initial upload of bastion

a1e4f676 · Ilya Frolov · ad4fa32e · a1e4f676 · a1e4f676
Unverified Commit a1e4f676 authored Apr 06, 2018 by Ilya Frolov
Hide whitespace changes
Inline Side-by-side

Showing with 74 additions and 13 deletions

environments/gprd/main.tf environments/gprd/main.tf +44 -1

environments/gprd/variables.tf environments/gprd/variables.tf +30 -12

No files found.
--- a/environments/gprd/main.tf
+++ b/environments/gprd/main.tf
@@ -621,6 +621,23 @@ module "gcp-tcp-lb-altssh" {
  instances              = ["${module.fe-lb-altssh.instances_self_link}"]
 }

+#### Load balancer for bastion
+module "gcp-tcp-lb-bastion" {
+  name                   = "gcp-tcp-lb-bastion"
+  lb_count               = "${length(var.tcp_lbs_bastion["names"])}"
+  names                  = "${var.tcp_lbs_bastion["names"]}"
+  fqdn                   = "${var.lb_fqdn_bastion}"
+  gitlab_com_zone_id     = "${var.gitlab_com_zone_id}"
+  environment            = "${var.environment}"
+  region                 = "${var.region}"
+  project                = "${var.project}"
+  source                 = "../../modules/google/tcp-lb"
+  targets                = ["bastion"]
+  forwarding_port_ranges = "${var.tcp_lbs_bastion["forwarding_port_ranges"]}"
+  health_check_ports     = "${var.tcp_lbs_bastion["health_check_ports"]}"
+  instances              = ["${module.bastion.instances_self_link}"]
+}
+
 ##################################
 #
 #  Consul
@@ -880,7 +897,6 @@ module "runner" {
 #
 ##################################

-
 # module "google-azure-vpn" {
 #   source        = "../../modules/google/vpn"
 #   name          = "gcp-azure-${var.environment}"
@@ -893,3 +909,30 @@ module "runner" {
 #   source_subnet = "${var.vpn_source_subnet}"
 # }

+##################################
+#
+#  Bastion
+#
+##################################
+
+module "bastion" {
+  block_project_ssh_keys = "TRUE"
+  bootstrap_version      = 3
+  chef_provision         = "${var.chef_provision}"
+  chef_run_list          = "\"role[${var.environment}-base-bastion]\""
+  dns_zone_name          = "${var.dns_zone_name}"
+  enable_oslogin         = "FALSE"
+  environment            = "${var.environment}"
+  ip_cidr_range          = "${var.subnetworks["bastion"]}"
+  machine_type           = "${var.machine_types["bastion"]}"
+  name                   = "bastion"
+  node_count             = "${var.node_count["bastion"]}"
+  project                = "${var.project}"
+  public_ports           = "${var.public_ports["bastion"]}"
+  region                 = "${var.region}"
+  source                 = "../../modules/google/generic-sv-with-group"
+  health_check           = "tcp"
+  service_port           = 22
+  tier                   = "inf"
+  vpc                    = "${module.network.self_link}"
+}
--- a/environments/gprd/variables.tf
+++ b/environments/gprd/variables.tf
@@ -33,6 +33,10 @@ variable "lb_fqdn_pages" {
  default = "lb-test-pages.gprd.gitlab.com"
 }

+variable "lb_fqdn_bastion" {
+  default = "lb-bastion.gprd.gitlab.com"
+}
+
 #
 # For every name there must be a corresponding
 # forwarding port range and health check port
@@ -68,6 +72,16 @@ variable "tcp_lbs_altssh" {
  }
 }

+variable "tcp_lbs_bastion" {
+  type = "map"
+
+  default = {
+    "names"                  = ["bastion"]
+    "forwarding_port_ranges" = ["22"]
+    "health_check_ports"     = ["22"]
+  }
+}
+
 #######################

 variable "base_chef_run_list" {
@@ -96,6 +110,7 @@ variable "public_ports" {

  default = {
    "api"         = [22]
+    "bastion"     = [22]
    "consul"      = [22]
    "deploy"      = [22]
    "runner"      = [22]
@@ -156,6 +171,7 @@ variable "machine_types" {

  default = {
    "api"                   = "n1-standard-8"
+    "bastion"               = "g1-small"
    "consul"                = "n1-standard-4"
    "db"                    = "n1-highmem-32"
    "deploy"                = "n1-standard-2"
@@ -188,6 +204,7 @@ variable "node_count" {
  default = {
    "api"                   = 2
    "artifacts"             = 1
+    "bastion"               = 3
    "consul"                = 3
    "db"                    = 1
    "deploy"                = 1
@@ -222,25 +239,26 @@ variable "subnetworks" {
  type = "map"

  default = {
-    "api"          = "10.220.2.0/23"
-    "consul"       = "10.218.1.0/24"
-    "db"           = "10.217.1.0/24"
-    "deploy"       = "10.218.3.0/24"
    "fe-lb"        = "10.216.1.0/24"
-    "fe-lb-altssh" = "10.216.3.0/24"
    "fe-lb-pages"  = "10.216.2.0/24"
-    "geodb"        = "10.217.6.0/24"
-    "git"          = "10.220.4.0/23"
-    "mailroom"     = "10.220.14.0/23"
-    "monitoring"   = "10.219.1.0/24"
-    "pgb"          = "10.217.4.0/24"
+    "fe-lb-altssh" = "10.216.3.0/24"
+    "bastion"      = "10.216.4.0/24"
+    "db"           = "10.217.1.0/24"
    "redis"        = "10.217.2.0/24"
+    "pgb"          = "10.217.4.0/24"
    "redis-cache"  = "10.217.5.0/24"
-    "registry"     = "10.220.10.0/23"
+    "geodb"        = "10.217.6.0/24"
+    "consul"       = "10.218.1.0/24"
+    "deploy"       = "10.218.3.0/24"
    "runner"       = "10.218.4.0/24"
+    "monitoring"   = "10.219.1.0/24"
+    "registry"     = "10.220.10.0/23"
+    "mailroom"     = "10.220.14.0/23"
+    "api"          = "10.220.2.0/23"
+    "git"          = "10.220.4.0/23"
    "sidekiq"      = "10.220.6.0/23"
-    "stor"         = "10.221.2.0/23"
    "web"          = "10.220.8.0/23"
+    "stor"         = "10.221.2.0/23"

    ###############################
    # These will eventually (tm) be