Move terraform and kubernetes folder to be under proxy (#127)

* Move terraform and kubernetes folder to be under proxy

There is no reason for them to be under proxy/src/... any more now that
we have a Gradle-idiomatic folder structure.

proxy/src/main/java/google/registry/proxy/kubernetes/proxy-deployment-alpha.yaml

@@ -1,54 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: default
-  name: proxy-deployment
-  labels:
-    app: proxy
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: proxy
-  template:
-    metadata:
-      labels:
-        app: proxy
-    spec:
-      containers:
-      - name: proxy
-        image: gcr.io/GCP_PROJECT/proxy
-        ports:
-        - containerPort: 30000
-          name: health-check
-        - containerPort: 30001
-          name: whois
-        - containerPort: 30002
-          name: epp
-        - containerPort: 30010
-          name: http-whois
-        - containerPort: 30011
-          name: https-whois
-        readinessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        livenessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        imagePullPolicy: Always
-        args: ["--env", "alpha", "--log"]
-        env:
-        - name: POD_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: NAMESPACE_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: CONTAINER_NAME
-          value: proxy

proxy/src/main/java/google/registry/proxy/kubernetes/proxy-deployment-crash-canary.yaml

@@ -1,54 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: default
-  name: proxy-deployment-canary
-  labels:
-    app: proxy-canary
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: proxy-canary
-  template:
-    metadata:
-      labels:
-        app: proxy-canary
-    spec:
-      containers:
-      - name: proxy-canary
-        image: gcr.io/GCP_PROJECT/proxy
-        ports:
-        - containerPort: 30000
-          name: health-check
-        - containerPort: 30001
-          name: whois
-        - containerPort: 30002
-          name: epp
-        - containerPort: 30010
-          name: http-whois
-        - containerPort: 30011
-          name: https-whois
-        readinessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        livenessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        imagePullPolicy: Always
-        args: ["--env", "crash_canary", "--log"]
-        env:
-        - name: POD_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: NAMESPACE_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: CONTAINER_NAME
-          value: proxy-canary

proxy/src/main/java/google/registry/proxy/kubernetes/proxy-deployment-crash.yaml

@@ -1,54 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: default
-  name: proxy-deployment
-  labels:
-    app: proxy
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: proxy
-  template:
-    metadata:
-      labels:
-        app: proxy
-    spec:
-      containers:
-      - name: proxy
-        image: gcr.io/GCP_PROJECT/proxy
-        ports:
-        - containerPort: 30000
-          name: health-check
-        - containerPort: 30001
-          name: whois
-        - containerPort: 30002
-          name: epp
-        - containerPort: 30010
-          name: http-whois
-        - containerPort: 30011
-          name: https-whois
-        readinessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        livenessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        imagePullPolicy: Always
-        args: ["--env", "crash", "--log"]
-        env:
-        - name: POD_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: NAMESPACE_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: CONTAINER_NAME
-          value: proxy

proxy/src/main/java/google/registry/proxy/kubernetes/proxy-deployment-production-canary.yaml

@@ -1,55 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: default
-  name: proxy-deployment-canary
-  labels:
-    app: proxy-canary
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: proxy-canary
-  template:
-    metadata:
-      labels:
-        app: proxy-canary
-    spec:
-      containers:
-      - name: proxy-canary
-        image: gcr.io/GCP_PROJECT/proxy
-        ports:
-        - containerPort: 30000
-          name: health-check
-        - containerPort: 30001
-          name: whois
-        - containerPort: 30002
-          name: epp
-        - containerPort: 30010
-          name: http-whois
-        - containerPort: 30011
-          name: https-whois
-        readinessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        livenessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        imagePullPolicy: Always
-        args: ["--env", "production_canary"]
-        env:
-        - name: POD_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: NAMESPACE_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: CONTAINER_NAME
-          value: proxy-canary
-

proxy/src/main/java/google/registry/proxy/kubernetes/proxy-deployment-production.yaml

@@ -1,55 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: default
-  name: proxy-deployment
-  labels:
-    app: proxy
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: proxy
-  template:
-    metadata:
-      labels:
-        app: proxy
-    spec:
-      containers:
-      - name: proxy
-        image: gcr.io/GCP_PROJECT/proxy
-        ports:
-        - containerPort: 30000
-          name: health-check
-        - containerPort: 30001
-          name: whois
-        - containerPort: 30002
-          name: epp
-        - containerPort: 30010
-          name: http-whois
-        - containerPort: 30011
-          name: https-whois
-        readinessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        livenessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        imagePullPolicy: Always
-        args: ["--env", "production"]
-        env:
-        - name: POD_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: NAMESPACE_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: CONTAINER_NAME
-          value: proxy
-

proxy/src/main/java/google/registry/proxy/kubernetes/proxy-deployment-sandbox-canary.yaml

@@ -1,55 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: default
-  name: proxy-deployment-canary
-  labels:
-    app: proxy-canary
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: proxy-canary
-  template:
-    metadata:
-      labels:
-        app: proxy-canary
-    spec:
-      containers:
-      - name: proxy-canary
-        image: gcr.io/GCP_PROJECT/proxy
-        ports:
-        - containerPort: 30000
-          name: health-check
-        - containerPort: 30001
-          name: whois
-        - containerPort: 30002
-          name: epp
-        - containerPort: 30010
-          name: http-whois
-        - containerPort: 30011
-          name: https-whois
-        readinessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        livenessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        imagePullPolicy: Always
-        args: ["--env", "sandbox_canary", "--log"]
-        env:
-        - name: POD_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: NAMESPACE_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: CONTAINER_NAME
-          value: proxy-canary
-

proxy/src/main/java/google/registry/proxy/kubernetes/proxy-deployment-sandbox.yaml

@@ -1,55 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: default
-  name: proxy-deployment
-  labels:
-    app: proxy
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: proxy
-  template:
-    metadata:
-      labels:
-        app: proxy
-    spec:
-      containers:
-      - name: proxy
-        image: gcr.io/GCP_PROJECT/proxy
-        ports:
-        - containerPort: 30000
-          name: health-check
-        - containerPort: 30001
-          name: whois
-        - containerPort: 30002
-          name: epp
-        - containerPort: 30010
-          name: http-whois
-        - containerPort: 30011
-          name: https-whois
-        readinessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        livenessProbe:
-          tcpSocket:
-            port: health-check
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        imagePullPolicy: Always
-        args: ["--env", "sandbox", "--log"]
-        env:
-        - name: POD_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: NAMESPACE_ID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: CONTAINER_NAME
-          value: proxy
-

proxy/src/main/java/google/registry/proxy/kubernetes/proxy-service-canary.yaml

@@ -1,50 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  namespace: default
-  name: proxy-service-canary
-spec:
-  selector:
-    app: proxy-canary
-  ports:
-  - protocol: TCP
-    port: 30000
-    nodePort: 31000
-    targetPort: health-check
-    name: health-check
-  - protocol: TCP
-    port: 30001
-    nodePort: 31001
-    targetPort: whois
-    name: whois
-  - protocol: TCP
-    port: 30002
-    nodePort: 31002
-    targetPort: epp
-    name: epp
-  - protocol: TCP
-    port: 30010
-    nodePort: 31010
-    targetPort: http-whois
-    name: http-whois
-  - protocol: TCP
-    port: 30011
-    nodePort: 31011
-    targetPort: https-whois
-    name: https-whois
-  type: NodePort
----
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  namespace: default
-  name: proxy-autoscale-canary
-  labels:
-    app: proxy-canary
-spec:
-  scaleTargetRef:
-    apiVersion: extensions/v1beta1
-    kind: Deployment
-    name: proxy-deployment-canary
-  maxReplicas: 10
-  minReplicas: 1

proxy/src/main/java/google/registry/proxy/kubernetes/proxy-service.yaml

@@ -1,50 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  namespace: default
-  name: proxy-service
-spec:
-  selector:
-    app: proxy
-  ports:
-  - protocol: TCP
-    port: 30000
-    nodePort: 30000
-    targetPort: health-check
-    name: health-check
-  - protocol: TCP
-    port: 30001
-    nodePort: 30001
-    targetPort: whois
-    name: whois
-  - protocol: TCP
-    port: 30002
-    nodePort: 30002
-    targetPort: epp
-    name: epp
-  - protocol: TCP
-    port: 30010
-    nodePort: 30010
-    targetPort: http-whois
-    name: http-whois
-  - protocol: TCP
-    port: 30011
-    nodePort: 30011
-    targetPort: https-whois
-    name: https-whois
-  type: NodePort
----
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  namespace: default
-  name: proxy-autoscale
-  labels:
-    app: proxy
-spec:
-  scaleTargetRef:
-    apiVersion: extensions/v1beta1
-    kind: Deployment
-    name: proxy-deployment
-  maxReplicas: 10
-  minReplicas: 1

proxy/src/main/java/google/registry/proxy/terraform/example_config.tf

@@ -1,31 +0,0 @@
-terraform {
-  backend "gcs" {
-    # The name of the GCS bucket that stores the terraform.tfstate file.
-    bucket = "YOUR_GCS_BUCKET"
-    prefix = "terraform/state"
-  }
-}
-
-module "proxy" {
-  source                   = "../../modules"
-  proxy_project_name       = "YOUR_PROXY_PROJECT"
-  gcr_project_name         = "YOUR_GCR_PROJECT"
-  proxy_domain_name        = "YOUR_PROXY_DOMAIN"
-  proxy_certificate_bucket = "YOU_CERTIFICATE_BUCKET"
-}
-
-output "proxy_service_account" {
-  value = "${module.proxy.proxy_service_account}"
-}
-
-output "proxy_name_servers" {
-  value = "${module.proxy.proxy_name_servers}"
-}
-
-output "proxy_instance_groups" {
-  value = "${module.proxy.proxy_instance_groups}"
-}
-
-output "proxy_ip_addresses" {
-  value = "${module.proxy.proxy_ip_addresses}"
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/common.tf

@@ -1,4 +0,0 @@
-provider "google" {
-  version = ">= 1.13.0"
-  project = "${var.proxy_project_name}"
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/gcs.tf

@@ -1,10 +0,0 @@
-resource "google_storage_bucket" "proxy_certificate" {
-  name          = "${var.proxy_certificate_bucket}"
-  storage_class = "MULTI_REGIONAL"
-}
-
-resource "google_storage_bucket_iam_member" "member" {
-  bucket = "${google_storage_bucket.proxy_certificate.name}"
-  role   = "roles/storage.objectViewer"
-  member = "serviceAccount:${google_service_account.proxy_service_account.email}"
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/gke.tf

@@ -1,25 +0,0 @@
-module "proxy_gke_americas" {
-  source                      = "./gke"
-  proxy_cluster_region        = "americas"
-  proxy_service_account_email = "${google_service_account.proxy_service_account.email}"
-}
-
-module "proxy_gke_emea" {
-  source                      = "./gke"
-  proxy_cluster_region        = "emea"
-  proxy_service_account_email = "${google_service_account.proxy_service_account.email}"
-}
-
-module "proxy_gke_apac" {
-  source                      = "./gke"
-  proxy_cluster_region        = "apac"
-  proxy_service_account_email = "${google_service_account.proxy_service_account.email}"
-}
-
-locals {
-  "proxy_instance_groups" = {
-    americas = "${module.proxy_gke_americas.proxy_instance_group}"
-    emea     = "${module.proxy_gke_emea.proxy_instance_group}"
-    apac     = "${module.proxy_gke_apac.proxy_instance_group}"
-  }
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/gke/cluster.tf

@@ -1,40 +0,0 @@
-locals {
-  proxy_cluster_zone = "${lookup(var.proxy_cluster_zones, var.proxy_cluster_region)}"
-}
-
-resource "google_container_cluster" "proxy_cluster" {
-  name = "proxy-cluster-${var.proxy_cluster_region}"
-  zone = "${local.proxy_cluster_zone}"
-
-  timeouts {
-    update = "30m"
-  }
-
-  node_pool {
-    name               = "proxy-node-pool"
-    initial_node_count = 1
-
-    node_config {
-      tags = [
-        "proxy-cluster",
-      ]
-
-      service_account = "${var.proxy_service_account_email}"
-
-      oauth_scopes = [
-        "https://www.googleapis.com/auth/cloud-platform",
-        "https://www.googleapis.com/auth/userinfo.email",
-      ]
-    }
-
-    autoscaling {
-      max_node_count = 5
-      min_node_count = 1
-    }
-
-    management {
-      auto_repair  = "true"
-      auto_upgrade = "true"
-    }
-  }
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/gke/output.tf

@@ -1,3 +0,0 @@
-output "proxy_instance_group" {
-  value = "${google_container_cluster.proxy_cluster.instance_group_urls[0]}"
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/gke/variables.tf

@@ -1,13 +0,0 @@
-variable "proxy_service_account_email" {}
-
-variable "proxy_cluster_region" {}
-
-variable "proxy_cluster_zones" {
-  type = "map"
-
-  default = {
-    americas = "us-east4-a"
-    emea     = "europe-west4-b"
-    apac     = "asia-northeast1-c"
-  }
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/iam.tf

@@ -1,20 +0,0 @@
-resource "google_service_account" "proxy_service_account" {
-  account_id   = "proxy-service-account"
-  display_name = "Nomulus proxy service account"
-}
-
-resource "google_project_iam_member" "gcr_storage_viewer" {
-  project = "${var.gcr_project_name}"
-  role    = "roles/storage.objectViewer"
-  member  = "serviceAccount:${google_service_account.proxy_service_account.email}"
-}
-
-resource "google_project_iam_member" "metric_writer" {
-  role   = "roles/monitoring.metricWriter"
-  member = "serviceAccount:${google_service_account.proxy_service_account.email}"
-}
-
-resource "google_project_iam_member" "log_writer" {
-  role   = "roles/logging.logWriter"
-  member = "serviceAccount:${google_service_account.proxy_service_account.email}"
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/kms.tf

@@ -1,15 +0,0 @@
-resource "google_kms_key_ring" "proxy_key_ring" {
-  name     = "${var.proxy_key_ring}"
-  location = "global"
-}
-
-resource "google_kms_crypto_key" "proxy_key" {
-  name     = "${var.proxy_key}"
-  key_ring = "${google_kms_key_ring.proxy_key_ring.id}"
-}
-
-resource "google_kms_crypto_key_iam_member" "ssl_key_decrypter" {
-  crypto_key_id = "${google_kms_crypto_key.proxy_key.id}"
-  role          = "roles/cloudkms.cryptoKeyDecrypter"
-  member        = "serviceAccount:${google_service_account.proxy_service_account.email}"
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/networking.tf

@@ -1,21 +0,0 @@
-resource "google_dns_managed_zone" "proxy_domain" {
-  name     = "proxy-domain"
-  dns_name = "${var.proxy_domain_name}."
-}
-
-module "proxy_networking" {
-  source                = "./networking"
-  proxy_instance_groups = "${local.proxy_instance_groups}"
-  proxy_ports           = "${var.proxy_ports}"
-  proxy_domain          = "${google_dns_managed_zone.proxy_domain.name}"
-  proxy_domain_name     = "${google_dns_managed_zone.proxy_domain.dns_name}"
-}
-
-module "proxy_networking_canary" {
-  source                = "./networking"
-  proxy_instance_groups = "${local.proxy_instance_groups}"
-  suffix                = "-canary"
-  proxy_ports           = "${var.proxy_ports_canary}"
-  proxy_domain          = "${google_dns_managed_zone.proxy_domain.name}"
-  proxy_domain_name     = "${google_dns_managed_zone.proxy_domain.dns_name}"
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/networking/dns.tf

@@ -1,31 +0,0 @@
-resource "google_dns_record_set" "proxy_epp_a_record" {
-  name         = "epp${var.suffix}.${var.proxy_domain_name}"
-  type         = "A"
-  ttl          = 300
-  managed_zone = "${var.proxy_domain}"
-  rrdatas      = ["${google_compute_global_address.proxy_ipv4_address.address}"]
-}
-
-resource "google_dns_record_set" "proxy_epp_aaaa_record" {
-  name         = "epp${var.suffix}.${var.proxy_domain_name}"
-  type         = "AAAA"
-  ttl          = 300
-  managed_zone = "${var.proxy_domain}"
-  rrdatas      = ["${google_compute_global_address.proxy_ipv6_address.address}"]
-}
-
-resource "google_dns_record_set" "proxy_whois_a_record" {
-  name         = "whois${var.suffix}.${var.proxy_domain_name}"
-  type         = "A"
-  ttl          = 300
-  managed_zone = "${var.proxy_domain}"
-  rrdatas      = ["${google_compute_global_address.proxy_ipv4_address.address}"]
-}
-
-resource "google_dns_record_set" "proxy_whois_aaaa_record" {
-  name         = "whois${var.suffix}.${var.proxy_domain_name}"
-  type         = "AAAA"
-  ttl          = 300
-  managed_zone = "${var.proxy_domain}"
-  rrdatas      = ["${google_compute_global_address.proxy_ipv6_address.address}"]
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/networking/loadbalancer.tf

@@ -1,230 +0,0 @@
-resource "google_compute_global_address" "proxy_ipv4_address" {
-  name       = "proxy-ipv4-address${var.suffix}"
-  ip_version = "IPV4"
-}
-
-resource "google_compute_global_address" "proxy_ipv6_address" {
-  name       = "proxy-ipv6-address${var.suffix}"
-  ip_version = "IPV6"
-}
-
-resource "google_compute_firewall" "proxy_firewall" {
-  name    = "proxy-firewall${var.suffix}"
-  network = "default"
-
-  allow {
-    protocol = "tcp"
-
-    ports = [
-      "${var.proxy_ports["epp"]}",
-      "${var.proxy_ports["whois"]}",
-      "${var.proxy_ports["health_check"]}",
-      "${var.proxy_ports["http-whois"]}",
-      "${var.proxy_ports["https-whois"]}",
-    ]
-  }
-
-  source_ranges = [
-    "130.211.0.0/22",
-    "35.191.0.0/16",
-  ]
-
-  target_tags = [
-    "proxy-cluster",
-  ]
-}
-
-resource "google_compute_health_check" "proxy_health_check" {
-  name = "proxy-health-check${var.suffix}"
-
-  tcp_health_check {
-    port     = "${var.proxy_ports["health_check"]}"
-    request  = "HEALTH_CHECK_REQUEST"
-    response = "HEALTH_CHECK_RESPONSE"
-  }
-}
-
-resource "google_compute_health_check" "proxy_http_health_check" {
-  name = "proxy-http-health-check${var.suffix}"
-
-  http_health_check {
-    host         = "health-check.invalid"
-    port         = "${var.proxy_ports["http-whois"]}"
-    request_path = "/"
-  }
-}
-
-resource "google_compute_url_map" "proxy_url_map" {
-  name            = "proxy-url-map${var.suffix}"
-  default_service = "${google_compute_backend_service.http_whois_backend_service.self_link}"
-}
-
-resource "google_compute_backend_service" "epp_backend_service" {
-  name        = "epp-backend-service${var.suffix}"
-  protocol    = "TCP"
-  timeout_sec = 3600
-  port_name   = "epp${var.suffix}"
-
-  backend {
-    group = "${var.proxy_instance_groups["americas"]}"
-  }
-
-  backend {
-    group = "${var.proxy_instance_groups["emea"]}"
-  }
-
-  backend {
-    group = "${var.proxy_instance_groups["apac"]}"
-  }
-
-  health_checks = [
-    "${google_compute_health_check.proxy_health_check.self_link}",
-  ]
-}
-
-resource "google_compute_backend_service" "whois_backend_service" {
-  name        = "whois-backend-service${var.suffix}"
-  protocol    = "TCP"
-  timeout_sec = 60
-  port_name   = "whois${var.suffix}"
-
-  backend {
-    group = "${var.proxy_instance_groups["americas"]}"
-  }
-
-  backend {
-    group = "${var.proxy_instance_groups["emea"]}"
-  }
-
-  backend {
-    group = "${var.proxy_instance_groups["apac"]}"
-  }
-
-  health_checks = [
-    "${google_compute_health_check.proxy_health_check.self_link}",
-  ]
-}
-
-resource "google_compute_backend_service" "https_whois_backend_service" {
-  name        = "https-whois-backend-service${var.suffix}"
-  protocol    = "TCP"
-  timeout_sec = 60
-  port_name   = "https-whois${var.suffix}"
-
-  backend {
-    group = "${var.proxy_instance_groups["americas"]}"
-  }
-
-  backend {
-    group = "${var.proxy_instance_groups["emea"]}"
-  }
-
-  backend {
-    group = "${var.proxy_instance_groups["apac"]}"
-  }
-
-  health_checks = [
-    "${google_compute_health_check.proxy_health_check.self_link}",
-  ]
-}
-
-resource "google_compute_backend_service" "http_whois_backend_service" {
-  name        = "http-whois-backend-service${var.suffix}"
-  protocol    = "HTTP"
-  timeout_sec = 60
-  port_name   = "http-whois${var.suffix}"
-
-  backend {
-    group = "${var.proxy_instance_groups["americas"]}"
-  }
-
-  backend {
-    group = "${var.proxy_instance_groups["emea"]}"
-  }
-
-  backend {
-    group = "${var.proxy_instance_groups["apac"]}"
-  }
-
-  health_checks = [
-    "${google_compute_health_check.proxy_http_health_check.self_link}",
-  ]
-}
-
-resource "google_compute_target_tcp_proxy" "epp_tcp_proxy" {
-  name            = "epp-tcp-proxy${var.suffix}"
-  proxy_header    = "PROXY_V1"
-  backend_service = "${google_compute_backend_service.epp_backend_service.self_link}"
-}
-
-resource "google_compute_target_tcp_proxy" "whois_tcp_proxy" {
-  name            = "whois-tcp-proxy${var.suffix}"
-  proxy_header    = "PROXY_V1"
-  backend_service = "${google_compute_backend_service.whois_backend_service.self_link}"
-}
-
-resource "google_compute_target_tcp_proxy" "https_whois_tcp_proxy" {
-  name            = "https-whois-tcp-proxy${var.suffix}"
-  backend_service = "${google_compute_backend_service.https_whois_backend_service.self_link}"
-}
-
-resource "google_compute_target_http_proxy" "http_whois_http_proxy" {
-  name    = "http-whois-tcp-proxy${var.suffix}"
-  url_map = "${google_compute_url_map.proxy_url_map.self_link}"
-}
-
-resource "google_compute_global_forwarding_rule" "epp_ipv4_forwarding_rule" {
-  name       = "epp-ipv4-forwarding-rule${var.suffix}"
-  ip_address = "${google_compute_global_address.proxy_ipv4_address.address}"
-  target     = "${google_compute_target_tcp_proxy.epp_tcp_proxy.self_link}"
-  port_range = "700"
-}
-
-resource "google_compute_global_forwarding_rule" "epp_ipv6_forwarding_rule" {
-  name       = "epp-ipv6-forwarding-rule${var.suffix}"
-  ip_address = "${google_compute_global_address.proxy_ipv6_address.address}"
-  target     = "${google_compute_target_tcp_proxy.epp_tcp_proxy.self_link}"
-  port_range = "700"
-}
-
-resource "google_compute_global_forwarding_rule" "whois_ipv4_forwarding_rule" {
-  name       = "whois-ipv4-forwarding-rule${var.suffix}"
-  ip_address = "${google_compute_global_address.proxy_ipv4_address.address}"
-  target     = "${google_compute_target_tcp_proxy.whois_tcp_proxy.self_link}"
-  port_range = "43"
-}
-
-resource "google_compute_global_forwarding_rule" "whois_ipv6_forwarding_rule" {
-  name       = "whois-ipv6-forwarding-rule${var.suffix}"
-  ip_address = "${google_compute_global_address.proxy_ipv6_address.address}"
-  target     = "${google_compute_target_tcp_proxy.whois_tcp_proxy.self_link}"
-  port_range = "43"
-}
-
-resource "google_compute_global_forwarding_rule" "https_whois_ipv4_forwarding_rule" {
-  name       = "https-whois-ipv4-forwarding-rule${var.suffix}"
-  ip_address = "${google_compute_global_address.proxy_ipv4_address.address}"
-  target     = "${google_compute_target_tcp_proxy.https_whois_tcp_proxy.self_link}"
-  port_range = "443"
-}
-
-resource "google_compute_global_forwarding_rule" "https_whois_ipv6_forwarding_rule" {
-  name       = "https-whois-ipv6-forwarding-rule${var.suffix}"
-  ip_address = "${google_compute_global_address.proxy_ipv6_address.address}"
-  target     = "${google_compute_target_tcp_proxy.https_whois_tcp_proxy.self_link}"
-  port_range = "443"
-}
-
-resource "google_compute_global_forwarding_rule" "http_whois_ipv4_forwarding_rule" {
-  name       = "http-whois-ipv4-forwarding-rule${var.suffix}"
-  ip_address = "${google_compute_global_address.proxy_ipv4_address.address}"
-  target     = "${google_compute_target_http_proxy.http_whois_http_proxy.self_link}"
-  port_range = "80"
-}
-
-resource "google_compute_global_forwarding_rule" "http_whois_ipv6_forwarding_rule" {
-  name       = "http-whois-ipv6-forwarding-rule${var.suffix}"
-  ip_address = "${google_compute_global_address.proxy_ipv6_address.address}"
-  target     = "${google_compute_target_http_proxy.http_whois_http_proxy.self_link}"
-  port_range = "80"
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/networking/output.tf

@@ -1,7 +0,0 @@
-output "proxy_ipv4_address" {
-  value = "${google_compute_global_address.proxy_ipv4_address.address}"
-}
-
-output "proxy_ipv6_address" {
-  value = "${google_compute_global_address.proxy_ipv6_address.address}"
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/networking/variables.tf

@@ -1,20 +0,0 @@
-# Instance groups that the load balancer forwards traffic to.
-variable "proxy_instance_groups" {
-  type = "map"
-}
-
-# Suffix (such as "-canary") added to the resource names.
-variable "suffix" {
-  default = ""
-}
-
-# Node ports exposed by the proxy.
-variable "proxy_ports" {
-  type = "map"
-}
-
-# DNS zone for the proxy domain.
-variable "proxy_domain" {}
-
-# domain name of the zone.
-variable "proxy_domain_name" {}

proxy/src/main/java/google/registry/proxy/terraform/modules/output.tf

@@ -1,23 +0,0 @@
-output "proxy_name_servers" {
-  value = "${google_dns_managed_zone.proxy_domain.name_servers}"
-}
-
-output "proxy_instance_groups" {
-  value = "${local.proxy_instance_groups}"
-}
-
-output "proxy_service_account" {
-  value = {
-    email     = "${google_service_account.proxy_service_account.email}"
-    client_id = "${google_service_account.proxy_service_account.unique_id}"
-  }
-}
-
-output "proxy_ip_addresses" {
-  value = {
-    ipv4        = "${module.proxy_networking.proxy_ipv4_address}"
-    ipv6        = "${module.proxy_networking.proxy_ipv6_address}"
-    ipv4_canary = "${module.proxy_networking_canary.proxy_ipv4_address}"
-    ipv6_canary = "${module.proxy_networking_canary.proxy_ipv6_address}"
-  }
-}

proxy/src/main/java/google/registry/proxy/terraform/modules/variables.tf

@@ -1,47 +0,0 @@
-# GCP project in which the proxy runs.
-variable "proxy_project_name" {}
-
-# GCP project from which the proxy image is pulled.
-variable "gcr_project_name" {}
-
-# The base domain name of the proxy, without the whois. or epp. part.
-variable "proxy_domain_name" {}
-
-# The GCS bucket that stores the encrypted SSL certificate.
-variable "proxy_certificate_bucket" {}
-
-# Cloud KMS keyring name
-variable "proxy_key_ring" {
-  default = "proxy-key-ring"
-}
-
-# Cloud KMS key name
-variable "proxy_key" {
-  default = "proxy-key"
-}
-
-# Node ports exposed by the proxy.
-variable "proxy_ports" {
-  type = "map"
-
-  default = {
-    health_check = 30000
-    whois        = 30001
-    epp          = 30002
-    http-whois   = 30010
-    https-whois  = 30011
-  }
-}
-
-# Node ports exposed by the canary proxy.
-variable "proxy_ports_canary" {
-  type = "map"
-
-  default = {
-    health_check = 31000
-    whois        = 31001
-    epp          = 31002
-    http-whois   = 31010
-    https-whois  = 31011
-  }
-}

proxy/src/main/java/google/registry/proxy/terraform/update_named_ports.sh

@@ -1,30 +0,0 @@
-#!/bin/bash
-# Copyright 2018 The Nomulus Authors. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Terraform currently cannot set named ports on the instance groups underlying
-# the gke instances it creates. Here we output the instance group URL, extract
-# the project, zone and instance group names, and then call gcloud to add the
-# named ports.
-
-PROD_PORTS="whois:30001,epp:30002,http-whois:30010,https-whois:30011"
-CANARY_PORTS="whois-canary:31001,epp-canary:31002,"\
-"http-whois-canary:31010,https-whois-canary:31011"
-
-while read line
-do
-  gcloud compute instance-groups set-named-ports --named-ports \
-    "${PROD_PORTS}","${CANARY_PORTS}" "$line"
-done < <(terraform output proxy_instance_groups | awk '{print $3}' | \
-  awk -F '/' '{print "--project", $7, "--zone", $9, $11}')