Commit 015dbf77 authored by John Jarvis's avatar John Jarvis

Use a single lb for the monitoring hosts.

parent b2dd3d0b
###########################################################
# This is specific to the gprd environment
# and defines the mapping from monitoring hosts to backend
# services
resource "google_compute_url_map" "monitoring-lb" {
name = "${format("%v-monitoring-lb", var.environment)}"
default_service = "${module.performance.google_compute_backend_service_self_link}"
###################################
host_rule {
hosts = ["performance.gprd.gitlab.com"]
path_matcher = "performance"
}
path_matcher {
name = "performance"
default_service = "${module.performance.google_compute_backend_service_self_link}"
path_rule {
paths = ["/*"]
service = "${module.performance.google_compute_backend_service_self_link}"
}
}
###################################
host_rule {
hosts = ["prometheus.gprd.gitlab.com"]
path_matcher = "prometheus"
}
path_matcher {
name = "prometheus"
default_service = "${module.prometheus.google_compute_backend_service_self_link}"
path_rule {
paths = ["/*"]
service = "${module.prometheus.google_compute_backend_service_self_link}"
}
}
###################################
host_rule {
hosts = ["prometheus-app.gprd.gitlab.com"]
path_matcher = "prometheus-app"
}
path_matcher {
name = "prometheus-app"
default_service = "${module.prometheus-app.google_compute_backend_service_self_link}"
path_rule {
paths = ["/*"]
service = "${module.prometheus-app.google_compute_backend_service_self_link}"
}
}
###################################
host_rule {
hosts = ["kibana.gprd.gitlab.com"]
path_matcher = "kibana"
}
path_matcher {
name = "kibana"
default_service = "${module.kibana.google_compute_backend_service_self_link}"
path_rule {
paths = ["/*"]
service = "${module.kibana.google_compute_backend_service_self_link}"
}
}
}
......@@ -563,6 +563,29 @@ resource "google_compute_firewall" "monitoring" {
target_tags = ["kibana", "prometheus-app", "performance", "prometheus"]
}
#######################
#
# load balancer for all hosts in this section
#
#######################
module "monitoring-lb" {
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
environment = "${var.environment}"
source = "../../modules/google/monitoring-lb"
name = "monitoring-lb"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
project = "${var.project}"
region = "${var.region}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
cert_link = "${var.monitoring_cert_link}"
service_port = "80"
url_map = "${google_compute_url_map.monitoring-lb.self_link}"
hosts = "${var.monitoring_lb_hosts}"
}
#######################
module "performance" {
bootstrap_version = 3
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
......@@ -580,8 +603,6 @@ module "performance" {
source = "../../modules/google/monitoring"
tier = "inf"
persistent_disk_path = "/opt"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
cert_link = "projects/gitlab-production/global/sslCertificates/gprd-wildcard"
service_port = "80"
service_path = "/login"
oauth2_client_id = "${var.oauth2_client_id_performance}"
......@@ -605,8 +626,6 @@ module "prometheus" {
source = "../../modules/google/monitoring"
tier = "inf"
persistent_disk_path = "/opt/prometheus"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
cert_link = "projects/gitlab-production/global/sslCertificates/gprd-wildcard"
service_port = "9090"
service_path = "/graph"
oauth2_client_id = "${var.oauth2_client_id_prometheus}"
......@@ -630,8 +649,6 @@ module "prometheus-app" {
source = "../../modules/google/monitoring"
tier = "inf"
persistent_disk_path = "/opt/prometheus"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
cert_link = "projects/gitlab-production/global/sslCertificates/gprd-wildcard"
service_port = "9090"
service_path = "/graph"
oauth2_client_id = "${var.oauth2_client_id_prometheus}"
......@@ -655,8 +672,6 @@ module "kibana" {
source = "../../modules/google/monitoring"
tier = "inf"
persistent_disk_path = "/opt"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
cert_link = "projects/gitlab-production/global/sslCertificates/gprd-wildcard"
service_port = "80"
service_path = "/login"
oauth2_client_id = "${var.oauth2_client_id_prometheus}"
......
......@@ -4,6 +4,11 @@ variable "oauth2_client_secret_prometheus" {}
variable "oauth2_client_id_performance" {}
variable "oauth2_client_secret_performance" {}
variable "monitoring_lb_hosts" {
type = "list"
default = ["performance", "prometheus", "prometheus-app", "kibana"]
}
variable "base_chef_run_list" {
default = "\"role[gitlab]\",\"recipe[gitlab_users::default]\",\"recipe[gitlab_sudo::default]\",\"recipe[gitlab-server::bashrc]\""
}
......@@ -81,6 +86,10 @@ variable "chef_version" {
default = "12.19.36"
}
variable "monitoring_cert_link" {
default = "projects/gitlab-production/global/sslCertificates/gprd-wildcard"
}
variable "machine_types" {
type = "map"
......
data "google_compute_lb_ip_ranges" "ranges" {}
resource "aws_route53_record" "default" {
count = "${length(var.hosts)}"
zone_id = "${var.gitlab_com_zone_id}"
name = "${format("${var.hosts[count.index]}.%v.gitlab.com.", var.environment)}"
type = "A"
ttl = "300"
records = ["${google_compute_global_address.default.address}"]
}
resource "google_compute_global_address" "default" {
name = "${format("%v-%v", var.environment, var.name)}"
}
resource "google_compute_global_forwarding_rule" "default" {
name = "${format("%v-%v-performance", var.environment, var.name)}"
target = "${google_compute_target_https_proxy.default.self_link}"
port_range = "443"
ip_address = "${google_compute_global_address.default.address}"
}
resource "google_compute_target_https_proxy" "default" {
name = "${format("%v-%v", var.environment, var.name)}"
description = "https proxy for performance"
ssl_certificates = ["${var.cert_link}"]
url_map = "${var.url_map}"
}
resource "google_compute_firewall" "default" {
name = "${format("%v-%v", var.environment, var.name)}"
network = "${var.environment}"
allow {
protocol = "tcp"
ports = ["80", "${var.service_port}"]
}
source_ranges = ["${data.google_compute_lb_ip_ranges.ranges.network}"]
target_tags = ["${var.name}"]
}
variable "url_map" {}
variable "hosts" {
type = "list"
}
variable "service_port" {
type = "string"
description = "port for the service running on the monitoring node"
}
variable "subnetwork_name" {
type = "string"
description = "subnetwork name for the instances"
}
variable "cert_link" {
type = "string"
description = "resource link for the ssl certificate"
}
variable "gitlab_com_zone_id" {
type = "string"
description = "Zone id for creating dns records (AWS)"
}
variable "environment" {
type = "string"
description = "The environment name"
}
variable "name" {
type = "string"
description = "The pet name"
}
variable "project" {
type = "string"
description = "The project name"
}
variable "region" {
type = "string"
description = "The target region"
}
variable "zone" {
type = "string"
default = ""
}
resource "google_compute_backend_service" "monitoring" {
name = "${format("%v-%v", var.environment, var.name)}"
protocol = "HTTP"
port_name = "${var.name}"
backend {
group = "${google_compute_instance_group.monitoring.self_link}"
}
health_checks = ["${google_compute_health_check.monitoring.self_link}"]
iap {
oauth2_client_secret = "${var.oauth2_client_secret}"
oauth2_client_id = "${var.oauth2_client_id}"
}
}
resource "google_compute_health_check" "monitoring" {
name = "${format("%v-%v", var.environment, var.name)}"
http_health_check {
port = "${var.service_port}"
request_path = "${var.service_path}"
}
}
resource "google_compute_instance_group" "monitoring" {
name = "${format("%v-%v", var.environment, var.name)}"
description = "Instance group for monitoring VM."
zone = "${var.zone != "" ? var.zone : data.google_compute_zones.available.names[0]}"
named_port {
name = "${var.name}"
port = "${var.service_port}"
}
instances = ["${google_compute_instance.instance_with_attached_disk.self_link}"]
}
resource "google_compute_disk" "data_disk" {
project = "${var.project}"
name = "${format("%v-%v-%v-data", var.name, var.tier, var.environment)}"
......
data "google_compute_lb_ip_ranges" "ranges" {}
resource "aws_route53_record" "monitoring" {
zone_id = "${var.gitlab_com_zone_id}"
name = "${format("%v.%v.gitlab.com.", var.name, var.environment)}"
type = "A"
ttl = "300"
records = ["${google_compute_global_address.monitoring.address}"]
}
resource "google_compute_global_address" "monitoring" {
name = "${format("%v-%v", var.environment, var.name)}"
}
resource "google_compute_global_forwarding_rule" "monitoring" {
name = "${format("%v-%v", var.environment, var.name)}"
target = "${google_compute_target_https_proxy.monitoring.self_link}"
port_range = "443"
ip_address = "${google_compute_global_address.monitoring.address}"
}
resource "google_compute_target_https_proxy" "monitoring" {
name = "${format("%v-%v", var.environment, var.name)}"
description = "https proxy for monitoring"
ssl_certificates = ["${var.cert_link}"]
url_map = "${google_compute_url_map.monitoring.self_link}"
}
resource "google_compute_url_map" "monitoring" {
name = "${format("%v-%v", var.environment, var.name)}"
default_service = "${google_compute_backend_service.monitoring.self_link}"
host_rule {
hosts = ["*"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${google_compute_backend_service.monitoring.self_link}"
path_rule {
paths = ["${var.service_path}"]
service = "${google_compute_backend_service.monitoring.self_link}"
}
}
}
resource "google_compute_instance_group" "monitoring" {
name = "${format("%v-%v", var.environment, var.name)}"
description = "Instance group for monitoring VM."
zone = "${var.zone != "" ? var.zone : data.google_compute_zones.available.names[0]}"
named_port {
name = "${var.name}"
port = "${var.service_port}"
}
instances = ["${google_compute_instance.instance_with_attached_disk.self_link}"]
}
resource "google_compute_health_check" "monitoring" {
name = "${format("%v-%v", var.environment, var.name)}"
http_health_check {
port = "${var.service_port}"
request_path = "${var.service_path}"
}
}
resource "google_compute_backend_service" "monitoring" {
name = "${format("%v-%v", var.environment, var.name)}"
protocol = "HTTP"
port_name = "${var.name}"
backend {
group = "${google_compute_instance_group.monitoring.self_link}"
}
health_checks = ["${google_compute_health_check.monitoring.self_link}"]
iap {
oauth2_client_secret = "${var.oauth2_client_secret}"
oauth2_client_id = "${var.oauth2_client_id}"
}
}
resource "google_compute_firewall" "default" {
name = "${format("%v-%v", var.environment, var.name)}"
network = "${var.environment}"
allow {
protocol = "tcp"
ports = ["80", "${var.service_port}"]
}
source_ranges = ["${data.google_compute_lb_ip_ranges.ranges.network}"]
target_tags = ["${var.name}"]
}
output "instances_self_link" {
value = "${google_compute_instance.instance_with_attached_disk.*.self_link}"
}
output "instance_group_self_link" {
value = "${google_compute_instance_group.monitoring.self_link}"
}
output "google_compute_backend_service_self_link" {
value = "${google_compute_backend_service.monitoring.self_link}"
}
......@@ -21,16 +21,6 @@ variable "subnetwork_name" {
description = "subnetwork name for the instances"
}
variable "cert_link" {
type = "string"
description = "resource link for the ssl certificate"
}
variable "gitlab_com_zone_id" {
type = "string"
description = "Zone id for creating dns records (AWS)"
}
variable "bootstrap_version" {
description = "version of the bootstrap script"
default = 1
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment