Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Open sidebar
gitlab-com
gitlab-com-infrastructure
Commits
3d1fd025
Commit
3d1fd025
authored
May 14, 2018
by
John Jarvis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Jarv/the big switch
parent
81ee5769
Changes
16
Hide whitespace changes
Inline
Side-by-side
Showing
16 changed files
with
181 additions
and
196 deletions
+181
-196
environments/gprd/gprd-monitoring-url-map.tf
environments/gprd/gprd-monitoring-url-map.tf
+4
-20
environments/gprd/main.tf
environments/gprd/main.tf
+31
-58
environments/gprd/variables.tf
environments/gprd/variables.tf
+7
-11
environments/gstg/gstg-monitoring-url-map.tf
environments/gstg/gstg-monitoring-url-map.tf
+4
-20
environments/gstg/main.tf
environments/gstg/main.tf
+30
-59
environments/gstg/variables.tf
environments/gstg/variables.tf
+9
-10
environments/ops/main.tf
environments/ops/main.tf
+41
-5
environments/ops/variables.tf
environments/ops/variables.tf
+4
-0
modules/google/generic-sv-with-group/instance.tf
modules/google/generic-sv-with-group/instance.tf
+22
-6
modules/google/generic-sv-with-group/outputs.tf
modules/google/generic-sv-with-group/outputs.tf
+22
-0
modules/google/monitoring-lb/loadbalancing.tf
modules/google/monitoring-lb/loadbalancing.tf
+2
-2
modules/google/monitoring-lb/variables.tf
modules/google/monitoring-lb/variables.tf
+1
-1
modules/google/tcp-lb/loadbalancing.tf
modules/google/tcp-lb/loadbalancing.tf
+1
-1
modules/google/tcp-lb/variables.tf
modules/google/tcp-lb/variables.tf
+1
-1
modules/google/web-iap/loadbalancing.tf
modules/google/web-iap/loadbalancing.tf
+1
-1
modules/google/web-iap/variables.tf
modules/google/web-iap/variables.tf
+1
-1
No files found.
environments/gprd/gprd-monitoring-url-map.tf
View file @
3d1fd025
...
...
@@ -10,7 +10,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule
{
hosts
=
[
"performance.gprd.gitlab.
com
"
]
hosts
=
[
"performance.gprd.gitlab.
net
"
]
path_matcher
=
"performance"
}
path_matcher
{
...
...
@@ -26,7 +26,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule
{
hosts
=
[
"prometheus.gprd.gitlab.
com
"
]
hosts
=
[
"prometheus.gprd.gitlab.
net
"
]
path_matcher
=
"prometheus"
}
path_matcher
{
...
...
@@ -42,7 +42,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule
{
hosts
=
[
"prometheus-app.gprd.gitlab.
com
"
]
hosts
=
[
"prometheus-app.gprd.gitlab.
net
"
]
path_matcher
=
"prometheus-app"
}
path_matcher
{
...
...
@@ -58,23 +58,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule
{
hosts
=
[
"kibana.gprd.gitlab.com"
]
path_matcher
=
"kibana"
}
path_matcher
{
name
=
"kibana"
default_service
=
"
${module
.
kibana
.
google_compute_backend_service_self_link
}
"
path_rule
{
paths
=
[
"/*"
]
service
=
"
${module
.
kibana
.
google_compute_backend_service_self_link
}
"
}
}
###################################
host_rule
{
hosts
=
[
"alerts.gprd.gitlab.com"
]
hosts
=
[
"alerts.gprd.gitlab.net"
]
path_matcher
=
"alerts"
}
path_matcher
{
...
...
environments/gprd/main.tf
View file @
3d1fd025
...
...
@@ -8,8 +8,8 @@ provider "aws" {
region
=
"us-east-1"
}
variable
"gitlab_com_zone_id"
{}
variable
"gitlab_net_zone_id"
{}
variable
"gitlab_com_zone_id"
{}
## Google
...
...
@@ -607,19 +607,18 @@ module "fe-lb-altssh" {
#######################
module
"web-iap"
{
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
environment
=
"
${
var
.
environment
}
"
source
=
"../../modules/google/web-iap"
name
=
"web-iap"
gitlab_com_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
gitlab_com_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
cert_link
=
"
${
var
.
monitoring_cert_link
}
"
service_ports
=
[
"443"
]
url_map
=
"
${
google_compute_url_map
.
web-iap
.
self_link
}
"
hosts
=
[
"web"
]
web_ip_fqdn
=
"gprd.gitlab.com"
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
environment
=
"
${
var
.
environment
}
"
source
=
"../../modules/google/web-iap"
name
=
"web-iap"
gitlab_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
cert_link
=
"
${
var
.
monitoring_cert_link
}
"
service_ports
=
[
"443"
]
url_map
=
"
${
google_compute_url_map
.
web-iap
.
self_link
}
"
hosts
=
[
"web"
]
web_ip_fqdn
=
"gprd.gitlab.com"
}
##################################
...
...
@@ -634,7 +633,7 @@ module "gcp-tcp-lb" {
lb_count
=
"
${
length
(
var
.
tcp_lbs
[
"names"
])
}
"
names
=
"
${
var
.
tcp_lbs
[
"names"
]
}
"
fqdn
=
"
${
var
.
lb_fqdn
}
"
gitlab_
com_
zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
gitlab_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
environment
=
"
${
var
.
environment
}
"
region
=
"
${
var
.
region
}
"
project
=
"
${
var
.
project
}
"
...
...
@@ -651,7 +650,7 @@ module "gcp-tcp-lb-pages" {
lb_count
=
"
${
length
(
var
.
tcp_lbs_pages
[
"names"
])
}
"
names
=
"
${
var
.
tcp_lbs_pages
[
"names"
]
}
"
fqdn
=
"
${
var
.
lb_fqdn_pages
}
"
gitlab_
com_
zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
gitlab_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
environment
=
"
${
var
.
environment
}
"
region
=
"
${
var
.
region
}
"
project
=
"
${
var
.
project
}
"
...
...
@@ -668,7 +667,7 @@ module "gcp-tcp-lb-altssh" {
lb_count
=
"
${
length
(
var
.
tcp_lbs_altssh
[
"names"
])
}
"
names
=
"
${
var
.
tcp_lbs_altssh
[
"names"
]
}
"
fqdn
=
"
${
var
.
lb_fqdn_altssh
}
"
gitlab_
com_
zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
gitlab_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
environment
=
"
${
var
.
environment
}
"
region
=
"
${
var
.
region
}
"
project
=
"
${
var
.
project
}
"
...
...
@@ -684,7 +683,7 @@ module "gcp-tcp-lb-bastion" {
environment
=
"
${
var
.
environment
}
"
forwarding_port_ranges
=
"
${
var
.
tcp_lbs_bastion
[
"forwarding_port_ranges"
]
}
"
fqdn
=
"
${
var
.
lb_fqdn_bastion
}
"
gitlab_
com_
zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
gitlab_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
health_check_ports
=
"
${
var
.
tcp_lbs_bastion
[
"health_check_ports"
]
}
"
instances
=
[
"
${module
.
bastion
.
instances_self_link
}
"
]
lb_count
=
"
${
length
(
var
.
tcp_lbs_bastion
[
"names"
])
}
"
...
...
@@ -804,10 +803,10 @@ module "monitoring-lb" {
environment
=
"
${
var
.
environment
}
"
source
=
"../../modules/google/monitoring-lb"
name
=
"monitoring-lb"
gitlab_
com
_zone_id
=
"
${
var
.
gitlab_
com
_zone_id
}
"
gitlab_
net
_zone_id
=
"
${
var
.
gitlab_
net
_zone_id
}
"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
gitlab_
com
_zone_id
=
"
${
var
.
gitlab_
com
_zone_id
}
"
gitlab_
net
_zone_id
=
"
${
var
.
gitlab_
net
_zone_id
}
"
cert_link
=
"
${
var
.
monitoring_cert_link
}
"
service_ports
=
[
"
${
values
(
var
.
monitoring_hosts
)
}
"
]
url_map
=
"
${
google_compute_url_map
.
monitoring-lb
.
self_link
}
"
...
...
@@ -828,13 +827,13 @@ module "performance" {
machine_type
=
"
${
var
.
machine_types
[
"monitoring"
]
}
"
name
=
"performance"
node_count
=
1
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
performance
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
performance
}
"
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
monitoring
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
monitoring
}
"
persistent_disk_path
=
"/opt"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
service_path
=
"/login"
service_port
=
"
${
var
.
monitoring_hosts
[
"performance"
]
}
"
service_port
=
"
${
var
.
monitoring_hosts
[
"performance
.
${
var
.
environment
}
"
]
}
"
source
=
"../../modules/google/monitoring-with-count"
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
tier
=
"inf"
...
...
@@ -854,13 +853,13 @@ module "prometheus" {
machine_type
=
"
${
var
.
machine_types
[
"monitoring"
]
}
"
name
=
"prometheus"
node_count
=
1
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
prometheus
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
prometheus
}
"
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
monitoring
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
monitoring
}
"
persistent_disk_path
=
"/opt/prometheus"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
service_path
=
"/graph"
service_port
=
"
${
var
.
monitoring_hosts
[
"prometheus"
]
}
"
service_port
=
"
${
var
.
monitoring_hosts
[
"prometheus
.
${
var
.
environment
}
"
]
}
"
source
=
"../../modules/google/monitoring-with-count"
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
tier
=
"inf"
...
...
@@ -880,39 +879,13 @@ module "prometheus-app" {
machine_type
=
"
${
var
.
machine_types
[
"monitoring"
]
}
"
name
=
"prometheus-app"
node_count
=
1
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
prometheus
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
prometheus
}
"
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
monitoring
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
monitoring
}
"
persistent_disk_path
=
"/opt/prometheus"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
service_path
=
"/graph"
service_port
=
"
${
var
.
monitoring_hosts
[
"prometheus-app"
]
}
"
source
=
"../../modules/google/monitoring-with-count"
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
tier
=
"inf"
service_account_email
=
"
${
var
.
service_account_email
}
"
}
module
"kibana"
{
attach_data_disk
=
true
bootstrap_version
=
3
chef_provision
=
"
${
var
.
chef_provision
}
"
chef_run_list
=
"
\"
role[
${
var
.
environment
}
-infra-kibana]
\"
"
data_disk_size
=
100
data_disk_type
=
"pd-standard"
dns_zone_name
=
"
${
var
.
dns_zone_name
}
"
environment
=
"
${
var
.
environment
}
"
machine_type
=
"
${
var
.
machine_types
[
"monitoring"
]
}
"
name
=
"kibana"
node_count
=
1
oauth2_client_id
=
"
${
var
.
oauth2_client_id_prometheus
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_prometheus
}
"
persistent_disk_path
=
"/opt"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
service_path
=
"/login"
service_port
=
"
${
var
.
monitoring_hosts
[
"kibana"
]
}
"
service_port
=
"
${
var
.
monitoring_hosts
[
"prometheus-app.
${
var
.
environment
}
"
]
}
"
source
=
"../../modules/google/monitoring-with-count"
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
tier
=
"inf"
...
...
@@ -938,9 +911,9 @@ module "alerts" {
source
=
"../../modules/google/monitoring-with-count"
tier
=
"inf"
persistent_disk_path
=
"/opt"
service_port
=
"
${
var
.
monitoring_hosts
[
"alerts"
]
}
"
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
prometheus
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
prometheus
}
"
service_port
=
"
${
var
.
monitoring_hosts
[
"alerts
.
${
var
.
environment
}
"
]
}
"
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
monitoring
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
monitoring
}
"
health_check
=
"tcp"
service_account_email
=
"
${
var
.
service_account_email
}
"
...
...
environments/gprd/variables.tf
View file @
3d1fd025
variable
"oauth2_client_id_prometheus"
{}
variable
"oauth2_client_secret_prometheus"
{}
variable
"oauth2_client_id_performance"
{}
variable
"oauth2_client_secret_performance"
{}
variable
"oauth2_client_id_monitoring"
{}
variable
"oauth2_client_secret_monitoring"
{}
variable
"monitoring_hosts"
{
type
=
"map"
default
=
{
"performance"
=
"80"
"prometheus"
=
"9090"
"prometheus-app"
=
"9090"
"kibana"
=
"80"
"alerts"
=
"9093"
"performance.gprd"
=
"80"
"prometheus.gprd"
=
"9090"
"prometheus-app.gprd"
=
"9090"
"alerts.gprd"
=
"9093"
}
}
...
...
@@ -187,7 +183,7 @@ variable "chef_version" {
}
variable
"monitoring_cert_link"
{
default
=
"projects/gitlab-production/global/sslCertificates/
gprd-
wildcard"
default
=
"projects/gitlab-production/global/sslCertificates/wildcard
-gprd-gitlab-net
"
}
variable
"machine_types"
{
...
...
environments/gstg/gstg-monitoring-url-map.tf
View file @
3d1fd025
...
...
@@ -10,7 +10,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule
{
hosts
=
[
"performance.gstg.gitlab.
com
"
]
hosts
=
[
"performance.gstg.gitlab.
net
"
]
path_matcher
=
"performance"
}
path_matcher
{
...
...
@@ -26,7 +26,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule
{
hosts
=
[
"prometheus.gstg.gitlab.
com
"
]
hosts
=
[
"prometheus.gstg.gitlab.
net
"
]
path_matcher
=
"prometheus"
}
path_matcher
{
...
...
@@ -42,7 +42,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule
{
hosts
=
[
"prometheus-app.gstg.gitlab.
com
"
]
hosts
=
[
"prometheus-app.gstg.gitlab.
net
"
]
path_matcher
=
"prometheus-app"
}
path_matcher
{
...
...
@@ -58,23 +58,7 @@ resource "google_compute_url_map" "monitoring-lb" {
###################################
host_rule
{
hosts
=
[
"kibana.gstg.gitlab.com"
]
path_matcher
=
"kibana"
}
path_matcher
{
name
=
"kibana"
default_service
=
"
${module
.
kibana
.
google_compute_backend_service_self_link
}
"
path_rule
{
paths
=
[
"/*"
]
service
=
"
${module
.
kibana
.
google_compute_backend_service_self_link
}
"
}
}
###################################
host_rule
{
hosts
=
[
"alerts.gstg.gitlab.com"
]
hosts
=
[
"alerts.gstg.gitlab.net"
]
path_matcher
=
"alerts"
}
path_matcher
{
...
...
environments/gstg/main.tf
View file @
3d1fd025
...
...
@@ -8,9 +8,6 @@ provider "aws" {
region
=
"us-east-1"
}
variable
"gitlab_com_zone_id"
{}
variable
"gitlab_net_zone_id"
{}
## Google
provider
"google"
{
...
...
@@ -590,19 +587,18 @@ module "fe-lb-altssh" {
#######################
module
"web-iap"
{
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
environment
=
"
${
var
.
environment
}
"
source
=
"../../modules/google/web-iap"
name
=
"web-iap"
gitlab_com_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
gitlab_com_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
cert_link
=
"
${
var
.
monitoring_cert_link
}
"
service_ports
=
[
"443"
]
url_map
=
"
${
google_compute_url_map
.
web-iap
.
self_link
}
"
hosts
=
[
"web"
]
web_ip_fqdn
=
"
${
var
.
web_iap_fqdn
}
"
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
environment
=
"
${
var
.
environment
}
"
source
=
"../../modules/google/web-iap"
name
=
"web-iap"
gitlab_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
cert_link
=
"
${
var
.
monitoring_cert_link
}
"
service_ports
=
[
"443"
]
url_map
=
"
${
google_compute_url_map
.
web-iap
.
self_link
}
"
hosts
=
[
"web"
]
web_ip_fqdn
=
"
${
var
.
web_iap_fqdn
}
"
}
##################################
...
