From 64a3dd9a9feacb7ddcc63df0db8ef9da697fce02 Mon Sep 17 00:00:00 2001
From: michaeljguarino <mguarino46@gmail.com>
Date: Wed, 15 Nov 2023 20:10:00 -0500
Subject: [PATCH] feat: Add support for mimir on gcp (#885)

* Add support for mimir on gcp

Will use this to test grafana agent on our cd-demo cluster

* add more bucket tf config
---
 mimir/helm/mimir/Chart.yaml          |  2 +-
 mimir/helm/mimir/values.yaml.tpl     |  5 +++++
 mimir/plural/recipes/mimir-gcp.yaml  |  1 -
 mimir/terraform/gcp/deps.yaml        |  6 ++++--
 mimir/terraform/gcp/main.tf          | 20 ++++++++++++++++++++
 mimir/terraform/gcp/outputs.tf       |  3 +++
 mimir/terraform/gcp/terraform.tfvars |  6 +++++-
 mimir/terraform/gcp/variables.tf     | 21 +++++++++++++++++++++
 8 files changed, 59 insertions(+), 5 deletions(-)
 create mode 100644 mimir/terraform/gcp/outputs.tf

diff --git a/mimir/helm/mimir/Chart.yaml b/mimir/helm/mimir/Chart.yaml
index 57b374071..07a998cc6 100644
--- a/mimir/helm/mimir/Chart.yaml
+++ b/mimir/helm/mimir/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: mimir
 description: helm chart for mimir
 type: application
-version: 0.1.6
+version: 0.1.7
 appVersion: 2.7.1
 dependencies:
 - name: mimir-distributed
diff --git a/mimir/helm/mimir/values.yaml.tpl b/mimir/helm/mimir/values.yaml.tpl
index 0b581b689..f7038b005 100644
--- a/mimir/helm/mimir/values.yaml.tpl
+++ b/mimir/helm/mimir/values.yaml.tpl
@@ -52,6 +52,11 @@ mimir-distributed:
     annotations:
       eks.amazonaws.com/role-arn: {{ importValue "Terraform" "iam_role_arn" }}
   {{- end }}
+  {{- if $isGcp }}
+  serviceAccount:
+    annotations:
+      iam.gke.io/gcp-service-account: {{ importValue "Terraform" "service_account_email" }}
+  {{ end }}
   {{- if and .Values.basicAuth .Values.hostname (not $traceShield) }}
   gateway:
     enabledNonEnterprise: true
diff --git a/mimir/plural/recipes/mimir-gcp.yaml b/mimir/plural/recipes/mimir-gcp.yaml
index 8e77946b5..658059d4c 100644
--- a/mimir/plural/recipes/mimir-gcp.yaml
+++ b/mimir/plural/recipes/mimir-gcp.yaml
@@ -2,7 +2,6 @@ name: mimir-gcp
 description: Installs mimir on an aws eks cluster
 provider: GCP
 primary: true
-private: true
 dependencies:
 - repo: bootstrap
   name: gcp-k8s
diff --git a/mimir/terraform/gcp/deps.yaml b/mimir/terraform/gcp/deps.yaml
index bce087329..8a2b5993d 100644
--- a/mimir/terraform/gcp/deps.yaml
+++ b/mimir/terraform/gcp/deps.yaml
@@ -2,7 +2,7 @@ apiVersion: plural.sh/v1alpha1
 kind: Dependencies
 metadata:
   description: mimir gcp setup
-  version: 0.1.0
+  version: 0.1.1
 spec:
   dependencies:
   - name: gcp-bootstrap
@@ -10,4 +10,6 @@ spec:
     type: terraform
     version: '>= 0.1.1'
   providers:
-  - gcp
\ No newline at end of file
+  - gcp
+  outputs:
+    service_account_email: service_account_email
\ No newline at end of file
diff --git a/mimir/terraform/gcp/main.tf b/mimir/terraform/gcp/main.tf
index 188ab1c68..bfc51c59b 100644
--- a/mimir/terraform/gcp/main.tf
+++ b/mimir/terraform/gcp/main.tf
@@ -9,3 +9,23 @@ resource "kubernetes_namespace" "mimir" {
   }
 }
 
+
+module "mimir-workload-identity" {
+  source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  name                = "${var.cluster_name}-mimir-sa"
+  namespace           = var.namespace
+  project_id          = var.project_id
+  use_existing_k8s_sa = true
+  annotate_k8s_sa     = false
+  k8s_sa_name         = var.mimir_serviceaccount
+  roles               = ["roles/storage.admin"]
+}
+
+module "gcs_buckets" {
+  source = "github.com/pluralsh/module-library//terraform/gcs-buckets"
+
+  project_id            = var.project_id
+  bucket_names          = [var.mimir_blocks_bucket, var.mimir_alert_bucket, var.mimir_ruler_bucket]
+  service_account_email = module.mimir-workload-identity.gcp_service_account_email
+  location              = var.bucket_location
+}
diff --git a/mimir/terraform/gcp/outputs.tf b/mimir/terraform/gcp/outputs.tf
new file mode 100644
index 000000000..0f7cd23c4
--- /dev/null
+++ b/mimir/terraform/gcp/outputs.tf
@@ -0,0 +1,3 @@
+output "service_account_email" {
+    value = module.mimir-workload-identity.gcp_service_account_email
+}
\ No newline at end of file
diff --git a/mimir/terraform/gcp/terraform.tfvars b/mimir/terraform/gcp/terraform.tfvars
index 961103ecf..77e5454a5 100644
--- a/mimir/terraform/gcp/terraform.tfvars
+++ b/mimir/terraform/gcp/terraform.tfvars
@@ -1,2 +1,6 @@
 namespace = {{ .Namespace | quote }}
-cluster_name = {{ .Cluster | quote }}
\ No newline at end of file
+cluster_name = {{ .Cluster | quote }}
+mimir_blocks_bucket = {{ .Values.mimirBlocksBucket | quote }}
+mimir_alert_bucket = {{ .Values.mimirAlertBucket | quote }}
+mimir_ruler_bucket = {{ .Values.mimirRulerBucket | quote }}
+bucket_location = {{ .Context.BucketLocation | quote }}
\ No newline at end of file
diff --git a/mimir/terraform/gcp/variables.tf b/mimir/terraform/gcp/variables.tf
index d3d74054e..edc5c1c0e 100644
--- a/mimir/terraform/gcp/variables.tf
+++ b/mimir/terraform/gcp/variables.tf
@@ -6,3 +6,24 @@ variable "namespace" {
 variable "cluster_name" {
   type = string
 }
+
+variable "mimir_serviceaccount" {
+  type = string
+  default = "mimir"
+}
+
+variable "mimir_blocks_bucket" {
+  type = string
+}
+
+variable "mimir_alert_bucket" {
+  type = string
+}
+
+variable "mimir_ruler_bucket" {
+  type = string
+}
+
+variable "bucket_location" {
+  type = string
+}
\ No newline at end of file