forked from i-jw/gcp-alert-push
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
141 lines (125 loc) · 4.05 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
provider "google" {
project = var.project_id
region = var.region
}
resource "random_id" "tf_subfix" {
byte_length = 4
}
# Enable related service
resource "google_project_service" "gcp_services" {
for_each = toset(var.gcp_service_list)
project = var.project_id
service = each.key
disable_dependent_services = false
disable_on_destroy = false
}
data "google_compute_default_service_account" "default" {
depends_on = [google_project_service.gcp_services]
}
data "google_project" "project" {
}
data "archive_file" "function" {
type = "zip"
source_dir = var.cloudfunctions_source_code_path
output_file_mode = "0666"
output_path = "./cloud_function.zip"
}
# pubsub topic
resource "google_pubsub_topic" "alert" {
name = "gcp-alert-push-topic-${random_id.tf_subfix.hex}"
}
# grant pubsub publisher permission
resource "google_pubsub_topic_iam_binding" "binding" {
project = var.project_id
topic = google_pubsub_topic.alert.name
role = "roles/pubsub.publisher"
members = [
"serviceAccount:service-${data.google_project.project.number}@gcp-sa-monitoring-notification.iam.gserviceaccount.com",
]
}
# google monitoring notification channel for dingtalk and wechat
resource "google_monitoring_notification_channel" "pubsub_alert_channel" {
display_name = "Pubsub Push Notification Channel"
type = "pubsub"
labels = {
topic = google_pubsub_topic.alert.id
}
force_delete = true
}
# example alert policy for cpu utilization
resource "google_monitoring_alert_policy" "alert_policy" {
display_name = "CPU Utilization > 50%"
documentation {
content = "The $${metric.display_name} of the $${resource.type} $${resource.label.instance_id} in $${resource.project} has exceeded 50% for over 1 minute."
}
combiner = "OR"
conditions {
display_name = "Condition 1"
condition_threshold {
comparison = "COMPARISON_GT"
duration = "60s"
filter = "resource.type = \"gce_instance\" AND metric.type = \"compute.googleapis.com/instance/cpu/utilization\""
threshold_value = "0.5"
trigger {
count = "1"
}
}
}
alert_strategy {
notification_channel_strategy {
renotify_interval = "1800s"
notification_channel_names = [google_monitoring_notification_channel.pubsub_alert_channel.name]
}
}
notification_channels = [google_monitoring_notification_channel.pubsub_alert_channel.name]
user_labels = {
severity = "warning"
}
}
# function_source_gcs_bucket
resource "google_storage_bucket" "bucket" {
name = "cloud-function-source-${random_id.tf_subfix.hex}"
project = var.project_id
location = var.region
force_destroy = true
storage_class = "COLDLINE"
uniform_bucket_level_access = true
depends_on = [google_project_service.gcp_services]
}
# function_source_zip
resource "google_storage_bucket_object" "archive" {
name = "cloud_function.zip"
bucket = google_storage_bucket.bucket.name
source = "./cloud_function.zip"
}
resource "google_cloudfunctions2_function" "function" {
name = "function-${random_id.tf_subfix.hex}"
location = var.region
description = "a new function"
build_config {
runtime = "python310"
entry_point = "app"
source {
storage_source {
bucket = google_storage_bucket.bucket.name
object = google_storage_bucket_object.archive.name
}
}
}
service_config {
min_instance_count = 1
available_memory = "129Mi"
timeout_seconds = 30
service_account_email = data.google_compute_default_service_account.default.email
environment_variables = {
WECHAT = var.wechat_webhook
DINGTALK = var.dingtalk_webhook
}
}
event_trigger {
trigger_region = var.region
event_type = "google.cloud.pubsub.topic.v1.messagePublished"
pubsub_topic = google_pubsub_topic.alert.id
retry_policy = "RETRY_POLICY_RETRY"
}
}