Commit 665e7e3f authored by John Jarvis's avatar John Jarvis

Adds monitoring behind an https lb.

parent 4a515ed8
......@@ -35,6 +35,17 @@ resource "google_compute_firewall" "allow-internal" {
source_ranges = ["10.0.0.0/8"]
}
resource "google_compute_firewall" "allow-lb-traffic" {
name = "allow-lb-traffic-${var.environment}"
network = "${module.network.self_link}"
allow {
protocol = "all"
}
source_ranges = ["130.211.0.0/22", "35.191.0.0/16"]
}
/*
##################################
#
......@@ -475,11 +486,13 @@ module "monitoring" {
project = "${var.project}"
public_ports = "${var.public_ports["monitoring"]}"
region = "${var.region}"
source = "../../modules/google/generic-stor"
source = "../../modules/google/monitoring"
tier = "inf"
vpc = "${module.network.self_link}"
persistent_disk_path = "/opt/prometheus"
bootstrap_version = 2
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
cert_link = "projects/gitlab-production/global/sslCertificates/gprd-wildcard"
}
##################################
......
......@@ -88,7 +88,7 @@ variable "node_count" {
"lfs" = 1
"pages" = 1
"pgb" = 1
"monitoring" = 1
"monitoring" = 2
"redis" = 1
"redis-cache" = 1
"share" = 1
......
output "instances_with_attached_disk_self_link" {
output "instances_self_link" {
value = "${google_compute_instance.instance_with_attached_disk.*.self_link}"
}
data "google_compute_zones" "available" {
region = "${var.region}"
status = "UP"
}
resource "google_compute_firewall" "public" {
count = "${length(var.public_ports) > 0 ? 1 : 0}"
name = "${format("%v-%v", var.name, var.environment)}"
network = "${var.vpc}"
allow {
protocol = "tcp"
ports = ["${var.public_ports}"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["${var.name}"]
}
resource "google_compute_address" "static-ip-address" {
count = "${var.node_count}"
name = "${format("%v-%02d-%v-%v-static-ip", var.name, count.index + 1 + 100, var.tier, var.environment)}"
address_type = "INTERNAL"
address = "${replace(var.ip_cidr_range, "/\\d+\\/\\d+$/", count.index + 1 + 100)}"
subnetwork = "${google_compute_subnetwork.subnetwork.self_link}"
}
resource "google_compute_disk" "data_disk" {
project = "${var.project}"
count = "${(var.attach_data_disk && var.node_count > 0) ? var.node_count : 0}"
name = "${format("%v-%02d-%v-%v-data", var.name, count.index + 1, var.tier, var.environment)}"
zone = "${var.zone != "" ? var.zone : data.google_compute_zones.available.names[(count.index + 1) % length(data.google_compute_zones.available.names)]}"
size = "${var.data_disk_size}"
type = "${var.data_disk_type}"
labels {
environment = "${var.environment}"
pet_name = "${var.name}"
}
}
resource "google_compute_instance" "instance_with_attached_disk" {
count = "${var.attach_data_disk ? var.node_count : 0}"
name = "${format("%v-%02d-%v-%v", var.name, count.index + 1, var.tier, var.environment)}"
machine_type = "${var.machine_type}"
metadata = {
"CHEF_URL" = "${var.chef_provision.["server_url"]}"
"CHEF_VERSION" = "${var.chef_provision.["version"]}"
"CHEF_NODE_NAME" = "${format("%v-%02d.%v.%v.%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)}"
"CHEF_ENVIRONMENT" = "${var.environment}"
"CHEF_RUN_LIST" = "${var.chef_run_list}"
"CHEF_DNS_ZONE_NAME" = "${var.dns_zone_name}"
"CHEF_PROJECT" = "${var.project}"
"GL_PERSISTENT_DISK_PATH" = "${var.persistent_disk_path}"
}
metadata_startup_script = "${file("${path.module}/../../../scripts/google/bootstrap-v${var.bootstrap_version}.sh")}"
project = "${var.project}"
zone = "${var.zone != "" ? var.zone : data.google_compute_zones.available.names[(count.index + 1) % length(data.google_compute_zones.available.names)]}"
service_account {
// this should be the instance under which the instance should be running, rather than the one creating it...
email = "[email protected]"
// all the defaults plus cloudkms to access kms
scopes = [
"https://www.googleapis.com/auth/cloud.useraccounts.readonly",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write",
"https://www.googleapis.com/auth/pubsub",
"https://www.googleapis.com/auth/service.management.readonly",
"https://www.googleapis.com/auth/servicecontrol",
"https://www.googleapis.com/auth/trace.append",
"https://www.googleapis.com/auth/cloudkms",
"https://www.googleapis.com/auth/compute.readonly",
]
}
scheduling {
preemptible = "${var.preemptible}"
}
boot_disk {
auto_delete = true
initialize_params {
image = "${var.os_boot_image}"
size = "${var.os_disk_size}"
type = "${var.os_disk_type}"
}
}
attached_disk {
source = "${google_compute_disk.data_disk.*.self_link[count.index]}"
}
network_interface {
subnetwork = "${google_compute_subnetwork.subnetwork.name}"
address = "${google_compute_address.static-ip-address.*.address[count.index]}"
access_config = {}
}
labels {
environment = "${var.environment}"
pet_name = "${var.name}"
}
tags = [
"${var.name}",
"${var.environment}",
]
provisioner "local-exec" {
when = "destroy"
command = "knife node delete ${format("%v-%02d.%v.%v.%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)} -y; knife client delete ${format("%v-%02d.%v.%v.%v", var.name, count.index + 1, var.tier, var.environment, var.dns_zone_name)} -y; exit 0"
}
}
data "google_compute_lb_ip_ranges" "ranges" {}
resource "aws_route53_record" "monitoring" {
count = "${var.node_count}"
zone_id = "${var.gitlab_com_zone_id}"
name = "${format("prometheus-%02d.%v.gitlab.com.", count.index + 1, var.environment)}"
type = "A"
ttl = "300"
records = ["${google_compute_global_address.monitoring.*.address[count.index]}"]
}
resource "google_compute_global_address" "monitoring" {
count = "${var.node_count}"
name = "${var.environment}-monitoring-${count.index + 1}"
}
resource "google_compute_global_forwarding_rule" "monitoring" {
count = "${var.node_count}"
name = "${var.environment}-monitoring-${count.index + 1}"
target = "${google_compute_target_https_proxy.monitoring.*.self_link[count.index]}"
port_range = "443"
ip_address = "${google_compute_global_address.monitoring.*.address[count.index]}"
}
resource "google_compute_target_https_proxy" "monitoring" {
count = "${var.node_count}"
name = "${var.environment}-monitoring-${count.index + 1}"
description = "https proxy for monitoring-${count.index + 1}"
ssl_certificates = ["${var.cert_link}"]
url_map = "${google_compute_url_map.monitoring.*.self_link[count.index]}"
}
resource "google_compute_url_map" "monitoring" {
count = "${var.node_count}"
name = "${var.environment}-monitoring-${count.index + 1}"
default_service = "${google_compute_backend_service.monitoring.*.self_link[count.index]}"
host_rule {
hosts = ["*"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${google_compute_backend_service.monitoring.*.self_link[count.index]}"
path_rule {
paths = ["/graph"]
service = "${google_compute_backend_service.monitoring.*.self_link[count.index]}"
}
}
}
resource "google_compute_instance_group" "monitoring" {
count = "${var.node_count}"
name = "${var.environment}-monitoring-${count.index + 1}"
description = "Instance group for monitoring VM."
zone = "${var.zone != "" ? var.zone : data.google_compute_zones.available.names[(count.index + 1) % length(data.google_compute_zones.available.names)]}"
named_port {
name = "prometheus"
port = "9090"
}
instances = ["${google_compute_instance.instance_with_attached_disk.*.self_link[count.index]}"]
}
resource "google_compute_health_check" "monitoring" {
count = "${var.node_count}"
name = "${var.environment}-monitoring-${count.index + 1}"
http_health_check {
port = "9090"
request_path = "/graph"
}
}
resource "google_compute_backend_service" "monitoring" {
count = "${var.node_count}"
name = "${var.environment}-monitoring-${count.index + 1}"
protocol = "HTTP"
port_name = "prometheus"
backend {
group = "${google_compute_instance_group.monitoring.*.self_link[count.index]}"
}
health_checks = ["${google_compute_health_check.monitoring.*.self_link[count.index]}"]
}
resource "google_compute_firewall" "default" {
name = "monitoring-firewall"
network = "${var.environment}"
allow {
protocol = "tcp"
ports = ["80"]
}
source_ranges = ["${data.google_compute_lb_ip_ranges.ranges.network}"]
target_tags = ["${var.name}"]
}
output "instances_self_link" {
value = "${google_compute_instance.instance_with_attached_disk.*.self_link}"
}
resource "google_compute_subnetwork" "subnetwork" {
count = "${var.node_count > 0 ? 1 : 0}"
name = "${format("%v-%v", var.name, var.environment)}"
network = "${var.vpc}"
project = "${var.project}"
region = "${var.region}"
ip_cidr_range = "${var.ip_cidr_range}"
private_ip_google_access = true
}
variable "cert_link" {
type = "string"
description = "resource link for the ssl certificate"
}
variable "gitlab_com_zone_id" {
type = "string"
description = "Zone id for creating dns records (AWS)"
}
variable "bootstrap_version" {
description = "version of the bootstrap script"
default = 1
}
variable "persistent_disk_path" {
type = "string"
description = "default location for disk mount"
default = "/var/opt/gitlab"
}
variable "attach_data_disk" {
type = "string"
description = "Attach a data disk to this machine"
default = false
}
variable "chef_provision" {
type = "map"
description = "Configuration details for chef server"
}
variable "chef_run_list" {
type = "string"
description = "run_list for the node in chef"
}
variable "data_disk_size" {
type = "string"
description = "The size of the data disk"
default = 20
}
variable "data_disk_type" {
type = "string"
description = "The type of the data disk"
default = "pd-standard"
}
variable "dns_zone_name" {
type = "string"
description = "The GCP name of the DNS zone to use for this environment"
}
variable "environment" {
type = "string"
description = "The environment name"
}
variable "ip_cidr_range" {
type = "string"
description = "The IP range"
}
variable "machine_type" {
type = "string"
description = "The machine size"
}
variable "name" {
type = "string"
description = "The pet name"
}
variable "node_count" {
type = "string"
description = "The nodes count"
}
variable "os_boot_image" {
type = "string"
description = "The OS image to boot"
default = "ubuntu-os-cloud/ubuntu-1604-xenial-v20180122"
}
variable "os_disk_size" {
type = "string"
description = "The OS disk size in GiB"
default = 20
}
variable "os_disk_type" {
type = "string"
description = "The OS disk type"
default = "pd-standard"
}
variable "preemptible" {
type = "string"
description = "Use preemptible instances for this pet"
default = "false"
}
variable "project" {
type = "string"
description = "The project name"
}
variable "public_ports" {
type = "list"
description = "The list of ports that should be publicly reachable"
default = []
}
variable "region" {
type = "string"
description = "The target region"
}
variable "tier" {
type = "string"
description = "The tier for this service"
}
variable "vpc" {
type = "string"
description = "The target network"
}
variable "zone" {
type = "string"
default = ""
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment