This repository contains terraform config describing the infrastucture needed to run project ombruk.
Note! The fargate-service module must be configured differently for backend and keycloak. See load-balancing.tf
If deleting and redeploying the backend - if faced with an error saying "The target group does not have an associated load balancer", comment out the lifecycle tags in load-balancing.tf. This will reset the pointers to the newly created load balancers.
NOTE: Terraform is very delicate to versioning. For the last run of the current infrastructure, Terraform version 0.15.3 has been used.
Terraform configuration files have been added for a test environment for base and keycloak. The eventual goal is to have working environments for production, staging and test. Check Oslo Kommune Ombruk (OKO) at https://byggmester.knowit.no to see how images are built and deployed.
Andreas Jonassen has also added a pull request with a custom theme for the Keycloak login page.
Every top level diretory is it's own "service", except for the special directories modules and base. Base contains infrastucture which is used by the other services. Modules houses self contained terraform modules that can be utilized in other services.
In each service directory there should be at least to sub directories, one for production and one for staging. There may also be a shared directory that contains infrastucture that is shared between multiple environments.
The terraform state for all these services are stored in an S3 bucket defined in a backend.tf in each project. They all use the same lock table which means that it's not possible to change two services at the same time.
Some of the important resources are described bellow.
One API gateway is created for each environment. All the services register their own resources and integrations.
Two load balancers per environment is created by the base folder. On public facing ALB and one internal NLB. The NLB is used to connect the API gateway to the ecs services.
One ECS cluster per environment is created by the base folder.
One VPC per environmnet is created by the base folder. It usese the cider block 10.0.0.0/16. There are 9 subnets created. 3 private, 3 public, and 3 db-subnets. Internet connectivity is provided by one NAT gateway per VPC.