variables.tf 7.19 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
variable "project" {
  default = "gitlab-ops"
}

variable "region" {
  default = "us-east1"
}

variable "environment" {
  default = "ops"
}

variable "dns_zone_name" {
  default = "gitlab.net"
}

Hendrik Meyer's avatar
Hendrik Meyer committed
17 18 19 20
variable "default_kernel_version" {
  default = "4.15.0-1015"
}

21
variable "bootstrap_script_version" {
22
  default = 8
23 24
}

25 26
variable "oauth2_client_id_log_proxy" {}
variable "oauth2_client_secret_log_proxy" {}
John Jarvis's avatar
John Jarvis committed
27 28
variable "oauth2_client_id_dashboards" {}
variable "oauth2_client_secret_dashboards" {}
John Jarvis's avatar
John Jarvis committed
29 30
variable "oauth2_client_id_gitlab_ops" {}
variable "oauth2_client_secret_gitlab_ops" {}
31

32 33 34
variable "oauth2_client_id_monitoring" {}
variable "oauth2_client_secret_monitoring" {}

35 36 37 38
variable "machine_types" {
  type = "map"

  default = {
39
    "alerts"                = "n1-standard-1"
40
    "aptly"                 = "n1-standard-1"
41 42 43
    "log-proxy"             = "n1-standard-1"
    "proxy"                 = "n1-standard-1"
    "bastion"               = "n1-standard-1"
44 45
    "dashboards"            = "n1-standard-2"
    "dashboards-com"        = "n1-standard-4"
46
    "monitor"               = "n1-standard-8"
47
    "monitoring"            = "n1-standard-2"
John Jarvis's avatar
John Jarvis committed
48
    "gitlab-dev"            = "n1-standard-8"
49
    "gitlab-ops"            = "n1-standard-16"
50
    "runner-build"          = "n1-standard-32"
51 52 53
    "runner-chatops"        = "n1-standard-8"
    "runner-release"        = "n1-standard-8"
    "runner-release-single" = "n1-standard-1"
54
    "runner-snapshots"      = "n1-standard-1"
55 56 57
    "blackbox"              = "n1-standard-1"
    "sentry"                = "n1-standard-16"
    "sd-exporter"           = "n1-standard-1"
Ahmad Sherif's avatar
Ahmad Sherif committed
58
    "thanos-compact"        = "n1-standard-2"
59
    "thanos-query"          = "n1-standard-2"
Ahmad Sherif's avatar
Ahmad Sherif committed
60
    "thanos-store"          = "n1-highmem-8"
61
    "gke-runner"            = "n1-standard-2"
62
    "nessus"                = "n1-standard-4"
63 64 65 66 67 68 69
  }
}

variable "monitoring_hosts" {
  type = "map"

  default = {
Ahmad Sherif's avatar
Ahmad Sherif committed
70 71
    "names" = ["alerts", "prometheus", "prometheus-app", "thanos-query"]
    "ports" = [9093, 9090, 9090, 10902]
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87
  }
}

variable "service_account_email" {
  type = "string"

  default = "[email protected]"
}

# The ops network is allocated
# 10.250.0.0/16

variable "subnetworks" {
  type = "map"

  default = {
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
    "logging"          = "10.250.1.0/24"
    "bastion"          = "10.250.2.0/24"
    "dashboards"       = "10.250.3.0/24"
    "gitlab-ops"       = "10.250.4.0/24"
    "proxy"            = "10.250.5.0/24"
    "monitor"          = "10.250.6.0/24"
    "runner"           = "10.250.7.0/24"
    "monitoring"       = "10.250.8.0/24"
    "sentry"           = "10.250.9.0/24"
    "runner-chatops"   = "10.250.10.0/24"
    "dashboards-com"   = "10.250.11.0/24"
    "runner-release"   = "10.250.12.0/24"
    "gitlab-ops-geo"   = "10.250.13.0/24"
    "pubsubbeat"       = "10.250.14.0/24"
    "sd-exporter"      = "10.250.15.0/24"
    "gke-runner"       = "10.250.16.0/24"
    "runner-snapshots" = "10.250.17.0/24"
Ahmad Sherif's avatar
Ahmad Sherif committed
105 106
    "thanos-store"     = "10.250.18.0/24"
    "thanos-compact"   = "10.250.19.0/24"
107
    "aptly"            = "10.250.20.0/24"
John Jarvis's avatar
John Jarvis committed
108
    "gitlab-dev"       = "10.250.21.0/24"
109 110 111 112 113 114 115
  }
}

variable "public_ports" {
  type = "map"

  default = {
116 117 118 119
    "log-proxy"   = []
    "proxy"       = []
    "bastion"     = [22]
    "dashboards"  = []
John Jarvis's avatar
John Jarvis committed
120
    "gitlab-dev"  = [443, 80, 22, 5005]
121 122 123 124 125 126
    "gitlab-ops"  = [443, 80, 22, 5005]
    "pubsubbeat"  = []
    "runner"      = []
    "blackbox"    = []
    "sentry"      = [443, 80]
    "sd-exporter" = []
Ahmad Sherif's avatar
Ahmad Sherif committed
127
    "thanos"      = []
128
    "nessus"      = [8834]
129
    "aptly"       = [80]
130 131 132 133 134 135 136
  }
}

variable "node_count" {
  type = "map"

  default = {
Ben Kochie's avatar
Ben Kochie committed
137
    "alerts"         = 2
138 139 140
    "bastion"        = 1
    "blackbox"       = 1
    "dashboards"     = 1
John Jarvis's avatar
John Jarvis committed
141
    "gitlab-dev"     = 1
142
    "gitlab-ops"     = 1
143
    "nessus"         = 1
144 145 146
    "prometheus"     = 1
    "prometheus-app" = 1
    "runner"         = 1
Ahmad Sherif's avatar
Ahmad Sherif committed
147
    "sentry"         = 1
148
    "sd-exporter"    = 1
Ahmad Sherif's avatar
Ahmad Sherif committed
149
    "thanos-compact" = 1
Ahmad Sherif's avatar
Ahmad Sherif committed
150
    "thanos-query"   = 1
Ahmad Sherif's avatar
Ahmad Sherif committed
151
    "thanos-store"   = 1
152 153 154 155 156 157 158 159
  }
}

variable "chef_provision" {
  type        = "map"
  description = "Configuration details for chef server"

  default = {
Alex Hanselka's avatar
Alex Hanselka committed
160
    bootstrap_bucket  = "gitlab-ops-chef-bootstrap"
161 162 163 164 165 166
    bootstrap_key     = "gitlab-ops-bootstrap-validation"
    bootstrap_keyring = "gitlab-ops-bootstrap"

    server_url    = "https://chef.gitlab.com/organizations/gitlab/"
    user_name     = "gitlab-ci"
    user_key_path = ".chef.pem"
Ahmad Sherif's avatar
Ahmad Sherif committed
167
    version       = "12.22.5"
168 169 170
  }
}

171 172 173 174
variable "monitoring_cert_link" {
  default = "projects/gitlab-ops/global/sslCertificates/wildcard-ops-gitlab-net"
}

175 176 177
variable "lb_fqdns_bastion" {
  type    = "list"
  default = ["lb-bastion.ops.gitlab.com"]
178 179
}

John Jarvis's avatar
John Jarvis committed
180 181 182 183
variable "network_testbed" {
  default = "https://www.googleapis.com/compute/v1/projects/gitlab-testbed/global/networks/testbed"
}

184 185 186 187 188 189 190 191 192 193 194 195
variable "network_ops" {
  default = "https://www.googleapis.com/compute/v1/projects/gitlab-ops/global/networks/ops"
}

variable "network_gprd" {
  default = "https://www.googleapis.com/compute/v1/projects/gitlab-production/global/networks/gprd"
}

variable "network_gstg" {
  default = "https://www.googleapis.com/compute/v1/projects/gitlab-staging-1/global/networks/gstg"
}

196 197 198 199
variable "network_dr" {
  default = "https://www.googleapis.com/compute/v1/projects/gitlab-dr/global/networks/dr"
}

John Jarvis's avatar
John Jarvis committed
200 201 202 203
variable "network_pre" {
  default = "https://www.googleapis.com/compute/v1/projects/gitlab-pre/global/networks/pre"
}

204 205 206 207 208 209 210 211 212
variable "tcp_lbs_bastion" {
  type = "map"

  default = {
    "names"                  = ["ssh"]
    "forwarding_port_ranges" = ["22"]
    "health_check_ports"     = ["80"]
  }
}
John Jarvis's avatar
John Jarvis committed
213

Ahmad Sherif's avatar
Ahmad Sherif committed
214 215 216 217 218 219 220 221 222 223 224
variable "tcp_lbs_sentry" {
  type = "map"

  default = {
    "names"                      = ["http", "https"]
    "forwarding_port_ranges"     = ["80", "443"]
    "health_check_ports"         = ["9000", "9000"]
    "health_check_request_paths" = ["/auth/login/gitlab/", "/auth/login/gitlab/"]
  }
}

225 226 227 228 229 230 231 232 233 234
variable "tcp_lbs_aptly" {
  type = "map"

  default = {
    "names"                  = ["http", "https"]
    "forwarding_port_ranges" = ["80", "443"]
    "health_check_ports"     = ["80", "80"]
  }
}

John Jarvis's avatar
John Jarvis committed
235 236 237
variable "log_gitlab_net_cert_link" {
  default = "projects/gitlab-ops/global/sslCertificates/log-gitlab-net"
}
John Northrup's avatar
John Northrup committed
238

John Jarvis's avatar
John Jarvis committed
239 240 241 242
variable "ops_gitlab_net_cert_link" {
  default = "projects/gitlab-ops/global/sslCertificates/ops-gitlab-net"
}

John Jarvis's avatar
John Jarvis committed
243
variable "dashboards_gitlab_net_cert_link" {
John Northrup's avatar
John Northrup committed
244
  default = "projects/gitlab-ops/global/sslCertificates/dashboards-gitlab-net-2019"
245
}
John Jarvis's avatar
John Jarvis committed
246

247 248 249 250
variable "dashboards_gitlab_com_cert_link" {
  default = "projects/gitlab-ops/global/sslCertificates/dashboards-gitlab-com"
}

John Jarvis's avatar
John Jarvis committed
251 252 253 254
variable "gcs_service_account_email" {
  type    = "string"
  default = "[email protected]"
}
Yun Guo's avatar
Yun Guo committed
255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270

# Service account used to do automated backup testing
# in https://gitlab.com/gitlab-restore/postgres-gprd

variable "gcs_postgres_backup_service_account" {
  type    = "string"
  default = "[email protected]"
}

variable "gcs_postgres_restore_service_account" {
  type    = "string"
  default = "[email protected]t.com"
}

variable "gcs_postgres_backup_kms_key_id" {
  type    = "string"
271
  default = "projects/gitlab-ops/locations/global/keyRings/gitlab-secrets/cryptoKeys/ops-postgres-wal-archive"
Yun Guo's avatar
Yun Guo committed
272 273 274 275 276 277
}

variable "postgres_backup_retention_days" {
  type    = "string"
  default = "5"
}