Commit 2ef39b6b authored by Craig Miskell's avatar Craig Miskell

Merge branch 'onprem-testbed-environment' into 'master'

Implementation of https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6511

See merge request !761
parents 5d3595f8 02b6635c
../../shared/gstg-gprd-ops/variables.tf
\ No newline at end of file
../../shared/gstg-gprd/variables.tf
\ No newline at end of file
This diff is collapsed.
###########################################################
# This is specific to the testbed environment
# and defines the mapping from monitoring hosts to backend
# services
resource "google_compute_url_map" "monitoring-lb" {
name = "${format("%v-monitoring-lb", var.environment)}"
default_service = "${module.prometheus.google_compute_backend_service_self_link}"
host_rule {
hosts = ["prometheus.testbed.gitlab.net"]
path_matcher = "prometheus"
}
path_matcher {
name = "prometheus"
default_service = "${module.prometheus.google_compute_backend_service_self_link}"
path_rule {
paths = ["/*"]
service = "${module.prometheus.google_compute_backend_service_self_link}"
}
}
}
variable "gitlab_io_zone_id" {}
variable "project" {
default = "gitlab-testbed"
}
variable "bootstrap_script_version" {
default = 8
}
variable "region" {
default = "us-east1"
}
variable "environment" {
default = "testbed"
}
variable "dns_zone_name" {
default = "gitlab.net"
}
variable "default_kernel_version" {
default = "4.15.0-1015"
}
variable "oauth2_client_id_monitoring" {
default = "test"
}
variable "oauth2_client_secret_monitoring" {
default = "test"
}
variable "machine_types" {
type = "map"
default = {
"bastion" = "n1-standard-1"
"web" = "n1-standard-16"
"monitoring" = "n1-standard-2"
"gitlab-onprem" = "n1-standard-2"
"sd-exporter" = "n1-standard-1"
"gke-runner" = "n1-standard-2"
"gitaly" = "n1-standard-2"
}
}
variable "monitoring_hosts" {
type = "map"
default = {
"names" = ["prometheus", "prometheus-app"]
"ports" = [9090, 9090]
}
}
variable "service_account_email" {
type = "string"
default = "[email protected]"
}
#############################
# Default firewall
# rule for allowing
# all protocols on all
# ports
#
# 10.240.x.x: all of testbed
# 10.250.7.x: ops runner
# 10.250.10.x: chatops runner
# 10.250.12.x: release runner
# 10.12.0.0/14: pod address range in gitlab-ops for runners
###########################
variable "internal_subnets" {
type = "list"
default = ["10.240.0.0/13", "10.250.7.0/24", "10.250.10.0/24", "10.250.12.0/24", "10.12.0.0/14"]
}
variable "other_monitoring_subnets" {
type = "list"
# Left empty for testbed
default = []
}
# The testbed network is allocated
# 10.240.0.0/13
# First IP: 10.240.0.0
# Last IP: 10.247.255.255
# For allocations by project see https://gitlab.com/gitlab-com/runbooks/blob/master/howto/subnet-allocations.md
variable "subnetworks" {
type = "map"
default = {
"bastion" = "10.240.1.0/24"
"monitoring" = "10.240.3.0/24"
"sd-exporter" = "10.240.6.0/24"
"redis" = "10.240.7.0/24"
"gitlab-onprem" = "10.240.8.0/24"
"gke-runner" = "10.240.9.0/24"
"gitaly" = "10.240.10.0/24"
"filestore-storage" = "10.240.128.0/29"
"gke-runner-pod-cidr" = "10.246.0.0/16"
"gke-runner-service-cidr" = "10.247.0.0/16"
}
}
##################
# Network Peering
##################
variable "network_env" {
default = "https://www.googleapis.com/compute/v1/projects/gitlab-testbed/global/networks/testbed"
}
variable "peer_networks" {
type = "map"
default = {
"names" = ["ops"]
"links" = [
"https://www.googleapis.com/compute/v1/projects/gitlab-ops/global/networks/ops",
]
}
}
variable "public_ports" {
type = "map"
default = {
"bastion" = [22]
"gitlab-onprem" = [443, 80, 22, 5005]
"sd-exporter" = []
"gitaly" = []
}
}
variable "node_count" {
type = "map"
default = {
"bastion" = 1
"web" = 1
"prometheus" = 1
"sd-exporter" = 1
"gitaly" = 1
}
}
variable "chef_provision" {
type = "map"
description = "Configuration details for chef server"
default = {
bootstrap_bucket = "gitlab-testbed-chef-bootstrap"
bootstrap_key = "gitlab-testbed-bootstrap-validation"
bootstrap_keyring = "gitlab-testbed-bootstrap"
server_url = "https://chef.gitlab.com/organizations/gitlab/"
user_name = "gitlab-ci"
user_key_path = ".chef.pem"
version = "12.22.5"
}
}
variable "monitoring_cert_link" {
default = "projects/gitlab-testbed/global/sslCertificates/wildcard-testbed-gitlab-net"
}
variable "data_disk_sizes" {
type = "map"
default = {
"web" = "100"
}
}
variable "lb_fqdns" {
type = "list"
default = ["onprem.testbed.gitlab.net"]
}
variable "lb_fqdns_bastion" {
type = "list"
default = ["lb-bastion.testbed.gitlab.com"]
}
variable "lb_fqdns_registry" {
type = "list"
default = ["registry.onprem.testbed.gitlab.net"]
}
variable "tcp_lbs_bastion" {
type = "map"
default = {
"names" = ["ssh"]
"forwarding_port_ranges" = ["22"]
"health_check_ports" = ["80"]
}
}
variable "tcp_lbs" {
type = "map"
default = {
"names" = ["http", "https", "ssh", "registry"]
"forwarding_port_ranges" = ["80", "443", "22", "5000"]
"health_check_ports" = ["8001", "8002", "8003", "5000"] #Is the healthcheck for registry on 5000, or do we need 8004 here?
}
}
variable "testbed_gitlab_net_cert_link" {
default = "projects/gitlab-testbed/global/sslCertificates/testbed-gitlab-net"
}
variable "gcs_service_account_email" {
type = "string"
default = "[email protected]"
}
variable "egress_ports" {
type = "list"
default = ["80", "443"]
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment