diff --git a/README.md b/README.md
index e1a5d1f2..caa89a35 100644
--- a/README.md
+++ b/README.md
@@ -62,6 +62,7 @@ resources that lack official modules.
|------|---------|
| [terraform](#requirement\_terraform) | ~> 1.0 |
| [google](#requirement\_google) | ~> 4.31 |
+| [helm](#requirement\_helm) | ~> 2.10 |
| [kubernetes](#requirement\_kubernetes) | ~> 2.9 |
## Providers
@@ -75,13 +76,13 @@ No providers.
| [app\_gke](#module\_app\_gke) | ./modules/app_gke | n/a |
| [app\_lb](#module\_app\_lb) | ./modules/app_lb | n/a |
| [database](#module\_database) | ./modules/database | n/a |
-| [gke\_app](#module\_gke\_app) | wandb/wandb/kubernetes | 1.6.0 |
| [kms](#module\_kms) | ./modules/kms | n/a |
| [networking](#module\_networking) | ./modules/networking | n/a |
| [project\_factory\_project\_services](#module\_project\_factory\_project\_services) | terraform-google-modules/project-factory/google//modules/project_services | ~> 13.0 |
| [redis](#module\_redis) | ./modules/redis | n/a |
| [service\_accounts](#module\_service\_accounts) | ./modules/service_accounts | n/a |
| [storage](#module\_storage) | ./modules/storage | n/a |
+| [wandb](#module\_wandb) | wandb/wandb/helm | 1.0.0 |
## Resources
diff --git a/examples/public-dns-with-cloud-dns/main.tf b/examples/public-dns-with-cloud-dns/main.tf
index a1b42b2a..8c4a7951 100644
--- a/examples/public-dns-with-cloud-dns/main.tf
+++ b/examples/public-dns-with-cloud-dns/main.tf
@@ -18,6 +18,14 @@ provider "kubernetes" {
token = data.google_client_config.current.access_token
}
+provider "helm" {
+ kubernetes {
+ host = "https://${module.wandb.cluster_endpoint}"
+ cluster_ca_certificate = base64decode(module.wandb.cluster_ca_certificate)
+ token = data.google_client_config.current.access_token
+ }
+}
+
# Spin up all required services
module "wandb" {
source = "../../"
@@ -32,7 +40,7 @@ module "wandb" {
wandb_version = var.wandb_version
wandb_image = var.wandb_image
- create_redis = false
+ create_redis = true
use_internal_queue = true
force_ssl = var.force_ssl
diff --git a/examples/use-exsisting-k8s/main.tf b/examples/use-exsisting-k8s/main.tf
new file mode 100644
index 00000000..88fe1156
--- /dev/null
+++ b/examples/use-exsisting-k8s/main.tf
@@ -0,0 +1,71 @@
+provider "google" {
+ project = var.project_id
+ region = var.region
+ zone = var.zone
+}
+
+provider "google-beta" {
+ project = var.project_id
+ region = var.region
+ zone = var.zone
+}
+
+data "google_client_config" "current" {}
+
+data "google_container_cluster" "primary" {
+ name = var.cluster_name
+ location = var.cluster_location
+ project = var.project_id
+}
+
+provider "kubernetes" {
+ host = "https://${data.google_container_cluster.primary.endpoint}"
+ cluster_ca_certificate = base64decode(data.google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
+ token = data.google_client_config.current.access_token
+}
+
+
+
+# Spin up all required services
+module "wandb" {
+ source = "../../"
+
+ namespace = var.namespace
+ license = var.license
+ domain_name = var.domain_name
+ subdomain = var.subdomain
+
+ gke_machine_type = var.gke_machine_type
+
+ wandb_version = var.wandb_version
+ wandb_image = var.wandb_image
+
+ network = var.network
+ subnetwork = var.subnetwork
+ allowed_inbound_cidr = var.allowed_inbound_cidr
+
+ create_redis = false
+ use_internal_queue = true
+ force_ssl = var.force_ssl
+
+ deletion_protection = false
+
+ database_sort_buffer_size = var.database_sort_buffer_size
+ database_machine_type = var.database_machine_type
+
+ disable_code_saving = var.disable_code_saving
+}
+
+# You'll want to update your DNS with the provisioned IP address
+
+output "url" {
+ value = module.wandb.url
+}
+
+output "address" {
+ value = module.wandb.address
+}
+
+output "bucket_name" {
+ value = module.wandb.bucket_name
+}
diff --git a/main.tf b/main.tf
index f043fa86..6415247f 100644
--- a/main.tf
+++ b/main.tf
@@ -130,37 +130,62 @@ locals {
bucket_queue = var.use_internal_queue ? "internal://" : "pubsub:/${module.storage.0.bucket_queue_name}"
}
-module "gke_app" {
- source = "wandb/wandb/kubernetes"
- version = "1.6.0"
-
- license = var.license
-
- host = local.url
- bucket = "gs://${local.bucket}"
- bucket_queue = local.bucket_queue
- database_connection_string = module.database.connection_string
- redis_connection_string = local.redis_connection_string
- redis_ca_cert = local.redis_certificate
-
- oidc_client_id = var.oidc_client_id
- oidc_issuer = var.oidc_issuer
- oidc_auth_method = var.oidc_auth_method
- oidc_secret = var.oidc_secret
- local_restore = var.local_restore
- other_wandb_env = merge({
- "GORILLA_DISABLE_CODE_SAVING" = var.disable_code_saving
- }, var.other_wandb_env)
-
- wandb_image = var.wandb_image
- wandb_version = var.wandb_version
-
- # If we dont wait, tf will start trying to deploy while the work group is
- # still spinning up
- depends_on = [
- module.database,
- module.redis,
- module.storage,
- module.app_gke
- ]
+module "wandb" {
+ source = "wandb/wandb/helm"
+ version = "1.2.0"
+
+ spec = {
+ values = {
+ global = {
+ host = local.url
+
+ bucket = {
+ provider = "gcs"
+ name = local.bucket
+ }
+
+ mysql = {
+ name = module.database.database_name
+ user = module.database.username
+ password = module.database.password
+ database = module.database.database_name
+ host = module.database.private_ip_address
+ port = 3306
+ }
+
+ redis = var.create_redis ? {
+ password = module.redis.0.auth_string
+ host = module.redis.0.host
+ port = module.redis.0.port
+ caCert = module.redis.0.ca_cert
+ params = {
+ tls = true
+ ttlInSeconds = 604800
+ caCertPath = "/etc/ssl/certs/redis_ca.pem"
+ }
+ } : null
+ }
+
+ app = {
+ extraEnvs = {
+ "BUCKET_QUEUE" = local.bucket_queue
+ "GORILLA_DISABLE_CODE_SAVING" = tostring(var.disable_code_saving)
+ }
+ }
+
+ ingress = {
+ issuer = { create = true, provider = "google" }
+ annotations = {
+ "kubernetes.io/ingress.global-static-ip-name" = module.app_lb.address_name
+ "kubernetes.io/ingress.class" = "gce"
+ }
+ }
+
+ redis = { install = false }
+ mysql = { install = false }
+ }
+ }
+
+ operator_chart_version = "1.1.0"
+ controller_image_tag = "1.8.9"
}
diff --git a/modules/app_gke/main.tf b/modules/app_gke/main.tf
index e65724ce..6ad68401 100644
--- a/modules/app_gke/main.tf
+++ b/modules/app_gke/main.tf
@@ -11,7 +11,6 @@ resource "google_container_cluster" "default" {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
-
ip_allocation_policy {
cluster_ipv4_cidr_block = "/14"
services_ipv4_cidr_block = "/19"
diff --git a/modules/app_lb/http/main.tf b/modules/app_lb/http/main.tf
deleted file mode 100644
index a8374887..00000000
--- a/modules/app_lb/http/main.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-resource "google_compute_target_http_proxy" "default" {
- name = "${var.namespace}-http-proxy"
- url_map = var.url_map.id
-}
-
-resource "google_compute_global_forwarding_rule" "default" {
- name = "${var.namespace}-http"
-
- target = google_compute_target_http_proxy.default.id
- port_range = "80"
- ip_address = var.ip_address
-
- labels = var.labels
-}
diff --git a/modules/app_lb/http/variables.tf b/modules/app_lb/http/variables.tf
deleted file mode 100644
index 50ce3b2d..00000000
--- a/modules/app_lb/http/variables.tf
+++ /dev/null
@@ -1,18 +0,0 @@
-variable "namespace" {
- type = string
- description = "Friendly name prefix used for tagging and naming AWS resources."
-}
-
-variable "url_map" {
- type = object({ id = string })
-}
-
-variable "ip_address" {
- type = string
-}
-
-variable "labels" {
- description = "Labels which will be applied to all applicable resources."
- type = map(string)
- default = {}
-}
diff --git a/modules/app_lb/https/main.tf b/modules/app_lb/https/main.tf
deleted file mode 100644
index a7757d83..00000000
--- a/modules/app_lb/https/main.tf
+++ /dev/null
@@ -1,38 +0,0 @@
-# Create a managed SSL certificate that's issued and renewed by Google
-resource "google_compute_managed_ssl_certificate" "default" {
- name = "${var.namespace}-cert"
-
- managed {
- domains = [var.fqdn]
- }
-}
-
-# Configure an HTTPS proxy with the Google-managed certificate and route it to
-# the URL map
-resource "google_compute_target_https_proxy" "default" {
- name = "${var.namespace}-https-proxy"
- url_map = var.url_map.id
- ssl_certificates = [google_compute_managed_ssl_certificate.default.id]
- ssl_policy = google_compute_ssl_policy.default.id
-}
-
-# Configure a global forwarding rule to route the HTTPS traffic on the IP
-# address to the target HTTPS proxy:
-resource "google_compute_global_forwarding_rule" "default" {
- name = "${var.namespace}-https"
- target = google_compute_target_https_proxy.default.id
- port_range = "443"
- ip_address = var.ip_address
- labels = var.labels
-}
-
-# SSL Policy to apply to Target Https Proxy
-resource "google_compute_ssl_policy" "default" {
- name = "${var.namespace}-ssl-policy"
- profile = "MODERN"
- min_tls_version = "TLS_1_2"
-
- lifecycle {
- create_before_destroy = true
- }
-}
diff --git a/modules/app_lb/https/redirect.tf b/modules/app_lb/https/redirect.tf
deleted file mode 100644
index f6f3ace8..00000000
--- a/modules/app_lb/https/redirect.tf
+++ /dev/null
@@ -1,18 +0,0 @@
-resource "google_compute_url_map" "redirect_to_https" {
- name = "${var.namespace}-https-redirect"
-
- default_url_redirect {
- https_redirect = true
- redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
- strip_query = false
- }
-}
-
-module "http" {
- source = "../http"
- namespace = var.namespace
- url_map = google_compute_url_map.redirect_to_https
- ip_address = var.ip_address
-
- labels = var.labels
-}
diff --git a/modules/app_lb/https/variables.tf b/modules/app_lb/https/variables.tf
deleted file mode 100644
index f073137b..00000000
--- a/modules/app_lb/https/variables.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-variable "namespace" {
- type = string
- description = "Friendly name prefix used for tagging and naming AWS resources."
-}
-
-variable "url_map" {
- type = object({ id = string })
-}
-
-variable "ip_address" {
- type = string
-}
-
-variable "fqdn" {
- type = string
-}
-
-variable "labels" {
- description = "Labels which will be applied to all applicable resources."
- type = map(string)
- default = {}
-}
diff --git a/modules/app_lb/main.tf b/modules/app_lb/main.tf
index d52e3fdc..d5db2c25 100644
--- a/modules/app_lb/main.tf
+++ b/modules/app_lb/main.tf
@@ -1,37 +1,3 @@
resource "google_compute_global_address" "default" {
name = "${var.namespace}-address"
}
-
-# Create a URL map that points to the GKE service
-module "url_map" {
- source = "./url_map"
- namespace = var.namespace
- group = var.group
- target_port = var.target_port
- network = var.network
- ip_address = google_compute_global_address.default.address
- allowed_inbound_cidr = var.allowed_inbound_cidr
-}
-
-module "http" {
- count = var.ssl ? 0 : 1
-
- source = "./http"
- namespace = var.namespace
- url_map = module.url_map.app
- ip_address = google_compute_global_address.default.address
-
- labels = var.labels
-}
-
-module "https" {
- count = var.ssl ? 1 : 0
-
- source = "./https"
- fqdn = var.fqdn
- namespace = var.namespace
- url_map = module.url_map.app
- ip_address = google_compute_global_address.default.address
-
- labels = var.labels
-}
diff --git a/modules/app_lb/outputs.tf b/modules/app_lb/outputs.tf
index 3a022d67..9090eb89 100644
--- a/modules/app_lb/outputs.tf
+++ b/modules/app_lb/outputs.tf
@@ -1,3 +1,7 @@
+output "address_name" {
+ value = google_compute_global_address.default.name
+}
+
output "address" {
value = google_compute_global_address.default.address
}
\ No newline at end of file
diff --git a/modules/app_lb/url_map/main.tf b/modules/app_lb/url_map/main.tf
deleted file mode 100644
index c8e09dec..00000000
--- a/modules/app_lb/url_map/main.tf
+++ /dev/null
@@ -1,102 +0,0 @@
-locals {
- port_name = "${var.namespace}-local-port"
-}
-
-resource "google_compute_instance_group_named_port" "default" {
- group = var.group
- name = local.port_name
- port = var.target_port
-}
-
-resource "google_compute_health_check" "gke_ingress" {
- name = "${var.namespace}-hc-gke-ingress"
-
- http_health_check {
- port = var.target_port
- request_path = "/ready"
- }
-
- log_config {
- enable = true
- }
-}
-
-# This is an ingress rule that allows traffic from the Google Cloud health
-# checking systems (130.211.0.0/22 and 35.191.0.0/16).
-# https://cloud.google.com/load-balancing/docs/https/ext-https-lb-simple#firewall
-resource "google_compute_firewall" "hc" {
- name = "${var.namespace}-hc"
- network = var.network.self_link
- source_ranges = ["130.211.0.0/22", "35.191.0.0/16"]
- direction = "INGRESS"
- priority = 5
-
- allow {
- protocol = "tcp"
- ports = [var.target_port]
- }
-}
-
-
-resource "google_compute_security_policy" "default" {
- name = var.namespace
-
- rule {
- action = "deny(403)"
- priority = 2147483647
- match {
- versioned_expr = "SRC_IPS_V1"
- config {
- src_ip_ranges = ["*"]
- }
- }
- description = "Deny access to all IPs"
- }
-
- rule {
- action = "allow"
- priority = 1
- match {
- versioned_expr = "SRC_IPS_V1"
- config {
- src_ip_ranges = var.allowed_inbound_cidr
- }
- }
- description = "allow list rule"
- }
-}
-
-resource "google_compute_backend_service" "default" {
- name = "${var.namespace}-gke-ingress"
- timeout_sec = 10
- protocol = "HTTP"
- enable_cdn = false
- port_name = local.port_name
-
- security_policy = google_compute_security_policy.default.id
-
- log_config {
- enable = true
- sample_rate = 1.0
- }
-
- backend {
- # https://github.com/hashicorp/terraform/issues/4336
- group = replace(var.group, "Manager", "")
- }
-
- health_checks = [google_compute_health_check.gke_ingress.id]
-
- lifecycle {
- create_before_destroy = true
- }
-}
-
-resource "google_compute_url_map" "default" {
- name = "${var.namespace}-urlmap"
- default_service = google_compute_backend_service.default.self_link
-
- lifecycle {
- create_before_destroy = true
- }
-}
diff --git a/modules/app_lb/url_map/outputs.tf b/modules/app_lb/url_map/outputs.tf
deleted file mode 100644
index 1df476db..00000000
--- a/modules/app_lb/url_map/outputs.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-output "app" {
- value = google_compute_url_map.default
-}
\ No newline at end of file
diff --git a/modules/app_lb/url_map/variables.tf b/modules/app_lb/url_map/variables.tf
deleted file mode 100644
index 94b2ffc2..00000000
--- a/modules/app_lb/url_map/variables.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-variable "namespace" {
- type = string
- description = "Friendly name prefix used for tagging and naming AWS resources."
-}
-
-variable "ip_address" {
- type = string
-}
-
-variable "group" {
- type = string
-}
-
-variable "target_port" {
- type = number
- default = 32543
-}
-
-variable "network" {
- description = "Google Compute Engine network to which the cluster is connected."
- type = object({ self_link = string })
-}
-
-variable "allowed_inbound_cidr" {
- type = list(string)
- default = ["*"]
- description = "(Optional) Allow HTTP(S) traffic to W&B. Defaults to all connections."
-}
diff --git a/modules/redis/outputs.tf b/modules/redis/outputs.tf
index a2706ec4..0ed33814 100644
--- a/modules/redis/outputs.tf
+++ b/modules/redis/outputs.tf
@@ -10,3 +10,10 @@ output "auth_string" {
value = google_redis_instance.default.auth_string
}
+output "host" {
+ value = google_redis_instance.default.host
+}
+
+output "port" {
+ value = google_redis_instance.default.port
+}
diff --git a/versions.tf b/versions.tf
index d06e7b63..ed96a606 100644
--- a/versions.tf
+++ b/versions.tf
@@ -9,5 +9,9 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.9"
}
+ helm = {
+ source = "hashicorp/helm"
+ version = "~> 2.10"
+ }
}
}
\ No newline at end of file