Commit 2e2bd1eb authored by John Jarvis's avatar John Jarvis

Merge branch 'master' into craigf/0.12upgrade-pre

parents 34f183e2 eae8d837
......@@ -66,7 +66,7 @@ format:
script: |
set +o pipefail
echo "running tf format" # there's no output for empty builds otherwise
fmt_diff=$(git diff-tree --no-commit-id --name-only -r ${CI_COMMIT_SHA} | grep '\.tf$' | xargs -I{} terraform fmt -write=false {} | sed '/^\s*$/d')
fmt_diff=$(git diff-tree --no-commit-id --name-only -r ${CI_COMMIT_SHA} | grep '\.tf$' | xargs -I{} bash -c 'cd "$(dirname {})" && terraform fmt -write=false "$(basename {})"' | sed '/^\s*$/d')
if test -n "$fmt_diff"; then
echo "******* Terraform formatting error:"
echo ""
......
resource "google_compute_firewall" "block_miners" {
name = "block-miners"
direction = "EGRESS"
network = "${var.network}"
network = var.network
priority = 1000
target_tags = ["docker-machine"]
destination_ranges = ["${var.miner_ips}"]
destination_ranges = var.miner_ips
deny {
protocol = "all"
......@@ -15,7 +15,7 @@ resource "google_compute_firewall" "block_miners" {
resource "google_compute_firewall" "docker_machine_deny_ingress" {
name = "docker-machine-block-ingress"
direction = "INGRESS"
network = "${var.network}"
network = var.network
priority = 65500
target_tags = ["docker-machine"]
......@@ -29,7 +29,7 @@ resource "google_compute_firewall" "docker_machine_deny_ingress" {
resource "google_compute_firewall" "docker_machines" {
name = "docker-machines"
direction = "INGRESS"
network = "${var.network}"
network = var.network
priority = 1000
target_tags = ["docker-machine"]
......@@ -44,7 +44,7 @@ resource "google_compute_firewall" "docker_machines" {
resource "google_compute_firewall" "prometheus" {
name = "prometheus"
direction = "INGRESS"
network = "${var.network}"
network = var.network
priority = 1000
source_ranges = [
......@@ -72,7 +72,7 @@ resource "google_compute_firewall" "prometheus" {
resource "google_compute_firewall" "runners_cache" {
name = "runners-cache"
direction = "INGRESS"
network = "${var.network}"
network = var.network
priority = 1000
source_ranges = ["174.138.71.155/32"]
......@@ -88,7 +88,7 @@ resource "google_compute_firewall" "thanos" {
name = "thanos"
description = "Prometheus Thanos access"
direction = "INGRESS"
network = "${var.network}"
network = var.network
priority = 1000
target_tags = ["prometheus-server"]
......@@ -112,7 +112,7 @@ resource "google_compute_firewall" "thanos" {
resource "google_compute_firewall" "windows_autoscaled_runner" {
name = "windows-autoscaled-runner"
direction = "INGRESS"
network = "${var.network}"
network = var.network
priority = 1000
target_tags = ["windows-autoscaled-runner"]
......@@ -123,3 +123,4 @@ resource "google_compute_firewall" "windows_autoscaled_runner" {
ports = [5985, 3389]
}
}
......@@ -7,7 +7,8 @@ terraform {
}
provider "google" {
project = "${var.project}"
region = "${var.region}"
project = var.project
region = var.region
version = "~> 2.12.0"
}
......@@ -12,6 +12,7 @@ variable "network" {
# See 1password
variable "miner_ips" {
type = "list"
type = list(string)
default = []
}
terraform {
required_version = ">= 0.12"
}
......@@ -4,8 +4,8 @@
# services
resource "google_compute_url_map" "monitoring-lb" {
name = "${format("%v-monitoring-lb", var.environment)}"
default_service = "${module.prometheus.google_compute_backend_service_self_link}"
name = format("%v-monitoring-lb", var.environment)
default_service = module.prometheus.google_compute_backend_service_self_link
host_rule {
hosts = ["prometheus.dr.gitlab.net"]
......@@ -14,11 +14,11 @@ resource "google_compute_url_map" "monitoring-lb" {
path_matcher {
name = "prometheus"
default_service = "${module.prometheus.google_compute_backend_service_self_link}"
default_service = module.prometheus.google_compute_backend_service_self_link
path_rule {
paths = ["/*"]
service = "${module.prometheus.google_compute_backend_service_self_link}"
service = module.prometheus.google_compute_backend_service_self_link
}
}
......@@ -30,11 +30,12 @@ resource "google_compute_url_map" "monitoring-lb" {
}
path_matcher {
name = "prometheus-app"
default_service = "${module.prometheus-app.google_compute_backend_service_self_link}"
default_service = module.prometheus-app.google_compute_backend_service_self_link
path_rule {
paths = ["/*"]
service = "${module.prometheus-app.google_compute_backend_service_self_link}"
service = module.prometheus-app.google_compute_backend_service_self_link
}
}
}
This diff is collapsed.
This diff is collapsed.
terraform {
required_version = ">= 0.12"
}
......@@ -7,7 +7,7 @@
resource "google_compute_firewall" "allow-dr-postgres" {
name = "allow-dr-postgres"
description = "Allows postgres traffic from our DR environment into gprd"
network = "${var.environment}"
network = var.environment
allow {
protocol = "tcp"
......@@ -38,20 +38,20 @@ resource "google_service_account" "dr-sa" {
resource "google_compute_network_peering" "peering-gitlab-analysis-default" {
name = "peering-gitlab-analysis-default"
network = "${var.network_env}"
network = var.network_env
peer_network = "https://www.googleapis.com/compute/v1/projects/gitlab-analysis/global/networks/default"
}
resource "google_compute_network_peering" "peering-gitlab-analysis-gitlab-analysis-vpc" {
name = "peering-gitlab-analysis-gitlab-analysis-vpc"
network = "${var.network_env}"
network = var.network_env
peer_network = "https://www.googleapis.com/compute/v1/projects/gitlab-analysis/global/networks/gitlab-analysis-vpc"
}
resource "google_compute_firewall" "allow-postgres-gitlab-analysis-default" {
name = "allow-postgres-gitlab-analysis-default"
description = "allow gitlab-analysis network default to access gprd network"
network = "${var.network_env}"
network = var.network_env
source_ranges = [
"10.52.0.0/14", # only from us-west1 default subnet
......@@ -70,7 +70,7 @@ resource "google_compute_firewall" "allow-postgres-gitlab-analysis-default" {
resource "google_compute_firewall" "allow-postgres-gitlab-analysis-gitlab-analysis-vpc" {
name = "allow-postgres-gitlab-analysis-gitlab-analysis-vpc"
description = "allow gitlab-analysis network gitlab-analysis-vpc to access gprd network"
network = "${var.network_env}"
network = var.network_env
source_ranges = [
"10.160.0.0/14", # only from us-west1 default subnet
......@@ -85,3 +85,4 @@ resource "google_compute_firewall" "allow-postgres-gitlab-analysis-gitlab-analys
ports = ["5432"]
}
}
......@@ -4,8 +4,8 @@
# services
resource "google_compute_url_map" "monitoring-lb" {
name = "${format("%v-monitoring-lb", var.environment)}"
default_service = "${module.prometheus.google_compute_backend_service_self_link}"
name = format("%v-monitoring-lb", var.environment)
default_service = module.prometheus.google_compute_backend_service_self_link
host_rule {
hosts = ["prometheus-app.gprd.gitlab.net"]
......@@ -14,11 +14,11 @@ resource "google_compute_url_map" "monitoring-lb" {
path_matcher {
name = "prometheus-app"
default_service = "${module.prometheus-app.google_compute_backend_service_self_link}"
default_service = module.prometheus-app.google_compute_backend_service_self_link
path_rule {
paths = ["/*"]
service = "${module.prometheus-app.google_compute_backend_service_self_link}"
service = module.prometheus-app.google_compute_backend_service_self_link
}
}
......@@ -29,11 +29,11 @@ resource "google_compute_url_map" "monitoring-lb" {
path_matcher {
name = "alerts"
default_service = "${module.alerts.google_compute_backend_service_self_link}"
default_service = module.alerts.google_compute_backend_service_self_link
path_rule {
paths = ["/*"]
service = "${module.alerts.google_compute_backend_service_self_link}"
service = module.alerts.google_compute_backend_service_self_link
}
}
......@@ -44,11 +44,11 @@ resource "google_compute_url_map" "monitoring-lb" {
path_matcher {
name = "prometheus"
default_service = "${module.prometheus.google_compute_backend_service_self_link}"
default_service = module.prometheus.google_compute_backend_service_self_link
path_rule {
paths = ["/*"]
service = "${module.prometheus.google_compute_backend_service_self_link}"
service = module.prometheus.google_compute_backend_service_self_link
}
}
......@@ -59,11 +59,12 @@ resource "google_compute_url_map" "monitoring-lb" {
path_matcher {
name = "prometheus-db"
default_service = "${module.prometheus-db.google_compute_backend_service_self_link}"
default_service = module.prometheus-db.google_compute_backend_service_self_link
path_rule {
paths = ["/*"]
service = "${module.prometheus-db.google_compute_backend_service_self_link}"
service = module.prometheus-db.google_compute_backend_service_self_link
}
}
}
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
terraform {
required_version = ">= 0.12"
}
......@@ -6,20 +6,20 @@
resource "google_compute_network_peering" "peering-gitlab-analysis-default" {
name = "peering-gitlab-analysis-default"
network = "${var.network_env}"
network = var.network_env
peer_network = "https://www.googleapis.com/compute/v1/projects/gitlab-analysis/global/networks/default"
}
resource "google_compute_network_peering" "peering-gitlab-analysis-gitlab-analysis-vpc" {
name = "peering-gitlab-analysis-gitlab-analysis-vpc"
network = "${var.network_env}"
network = var.network_env
peer_network = "https://www.googleapis.com/compute/v1/projects/gitlab-analysis/global/networks/gitlab-analysis-vpc"
}
resource "google_compute_firewall" "allow-postgres-gitlab-analysis-default" {
name = "allow-postgres-gitlab-analysis-default"
description = "allow gitlab-analysis network default to access gstg network"
network = "${var.network_env}"
network = var.network_env
source_ranges = [
"10.52.0.0/14", # only from us-west-1 default subnet
......@@ -38,7 +38,7 @@ resource "google_compute_firewall" "allow-postgres-gitlab-analysis-default" {
resource "google_compute_firewall" "allow-postgres-gitlab-analysis-gitlab-analysis-vpc" {
name = "allow-postgres-gitlab-analysis-gitlab-analysis-vpc"
description = "allow gitlab-analysis network gitlab-analysis-vpc to access gstg network"
network = "${var.network_env}"
network = var.network_env
source_ranges = [
"10.160.0.0/14", # only from us-west-1 default subnet
......@@ -53,3 +53,4 @@ resource "google_compute_firewall" "allow-postgres-gitlab-analysis-gitlab-analys
ports = ["5432"]
}
}
......@@ -4,8 +4,8 @@
# services
resource "google_compute_url_map" "monitoring-lb" {
name = "${format("%v-monitoring-lb", var.environment)}"
default_service = "${module.prometheus.google_compute_backend_service_self_link}"
name = format("%v-monitoring-lb", var.environment)
default_service = module.prometheus.google_compute_backend_service_self_link
###################################
......@@ -15,11 +15,11 @@ resource "google_compute_url_map" "monitoring-lb" {
}
path_matcher {
name = "prometheus"
default_service = "${module.prometheus.google_compute_backend_service_self_link}"
default_service = module.prometheus.google_compute_backend_service_self_link
path_rule {
paths = ["/*"]
service = "${module.prometheus.google_compute_backend_service_self_link}"
service = module.prometheus.google_compute_backend_service_self_link
}
}
......@@ -31,11 +31,11 @@ resource "google_compute_url_map" "monitoring-lb" {
}
path_matcher {
name = "prometheus-app"
default_service = "${module.prometheus-app.google_compute_backend_service_self_link}"
default_service = module.prometheus-app.google_compute_backend_service_self_link
path_rule {
paths = ["/*"]
service = "${module.prometheus-app.google_compute_backend_service_self_link}"
service = module.prometheus-app.google_compute_backend_service_self_link
}
}
......@@ -47,11 +47,12 @@ resource "google_compute_url_map" "monitoring-lb" {
}
path_matcher {
name = "prometheus-db"
default_service = "${module.prometheus-db.google_compute_backend_service_self_link}"
default_service = module.prometheus-db.google_compute_backend_service_self_link
path_rule {
paths = ["/*"]
service = "${module.prometheus-db.google_compute_backend_service_self_link}"
service = module.prometheus-db.google_compute_backend_service_self_link
}
}
}
This diff is collapsed.
This diff is collapsed.
terraform {
required_version = ">= 0.12"
}
......@@ -325,8 +325,8 @@ resource "google_compute_global_address" "plantuml-gke" {
}
resource "aws_route53_record" "plantuml-gke" {
zone_id = var.gitlab_com_zone_id
name = "plantuml.pre.gitlab.com"
zone_id = var.gitlab_static_net_zone_id
name = "pre.plantuml.gitlab-static.net"
type = "A"
ttl = "300"
records = [google_compute_global_address.plantuml-gke.address]
......
......@@ -6,8 +6,8 @@ variable "oauth2_client_id_monitoring" {
variable "oauth2_client_secret_monitoring" {
}
variable "gitlab_io_zone_id" {
}
variable "gitlab_io_zone_id" {}
variable "gitlab_static_net_zone_id" {}
variable "project" {
default = "gitlab-pre"
......
......@@ -15,6 +15,9 @@ provider "aws" {
locals {
zones = {
"gitlab.org" = "${var.gitlab_org_zone_id}"
"gitlab.io" = "${var.gitlab_io_zone_id}"
"gitlab.com" = "${var.gitlab_com_zone_id}"
"gitlap.com" = "${var.gitlap_com_zone_id}"
}
}
......@@ -28,6 +31,16 @@ resource "aws_route53_record" "default" {
records = ["${lookup(var.tls_domains, each.key, "nonssl.global.fastly.net")}"]
}
resource "aws_route53_record" "a_records" {
for_each = var.apex_redirects
zone_id = "${local.zones[regex("[\\w-]+\\.[\\w-]+$", each.key)]}"
name = each.key
type = "A"
ttl = "300"
records = var.tls_apex_domains_ips[each.key]
}
resource "fastly_service_v1" "redirects" {
name = "Domain redirects"
......@@ -39,7 +52,7 @@ resource "fastly_service_v1" "redirects" {
}
dynamic "domain" {
for_each = var.redirects
for_each = merge(var.redirects, var.apex_redirects)
content {
name = domain.key
......@@ -47,7 +60,7 @@ resource "fastly_service_v1" "redirects" {
}
dynamic "condition" {
for_each = var.redirects
for_each = merge(var.redirects, var.apex_redirects)
content {
name = "${condition.key} request"
......@@ -58,7 +71,7 @@ resource "fastly_service_v1" "redirects" {
}
dynamic "condition" {
for_each = var.redirects
for_each = merge(var.redirects, var.apex_redirects)
content {
name = "${condition.key} response"
......@@ -69,7 +82,7 @@ resource "fastly_service_v1" "redirects" {
}
dynamic "response_object" {
for_each = var.redirects
for_each = merge(var.redirects, var.apex_redirects)
content {
name = "${response_object.key} response"
......@@ -80,7 +93,7 @@ resource "fastly_service_v1" "redirects" {
}
dynamic "header" {
for_each = var.redirects
for_each = merge(var.redirects, var.apex_redirects)
content {
name = "${header.key} location"
......
variable "gitlab_org_zone_id" {}
variable "gitlab_io_zone_id" {}
variable "gitlab_com_zone_id" {}
variable "gitlap_com_zone_id" {}
variable "redirects" {
type = "map"
default = {
"api.gitlab.org" = "http://doc.gitlab.com/ce/api/"
"www.gitlab.org" = "https://about.gitlab.com/"
"www.gitlab.io" = "https://about.gitlab.com/"
"blog.gitlab.com" = "https://about.gitlab.com/blog/"
"blue-moon.gitlap.com" = "https://about.gitlab.com/"
}
}
variable "apex_redirects" {
type = "map"
default = {
"gitlab.org" = "https://about.gitlab.com/"
"gitlab.io" = "https://about.gitlab.com/"
}
}
......@@ -16,6 +32,29 @@ variable "tls_domains" {
type = "map"
default = {
"www.gitlab.org" = "h3.shared.global.fastly.net"
"www.gitlab.io" = "h3.shared.global.fastly.net"
"api.gitlab.org" = "h3.shared.global.fastly.net"
"blog.gitlab.com" = "h3.shared.global.fastly.net"
"blue-moon.gitlap.com" = "m2.shared.global.fastly.net"
}
}
variable "tls_apex_domains_ips" {
type = "map"
default = {
"gitlab.org" = [
"151.101.2.49",
"151.101.66.49",
"151.101.194.49",
"151.101.130.49"
]
"gitlab.io" = [
"151.101.2.49",
"151.101.66.49",
"151.101.194.49",
"151.101.130.49"
]
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment