github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(infra): Deploy relay and portal to more zones and use more modern CPU arch (#5921)

Browse Source
This commit is contained in:
Andrew Dryga
2024-07-19 15:15:28 -06:00
committed by GitHub
parent 1bac0e0f0e
commit 0b6e3564f3
6 changed files with 55 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
terraform/environments/production/portal.tf
View File

@@ -390,9 +390,10 @@ module "domain" {
source = "../../modules/google-cloud/apps/elixir"
project_id = module.google-cloud-project.project.project_id
compute_instance_type = "n1-standard-2"
compute_instance_type = "n4-standard-2"
compute_instance_region = local.region
compute_instance_availability_zones = ["${local.region}-d"]
compute_instance_availability_zones = ["${local.region}-d", "${local.region}-c"]
compute_boot_disk_type = "hyperdisk-balanced"
dns_managed_zone_name = module.google-cloud-dns.zone_name
@@ -454,9 +455,10 @@ module "web" {
source = "../../modules/google-cloud/apps/elixir"
project_id = module.google-cloud-project.project.project_id
compute_instance_type = "n1-standard-1"
compute_instance_type = "n4-standard-2"
compute_instance_region = local.region
compute_instance_availability_zones = ["${local.region}-d"]
compute_instance_availability_zones = ["${local.region}-d", "${local.region}-c"]
compute_boot_disk_type = "hyperdisk-balanced"
dns_managed_zone_name = module.google-cloud-dns.zone_name
@@ -531,9 +533,10 @@ module "api" {
source = "../../modules/google-cloud/apps/elixir"
project_id = module.google-cloud-project.project.project_id
compute_instance_type = "n1-standard-1"
compute_instance_type = "n4-standard-2"
compute_instance_region = local.region
compute_instance_availability_zones = ["${local.region}-d"]
compute_instance_availability_zones = ["${local.region}-d", "${local.region}-c"]
compute_boot_disk_type = "hyperdisk-balanced"
dns_managed_zone_name = module.google-cloud-dns.zone_name

37
terraform/environments/production/relays.tf
View File

@@ -10,30 +10,30 @@ module "relays" {
instances = {
"asia-east1" = {
cidr_range = "10.129.0.0/24"
type = "f1-micro"
type = "n2-standard-2"
replicas = 1
zones = ["asia-east1-a"]
zones = ["asia-east1-a", "asia-east1-b", "asia-east1-c"]
}
"asia-south1" = {
cidr_range = "10.130.0.0/24"
type = "f1-micro"
replicas = 1
zones = ["asia-south1-a"]
zones = ["asia-south1-a", "asia-south1-b", "asia-south1-c"]
}
"australia-southeast1" = {
cidr_range = "10.131.0.0/24"
type = "f1-micro"
replicas = 1
zones = ["australia-southeast1-a"]
zones = ["australia-southeast1-a", "australia-southeast1-b", "australia-southeast1-c"]
}
"europe-west1" = {
cidr_range = "10.132.0.0/24"
type = "f1-micro"
replicas = 1
zones = ["europe-west1-d"]
zones = ["europe-west1-b", "europe-west1-c", "europe-west1-d"]
}
# "me-central1" = {
@@ -47,49 +47,56 @@ module "relays" {
cidr_range = "10.134.0.0/24"
type = "f1-micro"
replicas = 1
zones = ["southamerica-east1-b"]
zones = ["southamerica-east1-a", "southamerica-east1-b", "southamerica-east1-c"]
}
"us-central1" = {
cidr_range = "10.135.0.0/24"
type = "f1-micro"
replicas = 1
zones = ["us-central1-b"]
zones = ["us-central1-a", "us-central1-b", "us-central1-c", "us-central1-d", "us-central1-f"]
}
"us-east1" = {
cidr_range = "10.136.0.0/24"
type = "f1-micro"
replicas = 2
zones = ["us-east1-d"]
replicas = 1
zones = ["us-east1-a", "us-east1-b", "us-east1-c", "us-east1-d"]
}
"us-west2" = {
cidr_range = "10.137.0.0/24"
type = "f1-micro"
replicas = 2
zones = ["us-west2-b"]
type = "n2-standard-2"
replicas = 1
zones = ["us-west2-a", "us-west2-b", "us-west2-c"]
}
"europe-central2" = {
cidr_range = "10.138.0.0/24"
type = "f1-micro"
replicas = 1
zones = ["europe-central2-c"]
zones = ["europe-central2-a", "europe-central2-b", "europe-central2-c"]
}
"europe-north1" = {
cidr_range = "10.139.0.0/24"
type = "f1-micro"
replicas = 1
zones = ["europe-north1-c"]
zones = ["europe-north1-a", "europe-north1-b", "europe-north1-c"]
}
"europe-west2" = {
cidr_range = "10.140.0.0/24"
type = "n2-standard-2"
replicas = 1
zones = ["europe-west2-a", "europe-west2-b", "europe-west2-c"]
}
"us-east4" = {
cidr_range = "10.141.0.0/24"
type = "f1-micro"
replicas = 1
zones = ["europe-west2-c"]
zones = ["us-east4-a", "us-east4-b", "us-east4-c"]
}
}

3
terraform/modules/google-cloud/apps/elixir/main.tf
View File

@@ -112,6 +112,7 @@ resource "google_compute_instance_template" "application" {
source_image = data.google_compute_image.coreos.self_link
auto_delete = true
boot = true
disk_type = var.compute_boot_disk_type
}
network_interface {
@@ -294,7 +295,7 @@ resource "google_compute_region_instance_group_manager" "application" {
minimal_action = "RESTART"
max_unavailable_fixed = 1
max_surge_fixed = max(1, var.scaling_horizontal_replicas - 1)
max_surge_fixed = max(max(1, var.scaling_horizontal_replicas - 1), length(var.compute_instance_availability_zones))
}
timeouts {

4
terraform/modules/google-cloud/apps/elixir/network.tf
View File

@@ -311,7 +311,7 @@ resource "google_compute_managed_ssl_certificate" "default" {
## Create URL map for the application
resource "google_compute_url_map" "default" {
count = try(google_compute_backend_service.default["http"], null) != null ? 1 : 0
count = local.public_application && contains(keys(local.application_ports_by_name), "http") ? 1 : 0
project = var.project_id
@@ -326,7 +326,7 @@ resource "google_compute_url_map" "default" {
# Set up HTTP(s) proxies and redirect HTTP to HTTPS
resource "google_compute_url_map" "https_redirect" {
count = try(google_compute_backend_service.default["http"], null) != null ? 1 : 0
count = local.public_application && contains(keys(local.application_ports_by_name), "http") ? 1 : 0
project = var.project_id

6
terraform/modules/google-cloud/apps/elixir/variables.tf
View File

@@ -23,6 +23,12 @@ variable "compute_instance_availability_zones" {
description = "List of availability zone for the VMs. It must be in the same region as `var.compute_instance_region`."
}
variable "compute_boot_disk_type" {
type = string
default = "pd-ssd"
description = "Type of the boot disk."
}
################################################################################
## VPC
################################################################################

27
website/src/app/kb/architecture/tech-stack/readme.mdx
View File

@@ -106,19 +106,20 @@ Firezone uses the following tools for ops and infrastructure:
The Firezone-managed components are deployed globally across the following GCP
zones for load balancing and latency optimization:
| City | Region | Zones |
| ----------------------------- | ---------------------- | ------------------------ |
| Changhua, Taiwan | `asia-east1` | `asia-east1-a` |
| Mumbai, India | `asia-south1` | `asia-south1-a` |
| Sydney, Australia | `australia-southeast1` | `australia-southeast1-a` |
| Warsaw, Poland | `europe-central2` | `europe-central2-c` |
| Hamina, Finland | `europe-north1` | `europe-north1-c` |
| Saint-Ghislain, Belgium | `europe-west1` | `europe-west1-d` |
| London, UK | `europe-west2` | `europe-west2-c` |
| São Paulo, Brazil | `southamerica-east1` | `southamerica-east1-b` |
| Council Bluffs, Iowa | `us-central1` | `us-central1-b` |
| Moncks Corner, South Carolina | `us-east1` | `us-east1-d` |
| Los Angeles, California | `us-west2` | `us-west2-b` |
| City | Region | Zones |
| ---------------------------------- | ---------------------- | ----------------------------------------------------------------------------------- |
| Changhua, Taiwan | `asia-east1` | `asia-east1-a`, `asia-east1-b`, `asia-east1-c` |
| Mumbai, India | `asia-south1` | `asia-south1-a`, `asia-south1-b`, `asia-south1-c` |
| Sydney, Australia | `australia-southeast1` | `australia-southeast1-a`, `australia-southeast1-b`, `australia-southeast1-c` |
| Warsaw, Poland | `europe-central2` | `europe-central2-a`, `europe-central2-b`, `europe-central2-c` |
| Hamina, Finland | `europe-north1` | `europe-north1-a`, `europe-north1-b`, `europe-north1-c` |
| Saint-Ghislain, Belgium | `europe-west1` | `europe-west1-b`, `europe-west1-c`, `europe-west1-d` |
| London, UK | `europe-west2` | `europe-west2-a`, `europe-west2-b`, `europe-west2-c` |
| São Paulo, Brazil | `southamerica-east1` | `southamerica-east1-a`, `southamerica-east1-b`, `southamerica-east1-c` |
| Council Bluffs, Iowa, USA | `us-central1` | `us-central1-a`, `us-central1-b`, `us-central1-c`, `us-central1-d`, `us-central1-f` |
| Moncks Corner, South Carolina, USA | `us-east1` | `us-east1-a`, `us-east1-b`, `us-east1-c`, `us-east1-d` |
| Los Angeles, California, USA | `us-west2` | `us-west2-a`, `us-west2-b`, `us-west2-c` |
| Ashburn, Northern Virginia, USA | `us-east4` | `us-east4-a`, `us-east4-b`, `us-east4-c` |
<Link
target="_blank"