Jarv/the big switch

3d1fd025 · John Jarvis · 81ee5769 · 3d1fd025 · 3d1fd025 · 3d1fd025
Commit 3d1fd025 authored May 14, 2018 by John Jarvis
16 changed files
--- a/environments/gprd/gprd-monitoring-url-map.tf
+++ b/environments/gprd/gprd-monitoring-url-map.tf
@@ -10,7 +10,7 @@ resource "google_compute_url_map" "monitoring-lb" {
  ###################################

  host_rule {
-    hosts        = ["performance.gprd.gitlab.com"]
+    hosts        = ["performance.gprd.gitlab.net"]
    path_matcher = "performance"
  }
  path_matcher {
@@ -26,7 +26,7 @@ resource "google_compute_url_map" "monitoring-lb" {
  ###################################

  host_rule {
-    hosts        = ["prometheus.gprd.gitlab.com"]
+    hosts        = ["prometheus.gprd.gitlab.net"]
    path_matcher = "prometheus"
  }
  path_matcher {
@@ -42,7 +42,7 @@ resource "google_compute_url_map" "monitoring-lb" {
  ###################################

  host_rule {
-    hosts        = ["prometheus-app.gprd.gitlab.com"]
+    hosts        = ["prometheus-app.gprd.gitlab.net"]
    path_matcher = "prometheus-app"
  }
  path_matcher {
@@ -58,23 +58,7 @@ resource "google_compute_url_map" "monitoring-lb" {
  ###################################

  host_rule {
-    hosts        = ["kibana.gprd.gitlab.com"]
-    path_matcher = "kibana"
-  }
-  path_matcher {
-    name            = "kibana"
-    default_service = "${module.kibana.google_compute_backend_service_self_link}"
-
-    path_rule {
-      paths   = ["/*"]
-      service = "${module.kibana.google_compute_backend_service_self_link}"
-    }
-  }
-
-  ###################################
-
-  host_rule {
-    hosts        = ["alerts.gprd.gitlab.com"]
+    hosts        = ["alerts.gprd.gitlab.net"]
    path_matcher = "alerts"
  }
  path_matcher {

--- a/environments/gprd/main.tf
+++ b/environments/gprd/main.tf
@@ -8,8 +8,8 @@ provider "aws" {
  region = "us-east-1"
 }

-variable "gitlab_com_zone_id" {}
 variable "gitlab_net_zone_id" {}
+variable "gitlab_com_zone_id" {}

 ## Google

@@ -607,19 +607,18 @@ module "fe-lb-altssh" {
 #######################

 module "web-iap" {
-  subnetwork_name    = "${google_compute_subnetwork.monitoring.name}"
-  environment        = "${var.environment}"
-  source             = "../../modules/google/web-iap"
-  name               = "web-iap"
-  gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
-  project            = "${var.project}"
-  region             = "${var.region}"
-  gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
-  cert_link          = "${var.monitoring_cert_link}"
-  service_ports      = ["443"]
-  url_map            = "${google_compute_url_map.web-iap.self_link}"
-  hosts              = ["web"]
-  web_ip_fqdn        = "gprd.gitlab.com"
+  subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
+  environment     = "${var.environment}"
+  source          = "../../modules/google/web-iap"
+  name            = "web-iap"
+  gitlab_zone_id  = "${var.gitlab_com_zone_id}"
+  project         = "${var.project}"
+  region          = "${var.region}"
+  cert_link       = "${var.monitoring_cert_link}"
+  service_ports   = ["443"]
+  url_map         = "${google_compute_url_map.web-iap.self_link}"
+  hosts           = ["web"]
+  web_ip_fqdn     = "gprd.gitlab.com"
 }

 ##################################
@@ -634,7 +633,7 @@ module "gcp-tcp-lb" {
  lb_count               = "${length(var.tcp_lbs["names"])}"
  names                  = "${var.tcp_lbs["names"]}"
  fqdn                   = "${var.lb_fqdn}"
-  gitlab_com_zone_id     = "${var.gitlab_com_zone_id}"
+  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  environment            = "${var.environment}"
  region                 = "${var.region}"
  project                = "${var.project}"
@@ -651,7 +650,7 @@ module "gcp-tcp-lb-pages" {
  lb_count               = "${length(var.tcp_lbs_pages["names"])}"
  names                  = "${var.tcp_lbs_pages["names"]}"
  fqdn                   = "${var.lb_fqdn_pages}"
-  gitlab_com_zone_id     = "${var.gitlab_com_zone_id}"
+  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  environment            = "${var.environment}"
  region                 = "${var.region}"
  project                = "${var.project}"
@@ -668,7 +667,7 @@ module "gcp-tcp-lb-altssh" {
  lb_count               = "${length(var.tcp_lbs_altssh["names"])}"
  names                  = "${var.tcp_lbs_altssh["names"]}"
  fqdn                   = "${var.lb_fqdn_altssh}"
-  gitlab_com_zone_id     = "${var.gitlab_com_zone_id}"
+  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  environment            = "${var.environment}"
  region                 = "${var.region}"
  project                = "${var.project}"
@@ -684,7 +683,7 @@ module "gcp-tcp-lb-bastion" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_bastion["forwarding_port_ranges"]}"
  fqdn                   = "${var.lb_fqdn_bastion}"
-  gitlab_com_zone_id     = "${var.gitlab_com_zone_id}"
+  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_bastion["health_check_ports"]}"
  instances              = ["${module.bastion.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_bastion["names"])}"
@@ -804,10 +803,10 @@ module "monitoring-lb" {
  environment        = "${var.environment}"
  source             = "../../modules/google/monitoring-lb"
  name               = "monitoring-lb"
-  gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
+  gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
  project            = "${var.project}"
  region             = "${var.region}"
-  gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
+  gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
  cert_link          = "${var.monitoring_cert_link}"
  service_ports      = ["${values(var.monitoring_hosts)}"]
  url_map            = "${google_compute_url_map.monitoring-lb.self_link}"
@@ -828,13 +827,13 @@ module "performance" {
  machine_type         = "${var.machine_types["monitoring"]}"
  name                 = "performance"
  node_count           = 1
-  oauth2_client_id     = "${var.oauth2_client_id_performance}"
-  oauth2_client_secret = "${var.oauth2_client_secret_performance}"
+  oauth2_client_id     = "${var.oauth2_client_id_monitoring}"
+  oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path = "/opt"
  project              = "${var.project}"
  region               = "${var.region}"
  service_path         = "/login"
-  service_port         = "${var.monitoring_hosts["performance"]}"
+  service_port         = "${var.monitoring_hosts["performance.${var.environment}"]}"
  source               = "../../modules/google/monitoring-with-count"
  subnetwork_name      = "${google_compute_subnetwork.monitoring.name}"
  tier                 = "inf"
@@ -854,13 +853,13 @@ module "prometheus" {
  machine_type         = "${var.machine_types["monitoring"]}"
  name                 = "prometheus"
  node_count           = 1
-  oauth2_client_id     = "${var.oauth2_client_id_prometheus}"
-  oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
+  oauth2_client_id     = "${var.oauth2_client_id_monitoring}"
+  oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path = "/opt/prometheus"
  project              = "${var.project}"
  region               = "${var.region}"
  service_path         = "/graph"
-  service_port         = "${var.monitoring_hosts["prometheus"]}"
+  service_port         = "${var.monitoring_hosts["prometheus.${var.environment}"]}"
  source               = "../../modules/google/monitoring-with-count"
  subnetwork_name      = "${google_compute_subnetwork.monitoring.name}"
  tier                 = "inf"
@@ -880,39 +879,13 @@ module "prometheus-app" {
  machine_type         = "${var.machine_types["monitoring"]}"
  name                 = "prometheus-app"
  node_count           = 1
-  oauth2_client_id     = "${var.oauth2_client_id_prometheus}"
-  oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
+  oauth2_client_id     = "${var.oauth2_client_id_monitoring}"
+  oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path = "/opt/prometheus"
  project              = "${var.project}"
  region               = "${var.region}"
  service_path         = "/graph"
-  service_port         = "${var.monitoring_hosts["prometheus-app"]}"
-  source               = "../../modules/google/monitoring-with-count"
-  subnetwork_name      = "${google_compute_subnetwork.monitoring.name}"
-  tier                 = "inf"
-
-  service_account_email = "${var.service_account_email}"
-}
-
-module "kibana" {
-  attach_data_disk     = true
-  bootstrap_version    = 3
-  chef_provision       = "${var.chef_provision}"
-  chef_run_list        = "\"role[${var.environment}-infra-kibana]\""
-  data_disk_size       = 100
-  data_disk_type       = "pd-standard"
-  dns_zone_name        = "${var.dns_zone_name}"
-  environment          = "${var.environment}"
-  machine_type         = "${var.machine_types["monitoring"]}"
-  name                 = "kibana"
-  node_count           = 1
-  oauth2_client_id     = "${var.oauth2_client_id_prometheus}"
-  oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
-  persistent_disk_path = "/opt"
-  project              = "${var.project}"
-  region               = "${var.region}"
-  service_path         = "/login"
-  service_port         = "${var.monitoring_hosts["kibana"]}"
+  service_port         = "${var.monitoring_hosts["prometheus-app.${var.environment}"]}"
  source               = "../../modules/google/monitoring-with-count"
  subnetwork_name      = "${google_compute_subnetwork.monitoring.name}"
  tier                 = "inf"
@@ -938,9 +911,9 @@ module "alerts" {
  source               = "../../modules/google/monitoring-with-count"
  tier                 = "inf"
  persistent_disk_path = "/opt"
-  service_port         = "${var.monitoring_hosts["alerts"]}"
-  oauth2_client_id     = "${var.oauth2_client_id_prometheus}"
-  oauth2_client_secret = "${var.oauth2_client_secret_prometheus}"
+  service_port         = "${var.monitoring_hosts["alerts.${var.environment}"]}"
+  oauth2_client_id     = "${var.oauth2_client_id_monitoring}"
+  oauth2_client_secret = "${var.oauth2_client_secret_monitoring}"
  health_check         = "tcp"

  service_account_email = "${var.service_account_email}"

--- a/environments/gprd/variables.tf
+++ b/environments/gprd/variables.tf
-variable "oauth2_client_id_prometheus" {}
-variable "oauth2_client_secret_prometheus" {}
-
-variable "oauth2_client_id_performance" {}
-variable "oauth2_client_secret_performance" {}
+variable "oauth2_client_id_monitoring" {}
+variable "oauth2_client_secret_monitoring" {}

 variable "monitoring_hosts" {
  type = "map"

  default = {
-    "performance"    = "80"
-    "prometheus"     = "9090"
-    "prometheus-app" = "9090"
-    "kibana"         = "80"
-    "alerts"         = "9093"
+    "performance.gprd"    = "80"
+    "prometheus.gprd"     = "9090"
+    "prometheus-app.gprd" = "9090"
+    "alerts.gprd"         = "9093"
  }
 }

@@ -187,7 +183,7 @@ variable "chef_version" {
 }

 variable "monitoring_cert_link" {
-  default = "projects/gitlab-production/global/sslCertificates/gprd-wildcard"
+  default = "projects/gitlab-production/global/sslCertificates/wildcard-gprd-gitlab-net"
 }

 variable "machine_types" {

--- a/environments/gstg/gstg-monitoring-url-map.tf
+++ b/environments/gstg/gstg-monitoring-url-map.tf
@@ -10,7 +10,7 @@ resource "google_compute_url_map" "monitoring-lb" {
  ###################################

  host_rule {
-    hosts        = ["performance.gstg.gitlab.com"]
+    hosts        = ["performance.gstg.gitlab.net"]
    path_matcher = "performance"
  }
  path_matcher {
@@ -26,7 +26,7 @@ resource "google_compute_url_map" "monitoring-lb" {
  ###################################

  host_rule {
-    hosts        = ["prometheus.gstg.gitlab.com"]
+    hosts        = ["prometheus.gstg.gitlab.net"]
    path_matcher = "prometheus"
  }
  path_matcher {
@@ -42,7 +42,7 @@ resource "google_compute_url_map" "monitoring-lb" {
  ###################################

  host_rule {
-    hosts        = ["prometheus-app.gstg.gitlab.com"]
+    hosts        = ["prometheus-app.gstg.gitlab.net"]
    path_matcher = "prometheus-app"
  }
  path_matcher {
@@ -58,23 +58,7 @@ resource "google_compute_url_map" "monitoring-lb" {
  ###################################

  host_rule {
-    hosts        = ["kibana.gstg.gitlab.com"]
-    path_matcher = "kibana"
-  }
-  path_matcher {
-    name            = "kibana"
-    default_service = "${module.kibana.google_compute_backend_service_self_link}"
-
-    path_rule {
-      paths   = ["/*"]
-      service = "${module.kibana.google_compute_backend_service_self_link}"
-    }
-  }
-
-  ###################################
-
-  host_rule {
-    hosts        = ["alerts.gstg.gitlab.com"]
+    hosts        = ["alerts.gstg.gitlab.net"]
    path_matcher = "alerts"
  }
  path_matcher {

--- a/environments/gstg/main.tf
+++ b/environments/gstg/main.tf
@@ -8,9 +8,6 @@ provider "aws" {
  region = "us-east-1"
 }

-variable "gitlab_com_zone_id" {}
-variable "gitlab_net_zone_id" {}
-
 ## Google

 provider "google" {
@@ -590,19 +587,18 @@ module "fe-lb-altssh" {
 #######################

 module "web-iap" {
-  subnetwork_name    = "${google_compute_subnetwork.monitoring.name}"
-  environment        = "${var.environment}"
-  source             = "../../modules/google/web-iap"
-  name               = "web-iap"
-  gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
-  project            = "${var.project}"
-  region             = "${var.region}"
-  gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
-  cert_link          = "${var.monitoring_cert_link}"
-  service_ports      = ["443"]
-  url_map            = "${google_compute_url_map.web-iap.self_link}"
-  hosts              = ["web"]
-  web_ip_fqdn        = "${var.web_iap_fqdn}"
+  subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
+  environment     = "${var.environment}"
+  source          = "../../modules/google/web-iap"
+  name            = "web-iap"
+  gitlab_zone_id  = "${var.gitlab_com_zone_id}"
+  project         = "${var.project}"
+  region          = "${var.region}"
+  cert_link       = "${var.monitoring_cert_link}"
+  service_ports   = ["443"]
+  url_map         = "${google_compute_url_map.web-iap.self_link}"
+  hosts           = ["web"]
+  web_ip_fqdn     = "${var.web_iap_fqdn}"
 }

 ##################################
@@ -617,7 +613,7 @@ module "gcp-tcp-lb" {
  lb_count               = "${length(var.tcp_lbs["names"])}"
  names                  = "${var.tcp_lbs["names"]}"
  fqdn                   = "${var.lb_fqdn}"
-  gitlab_com_zone_id     = "${var.gitlab_com_zone_id}"
+  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  environment            = "${var.environment}"
  region                 = "${var.region}"
  project                = "${var.project}"
@@ -634,7 +630,7 @@ module "gcp-tcp-lb-pages" {
  lb_count               = "${length(var.tcp_lbs_pages["names"])}"
  names                  = "${var.tcp_lbs_pages["names"]}"
  fqdn                   = "${var.lb_fqdn_pages}"
-  gitlab_com_zone_id     = "${var.gitlab_com_zone_id}"
+  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  environment            = "${var.environment}"
  region                 = "${var.region}"
  project                = "${var.project}"
@@ -651,7 +647,7 @@ module "gcp-tcp-lb-altssh" {
  lb_count               = "${length(var.tcp_lbs_altssh["names"])}"
  names                  = "${var.tcp_lbs_altssh["names"]}"
  fqdn                   = "${var.lb_fqdn_altssh}"
-  gitlab_com_zone_id     = "${var.gitlab_com_zone_id}"
+  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  environment            = "${var.environment}"
  region                 = "${var.region}"
  project                = "${var.project}"
@@ -667,7 +663,7 @@ module "gcp-tcp-lb-bastion" {
  environment            = "${var.environment}"
  forwarding_port_ranges = "${var.tcp_lbs_bastion["forwarding_port_ranges"]}"
  fqdn                   = "${var.lb_fqdn_bastion}"
-  gitlab_com_zone_id     = "${var.gitlab_com_zone_id}"
+  gitlab_zone_id         = "${var.gitlab_com_zone_id}"
  health_check_ports     = "${var.tcp_lbs_bastion["health_check_ports"]}"
  instances              = ["${module.bastion.instances_self_link}"]
  lb_count               = "${length(var.tcp_lbs_bastion["names"])}"
@@ -785,10 +781,10 @@ module "monitoring-lb" {
  environment        = "${var.environment}"
  source             = "../../modules/google/monitoring-lb"
  name               = "monitoring-lb"
-  gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
+  gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
  project            = "${var.project}"
  region             = "${var.region}"
-  gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
+  gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
  cert_link          = "${var.monitoring_cert_link}"
  service_ports      = ["${values(var.monitoring_hosts)}"]
  url_map            = "${google_compute_url_map.monitoring-lb.self_link}"
@@ -807,14 +803,14 @@ module "performance" {
  machine_type          = "${var.machine_types["monitoring"]}"
  name                  = "performance"
  node_count            = 1
-  oauth2_client_id      = "${var.oauth2_client_id_performance}"
-  oauth2_client_secret  = "${var.oauth2_client_secret_performance}"
+  oauth2_client_id      = "${var.oauth2_client_id_monitoring}"
+  oauth2_client_secret  = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path  = "/opt"
  project               = "${var.project}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_path          = "/login"
-  service_port          = "${var.monitoring_hosts["performance"]}"
+  service_port          = "${var.monitoring_hosts["performance.${var.environment}"]}"
  source                = "../../modules/google/monitoring-with-count"
  subnetwork_name       = "${google_compute_subnetwork.monitoring.name}"
  tier                  = "inf"
@@ -832,14 +828,14 @@ module "prometheus" {
  machine_type          = "${var.machine_types["monitoring"]}"
  name                  = "prometheus"
  node_count            = 1
-  oauth2_client_id      = "${var.oauth2_client_id_prometheus}"
-  oauth2_client_secret  = "${var.oauth2_client_secret_prometheus}"
+  oauth2_client_id      = "${var.oauth2_client_id_monitoring}"
+  oauth2_client_secret  = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path  = "/opt/prometheus"
  project               = "${var.project}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_path          = "/graph"
-  service_port          = "${var.monitoring_hosts["prometheus"]}"
+  service_port          = "${var.monitoring_hosts["prometheus.${var.environment}"]}"
  source                = "../../modules/google/monitoring-with-count"
  subnetwork_name       = "${google_compute_subnetwork.monitoring.name}"
  tier                  = "inf"
@@ -857,39 +853,14 @@ module "prometheus-app" {
  machine_type          = "${var.machine_types["monitoring"]}"
  name                  = "prometheus-app"
  node_count            = 1
-  oauth2_client_id      = "${var.oauth2_client_id_prometheus}"
-  oauth2_client_secret  = "${var.oauth2_client_secret_prometheus}"
+  oauth2_client_id      = "${var.oauth2_client_id_monitoring}"
+  oauth2_client_secret  = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path  = "/opt/prometheus"
  project               = "${var.project}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
  service_path          = "/graph"
-  service_port          = "${var.monitoring_hosts["prometheus-app"]}"
-  source                = "../../modules/google/monitoring-with-count"
-  subnetwork_name       = "${google_compute_subnetwork.monitoring.name}"
-  tier                  = "inf"
-}
-
-module "kibana" {
-  attach_data_disk      = true
-  bootstrap_version     = 4
-  chef_provision        = "${var.chef_provision}"
-  chef_run_list         = "\"role[${var.environment}-infra-kibana]\""
-  data_disk_size        = 100
-  data_disk_type        = "pd-standard"
-  dns_zone_name         = "${var.dns_zone_name}"
-  environment           = "${var.environment}"
-  machine_type          = "${var.machine_types["monitoring"]}"
-  name                  = "kibana"
-  node_count            = 1
-  oauth2_client_id      = "${var.oauth2_client_id_prometheus}"
-  oauth2_client_secret  = "${var.oauth2_client_secret_prometheus}"
-  persistent_disk_path  = "/opt"
-  project               = "${var.project}"
-  region                = "${var.region}"
-  service_account_email = "${var.service_account_email}"
-  service_path          = "/login"
-  service_port          = "${var.monitoring_hosts["kibana"]}"
+  service_port          = "${var.monitoring_hosts["prometheus-app.${var.environment}"]}"
  source                = "../../modules/google/monitoring-with-count"
  subnetwork_name       = "${google_compute_subnetwork.monitoring.name}"
  tier                  = "inf"
@@ -908,13 +879,13 @@ module "alerts" {
  machine_type          = "${var.machine_types["monitoring"]}"
  name                  = "alerts"
  node_count            = 1
-  oauth2_client_id      = "${var.oauth2_client_id_prometheus}"
-  oauth2_client_secret  = "${var.oauth2_client_secret_prometheus}"
+  oauth2_client_id      = "${var.oauth2_client_id_monitoring}"
+  oauth2_client_secret  = "${var.oauth2_client_secret_monitoring}"
  persistent_disk_path  = "/opt"
  project               = "${var.project}"
  region                = "${var.region}"
  service_account_email = "${var.service_account_email}"
-  service_port          = "${var.monitoring_hosts["alerts"]}"
+  service_port          = "${var.monitoring_hosts["alerts.${var.environment}"]}"
  source                = "../../modules/google/monitoring-with-count"
  subnetwork_name       = "${google_compute_subnetwork.monitoring.name}"
  tier                  = "inf"

--- a/environments/gstg/variables.tf
+++ b/environments/gstg/variables.tf
-variable "oauth2_client_id_prometheus" {}
-variable "oauth2_client_secret_prometheus" {}
+variable "oauth2_client_id_monitoring" {}
+variable "oauth2_client_secret_monitoring" {}

-variable "oauth2_client_id_performance" {}
-variable "oauth2_client_secret_performance" {}
+variable "gitlab_net_zone_id" {}
+variable "gitlab_com_zone_id" {}

 #######################
 # pubsubbeat config
@@ -35,11 +35,10 @@ variable "monitoring_hosts" {
  type = "map"

  default = {
-    "performance"    = "80"
-    "prometheus"     = "9090"
-    "prometheus-app" = "9090"
-    "kibana"         = "80"
-    "alerts"         = "9093"
+    "performance.gstg"    = "80"
+    "prometheus.gstg"     = "9090"
+    "prometheus-app.gstg" = "9090"
+    "alerts.gstg"         = "9093"
  }
 }

@@ -184,7 +183,7 @@ variable "chef_version" {
 }

 variable "monitoring_cert_link" {
-  default = "projects/gitlab-staging-1/global/sslCertificates/gstg-wildcard"
+  default = "projects/gitlab-staging-1/global/sslCertificates/wildcard-gstg-gitlab-net"
 }

 variable "machine_types" {

--- a/environments/ops/main.tf
+++ b/environments/ops/main.tf
@@ -69,25 +69,61 @@ resource "google_compute_firewall" "allow-lb-traffic" {
 #
 #################################

+module "log-lb" {
+  subnetwork_name    = "${module.log-proxy.google_compute_subnetwork_name}"
+  environment        = "${var.environment}"
+  source             = "../../modules/google/monitoring-lb"
+  name               = "monitoring-lb"
+  gitlab_net_zone_id = "${var.gitlab_net_zone_id}"
+  project            = "${var.project}"
+  region             = "${var.region}"
+  cert_link          = "${var.log_gitlab_net_cert_link}"
+  service_ports      = ["9090"]
+  url_map            = "${google_compute_url_map.log.self_link}"
+  hosts              = ["log"]
+}
+
+# ###########################################################
+
+resource "google_compute_url_map" "log" {
+  name            = "${format("log-%v", var.environment)}"
+  default_service = "${module.log-proxy.google_compute_backend_service_iap_self_link}"
+
+  host_rule {
+    hosts        = ["log.gitlab.net"]
+    path_matcher = "log"
+  }
+
+  path_matcher {
+    name            = "log"
+    default_service = "${module.log-proxy.google_compute_backend_service_iap_self_link}"
+
+    path_rule {
+      paths   = ["/*"]
+      service = "${module.log-proxy.google_compute_backend_service_iap_self_link}"
+    }
+  }
+}
+
 module "log-proxy" {
  bootstrap_version     = 4
  chef_provision        = "${var.chef_provision}"
  chef_run_list         = "\"role[${var.environment}-infra-log-proxy]\""
+  enable_iap            = true
  dns_zone_name         = "${var.dns_zone_name}"
  environment           = "${var.environment}"
+  oauth2_client_id      = "${var.oauth2_client_id_log_proxy}"
+  oauth2_client_secret  = "${var.oauth2_client_secret_log_proxy}"
  machine_type          = "${var.machine_types["log-proxy"]}"
  public_ports          = "${var.public_ports["log-proxy"]}"
  ip_cidr_range         = "${var.subnetworks["logging"]}"
  name                  = "log-proxy"
  node_count            = 1
-  oauth2_client_id      = "${var.oauth2_client_id_log_proxy}"
-  oauth2_client_secret  = "${var.oauth2_client_secret_log_proxy}"
  project               = "${var.project}"
  region                = "${var.region}"
-  health_check          = "tcp"
-  service_port          = "8080"
+  health_check          = "http"
+  service_port          = "9090"
  source                = "../../modules/google/generic-sv-with-group"
-  enable_iap            = true
  tier                  = "inf"
  service_account_email = "${var.service_account_email}"
  vpc                   = "${module.network.self_link}"

--- a/environments/ops/variables.tf
+++ b/environments/ops/variables.tf
@@ -94,3 +94,7 @@ variable "tcp_lbs_bastion" {
    "health_check_ports"     = ["80"]
  }
 }
+
+variable "log_gitlab_net_cert_link" {
+  default = "projects/gitlab-ops/global/sslCertificates/log-gitlab-net"
+}
--- a/modules/google/generic-sv-with-group/instance.tf
+++ b/modules/google/generic-sv-with-group/instance.tf
 resource "google_compute_backend_service" "default" {
-  count     = "${var.enable_iap ? 0 : length(data.google_compute_zones.available.names)}"
-  name      = "${format("%v-%v-%v", var.environment, var.name, data.google_compute_zones.available.names[count.index])}"
+  count     = "${var.enable_iap ? 0 : 1}"
+  name      = "${format("%v-%v", var.environment, var.name)}"
  protocol  = "${var.backend_protocol}"
  port_name = "${var.name}"

  backend {