## State storage terraform { backend "s3" {} } ## AWS provider "aws" { region = "us-east-1" } variable "gitlab_com_zone_id" {} variable "gitlab_net_zone_id" {} ## Google provider "google" { version = "~> 1.8.0" project = "${var.project}" region = "${var.region}" } ################################## # # Allow internal traffic # ################################# resource "google_compute_firewall" "allow-internal" { name = "allow-internal-${var.environment}" network = "${module.network.self_link}" allow { protocol = "all" } source_ranges = ["10.0.0.0/8"] } resource "google_compute_firewall" "allow-lb-traffic" { name = "allow-lb-traffic-${var.environment}" network = "${module.network.self_link}" allow { protocol = "all" } source_ranges = ["130.211.0.0/22", "35.191.0.0/16"] } /* ################################## # # NAT gateway # ################################# module "nat" { source = "GoogleCloudPlatform/nat-gateway/google" region = "${var.region}" network = "gprd" } */ ################################## # # Network # ################################# module "network" { source = "../../modules/google/vpc" project = "${var.project}" environment = "${var.environment}" } ################################## # # Web front-end # ################################# module "web" { bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-fe-web]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["web"]}" machine_type = "${var.machine_types["web"]}" name = "web" node_count = "${var.node_count["web"]}" project = "${var.project}" public_ports = "${var.public_ports["web"]}" region = "${var.region}" source = "../../modules/google/generic-sv-with-group" tier = "sv" health_check = "tcp" service_port = 443 vpc = "${module.network.self_link}" } ################################## # # API # ################################# module "api" { bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-fe-api]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["api"]}" machine_type = "${var.machine_types["api"]}" name = "api" node_count = "${var.node_count["api"]}" project = "${var.project}" public_ports = "${var.public_ports["api"]}" region = "${var.region}" source = "../../modules/google/generic-sv-with-group" health_check = "tcp" service_port = 443 tier = "sv" vpc = "${module.network.self_link}" } ################################## # # Git # ################################## module "git" { bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-fe-git]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["git"]}" machine_type = "${var.machine_types["git"]}" name = "git" node_count = "${var.node_count["git"]}" project = "${var.project}" public_ports = "${var.public_ports["git"]}" region = "${var.region}" source = "../../modules/google/generic-sv-with-group" health_check = "tcp" service_port = 22 tier = "sv" vpc = "${module.network.self_link}" } ################################## # # registry front-end # ################################# module "registry" { bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-fe-registry]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["registry"]}" machine_type = "${var.machine_types["registry"]}" name = "registry" node_count = "${var.node_count["registry"]}" project = "${var.project}" public_ports = "${var.public_ports["registry"]}" region = "${var.region}" source = "../../modules/google/generic-sv-with-group" health_check = "tcp" service_port = 22 tier = "sv" vpc = "${module.network.self_link}" } ################################## # # Database # ################################# module "postgres" { bootstrap_version = 3 data_disk_size = 5000 data_disk_type = "pd-ssd" chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-db-postgres]\",\"role[${var.environment}-base-db-postgres-replication]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["db"]}" machine_type = "${var.machine_types["db"]}" name = "postgres" node_count = "${var.node_count["db"]}" project = "${var.project}" public_ports = "${var.public_ports["db"]}" region = "${var.region}" source = "../../modules/google/generic-stor" tier = "db" vpc = "${module.network.self_link}" } module "pg-bouncer" { bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-db-pgbouncer]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["pgb"]}" machine_type = "${var.machine_types["pgb"]}" name = "pgbouncer" node_count = "${var.node_count["pgb"]}" project = "${var.project}" public_ports = "${var.public_ports["pgb"]}" region = "${var.region}" source = "../../modules/google/generic-sv-with-group" health_check = "tcp" service_port = 22 tier = "db" vpc = "${module.network.self_link}" } module "geo-postgres" { bootstrap_version = 3 data_disk_size = 5000 data_disk_type = "pd-ssd" chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-db-geo-postgres]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["geodb"]}" machine_type = "${var.machine_types["geodb"]}" name = "geo-postgres" node_count = "${var.node_count["geodb"]}" project = "${var.project}" public_ports = "${var.public_ports["geodb"]}" region = "${var.region}" source = "../../modules/google/generic-stor" tier = "db" vpc = "${module.network.self_link}" } ################################## # # Redis # ################################## module "redis" { bootstrap_version = 3 data_disk_size = 100 data_disk_type = "pd-ssd" chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-db-redis-server-single]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["redis"]}" machine_type = "${var.machine_types["redis"]}" name = "redis" node_count = "${var.node_count["redis"]}" project = "${var.project}" public_ports = "${var.public_ports["redis"]}" region = "${var.region}" source = "../../modules/google/generic-stor" tier = "db" vpc = "${module.network.self_link}" } module "redis-cache" { bootstrap_version = 3 chef_run_list = "\"role[gprd-base-db-redis-server-cache]\"" data_disk_size = 100 data_disk_type = "pd-ssd" chef_provision = "${var.chef_provision}" chef_run_list = "${var.empty_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["redis-cache"]}" machine_type = "${var.machine_types["redis-cache"]}" name = "redis-cache" node_count = "${var.node_count["redis-cache"]}" project = "${var.project}" public_ports = "${var.public_ports["redis-cache"]}" region = "${var.region}" source = "../../modules/google/generic-stor" tier = "db" vpc = "${module.network.self_link}" } ################################## # # Sidekiq # ################################## module "sidekiq" { bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-be-sidekiq-besteffort]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["sidekiq"]}" machine_type = "${var.machine_types["sidekiq-besteffort"]}" name = "sidekiq" project = "${var.project}" public_ports = "${var.public_ports["sidekiq"]}" region = "${var.region}" sidekiq_asap_count = "${var.node_count["sidekiq-asap"]}" sidekiq_asap_instance_type = "${var.machine_types["sidekiq-asap"]}" sidekiq_besteffort_count = "${var.node_count["sidekiq-besteffort"]}" sidekiq_besteffort_instance_type = "${var.machine_types["sidekiq-besteffort"]}" sidekiq_traces_count = "${var.node_count["sidekiq-traces"]}" sidekiq_traces_instance_type = "${var.machine_types["sidekiq-traces"]}" sidekiq_elasticsearch_count = "${var.node_count["sidekiq-elasticsearch"]}" sidekiq_elasticsearch_instance_type = "${var.machine_types["sidekiq-elasticsearch"]}" sidekiq_pages_count = "${var.node_count["sidekiq-pages"]}" sidekiq_pages_instance_type = "${var.machine_types["sidekiq-pages"]}" sidekiq_pipeline_count = "${var.node_count["sidekiq-pipeline"]}" sidekiq_pipeline_instance_type = "${var.machine_types["sidekiq-pipeline"]}" sidekiq_pullmirror_count = "${var.node_count["sidekiq-pullmirror"]}" sidekiq_pullmirror_instance_type = "${var.machine_types["sidekiq-pullmirror"]}" sidekiq_realtime_count = "${var.node_count["sidekiq-realtime"]}" sidekiq_realtime_instance_type = "${var.machine_types["sidekiq-realtime"]}" source = "../../modules/google/generic-sv-sidekiq" tier = "sv" vpc = "${module.network.self_link}" } ################################## # # Mailroom # ################################## module "mailroom" { bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-be-mailroom]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["mailroom"]}" machine_type = "${var.machine_types["mailroom"]}" name = "mailroom" node_count = "${var.node_count["mailroom"]}" project = "${var.project}" public_ports = "${var.public_ports["mailroom"]}" region = "${var.region}" source = "../../modules/google/generic-sv-with-group" health_check = "tcp" service_port = 22 tier = "sv" vpc = "${module.network.self_link}" } ################################## # # Storage nodes for repositories # ################################## module "file" { bootstrap_version = 3 data_disk_size = 16000 data_disk_type = "pd-ssd" chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-stor-nfs]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["stor"]}" machine_type = "${var.machine_types["stor"]}" name = "file" node_count = "${var.node_count["stor"]}" project = "${var.project}" public_ports = "${var.public_ports["stor"]}" region = "${var.region}" source = "../../modules/google/generic-stor" tier = "stor" vpc = "${module.network.self_link}" zone = "us-east1-c" } ################################## # # Storage nodes for # uploads/lfs/pages/artifacts/builds/cache # # share: # gitlab-ci/builds # gitlab-rails/shared/cache # gitlab-rails/shared/tmp # gitlab-rails/uploads # # lfs: # gitlab-rails/shared/lfs-objects # # pages: # gitlab-rails/shared/pages # # artifacts: # gitlab-rails/shared/artifacts # ################################## module "share" { bootstrap_version = 3 data_disk_size = 16000 data_disk_type = "pd-standard" chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-stor]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["share"]}" machine_type = "${var.machine_types["stor"]}" name = "share" node_count = "${var.node_count["share"]}" project = "${var.project}" public_ports = "${var.public_ports["stor"]}" region = "${var.region}" source = "../../modules/google/generic-stor-dynamic-ip" tier = "stor" vpc = "${module.network.self_link}" } module "lfs" { bootstrap_version = 3 data_disk_size = 16000 data_disk_type = "pd-standard" chef_run_list = "\"role[${var.environment}-base-stor]\"" chef_provision = "${var.chef_provision}" chef_run_list = "${var.empty_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["lfs"]}" machine_type = "${var.machine_types["stor"]}" name = "lfs" node_count = "${var.node_count["lfs"]}" project = "${var.project}" public_ports = "${var.public_ports["stor"]}" region = "${var.region}" source = "../../modules/google/generic-stor-dynamic-ip" tier = "stor" vpc = "${module.network.self_link}" } module "pages" { bootstrap_version = 3 chef_run_list = "\"role[${var.environment}-base-stor]\"" data_disk_size = 16000 data_disk_type = "pd-standard" chef_provision = "${var.chef_provision}" chef_run_list = "${var.empty_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["pages"]}" machine_type = "${var.machine_types["stor"]}" name = "pages" node_count = "${var.node_count["pages"]}" project = "${var.project}" public_ports = "${var.public_ports["stor"]}" region = "${var.region}" source = "../../modules/google/generic-stor-dynamic-ip" tier = "stor" vpc = "${module.network.self_link}" } module "artifacts" { bootstrap_version = 3 chef_run_list = "\"role[${var.environment}-base-stor]\"" data_disk_size = 32000 data_disk_type = "pd-standard" chef_provision = "${var.chef_provision}" chef_run_list = "${var.empty_chef_run_list}" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["artifacts"]}" machine_type = "${var.machine_types["stor"]}" name = "artifacts" node_count = "${var.node_count["artifacts"]}" project = "${var.project}" public_ports = "${var.public_ports["stor"]}" region = "${var.region}" source = "../../modules/google/generic-stor-dynamic-ip" tier = "stor" vpc = "${module.network.self_link}" } ################################## # # External LoadBalancer # ################################## module "fe-lb" { bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-lb-fe]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["fe-lb"]}" machine_type = "${var.machine_types["fe-lb"]}" name = "fe" node_count = "${var.node_count["fe-lb"]}" project = "${var.project}" public_ports = "${var.public_ports["fe-lb"]}" region = "${var.region}" source = "../../modules/google/generic-sv-with-group" health_check = "http" service_port = 7331 tier = "lb" vpc = "${module.network.self_link}" } ################################## # # External LoadBalancer Pages # ################################## module "fe-lb-pages" { bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-lb-pages]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["fe-lb-pages"]}" machine_type = "${var.machine_types["fe-lb"]}" name = "fe-pages" node_count = "${var.node_count["fe-lb-pages"]}" project = "${var.project}" public_ports = "${var.public_ports["fe-lb"]}" region = "${var.region}" source = "../../modules/google/generic-sv-with-group" health_check = "http" service_port = 7331 tier = "lb" vpc = "${module.network.self_link}" } ################################## # # External LoadBalancer AltSSH # ################################## module "fe-lb-altssh" { bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-lb-altssh]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["fe-lb-altssh"]}" machine_type = "${var.machine_types["fe-lb"]}" name = "fe-altssh" node_count = "${var.node_count["fe-lb-altssh"]}" project = "${var.project}" public_ports = "${var.public_ports["fe-lb"]}" region = "${var.region}" source = "../../modules/google/generic-sv-with-group" health_check = "http" service_port = 7331 tier = "lb" vpc = "${module.network.self_link}" } ################################## # # GCP TCP LoadBalancers # ################################## #### Load balancer for the main site module "gcp-tcp-lb" { name = "gcp-tcp-lb" lb_count = "${length(var.tcp_lbs["names"])}" names = "${var.tcp_lbs["names"]}" fqdn = "${var.lb_fqdn}" gitlab_com_zone_id = "${var.gitlab_com_zone_id}" environment = "${var.environment}" region = "${var.region}" project = "${var.project}" source = "../../modules/google/tcp-lb" targets = ["fe"] forwarding_port_ranges = "${var.tcp_lbs["forwarding_port_ranges"]}" health_check_ports = "${var.tcp_lbs["health_check_ports"]}" instances = ["${module.fe-lb.instances_self_link}"] } #### Load balancer for pages module "gcp-tcp-lb-pages" { name = "gcp-tcp-lb-pages" lb_count = "${length(var.tcp_lbs_pages["names"])}" names = "${var.tcp_lbs_pages["names"]}" fqdn = "${var.lb_fqdn_pages}" gitlab_com_zone_id = "${var.gitlab_com_zone_id}" environment = "${var.environment}" region = "${var.region}" project = "${var.project}" source = "../../modules/google/tcp-lb" targets = ["fe-pages"] forwarding_port_ranges = "${var.tcp_lbs_pages["forwarding_port_ranges"]}" health_check_ports = "${var.tcp_lbs_pages["health_check_ports"]}" instances = ["${module.fe-lb-pages.instances_self_link}"] } #### Load balancer for altssh module "gcp-tcp-lb-altssh" { name = "gcp-tcp-lb-altssh" lb_count = "${length(var.tcp_lbs_altssh["names"])}" names = "${var.tcp_lbs_altssh["names"]}" fqdn = "${var.lb_fqdn_altssh}" gitlab_com_zone_id = "${var.gitlab_com_zone_id}" environment = "${var.environment}" region = "${var.region}" project = "${var.project}" source = "../../modules/google/tcp-lb" targets = ["fe-altssh"] forwarding_port_ranges = "${var.tcp_lbs_altssh["forwarding_port_ranges"]}" health_check_ports = "${var.tcp_lbs_altssh["health_check_ports"]}" instances = ["${module.fe-lb-altssh.instances_self_link}"] } ################################## # # Consul # ################################## module "consul" { bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[gprd-infra-consul]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["consul"]}" machine_type = "${var.machine_types["consul"]}" name = "consul" node_count = "${var.node_count["consul"]}" project = "${var.project}" public_ports = "${var.public_ports["consul"]}" region = "${var.region}" source = "../../modules/google/generic-nodisk" tier = "inf" vpc = "${module.network.self_link}" } ################################## # # Monitoring # # Uses the monitoring module, this # creates a single instance behind # a load balancer with identity aware # proxy enabled. # ################################## resource "google_compute_subnetwork" "monitoring" { name = "${format("monitoring-%v", var.environment)}" network = "${module.network.self_link}" project = "${var.project}" region = "${var.region}" ip_cidr_range = "${var.subnetworks["monitoring"]}" private_ip_google_access = true } # resource "google_compute_firewall" "monitoring" { # name = "${format("monitoring-%v", var.environment)}" # network = "${module.network.self_link}" # # allow { # protocol = "tcp" # ports = ["${var.public_ports["monitoring"]}"] # } # # source_ranges = ["0.0.0.0/0"] # target_tags = ["${keys(var.monitoring_hosts)}"] # } ####################### # # load balancer for all hosts in this section # ####################### module "monitoring-lb" { subnetwork_name = "${google_compute_subnetwork.monitoring.name}" environment = "${var.environment}" source = "../../modules/google/monitoring-lb" name = "monitoring-lb" gitlab_com_zone_id = "${var.gitlab_com_zone_id}" project = "${var.project}" region = "${var.region}" gitlab_com_zone_id = "${var.gitlab_com_zone_id}" cert_link = "${var.monitoring_cert_link}" service_ports = ["${values(var.monitoring_hosts)}"] url_map = "${google_compute_url_map.monitoring-lb.self_link}" hosts = ["${keys(var.monitoring_hosts)}"] } ####################### module "performance" { bootstrap_version = 3 subnetwork_name = "${google_compute_subnetwork.monitoring.name}" attach_data_disk = true data_disk_size = 100 data_disk_type = "pd-standard" chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-private-grafana]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" machine_type = "${var.machine_types["monitoring"]}" name = "performance" project = "${var.project}" region = "${var.region}" source = "../../modules/google/monitoring" tier = "inf" persistent_disk_path = "/opt" service_port = "${var.monitoring_hosts["performance"]}" service_path = "/login" oauth2_client_id = "${var.oauth2_client_id_performance}" oauth2_client_secret = "${var.oauth2_client_secret_performance}" } module "prometheus" { bootstrap_version = 3 subnetwork_name = "${google_compute_subnetwork.monitoring.name}" attach_data_disk = true data_disk_size = 1000 data_disk_type = "pd-standard" chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-infra-prometheus]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" machine_type = "${var.machine_types["monitoring"]}" name = "prometheus" project = "${var.project}" region = "${var.region}" source = "../../modules/google/monitoring" tier = "inf" persistent_disk_path = "/opt/prometheus" service_port = "${var.monitoring_hosts["prometheus"]}" service_path = "/graph" oauth2_client_id = "${var.oauth2_client_id_prometheus}" oauth2_client_secret = "${var.oauth2_client_secret_prometheus}" } module "prometheus-app" { bootstrap_version = 3 subnetwork_name = "${google_compute_subnetwork.monitoring.name}" attach_data_disk = true data_disk_size = 1000 data_disk_type = "pd-standard" chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-infra-prometheus-app]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" machine_type = "${var.machine_types["monitoring"]}" name = "prometheus-app" project = "${var.project}" region = "${var.region}" source = "../../modules/google/monitoring" tier = "inf" persistent_disk_path = "/opt/prometheus" service_port = "${var.monitoring_hosts["prometheus-app"]}" service_path = "/graph" oauth2_client_id = "${var.oauth2_client_id_prometheus}" oauth2_client_secret = "${var.oauth2_client_secret_prometheus}" } module "kibana" { bootstrap_version = 3 subnetwork_name = "${google_compute_subnetwork.monitoring.name}" attach_data_disk = true data_disk_size = 100 data_disk_type = "pd-standard" chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-infra-kibana]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" machine_type = "${var.machine_types["monitoring"]}" name = "kibana" project = "${var.project}" region = "${var.region}" source = "../../modules/google/monitoring" tier = "inf" persistent_disk_path = "/opt" service_port = "${var.monitoring_hosts["kibana"]}" service_path = "/login" oauth2_client_id = "${var.oauth2_client_id_prometheus}" oauth2_client_secret = "${var.oauth2_client_secret_prometheus}" } module "alerts" { node_count = 1 bootstrap_version = 3 subnetwork_name = "${google_compute_subnetwork.monitoring.name}" attach_data_disk = true data_disk_size = 100 data_disk_type = "pd-standard" chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-infra-alerts]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" machine_type = "${var.machine_types["monitoring"]}" name = "alerts" project = "${var.project}" region = "${var.region}" source = "../../modules/google/monitoring-with-count" tier = "inf" persistent_disk_path = "/opt" service_port = "${var.monitoring_hosts["alerts"]}" oauth2_client_id = "${var.oauth2_client_id_prometheus}" oauth2_client_secret = "${var.oauth2_client_secret_prometheus}" health_check = "tcp" } ################################## # # Deploy # ################################## module "deploy" { block_project_ssh_keys = "TRUE" bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-deploy-node]\"" dns_zone_name = "${var.dns_zone_name}" enable_oslogin = "FALSE" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["deploy"]}" machine_type = "${var.machine_types["deploy"]}" name = "deploy" node_count = "${var.node_count["deploy"]}" project = "${var.project}" public_ports = "${var.public_ports["deploy"]}" region = "${var.region}" source = "../../modules/google/generic-sv-with-group" health_check = "tcp" service_port = 22 tier = "sv" vpc = "${module.network.self_link}" } ################################## # # Runner # ################################## module "runner" { bootstrap_version = 3 chef_provision = "${var.chef_provision}" chef_run_list = "\"role[${var.environment}-base-runner]\"" dns_zone_name = "${var.dns_zone_name}" environment = "${var.environment}" ip_cidr_range = "${var.subnetworks["runner"]}" machine_type = "${var.machine_types["runner"]}" name = "runner" node_count = "${var.node_count["runner"]}" project = "${var.project}" public_ports = "${var.public_ports["runner"]}" region = "${var.region}" source = "../../modules/google/generic-sv-with-group" health_check = "tcp" service_port = 22 tier = "sv" vpc = "${module.network.self_link}" } ################################## # # VPN connection to Azure # # Currently disabled as it isn't # necessary # ################################## # module "google-azure-vpn" { # source = "../../modules/google/vpn" # name = "gcp-azure-${var.environment}" # network_name = "${module.network.self_link}" # network_link = "${module.network.name}" # region = "${var.region}" # peer_ip = "${var.vpn_peer_address}" # shared_secret = "${var.vpn_shared_secret}" # dest_subnet = "${var.vpn_dest_subnet}" # source_subnet = "${var.vpn_source_subnet}" # }