clean up unused cluster-wide IP and dns WRR configs (#707)

* clean up unused cluster-wide IP and dns WRR configs Signed-off-by: Bob Callaway <[email protected]> * fix tf fmt lint Signed-off-by: Bob Callaway <[email protected]> --------- Signed-off-by: Bob Callaway <[email protected]>
sigstore · Aug 14, 2023 · 4e9f2ff · 4e9f2ff
1 parent 72caff5
commit 4e9f2ff
Show file tree

Hide file tree

Showing 16 changed files with 22 additions and 242 deletions.
diff --git a/terraform/gcp/modules/ctlog/main.tf b/terraform/gcp/modules/ctlog/main.tf
@@ -36,17 +36,7 @@ resource "google_dns_record_set" "A_ctfe" {
   project      = var.project_id
   managed_zone = var.dns_zone_name
 
-  routing_policy {
-    wrr {
-      weight  = var.nginx_traffic_weight
-      rrdatas = [var.load_balancer_ipv4]
-    }
-
-    wrr {
-      weight  = var.gcp_lb_traffic_weight
-      rrdatas = [google_compute_global_address.gce_lb_ipv4.address]
-    }
-  }
+  rrdatas = [google_compute_global_address.gce_lb_ipv4.address]
 }
 
 // Create a static global IP for the external IPV4 GCE L7 load balancer

diff --git a/terraform/gcp/modules/ctlog/variables.tf b/terraform/gcp/modules/ctlog/variables.tf
@@ -37,21 +37,3 @@ variable "dns_domain_name" {
   description = "Name of DNS domain name in Google Cloud DNS"
   type        = string
 }
-
-variable "load_balancer_ipv4" {
-  description = "IPv4 adddress of external load balancer"
-  type        = string
-}
-
-// temporary variables to facilitate traffic shift
-variable "nginx_traffic_weight" {
-  description = "weight for DNS weighted round robin for NGINX-based ingress"
-  type        = number
-  default     = 1
-}
-
-variable "gcp_lb_traffic_weight" {
-  description = "weight for DNS weighted round robin for GCP-based load balancer"
-  type        = number
-  default     = 0
-}
diff --git a/terraform/gcp/modules/dex/main.tf b/terraform/gcp/modules/dex/main.tf
@@ -36,17 +36,7 @@ resource "google_dns_record_set" "A_dex" {
   project      = var.project_id
   managed_zone = var.dns_zone_name
 
-  routing_policy {
-    wrr {
-      weight  = var.nginx_traffic_weight
-      rrdatas = [var.load_balancer_ipv4]
-    }
-
-    wrr {
-      weight  = var.gcp_lb_traffic_weight
-      rrdatas = [google_compute_global_address.gce_lb_ipv4.address]
-    }
-  }
+  rrdatas = [google_compute_global_address.gce_lb_ipv4.address]
 }
 
 // Create a static global IP for the external IPV4 GCE L7 load balancer

diff --git a/terraform/gcp/modules/dex/variables.tf b/terraform/gcp/modules/dex/variables.tf
@@ -33,25 +33,7 @@ variable "dns_domain_name" {
   type        = string
 }
 
-variable "load_balancer_ipv4" {
-  description = "IPv4 adddress of external load balancer"
-  type        = string
-}
-
 variable "cluster_name" {
   type    = string
   default = ""
 }
-
-// temporary variables to facilitate traffic shift
-variable "nginx_traffic_weight" {
-  description = "weight for DNS weighted round robin for NGINX-based ingress"
-  type        = number
-  default     = 1
-}
-
-variable "gcp_lb_traffic_weight" {
-  description = "weight for DNS weighted round robin for GCP-based load balancer"
-  type        = number
-  default     = 0
-}
diff --git a/terraform/gcp/modules/fulcio/fulcio.tf b/terraform/gcp/modules/fulcio/fulcio.tf
@@ -35,17 +35,7 @@ resource "google_dns_record_set" "A_fulcio" {
   project      = var.project_id
   managed_zone = var.dns_zone_name
 
-  routing_policy {
-    wrr {
-      weight  = var.nginx_traffic_weight
-      rrdatas = [var.load_balancer_ipv4]
-    }
-
-    wrr {
-      weight  = var.gcp_lb_traffic_weight
-      rrdatas = [google_compute_global_address.gce_lb_ipv4.address]
-    }
-  }
+  rrdatas = [google_compute_global_address.gce_lb_ipv4.address]
 }
 
 // Create a static global IP for the external IPV4 GCE L7 load balancer

diff --git a/terraform/gcp/modules/fulcio/variables.tf b/terraform/gcp/modules/fulcio/variables.tf
@@ -79,21 +79,3 @@ variable "dns_domain_name" {
   description = "Name of DNS domain name in Google Cloud DNS"
   type        = string
 }
-
-variable "load_balancer_ipv4" {
-  description = "IPv4 adddress of external load balancer"
-  type        = string
-}
-
-// temporary variables to facilitate traffic shift
-variable "nginx_traffic_weight" {
-  description = "weight for DNS weighted round robin for NGINX-based ingress"
-  type        = number
-  default     = 1
-}
-
-variable "gcp_lb_traffic_weight" {
-  description = "weight for DNS weighted round robin for GCP-based load balancer"
-  type        = number
-  default     = 0
-}
diff --git a/terraform/gcp/modules/network/network.tf b/terraform/gcp/modules/network/network.tf
@@ -108,12 +108,3 @@ resource "google_compute_router_nat" "nat" {
   }
   depends_on = [google_compute_subnetwork.subnetwork]
 }
-
-// Create a static IP for the external IPV4 L7 load balancer
-resource "google_compute_address" "default_ipv4" {
-  name         = format("%s-ext-lb", var.cluster_name)
-  address      = var.requested_external_ipv4_address
-  address_type = "EXTERNAL"
-  project      = var.project_id
-  region       = var.region
-}
diff --git a/terraform/gcp/modules/network/outputs.tf b/terraform/gcp/modules/network/outputs.tf
@@ -29,11 +29,3 @@ output "subnetwork_self_link" {
 output "secondary_ip_range" {
   value = google_compute_subnetwork.subnetwork.secondary_ip_range
 }
-
-output "external_ipv4_name" {
-  value = google_compute_address.default_ipv4.name
-}
-
-output "external_ipv4_address" {
-  value = google_compute_address.default_ipv4.address
-}
diff --git a/terraform/gcp/modules/network/variables.tf b/terraform/gcp/modules/network/variables.tf
@@ -33,9 +33,3 @@ variable "cluster_name" {
   type    = string
   default = ""
 }
-
-variable "requested_external_ipv4_address" {
-  type        = string
-  description = "External IPv4 address to request"
-  default     = ""
-}
diff --git a/terraform/gcp/modules/rekor/rekor.tf b/terraform/gcp/modules/rekor/rekor.tf
@@ -51,17 +51,7 @@ resource "google_dns_record_set" "A_rekor" {
   project      = var.project_id
   managed_zone = var.dns_zone_name
 
-  routing_policy {
-    wrr {
-      weight  = var.nginx_traffic_weight
-      rrdatas = [var.load_balancer_ipv4]
-    }
-
-    wrr {
-      weight  = var.gcp_lb_traffic_weight
-      rrdatas = [google_compute_global_address.gce_lb_ipv4.address]
-    }
-  }
+  rrdatas = [google_compute_global_address.gce_lb_ipv4.address]
 }
 
 // Create a static global IP for the external IPV4 GCE L7 load balancer

diff --git a/terraform/gcp/modules/rekor/variables.tf b/terraform/gcp/modules/rekor/variables.tf
@@ -97,26 +97,8 @@ variable "dns_domain_name" {
   type        = string
 }
 
-variable "load_balancer_ipv4" {
-  description = "IPv4 adddress of external load balancer"
-  type        = string
-}
-
 variable "redis_cluster_memory_size_gb" {
   description = "size of redis cluster expressed in whole GB"
   type        = number
   default     = 30
 }
-
-// temporary variables to facilitate traffic shift
-variable "nginx_traffic_weight" {
-  description = "weight for DNS weighted round robin for NGINX-based ingress"
-  type        = number
-  default     = 1
-}
-
-variable "gcp_lb_traffic_weight" {
-  description = "weight for DNS weighted round robin for GCP-based load balancer"
-  type        = number
-  default     = 0
-}
diff --git a/terraform/gcp/modules/sigstore/outputs.tf b/terraform/gcp/modules/sigstore/outputs.tf
@@ -120,13 +120,3 @@ output "bastion_kubectl" {
   description = "kubectl command using the local proxy once the bastion_ssh command is running"
   value       = "HTTPS_PROXY=socks5://localhost:8118 kubectl get pods --all-namespaces"
 }
-
-output "external_ipv4_name" {
-  description = "Name of the external IPv4 address resource for services on the cluster"
-  value       = module.network.external_ipv4_name
-}
-
-output "external_ipv4_address" {
-  description = "External IPv4 Address for services on the cluster"
-  value       = module.network.external_ipv4_address
-}
diff --git a/terraform/gcp/modules/sigstore/sigstore.tf b/terraform/gcp/modules/sigstore/sigstore.tf
@@ -30,8 +30,6 @@ module "network" {
 
   cluster_name = var.cluster_name
 
-  requested_external_ipv4_address = var.static_external_ipv4_address
-
   depends_on = [
     module.project_roles
   ]
@@ -208,15 +206,11 @@ module "rekor" {
   gcs_logging_bucket  = var.gcs_logging_bucket
   storage_class       = var.attestation_storage_class
 
-  dns_zone_name      = var.dns_zone_name
-  dns_domain_name    = var.dns_domain_name
-  load_balancer_ipv4 = module.network.external_ipv4_address
+  dns_zone_name   = var.dns_zone_name
+  dns_domain_name = var.dns_domain_name
 
   redis_cluster_memory_size_gb = var.redis_cluster_memory_size_gb
 
-  nginx_traffic_weight  = var.rekor_nginx_traffic_weight
-  gcp_lb_traffic_weight = var.rekor_gcp_lb_traffic_weight
-
   depends_on = [
     module.network,
     module.gke-cluster,
@@ -240,12 +234,8 @@ module "fulcio" {
   fulcio_keyring_name = var.fulcio_keyring_name
   fulcio_key_name     = var.fulcio_intermediate_key_name
 
-  dns_zone_name      = var.dns_zone_name
-  dns_domain_name    = var.dns_domain_name
-  load_balancer_ipv4 = module.network.external_ipv4_address
-
-  nginx_traffic_weight  = var.fulcio_nginx_traffic_weight
-  gcp_lb_traffic_weight = var.fulcio_gcp_lb_traffic_weight
+  dns_zone_name   = var.dns_zone_name
+  dns_domain_name = var.dns_domain_name
 
   depends_on = [
     module.gke-cluster,
@@ -270,9 +260,8 @@ module "timestamp" {
   timestamp_encryption_key_name      = var.timestamp_encryption_key_name
   timestamp_intermediate_ca_key_name = var.timestamp_intermediate_ca_key_name
 
-  dns_zone_name      = var.dns_zone_name
-  dns_domain_name    = var.dns_domain_name
-  load_balancer_ipv4 = module.network.external_ipv4_address
+  dns_zone_name   = var.dns_zone_name
+  dns_domain_name = var.dns_domain_name
 
   depends_on = [
     module.gke-cluster,
@@ -322,12 +311,8 @@ module "ctlog" {
   project_id   = var.project_id
   cluster_name = var.cluster_name
 
-  dns_zone_name      = var.dns_zone_name
-  dns_domain_name    = var.dns_domain_name
-  load_balancer_ipv4 = module.network.external_ipv4_address
-
-  nginx_traffic_weight  = var.ctlog_nginx_traffic_weight
-  gcp_lb_traffic_weight = var.ctlog_gcp_lb_traffic_weight
+  dns_zone_name   = var.dns_zone_name
+  dns_domain_name = var.dns_domain_name
 
   depends_on = [
     module.gke-cluster,
@@ -439,12 +424,8 @@ module "dex" {
 
   cluster_name = var.cluster_name
 
-  dns_zone_name      = var.dns_zone_name
-  dns_domain_name    = var.dns_domain_name
-  load_balancer_ipv4 = module.network.external_ipv4_address
-
-  nginx_traffic_weight  = var.dex_nginx_traffic_weight
-  gcp_lb_traffic_weight = var.dex_gcp_lb_traffic_weight
+  dns_zone_name   = var.dns_zone_name
+  dns_domain_name = var.dns_domain_name
 
   depends_on = [
     module.gke-cluster,

diff --git a/terraform/gcp/modules/sigstore/variables.tf b/terraform/gcp/modules/sigstore/variables.tf
@@ -284,12 +284,6 @@ variable "dns_domain_name" {
   type        = string
 }
 
-variable "static_external_ipv4_address" {
-  description = "Static IPv4 Address to request for external services"
-  type        = string
-  default     = ""
-}
-
 variable "ctlog_shards" {
   type        = list(string)
   description = "Array of CTLog shards to create. Entry should be something like [2021, 2022], which would then have 2 independent CTLog shards backed by ctlog-2021 and ctlog-2022 Cloud SQL instances."
@@ -351,55 +345,3 @@ variable "redis_cluster_memory_size_gb" {
   type        = number
   default     = 30
 }
-
-// temporary variables to facilitate traffic shift for rekor
-variable "rekor_nginx_traffic_weight" {
-  description = "weight for DNS weighted round robin for NGINX-based ingress"
-  type        = number
-  default     = 1
-}
-
-variable "rekor_gcp_lb_traffic_weight" {
-  description = "weight for DNS weighted round robin for GCP-based load balancer"
-  type        = number
-  default     = 0
-}
-
-// temporary variables to facilitate traffic shift for dex
-variable "dex_nginx_traffic_weight" {
-  description = "weight for DNS weighted round robin for NGINX-based ingress"
-  type        = number
-  default     = 1
-}
-
-variable "dex_gcp_lb_traffic_weight" {
-  description = "weight for DNS weighted round robin for GCP-based load balancer"
-  type        = number
-  default     = 0
-}
-
-// temporary variables to facilitate traffic shift for fulcio
-variable "fulcio_nginx_traffic_weight" {
-  description = "weight for DNS weighted round robin for NGINX-based ingress"
-  type        = number
-  default     = 1
-}
-
-variable "fulcio_gcp_lb_traffic_weight" {
-  description = "weight for DNS weighted round robin for GCP-based load balancer"
-  type        = number
-  default     = 0
-}
-
-// temporary variables to facilitate traffic shift for fulcio
-variable "ctlog_nginx_traffic_weight" {
-  description = "weight for DNS weighted round robin for NGINX-based ingress"
-  type        = number
-  default     = 1
-}
-
-variable "ctlog_gcp_lb_traffic_weight" {
-  description = "weight for DNS weighted round robin for GCP-based load balancer"
-  type        = number
-  default     = 0
-}
diff --git a/terraform/gcp/modules/timestamp/timestamp.tf b/terraform/gcp/modules/timestamp/timestamp.tf
@@ -22,5 +22,12 @@ resource "google_dns_record_set" "A_timestamp" {
   project      = var.project_id
   managed_zone = var.dns_zone_name
 
-  rrdatas = [var.load_balancer_ipv4]
+  rrdatas = [google_compute_global_address.gce_lb_ipv4.address]
+}
+
+// Create a static global IP for the external IPV4 GCE L7 load balancer
+resource "google_compute_global_address" "gce_lb_ipv4" {
+  name         = format("timestamp-%s-gce-ext-lb", var.cluster_name)
+  address_type = "EXTERNAL"
+  project      = var.project_id
 }
diff --git a/terraform/gcp/modules/timestamp/variables.tf b/terraform/gcp/modules/timestamp/variables.tf
@@ -67,8 +67,3 @@ variable "dns_domain_name" {
   description = "Name of DNS domain name in Google Cloud DNS"
   type        = string
 }
-
-variable "load_balancer_ipv4" {
-  description = "IPv4 adddress of external load balancer"
-  type        = string
-}