terraform-example | Terraform-orchestrated continuous delivery | Continous Integration library
kandi X-RAY | terraform-example Summary
kandi X-RAY | terraform-example Summary
Terraform-orchestrated continuous delivery from TravisCI
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of terraform-example
terraform-example Key Features
terraform-example Examples and Code Snippets
Community Discussions
Trending Discussions on terraform-example
QUESTION
I'm trying to setup Azure Kubernetes Services with Terraform with the 'Azure Voting'-app.
I'm using the code mentioned below, however I keep getting the error on the Load Balancer: "Internal Server Error". Any idea what is going wrong here?
Seems like the Load Balancer to Endpoint (POD) is configured correclt,y thus not sure what is missing here.
main.tf
...ANSWER
Answered 2022-Mar-03 at 06:08QUESTION
I'm running a 2 GKE private cluster set up in europe-west2. I have a dedicated config cluster for MCI and a worker cluster for workloads. Both clusters are registered to Anthos hub and ingress feat enabled on config cluster. In addition worker cluster runs latest ASM 1.12.2.
As far as MCI is concerned my deployment is 'standard' as in based on available docs (ie https://cloud.google.com/architecture/distributed-services-on-gke-private-using-anthos-service-mesh#configure-multi-cluster-ingress, terraform-example-foundation repo etc).
Everything works but I'm hitting an intermittent connectivity issue no matter how many times I redeploy entire stack. My eyes are bleeding from staring at logging dashboard. I ran out of dots to connect.
I'm probing some endpoints presented from my cluster which most of the time returns 200 with following logged under resource.type="http_load_balancer":
ANSWER
Answered 2022-Feb-05 at 13:42I had a same/similar issue when using a HTTPS with MultiClusterIngress.
Google support suggested to use a literal static IP for the annotation:
QUESTION
I have the terraform file main.tf that used to create AWS resources:
ANSWER
Answered 2021-Jun-06 at 18:19Remove the .terraform folder and try terraform init
again
OR
error is because there's no S3 bucket created to sync with.
- remove json object of s3 in .terraform/terraform.tfstate
- remove the object generating remote backend run
- terraform init
QUESTION
I am relatively new to terraform and am following an example from the following link:
[link to example here][1]
Code Snippet from above link:
...ANSWER
Answered 2021-Jun-05 at 04:29Your updated version is the would you would specify multiple values of an block-type attribute in terraform:
Where multiple such objects are possible, multiple blocks of the same type can be present.
So in your case you just duplicate port block to create multiple values for port attribute.
QUESTION
I am trying to run one of the first basic examples from the book Terraform Up and Running. My main.tf is almost identical to the one in the link apart from the version:
ANSWER
Answered 2021-Apr-11 at 01:27There is nothing wrong the TF program. I verified it using my sandbox account and it works as expected. It takes 1-2 minutes for script to start working, so maybe you are testing it too soon.
So whatever difficulties you have are not due to the script itself. So either what you posted on SO is not your actual code, or you have somehow modified your VPC configurations which make the instance not-accessible.
QUESTION
I'm unsure on the Terraform port forwarding nomenclature here. If I have an application on port 5000 inside a private network that I'd like to expose to the public on port 8000 - which variables do I set?
Would it be from the perspective of the private network?
...ANSWER
Answered 2021-Mar-17 at 22:48Think about a security group (SG) as a closed bubble around your instance. It has nothing to do with what's happening inside your instance. It operates outside of an instance.
The SG rules you set, make holes in this bubble, specifying what traffic (TCP, UDP) on what ports is allowed into the instance and outside the instance.
In your case, since you want to allow incoming traffic on port 8000 to your instance, you would make a "hole" with port 8000:
QUESTION
I have a terraform file which creates an aws_instance and calls a process foo on that instance which should run for 10 mins. This process simulates some traffic which I can monitor elsewhere. I can manually ssh to the instance and run the process and it behaves as expected.
The problem is it seems the process stops running once terraform apply has completed setting everything up (this is my assumption judging by when I stop seeing traffic and see terraform apply finish).
If my assumption is correct is there a way to start the process in such a way that it will outlive terraform finishing?
My terraform file creates the aws_instance like so, where foo has been previously uploaded to another bucket:
...ANSWER
Answered 2021-Mar-12 at 12:00resource "aws_instance" "example" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
user_data = <<-EOF
#!/bin/bash
aws s3 cp s3://foobar-bucket/foo ./
chmod +x foo
sudo nohup ./foo & disown
EOF
tags = {
Name = "terraform-example"
}
}
QUESTION
ON GCP,I need to use 2 GCP project; One is for web-application, the other is for storing secrets for web-application ( which structure comes from google's repository
As written in README, I'll store secrets using GCP Secret Manager
procedure I'm planningThis project is allocated for GCP Secret Manager for secrets shared by the organization.
- prj-secret : create secrets in secrets-manager
- prj-application : read secret using kubernetes-external-secrets
in prj-application I want to use workload identity , because I don't want to use as serviceaccountkey doc saying
What I didcreate cluser with
-workload-pool=project-id.svc.id.googoptionhelm install kubernetes-external-secrets
[skip] kubectl create namespace k8s-namespace ( because I install kubernetes-external-secrets on
defaultname space)[skip] kubectl create serviceaccount --namespace k8s-namespace ksa-name ( because I use
defaultserviceaccount with exist by default when creating GKE)create google-service-account with
module "workload-identity
ANSWER
Answered 2021-Feb-04 at 19:51You have an issue in your role binding I think. When you say this:
kubernetes_serviceaccount called external-secrets-kubernetes-external-secrets was already created when installing kubernetes-external-secrets with helm. and it bind k8s_sa_name &' external-secrets-kubernetes@my-project-id.iam.gserviceaccount.com, which has ["roles/secretmanager.admin","roles/secretmanager.secretAccessor"].
It's unclear.
external-secrets-kubernetes@my-project-id.iam.gserviceaccount.com,is created on which project? I guess in prj-application, but not clear.
- I take the assumption (with the name and the link with the cluster) that the service account is created in the prj-application. you grant the role
"roles/secretmanager.admin","roles/secretmanager.secretAccessor"on which resource?
- On the IAM page of the prj-application?
- On the IAM page of the prj-secret?
- On the secretId of the secret in the prj-secret?
If you did the 1st one, it's the wrong binding, the service account can only access to the secret of the prj-application, and not these of prj-secret.
Note, if you only need to access the secret, don't grand the admin role, only the accessor is required.
QUESTION
I am trying to source a terraform module from github like so:
...ANSWER
Answered 2021-Jan-23 at 05:51There shouldn't be https:// at the beginning. So it should be:
QUESTION
I have created my organisation infrastructure in GCP following the Cloud Foundation Toolkit using the Terraform modules provided by Google.
The following table list the IP ranges for all environments:
Now I am in the process of deploying my application that consists of basically Cloud Run services and a Cloud SQL (Postgres) instance. The Cloud SQL instance was created with a private IP from the "unallocated" IP range that is reserved for peered services (such as Cloud SQL).
In order to establish connectivity between Cloud Run and Cloud SQL, I have also created the Serverless VPC Connector (ip range 10.1.0.16/28) and configured the Cloud SQL proxy.
When I try to connect to the database from the Cloud Run service I get this error after ~10s:
CloudSQL connection failed. Please see https://cloud.google.com/sql/docs/mysql/connect-run for additional details: Post "https://www.googleapis.com/sql/v1beta4/projects/[my-project]/instances/platform-db/createEphemeral?alt=json&prettyPrint=false": context deadline exceeded
I have granted roles/vpcaccess.user for both the default Cloud Run SA and the one used by the application in the host project.
I have granted roles/compute.networkUser for both SAs in the service project. I also granted roles/cloudsql.client for both SAs.
I have enabled servicenetworking.googleapis.com and vpcaccess.googleapis.com in the service project.
I have run out of ideas and I can't figure out what the issue is.
It seems like a timeout error when Cloud Run tries to create a POST request to the Cloud SQL API. So it seems like the VPC connector (10.1.0.16/28) cannot connect to the Cloud SQL instance (10.0.80.0/20).
Has anyone experienced this issue before?
...ANSWER
Answered 2021-Jan-22 at 08:12When you use the Cloud SQL built-in connexion in Cloud Run (but also App Engine and Cloud Function) a connexion similar to Cloud SQL proxy is created. This connexion can be achieved only on a Cloud SQL public IP, even if you have a serverless VPC connector and your database reachable through the VPC.
If you have only a private IP on Cloud SQL, you need to use the private IP to reach the database, not the built-in Cloud SQL connector. More detail in the documentation
I also wrote an article on this
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install terraform-example
If the branch is master, installs terraform
If the branch is master, executes deploy.sh to deploy the static website to AWS S3 website fronted by mikeball.me via:
terraform plan
terraform apply
commit terraform.tfstate back to this repo with a [ci skip] commit message such that a TravisCI build is not triggered.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
