Pull the GCLB and DNS out of the app module (#284)

Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
octo-sts · May 18, 2024 · 91be077 · 91be077
1 parent ad1900d
commit 91be077
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 59 deletions.
diff --git a/iac/gclb.tf b/iac/gclb.tf
@@ -1,9 +1,42 @@
 moved {
-  from = google_dns_managed_zone.top-level-zone
-  to   = module.this.google_dns_managed_zone.top-level-zone
+  from = module.app.google_dns_managed_zone.top-level-zone
+  to   = google_dns_managed_zone.top-level-zone
 }
 
 moved {
-  from = module.serverless-gclb
-  to   = module.this.module.serverless-gclb
+  from = module.app.module.serverless-gclb
+  to   = module.serverless-gclb
+}
+
+// This is imported from Cloud Domains
+resource "google_dns_managed_zone" "top-level-zone" {
+  project     = var.project_id
+  name        = "octo-sts-dev"
+  dns_name    = "octo-sts.dev."
+  description = "DNS zone for domain: octo-sts.dev"
+
+  dnssec_config {
+    state = "on"
+  }
+}
+
+// Put the above domain in front of our regional services.
+module "serverless-gclb" {
+  source  = "chainguard-dev/common/infra//modules/serverless-gclb"
+  version = "0.6.18"
+
+  name       = var.name
+  project_id = var.project_id
+  dns_zone   = google_dns_managed_zone.top-level-zone.name
+
+  // Regions are all of the places that we have backends deployed.
+  // Regions must be removed from serving before they are torn down.
+  regions         = keys(module.networking.regional-networks)
+  serving_regions = keys(module.networking.regional-networks)
+
+  public-services = {
+    "octo-sts.dev" = {
+      name = var.name
+    }
+  }
 }
diff --git a/iac/main.tf b/iac/main.tf
@@ -18,21 +18,6 @@ data "google_monitoring_notification_channel" "octo-sts-slack" {
   display_name = "Slack Octo STS Notification"
 }
 
-moved {
-  from = google_kms_key_ring.app-keyring
-  to   = module.this.google_kms_key_ring.app-keyapp-keyring
-}
-
-moved {
-  from = google_kms_crypto_key.app-key
-  to   = module.this.google_kms_crypto_key.app-key
-}
-
-moved {
-  from = google_service_account.octo-sts
-  to   = module.this.google_service_account.octo-sts
-}
-
 // Build each of the application images from source.
 resource "ko_build" "this" {
   working_dir = "${path.module}/.."
@@ -70,8 +55,3 @@ module "app" {
   github_app_key_version = 1
   notification_channels  = local.notification_channels
 }
-
-moved {
-  from = module.this
-  to   = module.app.module.this
-}
diff --git a/modules/app/gclb.tf b/modules/app/gclb.tf
diff --git a/modules/app/outputs.tf b/modules/app/outputs.tf