Commit a2158326 authored by Alex Hanselka's avatar Alex Hanselka

add windows-ci environment

parent 80d8324c
......@@ -129,3 +129,19 @@ module "gitlab-ci" {
project_folder = local.top_level_project_folder
}
module "gitlab-ci-windows" {
source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/project.git?ref=v6.1.2"
api_services = distinct(
concat(
local.api_services["common"],
local.api_services["gitlab-ci"],
),
)
billing_account = var.billing_account
bucket_name_prefix = "155816"
project = "gitlab-ci-windows"
project_id = "gitlab-ci-windows"
project_folder = local.top_level_project_folder
}
resource "google_compute_firewall" "runners-manager" {
name = "runners-manager-to-vms"
direction = "INGRESS"
network = var.network
priority = 1000
target_tags = ["windows-runner"]
source_ranges = [
"10.1.0.0/16"
]
allow {
protocol = "tcp"
ports = ["5985-5986"]
}
}
resource "google_compute_firewall" "windows-runner-egress" {
name = "windows-runner-egress"
direction = "EGRESS"
network = var.network
priority = 1000
target_tags = ["windows-runner"]
allow {
protocol = "tcp"
ports = ["80", "443", "22", "1024-65535"]
}
}
#### Monitoring
resource "google_compute_firewall" "prometheus" {
name = "prometheus"
direction = "INGRESS"
network = var.network
priority = 1000
source_ranges = [
"104.209.180.217/32",
"104.209.189.215/32",
"13.77.80.142/32",
"40.70.72.145/32",
"13.68.87.12/32",
"52.225.221.89/32",
"52.184.190.120/32",
"35.185.93.139",
"35.185.46.150",
"35.227.108.10",
"35.237.14.194",
"35.227.109.92",
"35.237.131.211",
]
allow {
protocol = "tcp"
ports = [9090, 9100, 9402, 9145, 9393, 9000]
}
}
resource "google_compute_firewall" "thanos" {
name = "thanos"
description = "Prometheus Thanos access"
direction = "INGRESS"
network = var.network
priority = 1000
target_tags = ["prometheus-server"]
source_ranges = [
"35.227.109.92/32",
"35.237.131.211/32",
"35.227.203.148/32",
"130.211.36.217/32",
"35.237.55.26/32",
"35.237.254.196/32",
"104.196.117.149",
]
allow {
protocol = "tcp"
ports = [10901, 10902]
}
}
terraform {
backend "s3" {
bucket = "gitlab-com-infrastructure"
key = "terraform/windows-ci/terraform.tfstate"
region = "us-east-1"
}
}
provider "google" {
project = var.project
region = var.region
version = "~> 2.14.0"
}
# Didn't use the VPC module here because it creates firewall rules we don't want
resource "google_compute_network" "windows-ci-network" {
name = var.network
auto_create_subnetworks = false
}
# module "nat" {
# source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/cloud-nat.git?ref=v0.4.0"
# nat_ports_per_vm = 256
# nat_ip_count = 40
# network_name = var.network
# region = var.region
# }
resource "google_compute_subnetwork" "manager-subnet" {
name = "manager-subnet"
ip_cidr_range = "10.1.0.0/16"
region = var.region
network = google_compute_network.windows-ci-network.self_link
}
resource "google_compute_subnetwork" "runner-subnet" {
name = "runner-subnet"
ip_cidr_range = "10.2.0.0/16"
region = var.region
network = google_compute_network.windows-ci-network.self_link
}
\ No newline at end of file
variable "project" {
default = "gitlab-ci-windows"
}
variable "region" {
default = "us-east1"
}
variable "network" {
default = "windows-ci"
}
# See 1password
variable "miner_ips" {
type = list(string)
default = []
}
terraform {
required_version = ">= 0.12"
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment