azure: create the production environment for gitlab
Related to T4063
Test Plan
terraform plan happy:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# module.gitlab-production.azurerm_resource_group.gitlab_rg will be created
+ resource "azurerm_resource_group" "gitlab_rg" {
+ id = (known after apply)
+ location = "westeurope"
+ name = "euwest-gitlab-production"
+ tags = {
+ "environment" = "gitlab"
}
}
# module.gitlab-production.azurerm_storage_account.gitlab_storage will be created
+ resource "azurerm_storage_account" "gitlab_storage" {
+ access_tier = (known after apply)
+ account_kind = "StorageV2"
+ account_replication_type = "LRS"
+ account_tier = "Standard"
+ allow_nested_items_to_be_public = true
+ cross_tenant_replication_enabled = true
+ enable_https_traffic_only = true
+ id = (known after apply)
+ infrastructure_encryption_enabled = false
+ is_hns_enabled = false
+ large_file_share_enabled = (known after apply)
+ location = "westeurope"
+ min_tls_version = "TLS1_2"
+ name = "swheuwestgitlabprod"
+ nfsv3_enabled = false
+ primary_access_key = (sensitive value)
+ primary_blob_connection_string = (sensitive value)
+ primary_blob_endpoint = (known after apply)
+ primary_blob_host = (known after apply)
+ primary_connection_string = (sensitive value)
+ primary_dfs_endpoint = (known after apply)
+ primary_dfs_host = (known after apply)
+ primary_file_endpoint = (known after apply)
+ primary_file_host = (known after apply)
+ primary_location = (known after apply)
+ primary_queue_endpoint = (known after apply)
+ primary_queue_host = (known after apply)
+ primary_table_endpoint = (known after apply)
+ primary_table_host = (known after apply)
+ primary_web_endpoint = (known after apply)
+ primary_web_host = (known after apply)
+ queue_encryption_key_type = "Service"
+ resource_group_name = "euwest-gitlab-production"
+ secondary_access_key = (sensitive value)
+ secondary_blob_connection_string = (sensitive value)
+ secondary_blob_endpoint = (known after apply)
+ secondary_blob_host = (known after apply)
+ secondary_connection_string = (sensitive value)
+ secondary_dfs_endpoint = (known after apply)
+ secondary_dfs_host = (known after apply)
+ secondary_file_endpoint = (known after apply)
+ secondary_file_host = (known after apply)
+ secondary_location = (known after apply)
+ secondary_queue_endpoint = (known after apply)
+ secondary_queue_host = (known after apply)
+ secondary_table_endpoint = (known after apply)
+ secondary_table_host = (known after apply)
+ secondary_web_endpoint = (known after apply)
+ secondary_web_host = (known after apply)
+ shared_access_key_enabled = true
+ table_encryption_key_type = "Service"
+ tags = {
+ "environment" = "gitlab"
}
+ blob_properties {
+ change_feed_enabled = false
+ default_service_version = (known after apply)
+ last_access_time_enabled = false
+ versioning_enabled = false
+ container_delete_retention_policy {
+ days = 7
}
+ delete_retention_policy {
+ days = 7
}
}
+ network_rules {
+ bypass = (known after apply)
+ default_action = (known after apply)
+ ip_rules = (known after apply)
+ virtual_network_subnet_ids = (known after apply)
+ private_link_access {
+ endpoint_resource_id = (known after apply)
+ endpoint_tenant_id = (known after apply)
}
}
+ queue_properties {
+ cors_rule {
+ allowed_headers = (known after apply)
+ allowed_methods = (known after apply)
+ allowed_origins = (known after apply)
+ exposed_headers = (known after apply)
+ max_age_in_seconds = (known after apply)
}
+ hour_metrics {
+ enabled = (known after apply)
+ include_apis = (known after apply)
+ retention_policy_days = (known after apply)
+ version = (known after apply)
}
+ logging {
+ delete = (known after apply)
+ read = (known after apply)
+ retention_policy_days = (known after apply)
+ version = (known after apply)
+ write = (known after apply)
}
+ minute_metrics {
+ enabled = (known after apply)
+ include_apis = (known after apply)
+ retention_policy_days = (known after apply)
+ version = (known after apply)
}
}
+ routing {
+ choice = (known after apply)
+ publish_internet_endpoints = (known after apply)
+ publish_microsoft_endpoints = (known after apply)
}
+ share_properties {
+ cors_rule {
+ allowed_headers = (known after apply)
+ allowed_methods = (known after apply)
+ allowed_origins = (known after apply)
+ exposed_headers = (known after apply)
+ max_age_in_seconds = (known after apply)
}
+ retention_policy {
+ days = (known after apply)
}
+ smb {
+ authentication_types = (known after apply)
+ channel_encryption_type = (known after apply)
+ kerberos_ticket_encryption_type = (known after apply)
+ versions = (known after apply)
}
}
}
# module.gitlab-production.azurerm_storage_container.gitlab_storage_container[0] will be created
+ resource "azurerm_storage_container" "gitlab_storage_container" {
+ container_access_type = "private"
+ has_immutability_policy = (known after apply)
+ has_legal_hold = (known after apply)
+ id = (known after apply)
+ metadata = (known after apply)
+ name = "artifacts"
+ resource_manager_id = (known after apply)
+ storage_account_name = "swheuwestgitlabprod"
}
# module.gitlab-production.azurerm_storage_container.gitlab_storage_container[1] will be created
+ resource "azurerm_storage_container" "gitlab_storage_container" {
+ container_access_type = "private"
+ has_immutability_policy = (known after apply)
+ has_legal_hold = (known after apply)
+ id = (known after apply)
+ metadata = (known after apply)
+ name = "registry"
+ resource_manager_id = (known after apply)
+ storage_account_name = "swheuwestgitlabprod"
}
# module.gitlab-production.azurerm_storage_container.gitlab_storage_container[2] will be created
+ resource "azurerm_storage_container" "gitlab_storage_container" {
+ container_access_type = "private"
+ has_immutability_policy = (known after apply)
+ has_legal_hold = (known after apply)
+ id = (known after apply)
+ metadata = (known after apply)
+ name = "external-diffs"
+ resource_manager_id = (known after apply)
+ storage_account_name = "swheuwestgitlabprod"
}
# module.gitlab-production.azurerm_storage_container.gitlab_storage_container[3] will be created
+ resource "azurerm_storage_container" "gitlab_storage_container" {
+ container_access_type = "private"
+ has_immutability_policy = (known after apply)
+ has_legal_hold = (known after apply)
+ id = (known after apply)
+ metadata = (known after apply)
+ name = "lfs-objects"
+ resource_manager_id = (known after apply)
+ storage_account_name = "swheuwestgitlabprod"
}
# module.gitlab-production.azurerm_storage_container.gitlab_storage_container[4] will be created
+ resource "azurerm_storage_container" "gitlab_storage_container" {
+ container_access_type = "private"
+ has_immutability_policy = (known after apply)
+ has_legal_hold = (known after apply)
+ id = (known after apply)
+ metadata = (known after apply)
+ name = "uploads"
+ resource_manager_id = (known after apply)
+ storage_account_name = "swheuwestgitlabprod"
}
# module.gitlab-production.azurerm_storage_container.gitlab_storage_container[5] will be created
+ resource "azurerm_storage_container" "gitlab_storage_container" {
+ container_access_type = "private"
+ has_immutability_policy = (known after apply)
+ has_legal_hold = (known after apply)
+ id = (known after apply)
+ metadata = (known after apply)
+ name = "packages"
+ resource_manager_id = (known after apply)
+ storage_account_name = "swheuwestgitlabprod"
}
# module.gitlab-production.azurerm_storage_container.gitlab_storage_container[6] will be created
+ resource "azurerm_storage_container" "gitlab_storage_container" {
