Creates tcp lb module for http, https and ssh.

d25ffb59 · John Jarvis · f0d7e2c1 · f0d7e2c1 · f0d7e2c1 · f0d7e2c1
Commit d25ffb59 authored Mar 31, 2018 by John Jarvis
9 changed files
--- a/environments/gprd/load-balancers/fe-http.tf
+++ b/environments/gprd/load-balancers/fe-http.tf
-resource "google_compute_forwarding_rule" "fe_forwarding_rule_http" {
-  name                  = "gitlab-frontend-http"
-  project               = "${var.project}"
-  region                = "${var.region}"
-  target                = "${google_compute_target_pool.fe_lb_http_pool.self_link}"
-  load_balancing_scheme = "EXTERNAL"
-  port_range            = "80"
-  ip_address            = "${google_compute_address.fe_external_ip.address}"
-}
-
-resource "google_compute_target_pool" "fe_lb_http_pool" {
-  project          = "${var.project}"
-  name             = "gitlab-frontend-http-pool"
-  region           = "${var.region}"
-  session_affinity = "NONE"
-  instances        = ["${var.fe_http_instances}"]
-
-  health_checks = [
-    "${google_compute_http_health_check.fe_lb_http_health_check.self_link}",
-  ]
-}
-
-resource "google_compute_http_health_check" "fe_lb_http_health_check" {
-  project             = "${var.project}"
-  name                = "fe-lb-http-health-check"
-  host                = "gitlab.com"
-  port                = "80"
-  request_path        = "/help"
-  timeout_sec         = 2
-  check_interval_sec  = 2
-  healthy_threshold   = 2
-  unhealthy_threshold = 2
-}
--- a/environments/gprd/load-balancers/fe-https.tf
+++ b/environments/gprd/load-balancers/fe-https.tf
-resource "google_compute_forwarding_rule" "fe_forwarding_rule_https" {
-  name                  = "gitlab-frontend-https"
-  project               = "${var.project}"
-  region                = "${var.region}"
-  target                = "${google_compute_target_pool.fe_lb_https_pool.self_link}"
-  load_balancing_scheme = "EXTERNAL"
-  port_range            = "443"
-  ip_address            = "${google_compute_address.fe_external_ip.address}"
-}
-
-resource "google_compute_target_pool" "fe_lb_https_pool" {
-  project          = "${var.project}"
-  name             = "gitlab-frontend-https-pool"
-  region           = "${var.region}"
-  session_affinity = "NONE"
-  instances        = ["${var.fe_https_instances}"]
-
-  health_checks = [
-    "${google_compute_http_health_check.fe_lb_http_health_check.self_link}",
-  ]
-}
--- a/environments/gprd/load-balancers/fe-ssh.tf
+++ b/environments/gprd/load-balancers/fe-ssh.tf
-resource "google_compute_forwarding_rule" "fe_forwarding_rule_ssh" {
-  name                  = "gitlab-frontend-ssh"
-  project               = "${var.project}"
-  region                = "${var.region}"
-  target                = "${google_compute_target_pool.fe_lb_ssh_pool.self_link}"
-  load_balancing_scheme = "EXTERNAL"
-  port_range            = "22"
-  ip_address            = "${google_compute_address.fe_external_ip.address}"
-}
-
-resource "google_compute_target_pool" "fe_lb_ssh_pool" {
-  project          = "${var.project}"
-  name             = "gitlab-frontend-ssh-pool"
-  region           = "${var.region}"
-  session_affinity = "NONE"
-  instances        = ["${var.fe_ssh_instances}"]
-
-  health_checks = [
-    "${google_compute_http_health_check.fe_lb_http_health_check.self_link}",
-  ]
-}
--- a/environments/gprd/load-balancers/ips.tf
+++ b/environments/gprd/load-balancers/ips.tf
-resource "google_compute_address" "fe_external_ip" {
-  name         = "http"
-  project      = "${var.project}"
-  region       = "${var.region}"
-  address_type = "EXTERNAL"
-
-  # subnetwork   = "${var.subnetwork}"
-}
--- a/environments/gprd/load-balancers/variables.tf
+++ b/environments/gprd/load-balancers/variables.tf
-variable "fe_http_instances" {
-  type        = "list"
-  description = "The list of instances to add to the http backend pool"
-}
-
-variable "fe_https_instances" {
-  type        = "list"
-  description = "The list of instances to add to the https backend pool"
-}
-
-variable "fe_ssh_instances" {
-  type        = "list"
-  description = "The list of instances to add to the ssh backend pool"
-}
-
-variable "region" {
-  type        = "string"
-  description = "The target region"
-}
-
-variable "project" {
-  type        = "string"
-  description = "The target project"
-}
-
-# variable "subnetwork" {
-#   type        = "string"
-#   description = "The target subnetwork"
-# }
-
--- a/environments/gprd/main.tf
+++ b/environments/gprd/main.tf
@@ -319,7 +319,7 @@ module "sidekiq" {

 ##################################
 #
-#  mailroom
+#  Mailroom
 #
 ##################################

@@ -497,13 +497,25 @@ module "fe-lb" {
  vpc              = "${module.network.self_link}"
 }

-module "google_load_balancers" {
-  source             = "./load-balancers"
-  project            = "${var.project}"
-  region             = "${var.region}"
-  fe_http_instances  = "${module.fe-lb.instances_without_attached_disk_self_link}"
-  fe_https_instances = "${module.fe-lb.instances_without_attached_disk_self_link}"
-  fe_ssh_instances   = "${module.fe-lb.instances_without_attached_disk_self_link}"
+##################################
+#
+#  GCP TCP LoadBalancers
+#
+##################################
+
+module "gcp-tcp-lb" {
+  lb_count               = "${length(var.tcp_lbs["names"])}"
+  names                  = "${var.tcp_lbs["names"]}"
+  fqdn                   = "${var.lb_fqdn}"
+  gitlab_com_zone_id     = "${var.gitlab_com_zone_id}"
+  environment            = "${var.environment}"
+  region                 = "${var.region}"
+  project                = "${var.project}"
+  source                 = "../../modules/google/tcp-lb"
+  targets                = ["fe"]
+  forwarding_port_ranges = "${var.tcp_lbs["forwarding_port_ranges"]}"
+  health_check_ports     = "${var.tcp_lbs["health_check_ports"]}"
+  instances              = ["${module.fe-lb.instances_without_attached_disk_self_link}"]
 }

 ##################################

--- a/environments/gprd/variables.tf
+++ b/environments/gprd/variables.tf
@@ -16,6 +16,32 @@ variable "monitoring_hosts" {
  }
 }

+#### GCP load balancing
+
+# The top level domain record for the GitLab deployment.
+# For production this should be set to "gitlab.com"
+
+variable "lb_fqdn" {
+  default = "lb-test.gprd.gitlab.com"
+}
+
+#
+# For every name there must be a corresponding
+# forwarding port range and health check port
+#
+
+variable "tcp_lbs" {
+  type = "map"
+
+  default = {
+    "names"                  = ["http", "https", "ssh"]
+    "forwarding_port_ranges" = ["80", "443", "22"]
+    "health_check_ports"     = ["8001", "8002", "8003"]
+  }
+}
+
+#######################
+
 variable "base_chef_run_list" {
  default = "\"role[gitlab]\",\"recipe[gitlab_users::default]\",\"recipe[gitlab_sudo::default]\",\"recipe[gitlab-server::bashrc]\""
 }

--- a/modules/google/tcp-lb/loadbalancing.tf
+++ b/modules/google/tcp-lb/loadbalancing.tf
+data "google_compute_lb_ip_ranges" "ranges" {}
+
+resource "aws_route53_record" "default" {
+  zone_id = "${var.gitlab_com_zone_id}"
+  name    = "${var.fqdn}"
+  type    = "A"
+  ttl     = "300"
+  records = ["${google_compute_address.default.address}"]
+}
+
+resource "google_compute_address" "default" {
+  name         = "http"
+  project      = "${var.project}"
+  region       = "${var.region}"
+  address_type = "EXTERNAL"
+}
+
+resource "google_compute_firewall" "default" {
+  name    = "${format("%v-tcp-lb", var.environment)}"
+  network = "${var.environment}"
+
+  allow {
+    protocol = "tcp"
+    ports    = ["${var.health_check_ports}"]
+  }
+
+  source_ranges = ["${data.google_compute_lb_ip_ranges.ranges.network}"]
+  target_tags   = ["${var.targets}"]
+}
+
+resource "google_compute_forwarding_rule" "default" {
+  count                 = "${var.lb_count}"
+  name                  = "${format("%v-tcp-lb-%v", var.environment, var.names[count.index])}"
+  project               = "${var.project}"
+  region                = "${var.region}"
+  target                = "${google_compute_target_pool.default.*.self_link[count.index]}"
+  load_balancing_scheme = "EXTERNAL"
+  port_range            = "${var.forwarding_port_ranges[count.index]}"
+  ip_address            = "${google_compute_address.default.address}"
+}
+
+resource "google_compute_target_pool" "default" {
+  count            = "${var.lb_count}"
+  name             = "${format("%v-tcp-lb-%v", var.environment, var.names[count.index])}"
+  project          = "${var.project}"
+  region           = "${var.region}"
+  session_affinity = "NONE"
+  instances        = ["${var.instances}"]
+
+  health_checks = [
+    "${google_compute_http_health_check.default.*.self_link[count.index]}",
+  ]
+}
+
+resource "google_compute_http_health_check" "default" {
+  count               = "${var.lb_count}"
+  name                = "${format("%v-tcp-lb-%v", var.environment, var.names[count.index])}"
+  project             = "${var.project}"
+  port                = "${var.health_check_ports[count.index]}"
+  request_path        = "/healthz-${var.names[count.index]}"
+  timeout_sec         = 2
+  check_interval_sec  = 2
+  healthy_threshold   = 2
+  unhealthy_threshold = 2
+}
--- a/modules/google/tcp-lb/variables.tf
+++ b/modules/google/tcp-lb/variables.tf
+variable "lb_count" {}
+variable "fqdn" {}
+
+variable "health_check_ports" {
+  type = "list"
+}
+
+variable "forwarding_port_ranges" {
+  type = "list"
+}
+
+variable "gitlab_com_zone_id" {}
+
+variable "instances" {
+  type = "list"
+}
+
+variable "targets" {
+  type        = "list"
+  description = "target tags for the load balancer"
+}
+
+variable "environment" {
+  type        = "string"
+  description = "The environment name"
+}
+
+variable "names" {
+  type        = "list"
+  description = "Names for the lbs"
+}
+
+variable "project" {
+  type        = "string"
+  description = "The project name"
+}
+
+variable "region" {
+  type        = "string"
+  description = "The target region"
+}