-
Notifications
You must be signed in to change notification settings - Fork 0
/
datastore.tf
115 lines (99 loc) · 4.4 KB
/
datastore.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
locals {
datastore_settings = {
container_name = "${var.environment}-datastore"
task_cpu = var.datastore_resource.cpu
task_memory = var.datastore_resource.memory
onprem_enabled = true
dop_no_ssl_verify = true
server_mode = "PLAIN"
container_cpu = var.datastore_resource.cpu
container_memory = var.datastore_resource.memory
container_port = 8080
load_balancer_port = 8080
datastore_in_memory_db = true
}
datastore_definition = templatefile(("${path.module}/templates/datastore_task_def.tpl"), {
name = local.datastore_settings.container_name
cpu = local.datastore_settings.container_cpu
memory = local.datastore_settings.container_memory
port = local.datastore_settings.container_port
log_group = aws_cloudwatch_log_group.rookout.name
log_stream = aws_cloudwatch_log_stream.datastore_log_stream[0].name
aws_region = local.region
rookout_token = var.rookout_token
datastore_server_mode = "PLAIN"
onprem_enabled = local.datastore_settings.onprem_enabled
dop_no_ssl_verify = local.datastore_settings.dop_no_ssl_verify
datastore_in_memory_db = local.datastore_settings.datastore_in_memory_db
additional_env_vars = var.additional_datastore_env_vars
datastore_version = var.datastore_version
datastore_image = var.datastore_image
deploy_dynatrace_agent = var.deploy_dynatrace_agent
dynatrace_pass_token = var.dynatrace_pass_token
environment = var.environment
dynatrace_environment_id = var.dynatrace_environment_id
})
}
resource "aws_ecs_task_definition" "datastore" {
count = var.deploy_datastore ? 1 : 0
family = local.datastore_settings.container_name
requires_compatibilities = ["FARGATE"]
network_mode = "awsvpc"
cpu = local.datastore_settings.task_cpu
memory = local.datastore_settings.task_memory
execution_role_arn = var.custom_iam_task_exec_role_arn == "" ? aws_iam_role.task_exec_role[0].arn : var.custom_iam_task_exec_role_arn
task_role_arn = var.custom_iam_task_exec_role_arn == "" ? aws_iam_role.task_exec_role[0].arn : var.custom_iam_task_exec_role_arn
container_definitions = local.datastore_definition
dynamic "volume" {
for_each = var.deploy_dynatrace_agent ? [1] : []
content {
name = "oneagent"
}
}
}
resource "aws_ecs_service" "datastore" {
count = var.deploy_datastore ? 1 : 0
name = local.datastore_settings.container_name
cluster = var.create_cluster ? aws_ecs_cluster.rookout[0].id : data.aws_ecs_cluster.provided[0].id
task_definition = aws_ecs_task_definition.datastore[0].arn
desired_count = 1
launch_type = "FARGATE"
dynamic "load_balancer" {
for_each = var.deploy_alb || length(var.datastore_target_group_arn) > 0 ? [1] : [0]
content {
target_group_arn = var.deploy_alb ? aws_lb_target_group.datastore[0].arn : var.datastore_target_group_arn
container_name = local.datastore_settings.container_name
container_port = local.datastore_settings.container_port
}
}
network_configuration {
security_groups = [aws_security_group.datastore[0].id]
subnets = var.create_vpc ? module.vpc[0].private_subnets : var.vpc_private_subnets
}
}
resource "aws_cloudwatch_log_stream" "datastore_log_stream" {
count = var.deploy_datastore ? 1 : 0
name = "${var.environment}-datastore"
log_group_name = aws_cloudwatch_log_group.rookout.name
}
resource "aws_security_group" "datastore" {
count = var.deploy_datastore ? 1 : 0
name = local.datastore_settings.container_name
description = "Allow inbound/outbound traffic for Rookout datastore"
vpc_id = var.create_vpc ? module.vpc[0].vpc_id : var.vpc_id
ingress {
description = "Inbound from IGW to datastore"
from_port = local.datastore_settings.container_port
to_port = local.datastore_settings.container_port
protocol = "tcp"
cidr_blocks = var.datastore_sg_igress_cidr_blocks
}
egress {
description = "Outbound all"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
}