From 399e3d8f410cafe1d378e66cad7f8ee269f4d186 Mon Sep 17 00:00:00 2001 From: afewell Date: Fri, 7 Jun 2024 13:21:43 -0700 Subject: [PATCH] adding concourse.tf --- .../README.md | 0 .../paving-gcp-concourse-pat/concourse.tf | 67 ++++++++ .../ops-manager-buckets.tf | 0 .../ops-manager-certs.tf | 0 .../ops-manager-dns.tf | 0 .../ops-manager-firewalls.tf | 0 .../ops-manager-iam.tf | 0 .../ops-manager-nat.tf | 0 .../ops-manager-network.tf | 0 .../ops-manager-outputs.tf | 0 .../ops-manager-subnets.tf | 0 .../ops-manager.tf | 0 .../provider.tf | 0 .../terraform.tfvars.example | 0 .../variables.tf | 0 .../versions.tf | 0 terraform/paving-gcp/pas-buckets.tf | 29 ---- terraform/paving-gcp/pas-dns.tf | 69 -------- terraform/paving-gcp/pas-firewalls.tf | 79 --------- terraform/paving-gcp/pas-lbs.tf | 159 ------------------ terraform/paving-gcp/pas-outputs.tf | 31 ---- terraform/paving-gcp/pas-subnets.tf | 6 - 22 files changed, 67 insertions(+), 373 deletions(-) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/README.md (100%) create mode 100644 terraform/paving-gcp-concourse-pat/concourse.tf rename terraform/{paving-gcp => paving-gcp-concourse-pat}/ops-manager-buckets.tf (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/ops-manager-certs.tf (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/ops-manager-dns.tf (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/ops-manager-firewalls.tf (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/ops-manager-iam.tf (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/ops-manager-nat.tf (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/ops-manager-network.tf (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/ops-manager-outputs.tf (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/ops-manager-subnets.tf (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/ops-manager.tf (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/provider.tf (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/terraform.tfvars.example (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/variables.tf (100%) rename terraform/{paving-gcp => paving-gcp-concourse-pat}/versions.tf (100%) delete mode 100644 terraform/paving-gcp/pas-buckets.tf delete mode 100644 terraform/paving-gcp/pas-dns.tf delete mode 100644 terraform/paving-gcp/pas-firewalls.tf delete mode 100644 terraform/paving-gcp/pas-lbs.tf delete mode 100644 terraform/paving-gcp/pas-outputs.tf delete mode 100644 terraform/paving-gcp/pas-subnets.tf diff --git a/terraform/paving-gcp/README.md b/terraform/paving-gcp-concourse-pat/README.md similarity index 100% rename from terraform/paving-gcp/README.md rename to terraform/paving-gcp-concourse-pat/README.md diff --git a/terraform/paving-gcp-concourse-pat/concourse.tf b/terraform/paving-gcp-concourse-pat/concourse.tf new file mode 100644 index 0000000..9e33c38 --- /dev/null +++ b/terraform/paving-gcp-concourse-pat/concourse.tf @@ -0,0 +1,67 @@ +resource "google_dns_record_set" "concourse" { + name = "ci.${var.environment_name}.${data.google_dns_managed_zone.hosted-zone.dns_name}" + type = "A" + ttl = 60 + + managed_zone = var.hosted_zone + + rrdatas = [google_compute_address.concourse.address] +} + +//create a load balancer for concourse +resource "google_compute_address" "concourse" { + name = "${var.environment_name}-concourse" +} + +resource "google_compute_firewall" "concourse" { + allow { + ports = ["443", "2222", "8000", "8443"] + protocol = "tcp" + } + + direction = "INGRESS" + name = "${var.environment_name}-concourse-open" + network = google_compute_network.network.self_link + source_ranges = ["0.0.0.0/0"] + target_tags = ["concourse"] +} + +resource "google_compute_forwarding_rule" "concourse_credhub" { + ip_address = google_compute_address.concourse.address + ip_protocol = "TCP" + name = "${var.environment_name}-concourse-credhub" + port_range = "8000-8000" + target = google_compute_target_pool.concourse_target_pool.self_link +} + +resource "google_compute_forwarding_rule" "concourse_ssh" { + ip_address = google_compute_address.concourse.address + ip_protocol = "TCP" + name = "${var.environment_name}-concourse-ssh" + port_range = "2222-2222" + target = google_compute_target_pool.concourse_target_pool.self_link +} + +resource "google_compute_forwarding_rule" "concourse_tcp" { + ip_address = google_compute_address.concourse.address + ip_protocol = "TCP" + name = "${var.environment_name}-concourse-tcp" + port_range = "443-443" + target = google_compute_target_pool.concourse_target_pool.self_link +} + +resource "google_compute_forwarding_rule" "concourse_uaa" { + ip_address = google_compute_address.concourse.address + ip_protocol = "TCP" + name = "${var.environment_name}-concourse-uaa" + port_range = "8443-8443" + target = google_compute_target_pool.concourse_target_pool.self_link +} + +resource "google_compute_target_pool" "concourse_target_pool" { + name = "${var.environment_name}-concourse" +} + +output "concourse_url" { + value = replace(replace("${google_dns_record_set.concourse.name}", "/\.$/", ""), "*.", "") +} \ No newline at end of file diff --git a/terraform/paving-gcp/ops-manager-buckets.tf b/terraform/paving-gcp-concourse-pat/ops-manager-buckets.tf similarity index 100% rename from terraform/paving-gcp/ops-manager-buckets.tf rename to terraform/paving-gcp-concourse-pat/ops-manager-buckets.tf diff --git a/terraform/paving-gcp/ops-manager-certs.tf b/terraform/paving-gcp-concourse-pat/ops-manager-certs.tf similarity index 100% rename from terraform/paving-gcp/ops-manager-certs.tf rename to terraform/paving-gcp-concourse-pat/ops-manager-certs.tf diff --git a/terraform/paving-gcp/ops-manager-dns.tf b/terraform/paving-gcp-concourse-pat/ops-manager-dns.tf similarity index 100% rename from terraform/paving-gcp/ops-manager-dns.tf rename to terraform/paving-gcp-concourse-pat/ops-manager-dns.tf diff --git a/terraform/paving-gcp/ops-manager-firewalls.tf b/terraform/paving-gcp-concourse-pat/ops-manager-firewalls.tf similarity index 100% rename from terraform/paving-gcp/ops-manager-firewalls.tf rename to terraform/paving-gcp-concourse-pat/ops-manager-firewalls.tf diff --git a/terraform/paving-gcp/ops-manager-iam.tf b/terraform/paving-gcp-concourse-pat/ops-manager-iam.tf similarity index 100% rename from terraform/paving-gcp/ops-manager-iam.tf rename to terraform/paving-gcp-concourse-pat/ops-manager-iam.tf diff --git a/terraform/paving-gcp/ops-manager-nat.tf b/terraform/paving-gcp-concourse-pat/ops-manager-nat.tf similarity index 100% rename from terraform/paving-gcp/ops-manager-nat.tf rename to terraform/paving-gcp-concourse-pat/ops-manager-nat.tf diff --git a/terraform/paving-gcp/ops-manager-network.tf b/terraform/paving-gcp-concourse-pat/ops-manager-network.tf similarity index 100% rename from terraform/paving-gcp/ops-manager-network.tf rename to terraform/paving-gcp-concourse-pat/ops-manager-network.tf diff --git a/terraform/paving-gcp/ops-manager-outputs.tf b/terraform/paving-gcp-concourse-pat/ops-manager-outputs.tf similarity index 100% rename from terraform/paving-gcp/ops-manager-outputs.tf rename to terraform/paving-gcp-concourse-pat/ops-manager-outputs.tf diff --git a/terraform/paving-gcp/ops-manager-subnets.tf b/terraform/paving-gcp-concourse-pat/ops-manager-subnets.tf similarity index 100% rename from terraform/paving-gcp/ops-manager-subnets.tf rename to terraform/paving-gcp-concourse-pat/ops-manager-subnets.tf diff --git a/terraform/paving-gcp/ops-manager.tf b/terraform/paving-gcp-concourse-pat/ops-manager.tf similarity index 100% rename from terraform/paving-gcp/ops-manager.tf rename to terraform/paving-gcp-concourse-pat/ops-manager.tf diff --git a/terraform/paving-gcp/provider.tf b/terraform/paving-gcp-concourse-pat/provider.tf similarity index 100% rename from terraform/paving-gcp/provider.tf rename to terraform/paving-gcp-concourse-pat/provider.tf diff --git a/terraform/paving-gcp/terraform.tfvars.example b/terraform/paving-gcp-concourse-pat/terraform.tfvars.example similarity index 100% rename from terraform/paving-gcp/terraform.tfvars.example rename to terraform/paving-gcp-concourse-pat/terraform.tfvars.example diff --git a/terraform/paving-gcp/variables.tf b/terraform/paving-gcp-concourse-pat/variables.tf similarity index 100% rename from terraform/paving-gcp/variables.tf rename to terraform/paving-gcp-concourse-pat/variables.tf diff --git a/terraform/paving-gcp/versions.tf b/terraform/paving-gcp-concourse-pat/versions.tf similarity index 100% rename from terraform/paving-gcp/versions.tf rename to terraform/paving-gcp-concourse-pat/versions.tf diff --git a/terraform/paving-gcp/pas-buckets.tf b/terraform/paving-gcp/pas-buckets.tf deleted file mode 100644 index 32a9786..0000000 --- a/terraform/paving-gcp/pas-buckets.tf +++ /dev/null @@ -1,29 +0,0 @@ -resource "google_storage_bucket" "buildpacks" { - name = "${var.project}-${var.environment_name}-buildpacks-${random_integer.bucket_suffix.result}" - force_destroy = true - location = var.location -} - -resource "google_storage_bucket" "droplets" { - name = "${var.project}-${var.environment_name}-droplets-${random_integer.bucket_suffix.result}" - force_destroy = true - location = var.location -} - -resource "google_storage_bucket" "packages" { - name = "${var.project}-${var.environment_name}-packages-${random_integer.bucket_suffix.result}" - force_destroy = true - location = var.location -} - -resource "google_storage_bucket" "resources" { - name = "${var.project}-${var.environment_name}-resources-${random_integer.bucket_suffix.result}" - force_destroy = true - location = var.location -} - -resource "google_storage_bucket" "backup" { - name = "${var.project}-${var.environment_name}-backup-${random_integer.bucket_suffix.result}" - force_destroy = true - location = var.location -} diff --git a/terraform/paving-gcp/pas-dns.tf b/terraform/paving-gcp/pas-dns.tf deleted file mode 100644 index 5ce1e33..0000000 --- a/terraform/paving-gcp/pas-dns.tf +++ /dev/null @@ -1,69 +0,0 @@ -resource "google_dns_record_set" "wildcard-sys" { - name = "*.sys.${var.environment_name}.${data.google_dns_managed_zone.hosted-zone.dns_name}" - type = "A" - ttl = 300 - - managed_zone = var.hosted_zone - - rrdatas = [google_compute_global_address.http-lb.address] -} - -resource "google_dns_record_set" "wildcard-apps" { - name = "*.apps.${var.environment_name}.${data.google_dns_managed_zone.hosted-zone.dns_name}" - type = "A" - ttl = 300 - - managed_zone = var.hosted_zone - - rrdatas = [google_compute_global_address.http-lb.address] -} - -resource "google_dns_record_set" "wildcard-websocket" { - name = "*.ws.${var.environment_name}.${data.google_dns_managed_zone.hosted-zone.dns_name}" - type = "A" - ttl = 300 - - managed_zone = var.hosted_zone - - rrdatas = [google_compute_address.websocket-lb.address] -} - -resource "google_dns_record_set" "doppler-sys" { - name = "doppler.sys.${var.environment_name}.${data.google_dns_managed_zone.hosted-zone.dns_name}" - type = "A" - ttl = 300 - - managed_zone = var.hosted_zone - - rrdatas = [google_compute_address.websocket-lb.address] -} - -resource "google_dns_record_set" "loggregator-sys" { - name = "loggregator.sys.${var.environment_name}.${data.google_dns_managed_zone.hosted-zone.dns_name}" - type = "A" - ttl = 300 - - managed_zone = var.hosted_zone - - rrdatas = [google_compute_address.websocket-lb.address] -} - -resource "google_dns_record_set" "ssh" { - name = "ssh.sys.${var.environment_name}.${data.google_dns_managed_zone.hosted-zone.dns_name}" - type = "A" - ttl = 300 - - managed_zone = var.hosted_zone - - rrdatas = [google_compute_address.ssh-lb.address] -} - -resource "google_dns_record_set" "tcp" { - name = "tcp.${var.environment_name}.${data.google_dns_managed_zone.hosted-zone.dns_name}" - type = "A" - ttl = 300 - - managed_zone = var.hosted_zone - - rrdatas = [google_compute_address.tcp-lb.address] -} diff --git a/terraform/paving-gcp/pas-firewalls.tf b/terraform/paving-gcp/pas-firewalls.tf deleted file mode 100644 index a9d6238..0000000 --- a/terraform/paving-gcp/pas-firewalls.tf +++ /dev/null @@ -1,79 +0,0 @@ -resource "google_compute_firewall" "tcp-lb-health-check" { - name = "${var.environment_name}-tcp-lb-health-check" - network = google_compute_network.network.name - - direction = "INGRESS" - - allow { - protocol = "tcp" - ports = ["80"] - } - - source_ranges = ["130.211.0.0/22", "35.191.0.0/16"] - - target_tags = ["${var.environment_name}-tcp-lb"] -} - -resource "google_compute_firewall" "tcp-lb" { - name = "${var.environment_name}-tcp-lb-firewall" - network = google_compute_network.network.name - - direction = "INGRESS" - - allow { - protocol = "tcp" - ports = ["1024-65535"] - } - - source_ranges = var.ingress_source_ranges - - target_tags = ["${var.environment_name}-tcp-lb"] -} - -resource "google_compute_firewall" "websocket-lb-health-check" { - name = "${var.environment_name}-websocket-lb-health-check" - network = google_compute_network.network.name - - direction = "INGRESS" - - allow { - protocol = "tcp" - ports = ["8080"] - } - - source_ranges = ["130.211.0.0/22", "35.191.0.0/16"] - - target_tags = [google_compute_http_health_check.websocket-lb.name] -} - -resource "google_compute_firewall" "websocket-lb" { - name = "${var.environment_name}-websocket-lb-firewall" - network = google_compute_network.network.name - - direction = "INGRESS" - - allow { - protocol = "tcp" - ports = ["80", "443"] - } - - source_ranges = var.ingress_source_ranges - - target_tags = ["${var.environment_name}-websocket-lb"] -} - -resource "google_compute_firewall" "http-lb" { - name = "${var.environment_name}-http-lb-firewall" - network = google_compute_network.network.self_link - - direction = "INGRESS" - - allow { - protocol = "tcp" - ports = ["80", "443"] - } - - source_ranges = var.ingress_source_ranges - - target_tags = ["${var.environment_name}-http-lb"] -} diff --git a/terraform/paving-gcp/pas-lbs.tf b/terraform/paving-gcp/pas-lbs.tf deleted file mode 100644 index d9deaea..0000000 --- a/terraform/paving-gcp/pas-lbs.tf +++ /dev/null @@ -1,159 +0,0 @@ -# HTTP/S -resource "google_compute_backend_service" "http-lb" { - name = "${var.environment_name}-http-lb" - port_name = "http" - protocol = "HTTP" - timeout_sec = 900 - enable_cdn = false - - dynamic "backend" { - for_each = { for group in google_compute_instance_group.http-lb.* : group.self_link => group } - iterator = instance_group - content { - group = instance_group.value.self_link - } - } - - health_checks = [google_compute_http_health_check.http-lb.self_link] -} - -resource "google_compute_instance_group" "http-lb" { - name = "${var.environment_name}-http-lb-${count.index}" - zone = element(var.availability_zones, count.index) - - count = length(var.availability_zones) -} - -resource "google_compute_global_address" "http-lb" { - name = "${var.environment_name}-http-lb" -} - -resource "google_compute_url_map" "https-lb" { - name = "${var.environment_name}-https-lb" - - default_service = google_compute_backend_service.http-lb.self_link -} - -resource "google_compute_target_http_proxy" "http-lb" { - name = "${var.environment_name}-http-lb" - url_map = google_compute_url_map.https-lb.self_link -} - -resource "google_compute_target_https_proxy" "https-lb" { - name = "${var.environment_name}-https-lb" - url_map = google_compute_url_map.https-lb.self_link - ssl_certificates = [google_compute_ssl_certificate.certificate.self_link] -} - -resource "google_compute_global_forwarding_rule" "http-lb-80" { - name = "${var.environment_name}-http-lb" - ip_address = google_compute_global_address.http-lb.address - target = google_compute_target_http_proxy.http-lb.self_link - port_range = "80" -} - -resource "google_compute_global_forwarding_rule" "https-lb-443" { - name = "${var.environment_name}-https-lb" - ip_address = google_compute_global_address.http-lb.address - target = google_compute_target_https_proxy.https-lb.self_link - port_range = "443" -} - -resource "google_compute_http_health_check" "http-lb" { - name = "${var.environment_name}-http-lb-health-check" - port = 8080 - request_path = "/health" - check_interval_sec = 5 - timeout_sec = 3 - healthy_threshold = 6 - unhealthy_threshold = 3 -} - -# SSH -resource "google_compute_address" "ssh-lb" { - name = "${var.environment_name}-ssh-lb" -} - -resource "google_compute_forwarding_rule" "ssh-lb-2222" { - name = "${var.environment_name}-ssh-lb" - ip_address = google_compute_address.ssh-lb.address - target = google_compute_target_pool.ssh-lb.self_link - port_range = "2222" - ip_protocol = "TCP" -} - -resource "google_compute_target_pool" "ssh-lb" { - name = "${var.environment_name}-ssh-lb" -} - -# TCP -locals { - tcp_ports = ["1024-1123"] -} - -resource "google_compute_address" "tcp-lb" { - name = "${var.environment_name}-tcp-lb" -} - -resource "google_compute_forwarding_rule" "tcp-lb" { - name = "${var.environment_name}-tcp-lb-${count.index}" - ip_address = google_compute_address.tcp-lb.address - target = google_compute_target_pool.tcp-lb.self_link - port_range = element(local.tcp_ports, count.index) - ip_protocol = "TCP" - - count = length(local.tcp_ports) -} - -resource "google_compute_target_pool" "tcp-lb" { - name = "${var.environment_name}-tcp-lb" - - health_checks = [google_compute_http_health_check.tcp-lb.name] -} - -resource "google_compute_http_health_check" "tcp-lb" { - name = "${var.environment_name}-tcp-lb-health-check" - port = 80 - request_path = "/health" - check_interval_sec = 30 - timeout_sec = 5 - healthy_threshold = 10 - unhealthy_threshold = 2 -} - -# Web -resource "google_compute_address" "websocket-lb" { - name = "${var.environment_name}-websocket-lb" -} - -resource "google_compute_forwarding_rule" "websocket-lb-80" { - name = "${var.environment_name}-websocket-lb-80" - ip_address = google_compute_address.websocket-lb.address - target = google_compute_target_pool.websocket-lb.self_link - port_range = "80" - ip_protocol = "TCP" -} - -resource "google_compute_forwarding_rule" "websocket-lb-443" { - name = "${var.environment_name}-websocket-lb-443" - ip_address = google_compute_address.websocket-lb.address - target = google_compute_target_pool.websocket-lb.self_link - port_range = "443" - ip_protocol = "TCP" -} - -resource "google_compute_target_pool" "websocket-lb" { - name = "${var.environment_name}-websocket-lb" - - health_checks = [google_compute_http_health_check.websocket-lb.self_link] -} - -resource "google_compute_http_health_check" "websocket-lb" { - name = "${var.environment_name}-websocket-lb" - port = 8080 - request_path = "/health" - check_interval_sec = 5 - timeout_sec = 3 - healthy_threshold = 6 - unhealthy_threshold = 3 -} diff --git a/terraform/paving-gcp/pas-outputs.tf b/terraform/paving-gcp/pas-outputs.tf deleted file mode 100644 index 12c69d3..0000000 --- a/terraform/paving-gcp/pas-outputs.tf +++ /dev/null @@ -1,31 +0,0 @@ -locals { - stable_config_pas = { - pas_subnet_name = google_compute_subnetwork.pas.name - pas_subnet_cidr = google_compute_subnetwork.pas.ip_cidr_range - pas_subnet_gateway = google_compute_subnetwork.pas.gateway_address - pas_subnet_reserved_ip_ranges = "${cidrhost(google_compute_subnetwork.pas.ip_cidr_range, 1)}-${cidrhost(google_compute_subnetwork.pas.ip_cidr_range, 9)}" - - buildpacks_bucket_name = google_storage_bucket.buildpacks.name - droplets_bucket_name = google_storage_bucket.droplets.name - packages_bucket_name = google_storage_bucket.packages.name - resources_bucket_name = google_storage_bucket.resources.name - backup_bucket_name = google_storage_bucket.backup.name - - http_backend_service_name = google_compute_backend_service.http-lb.name - ssh_target_pool_name = google_compute_target_pool.ssh-lb.name - tcp_target_pool_name = google_compute_target_pool.tcp-lb.name - web_target_pool_name = google_compute_target_pool.websocket-lb.name - - sys_dns_domain = replace(replace(google_dns_record_set.wildcard-sys.name, "/\\.$/", ""), "*.", "") - apps_dns_domain = replace(replace(google_dns_record_set.wildcard-apps.name, "/\\.$/", ""), "*.", "") - doppler_dns = replace(google_dns_record_set.doppler-sys.name, "/\\.$/", "") - loggregator_dns = replace(google_dns_record_set.loggregator-sys.name, "/\\.$/", "") - ssh_dns = replace(google_dns_record_set.ssh.name, "/\\.$/", "") - tcp_dns = replace(google_dns_record_set.tcp.name, "/\\.$/", "") - } -} - -output "stable_config_pas" { - value = jsonencode(local.stable_config_pas) - sensitive = true -} diff --git a/terraform/paving-gcp/pas-subnets.tf b/terraform/paving-gcp/pas-subnets.tf deleted file mode 100644 index 35a1b9c..0000000 --- a/terraform/paving-gcp/pas-subnets.tf +++ /dev/null @@ -1,6 +0,0 @@ -resource "google_compute_subnetwork" "pas" { - name = "${var.environment_name}-pas-subnet" - ip_cidr_range = local.pas_subnet_cidr - network = google_compute_network.network.self_link - region = var.region -}