Commit 0cc0da4c authored by John Jarvis's avatar John Jarvis

Jarv/internal lb pgbouncer

parent 4deb491c
......@@ -63,7 +63,7 @@ resource "google_compute_network_peering" "peering_ops" {
#################################
module "web" {
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-fe-web]\""
dns_zone_name = "${var.dns_zone_name}"
......@@ -82,6 +82,8 @@ module "web" {
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
}
##################################
......@@ -91,7 +93,7 @@ module "web" {
#################################
module "api" {
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-fe-api]\""
dns_zone_name = "${var.dns_zone_name}"
......@@ -110,6 +112,8 @@ module "api" {
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
}
##################################
......@@ -119,7 +123,7 @@ module "api" {
##################################
module "git" {
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-fe-git]\""
dns_zone_name = "${var.dns_zone_name}"
......@@ -138,6 +142,8 @@ module "git" {
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
}
##################################
......@@ -147,7 +153,7 @@ module "git" {
#################################
module "registry" {
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-fe-registry]\""
dns_zone_name = "${var.dns_zone_name}"
......@@ -166,6 +172,8 @@ module "registry" {
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
}
##################################
......@@ -196,8 +204,36 @@ module "postgres" {
service_account_email = "${var.service_account_email}"
}
#############################################
#
# GCP Internal TCP LoadBalancer and PgBouncer
#
#############################################
module "gcp-tcp-lb-internal-pgbouncer" {
name = "gcp-tcp-lb-internal-pgbouncer"
lb_count = "1"
names = ["${var.environment}-pgbouncer"]
fqdn = "${var.lb_fqdn_internal_pgbouncer}"
gitlab_zone_id = "${var.gitlab_net_zone_id}"
environment = "${var.environment}"
region = "${var.region}"
project = "${var.project}"
source = "../../modules/google/tcp-lb"
targets = ["pgbouncer"]
forwarding_port_ranges = ["6432"]
health_check_ports = ["6432"]
instances = ["${module.pg-bouncer.instances_self_link}"]
### Additional options only for internal lb
external = false
vpc = "${module.network.self_link}"
subnetwork_self_link = "${module.pg-bouncer.google_compute_subnetwork_self_link}"
backend_service = "${module.pg-bouncer.google_compute_region_backend_service_self_link}"
}
module "pg-bouncer" {
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-db-pgbouncer]\""
dns_zone_name = "${var.dns_zone_name}"
......@@ -210,15 +246,21 @@ module "pg-bouncer" {
public_ports = "${var.public_ports["pgb"]}"
region = "${var.region}"
source = "../../modules/google/generic-sv-with-group"
health_check = "tcp"
service_port = 22
tier = "db"
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
service_account_email = "${var.service_account_email}"
source = "../../modules/google/generic-sv-with-group"
health_check = "tcp"
service_port = 22
tier = "db"
vpc = "${module.network.self_link}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
health_check = "tcp"
create_backend_service = true
backend_service_type = "regional"
}
#############################################
module "geo-postgres" {
bootstrap_version = 5
data_disk_size = 5000
......@@ -301,7 +343,7 @@ module "redis-cache" {
##################################
module "sidekiq" {
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-be-sidekiq-besteffort]\""
dns_zone_name = "${var.dns_zone_name}"
......@@ -332,6 +374,8 @@ module "sidekiq" {
source = "../../modules/google/generic-sv-sidekiq"
tier = "sv"
vpc = "${module.network.self_link}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
}
##################################
......@@ -812,35 +856,9 @@ module "monitoring-lb" {
#######################
module "performance" {
attach_data_disk = true
bootstrap_version = 5
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-private-grafana]\""
data_disk_size = 100
data_disk_type = "pd-standard"
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
machine_type = "${var.machine_types["monitoring"]}"
name = "performance"
node_count = 1
oauth2_client_id = "${var.oauth2_client_id_monitoring}"
oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
persistent_disk_path = "/opt"
project = "${var.project}"
region = "${var.region}"
service_path = "/login"
service_port = "${var.monitoring_hosts["performance"]}"
source = "../../modules/google/monitoring-with-count"
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
tier = "inf"
service_account_email = "${var.service_account_email}"
}
module "prometheus" {
attach_data_disk = true
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-infra-prometheus]\""
data_disk_size = 1000
......@@ -862,11 +880,13 @@ module "prometheus" {
tier = "inf"
service_account_email = "${var.service_account_email}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
}
module "prometheus-app" {
attach_data_disk = true
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-infra-prometheus-app]\""
data_disk_size = 1000
......@@ -888,11 +908,13 @@ module "prometheus-app" {
tier = "inf"
service_account_email = "${var.service_account_email}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
}
module "alerts" {
node_count = "${var.node_count["alerts"]}"
bootstrap_version = 5
bootstrap_version = 6
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
attach_data_disk = true
data_disk_size = 100
......@@ -912,12 +934,15 @@ module "alerts" {
oauth2_client_id = "${var.oauth2_client_id_monitoring}"
oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
health_check = "tcp"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
service_account_email = "${var.service_account_email}"
kernel_version = "${var.default_kernel_version}"
}
module "sd-exporter" {
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-infra-sd-exporter]\""
dns_zone_name = "${var.dns_zone_name}"
......@@ -936,10 +961,12 @@ module "sd-exporter" {
vpc = "${module.network.self_link}"
allow_stopping_for_update = true
additional_scopes = ["https://www.googleapis.com/auth/monitoring"]
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
}
module "blackbox" {
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-blackbox]\""
dns_zone_name = "${var.dns_zone_name}"
......@@ -958,6 +985,8 @@ module "blackbox" {
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
}
##################################
......@@ -967,7 +996,7 @@ module "blackbox" {
##################################
module "console" {
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-console-node]\""
dns_zone_name = "${var.dns_zone_name}"
......@@ -986,6 +1015,8 @@ module "console" {
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
}
##################################
......@@ -995,7 +1026,7 @@ module "console" {
##################################
module "deploy" {
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-deploy-node]\""
dns_zone_name = "${var.dns_zone_name}"
......@@ -1014,6 +1045,8 @@ module "deploy" {
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
}
##################################
......@@ -1023,7 +1056,7 @@ module "deploy" {
##################################
module "runner" {
bootstrap_version = 5
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-runner]\""
dns_zone_name = "${var.dns_zone_name}"
......@@ -1042,6 +1075,8 @@ module "runner" {
vpc = "${module.network.self_link}"
service_account_email = "${var.service_account_email}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
}
##################################
......
variable "oauth2_client_id_monitoring" {}
variable "oauth2_client_secret_monitoring" {}
variable "default_kernel_version" {
default = "4.10.0-1009"
}
variable "monitoring_hosts" {
type = "map"
......@@ -38,6 +42,10 @@ variable "lb_fqdn_internal" {
default = "int.gprd.gitlab.net"
}
variable "lb_fqdn_internal_pgbouncer" {
default = "pgbouncer.int.gprd.gitlab.net"
}
#
# For every name there must be a corresponding
# forwarding port range and health check port
......@@ -267,7 +275,7 @@ variable "node_count" {
"lfs" = 1
"mailroom" = 2
"pages" = 1
"pgb" = 2
"pgb" = 3
"redis" = 3
"redis-cache" = 3
"redis-cache-sentinel" = 3
......
......@@ -197,27 +197,58 @@ module "postgres" {
kernel_version = "${var.default_kernel_version}"
}
#############################################
#
# GCP Internal TCP LoadBalancer and PgBouncer
#
#############################################
module "gcp-tcp-lb-internal-pgbouncer" {
name = "gcp-tcp-lb-internal-pgbouncer"
lb_count = "1"
names = ["${var.environment}-pgbouncer"]
fqdn = "${var.lb_fqdn_internal_pgbouncer}"
gitlab_zone_id = "${var.gitlab_net_zone_id}"
environment = "${var.environment}"
region = "${var.region}"
project = "${var.project}"
source = "../../modules/google/tcp-lb"
targets = ["pgbouncer"]
forwarding_port_ranges = ["6432"]
health_check_ports = ["6432"]
instances = ["${module.pg-bouncer.instances_self_link}"]
### Additional options only for internal lb
external = false
vpc = "${module.network.self_link}"
subnetwork_self_link = "${module.pg-bouncer.google_compute_subnetwork_self_link}"
backend_service = "${module.pg-bouncer.google_compute_region_backend_service_self_link}"
}
module "pg-bouncer" {
bootstrap_version = 6
chef_init_run_list = "\"role[${var.environment}-force-gitlab-ctl-reconfigure]\""
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-db-pgbouncer]\""
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
ip_cidr_range = "${var.subnetworks["pgb"]}"
machine_type = "${var.machine_types["pgb"]}"
name = "pgbouncer"
node_count = "${var.node_count["pgb"]}"
project = "${var.project}"
public_ports = "${var.public_ports["pgb"]}"
region = "${var.region}"
service_port = 22
service_account_email = "${var.service_account_email}"
source = "../../modules/google/generic-sv-with-group"
tier = "db"
vpc = "${module.network.self_link}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
bootstrap_version = 6
chef_init_run_list = "\"role[${var.environment}-force-gitlab-ctl-reconfigure]\""
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-db-pgbouncer]\""
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
ip_cidr_range = "${var.subnetworks["pgb"]}"
machine_type = "${var.machine_types["pgb"]}"
name = "pgbouncer"
node_count = "${var.node_count["pgb"]}"
project = "${var.project}"
public_ports = "${var.public_ports["pgb"]}"
region = "${var.region}"
service_port = 6432
service_account_email = "${var.service_account_email}"
source = "../../modules/google/generic-sv-with-group"
tier = "db"
vpc = "${module.network.self_link}"
use_new_node_name = true
kernel_version = "${var.default_kernel_version}"
health_check = "tcp"
create_backend_service = true
backend_service_type = "regional"
}
module "geo-postgres" {
......
......@@ -85,6 +85,10 @@ variable "lb_fqdn_internal" {
default = "int.gstg.gitlab.net"
}
variable "lb_fqdn_internal_pgbouncer" {
default = "pgbouncer.int.gstg.gitlab.net"
}
#
# For every name there must be a corresponding
# forwarding port range and health check port
......@@ -270,7 +274,7 @@ variable "node_count" {
"lfs" = 1
"mailroom" = 1
"pages" = 1
"pgb" = 1
"pgb" = 3
"redis" = 3
"redis-cache" = 3
"redis-cache-sentinel" = 3
......
resource "google_compute_region_backend_service" "default" {
count = "${var.backend_service_type == "regional" && var.create_backend_service ? 1 : 0}"
name = "${format("%v-%v-regional", var.environment, var.name)}"
protocol = "TCP"
backend {
group = "${google_compute_instance_group.default.*.self_link[0]}"
}
backend {
group = "${google_compute_instance_group.default.*.self_link[1]}"
}
backend {
group = "${google_compute_instance_group.default.*.self_link[2]}"
}
health_checks = ["${var.health_check == "http" ? google_compute_health_check.http.self_link : google_compute_health_check.tcp.self_link }"]
}
resource "google_compute_backend_service" "default" {
count = "${var.enable_iap || !var.create_backend_service ? 0 : 1}"
count = "${var.backend_service_type == "regional" || var.enable_iap || !var.create_backend_service ? 0 : 1}"
name = "${format("%v-%v", var.environment, var.name)}"
protocol = "${var.backend_protocol}"
port_name = "${var.name}"
......@@ -23,7 +43,7 @@ resource "google_compute_backend_service" "default" {
}
resource "google_compute_backend_service" "iap" {
count = "${var.enable_iap && var.create_backend_service ? 1 : 0}"
count = "${var.backend_service_type != "regional" && var.enable_iap && var.create_backend_service ? 1 : 0}"
name = "${format("%v-%v", var.environment, var.name)}"
protocol = "${var.backend_protocol}"
port_name = "${var.name}"
......
......@@ -28,6 +28,10 @@ output "google_compute_backend_service_iap_self_link" {
value = "${element(concat(google_compute_backend_service.iap.*.self_link, list("")), 0)}"
}
output "google_compute_region_backend_service_self_link" {
value = "${element(concat(google_compute_region_backend_service.default.*.self_link, list("")), 0)}"
}
output "google_compute_subnetwork_name" {
value = "${element(concat(google_compute_subnetwork.subnetwork.*.name, list("")), 0)}"
}
......
variable "backend_service_type" {
default = "regular"
description = "type of backend service, either normal or regional"
}
variable "kernel_version" {
default = ""
}
......
resource "google_compute_region_backend_service" "default" {
count = "${var.backend_service == "regional" ? 1 : 0}"
count = "${var.backend_service_type == "regional" ? 1 : 0}"
name = "${format("%v-%v-regional", var.environment, var.name)}"
protocol = "TCP"
......@@ -19,7 +19,7 @@ resource "google_compute_region_backend_service" "default" {
}
resource "google_compute_backend_service" "iap" {
count = "${var.backend_service == "regional" ? 0 : 1}"
count = "${var.backend_service_type == "regional" ? 0 : 1}"
name = "${format("%v-%v", var.environment, var.name)}"
protocol = "${var.backend_protocol}"
port_name = "${var.name}"
......
variable "backend_service" {
default = "regular"
variable "backend_service_type" {
default = "regular"
description = "type of backend service, either normal or regional"
}
variable "kernel_version" {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment