_nomad_job_hive" {
template = file("${path.module}/conf/nomad/hive.hcl")
vars = {
use_canary = var.use_canary
service_name = var.hive_service_name
datacenters = local.datacenters
namespace = var.nomad_namespace
use_vault_provider = local.vault_provider
vault_kv_policy_name = local.vault_kv_policy_name
local_docker_image = var.local_docker_image
image = var.hive_docker_image # !NB: no affect when `local_docker_image=true`
port = var.hive_container_port
envs = local.hive_env_vars
cpu = var.resource.cpu
memory = var.resource.memory
cpu_proxy = var.resource_proxy.cpu
memory_proxy = var.resource_proxy.memory
hive_bucket = var.hive_bucket.hive
default_bucket = var.hive_bucket.default
# postgres
postgres_service_name = var.postgres_service.service_name
postgres_local_bind_port = var.postgres_service.port
postgres_database_name = var.postgres_service.database_name
postgres_username = var.postgres_service.username
postgres_password = var.postgres_service.password
## if creds are provided by vault
postgres_use_vault_provider = var.postgres_vault_secret.use_vault_provider
postgres_vault_kv_policy_name = var.postgres_vault_secret.vault_kv_policy_name
postgres_vault_kv_path = var.postgres_vault_secret.vault_kv_path
postgres_vault_kv_field_username = var.postgres_vault_secret.vault_kv_field_username
postgres_vault_kv_field_password = var.postgres_vault_secret.vault_kv_field_password
# minio
minio_service_name = var.minio_service.service_name
minio_local_bind_port = var.minio_service.port
minio_access_key = var.minio_service.access_key
minio_secret_key = var.minio_service.secret_key
## if creds are provided by vault
minio_use_vault_provider = var.minio_vault_secret.use_vault_provider
minio_vault_kv_policy_name = var.minio_vault_secret.vault_kv_policy_name
minio_vault_kv_path = var.minio_vault_secret.vault_kv_path
minio_vault_kv_field_access_key = var.minio_vault_secret.vault_kv_field_access_key
minio_vault_kv_field_secret_key = var.minio_vault_secret.vault_kv_field_secret_key
}
}
resource "nomad_job" "nomad_job_hive" {
jobspec = data.template_file.template_nomad_job_hive.rendered
detach = false
}