Skip to content

Latest commit

 

History

History
146 lines (129 loc) · 4.28 KB

sandbox-infra-tf.org

File metadata and controls

146 lines (129 loc) · 4.28 KB
Raw

Sandbox Infra Tf

The Goal is to template building of all infra in the k8s-infra-ii-sandbox project. Starting point would be to create a list of infra we need in the project. The pr that kicked this off is [infra-adit#2011](kubernetes/k8s.io#2011) It mentions a bunch of one off infra that will be the focus of our doc.

List of infra we currently use in the sandbox

I have a full list of the resources in [ii/k8s-infra-dump](https://github.com/ii/k8s-infra-dump/tree/main/resource-config-bulk-export) This is a list of services I am aware of using:

  • Big query services 
    bigqueryconnection.googleapis.com    BigQuery Connection API
bigquerydatatransfer.googleapis.com  BigQuery Data Transfer API
bigqueryreservation.googleapis.com   BigQuery Reservation API

    I notice the project also has these two services:

    • bigquery.googleapis.com
    • biquerystorage.googleapis.com

    Perhaps they are default to an account with bq enabled? Will test

  • BQ dataset that will be used for log analysis Name? Current is ‘k8s_artifacts_gcslogs_appspot’
  • GCS buckets:
    • export-destination (I do not know if this bucket is still needed)
    • ii_bq_scratch_dump (This was very handy for bq testing)
  • Registry? I have the terraform for this, but dont think we have an immediate need?
  • Cluster setup is already in [cncf-config] (https://github.com/cncf-infra/prow-config/tree/master/infra/gcp/clusters/projects/k8s-infra-ii-sandbox)

GCP things

First time using gcloud on this host, log in first.

gcloud auth login
gcloud auth list

gcloud projects list

Ok gcloud is active on my box

Terraform templates for bq-dataset, bucket

First the dataset

resource "google_bigquery_dataset" "k8s_artifacts_dataset_bb_test" {
  access {
    role          = "OWNER"
    special_group = "projectOwners"
  }

  access {
    role          = "OWNER"
    user_by_email = "bb@ii.coop"
  }

  access {
    role          = "READER"
    special_group = "projectReaders"
  }

  access {
    role          = "WRITER"
    special_group = "projectWriters"
  }

  dataset_id                 = "k8s_artifacts_dataset_bb_test"
  delete_contents_on_destroy = false

  labels = merge({ managed-by-cnrm = "true" })

  location = "US"
  project  = "k8s-infra-ii-sandbox"
}

Now the bucket

resource "google_storage_bucket" "k8s_artifacts_bucket_bb_test" {
  force_destroy = false

  labels = merge({ managed-by-cnrm = "true" })

  location      = "US"
  name          = "k8s-infra-ii-sandbox-bb-test"
  project       = "631771264409"
  storage_class = "STANDARD"
}

Provider

/*
This file defines:
- Required provider versions
- Storage backend details
*/

terraform {


  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 3.68.0"
    }
    google-beta = {
      source  = "hashicorp/google-beta"
      version = "~> 3.68.0"
    }
  }
}

Versions

/*
This file defines:
- Required Terraform version
*/

terraform {
  required_version = "~> 0.13"
}

Terraform init

terraform init

Terraform apply

terraform apply