Pour tout problème contactez-nous par mail : support@froggit.fr | La FAQ :grey_question: | Rejoignez-nous sur le Chat :speech_balloon:

Skip to content
Snippets Groups Projects
Commit d84405e5 authored by Nicolas's avatar Nicolas
Browse files

Add Magento Terraform manifests and deployment

parent b7b10aa5
No related branches found
No related tags found
No related merge requests found
image: busybox:latest
variables:
TF_ROOT: ${CI_PROJECT_DIR}/manifests/elastic
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/manifests-elastic
TF_ROOT_ELASTIC: ${CI_PROJECT_DIR}/manifests/elastic
TF_ROOT_MAGENTO: ${CI_PROJECT_DIR}/manifests/magento
cache:
key: manifests-elastic
paths:
- ${TF_ROOT}/.terraform
- ${TF_ROOT_ELASTIC}/.terraform
# docs: https://docs.gitlab.com/ee/user/infrastructure/iac/terraform_state.html#get-started-using-gitlab-ci
elastic:
terraform-elastic:
stage: deploy
tags:
- docker
......@@ -18,9 +18,10 @@ elastic:
name: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
entrypoint: [""]
variables:
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/elastic
TF_VAR_ec_apikey: $EC_API_KEY
script: |-
cd $TF_ROOT
cd $TF_ROOT_ELASTIC
gitlab-terraform init
gitlab-terraform validate
gitlab-terraform fmt -check
......@@ -28,30 +29,45 @@ elastic:
# gitlab-terraform apply -auto-approve
# gitlab-terraform destroy -auto-approve
gcloud:
terraform-magento:
stage: deploy
tags:
- docker
image:
name: google/cloud-sdk:slim
name: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
entrypoint: [""]
variables:
GCP_PROJECT_ID: $GCP_PROJECT_ID
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/magento
TF_VAR_ec_apikey: $EC_API_KEY
TF_VAR_project_id: $GCP_PROJECT_ID
GCP_SA_GITLAB: $GCP_SA_GITLAB
script: |-
cd $TF_ROOT_MAGENTO
echo $GCP_SA_GITLAB > gcp-sa.json
gcloud auth activate-service-account --key-file gcp-sa.json
echo "Activate Service Account: OK"
gcloud config set project $GCP_PROJECT_ID
echo "Set Project: OK"
gcloud projects list
gitlab-terraform init
gitlab-terraform validate
gitlab-terraform fmt -check
gitlab-terraform plan
# gitlab-terraform apply -auto-approve
# gitlab-terraform destroy -auto-approve
link:
gcloud-psc:
stage: deploy
needs:
- elastic
- gcloud
- terraform-elastic
- terraform-magento
tags:
- docker
image:
name: google/cloud-sdk:slim
entrypoint: [""]
variables:
GCP_PROJECT_ID: $GCP_PROJECT_ID
GCP_SA_GITLAB: $GCP_SA_GITLAB
script: |-
echo "Link"
\ No newline at end of file
echo $GCP_SA_GITLAB > gcp-sa.json
gcloud auth activate-service-account --key-file gcp-sa.json
echo "Activate Service Account: OK"
gcloud config set project $GCP_PROJECT_ID
echo "Set Project: OK"
gcloud projects list
\ No newline at end of file
terraform {
backend "http" {
}
required_providers {
google = {
source = "hashicorp/google"
version = "4.3.0"
}
}
}
provider "google" {
credentials = file(gcp-sa.json)
project = var.project_id
region = var.region
}
### Reserve Static IP
resource "google_compute_global_address" "static_ip" {
provider = google
project = var.project_id
name = "magento-frontend"
}
### Create Network
resource "google_compute_network" "vpc_network" {
provider = google
project = var.project_id
name = var.vpc_network_name
auto_create_subnetworks = false
mtu = 1460
routing_mode = "GLOBAL"
}
### Create Subnetwork
resource "google_compute_subnetwork" "vpc_subnetwork" {
provider = google
project = var.project_id
name = var.vpc_subnetwork_name
ip_cidr_range = "192.168.100.0/24"
region = var.region
network = google_compute_network.vpc_network.id
secondary_ip_range {
range_name = "pods"
ip_cidr_range = "10.0.0.0/14"
}
secondary_ip_range {
range_name = "services"
ip_cidr_range = "10.4.0.0/19"
}
private_ip_google_access = true
depends_on = [
google_compute_network.vpc_network
]
}
### Create VPC network peering
resource "google_compute_global_address" "vpc_private_ip_address" {
provider = google
project = var.project_id
name = var.vpc_private_ip_address_name
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
network = google_compute_network.vpc_network.id
}
resource "google_service_networking_connection" "vpc_private_vpc_connection" {
provider = google
network = google_compute_network.vpc_network.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [
google_compute_global_address.vpc_private_ip_address.name
]
}
### Create firewall rules
resource "google_compute_firewall" "fw_http" {
provider = google
project = var.project_id
name = var.fw_http_name
network = google_compute_network.vpc_network.name
allow {
protocol = "tcp"
ports = ["80"]
}
target_tags = ["http-server"]
source_ranges = ["0.0.0.0/0"]
disabled = false
}
resource "google_compute_firewall" "fw_https" {
provider = google
project = var.project_id
name = var.fw_https_name
network = google_compute_network.vpc_network.name
allow {
protocol = "tcp"
ports = ["443"]
}
target_tags = ["https-server"]
source_ranges = ["0.0.0.0/0"]
disabled = false
}
resource "google_compute_firewall" "allow_from_iap_to_instances" {
provider = google
project = var.project_id
name = var.fw_ssh_name
network = google_compute_network.vpc_network.name
allow {
protocol = "tcp"
ports = ["22"]
}
source_ranges = ["35.235.240.0/20"]
}
### Create Cloud NAT
resource "google_compute_router" "router" {
provider = google
project = var.project_id
name = var.router_name
region = var.region
network = google_compute_network.vpc_network.id
bgp {
asn = 64514
}
}
resource "google_compute_router_nat" "cloud_nat" {
provider = google
project = var.project_id
name = var.cloud_nat_name
region = var.region
router = google_compute_router.router.name
nat_ip_allocate_option = "AUTO_ONLY"
source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
log_config {
enable = false
filter = "ERRORS_ONLY"
}
min_ports_per_vm = 64
}
### Create Kubernetes Cluster
resource "google_container_cluster" "cluster" {
provider = google
project = var.project_id
name = var.cluster_name
location = var.region
remove_default_node_pool = true
initial_node_count = 1
logging_service = "logging.googleapis.com/kubernetes"
default_max_pods_per_node = 20
networking_mode = "VPC_NATIVE"
network = google_compute_network.vpc_network.id
subnetwork = google_compute_subnetwork.vpc_subnetwork.id
enable_shielded_nodes = true
private_cluster_config {
enable_private_endpoint = false
enable_private_nodes = true
master_ipv4_cidr_block = "172.16.0.0/28"
}
default_snat_status {
disabled = false
}
ip_allocation_policy {
cluster_secondary_range_name = "pods"
services_secondary_range_name = "services"
}
workload_identity_config {
identity_namespace = "${data.google_project.project.project_id}.svc.id.goog"
}
depends_on = [
google_compute_network.vpc_network,
google_compute_subnetwork.vpc_subnetwork_1
]
}
### Create Kubernetes Node Pool
resource "google_container_node_pool" "node_pool" {
provider = google
project = var.project_id
name = var.node_pool_name
location = var.region
cluster = google_container_cluster.cluster.name
node_count = 1
node_config {
preemptible = true
machine_type = "e2-standard-4"
disk_size_gb = "100"
disk_type = "pd-ssd"
image_type = "cos"
oauth_scopes = [
"https://www.googleapis.com/auth/cloud-platform"
]
labels = {
disktype = "ssd"
cputype = "e2"
preemptible = "true"
}
}
}
### Create Cloud SQL
resource "google_sql_database_instance" "cloud_sql" {
provider = google
project = var.project_id
name = var.cloud_sql_name
region = var.region
database_version = "MYSQL_8_0"
deletion_protection = true
settings {
tier = "db-custom-2-3840" # 2vCPU - 3.75 Go
availability_type = "REGIONAL"
backup_configuration {
enabled = true
binary_log_enabled = true
location = "eu"
}
ip_configuration {
ipv4_enabled = false
private_network = google_compute_network.vpc_network.id
}
location_preference {
zone = "europe-west1-b"
}
maintenance_window {
day = 1
hour = 0
}
}
}
### Create Redis
resource "google_redis_instance" "memory_store" {
provider = google
project = var.project_id
name = var.memory_store_name
region = var.region
memory_size_gb = 1
authorized_network = google_compute_network.vpc_network.id
connect_mode = "PRIVATE_SERVICE_ACCESS"
redis_version = "REDIS_6_X"
}
variable "project_id" {
type = string
}
variable "region" {
type = string
default = "europe-west1"
}
### Network & Subnetwork
variable "vpc_network_name" {
type = string
default = "vpc-magento"
}
variable "vpc_subnetwork_name" {
type = string
default = "vpc-sb-magento"
}
variable "vpc_private_ip_address_name" {
type = string
default = "vpc-private-ip-magento"
}
### Firewall
variable "fw_http_name" {
type = string
default = "fw-vpc-allow-http"
}
variable "fw_https_name" {
type = string
default = "fw-vpc-allow-https"
}
variable "fw_ssh_name" {
type = string
default = "fw-vpc-allow-ssh-from-iap"
}
### Router & Cloud NAT
variable "router_name" {
type = string
default = "router-vpc-name"
}
variable "cloud_nat_name" {
type = string
default = "cloud-nat-vpc-name"
}
### Kubernetes Cluster & Node Pool
variable "cluster_name" {
type = string
default = "gke-magento"
}
variable "node_pool_name" {
type = string
default = "gke-preemptible-nodes-magento"
}
### Cloud SQL
variable "cloud_sql_name" {
type = string
default = "cloudsql-magento"
}
### Memory Store
variable "memory_store_name" {
type = string
default = "cloudsql-magento"
}
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment