diff --git a/terraform/gcp/modules/ctlog/main.tf b/terraform/gcp/modules/ctlog/main.tf index 3490d03bc..522752103 100644 --- a/terraform/gcp/modules/ctlog/main.tf +++ b/terraform/gcp/modules/ctlog/main.tf @@ -36,17 +36,7 @@ resource "google_dns_record_set" "A_ctfe" { project = var.project_id managed_zone = var.dns_zone_name - routing_policy { - wrr { - weight = var.nginx_traffic_weight - rrdatas = [var.load_balancer_ipv4] - } - - wrr { - weight = var.gcp_lb_traffic_weight - rrdatas = [google_compute_global_address.gce_lb_ipv4.address] - } - } + rrdatas = [google_compute_global_address.gce_lb_ipv4.address] } // Create a static global IP for the external IPV4 GCE L7 load balancer diff --git a/terraform/gcp/modules/ctlog/variables.tf b/terraform/gcp/modules/ctlog/variables.tf index c7aa2c549..9b6b6ae85 100644 --- a/terraform/gcp/modules/ctlog/variables.tf +++ b/terraform/gcp/modules/ctlog/variables.tf @@ -37,21 +37,3 @@ variable "dns_domain_name" { description = "Name of DNS domain name in Google Cloud DNS" type = string } - -variable "load_balancer_ipv4" { - description = "IPv4 adddress of external load balancer" - type = string -} - -// temporary variables to facilitate traffic shift -variable "nginx_traffic_weight" { - description = "weight for DNS weighted round robin for NGINX-based ingress" - type = number - default = 1 -} - -variable "gcp_lb_traffic_weight" { - description = "weight for DNS weighted round robin for GCP-based load balancer" - type = number - default = 0 -} diff --git a/terraform/gcp/modules/dex/main.tf b/terraform/gcp/modules/dex/main.tf index 66a7e347a..715f10480 100644 --- a/terraform/gcp/modules/dex/main.tf +++ b/terraform/gcp/modules/dex/main.tf @@ -36,17 +36,7 @@ resource "google_dns_record_set" "A_dex" { project = var.project_id managed_zone = var.dns_zone_name - routing_policy { - wrr { - weight = var.nginx_traffic_weight - rrdatas = [var.load_balancer_ipv4] - } - - wrr { - weight = var.gcp_lb_traffic_weight - rrdatas = [google_compute_global_address.gce_lb_ipv4.address] - } - } + rrdatas = [google_compute_global_address.gce_lb_ipv4.address] } // Create a static global IP for the external IPV4 GCE L7 load balancer diff --git a/terraform/gcp/modules/dex/variables.tf b/terraform/gcp/modules/dex/variables.tf index cf125e2ae..f4aee0071 100644 --- a/terraform/gcp/modules/dex/variables.tf +++ b/terraform/gcp/modules/dex/variables.tf @@ -33,25 +33,7 @@ variable "dns_domain_name" { type = string } -variable "load_balancer_ipv4" { - description = "IPv4 adddress of external load balancer" - type = string -} - variable "cluster_name" { type = string default = "" } - -// temporary variables to facilitate traffic shift -variable "nginx_traffic_weight" { - description = "weight for DNS weighted round robin for NGINX-based ingress" - type = number - default = 1 -} - -variable "gcp_lb_traffic_weight" { - description = "weight for DNS weighted round robin for GCP-based load balancer" - type = number - default = 0 -} diff --git a/terraform/gcp/modules/fulcio/fulcio.tf b/terraform/gcp/modules/fulcio/fulcio.tf index b7d33f5d3..40bf3bde2 100644 --- a/terraform/gcp/modules/fulcio/fulcio.tf +++ b/terraform/gcp/modules/fulcio/fulcio.tf @@ -35,17 +35,7 @@ resource "google_dns_record_set" "A_fulcio" { project = var.project_id managed_zone = var.dns_zone_name - routing_policy { - wrr { - weight = var.nginx_traffic_weight - rrdatas = [var.load_balancer_ipv4] - } - - wrr { - weight = var.gcp_lb_traffic_weight - rrdatas = [google_compute_global_address.gce_lb_ipv4.address] - } - } + rrdatas = [google_compute_global_address.gce_lb_ipv4.address] } // Create a static global IP for the external IPV4 GCE L7 load balancer diff --git a/terraform/gcp/modules/fulcio/variables.tf b/terraform/gcp/modules/fulcio/variables.tf index ff93b70b4..58f2f88b2 100644 --- a/terraform/gcp/modules/fulcio/variables.tf +++ b/terraform/gcp/modules/fulcio/variables.tf @@ -79,21 +79,3 @@ variable "dns_domain_name" { description = "Name of DNS domain name in Google Cloud DNS" type = string } - -variable "load_balancer_ipv4" { - description = "IPv4 adddress of external load balancer" - type = string -} - -// temporary variables to facilitate traffic shift -variable "nginx_traffic_weight" { - description = "weight for DNS weighted round robin for NGINX-based ingress" - type = number - default = 1 -} - -variable "gcp_lb_traffic_weight" { - description = "weight for DNS weighted round robin for GCP-based load balancer" - type = number - default = 0 -} diff --git a/terraform/gcp/modules/network/network.tf b/terraform/gcp/modules/network/network.tf index 02f09c551..7dbd853be 100644 --- a/terraform/gcp/modules/network/network.tf +++ b/terraform/gcp/modules/network/network.tf @@ -108,12 +108,3 @@ resource "google_compute_router_nat" "nat" { } depends_on = [google_compute_subnetwork.subnetwork] } - -// Create a static IP for the external IPV4 L7 load balancer -resource "google_compute_address" "default_ipv4" { - name = format("%s-ext-lb", var.cluster_name) - address = var.requested_external_ipv4_address - address_type = "EXTERNAL" - project = var.project_id - region = var.region -} diff --git a/terraform/gcp/modules/network/outputs.tf b/terraform/gcp/modules/network/outputs.tf index 6c9969034..86e7b5715 100644 --- a/terraform/gcp/modules/network/outputs.tf +++ b/terraform/gcp/modules/network/outputs.tf @@ -29,11 +29,3 @@ output "subnetwork_self_link" { output "secondary_ip_range" { value = google_compute_subnetwork.subnetwork.secondary_ip_range } - -output "external_ipv4_name" { - value = google_compute_address.default_ipv4.name -} - -output "external_ipv4_address" { - value = google_compute_address.default_ipv4.address -} diff --git a/terraform/gcp/modules/network/variables.tf b/terraform/gcp/modules/network/variables.tf index 9873837f9..1a0f7262f 100644 --- a/terraform/gcp/modules/network/variables.tf +++ b/terraform/gcp/modules/network/variables.tf @@ -33,9 +33,3 @@ variable "cluster_name" { type = string default = "" } - -variable "requested_external_ipv4_address" { - type = string - description = "External IPv4 address to request" - default = "" -} diff --git a/terraform/gcp/modules/rekor/rekor.tf b/terraform/gcp/modules/rekor/rekor.tf index 0435bd2b3..2dc2813b2 100644 --- a/terraform/gcp/modules/rekor/rekor.tf +++ b/terraform/gcp/modules/rekor/rekor.tf @@ -51,17 +51,7 @@ resource "google_dns_record_set" "A_rekor" { project = var.project_id managed_zone = var.dns_zone_name - routing_policy { - wrr { - weight = var.nginx_traffic_weight - rrdatas = [var.load_balancer_ipv4] - } - - wrr { - weight = var.gcp_lb_traffic_weight - rrdatas = [google_compute_global_address.gce_lb_ipv4.address] - } - } + rrdatas = [google_compute_global_address.gce_lb_ipv4.address] } // Create a static global IP for the external IPV4 GCE L7 load balancer diff --git a/terraform/gcp/modules/rekor/variables.tf b/terraform/gcp/modules/rekor/variables.tf index e628c8fe3..3321acba8 100644 --- a/terraform/gcp/modules/rekor/variables.tf +++ b/terraform/gcp/modules/rekor/variables.tf @@ -97,26 +97,8 @@ variable "dns_domain_name" { type = string } -variable "load_balancer_ipv4" { - description = "IPv4 adddress of external load balancer" - type = string -} - variable "redis_cluster_memory_size_gb" { description = "size of redis cluster expressed in whole GB" type = number default = 30 } - -// temporary variables to facilitate traffic shift -variable "nginx_traffic_weight" { - description = "weight for DNS weighted round robin for NGINX-based ingress" - type = number - default = 1 -} - -variable "gcp_lb_traffic_weight" { - description = "weight for DNS weighted round robin for GCP-based load balancer" - type = number - default = 0 -} diff --git a/terraform/gcp/modules/sigstore/outputs.tf b/terraform/gcp/modules/sigstore/outputs.tf index 6287a0da9..d2a51f8b5 100644 --- a/terraform/gcp/modules/sigstore/outputs.tf +++ b/terraform/gcp/modules/sigstore/outputs.tf @@ -120,13 +120,3 @@ output "bastion_kubectl" { description = "kubectl command using the local proxy once the bastion_ssh command is running" value = "HTTPS_PROXY=socks5://localhost:8118 kubectl get pods --all-namespaces" } - -output "external_ipv4_name" { - description = "Name of the external IPv4 address resource for services on the cluster" - value = module.network.external_ipv4_name -} - -output "external_ipv4_address" { - description = "External IPv4 Address for services on the cluster" - value = module.network.external_ipv4_address -} diff --git a/terraform/gcp/modules/sigstore/sigstore.tf b/terraform/gcp/modules/sigstore/sigstore.tf index 55aeb9cf6..583d3464f 100644 --- a/terraform/gcp/modules/sigstore/sigstore.tf +++ b/terraform/gcp/modules/sigstore/sigstore.tf @@ -30,8 +30,6 @@ module "network" { cluster_name = var.cluster_name - requested_external_ipv4_address = var.static_external_ipv4_address - depends_on = [ module.project_roles ] @@ -208,15 +206,11 @@ module "rekor" { gcs_logging_bucket = var.gcs_logging_bucket storage_class = var.attestation_storage_class - dns_zone_name = var.dns_zone_name - dns_domain_name = var.dns_domain_name - load_balancer_ipv4 = module.network.external_ipv4_address + dns_zone_name = var.dns_zone_name + dns_domain_name = var.dns_domain_name redis_cluster_memory_size_gb = var.redis_cluster_memory_size_gb - nginx_traffic_weight = var.rekor_nginx_traffic_weight - gcp_lb_traffic_weight = var.rekor_gcp_lb_traffic_weight - depends_on = [ module.network, module.gke-cluster, @@ -240,12 +234,8 @@ module "fulcio" { fulcio_keyring_name = var.fulcio_keyring_name fulcio_key_name = var.fulcio_intermediate_key_name - dns_zone_name = var.dns_zone_name - dns_domain_name = var.dns_domain_name - load_balancer_ipv4 = module.network.external_ipv4_address - - nginx_traffic_weight = var.fulcio_nginx_traffic_weight - gcp_lb_traffic_weight = var.fulcio_gcp_lb_traffic_weight + dns_zone_name = var.dns_zone_name + dns_domain_name = var.dns_domain_name depends_on = [ module.gke-cluster, @@ -270,9 +260,8 @@ module "timestamp" { timestamp_encryption_key_name = var.timestamp_encryption_key_name timestamp_intermediate_ca_key_name = var.timestamp_intermediate_ca_key_name - dns_zone_name = var.dns_zone_name - dns_domain_name = var.dns_domain_name - load_balancer_ipv4 = module.network.external_ipv4_address + dns_zone_name = var.dns_zone_name + dns_domain_name = var.dns_domain_name depends_on = [ module.gke-cluster, @@ -322,12 +311,8 @@ module "ctlog" { project_id = var.project_id cluster_name = var.cluster_name - dns_zone_name = var.dns_zone_name - dns_domain_name = var.dns_domain_name - load_balancer_ipv4 = module.network.external_ipv4_address - - nginx_traffic_weight = var.ctlog_nginx_traffic_weight - gcp_lb_traffic_weight = var.ctlog_gcp_lb_traffic_weight + dns_zone_name = var.dns_zone_name + dns_domain_name = var.dns_domain_name depends_on = [ module.gke-cluster, @@ -439,12 +424,8 @@ module "dex" { cluster_name = var.cluster_name - dns_zone_name = var.dns_zone_name - dns_domain_name = var.dns_domain_name - load_balancer_ipv4 = module.network.external_ipv4_address - - nginx_traffic_weight = var.dex_nginx_traffic_weight - gcp_lb_traffic_weight = var.dex_gcp_lb_traffic_weight + dns_zone_name = var.dns_zone_name + dns_domain_name = var.dns_domain_name depends_on = [ module.gke-cluster, diff --git a/terraform/gcp/modules/sigstore/variables.tf b/terraform/gcp/modules/sigstore/variables.tf index f8f347e6e..73b7c76d8 100644 --- a/terraform/gcp/modules/sigstore/variables.tf +++ b/terraform/gcp/modules/sigstore/variables.tf @@ -284,12 +284,6 @@ variable "dns_domain_name" { type = string } -variable "static_external_ipv4_address" { - description = "Static IPv4 Address to request for external services" - type = string - default = "" -} - variable "ctlog_shards" { type = list(string) description = "Array of CTLog shards to create. Entry should be something like [2021, 2022], which would then have 2 independent CTLog shards backed by ctlog-2021 and ctlog-2022 Cloud SQL instances." @@ -351,55 +345,3 @@ variable "redis_cluster_memory_size_gb" { type = number default = 30 } - -// temporary variables to facilitate traffic shift for rekor -variable "rekor_nginx_traffic_weight" { - description = "weight for DNS weighted round robin for NGINX-based ingress" - type = number - default = 1 -} - -variable "rekor_gcp_lb_traffic_weight" { - description = "weight for DNS weighted round robin for GCP-based load balancer" - type = number - default = 0 -} - -// temporary variables to facilitate traffic shift for dex -variable "dex_nginx_traffic_weight" { - description = "weight for DNS weighted round robin for NGINX-based ingress" - type = number - default = 1 -} - -variable "dex_gcp_lb_traffic_weight" { - description = "weight for DNS weighted round robin for GCP-based load balancer" - type = number - default = 0 -} - -// temporary variables to facilitate traffic shift for fulcio -variable "fulcio_nginx_traffic_weight" { - description = "weight for DNS weighted round robin for NGINX-based ingress" - type = number - default = 1 -} - -variable "fulcio_gcp_lb_traffic_weight" { - description = "weight for DNS weighted round robin for GCP-based load balancer" - type = number - default = 0 -} - -// temporary variables to facilitate traffic shift for fulcio -variable "ctlog_nginx_traffic_weight" { - description = "weight for DNS weighted round robin for NGINX-based ingress" - type = number - default = 1 -} - -variable "ctlog_gcp_lb_traffic_weight" { - description = "weight for DNS weighted round robin for GCP-based load balancer" - type = number - default = 0 -} diff --git a/terraform/gcp/modules/timestamp/timestamp.tf b/terraform/gcp/modules/timestamp/timestamp.tf index 96787d26c..280ea16df 100644 --- a/terraform/gcp/modules/timestamp/timestamp.tf +++ b/terraform/gcp/modules/timestamp/timestamp.tf @@ -22,5 +22,12 @@ resource "google_dns_record_set" "A_timestamp" { project = var.project_id managed_zone = var.dns_zone_name - rrdatas = [var.load_balancer_ipv4] + rrdatas = [google_compute_global_address.gce_lb_ipv4.address] +} + +// Create a static global IP for the external IPV4 GCE L7 load balancer +resource "google_compute_global_address" "gce_lb_ipv4" { + name = format("timestamp-%s-gce-ext-lb", var.cluster_name) + address_type = "EXTERNAL" + project = var.project_id } diff --git a/terraform/gcp/modules/timestamp/variables.tf b/terraform/gcp/modules/timestamp/variables.tf index d30558105..eba8709b5 100644 --- a/terraform/gcp/modules/timestamp/variables.tf +++ b/terraform/gcp/modules/timestamp/variables.tf @@ -67,8 +67,3 @@ variable "dns_domain_name" { description = "Name of DNS domain name in Google Cloud DNS" type = string } - -variable "load_balancer_ipv4" { - description = "IPv4 adddress of external load balancer" - type = string -}