main.tf 71.5 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
## State storage
terraform {
  backend "s3" {}
}

## AWS
provider "aws" {
  region = "us-east-1"
}

## Google

provider "google" {
  project = "${var.project}"
  region  = "${var.region}"
16
  version = "~> 2.6.0"
17 18
}

19 20 21 22
resource "google_project_iam_member" "serviceAccountTokenCreator" {
  project = "${var.project}"
  role    = "roles/iam.serviceAccountTokenCreator"
  member  = "serviceAccount:${var.service_account_email}"
23 24
}

25 26 27 28 29
resource "google_project_iam_member" "serviceAccountUser" {
  project = "${var.project}"
  role    = "roles/iam.serviceAccountUser"
  member  = "serviceAccount:${var.service_account_email}"
}
30

31 32 33 34 35
resource "google_project_iam_member" "logging_logWriter" {
  project = "${var.project}"
  role    = "roles/logging.logWriter"
  member  = "serviceAccount:${var.service_account_email}"
}
36

37 38 39 40 41
resource "google_project_iam_member" "pubsub_editor" {
  project = "${var.project}"
  role    = "roles/pubsub.editor"
  member  = "serviceAccount:${var.service_account_email}"
}
42

43 44 45 46 47
resource "google_project_iam_member" "pubsub_publisher" {
  project = "${var.project}"
  role    = "roles/pubsub.publisher"
  member  = "serviceAccount:${var.service_account_email}"
}
48

49 50 51 52
resource "google_project_iam_member" "pubsub_subscriber" {
  project = "${var.project}"
  role    = "roles/pubsub.subscriber"
  member  = "serviceAccount:${var.service_account_email}"
53 54
}

55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
/*
##################################
#
#  NAT gateway
#
#################################
module "nat" {
  source     = "GoogleCloudPlatform/nat-gateway/google"
  region     = "${var.region}"
  network    = "${var.environment}"
}
*/
##################################
#
#  Network
#
#################################

module "network" {
74 75
  environment      = "${var.environment}"
  project          = "${var.project}"
76
  source           = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/vpc.git?ref=v1.0.0"
77
  internal_subnets = "${var.internal_subnets}"
78 79 80 81 82 83 84 85
}

##################################
#
#  Network Peering
#
#################################

86 87 88
resource "google_compute_network_peering" "peering" {
  count        = "${length(var.peer_networks["names"])}"
  name         = "peering-${element(var.peer_networks["names"], count.index)}"
89
  network      = "${var.network_env}"
90
  peer_network = "${element(var.peer_networks["links"], count.index)}"
91 92 93 94 95 96 97 98 99
}

##################################
#
#  Web front-end
#
#################################

module "web" {
100
  bootstrap_version     = "${var.bootstrap_script_version}"
101 102 103
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-web]\""
  dns_zone_name         = "${var.dns_zone_name}"
104
  egress_ports          = "${var.web_egress_ports}"
105 106 107 108 109 110
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["web"]}"
  machine_type          = "${var.machine_types["web"]}"
  name                  = "web"
  node_count            = "${var.node_count["web"]}"
111
  os_disk_type          = "pd-ssd"
112 113 114 115 116
  project               = "${var.project}"
  public_ports          = "${var.public_ports["web"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
117
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
118 119 120 121 122
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

John Jarvis's avatar
John Jarvis committed
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
##################################
#
#  Deploy Canary
#
##################################

module "deploy-cny" {
  bootstrap_version     = "${var.bootstrap_script_version}"
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-deploy-node-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  egress_ports          = "${var.deploy_egress_ports}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["deploy-cny"]}"
  machine_type          = "${var.machine_types["deploy"]}"
  name                  = "deploy-cny"
John Jarvis's avatar
John Jarvis committed
140
  node_count            = "${var.node_count["deploy-cny"]}"
John Jarvis's avatar
John Jarvis committed
141 142 143 144 145 146 147 148 149 150 151 152
  project               = "${var.project}"
  public_ports          = "${var.public_ports["deploy"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
  tier                  = "sv"
  use_external_ip       = true
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

John Jarvis's avatar
John Jarvis committed
153 154 155 156 157 158 159
##################################
#
#  Web Canary front-end
#
#################################

module "web-cny" {
160
  bootstrap_version     = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
161 162 163 164 165 166 167 168 169 170 171 172 173 174 175
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-web-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["web"]}"
  machine_type          = "${var.machine_types["web"]}"
  name                  = "web-cny"
  node_count            = "${var.node_count["web-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["web"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
176
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
John Jarvis's avatar
John Jarvis committed
177 178 179 180 181 182
  subnetwork_name       = "${module.web.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

183 184 185 186 187 188 189
##################################
#
#  API Canary front-end
#
#################################

module "api-cny" {
190
  bootstrap_version     = "${var.bootstrap_script_version}"
191 192 193 194 195 196 197 198 199 200 201 202 203 204 205
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-api-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["api"]}"
  machine_type          = "${var.machine_types["api"]}"
  name                  = "api-cny"
  node_count            = "${var.node_count["api-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["api"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
206
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
207 208 209 210 211 212 213 214 215 216 217 218 219
  subnetwork_name       = "${module.api.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Git Canary front-end
#
#################################

module "git-cny" {
220
  bootstrap_version     = "${var.bootstrap_script_version}"
221 222 223 224 225 226 227 228 229 230 231 232 233 234 235
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-git-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["git"]}"
  machine_type          = "${var.machine_types["git"]}"
  name                  = "git-cny"
  node_count            = "${var.node_count["git-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["git"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
236
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
237 238 239 240 241 242
  subnetwork_name       = "${module.git.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265
##################################
#
#  Registry Canary front-end
#
#################################

module "registry-cny" {
  bootstrap_version     = "${var.bootstrap_script_version}"
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-registry-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["registry"]}"
  machine_type          = "${var.machine_types["registry"]}"
  name                  = "registry-cny"
  node_count            = "${var.node_count["registry-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["registry"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
266
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
267 268 269 270 271 272
  subnetwork_name       = "${module.registry.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

273 274 275 276 277 278 279
##################################
#
#  API
#
#################################

module "api" {
280
  bootstrap_version     = "${var.bootstrap_script_version}"
281 282 283 284 285 286 287 288 289
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-api]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["api"]}"
  machine_type          = "${var.machine_types["api"]}"
  name                  = "api"
  node_count            = "${var.node_count["api"]}"
290
  os_disk_type          = "pd-ssd"
291 292 293 294 295
  project               = "${var.project}"
  public_ports          = "${var.public_ports["api"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
296
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
297 298 299 300 301 302 303 304 305 306 307 308
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Git
#
##################################

module "git" {
309
  bootstrap_version     = "${var.bootstrap_script_version}"
310 311 312
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-git]\""
  dns_zone_name         = "${var.dns_zone_name}"
313
  egress_ports          = "${var.egress_ports}"
314 315 316 317 318 319
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["git"]}"
  machine_type          = "${var.machine_types["git"]}"
  name                  = "git"
  node_count            = "${var.node_count["git"]}"
320
  os_disk_type          = "pd-ssd"
321 322 323 324 325
  project               = "${var.project}"
  public_ports          = "${var.public_ports["git"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
326
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
327 328 329 330 331
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

Alex Hanselka's avatar
Alex Hanselka committed
332 333 334 335 336 337 338
##################################
#
#  Pages web front-end
#
#################################

module "web-pages" {
339
  bootstrap_version     = "${var.bootstrap_script_version}"
Alex Hanselka's avatar
Alex Hanselka committed
340
  chef_provision        = "${var.chef_provision}"
Alex Hanselka's avatar
Alex Hanselka committed
341
  chef_run_list         = "\"role[${var.environment}-base-fe-web-pages]\""
Alex Hanselka's avatar
Alex Hanselka committed
342 343 344 345 346 347 348 349 350 351 352 353 354
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["web-pages"]}"
  machine_type          = "${var.machine_types["web-pages"]}"
  name                  = "web-pages"
  node_count            = "${var.node_count["web-pages"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["web-pages"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
355
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
Alex Hanselka's avatar
Alex Hanselka committed
356 357 358 359 360
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

361 362 363 364 365 366 367
##################################
#
#  registry front-end
#
#################################

module "registry" {
368
  bootstrap_version     = "${var.bootstrap_script_version}"
369 370 371 372 373 374 375 376 377 378 379 380 381 382
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-registry]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["registry"]}"
  machine_type          = "${var.machine_types["registry"]}"
  name                  = "registry"
  node_count            = "${var.node_count["registry"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["registry"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
383
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
384 385 386 387 388 389 390 391 392 393 394
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Database
#
#################################

395
module "postgres-dr-archive" {
396
  bootstrap_version     = "${var.bootstrap_script_version}"
397 398
  chef_init_run_list    = "\"recipe[gitlab-server::hack_gitlab_ctl_reconfigure]\""
  chef_provision        = "${var.chef_provision}"
399
  chef_run_list         = "\"role[${var.environment}-base-db-postgres-archive]\""
400 401 402 403
  data_disk_size        = 4000
  data_disk_type        = "pd-ssd"
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
Andreas Brandl's avatar
Andreas Brandl committed
404
  ip_cidr_range         = "${var.subnetworks["db-dr-archive"]}"
405
  machine_type          = "${var.machine_types["db-dr"]}"
406 407 408 409 410 411
  name                  = "postgres-dr-archive"
  node_count            = "1"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["db-dr"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
412
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
413 414 415
  tier                  = "db"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
416
  os_disk_size          = 100
417 418 419
}

module "postgres-dr-delayed" {
420
  bootstrap_version     = "${var.bootstrap_script_version}"
421 422 423 424 425 426 427
  chef_init_run_list    = "\"recipe[gitlab-server::hack_gitlab_ctl_reconfigure]\""
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-db-postgres-delayed]\""
  data_disk_size        = 4000
  data_disk_type        = "pd-ssd"
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
Andreas Brandl's avatar
Andreas Brandl committed
428
  ip_cidr_range         = "${var.subnetworks["db-dr-delayed"]}"
429 430 431
  machine_type          = "${var.machine_types["db-dr"]}"
  name                  = "postgres-dr-delayed"
  node_count            = "1"
432
  project               = "${var.project}"
433
  public_ports          = "${var.public_ports["db-dr"]}"
434 435
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
436
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
437 438 439
  tier                  = "db"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
440
  os_disk_size          = 100
441 442
}

443 444 445
module "postgres-backup" {
  environment                         = "${var.environment}"
  gcs_postgres_backup_service_account = "${var.gcs_postgres_backup_service_account}"
446
  restore_service_account             = "${var.gcs_postgres_restore_service_account}"
447
  kms_key_id                          = "${var.gcs_postgres_backup_kms_key_id}"
448
  source                              = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/database-backup-bucket.git?ref=v1.0.1"
449 450 451
  retention_days                      = "${var.postgres_backup_retention_days}"
}

452 453 454 455 456 457 458 459 460 461 462
#############################################
#
#  GCP Internal TCP LoadBalancer and PgBouncer
#
#############################################

module "gcp-tcp-lb-internal-pgbouncer" {
  backend_service        = "${module.pg-bouncer.google_compute_region_backend_service_self_link}"
  environment            = "${var.environment}"
  external               = false
  forwarding_port_ranges = ["6432"]
John Jarvis's avatar
John Jarvis committed
463
  fqdns                  = "${var.lb_fqdns_internal_pgbouncer}"
464
  gitlab_zone_id         = "${var.gitlab_net_zone_id}"
465
  health_check_ports     = ["8010"]
466 467 468 469 470 471
  instances              = ["${module.pg-bouncer.instances_self_link}"]
  lb_count               = "1"
  name                   = "gcp-tcp-lb-internal-pgbouncer"
  names                  = ["${var.environment}-pgbouncer"]
  project                = "${var.project}"
  region                 = "${var.region}"
472
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
473 474 475 476 477 478 479
  subnetwork_self_link   = "${module.pg-bouncer.google_compute_subnetwork_self_link}"
  targets                = ["pgbouncer"]
  vpc                    = "${module.network.self_link}"
}

module "pg-bouncer" {
  backend_service_type   = "regional"
480
  bootstrap_version      = "${var.bootstrap_script_version}"
481 482 483 484 485 486
  chef_init_run_list     = "\"recipe[gitlab-server::hack_gitlab_ctl_reconfigure]\""
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-db-pgbouncer]\""
  create_backend_service = true
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
487 488
  health_check           = "http"
  health_check_port      = "8010"
489 490 491 492 493 494 495 496
  ip_cidr_range          = "${var.subnetworks["pgb"]}"
  machine_type           = "${var.machine_types["pgb"]}"
  name                   = "pgbouncer"
  node_count             = "${var.node_count["pgb"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["pgb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
497
  service_path           = "/"
498
  service_port           = 6432
499
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
500 501 502 503 504
  tier                   = "db"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

Ahmad Sherif's avatar
Ahmad Sherif committed
505 506 507 508 509 510 511 512 513 514
#############################################
#
#  GCP Internal TCP LoadBalancer and Patroni
#
#############################################

module "gcp-tcp-lb-internal-patroni" {
  backend_service        = "${module.patroni.google_compute_region_backend_service_self_link}"
  environment            = "${var.environment}"
  external               = false
Ahmad Sherif's avatar
Ahmad Sherif committed
515
  forwarding_port_ranges = ["6432"]
Ahmad Sherif's avatar
Ahmad Sherif committed
516 517 518 519 520 521 522 523 524
  fqdns                  = "${var.lb_fqdns_internal_patroni}"
  gitlab_zone_id         = "${var.gitlab_net_zone_id}"
  health_check_ports     = ["8009"]
  instances              = ["${module.patroni.instances_self_link}"]
  lb_count               = "${var.node_count["patroni"] > 0 ? 1 : 0}"
  name                   = "gcp-tcp-lb-internal-patroni"
  names                  = ["${var.environment}-patroni"]
  project                = "${var.project}"
  region                 = "${var.region}"
525
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
Ahmad Sherif's avatar
Ahmad Sherif committed
526 527 528 529 530 531 532
  subnetwork_self_link   = "${module.patroni.google_compute_subnetwork_self_link}"
  targets                = ["patroni"]
  vpc                    = "${module.network.self_link}"
}

module "patroni" {
  backend_service_type   = "regional"
533
  bootstrap_version      = "${var.bootstrap_script_version}"
Ahmad Sherif's avatar
Ahmad Sherif committed
534 535 536
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-db-patroni]\""
  create_backend_service = true
537
  data_disk_size         = "${var.data_disk_sizes["patroni"]}"
Ahmad Sherif's avatar
Ahmad Sherif committed
538 539 540 541 542 543
  data_disk_type         = "pd-ssd"
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  health_check_port      = "8009"
  ip_cidr_range          = "${var.subnetworks["patroni"]}"
544
  machine_type           = "${var.machine_types["patroni"]}"
Ahmad Sherif's avatar
Ahmad Sherif committed
545 546 547
  name                   = "patroni"
  node_count             = "${var.node_count["patroni"]}"
  project                = "${var.project}"
548
  public_ports           = "${var.public_ports["patroni"]}"
Ahmad Sherif's avatar
Ahmad Sherif committed
549 550 551
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/"
Ahmad Sherif's avatar
Ahmad Sherif committed
552
  service_port           = 6432
553
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor-with-group.git?ref=v1.0.4"
Ahmad Sherif's avatar
Ahmad Sherif committed
554 555 556
  tier                   = "db"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
557
  os_disk_size           = 100
Ahmad Sherif's avatar
Ahmad Sherif committed
558 559
}

560 561 562 563 564 565 566
##################################
#
#  Redis
#
##################################

module "redis" {
567
  allow_stopping_for_update = true
568
  bootstrap_version         = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
569 570 571 572 573
  chef_provision            = "${var.chef_provision}"
  chef_run_list             = "\"role[${var.environment}-base-db-redis-server-single]\""
  data_disk_size            = 52
  data_disk_type            = "pd-ssd"
  dns_zone_name             = "${var.dns_zone_name}"
574
  egress_ports              = "${var.egress_ports}"
John Jarvis's avatar
John Jarvis committed
575 576 577 578 579 580 581 582 583
  environment               = "${var.environment}"
  ip_cidr_range             = "${var.subnetworks["redis"]}"
  machine_type              = "${var.machine_types["redis"]}"
  name                      = "redis"
  node_count                = "${var.node_count["redis"]}"
  project                   = "${var.project}"
  public_ports              = "${var.public_ports["redis"]}"
  region                    = "${var.region}"
  service_account_email     = "${var.service_account_email}"
584
  source                    = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
John Jarvis's avatar
John Jarvis committed
585 586 587
  tier                      = "db"
  use_new_node_name         = true
  vpc                       = "${module.network.self_link}"
588 589 590
}

module "redis-cache" {
591
  bootstrap_version       = "${var.bootstrap_script_version}"
592 593
  chef_provision          = "${var.chef_provision}"
  dns_zone_name           = "${var.dns_zone_name}"
594
  egress_ports            = "${var.egress_ports}"
595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611
  environment             = "${var.environment}"
  ip_cidr_range           = "${var.subnetworks["redis-cache"]}"
  name                    = "redis-cache"
  project                 = "${var.project}"
  public_ports            = "${var.public_ports["redis-cache"]}"
  redis_chef_run_list     = "\"role[${var.environment}-base-db-redis-server-cache]\""
  redis_count             = "${var.node_count["redis-cache"]}"
  redis_data_disk_size    = 100
  redis_data_disk_type    = "pd-ssd"
  redis_machine_type      = "${var.machine_types["redis-cache"]}"
  region                  = "${var.region}"
  sentinel_chef_run_list  = "\"role[${var.environment}-base-db-redis-sentinel-cache]\""
  sentinel_count          = "${var.node_count["redis-cache-sentinel"]}"
  sentinel_data_disk_size = 100
  sentinel_data_disk_type = "pd-ssd"
  sentinel_machine_type   = "${var.machine_types["redis-cache-sentinel"]}"
  service_account_email   = "${var.service_account_email}"
612
  source                  = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor-redis.git?ref=v1.0.6"
613 614 615 616 617 618 619 620 621 622 623 624
  tier                    = "db"
  use_new_node_name       = true
  vpc                     = "${module.network.self_link}"
}

##################################
#
#  Sidekiq
#
##################################

module "sidekiq" {
625
  allow_stopping_for_update           = true
626
  bootstrap_version                   = "${var.bootstrap_script_version}"
627 628 629 630 631 632 633
  chef_provision                      = "${var.chef_provision}"
  chef_run_list                       = "\"role[${var.environment}-base-be-sidekiq-besteffort]\""
  dns_zone_name                       = "${var.dns_zone_name}"
  environment                         = "${var.environment}"
  ip_cidr_range                       = "${var.subnetworks["sidekiq"]}"
  machine_type                        = "${var.machine_types["sidekiq-besteffort"]}"
  name                                = "sidekiq"
634
  os_disk_type                        = "pd-ssd"
635 636 637 638 639 640 641 642 643 644
  project                             = "${var.project}"
  public_ports                        = "${var.public_ports["sidekiq"]}"
  region                              = "${var.region}"
  service_account_email               = "${var.service_account_email}"
  sidekiq_asap_count                  = "${var.node_count["sidekiq-asap"]}"
  sidekiq_asap_instance_type          = "${var.machine_types["sidekiq-asap"]}"
  sidekiq_besteffort_count            = "${var.node_count["sidekiq-besteffort"]}"
  sidekiq_besteffort_instance_type    = "${var.machine_types["sidekiq-besteffort"]}"
  sidekiq_elasticsearch_count         = "${var.node_count["sidekiq-elasticsearch"]}"
  sidekiq_elasticsearch_instance_type = "${var.machine_types["sidekiq-elasticsearch"]}"
645 646
  sidekiq_import_count                = "${var.node_count["sidekiq-import"]}"
  sidekiq_import_instance_type        = "${var.machine_types["sidekiq-import"]}"
647 648 649 650 651 652 653 654 655 656
  sidekiq_pages_count                 = "${var.node_count["sidekiq-pages"]}"
  sidekiq_pages_instance_type         = "${var.machine_types["sidekiq-pages"]}"
  sidekiq_pipeline_count              = "${var.node_count["sidekiq-pipeline"]}"
  sidekiq_pipeline_instance_type      = "${var.machine_types["sidekiq-pipeline"]}"
  sidekiq_pullmirror_count            = "${var.node_count["sidekiq-pullmirror"]}"
  sidekiq_pullmirror_instance_type    = "${var.machine_types["sidekiq-pullmirror"]}"
  sidekiq_realtime_count              = "${var.node_count["sidekiq-realtime"]}"
  sidekiq_realtime_instance_type      = "${var.machine_types["sidekiq-realtime"]}"
  sidekiq_traces_count                = "${var.node_count["sidekiq-traces"]}"
  sidekiq_traces_instance_type        = "${var.machine_types["sidekiq-traces"]}"
657
  source                              = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-sidekiq.git?ref=v1.0.4"
658 659 660 661 662 663 664 665 666 667 668 669
  tier                                = "sv"
  use_new_node_name                   = true
  vpc                                 = "${module.network.self_link}"
}

##################################
#
#  Mailroom
#
##################################

module "mailroom" {
670
  bootstrap_version     = "${var.bootstrap_script_version}"
671 672 673 674 675 676 677 678 679
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-be-mailroom]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["mailroom"]}"
  machine_type          = "${var.machine_types["mailroom"]}"
  name                  = "mailroom"
  node_count            = "${var.node_count["mailroom"]}"
680
  os_disk_type          = "pd-ssd"
681 682 683 684 685
  project               = "${var.project}"
  public_ports          = "${var.public_ports["mailroom"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
686
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
687 688 689 690 691 692 693 694 695 696 697 698
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Storage nodes for repositories
#
##################################

module "file" {
699
  bootstrap_version     = "${var.bootstrap_script_version}"
700
  chef_provision        = "${var.chef_provision}"
John Jarvis's avatar
John Jarvis committed
701
  chef_run_list         = "\"role[${var.environment}-base-stor-gitaly]\""
John Jarvis's avatar
John Jarvis committed
702
  deletion_protection   = true
703 704 705
  data_disk_size        = "${var.data_disk_sizes["file"]}"
  data_disk_type        = "pd-ssd"
  dns_zone_name         = "${var.dns_zone_name}"
706
  egress_ports          = "${var.egress_ports}"
707 708 709 710 711
  environment           = "${var.environment}"
  ip_cidr_range         = "${var.subnetworks["stor"]}"
  machine_type          = "${var.machine_types["stor"]}"
  name                  = "file"
  node_count            = "${var.node_count["stor"]}"
Alex Hanselka's avatar
Alex Hanselka committed
712
  multizone_node_count  = "${var.node_count["multizone-stor"]}"
713
  os_disk_type          = "pd-ssd"
714 715 716 717
  project               = "${var.project}"
  public_ports          = "${var.public_ports["stor"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
718
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735
  tier                  = "stor"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
  zone                  = "us-east1-c"
}

##################################
#
#  Storage nodes for
#  uploads/lfs/pages/artifacts/builds/cache
#
#  share:
#    gitlab-ci/builds
#    gitlab-rails/shared/cache
#    gitlab-rails/shared/tmp
#    gitlab-rails/uploads
#    gitlab-rails/shared/lfs-objects
736
#    gitlab-rails/shared/artifacts
737 738 739 740 741 742 743
#
#  pages:
#    gitlab-rails/shared/pages
#
##################################

module "share" {
744
  bootstrap_version     = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
745
  deletion_protection   = true
746
  chef_provision        = "${var.chef_provision}"
John Jarvis's avatar
John Jarvis committed
747
  chef_run_list         = "\"role[${var.environment}-base-stor-nfs-server]\""
748
  data_disk_size        = "${var.data_disk_sizes["share"]}"
749
  data_disk_type        = "pd-ssd"
750 751
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
752
  egress_ports          = "${var.egress_ports}"
753
  ip_cidr_range         = "${var.subnetworks["share"]}"
754
  machine_type          = "${var.machine_types["stor-share"]}"
755 756
  name                  = "share"
  node_count            = "${var.node_count["share"]}"
757
  os_disk_type          = "pd-ssd"
758 759 760 761
  project               = "${var.project}"
  public_ports          = "${var.public_ports["stor"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
762
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
763 764 765 766 767
  tier                  = "stor"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

768
## Pages has a DNS entry for failover rsync
John Jarvis's avatar
John Jarvis committed
769 770
## This and leaving port 22 open can be removed
## after failover.
771 772 773 774 775 776 777 778 779

resource "aws_route53_record" "pages" {
  zone_id = "${var.gitlab_net_zone_id}"
  name    = "pages.stor.${var.environment}.gitlab.net"
  type    = "A"
  ttl     = "300"
  records = ["${module.pages.instance_public_ips}"]
}

780
module "pages" {
781
  bootstrap_version     = "${var.bootstrap_script_version}"
782
  chef_provision        = "${var.chef_provision}"
John Jarvis's avatar
John Jarvis committed
783
  chef_run_list         = "\"role[${var.environment}-base-stor-nfs-server]\""
John Jarvis's avatar
John Jarvis committed
784
  deletion_protection   = true
785
  data_disk_size        = "${var.data_disk_sizes["pages"]}"
786
  data_disk_type        = "pd-ssd"
787
  dns_zone_name         = "${var.dns_zone_name}"
788
  egress_ports          = "${var.egress_ports}"
789 790
  environment           = "${var.environment}"
  ip_cidr_range         = "${var.subnetworks["pages"]}"
791
  machine_type          = "${var.machine_types["stor-pages"]}"
792 793
  name                  = "pages"
  node_count            = "${var.node_count["pages"]}"
794
  os_disk_type          = "pd-ssd"
795
  project               = "${var.project}"
796
  public_ports          = "${var.public_ports["stor"]}"
797 798
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
799
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
800 801
  tier                  = "stor"
  use_new_node_name     = true
802
  use_external_ip       = true
803 804 805 806 807
  vpc                   = "${module.network.self_link}"
}

##################################
#
John Jarvis's avatar
John Jarvis committed
808
#  External HAProxy LoadBalancer
809 810 811 812
#
##################################

module "fe-lb" {
813
  backend_service_type   = "regional"
814
  bootstrap_version      = "${var.bootstrap_script_version}"
815 816
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-lb-fe]\""
817
  create_backend_service = true
818 819 820 821 822 823 824
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  ip_cidr_range          = "${var.subnetworks["fe-lb"]}"
  machine_type           = "${var.machine_types["fe-lb"]}"
  name                   = "fe"
  node_count             = "${var.node_count["fe-lb"]}"
825
  os_boot_image          = "${var.os_boot_image["fe-lb"]}"
826 827 828 829 830 831
  project                = "${var.project}"
  public_ports           = "${var.public_ports["fe-lb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/-/available-https"
  service_port           = 8002
832
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
833 834 835 836 837 838 839
  tier                   = "lb"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

##################################
#
John Jarvis's avatar
John Jarvis committed
840
#  External HAProxy LoadBalancer Pages
841 842 843 844
#
##################################

module "fe-lb-pages" {
845
  bootstrap_version     = "${var.bootstrap_script_version}"
846 847 848 849 850 851 852 853 854 855 856 857 858 859
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-lb-pages]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "http"
  ip_cidr_range         = "${var.subnetworks["fe-lb-pages"]}"
  machine_type          = "${var.machine_types["fe-lb"]}"
  name                  = "fe-pages"
  node_count            = "${var.node_count["fe-lb-pages"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["fe-lb"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 7331
860
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
861 862 863 864 865 866 867
  tier                  = "lb"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
John Jarvis's avatar
John Jarvis committed
868
#  External HAProxy LoadBalancer AltSSH
869 870 871 872
#
##################################

module "fe-lb-altssh" {
873
  bootstrap_version     = "${var.bootstrap_script_version}"
874 875 876
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-lb-altssh]\""
  dns_zone_name         = "${var.dns_zone_name}"
877
  egress_ports          = "${var.egress_ports}"
878 879 880 881 882 883 884 885 886 887 888
  environment           = "${var.environment}"
  health_check          = "http"
  ip_cidr_range         = "${var.subnetworks["fe-lb-altssh"]}"
  machine_type          = "${var.machine_types["fe-lb"]}"
  name                  = "fe-altssh"
  node_count            = "${var.node_count["fe-lb-altssh"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["fe-lb"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 7331
889
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
890 891 892 893 894
  tier                  = "lb"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

Ahmad Sherif's avatar
Ahmad Sherif committed
895 896 897 898 899 900 901
##################################
#
#  External HAProxy LoadBalancer Registry
#
##################################

module "fe-lb-registry" {
902
  bootstrap_version      = "${var.bootstrap_script_version}"
Ahmad Sherif's avatar
Ahmad Sherif committed
903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-lb-registry]\""
  create_backend_service = true
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  ip_cidr_range          = "${var.subnetworks["fe-lb-registry"]}"
  machine_type           = "${var.machine_types["fe-lb"]}"
  name                   = "fe-registry"
  node_count             = "${var.node_count["fe-lb-registry"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["fe-lb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/-/available-https"
  service_port           = 8002
919
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
Ahmad Sherif's avatar
Ahmad Sherif committed
920 921 922 923 924
  tier                   = "lb"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

John Jarvis's avatar
John Jarvis committed
925 926 927 928 929 930 931
##################################
#
#  External HAProxy LoadBalancer Canary
#
##################################

module "fe-lb-cny" {
932
  bootstrap_version      = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-lb-cny]\""
  create_backend_service = true
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  ip_cidr_range          = "${var.subnetworks["fe-lb-cny"]}"
  machine_type           = "${var.machine_types["fe-lb"]}"
  name                   = "fe-cny"
  node_count             = "${var.node_count["fe-lb-cny"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["fe-lb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/-/available-https"
  service_port           = 8002
949
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
John Jarvis's avatar
John Jarvis committed
950 951 952 953 954
  tier                   = "lb"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

955 956 957 958 959 960 961 962 963 964
##################################
#
#  GCP TCP LoadBalancers
#
##################################

#### Load balancer for the main site
module "gcp-tcp-lb" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs["forwarding_port_ranges"]}"
John Jarvis's avatar
John Jarvis committed
965
  fqdns                  = "${var.lb_fqdns}"
Alex Hanselka's avatar
Alex Hanselka committed
966
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
967 968 969 970 971 972 973
  health_check_ports     = "${var.tcp_lbs["health_check_ports"]}"
  instances              = ["${module.fe-lb.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs["names"])}"
  name                   = "gcp-tcp-lb"
  names                  = "${var.tcp_lbs["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
974
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
975 976 977 978 979 980 981 982 983 984 985
  targets                = ["fe"]
}

##################################
#
#  GCP Internal TCP LoadBalancers
#
##################################

###### Internal Load balancer for the main site
module "gcp-tcp-lb-internal" {
986
  backend_service        = "${module.fe-lb.google_compute_region_backend_service_self_link}"
987 988 989
  environment            = "${var.environment}"
  external               = false
  forwarding_port_ranges = "${var.tcp_lbs_internal["forwarding_port_ranges"]}"
John Jarvis's avatar
John Jarvis committed
990
  fqdns                  = "${var.lb_fqdns_internal}"
991 992 993 994 995 996 997 998
  gitlab_zone_id         = "${var.gitlab_net_zone_id}"
  health_check_ports     = "${var.tcp_lbs_internal["health_check_ports"]}"
  instances              = ["${module.fe-lb.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_internal["names"])}"
  name                   = "gcp-tcp-lb-internal"
  names                  = "${var.tcp_lbs_internal["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
999
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1000 1001 1002 1003 1004 1005 1006 1007 1008
  subnetwork_self_link   = "${module.fe-lb.google_compute_subnetwork_self_link}"
  targets                = ["fe"]
  vpc                    = "${module.network.self_link}"
}

#### Load balancer for pages
module "gcp-tcp-lb-pages" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_pages["forwarding_port_ranges"]}"
John Jarvis's avatar
John Jarvis committed
1009 1010
  fqdns                  = "${var.lb_fqdns_pages}"
  gitlab_zone_id         = "${var.gitlab_io_zone_id}"
1011 1012 1013 1014 1015 1016 1017
  health_check_ports     = "${var.tcp_lbs_pages["health_check_ports"]}"
  instances              = ["${module.fe-lb-pages.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_pages["names"])}"
  name                   = "gcp-tcp-lb-pages"
  names                  = "${var.tcp_lbs_pages["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
1018
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1019 1020 1021 1022 1023 1024 1025
  targets                = ["fe-pages"]
}

#### Load balancer for altssh
module "gcp-tcp-lb-altssh" {
  environment                = "${var.environment}"
  forwarding_port_ranges     = "${var.tcp_lbs_altssh["forwarding_port_ranges"]}"
John Jarvis's avatar
John Jarvis committed
1026
  fqdns                      = "${var.lb_fqdns_altssh}"
1027 1028 1029 1030 1031 1032 1033 1034 1035
  gitlab_zone_id             = "${var.gitlab_com_zone_id}"
  health_check_ports         = "${var.tcp_lbs_altssh["health_check_ports"]}"
  health_check_request_paths = "${var.tcp_lbs_altssh["health_check_request_paths"]}"
  instances                  = ["${module.fe-lb-altssh.instances_self_link}"]
  lb_count                   = "${length(var.tcp_lbs_altssh["names"])}"
  name                       = "gcp-tcp-lb-altssh"
  names                      = "${var.tcp_lbs_altssh["names"]}"
  project                    = "${var.project}"
  region                     = "${var.region}"
1036
  source                     = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1037 1038 1039
  targets                    = ["fe-altssh"]
}

Ahmad Sherif's avatar
Ahmad Sherif committed
1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052
#### Load balancer for registry
module "gcp-tcp-lb-registry" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_registry["forwarding_port_ranges"]}"
  fqdns                  = "${var.lb_fqdns_registry}"
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_registry["health_check_ports"]}"
  instances              = ["${module.fe-lb-registry.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_registry["names"])}"
  name                   = "gcp-tcp-lb-registry"
  names                  = "${var.tcp_lbs_registry["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
1053
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
Ahmad Sherif's avatar
Ahmad Sherif committed
1054 1055 1056
  targets                = ["fe-registry"]
}

John Jarvis's avatar
John Jarvis committed
1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069
#### Load balancer for cny
module "gcp-tcp-lb-cny" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_cny["forwarding_port_ranges"]}"
  fqdns                  = "${var.lb_fqdns_cny}"
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_cny["health_check_ports"]}"
  instances              = ["${module.fe-lb-cny.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_cny["names"])}"
  name                   = "gcp-tcp-lb-cny"
  names                  = "${var.tcp_lbs_cny["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
1070
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
John Jarvis's avatar
John Jarvis committed
1071 1072 1073
  targets                = ["fe-cny"]
}

1074 1075 1076 1077
#### Load balancer for bastion
module "gcp-tcp-lb-bastion" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_bastion["forwarding_port_ranges"]}"
John Jarvis's avatar
John Jarvis committed
1078
  fqdns                  = "${var.lb_fqdns_bastion}"
1079 1080 1081 1082 1083 1084 1085 1086 1087
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_bastion["health_check_ports"]}"
  instances              = ["${module.bastion.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_bastion["names"])}"
  name                   = "gcp-tcp-lb-bastion"
  names                  = "${var.tcp_lbs_bastion["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
  session_affinity       = "CLIENT_IP"
1088
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1089 1090 1091 1092 1093 1094 1095 1096 1097 1098
  targets                = ["bastion"]
}

##################################
#
#  Consul
#
##################################

module "consul" {
1099
  bootstrap_version     = "${var.bootstrap_script_version}"
1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-consul]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  ip_cidr_range         = "${var.subnetworks["consul"]}"
  machine_type          = "${var.machine_types["consul"]}"
  name                  = "consul"
  node_count            = "${var.node_count["consul"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["consul"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 8300
1113
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133
  tier                  = "inf"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Pubsubbeats
#
#  Machines for running the beats
#  that consume logs from pubsub
#  and send them to elastic cloud
#
#  You must have a chef role with the
#  following format:
#     role[<env>-infra-pubsubbeat-<beat_name>]
#
##################################

module "pubsubbeat" {
1134
  bootstrap_version     = "${var.bootstrap_script_version}"
1135 1136
  chef_provision        = "${var.chef_provision}"
  dns_zone_name         = "${var.dns_zone_name}"
1137
  egress_ports          = "${var.egress_ports}"
1138 1139 1140 1141 1142 1143 1144 1145 1146 1147
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["pubsubbeat"]}"
  machine_types         = "${var.pubsubbeats["machine_types"]}"
  names                 = "${var.pubsubbeats["names"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["pubsubbeat"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
1148
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/pubsubbeat.git?ref=v1.0.4"
1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166
  tier                  = "inf"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Monitoring
#
#  Uses the monitoring module, this
#  creates a single instance behind
#  a load balancer with identity aware
#  proxy enabled.
#
##################################

resource "google_compute_subnetwork" "monitoring" {
  ip_cidr_range            = "${var.subnetworks["monitoring"]}"
Andrew Newdigate's avatar
Andrew Newdigate committed
1167
  enable_flow_logs         = false
1168 1169 1170 1171 1172 1173 1174