main.tf 72.5 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
## State storage
terraform {
  backend "s3" {}
}

## AWS
provider "aws" {
  region = "us-east-1"
}

## Google

provider "google" {
  project = "${var.project}"
  region  = "${var.region}"
16
  version = "~> 2.6.0"
17 18
}

19 20 21 22
resource "google_project_iam_member" "serviceAccountTokenCreator" {
  project = "${var.project}"
  role    = "roles/iam.serviceAccountTokenCreator"
  member  = "serviceAccount:${var.service_account_email}"
23 24
}

25 26 27 28 29
resource "google_project_iam_member" "serviceAccountUser" {
  project = "${var.project}"
  role    = "roles/iam.serviceAccountUser"
  member  = "serviceAccount:${var.service_account_email}"
}
30

31 32 33 34 35
resource "google_project_iam_member" "logging_logWriter" {
  project = "${var.project}"
  role    = "roles/logging.logWriter"
  member  = "serviceAccount:${var.service_account_email}"
}
36

37 38 39 40 41
resource "google_project_iam_member" "pubsub_editor" {
  project = "${var.project}"
  role    = "roles/pubsub.editor"
  member  = "serviceAccount:${var.service_account_email}"
}
42

43 44 45 46 47
resource "google_project_iam_member" "pubsub_publisher" {
  project = "${var.project}"
  role    = "roles/pubsub.publisher"
  member  = "serviceAccount:${var.service_account_email}"
}
48

49 50 51 52
resource "google_project_iam_member" "pubsub_subscriber" {
  project = "${var.project}"
  role    = "roles/pubsub.subscriber"
  member  = "serviceAccount:${var.service_account_email}"
53 54
}

55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
/*
##################################
#
#  NAT gateway
#
#################################
module "nat" {
  source     = "GoogleCloudPlatform/nat-gateway/google"
  region     = "${var.region}"
  network    = "${var.environment}"
}
*/
##################################
#
#  Network
#
#################################

module "network" {
74 75
  environment      = "${var.environment}"
  project          = "${var.project}"
76
  source           = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/vpc.git?ref=v1.0.0"
77
  internal_subnets = "${var.internal_subnets}"
78 79 80 81 82 83 84 85
}

##################################
#
#  Network Peering
#
#################################

86 87 88
resource "google_compute_network_peering" "peering" {
  count        = "${length(var.peer_networks["names"])}"
  name         = "peering-${element(var.peer_networks["names"], count.index)}"
89
  network      = "${var.network_env}"
90
  peer_network = "${element(var.peer_networks["links"], count.index)}"
91 92 93 94 95 96 97 98 99
}

##################################
#
#  Web front-end
#
#################################

module "web" {
100
  bootstrap_version     = "${var.bootstrap_script_version}"
101 102 103
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-web]\""
  dns_zone_name         = "${var.dns_zone_name}"
104
  egress_ports          = "${var.web_egress_ports}"
105 106 107 108 109 110 111
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["web"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["web"]}"
  name                  = "web"
  node_count            = "${var.node_count["web"]}"
112
  os_disk_type          = "pd-ssd"
113 114 115 116 117
  project               = "${var.project}"
  public_ports          = "${var.public_ports["web"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
118
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
119 120 121 122 123
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

John Jarvis's avatar
John Jarvis committed
124 125 126 127 128 129 130
##################################
#
#  Web Canary front-end
#
#################################

module "web-cny" {
131
  bootstrap_version     = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
132 133 134 135 136 137
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-web-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["web"]}"
138
  kernel_version        = "4.13.0-1007"
John Jarvis's avatar
John Jarvis committed
139 140 141 142 143 144 145 146 147
  machine_type          = "${var.machine_types["web"]}"
  name                  = "web-cny"
  node_count            = "${var.node_count["web-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["web"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
148
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
John Jarvis's avatar
John Jarvis committed
149 150 151 152 153 154
  subnetwork_name       = "${module.web.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

155 156 157 158 159 160 161
##################################
#
#  API Canary front-end
#
#################################

module "api-cny" {
162
  bootstrap_version     = "${var.bootstrap_script_version}"
163 164 165 166 167 168
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-api-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["api"]}"
169
  kernel_version        = "4.13.0-1007"
170 171 172 173 174 175 176 177 178
  machine_type          = "${var.machine_types["api"]}"
  name                  = "api-cny"
  node_count            = "${var.node_count["api-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["api"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
179
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
180 181 182 183 184 185 186 187 188 189 190 191 192
  subnetwork_name       = "${module.api.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Git Canary front-end
#
#################################

module "git-cny" {
193
  bootstrap_version     = "${var.bootstrap_script_version}"
194 195 196 197 198 199
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-git-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["git"]}"
200
  kernel_version        = "4.13.0-1007"
201 202 203 204 205 206 207 208 209
  machine_type          = "${var.machine_types["git"]}"
  name                  = "git-cny"
  node_count            = "${var.node_count["git-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["git"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
210
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
211 212 213 214 215 216
  subnetwork_name       = "${module.git.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240
##################################
#
#  Registry Canary front-end
#
#################################

module "registry-cny" {
  bootstrap_version     = "${var.bootstrap_script_version}"
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-registry-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["registry"]}"
  kernel_version        = "4.13.0-1007"
  machine_type          = "${var.machine_types["registry"]}"
  name                  = "registry-cny"
  node_count            = "${var.node_count["registry-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["registry"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
241
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
242 243 244 245 246 247
  subnetwork_name       = "${module.registry.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

248 249 250 251 252 253 254
##################################
#
#  API
#
#################################

module "api" {
255
  bootstrap_version     = "${var.bootstrap_script_version}"
256 257 258 259 260 261
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-api]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["api"]}"
262
  kernel_version        = "${var.default_kernel_version}"
263 264 265
  machine_type          = "${var.machine_types["api"]}"
  name                  = "api"
  node_count            = "${var.node_count["api"]}"
266
  os_disk_type          = "pd-ssd"
267 268 269 270 271
  project               = "${var.project}"
  public_ports          = "${var.public_ports["api"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
272
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
273 274 275 276 277 278 279 280 281 282 283 284
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Git
#
##################################

module "git" {
285
  bootstrap_version     = "${var.bootstrap_script_version}"
286 287 288
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-git]\""
  dns_zone_name         = "${var.dns_zone_name}"
289
  egress_ports          = "${var.egress_ports}"
290 291 292 293
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["git"]}"
  kernel_version        = "${var.default_kernel_version}"
294
  kernel_version        = "${var.default_kernel_version}"
295 296 297
  machine_type          = "${var.machine_types["git"]}"
  name                  = "git"
  node_count            = "${var.node_count["git"]}"
298
  os_disk_type          = "pd-ssd"
299 300 301 302 303
  project               = "${var.project}"
  public_ports          = "${var.public_ports["git"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
304
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
305 306 307 308 309
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

Alex Hanselka's avatar
Alex Hanselka committed
310 311 312 313 314 315 316
##################################
#
#  Pages web front-end
#
#################################

module "web-pages" {
317
  bootstrap_version     = "${var.bootstrap_script_version}"
Alex Hanselka's avatar
Alex Hanselka committed
318
  chef_provision        = "${var.chef_provision}"
Alex Hanselka's avatar
Alex Hanselka committed
319
  chef_run_list         = "\"role[${var.environment}-base-fe-web-pages]\""
Alex Hanselka's avatar
Alex Hanselka committed
320 321 322 323 324 325 326 327 328 329 330 331 332 333
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["web-pages"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["web-pages"]}"
  name                  = "web-pages"
  node_count            = "${var.node_count["web-pages"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["web-pages"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
334
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
Alex Hanselka's avatar
Alex Hanselka committed
335 336 337 338 339
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

340 341 342 343 344 345 346
##################################
#
#  registry front-end
#
#################################

module "registry" {
347
  bootstrap_version     = "${var.bootstrap_script_version}"
348 349 350 351 352 353 354 355 356 357 358 359 360 361 362
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-registry]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["registry"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["registry"]}"
  name                  = "registry"
  node_count            = "${var.node_count["registry"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["registry"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
363
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
364 365 366 367 368 369 370 371 372 373 374
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Database
#
#################################

375
module "postgres-dr-archive" {
376
  bootstrap_version     = "${var.bootstrap_script_version}"
377 378
  chef_init_run_list    = "\"recipe[gitlab-server::hack_gitlab_ctl_reconfigure]\""
  chef_provision        = "${var.chef_provision}"
379
  chef_run_list         = "\"role[${var.environment}-base-db-postgres-archive]\""
380 381 382 383
  data_disk_size        = 4000
  data_disk_type        = "pd-ssd"
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
384
  ip_cidr_range         = "${var.subnetworks["db-dr-archive"]}"
385
  kernel_version        = "4.13.0-1007"
386
  machine_type          = "${var.machine_types["db-dr"]}"
387 388 389 390 391 392
  name                  = "postgres-dr-archive"
  node_count            = "1"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["db-dr"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
393
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
394 395 396
  tier                  = "db"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
397
  os_disk_size          = 100
398 399 400
}

module "postgres-dr-delayed" {
401
  bootstrap_version     = "${var.bootstrap_script_version}"
402 403 404 405 406 407 408
  chef_init_run_list    = "\"recipe[gitlab-server::hack_gitlab_ctl_reconfigure]\""
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-db-postgres-delayed]\""
  data_disk_size        = 4000
  data_disk_type        = "pd-ssd"
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
409
  ip_cidr_range         = "${var.subnetworks["db-dr-delayed"]}"
410 411 412 413
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["db-dr"]}"
  name                  = "postgres-dr-delayed"
  node_count            = "1"
414
  project               = "${var.project}"
415
  public_ports          = "${var.public_ports["db-dr"]}"
416 417
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
418
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
419 420 421
  tier                  = "db"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
422
  os_disk_size          = 100
423 424
}

425 426 427
module "postgres-backup" {
  environment                         = "${var.environment}"
  gcs_postgres_backup_service_account = "${var.gcs_postgres_backup_service_account}"
428
  restore_service_account             = "${var.gcs_postgres_restore_service_account}"
429
  kms_key_id                          = "${var.gcs_postgres_backup_kms_key_id}"
430
  source                              = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/database-backup-bucket.git?ref=v1.0.1"
431 432 433
  retention_days                      = "${var.postgres_backup_retention_days}"
}

434 435 436 437 438 439 440 441 442 443 444
#############################################
#
#  GCP Internal TCP LoadBalancer and PgBouncer
#
#############################################

module "gcp-tcp-lb-internal-pgbouncer" {
  backend_service        = "${module.pg-bouncer.google_compute_region_backend_service_self_link}"
  environment            = "${var.environment}"
  external               = false
  forwarding_port_ranges = ["6432"]
445
  fqdns                  = "${var.lb_fqdns_internal_pgbouncer}"
446
  gitlab_zone_id         = "${var.gitlab_net_zone_id}"
447
  health_check_ports     = ["8010"]
448 449 450 451 452 453
  instances              = ["${module.pg-bouncer.instances_self_link}"]
  lb_count               = "1"
  name                   = "gcp-tcp-lb-internal-pgbouncer"
  names                  = ["${var.environment}-pgbouncer"]
  project                = "${var.project}"
  region                 = "${var.region}"
454
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
455 456 457 458 459 460 461
  subnetwork_self_link   = "${module.pg-bouncer.google_compute_subnetwork_self_link}"
  targets                = ["pgbouncer"]
  vpc                    = "${module.network.self_link}"
}

module "pg-bouncer" {
  backend_service_type   = "regional"
462
  bootstrap_version      = "${var.bootstrap_script_version}"
463 464 465 466 467 468
  chef_init_run_list     = "\"recipe[gitlab-server::hack_gitlab_ctl_reconfigure]\""
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-db-pgbouncer]\""
  create_backend_service = true
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
469 470
  health_check           = "http"
  health_check_port      = "8010"
471 472 473 474 475 476 477 478 479
  ip_cidr_range          = "${var.subnetworks["pgb"]}"
  kernel_version         = "${var.default_kernel_version}"
  machine_type           = "${var.machine_types["pgb"]}"
  name                   = "pgbouncer"
  node_count             = "${var.node_count["pgb"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["pgb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
480
  service_path           = "/"
481
  service_port           = 6432
482
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
483 484 485 486 487
  tier                   = "db"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

Ahmad Sherif's avatar
Ahmad Sherif committed
488 489 490 491 492 493 494 495 496 497
#############################################
#
#  GCP Internal TCP LoadBalancer and Patroni
#
#############################################

module "gcp-tcp-lb-internal-patroni" {
  backend_service        = "${module.patroni.google_compute_region_backend_service_self_link}"
  environment            = "${var.environment}"
  external               = false
Ahmad Sherif's avatar
Ahmad Sherif committed
498
  forwarding_port_ranges = ["6432"]
Ahmad Sherif's avatar
Ahmad Sherif committed
499 500 501 502 503 504 505 506 507
  fqdns                  = "${var.lb_fqdns_internal_patroni}"
  gitlab_zone_id         = "${var.gitlab_net_zone_id}"
  health_check_ports     = ["8009"]
  instances              = ["${module.patroni.instances_self_link}"]
  lb_count               = "${var.node_count["patroni"] > 0 ? 1 : 0}"
  name                   = "gcp-tcp-lb-internal-patroni"
  names                  = ["${var.environment}-patroni"]
  project                = "${var.project}"
  region                 = "${var.region}"
508
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
Ahmad Sherif's avatar
Ahmad Sherif committed
509 510 511 512 513 514 515
  subnetwork_self_link   = "${module.patroni.google_compute_subnetwork_self_link}"
  targets                = ["patroni"]
  vpc                    = "${module.network.self_link}"
}

module "patroni" {
  backend_service_type   = "regional"
516
  bootstrap_version      = "${var.bootstrap_script_version}"
Ahmad Sherif's avatar
Ahmad Sherif committed
517 518 519
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-db-patroni]\""
  create_backend_service = true
520
  data_disk_size         = "${var.data_disk_sizes["patroni"]}"
Ahmad Sherif's avatar
Ahmad Sherif committed
521 522 523 524 525 526 527
  data_disk_type         = "pd-ssd"
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  health_check_port      = "8009"
  ip_cidr_range          = "${var.subnetworks["patroni"]}"
  kernel_version         = "${var.default_kernel_version}"
528
  machine_type           = "${var.machine_types["patroni"]}"
Ahmad Sherif's avatar
Ahmad Sherif committed
529 530 531
  name                   = "patroni"
  node_count             = "${var.node_count["patroni"]}"
  project                = "${var.project}"
532
  public_ports           = "${var.public_ports["patroni"]}"
Ahmad Sherif's avatar
Ahmad Sherif committed
533 534 535
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/"
Ahmad Sherif's avatar
Ahmad Sherif committed
536
  service_port           = 6432
537
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor-with-group.git?ref=v1.0.4"
Ahmad Sherif's avatar
Ahmad Sherif committed
538 539 540
  tier                   = "db"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
541
  os_disk_size           = 100
Ahmad Sherif's avatar
Ahmad Sherif committed
542 543
}

544 545 546 547 548 549 550
##################################
#
#  Redis
#
##################################

module "redis" {
551
  allow_stopping_for_update = true
552
  bootstrap_version         = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
553 554 555 556 557
  chef_provision            = "${var.chef_provision}"
  chef_run_list             = "\"role[${var.environment}-base-db-redis-server-single]\""
  data_disk_size            = 52
  data_disk_type            = "pd-ssd"
  dns_zone_name             = "${var.dns_zone_name}"
558
  egress_ports              = "${var.egress_ports}"
John Jarvis's avatar
John Jarvis committed
559 560 561 562 563 564 565 566 567 568
  environment               = "${var.environment}"
  ip_cidr_range             = "${var.subnetworks["redis"]}"
  kernel_version            = "${var.default_kernel_version}"
  machine_type              = "${var.machine_types["redis"]}"
  name                      = "redis"
  node_count                = "${var.node_count["redis"]}"
  project                   = "${var.project}"
  public_ports              = "${var.public_ports["redis"]}"
  region                    = "${var.region}"
  service_account_email     = "${var.service_account_email}"
569
  source                    = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
John Jarvis's avatar
John Jarvis committed
570 571 572
  tier                      = "db"
  use_new_node_name         = true
  vpc                       = "${module.network.self_link}"
573 574 575
}

module "redis-cache" {
576
  bootstrap_version       = "${var.bootstrap_script_version}"
577 578
  chef_provision          = "${var.chef_provision}"
  dns_zone_name           = "${var.dns_zone_name}"
579
  egress_ports            = "${var.egress_ports}"
580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597
  environment             = "${var.environment}"
  ip_cidr_range           = "${var.subnetworks["redis-cache"]}"
  kernel_version          = "${var.default_kernel_version}"
  name                    = "redis-cache"
  project                 = "${var.project}"
  public_ports            = "${var.public_ports["redis-cache"]}"
  redis_chef_run_list     = "\"role[${var.environment}-base-db-redis-server-cache]\""
  redis_count             = "${var.node_count["redis-cache"]}"
  redis_data_disk_size    = 100
  redis_data_disk_type    = "pd-ssd"
  redis_machine_type      = "${var.machine_types["redis-cache"]}"
  region                  = "${var.region}"
  sentinel_chef_run_list  = "\"role[${var.environment}-base-db-redis-sentinel-cache]\""
  sentinel_count          = "${var.node_count["redis-cache-sentinel"]}"
  sentinel_data_disk_size = 100
  sentinel_data_disk_type = "pd-ssd"
  sentinel_machine_type   = "${var.machine_types["redis-cache-sentinel"]}"
  service_account_email   = "${var.service_account_email}"
598
  source                  = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor-redis.git?ref=v1.0.6"
599 600 601 602 603 604 605 606 607 608 609 610
  tier                    = "db"
  use_new_node_name       = true
  vpc                     = "${module.network.self_link}"
}

##################################
#
#  Sidekiq
#
##################################

module "sidekiq" {
611
  allow_stopping_for_update           = true
612
  bootstrap_version                   = "${var.bootstrap_script_version}"
613 614 615 616 617 618 619 620
  chef_provision                      = "${var.chef_provision}"
  chef_run_list                       = "\"role[${var.environment}-base-be-sidekiq-besteffort]\""
  dns_zone_name                       = "${var.dns_zone_name}"
  environment                         = "${var.environment}"
  ip_cidr_range                       = "${var.subnetworks["sidekiq"]}"
  kernel_version                      = "${var.default_kernel_version}"
  machine_type                        = "${var.machine_types["sidekiq-besteffort"]}"
  name                                = "sidekiq"
621
  os_disk_type                        = "pd-ssd"
622 623 624 625 626 627 628 629 630 631
  project                             = "${var.project}"
  public_ports                        = "${var.public_ports["sidekiq"]}"
  region                              = "${var.region}"
  service_account_email               = "${var.service_account_email}"
  sidekiq_asap_count                  = "${var.node_count["sidekiq-asap"]}"
  sidekiq_asap_instance_type          = "${var.machine_types["sidekiq-asap"]}"
  sidekiq_besteffort_count            = "${var.node_count["sidekiq-besteffort"]}"
  sidekiq_besteffort_instance_type    = "${var.machine_types["sidekiq-besteffort"]}"
  sidekiq_elasticsearch_count         = "${var.node_count["sidekiq-elasticsearch"]}"
  sidekiq_elasticsearch_instance_type = "${var.machine_types["sidekiq-elasticsearch"]}"
632 633
  sidekiq_import_count                = "${var.node_count["sidekiq-import"]}"
  sidekiq_import_instance_type        = "${var.machine_types["sidekiq-import"]}"
634 635 636 637 638 639 640 641 642 643
  sidekiq_pages_count                 = "${var.node_count["sidekiq-pages"]}"
  sidekiq_pages_instance_type         = "${var.machine_types["sidekiq-pages"]}"
  sidekiq_pipeline_count              = "${var.node_count["sidekiq-pipeline"]}"
  sidekiq_pipeline_instance_type      = "${var.machine_types["sidekiq-pipeline"]}"
  sidekiq_pullmirror_count            = "${var.node_count["sidekiq-pullmirror"]}"
  sidekiq_pullmirror_instance_type    = "${var.machine_types["sidekiq-pullmirror"]}"
  sidekiq_realtime_count              = "${var.node_count["sidekiq-realtime"]}"
  sidekiq_realtime_instance_type      = "${var.machine_types["sidekiq-realtime"]}"
  sidekiq_traces_count                = "${var.node_count["sidekiq-traces"]}"
  sidekiq_traces_instance_type        = "${var.machine_types["sidekiq-traces"]}"
644
  source                              = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-sidekiq.git?ref=v1.0.4"
645 646 647 648 649 650 651 652 653 654 655 656
  tier                                = "sv"
  use_new_node_name                   = true
  vpc                                 = "${module.network.self_link}"
}

##################################
#
#  Mailroom
#
##################################

module "mailroom" {
657
  bootstrap_version     = "${var.bootstrap_script_version}"
658 659 660 661 662 663 664 665 666 667
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-be-mailroom]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["mailroom"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["mailroom"]}"
  name                  = "mailroom"
  node_count            = "${var.node_count["mailroom"]}"
668
  os_disk_type          = "pd-ssd"
669 670 671 672 673
  project               = "${var.project}"
  public_ports          = "${var.public_ports["mailroom"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
674
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
675 676 677 678 679 680 681 682 683 684 685 686
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Storage nodes for repositories
#
##################################

module "file" {
687
  bootstrap_version     = "${var.bootstrap_script_version}"
688
  chef_provision        = "${var.chef_provision}"
John Jarvis's avatar
John Jarvis committed
689
  chef_run_list         = "\"role[${var.environment}-base-stor-gitaly]\""
John Jarvis's avatar
John Jarvis committed
690
  deletion_protection   = true
691 692 693
  data_disk_size        = "${var.data_disk_sizes["file"]}"
  data_disk_type        = "pd-ssd"
  dns_zone_name         = "${var.dns_zone_name}"
694
  egress_ports          = "${var.egress_ports}"
695 696 697 698 699 700
  environment           = "${var.environment}"
  ip_cidr_range         = "${var.subnetworks["stor"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["stor"]}"
  name                  = "file"
  node_count            = "${var.node_count["stor"]}"
Alex Hanselka's avatar
Alex Hanselka committed
701
  multizone_node_count  = "${var.node_count["multizone-stor"]}"
702
  os_disk_type          = "pd-ssd"
703 704 705 706
  project               = "${var.project}"
  public_ports          = "${var.public_ports["stor"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
707
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724
  tier                  = "stor"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
  zone                  = "us-east1-c"
}

##################################
#
#  Storage nodes for
#  uploads/lfs/pages/artifacts/builds/cache
#
#  share:
#    gitlab-ci/builds
#    gitlab-rails/shared/cache
#    gitlab-rails/shared/tmp
#    gitlab-rails/uploads
#    gitlab-rails/shared/lfs-objects
725
#    gitlab-rails/shared/artifacts
726 727 728 729 730 731 732
#
#  pages:
#    gitlab-rails/shared/pages
#
##################################

module "share" {
733
  bootstrap_version     = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
734
  deletion_protection   = true
735
  chef_provision        = "${var.chef_provision}"
John Jarvis's avatar
John Jarvis committed
736
  chef_run_list         = "\"role[${var.environment}-base-stor-nfs-server]\""
737
  data_disk_size        = "${var.data_disk_sizes["share"]}"
738
  data_disk_type        = "pd-ssd"
739 740
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
741
  egress_ports          = "${var.egress_ports}"
742 743
  ip_cidr_range         = "${var.subnetworks["share"]}"
  kernel_version        = "${var.default_kernel_version}"
744
  machine_type          = "${var.machine_types["stor-share"]}"
745 746
  name                  = "share"
  node_count            = "${var.node_count["share"]}"
747
  os_disk_type          = "pd-ssd"
748 749 750 751
  project               = "${var.project}"
  public_ports          = "${var.public_ports["stor"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
752
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
753 754 755 756 757
  tier                  = "stor"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

758
## Pages has a DNS entry for failover rsync
759 760
## This and leaving port 22 open can be removed
## after failover.
761 762 763 764 765 766 767 768 769

resource "aws_route53_record" "pages" {
  zone_id = "${var.gitlab_net_zone_id}"
  name    = "pages.stor.${var.environment}.gitlab.net"
  type    = "A"
  ttl     = "300"
  records = ["${module.pages.instance_public_ips}"]
}

770
module "pages" {
771
  bootstrap_version     = "${var.bootstrap_script_version}"
772
  chef_provision        = "${var.chef_provision}"
John Jarvis's avatar
John Jarvis committed
773
  chef_run_list         = "\"role[${var.environment}-base-stor-nfs-server]\""
John Jarvis's avatar
John Jarvis committed
774
  deletion_protection   = true
775
  data_disk_size        = "${var.data_disk_sizes["pages"]}"
776
  data_disk_type        = "pd-ssd"
777
  dns_zone_name         = "${var.dns_zone_name}"
778
  egress_ports          = "${var.egress_ports}"
779 780 781
  environment           = "${var.environment}"
  ip_cidr_range         = "${var.subnetworks["pages"]}"
  kernel_version        = "${var.default_kernel_version}"
782
  machine_type          = "${var.machine_types["stor-pages"]}"
783 784
  name                  = "pages"
  node_count            = "${var.node_count["pages"]}"
785
  os_disk_type          = "pd-ssd"
786
  project               = "${var.project}"
787
  public_ports          = "${var.public_ports["stor"]}"
788 789
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
790
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
791 792
  tier                  = "stor"
  use_new_node_name     = true
793
  use_external_ip       = true
794 795 796 797 798
  vpc                   = "${module.network.self_link}"
}

##################################
#
John Jarvis's avatar
John Jarvis committed
799
#  External HAProxy LoadBalancer
800 801 802 803
#
##################################

module "fe-lb" {
804
  backend_service_type   = "regional"
805
  bootstrap_version      = "${var.bootstrap_script_version}"
806 807
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-lb-fe]\""
808
  create_backend_service = true
809 810 811 812 813 814 815 816
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  ip_cidr_range          = "${var.subnetworks["fe-lb"]}"
  kernel_version         = "${var.default_kernel_version}"
  machine_type           = "${var.machine_types["fe-lb"]}"
  name                   = "fe"
  node_count             = "${var.node_count["fe-lb"]}"
817
  os_boot_image          = "${var.os_boot_image["fe-lb"]}"
818 819 820 821 822 823
  project                = "${var.project}"
  public_ports           = "${var.public_ports["fe-lb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/-/available-https"
  service_port           = 8002
824
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
825 826 827 828 829 830 831
  tier                   = "lb"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

##################################
#
John Jarvis's avatar
John Jarvis committed
832
#  External HAProxy LoadBalancer Pages
833 834 835 836
#
##################################

module "fe-lb-pages" {
837
  bootstrap_version     = "${var.bootstrap_script_version}"
838 839 840 841 842 843 844 845 846 847 848 849 850 851 852
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-lb-pages]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "http"
  ip_cidr_range         = "${var.subnetworks["fe-lb-pages"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["fe-lb"]}"
  name                  = "fe-pages"
  node_count            = "${var.node_count["fe-lb-pages"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["fe-lb"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 7331
853
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
854 855 856 857 858 859 860
  tier                  = "lb"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
John Jarvis's avatar
John Jarvis committed
861
#  External HAProxy LoadBalancer AltSSH
862 863 864 865
#
##################################

module "fe-lb-altssh" {
866
  bootstrap_version     = "${var.bootstrap_script_version}"
867 868 869
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-lb-altssh]\""
  dns_zone_name         = "${var.dns_zone_name}"
870
  egress_ports          = "${var.egress_ports}"
871 872 873 874 875 876 877 878 879 880 881 882
  environment           = "${var.environment}"
  health_check          = "http"
  ip_cidr_range         = "${var.subnetworks["fe-lb-altssh"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["fe-lb"]}"
  name                  = "fe-altssh"
  node_count            = "${var.node_count["fe-lb-altssh"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["fe-lb"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 7331
883
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
884 885 886 887 888
  tier                  = "lb"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

889 890 891 892 893 894 895
##################################
#
#  External HAProxy LoadBalancer Registry
#
##################################

module "fe-lb-registry" {
896
  bootstrap_version      = "${var.bootstrap_script_version}"
897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-lb-registry]\""
  create_backend_service = true
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  ip_cidr_range          = "${var.subnetworks["fe-lb-registry"]}"
  kernel_version         = "${var.default_kernel_version}"
  machine_type           = "${var.machine_types["fe-lb"]}"
  name                   = "fe-registry"
  node_count             = "${var.node_count["fe-lb-registry"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["fe-lb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/-/available-https"
  service_port           = 8002
914
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
915 916 917 918 919
  tier                   = "lb"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

John Jarvis's avatar
John Jarvis committed
920 921 922 923 924 925 926
##################################
#
#  External HAProxy LoadBalancer Canary
#
##################################

module "fe-lb-cny" {
927
  bootstrap_version      = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-lb-cny]\""
  create_backend_service = true
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  ip_cidr_range          = "${var.subnetworks["fe-lb-cny"]}"
  kernel_version         = "${var.default_kernel_version}"
  machine_type           = "${var.machine_types["fe-lb"]}"
  name                   = "fe-cny"
  node_count             = "${var.node_count["fe-lb-cny"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["fe-lb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/-/available-https"
  service_port           = 8002
945
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
John Jarvis's avatar
John Jarvis committed
946 947 948 949 950
  tier                   = "lb"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

951 952 953 954 955 956 957 958 959 960
##################################
#
#  GCP TCP LoadBalancers
#
##################################

#### Load balancer for the main site
module "gcp-tcp-lb" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs["forwarding_port_ranges"]}"
961
  fqdns                  = "${var.lb_fqdns}"
Alex Hanselka's avatar
Alex Hanselka committed
962
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
963 964 965 966 967 968 969
  health_check_ports     = "${var.tcp_lbs["health_check_ports"]}"
  instances              = ["${module.fe-lb.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs["names"])}"
  name                   = "gcp-tcp-lb"
  names                  = "${var.tcp_lbs["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
970
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
971 972 973 974 975 976 977 978 979 980 981
  targets                = ["fe"]
}

##################################
#
#  GCP Internal TCP LoadBalancers
#
##################################

###### Internal Load balancer for the main site
module "gcp-tcp-lb-internal" {
982
  backend_service        = "${module.fe-lb.google_compute_region_backend_service_self_link}"
983 984 985
  environment            = "${var.environment}"
  external               = false
  forwarding_port_ranges = "${var.tcp_lbs_internal["forwarding_port_ranges"]}"
986
  fqdns                  = "${var.lb_fqdns_internal}"
987 988 989 990 991 992 993 994
  gitlab_zone_id         = "${var.gitlab_net_zone_id}"
  health_check_ports     = "${var.tcp_lbs_internal["health_check_ports"]}"
  instances              = ["${module.fe-lb.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_internal["names"])}"
  name                   = "gcp-tcp-lb-internal"
  names                  = "${var.tcp_lbs_internal["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
995
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
996 997 998 999 1000 1001 1002 1003 1004
  subnetwork_self_link   = "${module.fe-lb.google_compute_subnetwork_self_link}"
  targets                = ["fe"]
  vpc                    = "${module.network.self_link}"
}

#### Load balancer for pages
module "gcp-tcp-lb-pages" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_pages["forwarding_port_ranges"]}"
1005 1006
  fqdns                  = "${var.lb_fqdns_pages}"
  gitlab_zone_id         = "${var.gitlab_io_zone_id}"
1007 1008 1009 1010 1011 1012 1013
  health_check_ports     = "${var.tcp_lbs_pages["health_check_ports"]}"
  instances              = ["${module.fe-lb-pages.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_pages["names"])}"
  name                   = "gcp-tcp-lb-pages"
  names                  = "${var.tcp_lbs_pages["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
1014
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1015 1016 1017 1018 1019 1020 1021
  targets                = ["fe-pages"]
}

#### Load balancer for altssh
module "gcp-tcp-lb-altssh" {
  environment                = "${var.environment}"
  forwarding_port_ranges     = "${var.tcp_lbs_altssh["forwarding_port_ranges"]}"
1022
  fqdns                      = "${var.lb_fqdns_altssh}"
1023 1024 1025 1026 1027 1028 1029 1030 1031
  gitlab_zone_id             = "${var.gitlab_com_zone_id}"
  health_check_ports         = "${var.tcp_lbs_altssh["health_check_ports"]}"
  health_check_request_paths = "${var.tcp_lbs_altssh["health_check_request_paths"]}"
  instances                  = ["${module.fe-lb-altssh.instances_self_link}"]
  lb_count                   = "${length(var.tcp_lbs_altssh["names"])}"
  name                       = "gcp-tcp-lb-altssh"
  names                      = "${var.tcp_lbs_altssh["names"]}"
  project                    = "${var.project}"
  region                     = "${var.region}"
1032
  source                     = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1033 1034 1035
  targets                    = ["fe-altssh"]
}

1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048
#### Load balancer for registry
module "gcp-tcp-lb-registry" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_registry["forwarding_port_ranges"]}"
  fqdns                  = "${var.lb_fqdns_registry}"
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_registry["health_check_ports"]}"
  instances              = ["${module.fe-lb-registry.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_registry["names"])}"
  name                   = "gcp-tcp-lb-registry"
  names                  = "${var.tcp_lbs_registry["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
1049
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1050 1051 1052
  targets                = ["fe-registry"]
}

John Jarvis's avatar
John Jarvis committed
1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065
#### Load balancer for cny
module "gcp-tcp-lb-cny" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_cny["forwarding_port_ranges"]}"
  fqdns                  = "${var.lb_fqdns_cny}"
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_cny["health_check_ports"]}"
  instances              = ["${module.fe-lb-cny.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_cny["names"])}"
  name                   = "gcp-tcp-lb-cny"
  names                  = "${var.tcp_lbs_cny["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
1066
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
John Jarvis's avatar
John Jarvis committed
1067 1068 1069
  targets                = ["fe-cny"]
}

1070 1071 1072 1073
#### Load balancer for bastion
module "gcp-tcp-lb-bastion" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_bastion["forwarding_port_ranges"]}"
1074
  fqdns                  = "${var.lb_fqdns_bastion}"
1075 1076 1077 1078 1079 1080 1081 1082 1083
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_bastion["health_check_ports"]}"
  instances              = ["${module.bastion.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_bastion["names"])}"
  name                   = "gcp-tcp-lb-bastion"
  names                  = "${var.tcp_lbs_bastion["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
  session_affinity       = "CLIENT_IP"
1084
  source                 = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1085 1086 1087 1088 1089 1090 1091 1092 1093 1094
  targets                = ["bastion"]
}

##################################
#
#  Consul
#
##################################

module "consul" {
1095
  bootstrap_version     = "${var.bootstrap_script_version}"
1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-consul]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  ip_cidr_range         = "${var.subnetworks["consul"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["consul"]}"
  name                  = "consul"
  node_count            = "${var.node_count["consul"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["consul"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 8300
1110
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130
  tier                  = "inf"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Pubsubbeats
#
#  Machines for running the beats
#  that consume logs from pubsub
#  and send them to elastic cloud
#
#  You must have a chef role with the
#  following format:
#     role[<env>-infra-pubsubbeat-<beat_name>]
#
##################################

module "pubsubbeat" {
1131
  bootstrap_version     = "${var.bootstrap_script_version}"
1132 1133
  chef_provision        = "${var.chef_provision}"
  dns_zone_name         = "${var.dns_zone_name}"
1134
  egress_ports          = "${var.egress_ports}"
1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["pubsubbeat"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_types         = "${var.pubsubbeats["machine_types"]}"
  names                 = "${var.pubsubbeats["names"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["pubsubbeat"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
1146
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/pubsubbeat.git?ref=v1.0.4"
1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164
  tier                  = "inf"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Monitoring
#
#  Uses the monitoring module, this
#  creates a single instance behind
#  a load balancer with identity aware
#  proxy enabled.
#
##################################

resource "google_compute_subnetwork" "monitoring" {
  ip_cidr_range            = "${var.subnetworks["monitoring"]}"
Andrew Newdigate's avatar
Andrew Newdigate committed
1165
  enable_flow_logs         = false
1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182
  name                     = "${format("monitoring-%v", var.environment)}"
  network                  = "${module.network.self_link}"
  private_ip_google_access = true
  project                  = "${var.project}"
  region                   = "${var.region}"
}

#######################
#
# load balancer for all hosts in this section
#
#######################

module "monitoring-lb" {
  cert_link          = "${var.monitoring_cert_link}"
  environment        = "${var.environment}"
  gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
1183
  hosts              = ["${var.monitoring_hosts["names"]}"]
1184 1185 1186
  name               = "monitoring-lb"
  project            = "${var.project}"
  region             = "${var.region}"
1187
  service_ports      = ["${var.monitoring_hosts["ports"]}"]
1188
  source             = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/monitoring-lb.git?ref=v1.0.0"
1189
  subnetwork_name    = "${google_compute_subnetwork.monitoring.name}"
1190
  targets            = ["${var.monitoring_hosts["names"]}"]
1191 1192 1193 1194 1195
  url_map            = "${google_compute_url_map.monitoring-lb.self_link}"
}

#######################
module "prometheus" {
1196
  bootstrap_version     = "${var.bootstrap_script_version}"
1197 1198
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-prometheus]\""
Ahmad Sherif's avatar
Ahmad Sherif committed
1199 1200
  data_disk_size        = "${var.data_disk_sizes["prometheus"]}"
  data_disk_type        = "pd-ssd"
1201 1202
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
1203 1204
  fw_whitelist_subnets  = "${concat(var.monitoring_whitelist_prometheus["subnets"], var.other_monitoring_subnets)}"
  fw_whitelist_ports    = "${var.monitoring_whitelist_prometheus["ports"]}"
1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["monitoring"]}"
  name                  = "prometheus"
  node_count            = "${var.node_count["prometheus"]}"
  oauth2_client_id      = "${var.oauth2_client_id_monitoring}"
  oauth2_client_secret  = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path  = "/opt/prometheus"
  project               = "${var.project}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_path          = "/graph"
1216
  service_port          = "${element(var.monitoring_hosts["ports"], index(var.monitoring_hosts["names"], "prometheus"))}"
1217
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/monitoring-with-count.git?ref=v1.0.5"
1218 1219
  subnetwork_name       = "${google_compute_subnetwork.monitoring.name}"
  tier                  = "inf"
1220
  use_external_ip       = true
1221
  use_new_node_name     = true
1222
  vpc                   = "${module.network.self_link}"
1223 1224 1225
}

module "prometheus-app" {
1226
  bootstrap_version     = "${var.bootstrap_script_version}"
1227 1228
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-prometheus-app]\""
Ahmad Sherif's avatar
Ahmad Sherif committed
1229 1230
  data_disk_size        = "${var.data_disk_sizes["prometheus"]}"
  data_disk_type        = "pd-ssd"
1231 1232
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
1233 1234
  fw_whitelist_subnets  = "${concat(var.monitoring_whitelist_prometheus["subnets"], var.other_monitoring_subnets)}"
  fw_whitelist_ports    = "${var.monitoring_whitelist_prometheus["ports"]}"
1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["monitoring"]}"
  name                  = "prometheus-app"
  node_count            = "${var.node_count["prometheus-app"]}"
  oauth2_client_id      = "${var.oauth2_client_id_monitoring}"
  oauth2_client_secret  = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path  = "/opt/prometheus"
  project               = "${var.project}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_path          = "/graph"
1246
  service_port          = "${element(var.monitoring_hosts["ports"], index(var.monitoring_hosts["names"], "prometheus-app"))}"
1247
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/monitoring-with-count.git?ref=v1.0.5"
1248 1249
  subnetwork_name       = "${google_compute_subnetwork.monitoring.name}"
  tier                  = "inf"
1250
  use_external_ip       = true
1251
  use_new_node_name     = true
1252
  vpc                   = "${module.network.self_link}"
1253 1254
}

Yun Guo's avatar
Yun Guo committed
1255 1256 1257 1258
module "prometheus-db" {
  bootstrap_version     = "${var.bootstrap_script_version}"
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-prometheus-db]\""
Ahmad Sherif's avatar
Ahmad Sherif committed
1259 1260
  data_disk_size        = "${var.data_disk_sizes["prometheus"]}"
  data_disk_type        = "pd-ssd"
Yun Guo's avatar
Yun Guo committed
1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  fw_whitelist_subnets  = "${concat(var.monitoring_whitelist_prometheus["subnets"], var.other_monitoring_subnets)}"
  fw_whitelist_ports    = "${var.monitoring_whitelist_prometheus["ports"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["monitoring"]}"
  name                  = "prometheus-db"
  node_count            = "${var.node_count["prometheus-db"]}"
  oauth2_client_id      = "${var.oauth2_client_id_monitoring}"
  oauth2_client_secret  = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path  = "/opt/prometheus"
  project               = "${var.project}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_path          = "/graph"
  service_port          = "${element(var.monitoring_hosts["ports"], index(var.monitoring_hosts["names"], "prometheus-db"))}"
1277
  source                = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/monitoring-with-count.git?ref=v1.0.5"
Yun Guo's avatar
Yun Guo committed
1278 1279 1280 1281 1282 1283 1284
  subnetwork_name       = "${google_compute_subnetwork.monitoring.name}"
  tier                  = "inf"
  use_external_ip       = true
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

1285
module "alerts" {
1286
  bootstrap_version     = "${var.bootstrap_script_version}"
1287