Docker registry

docker-registry-production-1/Makefile

@@ -0,0 +1,36 @@
+ENV_SHORT := production
+INFRA := docker-registry
+VAULT_SOURCE_PATH := docker-registry
+VAULT_SECRET_KEY := docker-registry
+VAULT_GCP_SECRET_KEY := docker-gcp-registry-prod-1
+TOP := $(shell git rev-parse --show-toplevel)
+
+ifeq ($(VAULT_ADDR),)
+  $(error VAULT_ADDR is not set)
+endif
+
+ifeq ($(VAULT_TOKEN),)
+  $(error VAULT_TOKEN is not set)
+endif
+
+include $(TOP)/terraform-common.mk
+include $(TOP)/trvs.mk
+
+# Use terraform v0.12.29
+PROD_TF_VERSION := v0.12.29
+TERRAFORM := $(TF_INSTALLATION_PREFIX)/terraform-$(PROD_TF_VERSION)
+
+export PROD_TF_VERSION
+export TERRAFORM
+
+.config: $(ENV_NAME).auto.tfvars $(TRVS_INFRA_ENV_TFVARS)
+
+$(ENV_NAME).auto.tfvars:
+	@echo "" >$@
+
+$(TRVS_INFRA_ENV_TFVARS):
+	vault kv get -format=json -field=data ${VAULT_SOURCE_PATH}/${VAULT_SECRET_KEY} > ${VAULT_SECRET_KEY}.auto.tfvars.json
+	vault kv get -format=json -field=data ${VAULT_SOURCE_PATH}/${VAULT_GCP_SECRET_KEY} > ${VAULT_GCP_SECRET_KEY}.auto.tfvars.json
+
+$(TRVS_ENV_NAME_TFVARS):
+	@echo "" >$@

docker-registry-production-1/main.tf

@@ -0,0 +1,83 @@
+variable "env" {
+  default = "production"
+}
+
+variable "index" {
+  default = 1
+}
+
+variable "project" {
+  default = "eco-emissary-99515"
+}
+
+variable "region" {
+  default = "us-central1"
+}
+
+variable "machine_type" {
+  default = "n1-standard-4"
+}
+
+variable "target_size" {
+  default = 2
+}
+
+variable "REGISTRY_HTTP_TLS_CERTIFICATE" {}
+variable "REGISTRY_HTTP_TLS_KEY" {}
+
+variable "APPLICATION_DEFAULT_CREDENTIALS" {}
+
+terraform {
+  backend "s3" {
+    bucket         = "travis-terraform-state"
+    key            = "terraform-config/docker-registry-production-1.tfstate"
+    region         = "us-east-1"
+    encrypt        = "true"
+    dynamodb_table = "travis-terraform-state"
+  }
+}
+
+provider "google" {
+  project = var.project
+  region  = var.region
+}
+
+provider "google-beta" {
+  project = var.project
+  region  = var.region
+}
+
+module "docker_registry" {
+  source = "../modules/docker_registry"
+
+  cache_size_mb  = 3000
+  env            = var.env
+  index          = var.index
+  machine_type   = var.machine_type
+  target_size    = var.target_size
+
+  REGISTRY_HTTP_TLS_CERTIFICATE = var.REGISTRY_HTTP_TLS_CERTIFICATE
+  REGISTRY_HTTP_TLS_KEY = var.REGISTRY_HTTP_TLS_KEY
+
+  APPLICATION_DEFAULT_CREDENTIALS = var.APPLICATION_DEFAULT_CREDENTIALS
+}
+
+module "docker_registry_east" {
+  source = "../modules/docker_registry"
+
+  cache_size_mb  = 3000
+  env            = var.env
+  index          = var.index
+  machine_type   = var.machine_type
+  target_size    = var.target_size
+  network        = "main-us-east1"
+
+  REGISTRY_HTTP_TLS_CERTIFICATE = var.REGISTRY_HTTP_TLS_CERTIFICATE
+  REGISTRY_HTTP_TLS_KEY = var.REGISTRY_HTTP_TLS_KEY
+
+  APPLICATION_DEFAULT_CREDENTIALS = var.APPLICATION_DEFAULT_CREDENTIALS
+
+  prefix = "-east"
+  region = "us-east1"
+  zones  = ["b", "c", "d"]
+}

docker-registry-production-2/Makefile

@@ -0,0 +1,36 @@
+ENV_SHORT := production
+INFRA := docker-registry
+VAULT_SOURCE_PATH := docker-registry
+VAULT_SECRET_KEY := docker-registry
+VAULT_GCP_SECRET_KEY := docker-gcp-registry-prod-2
+TOP := $(shell git rev-parse --show-toplevel)
+
+ifeq ($(VAULT_ADDR),)
+  $(error VAULT_ADDR is not set)
+endif
+
+ifeq ($(VAULT_TOKEN),)
+  $(error VAULT_TOKEN is not set)
+endif
+
+include $(TOP)/terraform-common.mk
+include $(TOP)/trvs.mk
+
+# Use terraform v0.12.29
+PROD_TF_VERSION := v0.12.29
+TERRAFORM := $(TF_INSTALLATION_PREFIX)/terraform-$(PROD_TF_VERSION)
+
+export PROD_TF_VERSION
+export TERRAFORM
+
+.config: $(ENV_NAME).auto.tfvars $(TRVS_INFRA_ENV_TFVARS)
+
+$(ENV_NAME).auto.tfvars:
+	@echo "" >$@
+
+$(TRVS_INFRA_ENV_TFVARS):
+	vault kv get -format=json -field=data ${VAULT_SOURCE_PATH}/${VAULT_SECRET_KEY} > ${VAULT_SECRET_KEY}.auto.tfvars.json
+	vault kv get -format=json -field=data ${VAULT_SOURCE_PATH}/${VAULT_GCP_SECRET_KEY} > ${VAULT_GCP_SECRET_KEY}.auto.tfvars.json
+
+$(TRVS_ENV_NAME_TFVARS):
+	@echo "" >$@

docker-registry-production-2/main.tf

@@ -0,0 +1,83 @@
+variable "env" {
+  default = "production"
+}
+
+variable "index" {
+  default = 1
+}
+
+variable "project" {
+  default = "travis-ci-prod-2"
+}
+
+variable "region" {
+  default = "us-central1"
+}
+
+variable "machine_type" {
+  default = "n1-standard-4"
+}
+
+variable "target_size" {
+  default = 2
+}
+
+variable "REGISTRY_HTTP_TLS_CERTIFICATE" {}
+variable "REGISTRY_HTTP_TLS_KEY" {}
+
+variable "APPLICATION_DEFAULT_CREDENTIALS" {}
+
+terraform {
+  backend "s3" {
+    bucket         = "travis-terraform-state"
+    key            = "terraform-config/docker-registry-production-2.tfstate"
+    region         = "us-east-1"
+    encrypt        = "true"
+    dynamodb_table = "travis-terraform-state"
+  }
+}
+
+provider "google" {
+  project = var.project
+  region  = var.region
+}
+
+provider "google-beta" {
+  project = var.project
+  region  = var.region
+}
+
+module "docker_registry" {
+  source = "../modules/docker_registry"
+
+  cache_size_mb  = 3000
+  env            = var.env
+  index          = var.index
+  machine_type   = var.machine_type
+  target_size    = var.target_size
+
+  REGISTRY_HTTP_TLS_CERTIFICATE = var.REGISTRY_HTTP_TLS_CERTIFICATE
+  REGISTRY_HTTP_TLS_KEY = var.REGISTRY_HTTP_TLS_KEY
+
+  APPLICATION_DEFAULT_CREDENTIALS = var.APPLICATION_DEFAULT_CREDENTIALS
+}
+
+module "docker_registry_east" {
+  source = "../modules/docker_registry"
+
+  cache_size_mb  = 3000
+  env            = var.env
+  index          = var.index
+  machine_type   = var.machine_type
+  target_size    = var.target_size
+  network        = "main-us-east1"
+
+  REGISTRY_HTTP_TLS_CERTIFICATE = var.REGISTRY_HTTP_TLS_CERTIFICATE
+  REGISTRY_HTTP_TLS_KEY = var.REGISTRY_HTTP_TLS_KEY
+
+APPLICATION_DEFAULT_CREDENTIALS = var.APPLICATION_DEFAULT_CREDENTIALS
+
+  prefix = "-east"
+  region = "us-east1"
+  zones  = ["b", "c", "d"]
+}

docker-registry-production-3/Makefile

@@ -0,0 +1,36 @@
+ENV_SHORT := production
+INFRA := docker-registry
+VAULT_SOURCE_PATH := docker-registry
+VAULT_SECRET_KEY := docker-registry
+VAULT_GCP_SECRET_KEY := docker-gcp-registry-prod-3
+TOP := $(shell git rev-parse --show-toplevel)
+
+ifeq ($(VAULT_ADDR),)
+  $(error VAULT_ADDR is not set)
+endif
+
+ifeq ($(VAULT_TOKEN),)
+  $(error VAULT_TOKEN is not set)
+endif
+
+include $(TOP)/terraform-common.mk
+include $(TOP)/trvs.mk
+
+# Use terraform v0.12.29
+PROD_TF_VERSION := v0.12.29
+TERRAFORM := $(TF_INSTALLATION_PREFIX)/terraform-$(PROD_TF_VERSION)
+
+export PROD_TF_VERSION
+export TERRAFORM
+
+.config: $(ENV_NAME).auto.tfvars $(TRVS_INFRA_ENV_TFVARS)
+
+$(ENV_NAME).auto.tfvars:
+	@echo "" >$@
+
+$(TRVS_INFRA_ENV_TFVARS):
+	vault kv get -format=json -field=data ${VAULT_SOURCE_PATH}/${VAULT_SECRET_KEY} > ${VAULT_SECRET_KEY}.auto.tfvars.json
+	vault kv get -format=json -field=data ${VAULT_SOURCE_PATH}/${VAULT_GCP_SECRET_KEY} > ${VAULT_GCP_SECRET_KEY}.auto.tfvars.json
+
+$(TRVS_ENV_NAME_TFVARS):
+	@echo "" >$@

docker-registry-production-3/main.tf

@@ -0,0 +1,83 @@
+variable "env" {
+  default = "production"
+}
+
+variable "index" {
+  default = 1
+}
+
+variable "project" {
+  default = "travis-ci-prod-3"
+}
+
+variable "region" {
+  default = "us-central1"
+}
+
+variable "machine_type" {
+  default = "n1-standard-4"
+}
+
+variable "target_size" {
+  default = 2
+}
+
+variable "REGISTRY_HTTP_TLS_CERTIFICATE" {}
+variable "REGISTRY_HTTP_TLS_KEY" {}
+
+variable "APPLICATION_DEFAULT_CREDENTIALS" {}
+
+terraform {
+  backend "s3" {
+    bucket         = "travis-terraform-state"
+    key            = "terraform-config/docker-registry-production-3.tfstate"
+    region         = "us-east-1"
+    encrypt        = "true"
+    dynamodb_table = "travis-terraform-state"
+  }
+}
+
+provider "google" {
+  project = var.project
+  region  = var.region
+}
+
+provider "google-beta" {
+  project = var.project
+  region  = var.region
+}
+
+module "docker_registry" {
+  source = "../modules/docker_registry"
+
+  cache_size_mb  = 3000
+  env            = var.env
+  index          = var.index
+  machine_type   = var.machine_type
+  target_size    = var.target_size
+
+  REGISTRY_HTTP_TLS_CERTIFICATE = "${var.REGISTRY_HTTP_TLS_CERTIFICATE}"
+  REGISTRY_HTTP_TLS_KEY = "${var.REGISTRY_HTTP_TLS_KEY}"
+
+  APPLICATION_DEFAULT_CREDENTIALS = var.APPLICATION_DEFAULT_CREDENTIALS
+}
+
+module "docker_registry_east" {
+  source = "../modules/docker_registry"
+
+  cache_size_mb  = 3000
+  env            = var.env
+  index          = var.index
+  machine_type   = var.machine_type
+  target_size    = var.target_size
+  network        = "main-us-east1"
+
+  REGISTRY_HTTP_TLS_CERTIFICATE = "${var.REGISTRY_HTTP_TLS_CERTIFICATE}"
+  REGISTRY_HTTP_TLS_KEY = "${var.REGISTRY_HTTP_TLS_KEY}"
+
+  APPLICATION_DEFAULT_CREDENTIALS = var.APPLICATION_DEFAULT_CREDENTIALS
+
+  prefix = "-east"
+  region = "us-east1"
+  zones  = ["b", "c", "d"]
+}

docker-registry-production-4/Makefile

@@ -0,0 +1,36 @@
+ENV_SHORT := production
+INFRA := docker-registry
+VAULT_SOURCE_PATH := docker-registry
+VAULT_SECRET_KEY := docker-registry
+VAULT_GCP_SECRET_KEY := docker-gcp-registry-prod-4
+TOP := $(shell git rev-parse --show-toplevel)
+
+ifeq ($(VAULT_ADDR),)
+  $(error VAULT_ADDR is not set)
+endif
+
+ifeq ($(VAULT_TOKEN),)
+  $(error VAULT_TOKEN is not set)
+endif
+
+include $(TOP)/terraform-common.mk
+include $(TOP)/trvs.mk
+
+# Use terraform v0.12.29
+PROD_TF_VERSION := v0.12.29
+TERRAFORM := $(TF_INSTALLATION_PREFIX)/terraform-$(PROD_TF_VERSION)
+
+export PROD_TF_VERSION
+export TERRAFORM
+
+.config: $(ENV_NAME).auto.tfvars $(TRVS_INFRA_ENV_TFVARS)
+
+$(ENV_NAME).auto.tfvars:
+	@echo "" >$@
+
+$(TRVS_INFRA_ENV_TFVARS):
+	vault kv get -format=json -field=data ${VAULT_SOURCE_PATH}/${VAULT_SECRET_KEY} > ${VAULT_SECRET_KEY}.auto.tfvars.json
+	vault kv get -format=json -field=data ${VAULT_SOURCE_PATH}/${VAULT_GCP_SECRET_KEY} > ${VAULT_GCP_SECRET_KEY}.auto.tfvars.json
+
+$(TRVS_ENV_NAME_TFVARS):
+	@echo "" >$@