Skip to content

vespa-cloud/terraform-google-enclave

Repository files navigation

Vespa Cloud Enclave Terraform

This Terraform module handles bootstrapping of a GCP project such that it can be part of a Vespa Cloud Enclave.

After declaring the providers, set up the global enclave module. This module configures the global GCP resources like IAM roles and service accounts needed to get started.

Then for each Enclave you want to host in your project - declare the zone module for each Vespa Cloud zone you need.

Example use:

provider "google" {
    project = "my-gcp-project"
}

module "enclave" {
    source = "vespa-cloud/enclave/google"
    tenant_name = "vespa"
}

module "zone_prod_us_central1_f" {
    source = "vespa-cloud/enclave/google//modules/zone"
    zone = module.enclave.zones.prod.gcp_us_central1_f

    archive_reader_members = [
        # Members allowed to read objects in the storage archive.
        # Members are on the format described here: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam#argument-reference
    ]
}

module "zone_prod_europe_west3_b" {
    source = "vespa-cloud/enclave/google//modules/zone"
    zone = module.enclave.zones.prod.gcp_europe_west3_b

    archive_reader_members = [
        # Members allowed to read objects in the storage archive.
    ]
}

SSH

To grant the Vespa Cloud operations team low-level SSH access to the hosts inside the Enclave through GCP OS Login, set enable_ssh = true.

Only enable this if you explicitly wish to grant this access.

module "enclave" {
    source      = "vespa-cloud/enclave/google"
    tenant_name = "<vespa cloud tenant>"
    enable_ssh  = true
}

About

Terraform modules for Vespa Cloud Enclave (GCP)

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 7

Languages