main.tf 72.8 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
## State storage
terraform {
  backend "s3" {}
}

## AWS
provider "aws" {
  region = "us-east-1"
}

## Google

provider "google" {
  project = "${var.project}"
  region  = "${var.region}"
16
  version = "~> 1.18.0"
17 18
}

19 20 21 22
resource "google_project_iam_member" "serviceAccountTokenCreator" {
  project = "${var.project}"
  role    = "roles/iam.serviceAccountTokenCreator"
  member  = "serviceAccount:${var.service_account_email}"
23 24
}

25 26 27 28 29
resource "google_project_iam_member" "serviceAccountUser" {
  project = "${var.project}"
  role    = "roles/iam.serviceAccountUser"
  member  = "serviceAccount:${var.service_account_email}"
}
30

31 32 33 34 35
resource "google_project_iam_member" "logging_logWriter" {
  project = "${var.project}"
  role    = "roles/logging.logWriter"
  member  = "serviceAccount:${var.service_account_email}"
}
36

37 38 39 40 41
resource "google_project_iam_member" "pubsub_editor" {
  project = "${var.project}"
  role    = "roles/pubsub.editor"
  member  = "serviceAccount:${var.service_account_email}"
}
42

43 44 45 46 47
resource "google_project_iam_member" "pubsub_publisher" {
  project = "${var.project}"
  role    = "roles/pubsub.publisher"
  member  = "serviceAccount:${var.service_account_email}"
}
48

49 50 51 52
resource "google_project_iam_member" "pubsub_subscriber" {
  project = "${var.project}"
  role    = "roles/pubsub.subscriber"
  member  = "serviceAccount:${var.service_account_email}"
53 54
}

55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
/*
##################################
#
#  NAT gateway
#
#################################
module "nat" {
  source     = "GoogleCloudPlatform/nat-gateway/google"
  region     = "${var.region}"
  network    = "${var.environment}"
}
*/
##################################
#
#  Network
#
#################################

module "network" {
74 75
  environment      = "${var.environment}"
  project          = "${var.project}"
76
  source           = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/vpc.git?ref=v1.0.0"
77
  internal_subnets = "${var.internal_subnets}"
78 79 80 81 82 83 84 85
}

##################################
#
#  Network Peering
#
#################################

86 87 88
resource "google_compute_network_peering" "peering" {
  count        = "${length(var.peer_networks["names"])}"
  name         = "peering-${element(var.peer_networks["names"], count.index)}"
89
  network      = "${var.network_env}"
90
  peer_network = "${element(var.peer_networks["links"], count.index)}"
91 92 93 94 95 96 97 98 99
}

##################################
#
#  Web front-end
#
#################################

module "web" {
100
  bootstrap_version     = "${var.bootstrap_script_version}"
101 102 103
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-web]\""
  dns_zone_name         = "${var.dns_zone_name}"
104
  egress_ports          = "${var.web_egress_ports}"
105 106 107 108 109 110 111
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["web"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["web"]}"
  name                  = "web"
  node_count            = "${var.node_count["web"]}"
112
  os_disk_type          = "pd-ssd"
113 114 115 116 117
  project               = "${var.project}"
  public_ports          = "${var.public_ports["web"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
118
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
119 120 121 122 123
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

John Jarvis's avatar
John Jarvis committed
124 125 126 127 128 129 130
##################################
#
#  Web Canary front-end
#
#################################

module "web-cny" {
131
  bootstrap_version     = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
132 133 134 135 136 137
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-web-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["web"]}"
138
  kernel_version        = "4.13.0-1007"
John Jarvis's avatar
John Jarvis committed
139 140 141 142 143 144 145 146 147
  machine_type          = "${var.machine_types["web"]}"
  name                  = "web-cny"
  node_count            = "${var.node_count["web-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["web"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
148
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
John Jarvis's avatar
John Jarvis committed
149 150 151 152 153 154
  subnetwork_name       = "${module.web.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

155 156 157 158 159 160 161
##################################
#
#  API Canary front-end
#
#################################

module "api-cny" {
162
  bootstrap_version     = "${var.bootstrap_script_version}"
163 164 165 166 167 168
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-api-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["api"]}"
169
  kernel_version        = "4.15.0-1015"
170 171 172 173 174 175 176 177 178
  machine_type          = "${var.machine_types["api"]}"
  name                  = "api-cny"
  node_count            = "${var.node_count["api-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["api"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
179
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
180 181 182 183 184 185 186 187 188 189 190 191 192
  subnetwork_name       = "${module.api.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Git Canary front-end
#
#################################

module "git-cny" {
193
  bootstrap_version     = "${var.bootstrap_script_version}"
194 195 196 197 198 199
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-git-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["git"]}"
200
  kernel_version        = "4.13.0-1007"
201 202 203 204 205 206 207 208 209
  machine_type          = "${var.machine_types["git"]}"
  name                  = "git-cny"
  node_count            = "${var.node_count["git-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["git"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
210
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
211 212 213 214 215 216
  subnetwork_name       = "${module.git.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240
##################################
#
#  Registry Canary front-end
#
#################################

module "registry-cny" {
  bootstrap_version     = "${var.bootstrap_script_version}"
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-registry-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["registry"]}"
  kernel_version        = "4.13.0-1007"
  machine_type          = "${var.machine_types["registry"]}"
  name                  = "registry-cny"
  node_count            = "${var.node_count["registry-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["registry"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
241
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
242 243 244 245 246 247
  subnetwork_name       = "${module.registry.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

248 249 250 251 252 253 254
##################################
#
#  API
#
#################################

module "api" {
255
  bootstrap_version     = "${var.bootstrap_script_version}"
256 257 258 259 260 261
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-api]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["api"]}"
262
  kernel_version        = "4.15.0-1015"
263 264 265
  machine_type          = "${var.machine_types["api"]}"
  name                  = "api"
  node_count            = "${var.node_count["api"]}"
266
  os_disk_type          = "pd-ssd"
267 268 269 270 271
  project               = "${var.project}"
  public_ports          = "${var.public_ports["api"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
272
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
273 274 275 276 277 278 279 280 281 282 283 284
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Git
#
##################################

module "git" {
285
  bootstrap_version     = "${var.bootstrap_script_version}"
286 287 288
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-git]\""
  dns_zone_name         = "${var.dns_zone_name}"
289
  egress_ports          = "${var.egress_ports}"
290 291 292 293 294 295 296
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["git"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["git"]}"
  name                  = "git"
  node_count            = "${var.node_count["git"]}"
297
  os_disk_type          = "pd-ssd"
298 299 300 301 302
  project               = "${var.project}"
  public_ports          = "${var.public_ports["git"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
303
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
304 305 306 307 308
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

Alex Hanselka's avatar
Alex Hanselka committed
309 310 311 312 313 314 315
##################################
#
#  Pages web front-end
#
#################################

module "web-pages" {
316
  bootstrap_version     = "${var.bootstrap_script_version}"
Alex Hanselka's avatar
Alex Hanselka committed
317
  chef_provision        = "${var.chef_provision}"
Alex Hanselka's avatar
Alex Hanselka committed
318
  chef_run_list         = "\"role[${var.environment}-base-fe-web-pages]\""
Alex Hanselka's avatar
Alex Hanselka committed
319 320 321 322 323 324 325 326 327 328 329 330 331 332
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["web-pages"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["web-pages"]}"
  name                  = "web-pages"
  node_count            = "${var.node_count["web-pages"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["web-pages"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
333
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
Alex Hanselka's avatar
Alex Hanselka committed
334 335 336 337 338
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

339 340 341 342 343 344 345
##################################
#
#  registry front-end
#
#################################

module "registry" {
346
  bootstrap_version     = "${var.bootstrap_script_version}"
347 348 349 350 351 352 353 354 355 356 357 358 359 360 361
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-registry]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["registry"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["registry"]}"
  name                  = "registry"
  node_count            = "${var.node_count["registry"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["registry"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
362
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
363 364 365 366 367 368 369 370 371 372 373
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Database
#
#################################

374
module "postgres-dr-archive" {
375
  bootstrap_version     = "${var.bootstrap_script_version}"
376 377
  chef_init_run_list    = "\"recipe[gitlab-server::hack_gitlab_ctl_reconfigure]\""
  chef_provision        = "${var.chef_provision}"
378
  chef_run_list         = "\"role[${var.environment}-base-db-postgres-archive]\""
379 380 381 382
  data_disk_size        = 4000
  data_disk_type        = "pd-ssd"
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
383
  ip_cidr_range         = "${var.subnetworks["db-dr-archive"]}"
384
  kernel_version        = "${var.default_kernel_version}"
385
  machine_type          = "${var.machine_types["db-dr"]}"
386 387 388 389 390 391
  name                  = "postgres-dr-archive"
  node_count            = "1"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["db-dr"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
392
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.3"
393 394 395
  tier                  = "db"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
396
  os_disk_size          = 100
397 398 399
}

module "postgres-dr-delayed" {
400
  bootstrap_version     = "${var.bootstrap_script_version}"
401 402 403 404 405 406 407
  chef_init_run_list    = "\"recipe[gitlab-server::hack_gitlab_ctl_reconfigure]\""
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-db-postgres-delayed]\""
  data_disk_size        = 4000
  data_disk_type        = "pd-ssd"
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
408
  ip_cidr_range         = "${var.subnetworks["db-dr-delayed"]}"
409 410 411 412
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["db-dr"]}"
  name                  = "postgres-dr-delayed"
  node_count            = "1"
413
  project               = "${var.project}"
414
  public_ports          = "${var.public_ports["db-dr"]}"
415 416
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
417
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.3"
418 419 420
  tier                  = "db"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
421
  os_disk_size          = 100
422 423
}

424 425 426
module "postgres-backup" {
  environment                         = "${var.environment}"
  gcs_postgres_backup_service_account = "${var.gcs_postgres_backup_service_account}"
427
  restore_service_account             = "${var.gcs_postgres_restore_service_account}"
428
  kms_key_id                          = "${var.gcs_postgres_backup_kms_key_id}"
429
  source                              = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/database-backup-bucket.git?ref=v1.0.0"
430 431 432
  retention_days                      = "${var.postgres_backup_retention_days}"
}

433 434 435 436 437 438 439 440 441 442 443
#############################################
#
#  GCP Internal TCP LoadBalancer and PgBouncer
#
#############################################

module "gcp-tcp-lb-internal-pgbouncer" {
  backend_service        = "${module.pg-bouncer.google_compute_region_backend_service_self_link}"
  environment            = "${var.environment}"
  external               = false
  forwarding_port_ranges = ["6432"]
444
  fqdns                  = "${var.lb_fqdns_internal_pgbouncer}"
445
  gitlab_zone_id         = "${var.gitlab_net_zone_id}"
446
  health_check_ports     = ["8010"]
447 448 449 450 451 452
  instances              = ["${module.pg-bouncer.instances_self_link}"]
  lb_count               = "1"
  name                   = "gcp-tcp-lb-internal-pgbouncer"
  names                  = ["${var.environment}-pgbouncer"]
  project                = "${var.project}"
  region                 = "${var.region}"
453
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
454 455 456 457 458 459 460
  subnetwork_self_link   = "${module.pg-bouncer.google_compute_subnetwork_self_link}"
  targets                = ["pgbouncer"]
  vpc                    = "${module.network.self_link}"
}

module "pg-bouncer" {
  backend_service_type   = "regional"
461
  bootstrap_version      = "${var.bootstrap_script_version}"
462 463 464 465 466 467
  chef_init_run_list     = "\"recipe[gitlab-server::hack_gitlab_ctl_reconfigure]\""
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-db-pgbouncer]\""
  create_backend_service = true
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
468 469
  health_check           = "http"
  health_check_port      = "8010"
470 471 472 473 474 475 476 477 478
  ip_cidr_range          = "${var.subnetworks["pgb"]}"
  kernel_version         = "${var.default_kernel_version}"
  machine_type           = "${var.machine_types["pgb"]}"
  name                   = "pgbouncer"
  node_count             = "${var.node_count["pgb"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["pgb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
479
  service_path           = "/"
480
  service_port           = 6432
481
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
482 483 484 485 486
  tier                   = "db"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

Ahmad Sherif's avatar
Ahmad Sherif committed
487 488 489 490 491 492 493 494 495 496
#############################################
#
#  GCP Internal TCP LoadBalancer and Patroni
#
#############################################

module "gcp-tcp-lb-internal-patroni" {
  backend_service        = "${module.patroni.google_compute_region_backend_service_self_link}"
  environment            = "${var.environment}"
  external               = false
Ahmad Sherif's avatar
Ahmad Sherif committed
497
  forwarding_port_ranges = ["6432"]
Ahmad Sherif's avatar
Ahmad Sherif committed
498 499 500 501 502 503 504 505 506
  fqdns                  = "${var.lb_fqdns_internal_patroni}"
  gitlab_zone_id         = "${var.gitlab_net_zone_id}"
  health_check_ports     = ["8009"]
  instances              = ["${module.patroni.instances_self_link}"]
  lb_count               = "${var.node_count["patroni"] > 0 ? 1 : 0}"
  name                   = "gcp-tcp-lb-internal-patroni"
  names                  = ["${var.environment}-patroni"]
  project                = "${var.project}"
  region                 = "${var.region}"
507
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
Ahmad Sherif's avatar
Ahmad Sherif committed
508 509 510 511 512 513 514
  subnetwork_self_link   = "${module.patroni.google_compute_subnetwork_self_link}"
  targets                = ["patroni"]
  vpc                    = "${module.network.self_link}"
}

module "patroni" {
  backend_service_type   = "regional"
515
  bootstrap_version      = "${var.bootstrap_script_version}"
Ahmad Sherif's avatar
Ahmad Sherif committed
516 517 518
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-db-patroni]\""
  create_backend_service = true
519
  data_disk_size         = "${var.data_disk_sizes["patroni"]}"
Ahmad Sherif's avatar
Ahmad Sherif committed
520 521 522 523 524 525 526
  data_disk_type         = "pd-ssd"
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  health_check_port      = "8009"
  ip_cidr_range          = "${var.subnetworks["patroni"]}"
  kernel_version         = "${var.default_kernel_version}"
527
  machine_type           = "${var.machine_types["patroni"]}"
Ahmad Sherif's avatar
Ahmad Sherif committed
528 529 530
  name                   = "patroni"
  node_count             = "${var.node_count["patroni"]}"
  project                = "${var.project}"
531
  public_ports           = "${var.public_ports["patroni"]}"
Ahmad Sherif's avatar
Ahmad Sherif committed
532 533 534
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/"
Ahmad Sherif's avatar
Ahmad Sherif committed
535
  service_port           = 6432
536
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor-with-group.git?ref=v1.0.3"
Ahmad Sherif's avatar
Ahmad Sherif committed
537 538 539
  tier                   = "db"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
540
  os_disk_size           = 100
Ahmad Sherif's avatar
Ahmad Sherif committed
541 542
}

543 544 545 546 547 548 549
##################################
#
#  Redis
#
##################################

module "redis" {
550
  allow_stopping_for_update = true
551
  bootstrap_version         = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
552 553 554 555 556
  chef_provision            = "${var.chef_provision}"
  chef_run_list             = "\"role[${var.environment}-base-db-redis-server-single]\""
  data_disk_size            = 52
  data_disk_type            = "pd-ssd"
  dns_zone_name             = "${var.dns_zone_name}"
557
  egress_ports              = "${var.egress_ports}"
John Jarvis's avatar
John Jarvis committed
558 559 560 561 562 563 564 565 566 567
  environment               = "${var.environment}"
  ip_cidr_range             = "${var.subnetworks["redis"]}"
  kernel_version            = "${var.default_kernel_version}"
  machine_type              = "${var.machine_types["redis"]}"
  name                      = "redis"
  node_count                = "${var.node_count["redis"]}"
  project                   = "${var.project}"
  public_ports              = "${var.public_ports["redis"]}"
  region                    = "${var.region}"
  service_account_email     = "${var.service_account_email}"
568
  source                    = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.3"
John Jarvis's avatar
John Jarvis committed
569 570 571
  tier                      = "db"
  use_new_node_name         = true
  vpc                       = "${module.network.self_link}"
572 573 574
}

module "redis-cache" {
575
  bootstrap_version       = "${var.bootstrap_script_version}"
576 577
  chef_provision          = "${var.chef_provision}"
  dns_zone_name           = "${var.dns_zone_name}"
578
  egress_ports            = "${var.egress_ports}"
579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596
  environment             = "${var.environment}"
  ip_cidr_range           = "${var.subnetworks["redis-cache"]}"
  kernel_version          = "${var.default_kernel_version}"
  name                    = "redis-cache"
  project                 = "${var.project}"
  public_ports            = "${var.public_ports["redis-cache"]}"
  redis_chef_run_list     = "\"role[${var.environment}-base-db-redis-server-cache]\""
  redis_count             = "${var.node_count["redis-cache"]}"
  redis_data_disk_size    = 100
  redis_data_disk_type    = "pd-ssd"
  redis_machine_type      = "${var.machine_types["redis-cache"]}"
  region                  = "${var.region}"
  sentinel_chef_run_list  = "\"role[${var.environment}-base-db-redis-sentinel-cache]\""
  sentinel_count          = "${var.node_count["redis-cache-sentinel"]}"
  sentinel_data_disk_size = 100
  sentinel_data_disk_type = "pd-ssd"
  sentinel_machine_type   = "${var.machine_types["redis-cache-sentinel"]}"
  service_account_email   = "${var.service_account_email}"
597
  source                  = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor-redis.git?ref=v1.0.3"
598 599 600 601 602 603 604 605 606 607 608 609
  tier                    = "db"
  use_new_node_name       = true
  vpc                     = "${module.network.self_link}"
}

##################################
#
#  Sidekiq
#
##################################

module "sidekiq" {
610
  bootstrap_version                   = "${var.bootstrap_script_version}"
611 612 613 614 615 616 617 618
  chef_provision                      = "${var.chef_provision}"
  chef_run_list                       = "\"role[${var.environment}-base-be-sidekiq-besteffort]\""
  dns_zone_name                       = "${var.dns_zone_name}"
  environment                         = "${var.environment}"
  ip_cidr_range                       = "${var.subnetworks["sidekiq"]}"
  kernel_version                      = "${var.default_kernel_version}"
  machine_type                        = "${var.machine_types["sidekiq-besteffort"]}"
  name                                = "sidekiq"
619
  os_disk_type                        = "pd-ssd"
620 621 622 623 624 625 626 627 628 629
  project                             = "${var.project}"
  public_ports                        = "${var.public_ports["sidekiq"]}"
  region                              = "${var.region}"
  service_account_email               = "${var.service_account_email}"
  sidekiq_asap_count                  = "${var.node_count["sidekiq-asap"]}"
  sidekiq_asap_instance_type          = "${var.machine_types["sidekiq-asap"]}"
  sidekiq_besteffort_count            = "${var.node_count["sidekiq-besteffort"]}"
  sidekiq_besteffort_instance_type    = "${var.machine_types["sidekiq-besteffort"]}"
  sidekiq_elasticsearch_count         = "${var.node_count["sidekiq-elasticsearch"]}"
  sidekiq_elasticsearch_instance_type = "${var.machine_types["sidekiq-elasticsearch"]}"
630 631
  sidekiq_import_count                = "${var.node_count["sidekiq-import"]}"
  sidekiq_import_instance_type        = "${var.machine_types["sidekiq-import"]}"
632 633 634 635 636 637 638 639 640 641
  sidekiq_pages_count                 = "${var.node_count["sidekiq-pages"]}"
  sidekiq_pages_instance_type         = "${var.machine_types["sidekiq-pages"]}"
  sidekiq_pipeline_count              = "${var.node_count["sidekiq-pipeline"]}"
  sidekiq_pipeline_instance_type      = "${var.machine_types["sidekiq-pipeline"]}"
  sidekiq_pullmirror_count            = "${var.node_count["sidekiq-pullmirror"]}"
  sidekiq_pullmirror_instance_type    = "${var.machine_types["sidekiq-pullmirror"]}"
  sidekiq_realtime_count              = "${var.node_count["sidekiq-realtime"]}"
  sidekiq_realtime_instance_type      = "${var.machine_types["sidekiq-realtime"]}"
  sidekiq_traces_count                = "${var.node_count["sidekiq-traces"]}"
  sidekiq_traces_instance_type        = "${var.machine_types["sidekiq-traces"]}"
642
  source                              = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-sidekiq.git?ref=v1.0.1"
643 644 645 646 647 648 649 650 651 652 653 654
  tier                                = "sv"
  use_new_node_name                   = true
  vpc                                 = "${module.network.self_link}"
}

##################################
#
#  Mailroom
#
##################################

module "mailroom" {
655
  bootstrap_version     = "${var.bootstrap_script_version}"
656 657 658 659 660 661 662 663 664 665
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-be-mailroom]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["mailroom"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["mailroom"]}"
  name                  = "mailroom"
  node_count            = "${var.node_count["mailroom"]}"
666
  os_disk_type          = "pd-ssd"
667 668 669 670 671
  project               = "${var.project}"
  public_ports          = "${var.public_ports["mailroom"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
672
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
673 674 675 676 677 678 679 680 681 682 683 684
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Storage nodes for repositories
#
##################################

module "file" {
685
  bootstrap_version     = "${var.bootstrap_script_version}"
686
  chef_provision        = "${var.chef_provision}"
John Jarvis's avatar
John Jarvis committed
687
  chef_run_list         = "\"role[${var.environment}-base-stor-gitaly]\""
John Jarvis's avatar
John Jarvis committed
688
  deletion_protection   = true
689 690 691
  data_disk_size        = "${var.data_disk_sizes["file"]}"
  data_disk_type        = "pd-ssd"
  dns_zone_name         = "${var.dns_zone_name}"
692
  egress_ports          = "${var.egress_ports}"
693 694 695 696 697 698
  environment           = "${var.environment}"
  ip_cidr_range         = "${var.subnetworks["stor"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["stor"]}"
  name                  = "file"
  node_count            = "${var.node_count["stor"]}"
Alex Hanselka's avatar
Alex Hanselka committed
699
  multizone_node_count  = "${var.node_count["multizone-stor"]}"
700
  os_disk_type          = "pd-ssd"
701 702 703 704
  project               = "${var.project}"
  public_ports          = "${var.public_ports["stor"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
705
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.3"
706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722
  tier                  = "stor"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
  zone                  = "us-east1-c"
}

##################################
#
#  Storage nodes for
#  uploads/lfs/pages/artifacts/builds/cache
#
#  share:
#    gitlab-ci/builds
#    gitlab-rails/shared/cache
#    gitlab-rails/shared/tmp
#    gitlab-rails/uploads
#    gitlab-rails/shared/lfs-objects
723
#    gitlab-rails/shared/artifacts
724 725 726 727 728 729 730
#
#  pages:
#    gitlab-rails/shared/pages
#
##################################

module "share" {
731
  bootstrap_version     = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
732
  deletion_protection   = true
733
  chef_provision        = "${var.chef_provision}"
John Jarvis's avatar
John Jarvis committed
734
  chef_run_list         = "\"role[${var.environment}-base-stor-nfs-server]\""
735
  data_disk_size        = "${var.data_disk_sizes["share"]}"
736
  data_disk_type        = "pd-ssd"
737 738
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
739
  egress_ports          = "${var.egress_ports}"
740 741
  ip_cidr_range         = "${var.subnetworks["share"]}"
  kernel_version        = "${var.default_kernel_version}"
742
  machine_type          = "${var.machine_types["stor-share"]}"
743 744
  name                  = "share"
  node_count            = "${var.node_count["share"]}"
745
  os_disk_type          = "pd-ssd"
746 747 748 749
  project               = "${var.project}"
  public_ports          = "${var.public_ports["stor"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
750
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.3"
751 752 753 754 755
  tier                  = "stor"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

756
## Pages has a DNS entry for failover rsync
757 758
## This and leaving port 22 open can be removed
## after failover.
759 760 761 762 763 764 765 766 767

resource "aws_route53_record" "pages" {
  zone_id = "${var.gitlab_net_zone_id}"
  name    = "pages.stor.${var.environment}.gitlab.net"
  type    = "A"
  ttl     = "300"
  records = ["${module.pages.instance_public_ips}"]
}

768
module "pages" {
769
  bootstrap_version     = "${var.bootstrap_script_version}"
770
  chef_provision        = "${var.chef_provision}"
John Jarvis's avatar
John Jarvis committed
771
  chef_run_list         = "\"role[${var.environment}-base-stor-nfs-server]\""
John Jarvis's avatar
John Jarvis committed
772
  deletion_protection   = true
773
  data_disk_size        = "${var.data_disk_sizes["pages"]}"
774
  data_disk_type        = "pd-ssd"
775
  dns_zone_name         = "${var.dns_zone_name}"
776
  egress_ports          = "${var.egress_ports}"
777 778 779
  environment           = "${var.environment}"
  ip_cidr_range         = "${var.subnetworks["pages"]}"
  kernel_version        = "${var.default_kernel_version}"
780
  machine_type          = "${var.machine_types["stor-pages"]}"
781 782
  name                  = "pages"
  node_count            = "${var.node_count["pages"]}"
783
  os_disk_type          = "pd-ssd"
784
  project               = "${var.project}"
785
  public_ports          = "${var.public_ports["stor"]}"
786 787
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
788
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.3"
789 790
  tier                  = "stor"
  use_new_node_name     = true
791
  use_external_ip       = true
792 793 794 795 796
  vpc                   = "${module.network.self_link}"
}

##################################
#
John Jarvis's avatar
John Jarvis committed
797
#  External HAProxy LoadBalancer
798 799 800 801
#
##################################

module "fe-lb" {
802
  backend_service_type   = "regional"
803
  bootstrap_version      = "${var.bootstrap_script_version}"
804 805
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-lb-fe]\""
806
  create_backend_service = true
807 808 809 810
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  ip_cidr_range          = "${var.subnetworks["fe-lb"]}"
811
  kernel_version         = "4.15.0-1030"
812 813 814 815 816 817 818 819 820
  machine_type           = "${var.machine_types["fe-lb"]}"
  name                   = "fe"
  node_count             = "${var.node_count["fe-lb"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["fe-lb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/-/available-https"
  service_port           = 8002
821
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
822 823 824 825 826 827 828
  tier                   = "lb"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

##################################
#
John Jarvis's avatar
John Jarvis committed
829
#  External HAProxy LoadBalancer Pages
830 831 832 833
#
##################################

module "fe-lb-pages" {
834
  bootstrap_version     = "${var.bootstrap_script_version}"
835 836 837 838 839 840 841 842 843 844 845 846 847 848 849
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-lb-pages]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "http"
  ip_cidr_range         = "${var.subnetworks["fe-lb-pages"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["fe-lb"]}"
  name                  = "fe-pages"
  node_count            = "${var.node_count["fe-lb-pages"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["fe-lb"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 7331
850
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
851 852 853 854 855 856 857
  tier                  = "lb"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
John Jarvis's avatar
John Jarvis committed
858
#  External HAProxy LoadBalancer AltSSH
859 860 861 862
#
##################################

module "fe-lb-altssh" {
863
  bootstrap_version     = "${var.bootstrap_script_version}"
864 865 866
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-lb-altssh]\""
  dns_zone_name         = "${var.dns_zone_name}"
867
  egress_ports          = "${var.egress_ports}"
868 869 870 871 872 873 874 875 876 877 878 879
  environment           = "${var.environment}"
  health_check          = "http"
  ip_cidr_range         = "${var.subnetworks["fe-lb-altssh"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["fe-lb"]}"
  name                  = "fe-altssh"
  node_count            = "${var.node_count["fe-lb-altssh"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["fe-lb"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 7331
880
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
881 882 883 884 885
  tier                  = "lb"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

886 887 888 889 890 891 892
##################################
#
#  External HAProxy LoadBalancer Registry
#
##################################

module "fe-lb-registry" {
893
  bootstrap_version      = "${var.bootstrap_script_version}"
894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-lb-registry]\""
  create_backend_service = true
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  ip_cidr_range          = "${var.subnetworks["fe-lb-registry"]}"
  kernel_version         = "${var.default_kernel_version}"
  machine_type           = "${var.machine_types["fe-lb"]}"
  name                   = "fe-registry"
  node_count             = "${var.node_count["fe-lb-registry"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["fe-lb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/-/available-https"
  service_port           = 8002
911
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
912 913 914 915 916
  tier                   = "lb"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

John Jarvis's avatar
John Jarvis committed
917 918 919 920 921 922 923
##################################
#
#  External HAProxy LoadBalancer Canary
#
##################################

module "fe-lb-cny" {
924
  bootstrap_version      = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-lb-cny]\""
  create_backend_service = true
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  ip_cidr_range          = "${var.subnetworks["fe-lb-cny"]}"
  kernel_version         = "${var.default_kernel_version}"
  machine_type           = "${var.machine_types["fe-lb"]}"
  name                   = "fe-cny"
  node_count             = "${var.node_count["fe-lb-cny"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["fe-lb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/-/available-https"
  service_port           = 8002
942
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
John Jarvis's avatar
John Jarvis committed
943 944 945 946 947
  tier                   = "lb"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

948 949 950 951 952 953 954 955 956 957
##################################
#
#  GCP TCP LoadBalancers
#
##################################

#### Load balancer for the main site
module "gcp-tcp-lb" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs["forwarding_port_ranges"]}"
958
  fqdns                  = "${var.lb_fqdns}"
Alex Hanselka's avatar
Alex Hanselka committed
959
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
960 961 962 963 964 965 966
  health_check_ports     = "${var.tcp_lbs["health_check_ports"]}"
  instances              = ["${module.fe-lb.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs["names"])}"
  name                   = "gcp-tcp-lb"
  names                  = "${var.tcp_lbs["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
967
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
968 969 970 971 972 973 974 975 976 977 978
  targets                = ["fe"]
}

##################################
#
#  GCP Internal TCP LoadBalancers
#
##################################

###### Internal Load balancer for the main site
module "gcp-tcp-lb-internal" {
979
  backend_service        = "${module.fe-lb.google_compute_region_backend_service_self_link}"
980 981 982
  environment            = "${var.environment}"
  external               = false
  forwarding_port_ranges = "${var.tcp_lbs_internal["forwarding_port_ranges"]}"
983
  fqdns                  = "${var.lb_fqdns_internal}"
984 985 986 987 988 989 990 991
  gitlab_zone_id         = "${var.gitlab_net_zone_id}"
  health_check_ports     = "${var.tcp_lbs_internal["health_check_ports"]}"
  instances              = ["${module.fe-lb.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_internal["names"])}"
  name                   = "gcp-tcp-lb-internal"
  names                  = "${var.tcp_lbs_internal["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
992
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
993 994 995 996 997 998 999 1000 1001
  subnetwork_self_link   = "${module.fe-lb.google_compute_subnetwork_self_link}"
  targets                = ["fe"]
  vpc                    = "${module.network.self_link}"
}

#### Load balancer for pages
module "gcp-tcp-lb-pages" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_pages["forwarding_port_ranges"]}"
1002 1003
  fqdns                  = "${var.lb_fqdns_pages}"
  gitlab_zone_id         = "${var.gitlab_io_zone_id}"
1004 1005 1006 1007 1008 1009 1010
  health_check_ports     = "${var.tcp_lbs_pages["health_check_ports"]}"
  instances              = ["${module.fe-lb-pages.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_pages["names"])}"
  name                   = "gcp-tcp-lb-pages"
  names                  = "${var.tcp_lbs_pages["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
1011
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1012 1013 1014 1015 1016 1017 1018
  targets                = ["fe-pages"]
}

#### Load balancer for altssh
module "gcp-tcp-lb-altssh" {
  environment                = "${var.environment}"
  forwarding_port_ranges     = "${var.tcp_lbs_altssh["forwarding_port_ranges"]}"
1019
  fqdns                      = "${var.lb_fqdns_altssh}"
1020 1021 1022 1023 1024 1025 1026 1027 1028
  gitlab_zone_id             = "${var.gitlab_com_zone_id}"
  health_check_ports         = "${var.tcp_lbs_altssh["health_check_ports"]}"
  health_check_request_paths = "${var.tcp_lbs_altssh["health_check_request_paths"]}"
  instances                  = ["${module.fe-lb-altssh.instances_self_link}"]
  lb_count                   = "${length(var.tcp_lbs_altssh["names"])}"
  name                       = "gcp-tcp-lb-altssh"
  names                      = "${var.tcp_lbs_altssh["names"]}"
  project                    = "${var.project}"
  region                     = "${var.region}"
1029
  source                     = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1030 1031 1032
  targets                    = ["fe-altssh"]
}

1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045
#### Load balancer for registry
module "gcp-tcp-lb-registry" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_registry["forwarding_port_ranges"]}"
  fqdns                  = "${var.lb_fqdns_registry}"
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_registry["health_check_ports"]}"
  instances              = ["${module.fe-lb-registry.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_registry["names"])}"
  name                   = "gcp-tcp-lb-registry"
  names                  = "${var.tcp_lbs_registry["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
1046
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1047 1048 1049
  targets                = ["fe-registry"]
}

John Jarvis's avatar
John Jarvis committed
1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062
#### Load balancer for cny
module "gcp-tcp-lb-cny" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_cny["forwarding_port_ranges"]}"
  fqdns                  = "${var.lb_fqdns_cny}"
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_cny["health_check_ports"]}"
  instances              = ["${module.fe-lb-cny.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_cny["names"])}"
  name                   = "gcp-tcp-lb-cny"
  names                  = "${var.tcp_lbs_cny["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
1063
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
John Jarvis's avatar
John Jarvis committed
1064 1065 1066
  targets                = ["fe-cny"]
}

1067 1068 1069 1070
#### Load balancer for bastion
module "gcp-tcp-lb-bastion" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_bastion["forwarding_port_ranges"]}"
1071
  fqdns                  = "${var.lb_fqdns_bastion}"
1072 1073 1074 1075 1076 1077 1078 1079 1080
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_bastion["health_check_ports"]}"
  instances              = ["${module.bastion.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_bastion["names"])}"
  name                   = "gcp-tcp-lb-bastion"
  names                  = "${var.tcp_lbs_bastion["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
  session_affinity       = "CLIENT_IP"
1081
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1082 1083 1084 1085 1086 1087 1088 1089 1090 1091
  targets                = ["bastion"]
}

##################################
#
#  Consul
#
##################################

module "consul" {
1092
  bootstrap_version     = "${var.bootstrap_script_version}"
1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-consul]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  ip_cidr_range         = "${var.subnetworks["consul"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["consul"]}"
  name                  = "consul"
  node_count            = "${var.node_count["consul"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["consul"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 8300
1107
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127
  tier                  = "inf"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Pubsubbeats
#
#  Machines for running the beats
#  that consume logs from pubsub
#  and send them to elastic cloud
#
#  You must have a chef role with the
#  following format:
#     role[<env>-infra-pubsubbeat-<beat_name>]
#
##################################

module "pubsubbeat" {
1128
  bootstrap_version     = "${var.bootstrap_script_version}"
1129 1130
  chef_provision        = "${var.chef_provision}"
  dns_zone_name         = "${var.dns_zone_name}"
1131
  egress_ports          = "${var.egress_ports}"
1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["pubsubbeat"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_types         = "${var.pubsubbeats["machine_types"]}"
  names                 = "${var.pubsubbeats["names"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["pubsubbeat"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
1143
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/pubsubbeat.git?ref=v1.0.3"
1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161
  tier                  = "inf"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Monitoring
#
#  Uses the monitoring module, this
#  creates a single instance behind
#  a load balancer with identity aware
#  proxy enabled.
#
##################################

resource "google_compute_subnetwork" "monitoring" {
  ip_cidr_range            = "${var.subnetworks["monitoring"]}"
Andrew Newdigate's avatar
Andrew Newdigate committed
1162
  enable_flow_logs         = false
1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179
  name                     = "${format("monitoring-%v", var.environment)}"
  network                  = "${module.network.self_link}"
  private_ip_google_access = true
  project                  = "${var.project}"
  region                   = "${var.region}"
}

#######################
#
# load balancer for all hosts in this section
#
#######################

module "monitoring-lb" {
  cert_link          = "${var.monitoring_cert_link}"
  environment        = "${var.environment}"
  gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
1180
  hosts              = ["${var.monitoring_hosts["names"]}"]
1181 1182 1183
  name               = "monitoring-lb"
  project            = "${var.project}"
  region             = "${var.region}"
1184
  service_ports      = ["${var.monitoring_hosts["ports"]}"]
1185
  source             = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/monitoring-lb.git?ref=v1.0.0"
1186
  subnetwork_name    = "${google_compute_subnetwork.monitoring.name}"
1187
  targets            = ["${var.monitoring_hosts["names"]}"]
1188 1189 1190 1191 1192
  url_map            = "${google_compute_url_map.monitoring-lb.self_link}"
}

#######################
module "prometheus" {
1193
  bootstrap_version     = "${var.bootstrap_script_version}"
1194 1195
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-prometheus]\""
Ahmad Sherif's avatar
Ahmad Sherif committed
1196 1197
  data_disk_size        = "${var.data_disk_sizes["prometheus"]}"
  data_disk_type        = "pd-ssd"
1198 1199
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
1200 1201
  fw_whitelist_subnets  = "${concat(var.monitoring_whitelist_prometheus["subnets"], var.other_monitoring_subnets)}"
  fw_whitelist_ports    = "${var.monitoring_whitelist_prometheus["ports"]}"
1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["monitoring"]}"
  name                  = "prometheus"
  node_count            = "${var.node_count["prometheus"]}"
  oauth2_client_id      = "${var.oauth2_client_id_monitoring}"
  oauth2_client_secret  = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path  = "/opt/prometheus"
  project               = "${var.project}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_path          = "/graph"
1213
  service_port          = "${element(var.monitoring_hosts["ports"], index(var.monitoring_hosts["names"], "prometheus"))}"
1214
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/monitoring-with-count.git?ref=v1.0.4"
1215 1216
  subnetwork_name       = "${google_compute_subnetwork.monitoring.name}"
  tier                  = "inf"
1217
  use_external_ip       = true
1218
  use_new_node_name     = true
1219
  vpc                   = "${module.network.self_link}"
1220 1221 1222
}

module "prometheus-app" {
1223
  bootstrap_version     = "${var.bootstrap_script_version}"
1224 1225
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-prometheus-app]\""
Ahmad Sherif's avatar
Ahmad Sherif committed
1226 1227
  data_disk_size        = "${var.data_disk_sizes["prometheus"]}"
  data_disk_type        = "pd-ssd"
1228 1229
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
1230 1231
  fw_whitelist_subnets  = "${concat(var.monitoring_whitelist_prometheus["subnets"], var.other_monitoring_subnets)}"
  fw_whitelist_ports    = "${var.monitoring_whitelist_prometheus["ports"]}"
1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["monitoring"]}"
  name                  = "prometheus-app"
  node_count            = "${var.node_count["prometheus-app"]}"
  oauth2_client_id      = "${var.oauth2_client_id_monitoring}"
  oauth2_client_secret  = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path  = "/opt/prometheus"
  project               = "${var.project}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_path          = "/graph"
1243
  service_port          = "${element(var.monitoring_hosts["ports"], index(var.monitoring_hosts["names"], "prometheus-app"))}"
1244
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/monitoring-with-count.git?ref=v1.0.4"
1245 1246
  subnetwork_name       = "${google_compute_subnetwork.monitoring.name}"
  tier                  = "inf"
1247
  use_external_ip       = true
1248
  use_new_node_name     = true
1249
  vpc                   = "${module.network.self_link}"
1250 1251
}

Yun Guo's avatar
Yun Guo committed
1252 1253 1254 1255
module "prometheus-db" {
  bootstrap_version     = "${var.bootstrap_script_version}"
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-prometheus-db]\""
Ahmad Sherif's avatar
Ahmad Sherif committed
1256 1257
  data_disk_size        = "${var.data_disk_sizes["prometheus"]}"
  data_disk_type        = "pd-ssd"
Yun Guo's avatar
Yun Guo committed
1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  fw_whitelist_subnets  = "${concat(var.monitoring_whitelist_prometheus["subnets"], var.other_monitoring_subnets)}"
  fw_whitelist_ports    = "${var.monitoring_whitelist_prometheus["ports"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["monitoring"]}"
  name                  = "prometheus-db"
  node_count            = "${var.node_count["prometheus-db"]}"
  oauth2_client_id      = "${var.oauth2_client_id_monitoring}"
  oauth2_client_secret  = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path  = "/opt/prometheus"
  project               = "${var.project}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_path          = "/graph"
  service_port          = "${element(var.monitoring_hosts["ports"], index(var.monitoring_hosts["names"], "prometheus-db"))}"
1274
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/monitoring-with-count.git?ref=v1.0.4"
Yun Guo's avatar
Yun Guo committed
1275 1276 1277 1278 1279 1280 1281
  subnetwork_name       = "${google_compute_subnetwork.monitoring.name}"
  tier                  = "inf"
  use_external_ip       = true
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

1282
module "alerts" {
1283
  bootstrap_version     = "${var.bootstrap_script_version}"
1284 1285 1286 1287 1288 1289
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-alerts]\""
  data_disk_size        = 100
  data_disk_type        = "pd-standard"
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
1290 1291
  fw_whitelist_subnets  = "${concat(var.monitoring_whitelist_alerts["subnets"], var.other_monitoring_subnets)}"
  fw_whitelist_ports    = "${var.monitoring_whitelist_alerts["ports"]}"