1// Copyright 2024 The Sigstore Authors.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15provider "google" {
16 project = var.project
17 zone = var.zone
18 region = var.region
19}
20
21module "network" {
22 source = "git::https://github.com/sigstore/scaffolding.git//terraform/gcp/modules/network?ref=feced1f5bf972edcf37282e80a2b593474a7d807"
23
24 region = var.region
25 project_id = var.project
26 cluster_name = "rekor"
27}
28
29module "bastion" {
30 source = "git::https://github.com/sigstore/scaffolding.git//terraform/gcp/modules/bastion?ref=feced1f5bf972edcf37282e80a2b593474a7d807"
31
32 project_id = var.project
33 region = var.region
34 zone = var.zone
35 network = module.network.network_name
36 subnetwork = module.network.subnetwork_self_link
37 tunnel_accessor_sa = var.tunnel_accessor_sa
38
39 depends_on = [
40 module.network,
41 ]
42}
43
44module "mysql" {
45 source = "git::https://github.com/sigstore/scaffolding.git//terraform/gcp/modules/mysql?ref=feced1f5bf972edcf37282e80a2b593474a7d807"
46
47 project_id = var.project
48 region = var.region
49 cluster_name = "rekor"
50 database_version = "MYSQL_8_0"
51 availability_type = "ZONAL"
52 network = module.network.network_self_link
53 instance_name = "rekor-perf-tf"
54 require_ssl = false
55
56 depends_on = [
57 module.network
58 ]
59}
60
61module "gke_cluster" {
62 source = "git::https://github.com/sigstore/scaffolding.git//terraform/gcp/modules/gke_cluster?ref=feced1f5bf972edcf37282e80a2b593474a7d807"
63
64 region = var.region
65 project_id = var.project
66 cluster_name = "rekor"
67 network = module.network.network_self_link
68 subnetwork = module.network.subnetwork_self_link
69 cluster_secondary_range_name = module.network.secondary_ip_range.0.range_name
70 services_secondary_range_name = module.network.secondary_ip_range.1.range_name
71 cluster_network_tag = ""
72 bastion_ip_address = module.bastion.ip_address
73
74 depends_on = [
75 module.network,
76 module.bastion,
77 ]
78}
79
80module "rekor" {
81 source = "git::https://github.com/sigstore/scaffolding.git//terraform/gcp/modules/rekor?ref=feced1f5bf972edcf37282e80a2b593474a7d807"
82
83 region = var.region
84 project_id = var.project
85 cluster_name = "rekor"
86
87 enable_attestations = false
88
89 redis_cluster_memory_size_gb = "16"
90
91 network = module.network.network_self_link
92 dns_zone_name = var.dns_zone
93 dns_domain_name = var.dns_domain
94
95 depends_on = [
96 module.network,
97 module.gke_cluster
98 ]
99}
100
101module "oslogin" {
102 source = "git::https://github.com/sigstore/scaffolding.git//terraform/gcp/modules/oslogin?ref=feced1f5bf972edcf37282e80a2b593474a7d807"
103
104 project_id = var.project
105 count = 1
106 oslogin = {
107 enabled = true
108 enabled_with_2fa = false
109 }
110 instance_os_login_members = {
111 bastion = {
112 instance_name = module.bastion.name
113 zone = module.bastion.zone
114 members = var.oslogin_members
115 }
116 }
117
118 depends_on = [
119 module.bastion,
120 ]
121}
122
123output "mysql_pass" {
124 value = module.mysql.mysql_pass
125 sensitive = true
126}
View as plain text