Unverified Commit ec3f49c3 authored by Yun Guo's avatar Yun Guo

move database-backup to separate repo

parent b269b5bd
......@@ -806,6 +806,6 @@ module "postgres-backup" {
gcs_postgres_backup_service_account = "${var.gcs_postgres_backup_service_account}"
restore_service_account = "${var.gcs_postgres_restore_service_account}"
kms_key_id = "${var.gcs_postgres_backup_kms_key_id}"
source = "../../modules/gitlab-database-backup"
source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/database-backup-bucket.git"
retention_days = "${var.postgres_backup_retention_days}"
}
# GCS buckets used for the postgres WAL archive and snapshots
variable "environment" {}
variable "gcs_postgres_backup_service_account" {}
variable "restore_service_account" {}
variable "kms_key_id" {}
variable "retention_days" {}
resource "google_storage_bucket" "postgres-backup" {
name = "gitlab-${var.environment}-postgres-backup"
labels = {
tfmanaged = "yes"
}
location = "us"
storage_class = "MULTI_REGIONAL"
lifecycle_rule = {
action = {
type = "Delete"
}
condition = {
age = "${var.retention_days}"
is_live = "true"
}
}
logging = {
log_bucket = "gitlab-${var.environment}-storage-logs"
}
encryption = {
default_kms_key_name = "${var.kms_key_id}"
}
}
# These bindings are for the wal-e process that pushes and pulls WAL archive/snapshots
resource "google_storage_bucket_iam_binding" "postgres-backup-binding-wale1" {
bucket = "gitlab-${var.environment}-postgres-backup"
role = "roles/storage.objectCreator"
depends_on = ["google_storage_bucket.postgres-backup"]
members = ["serviceAccount:${var.gcs_postgres_backup_service_account}"]
}
# Unfortunately, wal-e also needs to overwrite objects (after a basebackup is finished, it re-pushes a file).
# However, we have a retention policy in place that prevents objects from being permanently deleted.
resource "google_storage_bucket_iam_binding" "postgres-backup-binding-wale-admin" {
bucket = "gitlab-${var.environment}-postgres-backup"
role = "roles/storage.objectAdmin"
depends_on = ["google_storage_bucket.postgres-backup"]
members = ["serviceAccount:${var.gcs_postgres_backup_service_account}"]
}
resource "google_storage_bucket_iam_binding" "postgres-backup-binding-wale2" {
bucket = "gitlab-${var.environment}-postgres-backup"
role = "roles/storage.objectViewer"
depends_on = ["google_storage_bucket.postgres-backup"]
members = ["serviceAccount:${var.gcs_postgres_backup_service_account}", "serviceAccount:${var.restore_service_account}"]
}
resource "google_storage_bucket_iam_binding" "postgres-backup-binding-wale3" {
bucket = "gitlab-${var.environment}-postgres-backup"
role = "roles/storage.legacyBucketReader"
depends_on = ["google_storage_bucket.postgres-backup"]
members = ["serviceAccount:${var.gcs_postgres_backup_service_account}", "serviceAccount:${var.restore_service_account}"]
}
......@@ -426,7 +426,7 @@ module "postgres-backup" {
gcs_postgres_backup_service_account = "${var.gcs_postgres_backup_service_account}"
restore_service_account = "${var.gcs_postgres_restore_service_account}"
kms_key_id = "${var.gcs_postgres_backup_kms_key_id}"
source = "../../modules/gitlab-database-backup"
source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/database-backup-bucket.git"
retention_days = "${var.postgres_backup_retention_days}"
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment