├── .github ├── conventional-commit-lint.yaml ├── release-please.yml ├── renovate.json ├── trusted-contribution.yml └── workflows │ ├── lint.yaml │ └── stale.yml ├── .gitignore ├── .kitchen.yml ├── CHANGELOG.md ├── CODEOWNERS ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── build ├── int.cloudbuild.yaml └── lint.cloudbuild.yaml ├── examples └── simple_example │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── helpers └── combine_docfiles.py ├── img └── arch.png ├── main.tf ├── metadata.yaml ├── outputs.tf ├── test ├── fixtures │ └── simple_example │ │ ├── main.tf │ │ ├── output.tf │ │ └── variable.tf ├── integration │ └── simple_example │ │ ├── controls │ │ └── gcloud.rb │ │ └── inspec.yml └── setup │ ├── .gitignore │ ├── iam.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── values.yaml.tpl ├── variables.tf └── versions.tf /.github/conventional-commit-lint.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github 17 | 18 | enabled: true 19 | always_check_pr_title: true 20 | -------------------------------------------------------------------------------- /.github/release-please.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | releaseType: terraform-module 16 | handleGHRelease: true 17 | -------------------------------------------------------------------------------- /.github/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": ["github>GoogleCloudPlatform/cloud-foundation-toolkit//infra/terraform/test-org/github/resources/renovate"] 4 | } 5 | -------------------------------------------------------------------------------- /.github/trusted-contribution.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2023-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github 17 | 18 | annotations: 19 | - type: comment 20 | text: "/gcbrun" 21 | trustedContributors: 22 | - release-please[bot] 23 | - renovate[bot] 24 | - renovate-bot 25 | - forking-renovate[bot] 26 | - dependabot[bot] 27 | -------------------------------------------------------------------------------- /.github/workflows/lint.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from values at: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/org/locals.tf 17 | 18 | name: 'lint' 19 | 20 | on: 21 | workflow_dispatch: 22 | pull_request: 23 | branches: 24 | - main 25 | 26 | concurrency: 27 | group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}' 28 | cancel-in-progress: true 29 | 30 | jobs: 31 | lint: 32 | name: 'lint' 33 | runs-on: 'ubuntu-latest' 34 | steps: 35 | - uses: 'actions/checkout@v4' 36 | - id: variables 37 | run: | 38 | MAKEFILE=$(find . -name Makefile -print -quit) 39 | if [ -z "$MAKEFILE" ]; then 40 | echo dev-tools=gcr.io/cloud-foundation-cicd/cft/developer-tools:1 >> "$GITHUB_OUTPUT" 41 | else 42 | VERSION=$(grep "DOCKER_TAG_VERSION_DEVELOPER_TOOLS := " $MAKEFILE | cut -d\ -f3) 43 | IMAGE=$(grep "DOCKER_IMAGE_DEVELOPER_TOOLS := " $MAKEFILE | cut -d\ -f3) 44 | REGISTRY=$(grep "REGISTRY_URL := " $MAKEFILE | cut -d\ -f3) 45 | echo dev-tools=${REGISTRY}/${IMAGE}:${VERSION} >> "$GITHUB_OUTPUT" 46 | fi 47 | - run: docker run --rm -v ${{ github.workspace }}:/workspace ${{ steps.variables.outputs.dev-tools }} module-swapper 48 | - run: docker run --rm -v ${{ github.workspace }}:/workspace ${{ steps.variables.outputs.dev-tools }} /usr/local/bin/test_lint.sh 49 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2022-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github 17 | 18 | name: "Close stale issues" 19 | on: 20 | schedule: 21 | - cron: "0 23 * * *" 22 | 23 | jobs: 24 | stale: 25 | if: github.repository_owner == 'GoogleCloudPlatform' || github.repository_owner == 'terraform-google-modules' 26 | runs-on: ubuntu-latest 27 | steps: 28 | - uses: actions/stale@v9 29 | with: 30 | repo-token: ${{ secrets.GITHUB_TOKEN }} 31 | stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' 32 | stale-pr-message: 'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' 33 | exempt-issue-labels: 'triaged' 34 | exempt-pr-labels: 'dependencies,autorelease: pending' 35 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # OSX leaves these everywhere on SMB shares 2 | ._* 3 | 4 | # OSX trash 5 | .DS_Store 6 | 7 | # Python 8 | *.pyc 9 | 10 | # Emacs save files 11 | *~ 12 | \#*\# 13 | .\#* 14 | 15 | # Vim-related files 16 | [._]*.s[a-w][a-z] 17 | [._]s[a-w][a-z] 18 | *.un~ 19 | Session.vim 20 | .netrwhist 21 | 22 | ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore 23 | 24 | # Local .terraform directories 25 | **/.terraform/* 26 | 27 | # .tfstate files 28 | *.tfstate 29 | *.tfstate.* 30 | 31 | # Crash log files 32 | crash.log 33 | 34 | # Kitchen files 35 | **/inspec.lock 36 | **/.kitchen 37 | **/.kitchen.local.yml 38 | **/Gemfile.lock 39 | 40 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 41 | # .tfvars files are managed as part of configuration and so should be included in 42 | # version control. 43 | # 44 | # example.tfvars 45 | test/fixtures/shared/terraform.tfvars 46 | 47 | credentials.json 48 | 49 | # tf lock file 50 | .terraform.lock.hcl 51 | -------------------------------------------------------------------------------- /.kitchen.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- 16 | driver: 17 | name: "terraform" 18 | command_timeout: 3600 19 | 20 | provisioner: 21 | name: "terraform" 22 | 23 | platforms: 24 | - name: local 25 | 26 | suites: 27 | - name: "simple_example" 28 | driver: 29 | name: "terraform" 30 | command_timeout: 3600 31 | verify_version: false 32 | root_module_directory: test/fixtures/simple_example/ 33 | verifier: 34 | name: terraform 35 | color: false 36 | systems: 37 | - name: simple_example 38 | backend: local 39 | controls: 40 | - gcloud 41 | provisioner: 42 | name: terraform 43 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Change Log 2 | 3 | All notable changes to this project will be documented in this file. 4 | 5 | The format is based on [Keep a Changelog](http://keepachangelog.com/) and this 6 | project adheres to [Semantic Versioning](http://semver.org/). 7 | 8 | ## [3.0.0](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/compare/v2.0.0...v3.0.0) (2022-12-29) 9 | 10 | 11 | ### ⚠ BREAKING CHANGES 12 | 13 | * update TPG 3.49, modules, and GKE for CI ([#120](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/120)) 14 | 15 | ### Bug Fixes 16 | 17 | * **deps:** update terraform null to >=2.1.2 [#114](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/114) ([1add08e](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/1add08e223b47eba09aaf3c67fc71269a7e10784)) 18 | * **deps:** update terraform template to >= 2.1.2 [#110](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/110) ([f0a6661](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/f0a6661a4e680218a7d95364c197671132d084b0)) 19 | * update TPG 3.49, modules, and GKE for CI ([#120](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/120)) ([bd15808](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/bd158085005fa45bb975a85bf74f2d1a523ca4bb)) 20 | 21 | ## [2.0.0](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/compare/v1.0.0...v2.0.0) (2022-07-01) 22 | 23 | 24 | ### ⚠ BREAKING CHANGES 25 | 26 | * Helm and Kubernetes providers minimum version increased to 2.0 (#101) 27 | 28 | ### Features 29 | 30 | * update tf providers and modules ([#101](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/101)) ([a92318f](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/a92318ffdb2cbab815d394a4ea598ad96b2ae24c)) 31 | 32 | ## [1.0.0](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/compare/v0.5.2...v1.0.0) (2022-04-21) 33 | 34 | 35 | ### ⚠ BREAKING CHANGES 36 | 37 | * Update min provider to TPG ~> 3.44, CI fixes (#91) 38 | 39 | ### Features 40 | 41 | * update to allow TPG version 4.0 and TF v0.13+ format ([#86](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/86)) ([42550a8](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/42550a804eff1d14f0e51b43312031080e7a9926)) 42 | 43 | 44 | ### Bug Fixes 45 | 46 | * Update min provider to TPG ~> 3.44, CI fixes ([#91](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/91)) ([1971baa](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/1971baaf005070bf971e2b401293ec15f11b466f)) 47 | 48 | ### [0.5.2](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/compare/v0.5.1...v0.5.2) (2021-04-23) 49 | 50 | 51 | ### Bug Fixes 52 | 53 | * update project services to 10.x ([#79](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/79)) ([0900ee8](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/0900ee8faf89a5091bcdc59ede2f6774d370001e)) 54 | 55 | ### [0.5.1](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/compare/v0.5.0...v0.5.1) (2021-04-05) 56 | 57 | 58 | ### Bug Fixes 59 | 60 | * Allow cleanup of buckets even if there are objects in them ([#72](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/72)) ([cad73dd](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/cad73ddda1e69504ac51fa757cd1bc95621c0645)) 61 | 62 | ## [0.5.0](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/compare/v0.4.0...v0.5.0) (2021-03-22) 63 | 64 | 65 | ### ⚠ BREAKING CHANGES 66 | 67 | * add Terraform 0.13 constraint and module attribution (#73) 68 | 69 | ### Features 70 | 71 | * add Terraform 0.13 constraint and module attribution ([#73](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/73)) ([14b9e72](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/14b9e7212f36a8a96e8c76108343364f0914df56)) 72 | 73 | 74 | ### Bug Fixes 75 | 76 | * Dependency fixes for the Kubernetes resources ([#65](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/65)) ([802759d](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/802759d8cbac136b62ba027c3542c04991a84851)) 77 | * Update so we don't rebuild the domain used for output.gitlab_url ([#62](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/62)) ([5248208](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/52482084dc445525d48fbd737764822a9d69b172)) 78 | * Updating the project services and gke module versions. ([#61](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/61)) ([5e2f645](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/5e2f64573419dd31bf246c9fb90ff7f33d194a8e)) 79 | * Upgrade minimum Google provider version to 3.39.0 ([#64](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/64)) ([1ed4fd4](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/1ed4fd49075978dbb97683b7e534defcc2200956)) 80 | 81 | ## [0.4.0](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/compare/v0.3.1...v0.4.0) (2020-08-28) 82 | 83 | 84 | ### Features 85 | 86 | * Broaden oauth scope to cloud-platform ([#56](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/56)) ([6eea966](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/6eea966f4ea4d5de2b5570f908ec756361ef8bcd)) 87 | 88 | ### [0.3.1](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/compare/v0.3.0...v0.3.1) (2020-08-13) 89 | 90 | 91 | ### Bug Fixes 92 | 93 | * Fixed typo in values.yaml.tpl which prevented cache from working on GCS. ([#52](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/52)) ([ba4d0df](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/ba4d0df929627c75d76d7da1ad33f165b7d1a8a9)) 94 | * Update to enable working with v4.2.4 of GitLab Helm Chart ([#55](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/55)) ([8dfded6](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/8dfded6d6c9fd507740ce3968614f46fa10e4454)) 95 | 96 | ## [0.3.0](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/compare/v0.2.0...v0.3.0) (2020-07-16) 97 | 98 | 99 | ### Features 100 | 101 | * Expose the K8s cluster info as outputs ([#50](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/50)) ([1ea4e88](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/1ea4e882d13b800ca213b89a27a134efc28d4afe)) 102 | 103 | ## [0.2.0](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/compare/v0.1.1...v0.2.0) (2020-06-27) 104 | 105 | 106 | ### Features 107 | 108 | * Optionally add random prefix to csql db instance ([#47](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/47)) ([8edb48c](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/8edb48ce868f0ca9374213aae767a363f03474a7)) 109 | 110 | 111 | ### Bug Fixes 112 | 113 | * Switch to helm3 and add tests ([#46](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/46)) ([6f4b9f7](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/6f4b9f745c3f5a51e018b47d1ade7f9d32c36630)) 114 | * terraform fmt, and fixing tf 0.12 warnings ([#42](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/issues/42)) ([c3dd306](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/c3dd306bb46ed92cfac24be0ad7e680ae769f6dd)) 115 | 116 | ### [0.1.1](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/compare/v0.1.0...v0.1.1) (2020-05-20) 117 | 118 | 119 | ### Bug Fixes 120 | 121 | * Switch to using module for service activation and ensure ordering. ([ef2a316](https://www.github.com/terraform-google-modules/terraform-google-gke-gitlab/commit/ef2a3166a2746e6544c3c33f5aba7a19d5034765)) 122 | 123 | ## [v0.1.0](https://github.com/terraform-google-modules/terraform-google-gke-gitlab/releases/tag/v0.1.0) - 2020-05-15 124 | This is the initial module release. 125 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # NOTE: This file is automatically generated from values at: 2 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/org/locals.tf 3 | 4 | * @terraform-google-modules/cft-admins 5 | 6 | # NOTE: GitHub CODEOWNERS locations: 7 | # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-and-branch-protection 8 | 9 | CODEOWNERS @terraform-google-modules/cft-admins 10 | .github/CODEOWNERS @terraform-google-modules/cft-admins 11 | docs/CODEOWNERS @terraform-google-modules/cft-admins 12 | 13 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | This document provides guidelines for contributing to the module. 4 | 5 | ## Dependencies 6 | 7 | The following dependencies must be installed on the development system: 8 | 9 | - [Docker Engine][docker-engine] 10 | - [Google Cloud SDK][google-cloud-sdk] 11 | - [make] 12 | 13 | ## Generating Documentation for Inputs and Outputs 14 | 15 | The Inputs and Outputs tables in the READMEs of the root module, 16 | submodules, and example modules are automatically generated based on 17 | the `variables` and `outputs` of the respective modules. These tables 18 | must be refreshed if the module interfaces are changed. 19 | 20 | ### Autogeneration of documentation from .tf files 21 | 22 | To generate new Inputs and Outputs tables run 23 | ``` 24 | make docker_generate_docs 25 | ``` 26 | 27 | ## Integration Testing 28 | 29 | Integration tests are used to verify the behaviour of the root module, 30 | submodules, and example modules. Additions, changes, and fixes should 31 | be accompanied with tests. 32 | 33 | The integration tests are run using [Kitchen][kitchen], 34 | [Kitchen-Terraform][kitchen-terraform], and [InSpec][inspec]. These 35 | tools are packaged within a Docker image for convenience. 36 | 37 | The general strategy for these tests is to verify the behaviour of the 38 | [example modules](./examples/), thus ensuring that the root module, 39 | submodules, and example modules are all functionally correct. 40 | 41 | One test-kitchen instances are defined: 42 | 43 | - `simple-example-local` 44 | 45 | The test-kitchen instances in `test/fixtures/` wrap identically-named examples in the `examples/` directory.` 46 | 47 | ### Test Environment 48 | The easiest way to test the module is in an isolated test project. The setup for such a project is defined in [test/setup](./test/setup/) directory. 49 | 50 | To use this setup, you need a service account with Project Creator access on a folder. Export the Service Account credentials to your environment like so: 51 | 52 | ``` 53 | export SERVICE_ACCOUNT_JSON=$(< credentials.json) 54 | ``` 55 | 56 | You will also need to set a few environment variables: 57 | ``` 58 | export TF_VAR_org_id="your_org_id" 59 | export TF_VAR_folder_id="your_folder_id" 60 | export TF_VAR_billing_account="your_billing_account_id" 61 | ``` 62 | 63 | With these settings in place, you can prepare a test project using Docker: 64 | ``` 65 | make docker_test_prepare 66 | ``` 67 | 68 | ### Noninteractive Execution 69 | 70 | Run `make docker_test_integration` to test all of the example modules 71 | noninteractively, using the prepared test project. 72 | 73 | ### Interactive Execution 74 | 75 | 1. Run `make docker_run` to start the testing Docker container in 76 | interactive mode. 77 | 78 | 1. Run `kitchen_do create ` to initialize the working 79 | directory for an example module. 80 | 81 | 1. Run `kitchen_do converge ` to apply the example module. 82 | 83 | 1. Run `kitchen_do verify ` to test the example module. 84 | 85 | 1. Run `kitchen_do destroy ` to destroy the example module 86 | state. 87 | 88 | ## Linting and Formatting 89 | 90 | Many of the files in the repository can be linted or formatted to 91 | maintain a standard of quality. 92 | 93 | ### Execution 94 | 95 | Run `make docker_test_lint`. 96 | 97 | [docker-engine]: https://www.docker.com/products/docker-engine 98 | [flake8]: http://flake8.pycqa.org/en/latest/ 99 | [gofmt]: https://golang.org/cmd/gofmt/ 100 | [google-cloud-sdk]: https://cloud.google.com/sdk/install 101 | [hadolint]: https://github.com/hadolint/hadolint 102 | [inspec]: https://inspec.io/ 103 | [kitchen-terraform]: https://github.com/newcontext-oss/kitchen-terraform 104 | [kitchen]: https://kitchen.ci/ 105 | [make]: https://en.wikipedia.org/wiki/Make_(software) 106 | [shellcheck]: https://www.shellcheck.net/ 107 | [terraform-docs]: https://github.com/segmentio/terraform-docs 108 | [terraform]: https://terraform.io/ 109 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Please note that this file was generated from [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template). 16 | # Please make sure to contribute relevant changes upstream! 17 | 18 | # Make will use bash instead of sh 19 | SHELL := /usr/bin/env bash 20 | 21 | DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.13 22 | DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools 23 | REGISTRY_URL := gcr.io/cloud-foundation-cicd 24 | 25 | # Enter docker container for local development 26 | .PHONY: docker_run 27 | docker_run: 28 | docker run --rm -it \ 29 | -e SERVICE_ACCOUNT_JSON \ 30 | -v "$(CURDIR)":/workspace \ 31 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 32 | /bin/bash 33 | 34 | # Execute prepare tests within the docker container 35 | .PHONY: docker_test_prepare 36 | docker_test_prepare: 37 | docker run --rm -it \ 38 | -e SERVICE_ACCOUNT_JSON \ 39 | -e TF_VAR_org_id \ 40 | -e TF_VAR_folder_id \ 41 | -e TF_VAR_billing_account \ 42 | -v "$(CURDIR)":/workspace \ 43 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 44 | /usr/local/bin/execute_with_credentials.sh prepare_environment 45 | 46 | # Clean up test environment within the docker container 47 | .PHONY: docker_test_cleanup 48 | docker_test_cleanup: 49 | docker run --rm -it \ 50 | -e SERVICE_ACCOUNT_JSON \ 51 | -e TF_VAR_org_id \ 52 | -e TF_VAR_folder_id \ 53 | -e TF_VAR_billing_account \ 54 | -v "$(CURDIR)":/workspace \ 55 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 56 | /usr/local/bin/execute_with_credentials.sh cleanup_environment 57 | 58 | # Execute integration tests within the docker container 59 | .PHONY: docker_test_integration 60 | docker_test_integration: 61 | docker run --rm -it \ 62 | -e SERVICE_ACCOUNT_JSON \ 63 | -v "$(CURDIR)":/workspace \ 64 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 65 | /usr/local/bin/test_integration.sh 66 | 67 | # Execute lint tests within the docker container 68 | .PHONY: docker_test_lint 69 | docker_test_lint: 70 | docker run --rm -it \ 71 | -v "$(CURDIR)":/workspace \ 72 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 73 | /usr/local/bin/test_lint.sh 74 | 75 | # Generate documentation 76 | .PHONY: docker_generate_docs 77 | docker_generate_docs: 78 | docker run --rm -it \ 79 | -v "$(CURDIR)":/workspace \ 80 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 81 | /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' 82 | 83 | # Generate files from autogen 84 | .PHONY: docker_generate_modules 85 | docker_generate_modules: 86 | docker run --rm -it \ 87 | -v "$(CURDIR)":/workspace \ 88 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 89 | /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_modules' 90 | 91 | # Alias for backwards compatibility 92 | .PHONY: generate_docs 93 | generate_docs: docker_generate_docs 94 | 95 | .PHONY: generate 96 | generate: docker_generate_modules 97 | 98 | .PHONY: build 99 | build: docker_generate_modules docker_generate_docs 100 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # terraform-google-gke-gitlab 2 | 3 | This module creates a reslient and fault tolerant GitLab installation using Google 4 | Kubernetes Engine (GKE) as the computing environment and the following services for storing 5 | data: 6 | - CloudSQL for PostgreSQL 7 | - Memorystore for Redis 8 | - Cloud Storage 9 | 10 | ![GitLab on GKE architecture diagram](img/arch.png) 11 | 12 | ## Compatibility 13 | 14 | This module is meant for use with Terraform 0.13+ and tested using Terraform 0.14. 15 | 16 | ## Usage 17 | There are examples included in the [examples](./examples/) folder but simple usage is as follows: 18 | 19 | ```hcl 20 | module "gke-gitlab" { 21 | source = "terraform-google-modules/gke-gitlab/google" 22 | project_id = "" 23 | certmanager_email = "test@example.com" 24 | } 25 | ``` 26 | 27 | Then perform the following commands on the root folder: 28 | 29 | - `terraform init` to get the plugins 30 | - `terraform plan` to see the infrastructure plan 31 | - `terraform apply` to apply the infrastructure build 32 | - `terraform destroy` to destroy the built infrastructure 33 | 34 | 35 | 36 | ## Inputs 37 | 38 | | Name | Description | Type | Default | Required | 39 | |------|-------------|------|---------|:--------:| 40 | | allow\_force\_destroy | Allows full cleanup of resources by disabling any deletion safe guards | `bool` | `false` | no | 41 | | certmanager\_email | Email used to retrieve SSL certificates from Let's Encrypt | `string` | n/a | yes | 42 | | domain | Domain for hosting gitlab functionality (ie mydomain.com would access gitlab at gitlab.mydomain.com) | `string` | `""` | no | 43 | | gitlab\_address\_name | Name of the address to use for GitLab ingress | `string` | `""` | no | 44 | | gitlab\_db\_name | Instance name for the GitLab Postgres database. | `string` | `"gitlab-db"` | no | 45 | | gitlab\_db\_password | Password for the GitLab Postgres user | `string` | `""` | no | 46 | | gitlab\_db\_random\_prefix | Sets random suffix at the end of the Cloud SQL instance name. | `bool` | `false` | no | 47 | | gitlab\_deletion\_protection | Must be false to allow Terraform to destroy the Cloud SQL instance. | `bool` | `true` | no | 48 | | gitlab\_nodes\_subnet\_cidr | Cidr range to use for gitlab GKE nodes subnet | `string` | `"10.0.0.0/16"` | no | 49 | | gitlab\_pods\_subnet\_cidr | Cidr range to use for gitlab GKE pods subnet | `string` | `"10.3.0.0/16"` | no | 50 | | gitlab\_runner\_install | Choose whether to install the gitlab runner in the cluster | `bool` | `true` | no | 51 | | gitlab\_services\_subnet\_cidr | Cidr range to use for gitlab GKE services subnet | `string` | `"10.2.0.0/16"` | no | 52 | | gke\_machine\_type | Machine type used for the node-pool | `string` | `"n1-standard-4"` | no | 53 | | gke\_version | Version of GKE to use for the GitLab cluster | `string` | `"1.21"` | no | 54 | | helm\_chart\_version | Helm chart version to install during deployment | `string` | `"4.2.4"` | no | 55 | | project\_id | GCP Project to deploy resources | `string` | n/a | yes | 56 | | region | GCP region to deploy resources to | `string` | `"us-central1"` | no | 57 | 58 | ## Outputs 59 | 60 | | Name | Description | 61 | |------|-------------| 62 | | cluster\_ca\_certificate | CA Certificate for the GKE cluster that GitLab is deployed in. | 63 | | cluster\_location | Location of the GKE cluster that GitLab is deployed in. | 64 | | cluster\_name | Name of the GKE cluster that GitLab is deployed in. | 65 | | gitlab\_address | IP address where you can connect to your GitLab instance | 66 | | gitlab\_url | URL where you can access your GitLab instance | 67 | | host | Host for the GKE cluster that GitLab is deployed in. | 68 | | root\_password\_instructions | Instructions for getting the root user's password for initial setup | 69 | | token | Token for the GKE cluster that GitLab is deployed in. | 70 | 71 | 72 | 73 | ## Requirements 74 | 75 | Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled: 76 | 77 | 1. Terraform is [installed](#software-dependencies) on the machine where Terraform is executed. 78 | 2. The Service Account you execute the module with has the right [permissions](#configure-a-service-account). 79 | 80 | The [project factory](https://github.com/terraform-google-modules/terraform-google-project-factory) can be used to provision projects with the correct APIs active. 81 | 82 | ### Software Dependencies 83 | ### Terraform 84 | - [Terraform](https://www.terraform.io/downloads.html) 0.13+ 85 | - [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) ~> 3.44 86 | 87 | ### Configure a Service Account 88 | In order to execute this module you must have a Service Account with the 89 | following project roles: 90 | - roles/owner 91 | 92 | ## Install 93 | 94 | ### Terraform 95 | Be sure you have the correct Terraform version, you can choose the binary here: 96 | - https://releases.hashicorp.com/terraform/ 97 | 98 | ## File structure 99 | The project has the following folders and files: 100 | 101 | - /: root folder 102 | - /examples: examples for using this module 103 | - /helpers: Helper scripts 104 | - /test: Folders with files for testing the module (see Testing section on this file) 105 | - /main.tf: main file for this module, contains all the resources to create 106 | - /variables.tf: all the variables for the module 107 | - /output.tf: the outputs of the module 108 | - /README.md: this file 109 | -------------------------------------------------------------------------------- /build/int.cloudbuild.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | timeout: 7200s 16 | steps: 17 | - id: swap-module-refs 18 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 19 | args: ['module-swapper'] 20 | - id: prepare 21 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 22 | args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && prepare_environment && chmod 600 /builder/home/.netrc'] 23 | env: 24 | - 'TF_VAR_org_id=$_ORG_ID' 25 | - 'TF_VAR_folder_id=$_FOLDER_ID' 26 | - 'TF_VAR_billing_account=$_BILLING_ACCOUNT' 27 | - id: create 28 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 29 | args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create'] 30 | - id: converge 31 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 32 | args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge'] 33 | - id: verify 34 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 35 | args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify'] 36 | - id: destroy 37 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 38 | args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy'] 39 | tags: 40 | - 'ci' 41 | - 'integration' 42 | substitutions: 43 | _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' 44 | _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.13' 45 | options: 46 | machineType: 'N1_HIGHCPU_8' 47 | -------------------------------------------------------------------------------- /build/lint.cloudbuild.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | timeout: 900s 16 | steps: 17 | - id: 'lint-tests' 18 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 19 | args: ['/usr/local/bin/test_lint.sh'] 20 | tags: 21 | - 'ci' 22 | - 'lint' 23 | substitutions: 24 | _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' 25 | _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.13' 26 | -------------------------------------------------------------------------------- /examples/simple_example/README.md: -------------------------------------------------------------------------------- 1 | # Simple Example 2 | 3 | This example illustrates how to use the `gke-gitlab` module. 4 | 5 | 6 | ## Inputs 7 | 8 | | Name | Description | Type | Default | Required | 9 | |------|-------------|------|---------|:--------:| 10 | | project\_id | The project ID to deploy to | `string` | n/a | yes | 11 | 12 | ## Outputs 13 | 14 | | Name | Description | 15 | |------|-------------| 16 | | gitlab\_url | n/a | 17 | | root\_password\_instructions | n/a | 18 | 19 | 20 | 21 | To provision this example, run the following from within this directory: 22 | - `terraform init` to get the plugins 23 | - `terraform plan` to see the infrastructure plan 24 | - `terraform apply` to apply the infrastructure build 25 | - `terraform destroy` to destroy the built infrastructure 26 | -------------------------------------------------------------------------------- /examples/simple_example/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "gke-gitlab" { 18 | source = "terraform-google-modules/gke-gitlab/google" 19 | version = "~> 3.0" 20 | 21 | project_id = var.project_id 22 | certmanager_email = "no-reply@${var.project_id}.example.com" 23 | gitlab_deletion_protection = false 24 | gitlab_db_random_prefix = true 25 | } 26 | -------------------------------------------------------------------------------- /examples/simple_example/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "gitlab_url" { 18 | value = module.gke-gitlab.gitlab_url 19 | } 20 | 21 | output "root_password_instructions" { 22 | value = module.gke-gitlab.root_password_instructions 23 | } 24 | -------------------------------------------------------------------------------- /examples/simple_example/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The project ID to deploy to" 19 | type = string 20 | } 21 | -------------------------------------------------------------------------------- /examples/simple_example/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | source = "hashicorp/google" 21 | version = ">= 3.44, < 5.0" 22 | } 23 | google-beta = { 24 | source = "hashicorp/google-beta" 25 | version = ">= 3.44, < 5.0" 26 | } 27 | } 28 | required_version = ">= 0.13" 29 | } 30 | -------------------------------------------------------------------------------- /helpers/combine_docfiles.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Copyright 2018 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Please note that this file was generated from 18 | # [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template). 19 | # Please make sure to contribute relevant changes upstream! 20 | 21 | ''' Combine file from: 22 | * script argument 1 23 | with content of file from: 24 | * script argument 2 25 | using the beginning of line separators 26 | hardcoded using regexes in this file: 27 | 28 | We exclude any text using the separate 29 | regex specified here 30 | ''' 31 | 32 | import os 33 | import re 34 | import sys 35 | 36 | insert_separator_regex = r'(.*?\[\^\]\:\ \(autogen_docs_start\))(.*?)(\n\[\^\]\:\ \(autogen_docs_end\).*?$)' # noqa: E501 37 | exclude_separator_regex = r'(.*?)Copyright 20\d\d Google LLC.*?limitations under the License.(.*?)$' # noqa: E501 38 | 39 | if len(sys.argv) != 3: 40 | sys.exit(1) 41 | 42 | if not os.path.isfile(sys.argv[1]): 43 | sys.exit(0) 44 | 45 | input = open(sys.argv[1], "r").read() 46 | replace_content = open(sys.argv[2], "r").read() 47 | 48 | # Exclude the specified content from the replacement content 49 | groups = re.match( 50 | exclude_separator_regex, 51 | replace_content, 52 | re.DOTALL 53 | ).groups(0) 54 | replace_content = groups[0] + groups[1] 55 | 56 | # Find where to put the replacement content, overwrite the input file 57 | match = re.match(insert_separator_regex, input, re.DOTALL) 58 | if match is None: 59 | print("ERROR: Could not find autogen docs anchors in", sys.argv[1]) 60 | print("To fix this, insert the following anchors in your README where " 61 | "module inputs and outputs should be documented.") 62 | print("[^]: (autogen_docs_start)") 63 | print("[^]: (autogen_docs_end)") 64 | sys.exit(1) 65 | groups = match.groups(0) 66 | output = groups[0] + replace_content + groups[2] + "\n" 67 | open(sys.argv[1], "w").write(output) 68 | -------------------------------------------------------------------------------- /img/arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/terraform-google-modules/terraform-google-gke-gitlab/bad05e4f1dc962999e87647009a043a156307a83/img/arch.png -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | provider "google" { 18 | project = var.project_id 19 | } 20 | 21 | provider "google-beta" { 22 | project = var.project_id 23 | } 24 | 25 | locals { 26 | gitlab_db_name = var.gitlab_db_random_prefix ? "${var.gitlab_db_name}-${random_id.suffix[0].hex}" : var.gitlab_db_name 27 | } 28 | 29 | resource "random_id" "suffix" { 30 | count = var.gitlab_db_random_prefix ? 1 : 0 31 | 32 | byte_length = 4 33 | } 34 | 35 | module "gke_auth" { 36 | source = "terraform-google-modules/kubernetes-engine/google//modules/auth" 37 | version = "~> 24.0" 38 | 39 | project_id = module.project_services.project_id 40 | cluster_name = module.gke.name 41 | location = module.gke.location 42 | 43 | depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361] 44 | } 45 | 46 | provider "helm" { 47 | kubernetes { 48 | cluster_ca_certificate = module.gke_auth.cluster_ca_certificate 49 | host = module.gke_auth.host 50 | token = module.gke_auth.token 51 | } 52 | } 53 | 54 | provider "kubernetes" { 55 | cluster_ca_certificate = module.gke_auth.cluster_ca_certificate 56 | host = module.gke_auth.host 57 | token = module.gke_auth.token 58 | } 59 | 60 | // Services 61 | module "project_services" { 62 | source = "terraform-google-modules/project-factory/google//modules/project_services" 63 | version = "~> 14.0" 64 | 65 | project_id = var.project_id 66 | disable_services_on_destroy = false 67 | 68 | activate_apis = [ 69 | "compute.googleapis.com", 70 | "container.googleapis.com", 71 | "servicenetworking.googleapis.com", 72 | "cloudresourcemanager.googleapis.com", 73 | "redis.googleapis.com" 74 | ] 75 | } 76 | 77 | // GCS Service Account 78 | resource "google_service_account" "gitlab_gcs" { 79 | project = var.project_id 80 | account_id = "gitlab-gcs" 81 | display_name = "GitLab Cloud Storage" 82 | } 83 | 84 | resource "google_service_account_key" "gitlab_gcs" { 85 | service_account_id = google_service_account.gitlab_gcs.name 86 | } 87 | 88 | resource "google_project_iam_member" "project" { 89 | project = var.project_id 90 | role = "roles/storage.admin" 91 | member = "serviceAccount:${google_service_account.gitlab_gcs.email}" 92 | } 93 | 94 | // Networking 95 | resource "google_compute_network" "gitlab" { 96 | name = "gitlab" 97 | project = module.project_services.project_id 98 | auto_create_subnetworks = false 99 | } 100 | 101 | resource "google_compute_subnetwork" "subnetwork" { 102 | name = "gitlab" 103 | ip_cidr_range = var.gitlab_nodes_subnet_cidr 104 | region = var.region 105 | network = google_compute_network.gitlab.self_link 106 | 107 | secondary_ip_range { 108 | range_name = "gitlab-cluster-pod-cidr" 109 | ip_cidr_range = var.gitlab_pods_subnet_cidr 110 | } 111 | 112 | secondary_ip_range { 113 | range_name = "gitlab-cluster-service-cidr" 114 | ip_cidr_range = var.gitlab_services_subnet_cidr 115 | } 116 | } 117 | 118 | resource "google_compute_address" "gitlab" { 119 | name = "gitlab" 120 | region = var.region 121 | address_type = "EXTERNAL" 122 | description = "Gitlab Ingress IP" 123 | depends_on = [module.project_services.project_id] 124 | count = var.gitlab_address_name == "" ? 1 : 0 125 | } 126 | 127 | // Database 128 | resource "google_compute_global_address" "gitlab_sql" { 129 | provider = google-beta 130 | project = var.project_id 131 | name = "gitlab-sql" 132 | purpose = "VPC_PEERING" 133 | address_type = "INTERNAL" 134 | network = google_compute_network.gitlab.self_link 135 | address = "10.1.0.0" 136 | prefix_length = 16 137 | } 138 | 139 | resource "google_service_networking_connection" "private_vpc_connection" { 140 | provider = google-beta 141 | network = google_compute_network.gitlab.self_link 142 | service = "servicenetworking.googleapis.com" 143 | reserved_peering_ranges = [google_compute_global_address.gitlab_sql.name] 144 | depends_on = [module.project_services.project_id] 145 | } 146 | 147 | resource "google_sql_database_instance" "gitlab_db" { 148 | depends_on = [google_service_networking_connection.private_vpc_connection] 149 | name = local.gitlab_db_name 150 | region = var.region 151 | database_version = "POSTGRES_11" 152 | deletion_protection = var.gitlab_deletion_protection 153 | 154 | settings { 155 | tier = "db-custom-4-15360" 156 | disk_autoresize = true 157 | 158 | ip_configuration { 159 | ipv4_enabled = "false" 160 | private_network = google_compute_network.gitlab.self_link 161 | } 162 | } 163 | } 164 | 165 | resource "google_sql_database" "gitlabhq_production" { 166 | name = "gitlabhq_production" 167 | instance = google_sql_database_instance.gitlab_db.name 168 | depends_on = [google_sql_user.gitlab] 169 | } 170 | 171 | resource "random_string" "autogenerated_gitlab_db_password" { 172 | length = 16 173 | special = false 174 | } 175 | 176 | resource "google_sql_user" "gitlab" { 177 | name = "gitlab" 178 | instance = google_sql_database_instance.gitlab_db.name 179 | 180 | # Postgres users cannot be deleted if they have been granted SQL roles 181 | deletion_policy = "ABANDON" 182 | 183 | password = var.gitlab_db_password != "" ? var.gitlab_db_password : random_string.autogenerated_gitlab_db_password.result 184 | } 185 | 186 | // Redis 187 | resource "google_redis_instance" "gitlab" { 188 | name = "gitlab" 189 | tier = "STANDARD_HA" 190 | memory_size_gb = 5 191 | region = var.region 192 | authorized_network = google_compute_network.gitlab.self_link 193 | 194 | depends_on = [module.project_services.project_id] 195 | 196 | display_name = "GitLab Redis" 197 | } 198 | 199 | // Cloud Storage 200 | resource "google_storage_bucket" "gitlab-backups" { 201 | name = "${var.project_id}-gitlab-backups" 202 | location = var.region 203 | force_destroy = var.allow_force_destroy 204 | } 205 | 206 | resource "google_storage_bucket" "gitlab-uploads" { 207 | name = "${var.project_id}-gitlab-uploads" 208 | location = var.region 209 | force_destroy = var.allow_force_destroy 210 | } 211 | 212 | resource "google_storage_bucket" "gitlab-artifacts" { 213 | name = "${var.project_id}-gitlab-artifacts" 214 | location = var.region 215 | force_destroy = var.allow_force_destroy 216 | } 217 | 218 | resource "google_storage_bucket" "git-lfs" { 219 | name = "${var.project_id}-git-lfs" 220 | location = var.region 221 | force_destroy = var.allow_force_destroy 222 | } 223 | 224 | resource "google_storage_bucket" "gitlab-packages" { 225 | name = "${var.project_id}-gitlab-packages" 226 | location = var.region 227 | force_destroy = var.allow_force_destroy 228 | } 229 | 230 | resource "google_storage_bucket" "gitlab-registry" { 231 | name = "${var.project_id}-registry" 232 | location = var.region 233 | force_destroy = var.allow_force_destroy 234 | } 235 | 236 | resource "google_storage_bucket" "gitlab-pseudo" { 237 | name = "${var.project_id}-pseudo" 238 | location = var.region 239 | force_destroy = var.allow_force_destroy 240 | } 241 | 242 | resource "google_storage_bucket" "gitlab-runner-cache" { 243 | name = "${var.project_id}-runner-cache" 244 | location = var.region 245 | force_destroy = var.allow_force_destroy 246 | } 247 | // GKE Cluster 248 | module "gke" { 249 | source = "terraform-google-modules/kubernetes-engine/google" 250 | version = "~> 24.0" 251 | 252 | # Create an implicit dependency on service activation 253 | project_id = module.project_services.project_id 254 | 255 | name = "gitlab" 256 | region = var.region 257 | regional = true 258 | kubernetes_version = var.gke_version 259 | 260 | remove_default_node_pool = true 261 | initial_node_count = 1 262 | 263 | network = google_compute_network.gitlab.name 264 | subnetwork = google_compute_subnetwork.subnetwork.name 265 | ip_range_pods = "gitlab-cluster-pod-cidr" 266 | ip_range_services = "gitlab-cluster-service-cidr" 267 | 268 | issue_client_certificate = true 269 | 270 | node_pools = [ 271 | { 272 | name = "gitlab" 273 | autoscaling = false 274 | machine_type = var.gke_machine_type 275 | node_count = 1 276 | }, 277 | ] 278 | 279 | node_pools_oauth_scopes = { 280 | all = ["https://www.googleapis.com/auth/cloud-platform"] 281 | } 282 | } 283 | 284 | resource "kubernetes_storage_class" "pd-ssd" { 285 | metadata { 286 | name = "pd-ssd" 287 | } 288 | 289 | storage_provisioner = "kubernetes.io/gce-pd" 290 | 291 | parameters = { 292 | type = "pd-ssd" 293 | } 294 | 295 | depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361] 296 | } 297 | 298 | resource "kubernetes_secret" "gitlab_pg" { 299 | metadata { 300 | name = "gitlab-pg" 301 | } 302 | 303 | data = { 304 | password = var.gitlab_db_password != "" ? var.gitlab_db_password : random_string.autogenerated_gitlab_db_password.result 305 | } 306 | 307 | depends_on = [time_sleep.sleep_for_cluster_fix_helm_6361] 308 | } 309 | 310 | resource "kubernetes_secret" "gitlab_rails_storage" { 311 | metadata { 312 | name = "gitlab-rails-storage" 313 | } 314 | 315 | data = { 316 | connection = <= 0.13.0' 30 | examples: 31 | - name: simple_example 32 | location: examples/simple_example 33 | variables: 34 | - name: allow_force_destroy 35 | description: Allows full cleanup of resources by disabling any deletion safe guards 36 | type: bool 37 | default: false 38 | required: false 39 | - name: certmanager_email 40 | description: Email used to retrieve SSL certificates from Let's Encrypt 41 | type: string 42 | required: true 43 | - name: domain 44 | description: Domain for hosting gitlab functionality (ie mydomain.com would access gitlab at gitlab.mydomain.com) 45 | type: string 46 | default: "" 47 | required: false 48 | - name: gitlab_address_name 49 | description: Name of the address to use for GitLab ingress 50 | type: string 51 | default: "" 52 | required: false 53 | - name: gitlab_db_name 54 | description: Instance name for the GitLab Postgres database. 55 | type: string 56 | default: gitlab-db 57 | required: false 58 | - name: gitlab_db_password 59 | description: Password for the GitLab Postgres user 60 | type: string 61 | default: "" 62 | required: false 63 | - name: gitlab_db_random_prefix 64 | description: Sets random suffix at the end of the Cloud SQL instance name. 65 | type: bool 66 | default: false 67 | required: false 68 | - name: gitlab_deletion_protection 69 | description: Must be false to allow Terraform to destroy the Cloud SQL instance. 70 | type: bool 71 | default: true 72 | required: false 73 | - name: gitlab_nodes_subnet_cidr 74 | description: Cidr range to use for gitlab GKE nodes subnet 75 | type: string 76 | default: 10.0.0.0/16 77 | required: false 78 | - name: gitlab_pods_subnet_cidr 79 | description: Cidr range to use for gitlab GKE pods subnet 80 | type: string 81 | default: 10.3.0.0/16 82 | required: false 83 | - name: gitlab_runner_install 84 | description: Choose whether to install the gitlab runner in the cluster 85 | type: bool 86 | default: true 87 | required: false 88 | - name: gitlab_services_subnet_cidr 89 | description: Cidr range to use for gitlab GKE services subnet 90 | type: string 91 | default: 10.2.0.0/16 92 | required: false 93 | - name: gke_machine_type 94 | description: Machine type used for the node-pool 95 | type: string 96 | default: n1-standard-4 97 | required: false 98 | - name: gke_version 99 | description: Version of GKE to use for the GitLab cluster 100 | type: string 101 | default: "1.21" 102 | required: false 103 | - name: helm_chart_version 104 | description: Helm chart version to install during deployment 105 | type: string 106 | default: 4.2.4 107 | required: false 108 | - name: project_id 109 | description: GCP Project to deploy resources 110 | type: string 111 | required: true 112 | - name: region 113 | description: GCP region to deploy resources to 114 | type: string 115 | default: us-central1 116 | required: false 117 | outputs: 118 | - name: cluster_ca_certificate 119 | description: CA Certificate for the GKE cluster that GitLab is deployed in. 120 | - name: cluster_location 121 | description: Location of the GKE cluster that GitLab is deployed in. 122 | - name: cluster_name 123 | description: Name of the GKE cluster that GitLab is deployed in. 124 | - name: gitlab_address 125 | description: IP address where you can connect to your GitLab instance 126 | - name: gitlab_url 127 | description: URL where you can access your GitLab instance 128 | - name: host 129 | description: Host for the GKE cluster that GitLab is deployed in. 130 | - name: root_password_instructions 131 | description: Instructions for getting the root user's password for initial setup 132 | - name: token 133 | description: Token for the GKE cluster that GitLab is deployed in. 134 | roles: 135 | - level: Project 136 | roles: 137 | - roles/owner 138 | services: 139 | - iam.googleapis.com 140 | - serviceusage.googleapis.com 141 | - compute.googleapis.com 142 | - container.googleapis.com 143 | - cloudresourcemanager.googleapis.com 144 | - sqladmin.googleapis.com 145 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "gitlab_address" { 18 | value = local.gitlab_address 19 | description = "IP address where you can connect to your GitLab instance" 20 | } 21 | 22 | output "gitlab_url" { 23 | value = "https://gitlab.${local.domain}" 24 | description = "URL where you can access your GitLab instance" 25 | } 26 | 27 | output "cluster_name" { 28 | value = module.gke.name 29 | description = "Name of the GKE cluster that GitLab is deployed in." 30 | } 31 | 32 | output "cluster_location" { 33 | value = module.gke.location 34 | description = "Location of the GKE cluster that GitLab is deployed in." 35 | } 36 | 37 | output "cluster_ca_certificate" { 38 | value = module.gke_auth.cluster_ca_certificate 39 | description = "CA Certificate for the GKE cluster that GitLab is deployed in." 40 | } 41 | 42 | output "host" { 43 | value = module.gke_auth.host 44 | description = "Host for the GKE cluster that GitLab is deployed in." 45 | } 46 | 47 | output "token" { 48 | value = module.gke_auth.token 49 | description = "Token for the GKE cluster that GitLab is deployed in." 50 | } 51 | 52 | output "root_password_instructions" { 53 | value = < gitlab_url, :method => :get, :verify_ssl => false) 31 | }.to_not raise_exception 32 | end 33 | end 34 | end 35 | -------------------------------------------------------------------------------- /test/integration/simple_example/inspec.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | name: simple_example 16 | depends: 17 | - name: inspec-gcp 18 | git: https://github.com/inspec/inspec-gcp.git 19 | tag: v0.11.0 20 | attributes: 21 | - name: gitlab_url 22 | required: true 23 | type: string 24 | -------------------------------------------------------------------------------- /test/setup/.gitignore: -------------------------------------------------------------------------------- 1 | terraform.tfvars 2 | source.sh 3 | -------------------------------------------------------------------------------- /test/setup/iam.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | int_required_roles = [ 19 | "roles/owner" 20 | ] 21 | } 22 | 23 | resource "google_service_account" "int_test" { 24 | project = module.gke-gitlab-proj.project_id 25 | account_id = "gke-ci-account" 26 | display_name = "gke-ci-account" 27 | } 28 | 29 | resource "google_project_iam_member" "int_test" { 30 | count = length(local.int_required_roles) 31 | 32 | project = module.gke-gitlab-proj.project_id 33 | role = local.int_required_roles[count.index] 34 | member = "serviceAccount:${google_service_account.int_test.email}" 35 | } 36 | 37 | resource "google_service_account_key" "int_test" { 38 | service_account_id = google_service_account.int_test.id 39 | } 40 | -------------------------------------------------------------------------------- /test/setup/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "gke-gitlab-proj" { 18 | source = "terraform-google-modules/project-factory/google" 19 | version = "~> 14.0" 20 | 21 | name = "ci-gitlab" 22 | random_project_id = true 23 | org_id = var.org_id 24 | folder_id = var.folder_id 25 | billing_account = var.billing_account 26 | disable_services_on_destroy = false 27 | 28 | auto_create_network = true 29 | 30 | activate_apis = [ 31 | "iam.googleapis.com", 32 | "serviceusage.googleapis.com", 33 | "compute.googleapis.com", 34 | "container.googleapis.com", 35 | "cloudresourcemanager.googleapis.com", 36 | "sqladmin.googleapis.com", 37 | ] 38 | } 39 | -------------------------------------------------------------------------------- /test/setup/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = module.gke-gitlab-proj.project_id 19 | } 20 | 21 | output "sa_key" { 22 | value = google_service_account_key.int_test.private_key 23 | sensitive = true 24 | } 25 | -------------------------------------------------------------------------------- /test/setup/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | variable "org_id" { 17 | description = "The numeric organization id" 18 | } 19 | 20 | variable "folder_id" { 21 | description = "The folder to deploy in" 22 | } 23 | 24 | variable "billing_account" { 25 | description = "The billing account id associated with the project, e.g. XXXXXX-YYYYYY-ZZZZZZ" 26 | } 27 | -------------------------------------------------------------------------------- /test/setup/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13.0" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.44, < 5.0" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.44, < 5.0" 27 | } 28 | } 29 | } 30 | 31 | -------------------------------------------------------------------------------- /values.yaml.tpl: -------------------------------------------------------------------------------- 1 | # Values for gitlab/gitlab chart on GKE 2 | global: 3 | edition: ce 4 | hosts: 5 | domain: ${DOMAIN} 6 | https: true 7 | gitlab: {} 8 | externalIP: ${INGRESS_IP} 9 | ssh: ~ 10 | 11 | ## doc/charts/globals.md#configure-ingress-settings 12 | ingress: 13 | configureCertmanager: true 14 | enabled: true 15 | tls: 16 | enabled: true 17 | 18 | ## doc/charts/globals.md#configure-postgresql-settings 19 | psql: 20 | password: 21 | secret: gitlab-pg 22 | key: password 23 | host: ${DB_PRIVATE_IP} 24 | port: 5432 25 | username: gitlab 26 | database: gitlabhq_production 27 | 28 | redis: 29 | password: 30 | enabled: false 31 | host: ${REDIS_PRIVATE_IP} 32 | 33 | ## doc/charts/globals.md#configure-minio-settings 34 | minio: 35 | enabled: false 36 | 37 | ## doc/charts/globals.md#configure-appconfig-settings 38 | ## Rails based portions of this chart share many settings 39 | appConfig: 40 | ## doc/charts/globals.md#general-application-settings 41 | enableUsagePing: false 42 | 43 | ## doc/charts/globals.md#lfs-artifacts-uploads-packages 44 | backups: 45 | bucket: ${PROJECT_ID}-gitlab-backups 46 | lfs: 47 | bucket: ${PROJECT_ID}-git-lfs 48 | connection: 49 | secret: gitlab-rails-storage 50 | key: connection 51 | artifacts: 52 | bucket: ${PROJECT_ID}-gitlab-artifacts 53 | connection: 54 | secret: gitlab-rails-storage 55 | key: connection 56 | uploads: 57 | bucket: ${PROJECT_ID}-gitlab-uploads 58 | connection: 59 | secret: gitlab-rails-storage 60 | key: connection 61 | packages: 62 | bucket: ${PROJECT_ID}-gitlab-packages 63 | connection: 64 | secret: gitlab-rails-storage 65 | key: connection 66 | 67 | ## doc/charts/globals.md#pseudonymizer-settings 68 | pseudonymizer: 69 | bucket: ${PROJECT_ID}-gitlab-pseudo 70 | connection: 71 | secret: gitlab-rails-storage 72 | key: connection 73 | 74 | certmanager-issuer: 75 | email: ${CERT_MANAGER_EMAIL} 76 | 77 | prometheus: 78 | install: false 79 | 80 | redis: 81 | install: false 82 | 83 | gitlab: 84 | gitaly: 85 | persistence: 86 | size: 200Gi 87 | storageClass: "pd-ssd" 88 | task-runner: 89 | backups: 90 | objectStorage: 91 | backend: gcs 92 | config: 93 | secret: google-application-credentials 94 | key: gcs-application-credentials-file 95 | gcpProject: ${PROJECT_ID} 96 | 97 | postgresql: 98 | install: false 99 | 100 | gitlab-runner: 101 | install: ${GITLAB_RUNNER_INSTALL} 102 | rbac: 103 | create: true 104 | runners: 105 | locked: false 106 | cache: 107 | cacheType: gcs 108 | gcsBucketName: ${PROJECT_ID}-runner-cache 109 | secretName: google-application-credentials 110 | cacheShared: true 111 | 112 | registry: 113 | enabled: true 114 | storage: 115 | secret: gitlab-registry-storage 116 | key: storage 117 | extraKey: gcs.json 118 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "GCP Project to deploy resources" 19 | type = string 20 | } 21 | 22 | variable "domain" { 23 | description = "Domain for hosting gitlab functionality (ie mydomain.com would access gitlab at gitlab.mydomain.com)" 24 | type = string 25 | default = "" 26 | } 27 | 28 | variable "certmanager_email" { 29 | description = "Email used to retrieve SSL certificates from Let's Encrypt" 30 | type = string 31 | } 32 | 33 | variable "gke_version" { 34 | description = "Version of GKE to use for the GitLab cluster" 35 | type = string 36 | default = "1.21" 37 | } 38 | 39 | variable "gke_machine_type" { 40 | description = "Machine type used for the node-pool" 41 | type = string 42 | default = "n1-standard-4" 43 | } 44 | 45 | variable "gitlab_db_name" { 46 | description = "Instance name for the GitLab Postgres database." 47 | type = string 48 | default = "gitlab-db" 49 | } 50 | 51 | variable "gitlab_db_random_prefix" { 52 | description = "Sets random suffix at the end of the Cloud SQL instance name." 53 | type = bool 54 | default = false 55 | } 56 | 57 | variable "gitlab_deletion_protection" { 58 | description = "Must be false to allow Terraform to destroy the Cloud SQL instance." 59 | type = bool 60 | default = true 61 | } 62 | 63 | variable "gitlab_db_password" { 64 | description = "Password for the GitLab Postgres user" 65 | type = string 66 | default = "" 67 | } 68 | 69 | variable "gitlab_address_name" { 70 | description = "Name of the address to use for GitLab ingress" 71 | type = string 72 | default = "" 73 | } 74 | 75 | variable "gitlab_runner_install" { 76 | description = "Choose whether to install the gitlab runner in the cluster" 77 | type = bool 78 | default = true 79 | } 80 | 81 | variable "region" { 82 | default = "us-central1" 83 | type = string 84 | description = "GCP region to deploy resources to" 85 | } 86 | 87 | variable "gitlab_nodes_subnet_cidr" { 88 | default = "10.0.0.0/16" 89 | type = string 90 | description = "Cidr range to use for gitlab GKE nodes subnet" 91 | } 92 | 93 | variable "gitlab_pods_subnet_cidr" { 94 | default = "10.3.0.0/16" 95 | type = string 96 | description = "Cidr range to use for gitlab GKE pods subnet" 97 | } 98 | 99 | variable "gitlab_services_subnet_cidr" { 100 | default = "10.2.0.0/16" 101 | type = string 102 | description = "Cidr range to use for gitlab GKE services subnet" 103 | } 104 | 105 | variable "helm_chart_version" { 106 | type = string 107 | default = "4.2.4" 108 | description = "Helm chart version to install during deployment" 109 | } 110 | 111 | variable "allow_force_destroy" { 112 | type = bool 113 | default = false 114 | description = "Allows full cleanup of resources by disabling any deletion safe guards" 115 | } 116 | -------------------------------------------------------------------------------- /versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13.0" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.49, < 5.0" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.49, < 5.0" 27 | } 28 | helm = { 29 | source = "hashicorp/helm" 30 | version = "~> 2.0" 31 | } 32 | kubernetes = { 33 | source = "hashicorp/kubernetes" 34 | version = "~> 2.0" 35 | } 36 | null = { 37 | source = "hashicorp/null" 38 | version = ">= 2.1.2" 39 | } 40 | random = { 41 | source = "hashicorp/random" 42 | version = ">= 2.2.1" 43 | } 44 | template = { 45 | source = "hashicorp/template" 46 | version = ">= 2.1.2" 47 | } 48 | time = { 49 | source = "hashicorp/time" 50 | version = "~> 0.9" 51 | } 52 | } 53 | 54 | provider_meta "google" { 55 | module_name = "blueprints/terraform/terraform-google-gke-gitlab/v3.0.0" 56 | } 57 | 58 | provider_meta "google-beta" { 59 | module_name = "blueprints/terraform/terraform-google-gke-gitlab/v3.0.0" 60 | } 61 | } 62 | --------------------------------------------------------------------------------