Add ops cluster

A new cluster will be added to move the GKE and to host the cloudwatch
exporter

https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/7038
https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/7861
parent 4d8150b8
## State storage
################################
#
# State storage
#
################################
terraform {
backend "s3" {
bucket = "gitlab-com-infrastructure"
......@@ -7,7 +12,12 @@ terraform {
}
}
## AWS
################################
#
# AWS
#
################################
provider "aws" {
region = "us-east-1"
version = "~> 2.27.0"
......@@ -19,7 +29,11 @@ variable "gitlab_com_zone_id" {
variable "gitlab_net_zone_id" {
}
## Google
################################
#
# Google us-east1
#
################################
provider "google" {
version = "~> 2.14.0"
......@@ -33,6 +47,19 @@ provider "google-beta" {
region = var.region
}
################################
#
# Google us-central1
#
################################
provider "google" {
version = "~> 2.14.0"
alias = "us-central"
project = var.project
region = var.central_region
}
##################################
#
# Network
......@@ -40,7 +67,6 @@ provider "google-beta" {
#################################
module "network" {
# TODO Migrate this environment to v2.0.0+ (https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/7860)
source = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/vpc.git?ref=v2.0.0"
project = var.project
environment = var.environment
......@@ -703,19 +729,6 @@ module "gitlab-ops" {
vpc = module.network.self_link
}
#######################################################
#
# VM and services for us-central1 ops.gitlab.net
#
#######################################################
provider "google" {
version = "~> 2.14.0"
alias = "us-central"
project = var.project
region = "us-central1"
}
###############################################
#
# Load balancer and VM for the ops bastion
......@@ -1177,3 +1190,67 @@ resource "google_service_account" "assets" {
output "ops_ip" {
value = module.gitlab-ops.instances.0.network_interface.0.access_config.0.nat_ip
}
##################################
#
# GKE Cluster
#
##################################
module "ops-gke" {
name = "ops-gke"
environment = var.environment
vpc = module.network.self_link
source = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/gke.git?ref=v7.0.0"
ip_cidr_range = var.subnetworks["ops-gke"]
disable_network_policy = "false"
dns_zone_name = var.dns_zone_name
kubernetes_version = "1.14.7-gke.10"
node_network_policy = "true"
private_cluster = "true"
project = var.project
region = var.region
pod_ip_cidr_range = var.subnetworks["ops-gke-pod-cidr"]
service_ip_cidr_range = var.subnetworks["ops-gke-service-cidr"]
node_pools = [
{
name = "20190927-0"
initial_node_count = "1"
machine_type = var.machine_types["ops-gke"]
max_node_count = "1"
node_auto_repair = "true"
node_auto_upgrade = "false"
node_disk_size_gb = "25"
node_disk_type = "pd-standard"
preemptible = "true"
},
]
}
#############################################
#
# Service account for GKE cluster used by CI
#
#############################################
resource "google_service_account" "k8s-workloads" {
account_id = "k8s-workloads"
display_name = "k8s-workloads"
}
##################################
#
# NAT gateway
#
##################################
module "ops-nat" {
source = "git::ssh://[email protected]/gitlab-com/gl-infra/terraform-modules/google/cloud-nat.git?ref=v1.0.0"
log_level = "ALL"
nat_ip_count = 1
network_name = module.network.name
region = var.region
}
......@@ -6,6 +6,10 @@ variable "region" {
default = "us-east1"
}
variable "central_region" {
default = "us-central1"
}
variable "environment" {
default = "ops"
}
......@@ -72,6 +76,7 @@ variable "machine_types" {
"thanos-store" = "n1-highmem-8"
"gke-runner" = "n1-standard-2"
"nessus" = "n1-standard-4"
"ops-gke" = "n1-standard-2"
}
}
......@@ -98,30 +103,33 @@ variable "subnetworks" {
default = {
# us-east1
"logging" = "10.250.1.0/24"
"bastion" = "10.250.2.0/24"
"dashboards" = "10.250.3.0/24"
"gitlab-ops" = "10.250.4.0/24"
"proxy" = "10.250.5.0/24"
"monitor" = "10.250.6.0/24"
"runner" = "10.250.7.0/24"
"monitoring" = "10.250.8.0/24"
"sentry" = "10.250.9.0/24"
"runner-chatops" = "10.250.10.0/24"
"dashboards-com" = "10.250.11.0/24"
"runner-release" = "10.250.12.0/24"
"gitlab-ops-geo" = "10.250.13.0/24"
"pubsubbeat" = "10.250.14.0/24"
"sd-exporter" = "10.250.15.0/24"
"gke-runner" = "10.250.16.0/24"
"runner-snapshots" = "10.250.17.0/24"
"thanos-store" = "10.250.18.0/24"
"thanos-compact" = "10.250.19.0/24"
"aptly" = "10.250.20.0/24"
"consul" = "10.250.21.0/24"
"nonprod-proxy" = "10.250.22.0/24"
"prod-proxy" = "10.250.23.0/24"
"console" = "10.250.24.0/24"
"logging" = "10.250.1.0/24"
"bastion" = "10.250.2.0/24"
"dashboards" = "10.250.3.0/24"
"gitlab-ops" = "10.250.4.0/24"
"proxy" = "10.250.5.0/24"
"monitor" = "10.250.6.0/24"
"runner" = "10.250.7.0/24"
"monitoring" = "10.250.8.0/24"
"sentry" = "10.250.9.0/24"
"runner-chatops" = "10.250.10.0/24"
"dashboards-com" = "10.250.11.0/24"
"runner-release" = "10.250.12.0/24"
"gitlab-ops-geo" = "10.250.13.0/24"
"pubsubbeat" = "10.250.14.0/24"
"sd-exporter" = "10.250.15.0/24"
"gke-runner" = "10.250.16.0/24"
"runner-snapshots" = "10.250.17.0/24"
"thanos-store" = "10.250.18.0/24"
"thanos-compact" = "10.250.19.0/24"
"aptly" = "10.250.20.0/24"
"consul" = "10.250.21.0/24"
"nonprod-proxy" = "10.250.22.0/24"
"prod-proxy" = "10.250.23.0/24"
"console" = "10.250.24.0/24"
"ops-gke" = "10.250.25.0/24"
"ops-gke-pod-cidr" = "10.168.0.0/16"
"ops-gke-service-cidr" = "10.169.0.0/16"
# us-central1
"chef" = "10.253.5.0/24"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment