main.tf 72.5 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
## State storage
terraform {
  backend "s3" {}
}

## AWS
provider "aws" {
  region = "us-east-1"
}

## Google

provider "google" {
  project = "${var.project}"
  region  = "${var.region}"
16
  version = "~> 2.6.0"
17
18
}

19
20
21
22
resource "google_project_iam_member" "serviceAccountTokenCreator" {
  project = "${var.project}"
  role    = "roles/iam.serviceAccountTokenCreator"
  member  = "serviceAccount:${var.service_account_email}"
23
24
}

25
26
27
28
29
resource "google_project_iam_member" "serviceAccountUser" {
  project = "${var.project}"
  role    = "roles/iam.serviceAccountUser"
  member  = "serviceAccount:${var.service_account_email}"
}
30

31
32
33
34
35
resource "google_project_iam_member" "logging_logWriter" {
  project = "${var.project}"
  role    = "roles/logging.logWriter"
  member  = "serviceAccount:${var.service_account_email}"
}
36

37
38
39
40
41
resource "google_project_iam_member" "pubsub_editor" {
  project = "${var.project}"
  role    = "roles/pubsub.editor"
  member  = "serviceAccount:${var.service_account_email}"
}
42

43
44
45
46
47
resource "google_project_iam_member" "pubsub_publisher" {
  project = "${var.project}"
  role    = "roles/pubsub.publisher"
  member  = "serviceAccount:${var.service_account_email}"
}
48

49
50
51
52
resource "google_project_iam_member" "pubsub_subscriber" {
  project = "${var.project}"
  role    = "roles/pubsub.subscriber"
  member  = "serviceAccount:${var.service_account_email}"
53
54
}

55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/*
##################################
#
#  NAT gateway
#
#################################
module "nat" {
  source     = "GoogleCloudPlatform/nat-gateway/google"
  region     = "${var.region}"
  network    = "${var.environment}"
}
*/
##################################
#
#  Network
#
#################################

module "network" {
74
75
  environment      = "${var.environment}"
  project          = "${var.project}"
76
  source           = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/vpc.git?ref=v1.0.0"
77
  internal_subnets = "${var.internal_subnets}"
78
79
80
81
82
83
84
85
}

##################################
#
#  Network Peering
#
#################################

86
87
88
resource "google_compute_network_peering" "peering" {
  count        = "${length(var.peer_networks["names"])}"
  name         = "peering-${element(var.peer_networks["names"], count.index)}"
89
  network      = "${var.network_env}"
90
  peer_network = "${element(var.peer_networks["links"], count.index)}"
91
92
93
94
95
96
97
98
99
}

##################################
#
#  Web front-end
#
#################################

module "web" {
100
  bootstrap_version     = "${var.bootstrap_script_version}"
101
102
103
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-web]\""
  dns_zone_name         = "${var.dns_zone_name}"
104
  egress_ports          = "${var.egress_ports}"
105
106
107
108
109
110
111
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["web"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["web"]}"
  name                  = "web"
  node_count            = "${var.node_count["web"]}"
112
  os_disk_type          = "pd-ssd"
113
114
115
116
117
  project               = "${var.project}"
  public_ports          = "${var.public_ports["web"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
118
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
119
120
121
122
123
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

John Jarvis's avatar
John Jarvis committed
124
125
126
127
128
129
130
##################################
#
#  Web Canary front-end
#
#################################

module "web-cny" {
131
  bootstrap_version     = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
132
133
134
135
136
137
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-web-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["web"]}"
138
  kernel_version        = "4.13.0-1007"
John Jarvis's avatar
John Jarvis committed
139
140
141
142
143
144
145
146
147
  machine_type          = "${var.machine_types["web"]}"
  name                  = "web-cny"
  node_count            = "${var.node_count["web-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["web"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
148
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
John Jarvis's avatar
John Jarvis committed
149
150
151
152
153
154
  subnetwork_name       = "${module.web.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

155
156
157
158
159
160
161
##################################
#
#  API Canary front-end
#
#################################

module "api-cny" {
162
  bootstrap_version     = "${var.bootstrap_script_version}"
163
164
165
166
167
168
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-api-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["api"]}"
169
  kernel_version        = "4.13.0-1007"
170
171
172
173
174
175
176
177
178
  machine_type          = "${var.machine_types["api"]}"
  name                  = "api-cny"
  node_count            = "${var.node_count["api-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["api"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
179
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.3"
180
181
182
183
184
185
186
187
188
189
190
191
192
  subnetwork_name       = "${module.api.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Git Canary front-end
#
#################################

module "git-cny" {
193
  bootstrap_version     = "${var.bootstrap_script_version}"
194
195
196
197
198
199
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-git-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["git"]}"
200
  kernel_version        = "4.13.0-1007"
201
202
203
204
205
206
207
208
209
  machine_type          = "${var.machine_types["git"]}"
  name                  = "git-cny"
  node_count            = "${var.node_count["git-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["git"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
210
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
211
212
213
214
215
216
  subnetwork_name       = "${module.git.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
##################################
#
#  Registry Canary front-end
#
#################################

module "registry-cny" {
  bootstrap_version     = "${var.bootstrap_script_version}"
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-registry-cny]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["registry"]}"
  kernel_version        = "4.13.0-1007"
  machine_type          = "${var.machine_types["registry"]}"
  name                  = "registry-cny"
  node_count            = "${var.node_count["registry-cny"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["registry"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
241
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
242
243
244
245
246
247
  subnetwork_name       = "${module.registry.google_compute_subnetwork_name}"
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

