...
 
Commits (1)
## State storage
terraform {
backend "s3" {}
}
## AWS
provider "aws" {
region = "us-east-1"
}
## Google
provider "google" {
version = "~> 1.18.0"
project = "${var.project}"
region = "${var.region}"
}
##################################
#
# Network
#
#################################
module "network" {
source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/vpc.git?ref=v1.0.0"
project = "${var.project}"
environment = "${var.environment}"
}
###############################################
#
# Load balancer and VM for the restore bastion
#
###############################################
module "gcp-tcp-lb-bastion" {
environment = "${var.environment}"
forwarding_port_ranges = "${var.tcp_lbs_bastion["forwarding_port_ranges"]}"
fqdns = "${var.lb_fqdns_bastion}"
gitlab_zone_id = "${var.gitlab_com_zone_id}"
health_check_ports = "${var.tcp_lbs_bastion["health_check_ports"]}"
instances = ["${module.bastion.instances_self_link}"]
lb_count = "${length(var.tcp_lbs_bastion["names"])}"
name = "gcp-tcp-lb-bastion"
names = "${var.tcp_lbs_bastion["names"]}"
project = "${var.project}"
region = "${var.region}"
session_affinity = "CLIENT_IP"
source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/tcp-lb.git?ref=v1.0.0"
targets = ["bastion"]
}
module "bastion" {
bootstrap_version = 6
chef_provision = "${var.chef_provision}"
chef_run_list = "\"role[${var.environment}-base-bastion]\""
dns_zone_name = "${var.dns_zone_name}"
environment = "${var.environment}"
health_check = "tcp"
ip_cidr_range = "${var.subnetworks["bastion"]}"
machine_type = "${var.machine_types["bastion"]}"
name = "bastion"
node_count = "${var.node_count["bastion"]}"
project = "${var.project}"
public_ports = "${var.public_ports["bastion"]}"
region = "${var.region}"
service_account_email = "${var.service_account_email}"
service_port = 22
source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/generic-sv-with-group.git?ref=v1.0.1"
tier = "inf"
use_new_node_name = true
vpc = "${module.network.self_link}"
}
variable "project" {
default = "gitlab-restore"
}
variable "region" {
default = "us-east1"
}
variable "environment" {
default = "restore"
}
variable "dns_zone_name" {
default = "gitlab.net"
}
variable "default_kernel_version" {
default = "4.15.0-1015"
}
variable "machine_types" {
type = "map"
default = {
"bastion" = "n1-standard-1"
}
}
variable "service_account_email" {
type = "string"
default = "terraform@gitlab-restore.iam.gserviceaccount.com"
}
# The restore network is allocated
# 10.250.0.0/16
variable "subnetworks" {
type = "map"
default = {
"bastion" = "10.250.2.0/24"
}
}
variable "public_ports" {
type = "map"
default = {
"bastion" = [22]
}
}
variable "node_count" {
type = "map"
default = {
"bastion" = 1
}
}
variable "chef_provision" {
type = "map"
description = "Configuration details for chef server"
default = {
bootstrap_bucket = "gitlab-restore-chef-bootstrap"
bootstrap_key = "gitlab-restore-bootstrap-validation"
bootstrap_keyring = "gitlab-restore-bootstrap"
server_url = "https://chef.gitlab.com/organizations/gitlab/"
user_name = "gitlab-ci"
user_key_path = ".chef.pem"
version = "12.22.5"
}
}
variable "lb_fqdns_bastion" {
type = "list"
default = ["lb-bastion.restore.gitlab.com"]
}
variable "tcp_lbs_bastion" {
type = "map"
default = {
"names" = ["ssh"]
"forwarding_port_ranges" = ["22"]
"health_check_ports" = ["80"]
}
}