diff --git a/terraform/examples/gke-complete/app/main.tf b/terraform/examples/gke-complete/app/main.tf
index 968338c..250ef69 100644
--- a/terraform/examples/gke-complete/app/main.tf
+++ b/terraform/examples/gke-complete/app/main.tf
@@ -1,14 +1,15 @@
locals {
- project_id = "project"
- region = "us-east1"
- url = "polytomic.example.com"
- polytomic_deployment = "deployment"
- polytomic_deployment_key = "key"
- polytomic_image = "us.gcr.io/polytomic-container-distro/polytomic-onprem"
- polytomic_image_tag = "latest"
- polytomic_root_user = "user@example.com"
- polytomic_bucket = "polytomic-bucket"
-
+ project_id = "project"
+ region = "us-east1"
+ url = "polytomic.example.com"
+ polytomic_deployment = "deployment"
+ polytomic_deployment_key = "key"
+ polytomic_image = "us.gcr.io/polytomic-container-distro/polytomic-onprem"
+ polytomic_image_tag = "latest"
+ polytomic_root_user = "user@example.com"
+ polytomic_bucket = "polytomic-bucket"
+ polytomic_google_client_id = "google-client-id"
+ polytomic_google_client_secret = "google-client-secret"
}
@@ -49,21 +50,23 @@ data "google_container_cluster" "my_cluster" {
module "gke_helm" {
source = "github.com/polytomic/on-premises/terraform/modules/gke-helm"
- polytomic_cert_name = google_compute_managed_ssl_certificate.cert.name
- polytomic_ip_name = data.terraform_remote_state.gke.outputs.load_balancer_name
- polytomic_url = local.url
- polytomic_deployment = local.polytomic_deployment
- polytomic_deployment_key = local.polytomic_deployment_key
- polytomic_image = local.polytomic_image
- polytomic_image_tag = local.polytomic_image_tag
- polytomic_root_user = local.polytomic_root_user
- redis_host = data.terraform_remote_state.gke.outputs.redis_host
- redis_port = data.terraform_remote_state.gke.outputs.redis_port
- redis_password = data.terraform_remote_state.gke.outputs.redis_auth_string
- postgres_host = data.terraform_remote_state.gke.outputs.postgres_ip
- postgres_password = data.terraform_remote_state.gke.outputs.postgres_password
- polytomic_bucket = local.polytomic_bucket
- polytomic_service_account = data.terraform_remote_state.gke.outputs.workload_identity_user_sa
+ polytomic_cert_name = google_compute_managed_ssl_certificate.cert.name
+ polytomic_ip_name = data.terraform_remote_state.gke.outputs.load_balancer_name
+ polytomic_url = local.url
+ polytomic_deployment = local.polytomic_deployment
+ polytomic_deployment_key = local.polytomic_deployment_key
+ polytomic_image = local.polytomic_image
+ polytomic_image_tag = local.polytomic_image_tag
+ polytomic_root_user = local.polytomic_root_user
+ redis_host = data.terraform_remote_state.gke.outputs.redis_host
+ redis_port = data.terraform_remote_state.gke.outputs.redis_port
+ redis_password = data.terraform_remote_state.gke.outputs.redis_auth_string
+ postgres_host = data.terraform_remote_state.gke.outputs.postgres_ip
+ postgres_password = data.terraform_remote_state.gke.outputs.postgres_password
+ polytomic_bucket = data.terraform_remote_state.gke.outputs.bucket
+ polytomic_service_account = data.terraform_remote_state.gke.outputs.workload_identity_user_sa
+ polytomic_google_client_id = local.polytomic_google_client_id
+ polytomic_google_client_secret = local.polytomic_google_client_secret
}
resource "google_compute_managed_ssl_certificate" "cert" {
diff --git a/terraform/examples/gke-complete/cluster/main.tf b/terraform/examples/gke-complete/cluster/main.tf
index 1702c0d..99cc3a4 100644
--- a/terraform/examples/gke-complete/cluster/main.tf
+++ b/terraform/examples/gke-complete/cluster/main.tf
@@ -21,5 +21,6 @@ module "gke" {
project_id = local.project_id
region = local.region
cluster_service_account = module.gke_cluster_service_account.email
-
+ bucket_name = local.polytomic_bucket
+ workload_identity_sa = module.gke_cluster_service_account.workload_identity_user_sa_email
}
diff --git a/terraform/examples/gke-complete/cluster/outputs.tf b/terraform/examples/gke-complete/cluster/outputs.tf
index 858bf54..318f667 100644
--- a/terraform/examples/gke-complete/cluster/outputs.tf
+++ b/terraform/examples/gke-complete/cluster/outputs.tf
@@ -53,3 +53,8 @@ output "postgres_host" {
output "postgres_ip" {
value = module.gke.postgres_ip
}
+
+
+output "bucket" {
+ value = module.gke.bucket
+}
\ No newline at end of file
diff --git a/terraform/modules/gke-helm/main.tf b/terraform/modules/gke-helm/main.tf
index 06a9120..0c49c2d 100644
--- a/terraform/modules/gke-helm/main.tf
+++ b/terraform/modules/gke-helm/main.tf
@@ -27,8 +27,9 @@ image:
repository: ${var.polytomic_image}
tag: ${var.polytomic_image_tag}
-serviceAccount.Annotations:
- iam.gke.io/gcp-service-account: ${var.polytomic_service_account}
+serviceAccount:
+ annotations:
+ iam.gke.io/gcp-service-account: ${var.polytomic_service_account}
polytomic:
deployment:
@@ -40,6 +41,8 @@ polytomic:
auth:
methods:
- google
+ - microsoft
+ - sso
root_user: ${var.polytomic_root_user}
url: https://${var.polytomic_url}
single_player: false
@@ -60,6 +63,7 @@ polytomic:
s3:
operational_bucket: gs://${var.polytomic_bucket}
record_log_bucket: ${var.polytomic_bucket}
+ region: ""
gcs: true
jobs:
@@ -71,6 +75,9 @@ redis:
postgresql:
enabled: false
+minio:
+ enabled: false
+
EOF
]
diff --git a/terraform/modules/gke/README.md b/terraform/modules/gke/README.md
index 63445f6..29f326d 100644
--- a/terraform/modules/gke/README.md
+++ b/terraform/modules/gke/README.md
@@ -25,6 +25,8 @@ No requirements.
| [google_compute_global_address.private_ip_address](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_address) | resource |
| [google_compute_network_peering_routes_config.peering_routes](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network_peering_routes_config) | resource |
| [google_service_networking_connection.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_networking_connection) | resource |
+| [google_storage_bucket.polytomic](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket) | resource |
+| [google_storage_bucket_iam_member.polytomic](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
| [google_client_config.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
| [google_compute_zones.available](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_zones) | data source |
@@ -32,6 +34,7 @@ No requirements.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [bucket\_name](#input\_bucket\_name) | The name of the bucket to create | `string` | `"polytomic-bucket"` | no |
| [cluster\_service\_account](#input\_cluster\_service\_account) | The service account to use for the cluster | `any` | n/a | yes |
| [create\_postgres](#input\_create\_postgres) | Whether to create a postgres instance | `bool` | `true` | no |
| [create\_redis](#input\_create\_redis) | Whether to create a redis instance | `bool` | `true` | no |
@@ -41,11 +44,13 @@ No requirements.
| [project\_id](#input\_project\_id) | The project ID to host the cluster in | `any` | n/a | yes |
| [redis\_size](#input\_redis\_size) | The size of the redis instance in GB | `string` | `"1"` | no |
| [region](#input\_region) | The region to host the cluster in | `string` | `"us-east1"` | no |
+| [workload\_identity\_sa](#input\_workload\_identity\_sa) | The name of the workload identity user service account | `string` | `""` | no |
## Outputs
| Name | Description |
|------|-------------|
+| [bucket](#output\_bucket) | n/a |
| [cluster\_name](#output\_cluster\_name) | Cluster name |
| [lb\_ip](#output\_lb\_ip) | Load balancer IP |
| [lb\_name](#output\_lb\_name) | Load balancer IP Name |
diff --git a/terraform/modules/gke/main.tf b/terraform/modules/gke/main.tf
index b4cbe2c..dff0d58 100644
--- a/terraform/modules/gke/main.tf
+++ b/terraform/modules/gke/main.tf
@@ -146,3 +146,16 @@ resource "google_compute_network_peering_routes_config" "peering_routes" {
import_custom_routes = true
export_custom_routes = true
}
+
+resource "google_storage_bucket" "polytomic" {
+ name = var.bucket_name
+ location = var.region
+ force_destroy = true
+}
+
+
+resource "google_storage_bucket_iam_member" "polytomic" {
+ bucket = google_storage_bucket.polytomic.name
+ role = "roles/storage.objectAdmin"
+ member = "serviceAccount:${var.workload_identity_sa}"
+}
\ No newline at end of file
diff --git a/terraform/modules/gke/outputs.tf b/terraform/modules/gke/outputs.tf
index 0ef23ca..481fad2 100644
--- a/terraform/modules/gke/outputs.tf
+++ b/terraform/modules/gke/outputs.tf
@@ -41,3 +41,7 @@ output "postgres_host" {
output "postgres_ip" {
value = module.postgres[0].private_ip_address
}
+
+output "bucket" {
+ value = google_storage_bucket.polytomic.name
+}
\ No newline at end of file
diff --git a/terraform/modules/gke/vars.tf b/terraform/modules/gke/vars.tf
index 09581d6..2aa68b1 100644
--- a/terraform/modules/gke/vars.tf
+++ b/terraform/modules/gke/vars.tf
@@ -42,3 +42,14 @@ variable "postgres_instance_tier" {
description = "The tier of the postgres instance"
default = "db-f1-micro"
}
+
+variable "bucket_name" {
+ description = "The name of the bucket to create"
+ default = "polytomic-bucket"
+}
+
+
+variable "workload_identity_sa" {
+ description = "The name of the workload identity user service account"
+ default = ""
+}
\ No newline at end of file