...
@@ -617,7 +613,7 @@ module "gcp-tcp-lb" {
lb_count
=
"
${
length
(
var
.
tcp_lbs
[
"names"
])
}
"
names
=
"
${
var
.
tcp_lbs
[
"names"
]
}
"
fqdn
=
"
${
var
.
lb_fqdn
}
"
gitlab_
com_
zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
gitlab_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
environment
=
"
${
var
.
environment
}
"
region
=
"
${
var
.
region
}
"
project
=
"
${
var
.
project
}
"
...
...
@@ -634,7 +630,7 @@ module "gcp-tcp-lb-pages" {
lb_count
=
"
${
length
(
var
.
tcp_lbs_pages
[
"names"
])
}
"
names
=
"
${
var
.
tcp_lbs_pages
[
"names"
]
}
"
fqdn
=
"
${
var
.
lb_fqdn_pages
}
"
gitlab_
com_
zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
gitlab_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
environment
=
"
${
var
.
environment
}
"
region
=
"
${
var
.
region
}
"
project
=
"
${
var
.
project
}
"
...
...
@@ -651,7 +647,7 @@ module "gcp-tcp-lb-altssh" {
lb_count
=
"
${
length
(
var
.
tcp_lbs_altssh
[
"names"
])
}
"
names
=
"
${
var
.
tcp_lbs_altssh
[
"names"
]
}
"
fqdn
=
"
${
var
.
lb_fqdn_altssh
}
"
gitlab_
com_
zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
gitlab_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
environment
=
"
${
var
.
environment
}
"
region
=
"
${
var
.
region
}
"
project
=
"
${
var
.
project
}
"
...
...
@@ -667,7 +663,7 @@ module "gcp-tcp-lb-bastion" {
environment
=
"
${
var
.
environment
}
"
forwarding_port_ranges
=
"
${
var
.
tcp_lbs_bastion
[
"forwarding_port_ranges"
]
}
"
fqdn
=
"
${
var
.
lb_fqdn_bastion
}
"
gitlab_
com_
zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
gitlab_zone_id
=
"
${
var
.
gitlab_com_zone_id
}
"
health_check_ports
=
"
${
var
.
tcp_lbs_bastion
[
"health_check_ports"
]
}
"
instances
=
[
"
${module
.
bastion
.
instances_self_link
}
"
]
lb_count
=
"
${
length
(
var
.
tcp_lbs_bastion
[
"names"
])
}
"
...
...
@@ -785,10 +781,10 @@ module "monitoring-lb" {
environment
=
"
${
var
.
environment
}
"
source
=
"../../modules/google/monitoring-lb"
name
=
"monitoring-lb"
gitlab_
com
_zone_id
=
"
${
var
.
gitlab_
com
_zone_id
}
"
gitlab_
net
_zone_id
=
"
${
var
.
gitlab_
net
_zone_id
}
"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
gitlab_
com
_zone_id
=
"
${
var
.
gitlab_
com
_zone_id
}
"
gitlab_
net
_zone_id
=
"
${
var
.
gitlab_
net
_zone_id
}
"
cert_link
=
"
${
var
.
monitoring_cert_link
}
"
service_ports
=
[
"
${
values
(
var
.
monitoring_hosts
)
}
"
]
url_map
=
"
${
google_compute_url_map
.
monitoring-lb
.
self_link
}
"
...
...
@@ -807,14 +803,14 @@ module "performance" {
machine_type
=
"
${
var
.
machine_types
[
"monitoring"
]
}
"
name
=
"performance"
node_count
=
1
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
performance
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
performance
}
"
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
monitoring
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
monitoring
}
"
persistent_disk_path
=
"/opt"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
service_account_email
=
"
${
var
.
service_account_email
}
"
service_path
=
"/login"
service_port
=
"
${
var
.
monitoring_hosts
[
"performance"
]
}
"
service_port
=
"
${
var
.
monitoring_hosts
[
"performance
.
${
var
.
environment
}
"
]
}
"
source
=
"../../modules/google/monitoring-with-count"
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
tier
=
"inf"
...
...
@@ -832,14 +828,14 @@ module "prometheus" {
machine_type
=
"
${
var
.
machine_types
[
"monitoring"
]
}
"
name
=
"prometheus"
node_count
=
1
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
prometheus
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
prometheus
}
"
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
monitoring
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
monitoring
}
"
persistent_disk_path
=
"/opt/prometheus"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
service_account_email
=
"
${
var
.
service_account_email
}
"
service_path
=
"/graph"
service_port
=
"
${
var
.
monitoring_hosts
[
"prometheus"
]
}
"
service_port
=
"
${
var
.
monitoring_hosts
[
"prometheus
.
${
var
.
environment
}
"
]
}
"
source
=
"../../modules/google/monitoring-with-count"
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
tier
=
"inf"
...
...
@@ -857,39 +853,14 @@ module "prometheus-app" {
machine_type
=
"
${
var
.
machine_types
[
"monitoring"
]
}
"
name
=
"prometheus-app"
node_count
=
1
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
prometheus
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
prometheus
}
"
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
monitoring
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
monitoring
}
"
persistent_disk_path
=
"/opt/prometheus"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
service_account_email
=
"
${
var
.
service_account_email
}
"
service_path
=
"/graph"
service_port
=
"
${
var
.
monitoring_hosts
[
"prometheus-app"
]
}
"
source
=
"../../modules/google/monitoring-with-count"
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
tier
=
"inf"
}
module
"kibana"
{
attach_data_disk
=
true
bootstrap_version
=
4
chef_provision
=
"
${
var
.
chef_provision
}
"
chef_run_list
=
"
\"
role[
${
var
.
environment
}
-infra-kibana]
\"
"
data_disk_size
=
100
data_disk_type
=
"pd-standard"
dns_zone_name
=
"
${
var
.
dns_zone_name
}
"
environment
=
"
${
var
.
environment
}
"
machine_type
=
"
${
var
.
machine_types
[
"monitoring"
]
}
"
name
=
"kibana"
node_count
=
1
oauth2_client_id
=
"
${
var
.
oauth2_client_id_prometheus
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_prometheus
}
"
persistent_disk_path
=
"/opt"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
service_account_email
=
"
${
var
.
service_account_email
}
"
service_path
=
"/login"
service_port
=
"
${
var
.
monitoring_hosts
[
"kibana"
]
}
"
service_port
=
"
${
var
.
monitoring_hosts
[
"prometheus-app.
${
var
.
environment
}
"
]
}
"
source
=
"../../modules/google/monitoring-with-count"
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
tier
=
"inf"
...
...
@@ -908,13 +879,13 @@ module "alerts" {
machine_type
=
"
${
var
.
machine_types
[
"monitoring"
]
}
"
name
=
"alerts"
node_count
=
1
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
prometheus
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
prometheus
}
"
oauth2_client_id
=
"
${
var
.
oauth2_client_id_
monitoring
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_
monitoring
}
"
persistent_disk_path
=
"/opt"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
service_account_email
=
"
${
var
.
service_account_email
}
"
service_port
=
"
${
var
.
monitoring_hosts
[
"alerts"
]
}
"
service_port
=
"
${
var
.
monitoring_hosts
[
"alerts
.
${
var
.
environment
}
"
]
}
"
source
=
"../../modules/google/monitoring-with-count"
subnetwork_name
=
"
${
google_compute_subnetwork
.
monitoring
.
name
}
"
tier
=
"inf"
...
...
environments/gstg/variables.tf
View file @
3d1fd025
variable
"oauth2_client_id_
prometheus
"
{}
variable
"oauth2_client_secret_
prometheus
"
{}
variable
"oauth2_client_id_
monitoring
"
{}
variable
"oauth2_client_secret_
monitoring
"
{}
variable
"
oauth2_client_id_performance
"
{}
variable
"
oauth2_client_secret_performance
"
{}
variable
"
gitlab_net_zone_id
"
{}
variable
"
gitlab_com_zone_id
"
{}
#######################
# pubsubbeat config
...
...
@@ -35,11 +35,10 @@ variable "monitoring_hosts" {
type
=
"map"
default
=
{
"performance"
=
"80"
"prometheus"
=
"9090"
"prometheus-app"
=
"9090"
"kibana"
=
"80"
"alerts"
=
"9093"
"performance.gstg"
=
"80"
"prometheus.gstg"
=
"9090"
"prometheus-app.gstg"
=
"9090"
"alerts.gstg"
=
"9093"
}
}
...
...
@@ -184,7 +183,7 @@ variable "chef_version" {
}
variable
"monitoring_cert_link"
{
default
=
"projects/gitlab-staging-1/global/sslCertificates/
gstg-
wildcard"
default
=
"projects/gitlab-staging-1/global/sslCertificates/wildcard
-gstg-gitlab-net
"
}
variable
"machine_types"
{
...
...
environments/ops/main.tf
View file @
3d1fd025
...
...
@@ -69,25 +69,61 @@ resource "google_compute_firewall" "allow-lb-traffic" {
#
#################################
module
"log-lb"
{
subnetwork_name
=
"
${module
.
log-proxy
.
google_compute_subnetwork_name
}
"
environment
=
"
${
var
.
environment
}
"
source
=
"../../modules/google/monitoring-lb"
name
=
"monitoring-lb"
gitlab_net_zone_id
=
"
${
var
.
gitlab_net_zone_id
}
"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
cert_link
=
"
${
var
.
log_gitlab_net_cert_link
}
"
service_ports
=
[
"9090"
]
url_map
=
"
${
google_compute_url_map
.
log
.
self_link
}
"
hosts
=
[
"log"
]
}
# ###########################################################
resource
"google_compute_url_map"
"log"
{
name
=
"
${
format
(
"log-%v"
,
var
.
environment
)
}
"
default_service
=
"
${module
.
log-proxy
.
google_compute_backend_service_iap_self_link
}
"
host_rule
{
hosts
=
[
"log.gitlab.net"
]
path_matcher
=
"log"
}
path_matcher
{
name
=
"log"
default_service
=
"
${module
.
log-proxy
.
google_compute_backend_service_iap_self_link
}
"
path_rule
{
paths
=
[
"/*"
]
service
=
"
${module
.
log-proxy
.
google_compute_backend_service_iap_self_link
}
"
}
}
}
module
"log-proxy"
{
bootstrap_version
=
4
chef_provision
=
"
${
var
.
chef_provision
}
"
chef_run_list
=
"
\"
role[
${
var
.
environment
}
-infra-log-proxy]
\"
"
enable_iap
=
true
dns_zone_name
=
"
${
var
.
dns_zone_name
}
"
environment
=
"
${
var
.
environment
}
"
oauth2_client_id
=
"
${
var
.
oauth2_client_id_log_proxy
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_log_proxy
}
"
machine_type
=
"
${
var
.
machine_types
[
"log-proxy"
]
}
"
public_ports
=
"
${
var
.
public_ports
[
"log-proxy"
]
}
"
ip_cidr_range
=
"
${
var
.
subnetworks
[
"logging"
]
}
"
name
=
"log-proxy"
node_count
=
1
oauth2_client_id
=
"
${
var
.
oauth2_client_id_log_proxy
}
"
oauth2_client_secret
=
"
${
var
.
oauth2_client_secret_log_proxy
}
"
project
=
"
${
var
.
project
}
"
region
=
"
${
var
.
region
}
"
health_check
=
"t
c
p"
service_port
=
"
808
0"
health_check
=
"
ht
tp"
service_port
=
"
909
0"
source
=
"../../modules/google/generic-sv-with-group"
enable_iap
=
true
tier
=
"inf"
service_account_email
=
"
${
var
.
service_account_email
}
"