initial upload of bastion

parent ad4fa32e
......@@ -621,6 +621,23 @@ module "gcp-tcp-lb-altssh" {
instances = ["${module.fe-lb-altssh.instances_self_link}"]
}
#### Load balancer for bastion
module "gcp-tcp-lb-bastion" {
name = "gcp-tcp-lb-bastion"
lb_count = "${length(var.tcp_lbs_bastion["names"])}"
names = "${var.tcp_lbs_bastion["names"]}"
fqdn = "${var.lb_fqdn_bastion}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
environment = "${var.environment}"
region = "${var.region}"
project = "${var.project}"
source = "../../modules/google/tcp-lb"
targets = ["bastion"]
forwarding_port_ranges = "${var.tcp_lbs_bastion["forwarding_port_ranges"]}"
health_check_ports = "${var.tcp_lbs_bastion["health_check_ports"]}"
instances = ["${module.bastion.instances_self_link}"]
}
##################################
#
# Consul
......@@ -880,7 +897,6 @@ module "runner" {
#
##################################
# module "google-azure-vpn" {
# source = "../../modules/google/vpn"
# name = "gcp-azure-${var.environment}"
......@@ -893,3 +909,30 @@ module "runner" {
# source_subnet = "${var.vpn_source_subnet}"
# }
##################################
#
# Bastion
#
##################################
module "bastion" {
block_project_ssh_keys = "TRUE"
bootstrap_version = 3
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-bastion]\""
dns_zone_name = "${var.dns_zone_name}"
enable_oslogin = "FALSE"
environment = "${var.environment}"
ip_cidr_range = "${var.subnetworks["bastion"]}"
machine_type = "${var.machine_types["bastion"]}"
name = "bastion"
node_count = "${var.node_count["bastion"]}"
project = "${var.project}"
public_ports = "${var.public_ports["bastion"]}"
region = "${var.region}"
source = "../../modules/google/generic-sv-with-group"
health_check = "tcp"
service_port = 22
tier = "inf"
vpc = "${module.network.self_link}"
}
......@@ -33,6 +33,10 @@ variable "lb_fqdn_pages" {
default = "lb-test-pages.gprd.gitlab.com"
}
variable "lb_fqdn_bastion" {
default = "lb-bastion.gprd.gitlab.com"
}
#
# For every name there must be a corresponding
# forwarding port range and health check port
......@@ -68,6 +72,16 @@ variable "tcp_lbs_altssh" {
}
}
variable "tcp_lbs_bastion" {
type = "map"
default = {
"names" = ["bastion"]
"forwarding_port_ranges" = ["22"]
"health_check_ports" = ["22"]
}
}
#######################
variable "base_chef_run_list" {
......@@ -96,6 +110,7 @@ variable "public_ports" {
default = {
"api" = [22]
"bastion" = [22]
"consul" = [22]
"deploy" = [22]
"runner" = [22]
......@@ -156,6 +171,7 @@ variable "machine_types" {
default = {
"api" = "n1-standard-8"
"bastion" = "g1-small"
"consul" = "n1-standard-4"
"db" = "n1-highmem-32"
"deploy" = "n1-standard-2"
......@@ -188,6 +204,7 @@ variable "node_count" {
default = {
"api" = 2
"artifacts" = 1
"bastion" = 3
"consul" = 3
"db" = 1
"deploy" = 1
......@@ -222,25 +239,26 @@ variable "subnetworks" {
type = "map"
default = {
"api" = "10.220.2.0/23"
"consul" = "10.218.1.0/24"
"db" = "10.217.1.0/24"
"deploy" = "10.218.3.0/24"
"fe-lb" = "10.216.1.0/24"
"fe-lb-altssh" = "10.216.3.0/24"
"fe-lb-pages" = "10.216.2.0/24"
"geodb" = "10.217.6.0/24"
"git" = "10.220.4.0/23"
"mailroom" = "10.220.14.0/23"
"monitoring" = "10.219.1.0/24"
"pgb" = "10.217.4.0/24"
"fe-lb-altssh" = "10.216.3.0/24"
"bastion" = "10.216.4.0/24"
"db" = "10.217.1.0/24"
"redis" = "10.217.2.0/24"
"pgb" = "10.217.4.0/24"
"redis-cache" = "10.217.5.0/24"
"registry" = "10.220.10.0/23"
"geodb" = "10.217.6.0/24"
"consul" = "10.218.1.0/24"
"deploy" = "10.218.3.0/24"
"runner" = "10.218.4.0/24"
"monitoring" = "10.219.1.0/24"
"registry" = "10.220.10.0/23"
"mailroom" = "10.220.14.0/23"
"api" = "10.220.2.0/23"
"git" = "10.220.4.0/23"
"sidekiq" = "10.220.6.0/23"
"stor" = "10.221.2.0/23"
"web" = "10.220.8.0/23"
"stor" = "10.221.2.0/23"
###############################
# These will eventually (tm) be
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment