diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 53269c6..05e7141 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -3,7 +3,7 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.6.0
+ rev: v5.0.0
hooks:
- id: check-yaml
- id: end-of-file-fixer
@@ -29,7 +29,7 @@ repos:
- id: terraform_docs
- repo: https://github.com/bridgecrewio/checkov.git
- rev: 3.2.255
+ rev: 3.2.257
hooks:
- id: checkov
verbose: true
diff --git a/regional/README.md b/regional/README.md
index 795c675..1b41830 100644
--- a/regional/README.md
+++ b/regional/README.md
@@ -47,7 +47,6 @@ No modules.
| [chart\_repository](#input\_chart\_repository) | The repository to pull the Istio Helm chart from | `string` | `"https://istio-release.storage.googleapis.com/charts"` | no |
| [cluster\_prefix](#input\_cluster\_prefix) | Prefix for your cluster name | `string` | n/a | yes |
| [enable\_istio\_gateway](#input\_enable\_istio\_gateway) | Enable the Istio gateway, used for ingress traffic into the mesh | `bool` | `false` | no |
-| [environment](#input\_environment) | The environment must be one of `sandbox`, `non-production`, `production` | `string` | `"sandbox"` | no |
| [gateway\_autoscale\_min](#input\_gateway\_autoscale\_min) | The minimum number of gateway replicas to run | `number` | `1` | no |
| [gateway\_cpu\_limits](#input\_gateway\_cpu\_limits) | The CPU limit for the Istio gateway | `string` | `"100m"` | no |
| [gateway\_cpu\_requests](#input\_gateway\_cpu\_requests) | The CPU request for the Istio gateway | `string` | `"25m"` | no |
@@ -70,8 +69,6 @@ No modules.
| [proxy\_cpu\_requests](#input\_proxy\_cpu\_requests) | The CPU request for the Istio proxy | `string` | `"10m"` | no |
| [proxy\_memory\_limits](#input\_proxy\_memory\_limits) | The memory limit for the Istio proxy | `string` | `"64Mi"` | no |
| [proxy\_memory\_requests](#input\_proxy\_memory\_requests) | The memory request for the Istio proxy | `string` | `"32Mi"` | no |
-| [region](#input\_region) | The region in which the resource belongs | `string` | n/a | yes |
-| [zone](#input\_zone) | The zone to deploy the resources to | `string` | n/a | yes |
## Outputs
diff --git a/regional/locals.tf b/regional/locals.tf
index 9ad46e2..3a7afe6 100644
--- a/regional/locals.tf
+++ b/regional/locals.tf
@@ -2,27 +2,90 @@
# https://www.terraform.io/docs/language/values/locals.html
locals {
- env = lookup(local.env_map, var.environment, "none")
+ env = lookup(local.env_map, local.environment, "none")
+
+ environment = (
+ terraform.workspace == "default" ?
+ "mock-environment" :
+ (regex(".*-(?P[^-]+)$", terraform.workspace)["environment"])
+ )
env_map = {
"non-production" = "nonprod"
"production" = "prod"
"sandbox" = "sb"
+ }
+
+ gateway_helm_values = {
+ "autoscaling.minReplicas" = var.gateway_autoscale_min
+ "labels.tags\\.datadoghq\\.com/env" = local.environment
+ "labels.tags\\.datadoghq\\.com/version" = var.istio_version
+ "podAnnotations.apm\\.datadoghq\\.com/env" = local.istio_gateway_datadog_apm_env
+ "podAnnotations.proxy\\.istio\\.io/config" = <[^-]+-[^-]+)", terraform.workspace)["region"])
+ )
+
+ zone = (
+ terraform.workspace == "default" ?
+ "mock-zone" :
+ (regex("^(?P[^-]+-[^-]+)-(?P[^-]+)", terraform.workspace)["zone"])
+ )
}
diff --git a/regional/main.tf b/regional/main.tf
index f77e59e..6a71a14 100644
--- a/regional/main.tf
+++ b/regional/main.tf
@@ -6,7 +6,7 @@ resource "google_compute_global_address" "istio_gateway" {
labels = var.labels
- name = "istio-gateway-${var.region}"
+ name = "istio-gateway-${local.region}"
project = var.project
}
@@ -46,84 +46,12 @@ resource "helm_release" "istiod" {
namespace = "istio-system"
repository = var.chart_repository
- set {
- name = "global.hub"
- value = "${var.artifact_registry}/istio"
- }
-
- set {
- name = "global.multiCluster.clusterName"
- value = local.multi_cluster_name
- }
-
- set {
- name = "global.proxy.resources.limits.cpu"
- value = var.proxy_cpu_limits
- }
-
- set {
- name = "global.proxy.resources.limits.memory"
- value = var.proxy_memory_limits
- }
-
- set {
- name = "global.proxy.resources.requests.cpu"
- value = var.proxy_cpu_requests
- }
-
- set {
- name = "global.proxy.resources.requests.memory"
- value = var.proxy_memory_requests
- }
-
- set {
- name = "pilot.autoscaleMin"
- value = var.pilot_autoscale_min
- }
-
- set {
- name = "pilot.deploymentLabels.tags\\.datadoghq\\.com/env"
- value = var.environment
- }
-
- set {
- name = "pilot.deploymentLabels.tags\\.datadoghq\\.com/version"
- value = var.istio_version
- }
-
- set {
- name = "pilot.podLabels.tags\\.datadoghq\\.com/env"
- value = var.environment
- }
-
- set {
- name = "pilot.podLabels.tags\\.datadoghq\\.com/version"
- value = var.istio_version
- }
-
- set {
- name = "pilot.resources.limits.cpu"
- value = var.pilot_cpu_limits
- }
-
- set {
- name = "pilot.resources.limits.memory"
- value = var.pilot_memory_limits
- }
-
- set {
- name = "pilot.resources.requests.cpu"
- value = var.pilot_cpu_requests
- }
-
- set {
- name = "pilot.resources.requests.memory"
- value = var.pilot_memory_requests
- }
-
- set {
- name = "pilot.replicaCount"
- value = var.pilot_replica_count
+ dynamic "set" {
+ for_each = local.istiod_helm_values
+ content {
+ name = set.key
+ value = set.value
+ }
}
values = [
@@ -145,57 +73,12 @@ resource "helm_release" "gateway" {
namespace = "istio-ingress"
repository = var.chart_repository
- set {
- name = "autoscaling.minReplicas"
- value = var.gateway_autoscale_min
- }
-
- set {
- name = "labels.tags\\.datadoghq\\.com/env"
- value = var.environment
- }
-
- set {
- name = "labels.tags\\.datadoghq\\.com/version"
- value = var.istio_version
- }
-
- set {
- name = "podAnnotations.apm\\.datadoghq\\.com/env"
- value = local.istio_gateway_datadog_apm_env
- }
-
- set {
- name = "podAnnotations.proxy\\.istio\\.io/config"
- value = <