-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #8 from bschaatsbergen/add-example
Add example
- Loading branch information
Showing
4 changed files
with
119 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
# Example usage | ||
|
||
|
||
## Prerequisites | ||
|
||
This module expects that you already own or create the below resources yourself. | ||
|
||
- Domain | ||
- Google network and subnetwork | ||
- Service account | ||
|
||
## How to deploy | ||
|
||
See [`main.tf`](https://github.com/bschaatsbergen/atlantis-on-gcp-vm/tree/master/example/main.tf) and the [`server-atlantis.yaml`](https://github.com/bschaatsbergen/atlantis-on-gcp-vm/tree/master/example/server-atlantis.yaml). | ||
|
||
|
||
## Service Account | ||
|
||
As Google recommends custom service accounts and permissions granted via IAM Roles. We decided that you must bring your own service account. | ||
|
||
Note that you must grant the relevant permissions to your service account yourself, e.g. Storage related permissions for the Terraform state bucket and other permissions in order to create resources through Terraform. | ||
|
||
### Important | ||
|
||
The `roles/logging.logWriter` role should be attached to the service account in order to write logs to Cloud Logging. | ||
|
||
### Example | ||
|
||
```hcl | ||
resource "google_service_account" "atlantis" { | ||
account_id = "atlantis-sa" | ||
display_name = "Service Account for Atlantis" | ||
project = var.project_id | ||
} | ||
resource "google_project_iam_member" "atlantis_log_writer" { | ||
role = "roles/logging.logWriter" | ||
member = "serviceAccount:${google_service_account.atlantis.email}" | ||
project = var.project_id | ||
} | ||
``` | ||
|
||
## DNS Record | ||
|
||
As this module creates an External HTTPS Load Balancer together with a managed SSL certificate for the domain you provided, an A record has to be created for your domain to successfully provision the certificate. | ||
|
||
### Example | ||
|
||
If you use Cloud DNS and own a managed zone for your domain, use the IP address that's part of the module output to create the A record. | ||
|
||
```hcl | ||
resource "google_dns_record_set" "default" { | ||
name = "atlantis.example.com." | ||
type = "A" | ||
ttl = 60 | ||
managed_zone = "example-com" | ||
rrdatas = [ | ||
module.atlantis.ip_address | ||
] | ||
project = var.project_id | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
# As your DNS records might be managed at another registrar's site, we create the DNS record outside of the module. | ||
# This record is mandatory in order to provision the managed SSL certificate successfully. | ||
resource "google_dns_record_set" "default" { | ||
name = "atlantis.example.com." | ||
type = "A" | ||
ttl = 60 | ||
managed_zone = "example-com" | ||
rrdatas = [ | ||
module.atlantis.ip_address | ||
] | ||
project = var.project_id | ||
} | ||
|
||
module "atlantis" { | ||
source = "bschaatsbergen/atlantis-on-gce" | ||
name = "atlantis" | ||
subnetwork = google_compute_network.default.name | ||
region = google_compute_subnetwork.default.name | ||
service_account = { | ||
email = google_service_account.atlantis.email | ||
scopes = ["cloud-platform"] | ||
} | ||
env_vars = [ | ||
{ | ||
name = "ATLANTIS_GH_USER" | ||
value = "myuser" | ||
}, | ||
{ | ||
name = "ATLANTIS_GH_TOKEN" | ||
value = "token" | ||
}, | ||
{ | ||
name = "ATLANTIS_GH_WEBHOOK_SECRET" | ||
value = "secret" | ||
}, | ||
{ | ||
name = "ATLANTIS_REPO_ALLOWLIST" | ||
value = "github.com/myorg/*" | ||
}, | ||
{ | ||
name = "ATLANTIS_ATLANTIS_URL" | ||
value = "https://atlantis.example.com" | ||
}, | ||
{ | ||
name = "ATLANTIS_REPO_CONFIG_JSON" | ||
value = jsonencode(yamldecode(file("server-atlantis.yaml"))) | ||
} | ||
] | ||
domain = "atlantis.example.com" | ||
project_id = var.project_id | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
repos: | ||
- id: /.*/ | ||
apply_requirements: [mergeable] | ||
allowed_overrides: [apply_requirements, workflow] | ||
allow_custom_workflows: true | ||
delete_source_branch_on_merge: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters