There is no "google_project" resource managed by terraform, so we are not worried about the new terraform binary destroying/re-creating GAE resources.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=217206226
1. Moved code for the GCP proxy to where the [] proxy code used to live.
3. Corrected reference to the GCP proxy location.
4. Misc changes to make ErrorProne and various tools happy.
+diekmann to LGTM terraform whitelist change.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=213630560
We need to support web WHOIS on the same IP addresses that we use for port 43 whois. [] added support for HTTP(S) traffic on the proxy, which simply redirects to another website that actually hosts the web WHOIS service. This cl sets up the GCLB to route port 80 and port 443 traffic to the proxy.
We were using the TCP proxy load balancer for other protocols that we support (EPP and WHOIS), but the TCP proxy LB only exposes port 443, not port 80. For port 443, we simply follow the same pattern and add another TCP proxy LB. For port 80, we had to use the HTTP LB which exposes port 80 (on the same external IP addresses). This requires a different HTTP health check and a URL map. The added URL map is a dummy one that routes all paths to the same backend service that supports HTTP redirect.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=206409007
When versions are explicitly set to the latest available version, Annealing almost always fails to apply the patch due to yet-unknown reasons. The rationale for setting the versions explicitly was to ensure that the clusters are always updated in time. But it seems like it is not worth the trouble.
Without the explicit latest versions, the master should still be automatic upgrade (may not be immediate after version availability):
https://cloud.google.com/kubernetes-engine/versioning-and-upgrades#automatic_master_upgrades
We also set "Auto Upgrade" on the nodes, which should upgrades the nodes to master versions (may not be immediate after master version upgrade).
So it seems without these lines, we can still expect the gke versions of the cluster to upgrade (eventually).
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=206408347
This allows for the creation of records like epp-canary.registr.google.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=199850436
1) Change annealing target to watch for sandbox terraform config instead of test.
2) Delete terraform config for test project, as this project will be turned down.
3) Do not ask annealing to watch for alpha project terraform config, as we intend to change alpha regularly and manually.
4) Make terraform output display both service account email and client id.
5) Change canary node ports to 3100X, as 4000X is out of range for kubernetes.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=193383457
Canary proxies are not receiving real traffic but can be useful when testing Nomulus deployment (probers will probe canary proxy and compare metrics with production proxy). This CL added a separate load balancer for a canary proxy, running on the same clusters as production proxy.
The canary proxies have their own IP addresses, but are not assigned domain names. Probers will directly connect to these endpoints by IP.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=193234937
This allows us to not ship the proxy with certificates/private keys. The secret is still encrypted by KMS. Reading the secret only happens once when the first EPP request comes in, which should not incur any tangible performance penalty.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191771680
For some reason the auto-formatting didn't happen when these files are first checked in.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191589487
With terraform (https://terraform.io) we can convert most of the infrastructure setup into code. This simplifies setting up a new proxy as well as providing reproducibility in the setup, eliminating human errors as much as possible.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=190634711
