Commit 18c81a76 authored by John Jarvis's avatar John Jarvis

Adds new web-iap module and fixes the iap lb for web.

parent cb308d06
......@@ -10,7 +10,7 @@ variable "oauth2_client_secret_web_iap" {}
resource "google_compute_backend_service" "web-iap" {
name = "gprd-web-iap"
protocol = "HTTPS"
port_name = "web-iap"
port_name = "https"
backend {
group = "${module.fe-lb.instance_groups_self_link[0]}"
......@@ -24,7 +24,7 @@ resource "google_compute_backend_service" "web-iap" {
group = "${module.fe-lb.instance_groups_self_link[2]}"
}
health_checks = ["${google_compute_health_check.web-ip.self_link}"]
health_checks = ["${google_compute_health_check.web-iap.self_link}"]
iap {
oauth2_client_id = "${var.oauth2_client_id_web_iap}"
......@@ -32,11 +32,12 @@ resource "google_compute_backend_service" "web-iap" {
}
}
resource "google_compute_health_check" "web-ip" {
resource "google_compute_health_check" "web-iap" {
name = "web-iap"
tcp_health_check {
port = "443"
http_health_check {
port = "8002"
request_path = "/-/available-https"
}
}
......@@ -45,7 +46,7 @@ resource "google_compute_url_map" "web-iap" {
default_service = "${google_compute_backend_service.web-iap.self_link}"
host_rule {
hosts = ["web.gprd.gitlab.com"]
hosts = ["gprd.gitlab.com"]
path_matcher = "web-iap"
}
......
......@@ -540,7 +540,8 @@ module "fe-lb" {
service_account_email = "${var.service_account_email}"
source = "../../modules/google/generic-sv-with-group"
health_check = "http"
service_port = 7331
service_port = 8002
service_path = "/-/available-https"
tier = "lb"
vpc = "${module.network.self_link}"
}
......@@ -608,7 +609,7 @@ module "fe-lb-altssh" {
module "web-iap" {
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
environment = "${var.environment}"
source = "../../modules/google/monitoring-lb"
source = "../../modules/google/web-iap"
name = "web-iap"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
project = "${var.project}"
......@@ -618,6 +619,7 @@ module "web-iap" {
service_ports = ["443"]
url_map = "${google_compute_url_map.web-iap.self_link}"
hosts = ["web"]
web_ip_fqdn = "gprd.gitlab.com"
}
##################################
......
......@@ -20,11 +20,16 @@ variable "monitoring_hosts" {
# The top level domain record for the GitLab deployment.
# For production this should be set to "gitlab.com"
# Switch these entries to turn off iap
variable "web_iap_fqdn" {
default = "gprd.gitlab.com"
}
variable "lb_fqdn" {
default = "gprd.gitlab.com"
default = "lb-web.gprd.gitlab.com"
}
##########
variable "lb_fqdn_altssh" {
default = "lb-test-altssh.gprd.gitlab.com"
}
......
......@@ -43,6 +43,16 @@ resource "google_compute_instance_group" "default" {
port = "${var.service_port}"
}
named_port {
name = "http"
port = "80"
}
named_port {
name = "https"
port = "443"
}
# This filters the full set of instances to only ones for the appropriate zone.
instances = ["${matchkeys(google_compute_instance.default.*.self_link, google_compute_instance.default.*.zone, list(data.google_compute_zones.available.names[count.index]))}"]
}
......
data "google_compute_lb_ip_ranges" "ranges" {}
resource "aws_route53_record" "default" {
count = "${length(var.hosts)}"
zone_id = "${var.gitlab_com_zone_id}"
name = "${var.web_ip_fqdn}"
type = "A"
ttl = "300"
records = ["${google_compute_global_address.default.address}"]
}
resource "google_compute_global_address" "default" {
name = "${format("%v-%v", var.environment, var.name)}"
}
resource "google_compute_global_forwarding_rule" "default" {
name = "${format("%v-%v-performance", var.environment, var.name)}"
target = "${google_compute_target_https_proxy.default.self_link}"
port_range = "443"
ip_address = "${google_compute_global_address.default.address}"
}
resource "google_compute_target_https_proxy" "default" {
name = "${format("%v-%v", var.environment, var.name)}"
description = "https proxy for performance"
ssl_certificates = ["${var.cert_link}"]
url_map = "${var.url_map}"
}
resource "google_compute_firewall" "default" {
name = "${format("%v-%v", var.environment, var.name)}"
network = "${var.environment}"
allow {
protocol = "tcp"
ports = ["${var.service_ports}", "443", "80"]
}
source_ranges = ["${data.google_compute_lb_ip_ranges.ranges.network}"]
target_tags = ["${var.name}"]
}
variable "url_map" {}
variable "web_ip_fqdn" {}
variable "hosts" {
type = "list"
}
variable "service_ports" {
type = "list"
description = "ports to allow for healthchecks"
}
variable "subnetwork_name" {
type = "string"
description = "subnetwork name for the instances"
}
variable "cert_link" {
type = "string"
description = "resource link for the ssl certificate"
}
variable "gitlab_com_zone_id" {
type = "string"
description = "Zone id for creating dns records (AWS)"
}
variable "environment" {
type = "string"
description = "The environment name"
}
variable "name" {
type = "string"
description = "The pet name"
}
variable "project" {
type = "string"
description = "The project name"
}
variable "region" {
type = "string"
description = "The target region"
}
variable "zone" {
type = "string"
default = ""
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment