Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 88aa46f

Browse files
committedFeb 4, 2024·
refactor(infra): environment-specific TF configurations
1 parent f15b6eb commit 88aa46f

36 files changed

+570
-458
lines changed
 

‎.gitignore

+4-1
Original file line numberDiff line numberDiff line change
@@ -54,10 +54,13 @@ yarn-error.log*
5454
*.tfstate.*
5555
*.tfvars
5656
*.tfvars.json
57-
.terraformrc
5857
override.tf
58+
override.tf.json
59+
*_override.tf
60+
*_override.tf.json
5961
crash.log
6062
crash.*.log
63+
.terraformrc
6164

6265
# WebStorm
6366
.idea

‎.vscode/settings.json

+3
Original file line numberDiff line numberDiff line change
@@ -35,14 +35,17 @@
3535
"**/yarn.lock": true
3636
},
3737
"terminal.integrated.env.linux": {
38+
"TF_CLI_CONFIG_FILE": "${workspaceFolder}/.terraformrc",
3839
"CLOUDSDK_ACTIVE_CONFIG_NAME": "default",
3940
"CACHE_DIR": "${workspaceFolder}/.cache"
4041
},
4142
"terminal.integrated.env.osx": {
43+
"TF_CLI_CONFIG_FILE": "${workspaceFolder}/.terraformrc",
4244
"CLOUDSDK_ACTIVE_CONFIG_NAME": "default",
4345
"CACHE_DIR": "${workspaceFolder}/.cache"
4446
},
4547
"terminal.integrated.env.windows": {
48+
"TF_CLI_CONFIG_FILE": "${workspaceFolder}/.terraformrc",
4649
"CLOUDSDK_ACTIVE_CONFIG_NAME": "default",
4750
"CACHE_DIR": "${workspaceFolder}\\.cache"
4851
},

‎infra/.terraform.lock.hcl

-62
This file was deleted.

‎infra/README.md

+32-63
Original file line numberDiff line numberDiff line change
@@ -1,85 +1,54 @@
1-
# Cloud Infrastructure
1+
# Terraform Cloud Project
22

3-
The Google Cloud Platform (GCP) and Cloudflare infrastructure resources required
4-
by the app and that can be bootstrapped via [Terraform](https://www.terraform.io/).
3+
This folder contains the Terraform configurations for our project's infrastructure, managed through Terraform Cloud. The infrastructure is divided into multiple workspaces to handle different environments and shared resources.
54

6-
## Requirements
5+
## Directory Structure
76

8-
- [Node.js](https://nodejs.org/en/) v18+ with [Yarn](https://yarnpkg.com/) package manager
9-
- [Google Cloud SDK](https://cloud.google.com/sdk/docs/install) and [Terraform CLI](https://learn.hashicorp.com/tutorials/terraform/install-cli)
10-
- Access to [Google Cloud Projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects) and [Terraform Cloud](https://cloud.hashicorp.com/products/terraform) workspaces
7+
The repository is organized into the following directories, each corresponding to a specific Terraform Cloud workspace:
118

12-
<details>
13-
<summary>How to install Terraform CLI on macOS?</summary><br>
9+
- **[`/core`](./core/)** - This directory contains the Terraform configurations for the global/shared resources used across all environments. These may include VPCs, shared databases, IAM roles, etc.
1410

15-
```bash
16-
$ brew tap hashicorp/tap
17-
$ brew install hashicorp/tap/terraform
18-
$ brew update
19-
$ brew upgrade hashicorp/tap/terraform
20-
$ yarn tf -version
21-
```
11+
- **[`/server-prod`](./server-prod/)** - Contains the Terraform configurations for the production web server. This workspace should be configured with production-grade settings, ensuring high availability and security.
2212

23-
</details>
13+
- **[`/server-test`](./server-test/)** - Holds the configurations for the testing/QA web server. This environment mirrors production closely and is used for final testing before deploying to production.
2414

25-
<details>
26-
<summary>How to create Google Cloud Platform projects?</summary><br>
15+
- **[`/server-preview`](./server-preview/)** - This directory is for the preview web server, typically used for staging and pre-release reviews. It might contain configurations that are under testing or not yet approved for the testing environment.
2716

28-
Simply navigate to [Google Cloud Resource Manager](https://console.cloud.google.com/cloud-resource-manager)
29-
and create two GCP projects for both `test` (QA) and `prod` (production)
30-
environments, e.g. "example" and "example-test".
17+
## Usage
3118

32-
Fore more information visit https://cloud.google.com/resource-manager/docs/creating-managing-projects<br>
19+
### Prerequisites
3320

34-
</details>
21+
- Terraform
22+
- Access to the Terraform Cloud workspace
3523

36-
<details>
37-
<summary>How to configure Terraform Cloud workspaces?</summary><br>
24+
### Setting Up Workspaces in Terraform Cloud
3825

39-
1. Sign in to [Terraform Cloud](https://cloud.hashicorp.com/products/terraform) dashboard.
40-
2. Create or join an organization.
41-
3. Create two workspaces — `app-test` and `app-prod` for test/QA and production environments.
42-
4. In each of these workspaces create an environment variable called `GOOGLE_CREDENTIALS` with the value containing JSON key of a GCP [service account](https://cloud.google.com/iam/docs/service-accounts). Note, this GCP service account needs to have `Owner` or `Editor` + `Service Usage Admin` roles.
26+
1. Log in to Terraform Cloud.
27+
2. Create a workspace for each directory/environment.
28+
3. Link each workspace to the corresponding directory in this repository.
29+
4. Save Terraform API token to the `../.terraformrc` file.
4330

44-
For more information visit https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference<br>
31+
### Working with Terraform
4532

46-
</details>
33+
To work with Terraform configurations:
4734

48-
<details>
49-
<summary>How to authenticate Terraform CLI in Terraform Cloud?</summary><br>
35+
1. Navigate to the appropriate directory (e.g., `cd server-prod`).
36+
2. Initialize Terraform: `terraform init`.
37+
3. Apply configurations: `terraform apply`.
5038

51-
1. Create a personal or team [API Token](https://learn.hashicorp.com/tutorials/terraform/cloud-login) via [Terraform Cloud](https://app.terraform.io/app/) dashboard → [Settings](https://app.terraform.io/app/settings/tokens).
52-
2. Save API token to the `.terraformrc` file in root of the project:
39+
Ensure that you are working in the correct workspace to avoid misconfigurations.
5340

54-
```
55-
credentials "app.terraform.io" {
56-
token = "xxxxxx.atlasv1.zzzzzzzzzzzzz"
57-
}
58-
```
41+
### Contributions
5942

60-
**NOTE**: This would allow to using different Terraform credentials per software project if you want to.<br>
43+
Please follow our contribution guidelines for making changes or adding new configurations. Ensure you test configurations in the test and preview environments before applying them to production.
6144

62-
</details>
45+
## Support
6346

64-
## Getting Started
47+
For any issues or questions related to this Terraform setup, please contact [@koistya](https://github.com/koistya) on our [Discord server](https://discord.com/invite/bSsv7XM).
6548

66-
- `yarn tf init -upgrade` — Initializes a Terraform workspace
67-
- `yarn tf plan` — creates an execution plan
68-
- `yarn tf apply` — executes the actions proposed by the `yarn tf plan` command
49+
### References
6950

70-
**NOTE**: By default the `app-test` Terraform workspace is used. In order to use
71-
the production workspace, set `TF_WORKSPACE` environment variable to `prod`. For
72-
example:
73-
74-
```bash
75-
$ TF_WORKSPACE=prod tf plan
76-
$ TF_WORKSPACE=prod tf apply
77-
```
78-
79-
**NOTE**: You need to run Terraform commands via `yarn tf <command> [...args]`.
80-
81-
<p align="center">
82-
<a href="https://www.youtube.com/watch?v=tomUWcQ0P3k"><img src="https://user-images.githubusercontent.com/197134/151321818-d47fe54f-c19e-4d4c-9834-c33e589a33e1.png" alt="" width="640" height="360" /></a>
83-
</p>
84-
85-
Fore more information visit https://learn.hashicorp.com/terraform
51+
- https://learn.hashicorp.com/terraform
52+
- https://cloud.google.com/docs/terraform/best-practices-for-terraform
53+
- https://cloud.google.com/iam/docs/workload-identity-federation-with-deployment-pipelines
54+
- https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference.html

‎infra/backend.tf

-12
This file was deleted.

‎infra/core/.terraform.lock.hcl

+64
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎infra/core/database.tf

+40
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
# Google Cloud SQL
2+
# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database
3+
4+
resource "random_id" "db_name_suffix" {
5+
byte_length = 4
6+
}
7+
8+
resource "google_project_service" "compute" {
9+
service = "compute.googleapis.com"
10+
disable_on_destroy = false
11+
}
12+
13+
resource "google_project_service" "sqladmin" {
14+
service = "sqladmin.googleapis.com"
15+
disable_on_destroy = false
16+
}
17+
18+
resource "google_sql_database_instance" "db" {
19+
name = "db-${random_id.db_name_suffix.hex}"
20+
database_version = "POSTGRES_15"
21+
deletion_protection = false
22+
23+
settings {
24+
tier = "db-f1-micro"
25+
26+
database_flags {
27+
name = "cloudsql.iam_authentication"
28+
value = "on"
29+
}
30+
}
31+
32+
depends_on = [google_project_service.sqladmin]
33+
}
34+
35+
resource "google_sql_user" "developer" {
36+
name = trimsuffix(google_service_account.developer.email, ".gserviceaccount.com")
37+
instance = google_sql_database_instance.db.name
38+
type = "CLOUD_IAM_SERVICE_ACCOUNT"
39+
depends_on = [google_service_account.developer]
40+
}

‎infra/core/iam.tf

+8
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
# Google Cloud Service Account
2+
# https://cloud.google.com/compute/docs/access/service-accounts
3+
# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_service_account
4+
5+
resource "google_service_account" "developer" {
6+
account_id = "developer"
7+
display_name = "Developer"
8+
}

‎infra/core/outputs.tf

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
# Output Values
2+
# https://developer.hashicorp.com/terraform/language/values/outputs
3+
4+
output "db_instance_name" {
5+
value = google_sql_database_instance.db.name
6+
sensitive = false
7+
}
8+
9+
output "developer_service_account_email" {
10+
value = google_service_account.developer.email
11+
sensitive = false
12+
}

‎infra/core/providers.tf

+10
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
# Provider Configuration
2+
# https://developer.hashicorp.com/terraform/language/providers/configuration
3+
4+
# Google Cloud Platform Provider
5+
# https://registry.terraform.io/providers/hashicorp/google/latest/docs
6+
provider "google" {
7+
project = var.gcp_project
8+
region = var.gcp_region
9+
zone = var.gcp_zone
10+
}

‎infra/core/storage.tf

+17
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
# Google Cloud Storage
2+
#
3+
# NOTE: The Google account under which the Terraform Cloud agents run must have
4+
# the owner role on the target domain name in order to create Google Cloud
5+
# Storage buckets using that domain name. You can update the list of owner
6+
# members in the Google Search Console at the following URL:
7+
# https://search.google.com/search-console/welcome?new_domain_name=example.com
8+
# https://cloud.google.com/storage/docs/domain-name-verification
9+
10+
resource "google_storage_bucket" "pkg" {
11+
name = "pkg.${var.root_level_domain}"
12+
location = "US"
13+
force_destroy = false
14+
15+
uniform_bucket_level_access = true
16+
public_access_prevention = "enforced"
17+
}

‎infra/core/terraform.tf

+29
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
# Terraform Cloud configuration for the core (shared) workspace
2+
# https://developer.hashicorp.com/terraform/cli/cloud/settings
3+
4+
terraform {
5+
cloud {
6+
organization = "example"
7+
8+
workspaces {
9+
project = "default"
10+
name = "core"
11+
}
12+
}
13+
14+
required_providers {
15+
# Google Cloud Platform Provider
16+
# https://registry.terraform.io/providers/hashicorp/google/latest/docs
17+
google = {
18+
source = "hashicorp/google"
19+
version = "~> 5.14.0"
20+
}
21+
22+
# Cloudflare Provider
23+
# https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs
24+
cloudflare = {
25+
source = "cloudflare/cloudflare"
26+
version = "~> 4.23"
27+
}
28+
}
29+
}

‎infra/core/variables.tf

+26
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
# Input Variables
2+
# https://developer.hashicorp.com/terraform/language/values/variables
3+
4+
variable "gcp_project" {
5+
type = string
6+
description = "Google Cloud Project ID"
7+
default = "example"
8+
}
9+
10+
variable "gcp_region" {
11+
type = string
12+
description = "Google Cloud region"
13+
default = "us-central1"
14+
}
15+
16+
variable "gcp_zone" {
17+
type = string
18+
description = "Google Cloud zone"
19+
default = "us-central1-c"
20+
}
21+
22+
variable "root_level_domain" {
23+
type = string
24+
description = "The root-level domain for the app"
25+
default = "example.com"
26+
}

‎infra/database.tf

-47
This file was deleted.

‎infra/outputs.tf

-4
This file was deleted.

‎infra/providers.tf

-46
This file was deleted.

‎infra/server-preview/.terraform.lock.hcl

+41
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎infra/server-preview/database.tf

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
# Google CLoud SQL Database.
2+
# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database
3+
4+
data "tfe_outputs" "core" {
5+
organization = var.tfe_organization
6+
workspace = "core"
7+
}
8+
9+
resource "google_sql_database" "db" {
10+
name = var.db_name
11+
instance = data.tfe_outputs.core.values.db_instance_name
12+
}

‎infra/server-preview/providers.tf

+8
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
# Provider Configuration
2+
# https://developer.hashicorp.com/terraform/language/providers/configuration
3+
4+
provider "google" {
5+
project = var.gcp_project
6+
region = var.gcp_region
7+
zone = var.gcp_zone
8+
}

‎infra/server-preview/terraform.tf

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# Terraform Cloud configuration for the core (shared) workspace
2+
# https://developer.hashicorp.com/terraform/cli/cloud/settings
3+
4+
terraform {
5+
cloud {
6+
organization = "example"
7+
8+
workspaces {
9+
project = "default"
10+
name = "server-preview"
11+
}
12+
}
13+
14+
required_providers {
15+
google = {
16+
source = "hashicorp/google"
17+
version = "~> 5.14.0"
18+
}
19+
}
20+
}

‎infra/server-preview/variables.tf

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
# Input Variables
2+
# https://developer.hashicorp.com/terraform/language/values/variables
3+
4+
variable "tfe_organization" {
5+
type = string
6+
description = "Terraform Cloud organization ID"
7+
default = "example"
8+
}
9+
10+
variable "gcp_project" {
11+
type = string
12+
description = "Google Cloud Project ID"
13+
default = "example"
14+
}
15+
16+
variable "gcp_region" {
17+
type = string
18+
description = "Google Cloud region"
19+
default = "us-central1"
20+
}
21+
22+
variable "gcp_zone" {
23+
type = string
24+
description = "Google Cloud zone"
25+
default = "us-central1-c"
26+
}
27+
28+
variable "db_name" {
29+
type = string
30+
description = "Database name"
31+
default = "example-preview"
32+
}

‎infra/server-prod/.terraform.lock.hcl

+22
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎infra/server-prod/database.tf

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
# Google CLoud SQL Database.
2+
# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database
3+
4+
data "tfe_outputs" "core" {
5+
organization = var.tfe_organization
6+
workspace = "core"
7+
}
8+
9+
resource "google_sql_database" "db" {
10+
name = var.db_name
11+
instance = data.tfe_outputs.core.values.db_instance_name
12+
}

‎infra/server-prod/providers.tf

+8
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
# Provider Configuration
2+
# https://developer.hashicorp.com/terraform/language/providers/configuration
3+
4+
provider "google" {
5+
project = var.gcp_project
6+
region = var.gcp_region
7+
zone = var.gcp_zone
8+
}

‎infra/server-prod/terraform.tf

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# Terraform Cloud configuration for the core (shared) workspace
2+
# https://developer.hashicorp.com/terraform/cli/cloud/settings
3+
4+
terraform {
5+
cloud {
6+
organization = "example"
7+
8+
workspaces {
9+
project = "default"
10+
name = "server-prod"
11+
}
12+
}
13+
14+
required_providers {
15+
google = {
16+
source = "hashicorp/google"
17+
version = "~> 5.14.0"
18+
}
19+
}
20+
}

‎infra/server-prod/variables.tf

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
# Input Variables
2+
# https://developer.hashicorp.com/terraform/language/values/variables
3+
4+
variable "tfe_organization" {
5+
type = string
6+
description = "Terraform Cloud organization ID"
7+
default = "example"
8+
}
9+
10+
variable "gcp_project" {
11+
type = string
12+
description = "Google Cloud Project ID"
13+
default = "example"
14+
}
15+
16+
variable "gcp_region" {
17+
type = string
18+
description = "Google Cloud region"
19+
default = "us-central1"
20+
}
21+
22+
variable "gcp_zone" {
23+
type = string
24+
description = "Google Cloud zone"
25+
default = "us-central1-c"
26+
}
27+
28+
variable "db_name" {
29+
type = string
30+
description = "Database name"
31+
default = "example"
32+
}

‎infra/server-test/.terraform.lock.hcl

+41
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎infra/server-test/database.tf

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
# Google CLoud SQL Database.
2+
# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database
3+
4+
data "tfe_outputs" "core" {
5+
organization = var.tfe_organization
6+
workspace = "core"
7+
}
8+
9+
resource "google_sql_database" "db" {
10+
name = var.db_name
11+
instance = data.tfe_outputs.core.values.db_instance_name
12+
}

‎infra/server-test/providers.tf

+8
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
# Provider Configuration
2+
# https://developer.hashicorp.com/terraform/language/providers/configuration
3+
4+
provider "google" {
5+
project = var.gcp_project
6+
region = var.gcp_region
7+
zone = var.gcp_zone
8+
}

‎infra/server-test/terraform.tf

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# Terraform Cloud configuration for the core (shared) workspace
2+
# https://developer.hashicorp.com/terraform/cli/cloud/settings
3+
4+
terraform {
5+
cloud {
6+
organization = "example"
7+
8+
workspaces {
9+
project = "default"
10+
name = "server-test"
11+
}
12+
}
13+
14+
required_providers {
15+
google = {
16+
source = "hashicorp/google"
17+
version = "~> 5.14.0"
18+
}
19+
}
20+
}

‎infra/server-test/variables.tf

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
# Input Variables
2+
# https://developer.hashicorp.com/terraform/language/values/variables
3+
4+
variable "tfe_organization" {
5+
type = string
6+
description = "Terraform Cloud organization ID"
7+
default = "example"
8+
}
9+
10+
variable "gcp_project" {
11+
type = string
12+
description = "Google Cloud Project ID"
13+
default = "example"
14+
}
15+
16+
variable "gcp_region" {
17+
type = string
18+
description = "Google Cloud region"
19+
default = "us-central1"
20+
}
21+
22+
variable "gcp_zone" {
23+
type = string
24+
description = "Google Cloud zone"
25+
default = "us-central1-c"
26+
}
27+
28+
variable "db_name" {
29+
type = string
30+
description = "Database name"
31+
default = "example-test"
32+
}

‎infra/services.tf

-23
This file was deleted.

‎infra/storage.tf

-41
This file was deleted.

‎infra/variables.tf

-47
This file was deleted.

‎scripts/tf.js

-111
This file was deleted.

‎tsconfig.json

+5-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,8 @@
11
{
22
"files": [],
3-
"references": [{ "path": "./app" }, { "path": "./server" }],
3+
"references": [
4+
{ "path": "./app" },
5+
{ "path": "./db" },
6+
{ "path": "./server" },
7+
],
48
}

0 commit comments

Comments
 (0)
Please sign in to comment.