add some resources for pushgateway

dreamkast_infra/dev/ecs.tf

@@ -520,6 +520,51 @@ resource "aws_security_group" "ecs-mysql" {
   #}
 }
 
+# ------------------------------------------------------------#
+# for pushgateway
+# ------------------------------------------------------------#
+resource "aws_iam_role" "ecs-pushgateway" {
+  name = "${var.prj_prefix}-ecs-pushgateway"
+
+  assume_role_policy = data.aws_iam_policy_document.assume_role_policy_ecs.json
+
+  managed_policy_arns = [
+    data.aws_iam_policy.AmazonSSMManagedInstanceCore.arn,
+  ]
+
+  #tags = {
+  #  Environment = "${var.prj_prefix}"
+  #}
+}
+
+resource "aws_security_group" "ecs-pushgateway" {
+  name   = "${var.prj_prefix}-ecs-pushgateway"
+  vpc_id = module.vpc.vpc_id
+
+  ingress {
+    description = "tcp/9091"
+    protocol    = "tcp"
+    from_port   = 9091
+    to_port     = 9091
+    security_groups = [
+      aws_security_group.alb.id,
+      aws_security_group.ecs-dreamkast-weaver.id,
+    ]
+  }
+
+  egress {
+    description = "allow all"
+    protocol    = "all"
+    from_port   = 0
+    to_port     = 0
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  #tags = {
+  #  Environment = "${var.prj_prefix}"
+  #}
+}
+
 # ------------------------------------------------------------#
 # for harvestjob
 # ------------------------------------------------------------#

dreamkast_infra/prod/alb_targets.tf

@@ -121,3 +121,43 @@ resource "aws_lb_target_group" "dreamkast_weaver" {
     matcher             = 200
   }
 }
+
+# ------------------------------------------------------------#
+# for pushgateway
+# ------------------------------------------------------------#
+resource "aws_lb_listener_rule" "pushgateway" {
+  listener_arn = aws_lb_listener.alb.arn
+  priority     = 12
+  action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.pushgateway.arn
+  }
+  condition {
+    host_header {
+      values = ["pushgateway.cloudnativedays.jp"]
+    }
+  }
+  condition {
+    path_pattern {
+      values = ["/*"]
+    }
+  }
+}
+resource "aws_lb_target_group" "pushgateway" {
+  name        = "pushgateway"
+  port        = 9091
+  protocol    = "HTTP"
+  vpc_id      = module.vpc.vpc_id
+  target_type = "ip"
+
+  health_check {
+    protocol            = "HTTP"
+    path                = "/"
+    port                = 9091
+    healthy_threshold   = 3
+    unhealthy_threshold = 2
+    timeout             = 5
+    interval            = 30
+    matcher             = 200
+  }
+}

dreamkast_infra/prod/ecs.tf

@@ -469,6 +469,51 @@ resource "aws_security_group" "ecs-seaman" {
   #}
 }
 
+# ------------------------------------------------------------#
+# for pushgateway
+# ------------------------------------------------------------#
+resource "aws_iam_role" "ecs-pushgateway" {
+  name = "${var.prj_prefix}-ecs-pushgateway"
+
+  assume_role_policy = data.aws_iam_policy_document.assume_role_policy_ecs.json
+
+  managed_policy_arns = [
+    data.aws_iam_policy.AmazonSSMManagedInstanceCore.arn,
+  ]
+
+  #tags = {
+  #  Environment = "${var.prj_prefix}"
+  #}
+}
+
+resource "aws_security_group" "ecs-pushgateway" {
+  name   = "${var.prj_prefix}-ecs-pushgateway"
+  vpc_id = module.vpc.vpc_id
+
+  ingress {
+    description = "tcp/9091"
+    protocol    = "tcp"
+    from_port   = 9091
+    to_port     = 9091
+    security_groups = [
+      aws_security_group.alb.id,
+      aws_security_group.ecs-dreamkast-weaver.id,
+    ]
+  }
+
+  egress {
+    description = "allow all"
+    protocol    = "all"
+    from_port   = 0
+    to_port     = 0
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  #tags = {
+  #  Environment = "${var.prj_prefix}"
+  #}
+}
+
 # ------------------------------------------------------------#
 # for post-registration
 # ------------------------------------------------------------#

dreamkast_infra/prod/vpc.tf

@@ -71,3 +71,18 @@ resource "aws_service_discovery_service" "dreamkast_dk" {
     failure_threshold = 1
   }
 }
+
+resource "aws_service_discovery_service" "pushgateway" {
+  name = "pushgateway"
+  dns_config {
+    namespace_id = aws_service_discovery_private_dns_namespace.dreamkast_production.id
+    dns_records {
+      ttl  = 10
+      type = "A"
+    }
+    routing_policy = "MULTIVALUE"
+  }
+  health_check_custom_config {
+    failure_threshold = 1
+  }
+}

dreamkast_infra/stg/alb_targets.tf

@@ -125,3 +125,43 @@ resource "aws_lb_target_group" "dreamkast_weaver" {
     matcher             = 200
   }
 }
+
+# ------------------------------------------------------------#
+# for pushgateway
+# ------------------------------------------------------------#
+resource "aws_lb_listener_rule" "pushgateway" {
+  listener_arn = data.aws_lb_listener.alb.arn
+  priority     = 12
+  action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.pushgateway.arn
+  }
+  condition {
+    host_header {
+      values = ["pushgateway.dev.cloudnativedays.jp"]
+    }
+  }
+  condition {
+    path_pattern {
+      values = ["/*"]
+    }
+  }
+}
+resource "aws_lb_target_group" "pushgateway" {
+  name        = "pushgateway"
+  port        = 9091
+  protocol    = "HTTP"
+  vpc_id      = data.aws_vpc.dreamkast_dev_vpc.id
+  target_type = "ip"
+
+  health_check {
+    protocol            = "HTTP"
+    path                = "/"
+    port                = 9091
+    healthy_threshold   = 3
+    unhealthy_threshold = 2
+    timeout             = 5
+    interval            = 30
+    matcher             = 200
+  }
+}

dreamkast_infra/stg/vpc.tf

@@ -85,3 +85,18 @@ resource "aws_service_discovery_service" "redis" {
     failure_threshold = 1
   }
 }
+
+resource "aws_service_discovery_service" "pushgateway" {
+  name = "pushgateway"
+  dns_config {
+    namespace_id = aws_service_discovery_private_dns_namespace.dreamkast_staging.id
+    dns_records {
+      ttl  = 10
+      type = "A"
+    }
+    routing_policy = "MULTIVALUE"
+  }
+  health_check_custom_config {
+    failure_threshold = 1
+  }
+}