diff --git a/terraform/environments/production/portal.tf b/terraform/environments/production/portal.tf index c4751a982..fefc08117 100644 --- a/terraform/environments/production/portal.tf +++ b/terraform/environments/production/portal.tf @@ -390,9 +390,10 @@ module "domain" { source = "../../modules/google-cloud/apps/elixir" project_id = module.google-cloud-project.project.project_id - compute_instance_type = "n1-standard-2" + compute_instance_type = "n4-standard-2" compute_instance_region = local.region - compute_instance_availability_zones = ["${local.region}-d"] + compute_instance_availability_zones = ["${local.region}-d", "${local.region}-c"] + compute_boot_disk_type = "hyperdisk-balanced" dns_managed_zone_name = module.google-cloud-dns.zone_name @@ -454,9 +455,10 @@ module "web" { source = "../../modules/google-cloud/apps/elixir" project_id = module.google-cloud-project.project.project_id - compute_instance_type = "n1-standard-1" + compute_instance_type = "n4-standard-2" compute_instance_region = local.region - compute_instance_availability_zones = ["${local.region}-d"] + compute_instance_availability_zones = ["${local.region}-d", "${local.region}-c"] + compute_boot_disk_type = "hyperdisk-balanced" dns_managed_zone_name = module.google-cloud-dns.zone_name @@ -531,9 +533,10 @@ module "api" { source = "../../modules/google-cloud/apps/elixir" project_id = module.google-cloud-project.project.project_id - compute_instance_type = "n1-standard-1" + compute_instance_type = "n4-standard-2" compute_instance_region = local.region - compute_instance_availability_zones = ["${local.region}-d"] + compute_instance_availability_zones = ["${local.region}-d", "${local.region}-c"] + compute_boot_disk_type = "hyperdisk-balanced" dns_managed_zone_name = module.google-cloud-dns.zone_name diff --git a/terraform/environments/production/relays.tf b/terraform/environments/production/relays.tf index 17715bb5e..079fe3687 100644 --- a/terraform/environments/production/relays.tf +++ b/terraform/environments/production/relays.tf @@ -10,30 +10,30 @@ module "relays" { instances = { "asia-east1" = { cidr_range = "10.129.0.0/24" - type = "f1-micro" + type = "n2-standard-2" replicas = 1 - zones = ["asia-east1-a"] + zones = ["asia-east1-a", "asia-east1-b", "asia-east1-c"] } "asia-south1" = { cidr_range = "10.130.0.0/24" type = "f1-micro" replicas = 1 - zones = ["asia-south1-a"] + zones = ["asia-south1-a", "asia-south1-b", "asia-south1-c"] } "australia-southeast1" = { cidr_range = "10.131.0.0/24" type = "f1-micro" replicas = 1 - zones = ["australia-southeast1-a"] + zones = ["australia-southeast1-a", "australia-southeast1-b", "australia-southeast1-c"] } "europe-west1" = { cidr_range = "10.132.0.0/24" type = "f1-micro" replicas = 1 - zones = ["europe-west1-d"] + zones = ["europe-west1-b", "europe-west1-c", "europe-west1-d"] } # "me-central1" = { @@ -47,49 +47,56 @@ module "relays" { cidr_range = "10.134.0.0/24" type = "f1-micro" replicas = 1 - zones = ["southamerica-east1-b"] + zones = ["southamerica-east1-a", "southamerica-east1-b", "southamerica-east1-c"] } "us-central1" = { cidr_range = "10.135.0.0/24" type = "f1-micro" replicas = 1 - zones = ["us-central1-b"] + zones = ["us-central1-a", "us-central1-b", "us-central1-c", "us-central1-d", "us-central1-f"] } "us-east1" = { cidr_range = "10.136.0.0/24" type = "f1-micro" - replicas = 2 - zones = ["us-east1-d"] + replicas = 1 + zones = ["us-east1-a", "us-east1-b", "us-east1-c", "us-east1-d"] } "us-west2" = { cidr_range = "10.137.0.0/24" - type = "f1-micro" - replicas = 2 - zones = ["us-west2-b"] + type = "n2-standard-2" + replicas = 1 + zones = ["us-west2-a", "us-west2-b", "us-west2-c"] } "europe-central2" = { cidr_range = "10.138.0.0/24" type = "f1-micro" replicas = 1 - zones = ["europe-central2-c"] + zones = ["europe-central2-a", "europe-central2-b", "europe-central2-c"] } "europe-north1" = { cidr_range = "10.139.0.0/24" type = "f1-micro" replicas = 1 - zones = ["europe-north1-c"] + zones = ["europe-north1-a", "europe-north1-b", "europe-north1-c"] } "europe-west2" = { cidr_range = "10.140.0.0/24" + type = "n2-standard-2" + replicas = 1 + zones = ["europe-west2-a", "europe-west2-b", "europe-west2-c"] + } + + "us-east4" = { + cidr_range = "10.141.0.0/24" type = "f1-micro" replicas = 1 - zones = ["europe-west2-c"] + zones = ["us-east4-a", "us-east4-b", "us-east4-c"] } } diff --git a/terraform/modules/google-cloud/apps/elixir/main.tf b/terraform/modules/google-cloud/apps/elixir/main.tf index 331257c9b..f37da47bf 100644 --- a/terraform/modules/google-cloud/apps/elixir/main.tf +++ b/terraform/modules/google-cloud/apps/elixir/main.tf @@ -112,6 +112,7 @@ resource "google_compute_instance_template" "application" { source_image = data.google_compute_image.coreos.self_link auto_delete = true boot = true + disk_type = var.compute_boot_disk_type } network_interface { @@ -294,7 +295,7 @@ resource "google_compute_region_instance_group_manager" "application" { minimal_action = "RESTART" max_unavailable_fixed = 1 - max_surge_fixed = max(1, var.scaling_horizontal_replicas - 1) + max_surge_fixed = max(max(1, var.scaling_horizontal_replicas - 1), length(var.compute_instance_availability_zones)) } timeouts { diff --git a/terraform/modules/google-cloud/apps/elixir/network.tf b/terraform/modules/google-cloud/apps/elixir/network.tf index 063699526..1e7739b41 100644 --- a/terraform/modules/google-cloud/apps/elixir/network.tf +++ b/terraform/modules/google-cloud/apps/elixir/network.tf @@ -311,7 +311,7 @@ resource "google_compute_managed_ssl_certificate" "default" { ## Create URL map for the application resource "google_compute_url_map" "default" { - count = try(google_compute_backend_service.default["http"], null) != null ? 1 : 0 + count = local.public_application && contains(keys(local.application_ports_by_name), "http") ? 1 : 0 project = var.project_id @@ -326,7 +326,7 @@ resource "google_compute_url_map" "default" { # Set up HTTP(s) proxies and redirect HTTP to HTTPS resource "google_compute_url_map" "https_redirect" { - count = try(google_compute_backend_service.default["http"], null) != null ? 1 : 0 + count = local.public_application && contains(keys(local.application_ports_by_name), "http") ? 1 : 0 project = var.project_id diff --git a/terraform/modules/google-cloud/apps/elixir/variables.tf b/terraform/modules/google-cloud/apps/elixir/variables.tf index bcd4a13b8..ae2ae3527 100644 --- a/terraform/modules/google-cloud/apps/elixir/variables.tf +++ b/terraform/modules/google-cloud/apps/elixir/variables.tf @@ -23,6 +23,12 @@ variable "compute_instance_availability_zones" { description = "List of availability zone for the VMs. It must be in the same region as `var.compute_instance_region`." } +variable "compute_boot_disk_type" { + type = string + default = "pd-ssd" + description = "Type of the boot disk." +} + ################################################################################ ## VPC ################################################################################ diff --git a/website/src/app/kb/architecture/tech-stack/readme.mdx b/website/src/app/kb/architecture/tech-stack/readme.mdx index 0fce2594f..d727ad6a0 100644 --- a/website/src/app/kb/architecture/tech-stack/readme.mdx +++ b/website/src/app/kb/architecture/tech-stack/readme.mdx @@ -106,19 +106,20 @@ Firezone uses the following tools for ops and infrastructure: The Firezone-managed components are deployed globally across the following GCP zones for load balancing and latency optimization: -| City | Region | Zones | -| ----------------------------- | ---------------------- | ------------------------ | -| Changhua, Taiwan | `asia-east1` | `asia-east1-a` | -| Mumbai, India | `asia-south1` | `asia-south1-a` | -| Sydney, Australia | `australia-southeast1` | `australia-southeast1-a` | -| Warsaw, Poland | `europe-central2` | `europe-central2-c` | -| Hamina, Finland | `europe-north1` | `europe-north1-c` | -| Saint-Ghislain, Belgium | `europe-west1` | `europe-west1-d` | -| London, UK | `europe-west2` | `europe-west2-c` | -| São Paulo, Brazil | `southamerica-east1` | `southamerica-east1-b` | -| Council Bluffs, Iowa | `us-central1` | `us-central1-b` | -| Moncks Corner, South Carolina | `us-east1` | `us-east1-d` | -| Los Angeles, California | `us-west2` | `us-west2-b` | +| City | Region | Zones | +| ---------------------------------- | ---------------------- | ----------------------------------------------------------------------------------- | +| Changhua, Taiwan | `asia-east1` | `asia-east1-a`, `asia-east1-b`, `asia-east1-c` | +| Mumbai, India | `asia-south1` | `asia-south1-a`, `asia-south1-b`, `asia-south1-c` | +| Sydney, Australia | `australia-southeast1` | `australia-southeast1-a`, `australia-southeast1-b`, `australia-southeast1-c` | +| Warsaw, Poland | `europe-central2` | `europe-central2-a`, `europe-central2-b`, `europe-central2-c` | +| Hamina, Finland | `europe-north1` | `europe-north1-a`, `europe-north1-b`, `europe-north1-c` | +| Saint-Ghislain, Belgium | `europe-west1` | `europe-west1-b`, `europe-west1-c`, `europe-west1-d` | +| London, UK | `europe-west2` | `europe-west2-a`, `europe-west2-b`, `europe-west2-c` | +| São Paulo, Brazil | `southamerica-east1` | `southamerica-east1-a`, `southamerica-east1-b`, `southamerica-east1-c` | +| Council Bluffs, Iowa, USA | `us-central1` | `us-central1-a`, `us-central1-b`, `us-central1-c`, `us-central1-d`, `us-central1-f` | +| Moncks Corner, South Carolina, USA | `us-east1` | `us-east1-a`, `us-east1-b`, `us-east1-c`, `us-east1-d` | +| Los Angeles, California, USA | `us-west2` | `us-west2-a`, `us-west2-b`, `us-west2-c` | +| Ashburn, Northern Virginia, USA | `us-east4` | `us-east4-a`, `us-east4-b`, `us-east4-c` |