Skip to content

Commit

Permalink
updatew dagster tf
Browse files Browse the repository at this point in the history
  • Loading branch information
@maciaszczykm
maciaszczykm committed Dec 13, 2024
1 parent 08ff360 commit 3873240
Show file tree
Hide file tree
Showing 6 changed files with 65 additions and 45 deletions.
40 changes: 31 additions & 9 deletions catalogs/data/dagster/terraform/aws/iam.tf
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,27 @@
module "assumable_role_airflow" {
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
version = "3.14.0"
create_role = true
role_name = "${data.plural_cluster.cluster.name}-${var.role_name}"
provider_url = replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")
role_policy_arns = [module.s3_buckets.policy_arn]
oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.dagster_serviceaccount}"]
data "aws_iam_policy_document" "dagster" {
statement {
sid = "admin"
effect = "Allow"
actions = ["s3:*"]

resources = [
"arn:aws:s3:::${var.dagster_bucket}",
"arn:aws:s3:::${var.dagster_bucket}/*",
]
}
}

resource "aws_iam_policy" "dagster" {
name_prefix = "dagster"
description = "policy for the plural admin dagster"
policy = data.aws_iam_policy_document.dagster.json
}

resource "aws_iam_user" "dagster" {
name = "${data.plural_cluster.cluster.name}-dagster"

depends_on = [ data.plural_cluster.cluster ]

}

resource "aws_iam_access_key" "dagster" {
Expand All @@ -19,7 +31,17 @@ resource "aws_iam_access_key" "dagster" {
resource "aws_iam_policy_attachment" "dagster-user" {
name = "${data.plural_cluster.cluster.name}-dagster-policy"
users = [aws_iam_user.dagster.name]
policy_arn = module.s3_buckets.policy_arn
policy_arn = aws_iam_policy.dagster.arn
}

resource "kubernetes_namespace" "dagster" {
metadata {
name = var.namespace
labels = {
"app.kubernetes.io/managed-by" = "plural"
"app.plural.sh/name" = "dagster"
}
}
}

resource "kubernetes_secret" "dagster_s3_secret" {
Expand Down
21 changes: 0 additions & 21 deletions catalogs/data/dagster/terraform/aws/main.tf
View file

This file was deleted.

15 changes: 15 additions & 0 deletions catalogs/data/dagster/terraform/aws/oidc.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
resource "random_password" "oidc_cookie" {
length = 24
min_lower = 1
min_numeric = 1
min_upper = 1
special = false
}

resource "plural_oidc_provider" "dagster" {
name = "dagster-{{ context.cluster }}"
auth_method = "BASIC"
type = "PLURAL"
description = "OIDC provider for Dagster deployed to the {{ context.cluster }} cluster"
redirect_uris = ["https://{{ context.hostname }}/oauth2/callback"]
}
8 changes: 4 additions & 4 deletions catalogs/data/dagster/terraform/aws/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ output "iam_user" {
}

output "access_key_id" {
value = aws_iam_access_key.airbyte.id
value = aws_iam_access_key.dagster.id
}

output "secret_access_key" {
value = aws_iam_access_key.airbyte.secret
value = aws_iam_access_key.dagster.secret
sensitive = true
}

Expand All @@ -26,11 +26,11 @@ output "oidc_cookie_secret" {
}

output "oidc_client_id" {
value = plural_oidc_provider.airbyte.client_id
value = plural_oidc_provider.dagster.client_id
sensitive = true
}

output "oidc_client_secret" {
value = plural_oidc_provider.airbyte.client_secret
value = plural_oidc_provider.dagster.client_secret
sensitive = true
}
14 changes: 14 additions & 0 deletions catalogs/data/dagster/terraform/aws/s3.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
resource "aws_s3_bucket" "dagster" {
bucket = var.dagster_bucket
force_destroy = var.force_destroy_bucket
}

resource "aws_s3_bucket_server_side_encryption_configuration" "dagster" {
bucket = aws_s3_bucket.dagster.id

rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
12 changes: 1 addition & 11 deletions catalogs/data/dagster/terraform/aws/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,24 +13,14 @@ variable "dagster_bucket" {
default = "{{ context.bucket }}"
}

variable "dagster_serviceaccount" {
type = string
default = "dagster"
}

variable "role_name" {
type = string
default = "dagster"
}

variable "force_destroy_bucket" {
type = bool
default = true
description = "If true, the bucket will be deleted even if it contains objects."
}

variable "db_name" {
default = "plrl-{{ context.cluster }}-airbyte"
default = "plrl-{{ context.cluster }}-dagster"
}

variable "postgres_vsn" {
Expand Down

0 comments on commit 3873240

Please sign in to comment.