initial flux service

author: Paul Buetow <paul@buetow.org> 2023-12-27 17:58:54 +0200
committer: Paul Buetow <paul@buetow.org> 2023-12-27 17:58:54 +0200
commit: ff8a2d4dfaa602382f5bca647966d49c73ca277a (patch)
tree: 63d6b6d70775d56429cb892556ebd56aea644ab6
parent: c77cd9e9ded58207223042275246d5b8bd290087 (diff)
3 files changed, 134 insertions, 1 deletions
diff --git a/org-buetow-ecs/fluxpostgreservice.tf b/org-buetow-ecs/fluxpostgreservice.tf
index b49bca9..adef771 100644
--- a/org-buetow-ecs/fluxpostgreservice.tf
+++ b/org-buetow-ecs/fluxpostgreservice.tf
@@ -89,7 +89,7 @@ resource "aws_ecs_task_definition" "fluxpostgres" {
       },
       {
         name  = "POSTGRES_PASSWORD",
-        value = "ONLYFORTESTING"
+        value = var.fluxdb_password,
       }
     ],
     mountPoints = [
diff --git a/org-buetow-ecs/fluxservice.tf b/org-buetow-ecs/fluxservice.tf
new file mode 100644
index 0000000..b104c73
--- /dev/null
+++ b/org-buetow-ecs/fluxservice.tf
@@ -0,0 +1,130 @@
+resource "aws_route53_record" "a_record_flux" {
+  zone_id = data.terraform_remote_state.base.outputs.buetow_cloud_zone_id
+  name    = "flux.buetow.cloud."
+  type    = "A"
+
+  alias {
+    name                   = data.terraform_remote_state.elb.outputs.alb_dns_name
+    zone_id                = data.terraform_remote_state.elb.outputs.alb_zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "aaaa_record_flux" {
+  zone_id = data.terraform_remote_state.base.outputs.buetow_cloud_zone_id
+  name    = "flux.buetow.cloud."
+  type    = "AAAA"
+
+  alias {
+    name                   = data.terraform_remote_state.elb.outputs.alb_dns_name
+    zone_id                = data.terraform_remote_state.elb.outputs.alb_zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_ecs_task_definition" "flux" {
+  family                   = "flux"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = "256"
+  memory                   = "512"
+  execution_role_arn       = aws_iam_role.ecs_execution_role.arn
+
+  container_definitions = jsonencode([{
+    name  = "flux",
+    image = "miniflux/miniflux:latest",
+    portMappings = [{
+      containerPort = 80,
+      hostPort      = 80
+    }],
+    environment = [
+      {
+        name  = "DATABASE_URL",
+        value = "postgres://miniflux:${var.fluxdb_password}@fluxpostgres.buetow.internal/miniflux?sslmode=disable",
+      },
+      {
+        name  = "RUN_MIGRATIONS",
+        value = "1",
+      },
+      {
+        name  = "CREATE_ADMIN",
+        value = "1",
+      },
+      {
+        name  = "ADMIN_USERNAME",
+        value = "chef",
+      },
+      {
+        name  = "ADMIN_PASSWORD",
+        value = "hamburger",
+      },
+    ],
+    "logConfiguration" : {
+      "logDriver" : "awslogs",
+      "options" : {
+        "awslogs-group" : "/ecs/containers",
+        "awslogs-region" : "eu-central-1",
+        "awslogs-stream-prefix" : "flux"
+      }
+    }
+  }])
+}
+
+resource "aws_ecs_service" "flux" {
+  name            = "flux"
+  cluster         = aws_ecs_cluster.ecs_cluster.id
+  task_definition = aws_ecs_task_definition.flux.arn
+  launch_type     = "FARGATE"
+  desired_count   = 1
+
+  load_balancer {
+    target_group_arn = aws_lb_target_group.flux_tg.arn
+    container_name   = "flux" # Must match the name in your container definition
+    container_port   = 80     # The port your container is listening on
+  }
+
+  network_configuration {
+    subnets = [
+      data.terraform_remote_state.base.outputs.public_subnet_a_id,
+      data.terraform_remote_state.base.outputs.public_subnet_b_id,
+      data.terraform_remote_state.base.outputs.public_subnet_c_id,
+    ]
+    security_groups  = [data.terraform_remote_state.base.outputs.allow_web_sg_id]
+    assign_public_ip = true
+  }
+}
+
+resource "aws_lb_target_group" "flux_tg" {
+  name        = "flux-tg"
+  port        = 80
+  protocol    = "HTTP"
+  vpc_id      = data.terraform_remote_state.base.outputs.vpc_id
+  target_type = "ip"
+
+  health_check {
+    enabled             = true
+    healthy_threshold   = 2
+    unhealthy_threshold = 2
+    interval            = 30
+    path                = "/" # Modify if your app has a specific health check path
+    protocol            = "HTTP"
+    timeout             = 3
+    matcher             = "200-299"
+  }
+}
+
+resource "aws_lb_listener_rule" "flux_https_listener_rule" {
+  listener_arn = data.terraform_remote_state.elb.outputs.alb_https_listener_arn
+  priority     = 105
+
+  action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.flux_tg.arn
+  }
+
+  condition {
+    host_header {
+      values = ["flux.buetow.cloud"]
+    }
+  }
+}
diff --git a/org-buetow-ecs/variables.tf b/org-buetow-ecs/variables.tf
new file mode 100644
index 0000000..f7bec73
--- /dev/null
+++ b/org-buetow-ecs/variables.tf
@@ -0,0 +1,3 @@
+variable "fluxdb_password" {
+  type = string
+}
author	Paul Buetow <paul@buetow.org>	2023-12-27 17:58:54 +0200
committer	Paul Buetow <paul@buetow.org>	2023-12-27 17:58:54 +0200
commit	ff8a2d4dfaa602382f5bca647966d49c73ca277a (patch)
tree	63d6b6d70775d56429cb892556ebd56aea644ab6
parent	c77cd9e9ded58207223042275246d5b8bd290087 (diff)