248
249
250
251
252
253
254
##################################
#
#  API
#
#################################

module "api" {
255
  bootstrap_version     = "${var.bootstrap_script_version}"
256
257
258
259
260
261
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-api]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["api"]}"
262
  kernel_version        = "${var.default_kernel_version}"
263
264
265
  machine_type          = "${var.machine_types["api"]}"
  name                  = "api"
  node_count            = "${var.node_count["api"]}"
266
  os_disk_type          = "pd-ssd"
267
268
269
270
271
  project               = "${var.project}"
  public_ports          = "${var.public_ports["api"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
272
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
273
274
275
276
277
278
279
280
281
282
283
284
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Git
#
##################################

module "git" {
285
  bootstrap_version     = "${var.bootstrap_script_version}"
286
287
288
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-git]\""
  dns_zone_name         = "${var.dns_zone_name}"
289
  egress_ports          = "${var.egress_ports}"
290
291
292
293
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["git"]}"
  kernel_version        = "${var.default_kernel_version}"
294
  kernel_version        = "${var.default_kernel_version}"
295
296
297
  machine_type          = "${var.machine_types["git"]}"
  name                  = "git"
  node_count            = "${var.node_count["git"]}"
298
  os_disk_type          = "pd-ssd"
299
300
301
302
303
  project               = "${var.project}"
  public_ports          = "${var.public_ports["git"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
304
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
305
306
307
308
309
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

Alex Hanselka's avatar
Alex Hanselka committed
310
311
312
313
314
315
316
##################################
#
#  Pages web front-end
#
#################################

module "web-pages" {
317
  bootstrap_version     = "${var.bootstrap_script_version}"
Alex Hanselka's avatar
Alex Hanselka committed
318
  chef_provision        = "${var.chef_provision}"
Alex Hanselka's avatar
Alex Hanselka committed
319
  chef_run_list         = "\"role[${var.environment}-base-fe-web-pages]\""
Alex Hanselka's avatar
Alex Hanselka committed
320
321
322
323
324
325
326
327
328
329
330
331
332
333
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["web-pages"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["web-pages"]}"
  name                  = "web-pages"
  node_count            = "${var.node_count["web-pages"]}"
  os_disk_type          = "pd-ssd"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["web-pages"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 443
334
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
Alex Hanselka's avatar
Alex Hanselka committed
335
336
337
338
339
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

340
341
342
343
344
345
346
##################################
#
#  registry front-end
#
#################################

module "registry" {
347
  bootstrap_version     = "${var.bootstrap_script_version}"
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-fe-registry]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["registry"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["registry"]}"
  name                  = "registry"
  node_count            = "${var.node_count["registry"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["registry"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
363
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
364
365
366
367
368
369
370
371
372
373
374
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Database
#
#################################

375
module "postgres-dr-archive" {
376
  bootstrap_version     = "${var.bootstrap_script_version}"
377
378
  chef_init_run_list    = "\"recipe[gitlab-server::hack_gitlab_ctl_reconfigure]\""
  chef_provision        = "${var.chef_provision}"
379
  chef_run_list         = "\"role[${var.environment}-base-db-postgres-archive]\""
380
381
382
383
  data_disk_size        = 4000
  data_disk_type        = "pd-ssd"
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
Andreas Brandl's avatar
Andreas Brandl committed
384
  ip_cidr_range         = "${var.subnetworks["db-dr-archive"]}"
385
  kernel_version        = "4.13.0-1007"
386
  machine_type          = "${var.machine_types["db-dr"]}"
387
388
389
390
391
392
  name                  = "postgres-dr-archive"
  node_count            = "1"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["db-dr"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
393
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
394
395
396
  tier                  = "db"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
397
  os_disk_size          = 100
398
399
400
}

module "postgres-dr-delayed" {
401
  bootstrap_version     = "${var.bootstrap_script_version}"
402
403
404
405
406
407
408
  chef_init_run_list    = "\"recipe[gitlab-server::hack_gitlab_ctl_reconfigure]\""
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-db-postgres-delayed]\""
  data_disk_size        = 4000
  data_disk_type        = "pd-ssd"
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
Andreas Brandl's avatar
Andreas Brandl committed
409
  ip_cidr_range         = "${var.subnetworks["db-dr-delayed"]}"
410
411
412
413
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["db-dr"]}"
  name                  = "postgres-dr-delayed"
  node_count            = "1"
414
  project               = "${var.project}"
415
  public_ports          = "${var.public_ports["db-dr"]}"
416
417
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
418
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
419
420
421
  tier                  = "db"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
422
  os_disk_size          = 100
423
424
}

425
426
427
module "postgres-backup" {
  environment                         = "${var.environment}"
  gcs_postgres_backup_service_account = "${var.gcs_postgres_backup_service_account}"
428
  restore_service_account             = "${var.gcs_postgres_restore_service_account}"
429
  kms_key_id                          = "${var.gcs_postgres_backup_kms_key_id}"
430
  source                              = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/database-backup-bucket.git?ref=v1.0.0"
431
432
433
  retention_days                      = "${var.postgres_backup_retention_days}"
}

434
435
436
437
438
439
440
441
442
443
444
#############################################
#
#  GCP Internal TCP LoadBalancer and PgBouncer
#
#############################################

module "gcp-tcp-lb-internal-pgbouncer" {
  backend_service        = "${module.pg-bouncer.google_compute_region_backend_service_self_link}"
  environment            = "${var.environment}"
  external               = false
  forwarding_port_ranges = ["6432"]
John Jarvis's avatar
John Jarvis committed
445
  fqdns                  = "${var.lb_fqdns_internal_pgbouncer}"
446
  gitlab_zone_id         = "${var.gitlab_net_zone_id}"
447
  health_check_ports     = ["8010"]
448
449
450
451
452
453
  instances              = ["${module.pg-bouncer.instances_self_link}"]
  lb_count               = "1"
  name                   = "gcp-tcp-lb-internal-pgbouncer"
  names                  = ["${var.environment}-pgbouncer"]
  project                = "${var.project}"
  region                 = "${var.region}"
454
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
455
456
457
458
459
460
461
  subnetwork_self_link   = "${module.pg-bouncer.google_compute_subnetwork_self_link}"
  targets                = ["pgbouncer"]
  vpc                    = "${module.network.self_link}"
}

module "pg-bouncer" {
  backend_service_type   = "regional"
462
  bootstrap_version      = "${var.bootstrap_script_version}"
463
464
465
466
467
468
  chef_init_run_list     = "\"recipe[gitlab-server::hack_gitlab_ctl_reconfigure]\""
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-db-pgbouncer]\""
  create_backend_service = true
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
469
470
  health_check           = "http"
  health_check_port      = "8010"
471
472
473
474
475
476
477
478
479
  ip_cidr_range          = "${var.subnetworks["pgb"]}"
  kernel_version         = "${var.default_kernel_version}"
  machine_type           = "${var.machine_types["pgb"]}"
  name                   = "pgbouncer"
  node_count             = "${var.node_count["pgb"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["pgb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
480
  service_path           = "/"
481
  service_port           = 6432
482
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
483
484
485
486
487
  tier                   = "db"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

Ahmad Sherif's avatar
Ahmad Sherif committed
488
489
490
491
492
493
494
495
496
497
#############################################
#
#  GCP Internal TCP LoadBalancer and Patroni
#
#############################################

module "gcp-tcp-lb-internal-patroni" {
  backend_service        = "${module.patroni.google_compute_region_backend_service_self_link}"
  environment            = "${var.environment}"
  external               = false
Ahmad Sherif's avatar
Ahmad Sherif committed
498
  forwarding_port_ranges = ["6432"]
Ahmad Sherif's avatar
Ahmad Sherif committed
499
500
501
502
503
504
505
506
507
  fqdns                  = "${var.lb_fqdns_internal_patroni}"
  gitlab_zone_id         = "${var.gitlab_net_zone_id}"
  health_check_ports     = ["8009"]
  instances              = ["${module.patroni.instances_self_link}"]
  lb_count               = "${var.node_count["patroni"] > 0 ? 1 : 0}"
  name                   = "gcp-tcp-lb-internal-patroni"
  names                  = ["${var.environment}-patroni"]
  project                = "${var.project}"
  region                 = "${var.region}"
508
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
Ahmad Sherif's avatar
Ahmad Sherif committed
509
510
511
512
513
514
515
  subnetwork_self_link   = "${module.patroni.google_compute_subnetwork_self_link}"
  targets                = ["patroni"]
  vpc                    = "${module.network.self_link}"
}

module "patroni" {
  backend_service_type   = "regional"
516
  bootstrap_version      = "${var.bootstrap_script_version}"
Ahmad Sherif's avatar
Ahmad Sherif committed
517
518
519
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-db-patroni]\""
  create_backend_service = true
520
  data_disk_size         = "${var.data_disk_sizes["patroni"]}"
Ahmad Sherif's avatar
Ahmad Sherif committed
521
522
523
524
525
526
527
  data_disk_type         = "pd-ssd"
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  health_check_port      = "8009"
  ip_cidr_range          = "${var.subnetworks["patroni"]}"
  kernel_version         = "${var.default_kernel_version}"
528
  machine_type           = "${var.machine_types["patroni"]}"
Ahmad Sherif's avatar
Ahmad Sherif committed
529
530
531
  name                   = "patroni"
  node_count             = "${var.node_count["patroni"]}"
  project                = "${var.project}"
532
  public_ports           = "${var.public_ports["patroni"]}"
Ahmad Sherif's avatar
Ahmad Sherif committed
533
534
535
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/"
Ahmad Sherif's avatar
Ahmad Sherif committed
536
  service_port           = 6432
537
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-stor-with-group.git?ref=v1.0.4"
Ahmad Sherif's avatar
Ahmad Sherif committed
538
539
540
  tier                   = "db"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
541
  os_disk_size           = 100
Ahmad Sherif's avatar
Ahmad Sherif committed
542
543
}

544
545
546
547
548
549
550
##################################
#
#  Redis
#
##################################

module "redis" {
551
  allow_stopping_for_update = true
552
  bootstrap_version         = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
553
554
555
556
557
  chef_provision            = "${var.chef_provision}"
  chef_run_list             = "\"role[${var.environment}-base-db-redis-server-single]\""
  data_disk_size            = 52
  data_disk_type            = "pd-ssd"
  dns_zone_name             = "${var.dns_zone_name}"
558
  egress_ports              = "${var.egress_ports}"
John Jarvis's avatar
John Jarvis committed
559
560
561
562
563
564
565
566
567
568
  environment               = "${var.environment}"
  ip_cidr_range             = "${var.subnetworks["redis"]}"
  kernel_version            = "${var.default_kernel_version}"
  machine_type              = "${var.machine_types["redis"]}"
  name                      = "redis"
  node_count                = "${var.node_count["redis"]}"
  project                   = "${var.project}"
  public_ports              = "${var.public_ports["redis"]}"
  region                    = "${var.region}"
  service_account_email     = "${var.service_account_email}"
569
  source                    = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
John Jarvis's avatar
John Jarvis committed
570
571
572
  tier                      = "db"
  use_new_node_name         = true
  vpc                       = "${module.network.self_link}"
573
574
575
}

module "redis-cache" {
576
  bootstrap_version       = "${var.bootstrap_script_version}"
577
578
  chef_provision          = "${var.chef_provision}"
  dns_zone_name           = "${var.dns_zone_name}"
579
  egress_ports            = "${var.egress_ports}"
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
  environment             = "${var.environment}"
  ip_cidr_range           = "${var.subnetworks["redis-cache"]}"
  kernel_version          = "${var.default_kernel_version}"
  name                    = "redis-cache"
  project                 = "${var.project}"
  public_ports            = "${var.public_ports["redis-cache"]}"
  redis_chef_run_list     = "\"role[${var.environment}-base-db-redis-server-cache]\""
  redis_count             = "${var.node_count["redis-cache"]}"
  redis_data_disk_size    = 100
  redis_data_disk_type    = "pd-ssd"
  redis_machine_type      = "${var.machine_types["redis-cache"]}"
  region                  = "${var.region}"
  sentinel_chef_run_list  = "\"role[${var.environment}-base-db-redis-sentinel-cache]\""
  sentinel_count          = "${var.node_count["redis-cache-sentinel"]}"
  sentinel_data_disk_size = 100
  sentinel_data_disk_type = "pd-ssd"
  sentinel_machine_type   = "${var.machine_types["redis-cache-sentinel"]}"
  service_account_email   = "${var.service_account_email}"
598
  source                  = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-stor-redis.git?ref=v1.0.6"
599
600
601
602
603
604
605
606
607
608
609
610
  tier                    = "db"
  use_new_node_name       = true
  vpc                     = "${module.network.self_link}"
}

##################################
#
#  Sidekiq
#
##################################

module "sidekiq" {
611
  allow_stopping_for_update           = true
612
  bootstrap_version                   = "${var.bootstrap_script_version}"
613
614
615
616
617
618
619
620
  chef_provision                      = "${var.chef_provision}"
  chef_run_list                       = "\"role[${var.environment}-base-be-sidekiq-besteffort]\""
  dns_zone_name                       = "${var.dns_zone_name}"
  environment                         = "${var.environment}"
  ip_cidr_range                       = "${var.subnetworks["sidekiq"]}"
  kernel_version                      = "${var.default_kernel_version}"
  machine_type                        = "${var.machine_types["sidekiq-besteffort"]}"
  name                                = "sidekiq"
621
  os_disk_type                        = "pd-ssd"
622
623
624
625
626
627
628
629
630
631
  project                             = "${var.project}"
  public_ports                        = "${var.public_ports["sidekiq"]}"
  region                              = "${var.region}"
  service_account_email               = "${var.service_account_email}"
  sidekiq_asap_count                  = "${var.node_count["sidekiq-asap"]}"
  sidekiq_asap_instance_type          = "${var.machine_types["sidekiq-asap"]}"
  sidekiq_besteffort_count            = "${var.node_count["sidekiq-besteffort"]}"
  sidekiq_besteffort_instance_type    = "${var.machine_types["sidekiq-besteffort"]}"
  sidekiq_elasticsearch_count         = "${var.node_count["sidekiq-elasticsearch"]}"
  sidekiq_elasticsearch_instance_type = "${var.machine_types["sidekiq-elasticsearch"]}"
632
633
  sidekiq_import_count                = "${var.node_count["sidekiq-import"]}"
  sidekiq_import_instance_type        = "${var.machine_types["sidekiq-import"]}"
634
635
636
637
638
639
640
641
642
643
  sidekiq_pages_count                 = "${var.node_count["sidekiq-pages"]}"
  sidekiq_pages_instance_type         = "${var.machine_types["sidekiq-pages"]}"
  sidekiq_pipeline_count              = "${var.node_count["sidekiq-pipeline"]}"
  sidekiq_pipeline_instance_type      = "${var.machine_types["sidekiq-pipeline"]}"
  sidekiq_pullmirror_count            = "${var.node_count["sidekiq-pullmirror"]}"
  sidekiq_pullmirror_instance_type    = "${var.machine_types["sidekiq-pullmirror"]}"
  sidekiq_realtime_count              = "${var.node_count["sidekiq-realtime"]}"
  sidekiq_realtime_instance_type      = "${var.machine_types["sidekiq-realtime"]}"
  sidekiq_traces_count                = "${var.node_count["sidekiq-traces"]}"
  sidekiq_traces_instance_type        = "${var.machine_types["sidekiq-traces"]}"
644
  source                              = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-sidekiq.git?ref=v1.0.4"
645
646
647
648
649
650
651
652
653
654
655
656
  tier                                = "sv"
  use_new_node_name                   = true
  vpc                                 = "${module.network.self_link}"
}

##################################
#
#  Mailroom
#
##################################

module "mailroom" {
657
  bootstrap_version     = "${var.bootstrap_script_version}"
658
659
660
661
662
663
664
665
666
667
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-be-mailroom]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["mailroom"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["mailroom"]}"
  name                  = "mailroom"
  node_count            = "${var.node_count["mailroom"]}"
668
  os_disk_type          = "pd-ssd"
669
670
671
672
673
  project               = "${var.project}"
  public_ports          = "${var.public_ports["mailroom"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
674
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
675
676
677
678
679
680
681
682
683
684
685
686
  tier                  = "sv"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Storage nodes for repositories
#
##################################

module "file" {
687
  bootstrap_version     = "${var.bootstrap_script_version}"
688
  chef_provision        = "${var.chef_provision}"
John Jarvis's avatar
John Jarvis committed
689
  chef_run_list         = "\"role[${var.environment}-base-stor-gitaly]\""
John Jarvis's avatar
John Jarvis committed
690
  deletion_protection   = true
691
692
693
  data_disk_size        = "${var.data_disk_sizes["file"]}"
  data_disk_type        = "pd-ssd"
  dns_zone_name         = "${var.dns_zone_name}"
694
  egress_ports          = "${var.egress_ports}"
695
696
697
698
699
700
  environment           = "${var.environment}"
  ip_cidr_range         = "${var.subnetworks["stor"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["stor"]}"
  name                  = "file"
  node_count            = "${var.node_count["stor"]}"
Alex Hanselka's avatar
Alex Hanselka committed
701
  multizone_node_count  = "${var.node_count["multizone-stor"]}"
702
  os_disk_type          = "pd-ssd"
703
704
705
706
  project               = "${var.project}"
  public_ports          = "${var.public_ports["stor"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
707
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
  tier                  = "stor"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
  zone                  = "us-east1-c"
}

##################################
#
#  Storage nodes for
#  uploads/lfs/pages/artifacts/builds/cache
#
#  share:
#    gitlab-ci/builds
#    gitlab-rails/shared/cache
#    gitlab-rails/shared/tmp
#    gitlab-rails/uploads
#    gitlab-rails/shared/lfs-objects
725
#    gitlab-rails/shared/artifacts
726
727
728
729
730
731
732
#
#  pages:
#    gitlab-rails/shared/pages
#
##################################

module "share" {
733
  bootstrap_version     = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
734
  deletion_protection   = true
735
  chef_provision        = "${var.chef_provision}"
John Jarvis's avatar
John Jarvis committed
736
  chef_run_list         = "\"role[${var.environment}-base-stor-nfs-server]\""
737
  data_disk_size        = "${var.data_disk_sizes["share"]}"
738
  data_disk_type        = "pd-ssd"
739
740
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
741
  egress_ports          = "${var.egress_ports}"
742
743
  ip_cidr_range         = "${var.subnetworks["share"]}"
  kernel_version        = "${var.default_kernel_version}"
744
  machine_type          = "${var.machine_types["stor-share"]}"
745
746
  name                  = "share"
  node_count            = "${var.node_count["share"]}"
747
  os_disk_type          = "pd-ssd"
748
749
750
751
  project               = "${var.project}"
  public_ports          = "${var.public_ports["stor"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
752
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
753
754
755
756
757
  tier                  = "stor"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

758
## Pages has a DNS entry for failover rsync
John Jarvis's avatar
John Jarvis committed
759
760
## This and leaving port 22 open can be removed
## after failover.
761
762
763
764
765
766
767
768
769

resource "aws_route53_record" "pages" {
  zone_id = "${var.gitlab_net_zone_id}"
  name    = "pages.stor.${var.environment}.gitlab.net"
  type    = "A"
  ttl     = "300"
  records = ["${module.pages.instance_public_ips}"]
}

770
module "pages" {
771
  bootstrap_version     = "${var.bootstrap_script_version}"
772
  chef_provision        = "${var.chef_provision}"
John Jarvis's avatar
John Jarvis committed
773
  chef_run_list         = "\"role[${var.environment}-base-stor-nfs-server]\""
John Jarvis's avatar
John Jarvis committed
774
  deletion_protection   = true
775
  data_disk_size        = "${var.data_disk_sizes["pages"]}"
776
  data_disk_type        = "pd-ssd"
777
  dns_zone_name         = "${var.dns_zone_name}"
778
  egress_ports          = "${var.egress_ports}"
779
780
781
  environment           = "${var.environment}"
  ip_cidr_range         = "${var.subnetworks["pages"]}"
  kernel_version        = "${var.default_kernel_version}"
782
  machine_type          = "${var.machine_types["stor-pages"]}"
783
784
  name                  = "pages"
  node_count            = "${var.node_count["pages"]}"
785
  os_disk_type          = "pd-ssd"
786
  project               = "${var.project}"
787
  public_ports          = "${var.public_ports["stor"]}"
788
789
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
790
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-stor.git?ref=v1.0.4"
791
792
  tier                  = "stor"
  use_new_node_name     = true
793
  use_external_ip       = true
794
795
796
797
798
  vpc                   = "${module.network.self_link}"
}

##################################
#
John Jarvis's avatar
John Jarvis committed
799
#  External HAProxy LoadBalancer
800
801
802
803
#
##################################

module "fe-lb" {
804
  backend_service_type   = "regional"
805
  bootstrap_version      = "${var.bootstrap_script_version}"
806
807
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-lb-fe]\""
808
  create_backend_service = true
809
810
811
812
813
814
815
816
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  ip_cidr_range          = "${var.subnetworks["fe-lb"]}"
  kernel_version         = "${var.default_kernel_version}"
  machine_type           = "${var.machine_types["fe-lb"]}"
  name                   = "fe"
  node_count             = "${var.node_count["fe-lb"]}"
817
  os_boot_image          = "${var.os_boot_image["fe-lb"]}"
818
819
820
821
822
823
  project                = "${var.project}"
  public_ports           = "${var.public_ports["fe-lb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/-/available-https"
  service_port           = 8002
824
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
825
826
827
828
829
830
831
  tier                   = "lb"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

##################################
#
John Jarvis's avatar
John Jarvis committed
832
#  External HAProxy LoadBalancer Pages
833
834
835
836
#
##################################

module "fe-lb-pages" {
837
  bootstrap_version     = "${var.bootstrap_script_version}"
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-lb-pages]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  health_check          = "http"
  ip_cidr_range         = "${var.subnetworks["fe-lb-pages"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["fe-lb"]}"
  name                  = "fe-pages"
  node_count            = "${var.node_count["fe-lb-pages"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["fe-lb"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 7331
853
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
854
855
856
857
858
859
860
  tier                  = "lb"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
John Jarvis's avatar
John Jarvis committed
861
#  External HAProxy LoadBalancer AltSSH
862
863
864
865
#
##################################

module "fe-lb-altssh" {
866
  bootstrap_version     = "${var.bootstrap_script_version}"
867
868
869
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-base-lb-altssh]\""
  dns_zone_name         = "${var.dns_zone_name}"
870
  egress_ports          = "${var.egress_ports}"
871
872
873
874
875
876
877
878
879
880
881
882
  environment           = "${var.environment}"
  health_check          = "http"
  ip_cidr_range         = "${var.subnetworks["fe-lb-altssh"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["fe-lb"]}"
  name                  = "fe-altssh"
  node_count            = "${var.node_count["fe-lb-altssh"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["fe-lb"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 7331
883
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
884
885
886
887
888
  tier                  = "lb"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

Ahmad Sherif's avatar
Ahmad Sherif committed
889
890
891
892
893
894
895
##################################
#
#  External HAProxy LoadBalancer Registry
#
##################################

module "fe-lb-registry" {
896
  bootstrap_version      = "${var.bootstrap_script_version}"
Ahmad Sherif's avatar
Ahmad Sherif committed
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-lb-registry]\""
  create_backend_service = true
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  ip_cidr_range          = "${var.subnetworks["fe-lb-registry"]}"
  kernel_version         = "${var.default_kernel_version}"
  machine_type           = "${var.machine_types["fe-lb"]}"
  name                   = "fe-registry"
  node_count             = "${var.node_count["fe-lb-registry"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["fe-lb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/-/available-https"
  service_port           = 8002
914
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
Ahmad Sherif's avatar
Ahmad Sherif committed
915
916
917
918
919
  tier                   = "lb"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

John Jarvis's avatar
John Jarvis committed
920
921
922
923
924
925
926
##################################
#
#  External HAProxy LoadBalancer Canary
#
##################################

module "fe-lb-cny" {
927
  bootstrap_version      = "${var.bootstrap_script_version}"
John Jarvis's avatar
John Jarvis committed
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
  chef_provision         = "${var.chef_provision}"
  chef_run_list          = "\"role[${var.environment}-base-lb-cny]\""
  create_backend_service = true
  dns_zone_name          = "${var.dns_zone_name}"
  environment            = "${var.environment}"
  health_check           = "http"
  ip_cidr_range          = "${var.subnetworks["fe-lb-cny"]}"
  kernel_version         = "${var.default_kernel_version}"
  machine_type           = "${var.machine_types["fe-lb"]}"
  name                   = "fe-cny"
  node_count             = "${var.node_count["fe-lb-cny"]}"
  project                = "${var.project}"
  public_ports           = "${var.public_ports["fe-lb"]}"
  region                 = "${var.region}"
  service_account_email  = "${var.service_account_email}"
  service_path           = "/-/available-https"
  service_port           = 8002
945
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
John Jarvis's avatar
John Jarvis committed
946
947
948
949
950
  tier                   = "lb"
  use_new_node_name      = true
  vpc                    = "${module.network.self_link}"
}

951
952
953
954
955
956
957
958
959
960
##################################
#
#  GCP TCP LoadBalancers
#
##################################

#### Load balancer for the main site
module "gcp-tcp-lb" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs["forwarding_port_ranges"]}"
John Jarvis's avatar
John Jarvis committed
961
  fqdns                  = "${var.lb_fqdns}"
Alex Hanselka's avatar
Alex Hanselka committed
962
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
963
964
965
966
967
968
969
  health_check_ports     = "${var.tcp_lbs["health_check_ports"]}"
  instances              = ["${module.fe-lb.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs["names"])}"
  name                   = "gcp-tcp-lb"
  names                  = "${var.tcp_lbs["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
970
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
971
972
973
974
975
976
977
978
979
980
981
  targets                = ["fe"]
}

##################################
#
#  GCP Internal TCP LoadBalancers
#
##################################

###### Internal Load balancer for the main site
module "gcp-tcp-lb-internal" {
982
  backend_service        = "${module.fe-lb.google_compute_region_backend_service_self_link}"
983
984
985
  environment            = "${var.environment}"
  external               = false
  forwarding_port_ranges = "${var.tcp_lbs_internal["forwarding_port_ranges"]}"
John Jarvis's avatar
John Jarvis committed
986
  fqdns                  = "${var.lb_fqdns_internal}"
987
988
989
990
991
992
993
994
  gitlab_zone_id         = "${var.gitlab_net_zone_id}"
  health_check_ports     = "${var.tcp_lbs_internal["health_check_ports"]}"
  instances              = ["${module.fe-lb.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_internal["names"])}"
  name                   = "gcp-tcp-lb-internal"
  names                  = "${var.tcp_lbs_internal["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
995
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
996
997
998
999
1000
1001
1002
1003
1004
  subnetwork_self_link   = "${module.fe-lb.google_compute_subnetwork_self_link}"
  targets                = ["fe"]
  vpc                    = "${module.network.self_link}"
}

#### Load balancer for pages
module "gcp-tcp-lb-pages" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_pages["forwarding_port_ranges"]}"
John Jarvis's avatar
John Jarvis committed
1005
1006
  fqdns                  = "${var.lb_fqdns_pages}"
  gitlab_zone_id         = "${var.gitlab_io_zone_id}"
1007
1008
1009
1010
1011
1012
1013
  health_check_ports     = "${var.tcp_lbs_pages["health_check_ports"]}"
  instances              = ["${module.fe-lb-pages.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_pages["names"])}"
  name                   = "gcp-tcp-lb-pages"
  names                  = "${var.tcp_lbs_pages["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
1014
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1015
1016
1017
1018
1019
1020
1021
  targets                = ["fe-pages"]
}

#### Load balancer for altssh
module "gcp-tcp-lb-altssh" {
  environment                = "${var.environment}"
  forwarding_port_ranges     = "${var.tcp_lbs_altssh["forwarding_port_ranges"]}"
John Jarvis's avatar
John Jarvis committed
1022
  fqdns                      = "${var.lb_fqdns_altssh}"
1023
1024
1025
1026
1027
1028
1029
1030
1031
  gitlab_zone_id             = "${var.gitlab_com_zone_id}"
  health_check_ports         = "${var.tcp_lbs_altssh["health_check_ports"]}"
  health_check_request_paths = "${var.tcp_lbs_altssh["health_check_request_paths"]}"
  instances                  = ["${module.fe-lb-altssh.instances_self_link}"]
  lb_count                   = "${length(var.tcp_lbs_altssh["names"])}"
  name                       = "gcp-tcp-lb-altssh"
  names                      = "${var.tcp_lbs_altssh["names"]}"
  project                    = "${var.project}"
  region                     = "${var.region}"
1032
  source                     = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1033
1034
1035
  targets                    = ["fe-altssh"]
}

Ahmad Sherif's avatar
Ahmad Sherif committed
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
#### Load balancer for registry
module "gcp-tcp-lb-registry" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_registry["forwarding_port_ranges"]}"
  fqdns                  = "${var.lb_fqdns_registry}"
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_registry["health_check_ports"]}"
  instances              = ["${module.fe-lb-registry.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_registry["names"])}"
  name                   = "gcp-tcp-lb-registry"
  names                  = "${var.tcp_lbs_registry["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
1049
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
Ahmad Sherif's avatar
Ahmad Sherif committed
1050
1051
1052
  targets                = ["fe-registry"]
}

John Jarvis's avatar
John Jarvis committed
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
#### Load balancer for cny
module "gcp-tcp-lb-cny" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_cny["forwarding_port_ranges"]}"
  fqdns                  = "${var.lb_fqdns_cny}"
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_cny["health_check_ports"]}"
  instances              = ["${module.fe-lb-cny.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_cny["names"])}"
  name                   = "gcp-tcp-lb-cny"
  names                  = "${var.tcp_lbs_cny["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
1066
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
John Jarvis's avatar
John Jarvis committed
1067
1068
1069
  targets                = ["fe-cny"]
}

1070
1071
1072
1073
#### Load balancer for bastion
module "gcp-tcp-lb-bastion" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_bastion["forwarding_port_ranges"]}"
John Jarvis's avatar
John Jarvis committed
1074
  fqdns                  = "${var.lb_fqdns_bastion}"
1075
1076
1077
1078
1079
1080
1081
1082
1083
  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_bastion["health_check_ports"]}"
  instances              = ["${module.bastion.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_bastion["names"])}"
  name                   = "gcp-tcp-lb-bastion"
  names                  = "${var.tcp_lbs_bastion["names"]}"
  project                = "${var.project}"
  region                 = "${var.region}"
  session_affinity       = "CLIENT_IP"
1084
  source                 = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
  targets                = ["bastion"]
}

##################################
#
#  Consul
#
##################################

module "consul" {
1095
  bootstrap_version     = "${var.bootstrap_script_version}"
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-consul]\""
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
  ip_cidr_range         = "${var.subnetworks["consul"]}"
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["consul"]}"
  name                  = "consul"
  node_count            = "${var.node_count["consul"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["consul"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 8300
1110
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.4"
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
  tier                  = "inf"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Pubsubbeats
#
#  Machines for running the beats
#  that consume logs from pubsub
#  and send them to elastic cloud
#
#  You must have a chef role with the
#  following format:
#     role[<env>-infra-pubsubbeat-<beat_name>]
#
##################################

module "pubsubbeat" {
1131
  bootstrap_version     = "${var.bootstrap_script_version}"
1132
1133
  chef_provision        = "${var.chef_provision}"
  dns_zone_name         = "${var.dns_zone_name}"
1134
  egress_ports          = "${var.egress_ports}"
1135
1136
1137
  environment           = "${var.environment}"
  health_check          = "tcp"
  ip_cidr_range         = "${var.subnetworks["pubsubbeat"]}"
1138
  kernel_version        = "4.13.0-1007"
1139
1140
1141
1142
1143
1144
1145
  machine_types         = "${var.pubsubbeats["machine_types"]}"
  names                 = "${var.pubsubbeats["names"]}"
  project               = "${var.project}"
  public_ports          = "${var.public_ports["pubsubbeat"]}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_port          = 22
1146
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/pubsubbeat.git?ref=v1.0.4"
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
  tier                  = "inf"
  use_new_node_name     = true
  vpc                   = "${module.network.self_link}"
}

##################################
#
#  Monitoring
#
#  Uses the monitoring module, this
#  creates a single instance behind
#  a load balancer with identity aware
#  proxy enabled.
#
##################################

resource "google_compute_subnetwork" "monitoring" {
  ip_cidr_range            = "${var.subnetworks["monitoring"]}"
Andrew Newdigate's avatar
Andrew Newdigate committed
1165
  enable_flow_logs         = false
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
  name                     = "${format("monitoring-%v", var.environment)}"
  network                  = "${module.network.self_link}"
  private_ip_google_access = true
  project                  = "${var.project}"
  region                   = "${var.region}"
}

#######################
#
# load balancer for all hosts in this section
#
#######################

module "monitoring-lb" {
  cert_link          = "${var.monitoring_cert_link}"
  environment        = "${var.environment}"
  gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
1183
  hosts              = ["${var.monitoring_hosts["names"]}"]
1184
1185
1186
  name               = "monitoring-lb"
  project            = "${var.project}"
  region             = "${var.region}"
1187
  service_ports      = ["${var.monitoring_hosts["ports"]}"]
1188
  source             = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/monitoring-lb.git?ref=v1.0.0"
1189
  subnetwork_name    = "${google_compute_subnetwork.monitoring.name}"
1190
  targets            = ["${var.monitoring_hosts["names"]}"]
1191
1192
1193
1194
1195
  url_map            = "${google_compute_url_map.monitoring-lb.self_link}"
}

#######################
module "prometheus" {
1196
  bootstrap_version     = "${var.bootstrap_script_version}"
1197
1198
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-prometheus]\""
Ahmad Sherif's avatar
Ahmad Sherif committed
1199
1200
  data_disk_size        = "${var.data_disk_sizes["prometheus"]}"
  data_disk_type        = "pd-ssd"
1201
1202
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
1203
1204
  fw_whitelist_subnets  = "${concat(var.monitoring_whitelist_prometheus["subnets"], var.other_monitoring_subnets)}"
  fw_whitelist_ports    = "${var.monitoring_whitelist_prometheus["ports"]}"
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["monitoring"]}"
  name                  = "prometheus"
  node_count            = "${var.node_count["prometheus"]}"
  oauth2_client_id      = "${var.oauth2_client_id_monitoring}"
  oauth2_client_secret  = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path  = "/opt/prometheus"
  project               = "${var.project}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_path          = "/graph"
1216
  service_port          = "${element(var.monitoring_hosts["ports"], index(var.monitoring_hosts["names"], "prometheus"))}"
1217
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/monitoring-with-count.git?ref=v1.0.5"
1218
1219
  subnetwork_name       = "${google_compute_subnetwork.monitoring.name}"
  tier                  = "inf"
1220
  use_external_ip       = true
1221
  use_new_node_name     = true
1222
  vpc                   = "${module.network.self_link}"
1223
1224
1225
}

module "prometheus-app" {
1226
  bootstrap_version     = "${var.bootstrap_script_version}"
1227
1228
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-prometheus-app]\""
Ahmad Sherif's avatar
Ahmad Sherif committed
1229
1230
  data_disk_size        = "${var.data_disk_sizes["prometheus"]}"
  data_disk_type        = "pd-ssd"
1231
1232
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
1233
1234
  fw_whitelist_subnets  = "${concat(var.monitoring_whitelist_prometheus["subnets"], var.other_monitoring_subnets)}"
  fw_whitelist_ports    = "${var.monitoring_whitelist_prometheus["ports"]}"
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
  kernel_version        = "${var.default_kernel_version}"
  machine_type          = "${var.machine_types["monitoring"]}"
  name                  = "prometheus-app"
  node_count            = "${var.node_count["prometheus-app"]}"
  oauth2_client_id      = "${var.oauth2_client_id_monitoring}"
  oauth2_client_secret  = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path  = "/opt/prometheus"
  project               = "${var.project}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_path          = "/graph"
1246
  service_port          = "${element(var.monitoring_hosts["ports"], index(var.monitoring_hosts["names"], "prometheus-app"))}"
1247
  source                = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/monitoring-with-count.git?ref=v1.0.5"
1248
1249