zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-13 07:57:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add networking settings for canary proxies

Browse source 
Canary proxies are not receiving real traffic but can be useful when testing Nomulus deployment (probers will probe canary proxy and compare metrics with production proxy). This CL added a separate load balancer for a canary proxy, running on the same clusters as production proxy.

The canary proxies have their own IP addresses, but are not assigned domain names. Probers will directly connect to these endpoints by IP.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=193234937
This commit is contained in:
jianglai 2018-04-17 12:08:15 -07:00
parent d036d72dda
commit eab6fcc8e6
8 changed files with 38 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

8
java/google/registry/proxy/terraform/modules/dns.tf
View file

@ -8,7 +8,7 @@ resource "google_dns_record_set" "proxy_epp_a_record" {
type = "A"
ttl = 300
managed_zone = "${google_dns_managed_zone.proxy_domain.name}"
rrdatas = ["${google_compute_global_address.proxy_ipv4_address.address}"]
rrdatas = ["${module.proxy_networking.proxy_ipv4_address}"]
}
resource "google_dns_record_set" "proxy_epp_aaaa_record" {
@ -16,7 +16,7 @@ resource "google_dns_record_set" "proxy_epp_aaaa_record" {
type = "AAAA"
ttl = 300
managed_zone = "${google_dns_managed_zone.proxy_domain.name}"
rrdatas = ["${google_compute_global_address.proxy_ipv6_address.address}"]
rrdatas = ["${module.proxy_networking.proxy_ipv6_address}"]
}
resource "google_dns_record_set" "proxy_whois_a_record" {
@ -24,7 +24,7 @@ resource "google_dns_record_set" "proxy_whois_a_record" {
type = "A"
ttl = 300
managed_zone = "${google_dns_managed_zone.proxy_domain.name}"
rrdatas = ["${google_compute_global_address.proxy_ipv4_address.address}"]
rrdatas = ["${module.proxy_networking.proxy_ipv4_address}"]
}
resource "google_dns_record_set" "proxy_whois_aaaa_record" {
@ -32,5 +32,5 @@ resource "google_dns_record_set" "proxy_whois_aaaa_record" {
type = "AAAA"
ttl = 300
managed_zone = "${google_dns_managed_zone.proxy_domain.name}"
rrdatas = ["${google_compute_global_address.proxy_ipv6_address.address}"]
rrdatas = ["${module.proxy_networking.proxy_ipv6_address}"]
}

7
java/google/registry/proxy/terraform/modules/gke.tf
View file

@ -2,21 +2,18 @@ module "proxy_gke_americas" {
source = "./gke"
proxy_cluster_region = "americas"
proxy_service_account_email = "${google_service_account.proxy_service_account.email}"
proxy_ports = "${var.proxy_ports}"
}
module "proxy_gke_emea" {
source = "./gke"
proxy_cluster_region = "emea"
proxy_service_account_email = "${google_service_account.proxy_service_account.email}"
proxy_ports = "${var.proxy_ports}"
}
module "proxy_gke_apac" {
source = "./gke"
proxy_cluster_region = "apac"
proxy_service_account_email = "${google_service_account.proxy_service_account.email}"
proxy_ports = "${var.proxy_ports}"
}
locals {
@ -26,7 +23,3 @@ locals {
apac = "${module.proxy_gke_apac.proxy_instance_group}"
}
}
output "proxy_instance_groups" {
value = "${local.proxy_instance_groups}"
}

4
java/google/registry/proxy/terraform/modules/gke/input.tf
View file

@ -11,7 +11,3 @@ variable "proxy_cluster_zones" {
apac = "asia-northeast1-c"
}
}
variable "proxy_ports" {
type = "map"
}

11
java/google/registry/proxy/terraform/modules/input.tf
View file

@ -33,3 +33,14 @@ variable "proxy_ports" {
epp = 30002
}
}
# Node ports exposed by the canary proxy.
variable "proxy_ports_canary" {
type = "map"
default = {
health_check = 40000
whois = 40001
epp = 40002
}
}

135
java/google/registry/proxy/terraform/modules/networking.tf
View file

@ -1,129 +1,12 @@
resource "google_compute_global_address" "proxy_ipv4_address" {
name = "proxy-ipv4-address"
ip_version = "IPV4"
module "proxy_networking" {
source = "./networking"
proxy_instance_groups = "${local.proxy_instance_groups}"
proxy_ports = "${var.proxy_ports}"
}
resource "google_compute_global_address" "proxy_ipv6_address" {
name = "proxy-ipv6-address"
ip_version = "IPV6"
}
resource "google_compute_firewall" "proxy_firewall" {
name = "proxy-firewall"
network = "default"
allow {
protocol = "tcp"
ports = [
"${var.proxy_ports["epp"]}",
"${var.proxy_ports["whois"]}",
"${var.proxy_ports["health_check"]}",
]
}
source_ranges = [
"130.211.0.0/22",
"35.191.0.0/16",
]
target_tags = [
"proxy-cluster",
]
}
resource "google_compute_health_check" "proxy_health_check" {
name = "proxy-health-check"
tcp_health_check {
port = "${var.proxy_ports["health_check"]}"
request = "HEALTH_CHECK_REQUEST"
response = "HEALTH_CHECK_RESPONSE"
}
}
resource "google_compute_backend_service" "epp_backend_service" {
name = "epp-backend-service"
protocol = "TCP"
timeout_sec = 3600
port_name = "epp"
backend {
group = "${local.proxy_instance_groups["americas"]}"
}
backend {
group = "${local.proxy_instance_groups["emea"]}"
}
backend {
group = "${local.proxy_instance_groups["apac"]}"
}
health_checks = [
"${google_compute_health_check.proxy_health_check.self_link}",
]
}
resource "google_compute_backend_service" "whois_backend_service" {
name = "whois-backend-service"
protocol = "TCP"
timeout_sec = 60
port_name = "whois"
backend {
group = "${local.proxy_instance_groups["americas"]}"
}
backend {
group = "${local.proxy_instance_groups["emea"]}"
}
backend {
group = "${local.proxy_instance_groups["apac"]}"
}
health_checks = [
"${google_compute_health_check.proxy_health_check.self_link}",
]
}
resource "google_compute_target_tcp_proxy" "epp_tcp_proxy" {
name = "epp-tcp-proxy"
proxy_header = "PROXY_V1"
backend_service = "${google_compute_backend_service.epp_backend_service.self_link}"
}
resource "google_compute_target_tcp_proxy" "whois_tcp_proxy" {
name = "whois-tcp-proxy"
proxy_header = "PROXY_V1"
backend_service = "${google_compute_backend_service.whois_backend_service.self_link}"
}
resource "google_compute_global_forwarding_rule" "epp_ipv4_forwarding_rule" {
name = "epp-ipv4-forwarding-rule"
ip_address = "${google_compute_global_address.proxy_ipv4_address.address}"
target = "${google_compute_target_tcp_proxy.epp_tcp_proxy.self_link}"
port_range = "700"
}
resource "google_compute_global_forwarding_rule" "epp_ipv6_forwarding_rule" {
name = "epp-ipv6-forwarding-rule"
ip_address = "${google_compute_global_address.proxy_ipv6_address.address}"
target = "${google_compute_target_tcp_proxy.epp_tcp_proxy.self_link}"
port_range = "700"
}
resource "google_compute_global_forwarding_rule" "whois_ipv4_forwarding_rule" {
name = "whois-ipv4-forwarding-rule"
ip_address = "${google_compute_global_address.proxy_ipv4_address.address}"
target = "${google_compute_target_tcp_proxy.whois_tcp_proxy.self_link}"
port_range = "43"
}
resource "google_compute_global_forwarding_rule" "whois_ipv6_forwarding_rule" {
name = "whois-ipv6-forwarding-rule"
ip_address = "${google_compute_global_address.proxy_ipv6_address.address}"
target = "${google_compute_target_tcp_proxy.whois_tcp_proxy.self_link}"
port_range = "43"
module "proxy_networking_canary" {
source = "./networking"
proxy_instance_groups = "${local.proxy_instance_groups}"
suffix = "-canary"
proxy_ports = "${var.proxy_ports_canary}"
}

17
java/google/registry/proxy/terraform/modules/output.tf
View file

@ -2,14 +2,19 @@ output "proxy_name_servers" {
value = "${google_dns_managed_zone.proxy_domain.name_servers}"
}
output "proxy_instance_groups" {
value = "${local.proxy_instance_groups}"
}
output "proxy_service_account_client_id" {
value = "${google_service_account.proxy_service_account.unique_id}"
}
output "proxy_ipv4_address" {
value = "${google_compute_global_address.proxy_ipv4_address.address}"
}
output "proxy_ipv6_address" {
value = "${google_compute_global_address.proxy_ipv6_address.address}"
output "proxy_ip_addresses" {
value = {
ipv4 = "${module.proxy_networking.proxy_ipv4_address}"
ipv6 = "${module.proxy_networking.proxy_ipv6_address}"
ipv4_canary = "${module.proxy_networking_canary.proxy_ipv4_address}"
ipv6_canary = "${module.proxy_networking_canary.proxy_ipv6_address}"
}
}