new project

terraform/argocd.tf

@@ -1,50 +1,50 @@
-# # This hcl file is responsible for the deployment of argocd to the existing gke cluster.
+# This hcl file is responsible for the deployment of argocd to the existing gke cluster.
 
-# # This ensures that the delay happens only after the GKE cluster has been created
-# resource "time_sleep" "wait_30_seconds" {
-#   depends_on      = [google_container_cluster.main]
-#   create_duration = "30s"
-# }
+# This ensures that the delay happens only after the GKE cluster has been created
+resource "time_sleep" "wait_30_seconds" {
+  depends_on      = [google_container_cluster.main]
+  create_duration = "30s"
+}
 
-# # Authenticating with the GKE Cluster
-# # Terraform needs to authenticate to gke cluster to be able to apply manifest files
-# module "gke_auth" {
-#   depends_on = [time_sleep.wait_30_seconds]
-#   # This module is sourced from the Terraform Google modules for Kubernetes Engine and is specifically for setting up authentication
-#   source               = "terraform-google-modules/kubernetes-engine/google//modules/auth"
-#   project_id           = var.project_id
-#   cluster_name         = google_container_cluster.main.name
-#   location             = var.location
-#   use_private_endpoint = false
-# }
-#
-# # Manifest file that creates argocd namespace
-# data "kubectl_file_documents" "namespace" {
-#   content = file("../manifests/argocd/namespace.yaml")
-# }
+# Authenticating with the GKE Cluster
+# Terraform needs to authenticate to gke cluster to be able to apply manifest files
+module "gke_auth" {
+  depends_on = [time_sleep.wait_30_seconds]
+  # This module is sourced from the Terraform Google modules for Kubernetes Engine and is specifically for setting up authentication
+  source               = "terraform-google-modules/kubernetes-engine/google//modules/auth"
+  project_id           = var.project_id
+  cluster_name         = google_container_cluster.main.name
+  location             = var.location
+  use_private_endpoint = false
+}
 
-# # Creates argocd namespace within our k8s cluster.
-# resource "kubectl_manifest" "namespace" {
-#   # for_each iterates over each manifest in the namespace file
-#   for_each = data.kubectl_file_documents.namespace.manifests
-#   # Applies the content of each manifest to the Kubernetes cluster
-#   yaml_body = each.value
-#   # Forces the namespace to be set to argocd, ensuring that all resources are created in the correct namespace
-#   override_namespace = "argocd"
-# }
+# Manifest file that creates argocd namespace
+data "kubectl_file_documents" "namespace" {
+  content = file("../manifests/argocd/namespace.yaml")
+}
 
-# # Installation script for argocd, retrieved from its repository.
-# data "kubectl_file_documents" "argocd" {
-#   content = file("../manifests/argocd/install.yaml")
-# }
+# Creates argocd namespace within our k8s cluster.
+resource "kubectl_manifest" "namespace" {
+  # for_each iterates over each manifest in the namespace file
+  for_each = data.kubectl_file_documents.namespace.manifests
+  # Applies the content of each manifest to the Kubernetes cluster
+  yaml_body = each.value
+  # Forces the namespace to be set to argocd, ensuring that all resources are created in the correct namespace
+  override_namespace = "argocd"
+}
 
-# resource "kubectl_manifest" "argocd" {
-#   # It needs to depend on namespace creation, since we'll deploy argocd into argocd namespace
-#   depends_on = [kubectl_manifest.namespace]
-#   # for_each iterates over each manifest in the namespace file
-#   for_each = data.kubectl_file_documents.argocd.manifests
-#   # Applies the content of each manifest to the Kubernetes cluster
-#   yaml_body = each.value
-#   # Forces the namespace to be set to argocd, ensuring that all resources are created in the correct namespace
-#   override_namespace = "argocd"
-# }
+# Installation script for argocd, retrieved from its repository.
+data "kubectl_file_documents" "argocd" {
+  content = file("../manifests/argocd/install.yaml")
+}
+
+resource "kubectl_manifest" "argocd" {
+  # It needs to depend on namespace creation, since we'll deploy argocd into argocd namespace
+  depends_on = [kubectl_manifest.namespace]
+  # for_each iterates over each manifest in the namespace file
+  for_each = data.kubectl_file_documents.argocd.manifests
+  # Applies the content of each manifest to the Kubernetes cluster
+  yaml_body = each.value
+  # Forces the namespace to be set to argocd, ensuring that all resources are created in the correct namespace
+  override_namespace = "argocd"
+}

terraform/cluster.tf

@@ -1,48 +1,48 @@
-# # This file is responsible for the creation of gke cluster, and a service account.
+# This file is responsible for the creation of gke cluster, and a service account.
 
-# resource "google_service_account" "main" {
-#   # Since there will be two clusters for 'prod' and 'dev' envs, we need to be able to
-#   # distinguish their service accounts.
-#   account_id   = "gke-${var.cluster_name}-${var.branch}-sa"
-#   display_name = "GKE Cluster ${var.cluster_name}-${var.branch} Service Account"
-# }
+resource "google_service_account" "main" {
+  # Since there will be two clusters for 'prod' and 'dev' envs, we need to be able to
+  # distinguish their service accounts.
+  account_id   = "gke-${var.cluster_name}-${var.branch}-sa"
+  display_name = "GKE Cluster ${var.cluster_name}-${var.branch} Service Account"
+}
 
-# #After the creation of service account, the email attribute will be exposed automatically.
-# #With locals definition, it will be more readable for users to see which attributes are created.
-# locals {
-#   service_account_email = google_service_account.main.email
-# }
-# # trigger
-# resource "google_container_cluster" "main" {
-#   name               = "${var.cluster_name}-${var.branch}"
-#   location           = var.location
-#   initial_node_count = 2
+#After the creation of service account, the email attribute will be exposed automatically.
+#With locals definition, it will be more readable for users to see which attributes are created.
+locals {
+  service_account_email = google_service_account.main.email
+}
+# trigger
+resource "google_container_cluster" "main" {
+  name               = "${var.cluster_name}-${var.branch}"
+  location           = var.location
+  initial_node_count = 2
 
-#   # Only for prod env it will be deployed, since prod won't accept not-attested images
-#   dynamic "binary_authorization" {
-#     for_each = var.branch == "prod" ? [1] : []
-#     content {
-#       evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
-#     }
-#   }
+  # Only for prod env it will be deployed, since prod won't accept not-attested images
+  dynamic "binary_authorization" {
+    for_each = var.branch == "prod" ? [1] : []
+    content {
+      evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+    }
+  }
 
-#   node_config {
-#     # 4 vcpu, 16 gb ram
-#     machine_type    = "e2-standard-4"
-#     service_account = local.service_account_email # Retrieving the email of the service account from locals
-#     disk_size_gb    = 50                          # Setting persistent disk ssd size, quota is 250 GB
-#     oauth_scopes = [
-#       # This scope is a Google Cloud OAuth scope that grants the client full access to all Google Cloud services.
-#       # It’s a broad scope that allows the application or service account to perform any action across the entire Google Cloud Platform,
-#       # including managing resources, accessing APIs, and interacting with various services.
-#       "https://www.googleapis.com/auth/cloud-platform"
+  node_config {
+    # 4 vcpu, 16 gb ram
+    machine_type    = "e2-standard-4"
+    service_account = local.service_account_email # Retrieving the email of the service account from locals
+    disk_size_gb    = 50                          # Setting persistent disk ssd size, quota is 250 GB
+    oauth_scopes = [
+      # This scope is a Google Cloud OAuth scope that grants the client full access to all Google Cloud services.
+      # It’s a broad scope that allows the application or service account to perform any action across the entire Google Cloud Platform,
+      # including managing resources, accessing APIs, and interacting with various services.
+      "https://www.googleapis.com/auth/cloud-platform"
 
-#     ]
-#   }
+    ]
+  }
 
-#   # Defines how long Terraform should wait for the create and update operations to complete.
-#   timeouts {
-#     create = "30m" # Allows up to 30 minutes for the cluster creation process
-#     update = "40m" # Allows up to 40 minutes for the cluster update process
-#   }
-# }
+  # Defines how long Terraform should wait for the create and update operations to complete.
+  timeouts {
+    create = "30m" # Allows up to 30 minutes for the cluster creation process
+    update = "40m" # Allows up to 40 minutes for the cluster update process
+  }
+}

terraform/provider.tf

@@ -7,14 +7,14 @@ provider "google" {
   zone    = var.zone
 }
 
-# provider "kubectl" {
-#   host                   = module.gke_auth.host
-#   cluster_ca_certificate = module.gke_auth.cluster_ca_certificate
-#   token                  = module.gke_auth.token
-#   # Ensures Terraform uses the connection details provided directly in the
-#   # Terraform configuration (e.g., host, cluster_ca_certificate, token), rather than relying on the local Kubernetes config file (~/.kube/config).
-#   load_config_file = false
-# }
+provider "kubectl" {
+  host                   = module.gke_auth.host
+  cluster_ca_certificate = module.gke_auth.cluster_ca_certificate
+  token                  = module.gke_auth.token
+  # Ensures Terraform uses the connection details provided directly in the
+  # Terraform configuration (e.g., host, cluster_ca_certificate, token), rather than relying on the local Kubernetes config file (~/.kube/config).
+  load_config_file = false
+}
 
 terraform {
   required_providers {