From f8dff3b3b193decbacfb3bfeb4f4302d29dcba71 Mon Sep 17 00:00:00 2001 From: strophy Date: Thu, 27 Jul 2023 14:53:30 +1000 Subject: [PATCH] chore: move docker cache into multi-runner dir --- examples/multi-runner/docker-cache/README.md | 44 --------------- .../user-data/docker_cache_user_data.sh | 12 ---- .../multi-runner/docker_cache/main.tf | 55 +++++++++---------- .../multi-runner/docker_cache/variables.tf | 9 +++ modules/multi-runner/main.tf | 12 ++++ 5 files changed, 46 insertions(+), 86 deletions(-) delete mode 100644 examples/multi-runner/docker-cache/README.md delete mode 100644 examples/multi-runner/templates/user-data/docker_cache_user_data.sh rename examples/multi-runner/docker-cache/docker-cache.tf => modules/multi-runner/docker_cache/main.tf (76%) create mode 100644 modules/multi-runner/docker_cache/variables.tf diff --git a/examples/multi-runner/docker-cache/README.md b/examples/multi-runner/docker-cache/README.md deleted file mode 100644 index 40e96b0ab5..0000000000 --- a/examples/multi-runner/docker-cache/README.md +++ /dev/null @@ -1,44 +0,0 @@ - -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_autoscaling_attachment.docker_cache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_attachment) | resource | -| [aws_autoscaling_group.docker_cache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource | -| [aws_iam_instance_profile.docker_cache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | -| [aws_iam_role.docker_cache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy.docker_cache_session_manager_aws_managed](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | -| [aws_launch_template.docker_cache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource | -| [aws_lb.docker_cache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | -| [aws_lb_listener.docker_cache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource | -| [aws_lb_target_group.docker_cache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource | -| [aws_route53_record.docker_cache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | -| [aws_route53_zone.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | -| [aws_security_group.docker_cache_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_vpc_security_group_egress_rule.docker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource | -| [aws_vpc_security_group_ingress_rule.docker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource | -| [aws_ami.docker_cache_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | -| [aws_security_group.runner_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source | - -## Inputs - -No inputs. - -## Outputs - -No outputs. - \ No newline at end of file diff --git a/examples/multi-runner/templates/user-data/docker_cache_user_data.sh b/examples/multi-runner/templates/user-data/docker_cache_user_data.sh deleted file mode 100644 index 7b924323de..0000000000 --- a/examples/multi-runner/templates/user-data/docker_cache_user_data.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -apt-get update -y -apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release -curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg -echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null -apt-get update -y -apt-get install -y docker-ce docker-ce-cli containerd.io -usermod -aG ubuntu docker -echo -e "---\n\nversion: 0.1\nlog:\n level: info\n fields:\n service: registry\nstorage:\n cache:\n blobdescriptor: inmemory\n filesystem:\n rootdirectory: /var/lib/registry\nhttp:\n addr: :5000\n headers:\n X-Content-Type-Options: [nosniff]\nproxy:\n remoteurl: https://registry-1.docker.io" > /home/ubuntu/config.yml -mkdir /home/ubuntu/registry -docker run -d -p 5000:5000 --restart=always --name=through-cache -v /home/ubuntu/config.yml:/etc/docker/registry/config.yml -v /home/ubuntu/registry:/var/lib/registry registry:2 diff --git a/examples/multi-runner/docker-cache/docker-cache.tf b/modules/multi-runner/docker_cache/main.tf similarity index 76% rename from examples/multi-runner/docker-cache/docker-cache.tf rename to modules/multi-runner/docker_cache/main.tf index ca21f7a17e..e4aef5cacd 100644 --- a/examples/multi-runner/docker-cache/docker-cache.tf +++ b/modules/multi-runner/docker_cache/main.tf @@ -14,24 +14,21 @@ data "aws_ami" "docker_cache_ami" { owners = ["099720109477"] # Canonical } -data "aws_security_group" "runner_sg" { - vpc_id = module.base.vpc.vpc_id -} - resource "aws_security_group" "docker_cache_sg" { - name_prefix = "${local.environment}-docker-cache-sg" - vpc_id = module.base.vpc.vpc_id - tags = { - Name = "docker-cache-sg" - } + name_prefix = "${var.config.prefix}-docker-cache-sg" + vpc_id = var.config.vpc_id + tags = var.config.tags } -resource "aws_vpc_security_group_ingress_rule" "docker" { - security_group_id = aws_security_group.docker_cache_sg.id - referenced_security_group_id = data.aws_security_group.runner_sg.id - ip_protocol = "tcp" - from_port = 5000 - to_port = 5000 +resource "aws_security_group_rule" "docker_ingress" { + count = length(var.config.lambda_security_group_ids) + + type = "ingress" + protocol = "tcp" + from_port = 5000 + to_port = 5000 + security_group_id = aws_security_group.docker_cache_sg.id + source_security_group_id = var.config.lambda_security_group_ids[count.index] } resource "aws_vpc_security_group_egress_rule" "docker" { @@ -45,7 +42,7 @@ resource "aws_vpc_security_group_egress_rule" "docker" { resource "aws_route53_zone" "private" { name = "platform.internal" vpc { - vpc_id = module.base.vpc.vpc_id + vpc_id = var.config.vpc_id } } @@ -61,15 +58,13 @@ resource "aws_route53_record" "docker_cache" { } resource "aws_iam_role" "docker_cache" { - name = "${local.environment}-docker-cache-role" + name = "${var.config.prefix}-docker-cache-role" assume_role_policy = templatefile("../../modules/runners/policies/instance-role-trust-policy.json", {}) - tags = { - Name = "platform-docker-cache-tf" - } + tags = var.config.tags } resource "aws_iam_instance_profile" "docker_cache" { - name = "${local.environment}-docker-cache-profile" + name = "${var.config.prefix}-docker-cache-profile" role = aws_iam_role.docker_cache.name } @@ -83,12 +78,12 @@ resource "aws_iam_role_policy" "docker_cache_session_manager_aws_managed" { resource "aws_launch_template" "docker_cache" { image_id = data.aws_ami.docker_cache_ami.id instance_type = "t4g.micro" - name_prefix = "${local.environment}-docker-cache" + name_prefix = "${var.config.prefix}-docker-cache" - vpc_security_group_ids = [ - data.aws_security_group.runner_sg.id, - aws_security_group.docker_cache_sg.id - ] + vpc_security_group_ids = concat( + var.config.lambda_security_group_ids, + [aws_security_group.docker_cache_sg.id] + ) iam_instance_profile { name = aws_iam_instance_profile.docker_cache.name @@ -110,8 +105,8 @@ resource "aws_launch_template" "docker_cache" { } resource "aws_autoscaling_group" "docker_cache" { - name_prefix = "${local.environment}-docker-cache" - vpc_zone_identifier = module.base.vpc.private_subnets + name_prefix = "${var.config.prefix}-docker-cache" + vpc_zone_identifier = var.config.subnet_ids launch_template { id = aws_launch_template.docker_cache.id version = "$Latest" @@ -138,7 +133,7 @@ resource "aws_lb" "docker_cache" { name = "platform-docker-cache-tf" internal = true load_balancer_type = "application" - subnets = module.base.vpc.private_subnets + subnets = var.config.subnet_ids security_groups = [aws_security_group.docker_cache_sg.id] enable_deletion_protection = true tags = { @@ -150,7 +145,7 @@ resource "aws_lb_target_group" "docker_cache" { name = "platform-docker-cache-tf" port = 5000 protocol = "HTTP" - vpc_id = module.base.vpc.vpc_id + vpc_id = var.config.vpc_id } resource "aws_lb_listener" "docker_cache" { diff --git a/modules/multi-runner/docker_cache/variables.tf b/modules/multi-runner/docker_cache/variables.tf new file mode 100644 index 0000000000..ce3c497b30 --- /dev/null +++ b/modules/multi-runner/docker_cache/variables.tf @@ -0,0 +1,9 @@ +variable "config" { + type = object({ + prefix = string + tags = map(string) + vpc_id = string + subnet_ids = list(string) + lambda_security_group_ids = list(string) + }) +} diff --git a/modules/multi-runner/main.tf b/modules/multi-runner/main.tf index 9577258df3..f03402a9eb 100644 --- a/modules/multi-runner/main.tf +++ b/modules/multi-runner/main.tf @@ -21,3 +21,15 @@ resource "random_string" "random" { special = false upper = false } + +module "docker_cache" { + source = "./docker_cache" + + config = { + prefix = var.prefix + tags = local.tags + vpc_id = var.vpc_id + subnet_ids = var.subnet_ids + lambda_security_group_ids = var.lambda_security_group_ids + } +}