+ container_access_type = "private"
+ has_immutability_policy = (known after apply)
+ has_legal_hold = (known after apply)
+ id = (known after apply)
+ metadata = (known after apply)
+ name = "dependency-proxy"
+ resource_manager_id = (known after apply)
+ storage_account_name = "swheuwestgitlabprod"
}
# module.gitlab-production.azurerm_storage_container.gitlab_storage_container[7] will be created
+ resource "azurerm_storage_container" "gitlab_storage_container" {
+ container_access_type = "private"
+ has_immutability_policy = (known after apply)
+ has_legal_hold = (known after apply)
+ id = (known after apply)
+ metadata = (known after apply)
+ name = "terraform"
+ resource_manager_id = (known after apply)
+ storage_account_name = "swheuwestgitlabprod"
}
# module.gitlab-production.azurerm_storage_container.gitlab_storage_container[8] will be created
+ resource "azurerm_storage_container" "gitlab_storage_container" {
+ container_access_type = "private"
+ has_immutability_policy = (known after apply)
+ has_legal_hold = (known after apply)
+ id = (known after apply)
+ metadata = (known after apply)
+ name = "pages"
+ resource_manager_id = (known after apply)
+ storage_account_name = "swheuwestgitlabprod"
}
# module.gitlab-production.module.gitlab_aks_cluster.data.azurerm_resource_group.aks_rg will be read during apply
# (depends on a resource or a module with changes pending)
<= data "azurerm_resource_group" "aks_rg" {
+ id = (known after apply)
+ location = (known after apply)
+ name = "euwest-gitlab-production"
+ tags = (known after apply)
+ timeouts {
+ read = (known after apply)
}
}
# module.gitlab-production.module.gitlab_aks_cluster.data.azurerm_subnet.internal_subnet will be read during apply
# (depends on a resource or a module with changes pending)
<= data "azurerm_subnet" "internal_subnet" {
+ address_prefix = (known after apply)
+ address_prefixes = (known after apply)
+ enforce_private_link_endpoint_network_policies = (known after apply)
+ enforce_private_link_service_network_policies = (known after apply)
+ id = (known after apply)
+ name = "default"
+ network_security_group_id = (known after apply)
+ resource_group_name = "swh-resource"
+ route_table_id = (known after apply)
+ service_endpoints = (known after apply)
+ virtual_network_name = "swh-vnet"
+ timeouts {
+ read = (known after apply)
}
}
# module.gitlab-production.module.gitlab_aks_cluster.azurerm_kubernetes_cluster.aks_cluster will be created
+ resource "azurerm_kubernetes_cluster" "aks_cluster" {
+ dns_prefix = "euwest-gitlab-production"
+ fqdn = (known after apply)
+ http_application_routing_zone_name = (known after apply)
+ id = (known after apply)
+ kube_admin_config = (sensitive value)
+ kube_admin_config_raw = (sensitive value)
+ kube_config = (sensitive value)
+ kube_config_raw = (sensitive value)
+ kubernetes_version = (known after apply)
+ location = (known after apply)
+ name = "euwest-gitlab-production"
+ node_resource_group = "euwest-gitlab-production-internal"
+ oidc_issuer_url = (known after apply)
+ portal_fqdn = (known after apply)
+ private_cluster_enabled = true
+ private_cluster_public_fqdn_enabled = false
+ private_dns_zone_id = (known after apply)
+ private_fqdn = (known after apply)
+ public_network_access_enabled = true
+ resource_group_name = "euwest-gitlab-production"
+ role_based_access_control_enabled = true
+ run_command_enabled = true
+ sku_tier = "Free"
+ auto_scaler_profile {
+ balance_similar_node_groups = (known after apply)
+ empty_bulk_delete_max = (known after apply)
+ expander = (known after apply)
+ max_graceful_termination_sec = (known after apply)
+ max_node_provisioning_time = (known after apply)
+ max_unready_nodes = (known after apply)
+ max_unready_percentage = (known after apply)
+ new_pod_scale_up_delay = (known after apply)
+ scale_down_delay_after_add = (known after apply)
+ scale_down_delay_after_delete = (known after apply)
+ scale_down_delay_after_failure = (known after apply)
+ scale_down_unneeded = (known after apply)
+ scale_down_unready = (known after apply)
+ scale_down_utilization_threshold = (known after apply)
+ scan_interval = (known after apply)
+ skip_nodes_with_local_storage = (known after apply)
+ skip_nodes_with_system_pods = (known after apply)
}
+ default_node_pool {
+ enable_auto_scaling = true
+ kubelet_disk_type = (known after apply)
+ max_count = 5
+ max_pods = (known after apply)
+ min_count = 1
+ name = "default"
+ node_count = (known after apply)
+ node_labels = (known after apply)
+ orchestrator_version = (known after apply)
+ os_disk_size_gb = (known after apply)
+ os_disk_type = "Managed"
+ os_sku = (known after apply)
+ type = "VirtualMachineScaleSets"
+ ultra_ssd_enabled = false
+ vm_size = "Standard_B2ms"
}
+ identity {
+ principal_id = (known after apply)
+ tenant_id = (known after apply)
+ type = "SystemAssigned"
}
+ kubelet_identity {
+ client_id = (known after apply)
+ object_id = (known after apply)
+ user_assigned_identity_id = (known after apply)
}
+ network_profile {
+ dns_service_ip = (known after apply)
+ docker_bridge_cidr = (known after apply)
+ ip_versions = (known after apply)
+ load_balancer_sku = "standard"
+ network_mode = (known after apply)
+ network_plugin = "kubenet"
+ network_policy = "calico"
+ outbound_type = "loadBalancer"
+ pod_cidr = (known after apply)
+ service_cidr = (known after apply)
+ load_balancer_profile {
+ effective_outbound_ips = (known after apply)
+ idle_timeout_in_minutes = (known after apply)
+ managed_outbound_ip_count = (known after apply)
+ outbound_ip_address_ids = (known after apply)
+ outbound_ip_prefix_ids = (known after apply)
+ outbound_ports_allocated = (known after apply)
}
+ nat_gateway_profile {
+ effective_outbound_ips = (known after apply)
+ idle_timeout_in_minutes = (known after apply)
+ managed_outbound_ip_count = (known after apply)
}
}
+ windows_profile {
+ admin_password = (sensitive value)
+ admin_username = (known after apply)
+ license = (known after apply)
}
}
# module.gitlab-production.module.gitlab_aks_cluster.azurerm_private_endpoint.aks_cluster_endpoint will be created
+ resource "azurerm_private_endpoint" "aks_cluster_endpoint" {
+ custom_dns_configs = (known after apply)
+ id = (known after apply)
+ location = (known after apply)
+ name = "euwest-gitlab-production-endpoint"
+ network_interface = (known after apply)
+ private_dns_zone_configs = (known after apply)
+ resource_group_name = "euwest-gitlab-production"
+ subnet_id = (known after apply)
+ private_service_connection {
+ is_manual_connection = false
+ name = "euwest-gitlab-production-psc"
+ private_connection_resource_id = (known after apply)
+ private_ip_address = (known after apply)
+ subresource_names = [
+ "management",
]
}
}
# module.gitlab-production.module.gitlab_aks_cluster.azurerm_public_ip.aks_cluster_public_ip[0] will be created
+ resource "azurerm_public_ip" "aks_cluster_public_ip" {
+ allocation_method = "Static"
+ fqdn = (known after apply)
+ id = (known after apply)
+ idle_timeout_in_minutes = 4
+ ip_address = (known after apply)
+ ip_version = "IPv4"
+ location = (known after apply)
+ name = "euwest-gitlab-production_ip"
+ resource_group_name = "euwest-gitlab-production-internal"
+ sku = "Standard"
+ sku_tier = "Regional"
+ zones = [
+ "1",
+ "2",
+ "3",
]
}
Plan: 14 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ gitlab-production_aks_summary = (known after apply)
+ gitlab-production_storage_summary = (sensitive value)Migrated from D8645 (view on Phabricator)