Commit eecf83df authored by John Jarvis's avatar John Jarvis

Add the preprod environment

parent 56423c0b
apiVersion: v1
kind: Namespace
metadata:
name: gitlab
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab
namespace: default
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: gitlab-cluster-admin
subjects:
- kind: Group
name: system:serviceaccounts
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-runner
namespace: gitlab
data:
config.toml: |
concurrent = 30
[[runners]]
name = "Kubernetes Runner"
url = "https://ops.gitlab.net/"
token = "$RUNNER_TOKEN"
executor = "kubernetes"
[runners.kubernetes]
namespace = "gitlab"
privileged = true
image = "busybox"
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: gitlab-runner
namespace: gitlab
spec:
replicas: 1
selector:
matchLabels:
name: gitlab-runner
template:
metadata:
labels:
name: gitlab-runner
spec:
containers:
- args:
- run
image: gitlab/gitlab-runner:latest
imagePullPolicy: Always
name: gitlab-runner
volumeMounts:
- mountPath: /etc/gitlab-runner
name: config
- mountPath: /etc/ssl/certs
name: cacerts
readOnly: true
restartPolicy: Always
volumes:
- configMap:
name: gitlab-runner
name: config
- hostPath:
path: /usr/share/ca-certificates/mozilla
name: cacerts
## Summary
This directory contains the kubernetes configuration for the GKE runner cluster
that is created by Terraform run for the gitlab-ops project.
## Configuring the cluster
1. Generate a cicd token. Use https://ops.gitlab.net as the endpoint for `gitlab-runner register`
1. Generate the kubectl configuration for the cluster by running the `connect to
cluster` option in the console UI, it will look something like
`gcloud container clusters get-credentials ops-gke-runner --zone us-east1-b --project gitlab-ops`
1. Retrieve the token from the [admin runner page on ops.gitlab.net](https://ops.gitlab.net/admin/runners)
and set it `export RUNNER_TOKEN=<token value>` It will be substituted in the configmap
when the configuration is applied.
1. Ensure that you have `envsubst`, if not on osx `brew install gettext`
1. Apply the configuration `for f in $(ls *.yml); do envsubst < "$f" | kubectl apply -f -; done`
1. Confirm that the runner is able to contact ops on the [runner admin page](https://ops.gitlab.net/admin/runners)
1. If things aren't working properly see the status of the pods by running `kubectl get all -n gitlab`
......@@ -55,6 +55,12 @@ resource "google_compute_network_peering" "peering_dr" {
peer_network = "${var.network_dr}"
}
resource "google_compute_network_peering" "peering_pre" {
name = "peering-pre"
network = "${var.network_ops}"
peer_network = "${var.network_pre}"
}
##################################
#
# Log Proxy
......@@ -841,6 +847,10 @@ resource "google_storage_bucket_iam_binding" "billing-legacy-object-binding" {
#
##################################
# After provisioning you will need to configure
# the cluster for gitlab-runner. Instructions
# for this are in https://gitlab.com/gitlab-com/runbooks/tree/master/gke-runner
module "gke-runner" {
environment = "${var.environment}"
name = "gke-runner"
......
......@@ -173,6 +173,10 @@ variable "network_dr" {
default = "https://www.googleapis.com/compute/v1/projects/gitlab-dr/global/networks/dr"
}
variable "network_pre" {
default = "https://www.googleapis.com/compute/v1/projects/gitlab-pre/global/networks/pre"
}
variable "tcp_lbs_bastion" {
type = "map"
......
../../shared/gstg-gprd-ops/variables.tf
\ No newline at end of file
This diff is collapsed.
###########################################################
# This is specific to the pre environment
# and defines the mapping from monitoring hosts to backend
# services
resource "google_compute_url_map" "monitoring-lb" {
name = "${format("%v-monitoring-lb", var.environment)}"
default_service = "${module.prometheus.google_compute_backend_service_self_link}"
host_rule {
hosts = ["prometheus.pre.gitlab.net"]
path_matcher = "prometheus"
}
path_matcher {
name = "prometheus"
default_service = "${module.prometheus.google_compute_backend_service_self_link}"
path_rule {
paths = ["/*"]
service = "${module.prometheus.google_compute_backend_service_self_link}"
}
}
###################################
host_rule {
hosts = ["prometheus-app.pre.gitlab.net"]
path_matcher = "prometheus-app"
}
path_matcher {
name = "prometheus-app"
default_service = "${module.prometheus-app.google_compute_backend_service_self_link}"
path_rule {
paths = ["/*"]
service = "${module.prometheus-app.google_compute_backend_service_self_link}"
}
}
}
variable "project" {
default = "gitlab-pre"
}
variable "region" {
default = "us-east1"
}
variable "environment" {
default = "pre"
}
variable "dns_zone_name" {
default = "gitlab.net"
}
variable "default_kernel_version" {
default = "4.15.0-1015"
}
variable "oauth2_client_id_dashboards" {
default = "test"
}
variable "oauth2_client_secret_dashboards" {
default = "test"
}
variable "oauth2_client_id_gitlab_pre" {
default = "test"
}
variable "oauth2_client_secret_gitlab_pre" {
default = "test"
}
variable "oauth2_client_id_monitoring" {
default = "test"
}
variable "oauth2_client_secret_monitoring" {
default = "test"
}
variable "machine_types" {
type = "map"
default = {
"bastion" = "n1-standard-1"
"gitlab-pre" = "n1-standard-16"
"monitoring" = "n1-standard-2"
"sd-exporter" = "n1-standard-1"
"gke-runner" = "n1-standard-2"
}
}
variable "monitoring_hosts" {
type = "map"
default = {
"names" = ["prometheus", "prometheus-app"]
"ports" = [9090, 9090]
}
}
variable "service_account_email" {
type = "string"
default = "[email protected]"
}
#############################
# Default firewall
# rule for allowing
# all protocols on all
# ports
#
# 10.232.x.x: all of pre
# 10.250.7.x: ops runner
# 10.250.10.x: chatops runner
# 10.250.12.x: release runner
# 10.12.0.0/14: pod address range in gitlab-ops for runners
###########################
variable "internal_subnets" {
type = "list"
default = ["10.232.0.0/13", "10.250.7.0/24", "10.250.10.0/24", "10.250.12.0/24", "10.12.0.0/14"]
}
# The pre network is allocated
# 10.232.0.0/13
# First IP: 10.232.0.0
# Last IP: 10.239.255.255
variable "subnetworks" {
type = "map"
default = {
"bastion" = "10.232.1.0/24"
"gitlab-pre" = "10.232.2.0/24"
"monitoring" = "10.232.3.0/24"
"pubsubbeat" = "10.232.4.0/24"
"gke-runner" = "10.232.5.0/24"
"sd-exporter" = "10.232.6.0/24"
"pod-ip-cidr-range" = "10.238.0.0/16"
"service-ip-cidr-range" = "10.239.0.0/16"
}
}
##################
# Network Peering
##################
variable "network_env" {
default = "https://www.googleapis.com/compute/v1/projects/gitlab-pre/global/networks/pre"
}
variable "peer_networks" {
type = "map"
default = {
"names" = ["ops"]
"links" = [
"https://www.googleapis.com/compute/v1/projects/gitlab-ops/global/networks/ops",
]
}
}
variable "public_ports" {
type = "map"
default = {
"bastion" = [22]
"gitlab-pre" = [443, 80, 22, 5005]
"sd-exporter" = []
"pubsubbeat" = []
}
}
variable "node_count" {
type = "map"
default = {
"bastion" = 1
"gitlab-pre" = 1
"prometheus" = 1
"prometheus-app" = 1
"sd-exporter" = 1
}
}
variable "chef_provision" {
type = "map"
description = "Configuration details for chef server"
default = {
bootstrap_bucket = "gitlab-pre-chef-bootstrap"
bootstrap_key = "gitlab-pre-bootstrap-validation"
bootstrap_keyring = "gitlab-pre-bootstrap"
server_url = "https://chef.gitlab.com/organizations/gitlab/"
user_name = "gitlab-ci"
user_key_path = ".chef.pem"
version = "12.22.5"
}
}
variable "monitoring_cert_link" {
default = "projects/gitlab-pre/global/sslCertificates/wildcard-pre-gitlab-net"
}
variable "lb_fqdns_bastion" {
type = "list"
default = ["lb-bastion.pre.gitlab.com"]
}
variable "tcp_lbs_bastion" {
type = "map"
default = {
"names" = ["ssh"]
"forwarding_port_ranges" = ["22"]
"health_check_ports" = ["80"]
}
}
variable "tcp_lbs_sentry" {
type = "map"
default = {
"names" = ["http", "https"]
"forwarding_port_ranges" = ["80", "443"]
"health_check_ports" = ["9000", "9000"]
"health_check_request_paths" = ["/auth/login/gitlab/", "/auth/login/gitlab/"]
}
}
variable "pre_gitlab_net_cert_link" {
default = "projects/gitlab-pre/global/sslCertificates/pre-gitlab-net"
}
variable "gcs_service_account_email" {
type = "string"
default = "[email protected]"
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment