## State storage terraform { backend "s3" {} } ## AWS provider "aws" { region = "us-east-1" } variable "gitlab_com_zone_id" {} variable "gitlab_net_zone_id" {} ## Google provider "google" { credentials = "${file("../../private/google-credentials/${var.environment}.json")}" project = "${var.project}" region = "${var.region}" } ################################## # # Allow internal traffic # ################################# resource "google_compute_firewall" "allow-internal" { name = "allow-internal-${var.environment}" network = "${module.network.self_link}" allow { protocol = "all" } source_ranges = ["10.0.0.0/8"] } /* ################################## # # NAT gateway # ################################# module "nat" { source = "GoogleCloudPlatform/nat-gateway/google" region = "${var.region}" network = "gprd" } */ ################################## # # Network # ################################# module "network" { source = "../../modules/google/vpc" project = "${var.project}" environment = "${var.environment}" } ################################## # # Web front-end # ################################# module "web" { attach_data_disk = false chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["web"]}" machine_type = "${var.machine_types["web"]}" name = "web" node_count = "${var.node_count["web"]}" project = "${var.project}" public_ports = "${var.public_ports["web"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "fe" vpc = "${module.network.self_link}" } ################################## # # API # ################################# module "api" { attach_data_disk = false chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["api"]}" machine_type = "${var.machine_types["api"]}" name = "api" node_count = "${var.node_count["api"]}" project = "${var.project}" public_ports = "${var.public_ports["api"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "sv" vpc = "${module.network.self_link}" } ################################## # # Git # ################################## module "git" { attach_data_disk = false chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["git"]}" machine_type = "${var.machine_types["git"]}" name = "git" node_count = "${var.node_count["git"]}" project = "${var.project}" public_ports = "${var.public_ports["git"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "sv" vpc = "${module.network.self_link}" } ################################## # # Database # ################################# module "postgres" { attach_data_disk = true data_disk_size = 5000 data_disk_type = "pd-ssd" chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["db"]}" machine_type = "${var.machine_types["db"]}" name = "postgres" node_count = "${var.node_count["db"]}" project = "${var.project}" public_ports = "${var.public_ports["db"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "db" vpc = "${module.network.self_link}" } module "pg-bouncer" { attach_data_disk = false chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["pgb"]}" machine_type = "${var.machine_types["pgb"]}" name = "pgbouncer" node_count = "${var.node_count["pgb"]}" project = "${var.project}" public_ports = "${var.public_ports["pgb"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "db" vpc = "${module.network.self_link}" } module "geo-postgres" { attach_data_disk = true data_disk_size = 5000 data_disk_type = "pd-ssd" chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["geodb"]}" machine_type = "${var.machine_types["geodb"]}" name = "geo-postgres" node_count = "${var.node_count["geodb"]}" project = "${var.project}" public_ports = "${var.public_ports["geodb"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "db" vpc = "${module.network.self_link}" } ################################## # # Redis # ################################## module "redis" { attach_data_disk = true data_disk_size = 100 data_disk_type = "pd-ssd" chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["redis"]}" machine_type = "${var.machine_types["redis"]}" name = "redis" node_count = "${var.node_count["redis"]}" project = "${var.project}" public_ports = "${var.public_ports["redis"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "db" vpc = "${module.network.self_link}" } module "redis-cache" { attach_data_disk = true data_disk_size = 100 data_disk_type = "pd-ssd" chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["redis-cache"]}" machine_type = "${var.machine_types["redis-cache"]}" name = "redis-cache" node_count = "${var.node_count["redis-cache"]}" project = "${var.project}" public_ports = "${var.public_ports["redis-cache"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "db" vpc = "${module.network.self_link}" } ################################## # # Sidekiq # ################################## module "sidekiq" { attach_data_disk = false chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["sidekiq"]}" machine_type = "${var.machine_types["sidekiq-besteffort"]}" name = "sidekiq-besteffort" node_count = "${var.node_count["sidekiq-besteffort"]}" project = "${var.project}" public_ports = "${var.public_ports["sidekiq"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "sv" vpc = "${module.network.self_link}" } ################################## # # Storage nodes for repositories # ################################## module "file" { attach_data_disk = true data_disk_size = 16000 data_disk_type = "pd-ssd" chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["stor"]}" machine_type = "${var.machine_types["stor"]}" name = "file" node_count = "${var.node_count["stor"]}" project = "${var.project}" public_ports = "${var.public_ports["stor"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "stor" vpc = "${module.network.self_link}" zone = "us-east1-c" } ################################## # # Storage nodes for # uploads/lfs/pages/artifacts/builds/cache # ################################## module "share" { attach_data_disk = true data_disk_size = 16000 data_disk_type = "pd-standard" chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["share"]}" machine_type = "${var.machine_types["stor"]}" name = "share" node_count = "${var.node_count["share"]}" project = "${var.project}" public_ports = "${var.public_ports["stor"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "stor" vpc = "${module.network.self_link}" } module "lfs" { attach_data_disk = true data_disk_size = 16000 data_disk_type = "pd-standard" chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["lfs"]}" machine_type = "${var.machine_types["stor"]}" name = "lfs" node_count = "${var.node_count["lfs"]}" project = "${var.project}" public_ports = "${var.public_ports["stor"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "stor" vpc = "${module.network.self_link}" } module "pages" { attach_data_disk = true data_disk_size = 16000 data_disk_type = "pd-standard" chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["pages"]}" machine_type = "${var.machine_types["stor"]}" name = "pages" node_count = "${var.node_count["pages"]}" project = "${var.project}" public_ports = "${var.public_ports["stor"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "stor" vpc = "${module.network.self_link}" } module "artifacts" { attach_data_disk = true data_disk_size = 16000 data_disk_type = "pd-standard" chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["artifacts"]}" machine_type = "${var.machine_types["stor"]}" name = "artifacts" node_count = "${var.node_count["artifacts"]}" project = "${var.project}" public_ports = "${var.public_ports["stor"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "stor" vpc = "${module.network.self_link}" } ################################## # # External LoadBalancer # ################################## module "external-lb" { attach_data_disk = false chef_provision = "${var.chef_provision}" chef_run_list = "${var.base_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["exlb"]}" machine_type = "${var.machine_types["exlb"]}" name = "ext" node_count = "${var.node_count["exlb"]}" project = "${var.project}" public_ports = "${var.public_ports["exlb"]}" region = "${var.region}" source = "../../modules/google/generic-pet" tier = "lb" vpc = "${module.network.self_link}" } module "google_load_balancers" { source = "./load-balancers" project = "${var.project}" region = "${var.region}" fe_http_instances = "${module.external-lb.instances_without_attached_disk_self_link}" fe_https_instances = "${module.external-lb.instances_without_attached_disk_self_link}" fe_ssh_instances = "${module.external-lb.instances_without_attached_disk_self_link}" } ################################## # # VPN connection to Azure # ################################## module "google-azure-vpn" { source = "../../modules/google/vpn" name = "gcp-azure-${var.environment}" network_name = "${module.network.self_link}" network_link = "${module.network.name}" region = "${var.region}" peer_ip = "${var.vpn_peer_address}" shared_secret = "${var.vpn_shared_secret}" dest_subnet = "${var.vpn_dest_subnet}" source_subnet = "${var.vpn_source_subnet}" }