Skip to content

Latest commit

 

History

History
186 lines (166 loc) · 36.9 KB

README.md

File metadata and controls

186 lines (166 loc) · 36.9 KB
Raw

Terraform module for Gitlab Omnibus on AWS

This terraform module create the entire infrastructure on AWS needed for setting up single instance Gitlab Omnibus. AWS hosted offerings for Postgres(RDS) and Redis(Elasticache) are used in this setup.

Along with that, the module takes care of setting up the following infrastructure components:

  • Classic load balancer with HTTPS and SSH connection support
  • Gitlab subdomain creation using Route53 and automatic certificate generation using ACM. (Hosted zone is needed to be on Route53).
  • Backup upload to Amazon S3
  • Support for Amazon SES as the SMTP service for Gitlab along with domain identity verification. (Hosted zone should be on Route53)

Ansible playbook is used for configuring the gitlab.rb file. Any change in gitlab config is detected at the time of terraform apply and config changes are applied. Any additional configuration can be added to ./gitlab_config/gitlab_additional.rb file and the same will be applied to gitlab.rb on terraform apply.

Usage

module "gitlab" {
  source                              = "infraspecdev/gitlab/aws"
  version                             = "1.0.0"
  gitlab_domain                       = "gitlab"
  gitlab_fqdn                         = "gitlab.example.com"
  hosted_zone                         = "example.com"
  private_subnet_id                   = "subnet-ghdhdge3hduiawu"
  public_subnet_ids                   = ["subnet-dgweyud78323d2", "subnet-d32dgt678q23dd23", "subnet-dh3278d8723hd823"]
  vpc_id                              = "vpc-678dg328gd867gd2"
  gitlab_ssh_public_key               = "ssh public_key"
  gitlab_pg_password                  = "foobarbaz"
  gitlab_pg_subnet_ids                = ["subnet-fhdeu7i8whdf78we", "subnet-dgt367gd7362h78d"]
  gitlab_pg_username                  = "gitlab"
  gitlab_redis_create_parameter_group = true
  gitlab_redis_parameter_group        = {
    name   = "gitlab-redis"
    family = "redis7"
  }
  gitlab_redis_subnet_ids             = ["subnet-fhdeu7i8whdf78we", "subnet-dgt367gd7362h78d"]
  enable_gitlab_backup_to_s3          = true
  gitlab_backup_bucket_name           = "example-gitlab-backup"
  private_key                         = var.private_key
  create_ses_identity                 = true
}

Examples

Example

Requirements

Name Version
terraform ~> 1.3.0
aws >= 4.49.0
local >= 2.3.0
null >= 3.2.1
template >= 2.2.0

Providers

Name Version
aws 4.50.0
local >= 2.3.0
null >= 3.2.1
template >= 2.2.0

Modules

Name Source Version
acm terraform-aws-modules/acm/aws ~> 4.0
elb terraform-aws-modules/elb/aws ~> 2.0
gitlab_pg terraform-aws-modules/rds/aws ~> 5.2.3
records terraform-aws-modules/route53/aws//modules/records ~> 2.0

Resources

Name Type
aws_elasticache_cluster.gitlab_redis resource
aws_elasticache_parameter_group.gitlab_redis resource
aws_elasticache_subnet_group.gitlab_redis resource
aws_iam_access_key.gitlab_smtp_user resource
aws_iam_instance_profile.gitlab resource
aws_iam_policy.gitlab_backup resource
aws_iam_policy.gitlab_ses_sender resource
aws_iam_role.gitlab_backup resource
aws_iam_user.gitlab_smtp_user resource
aws_iam_user_policy_attachment.gitlab_ses_sender resource
aws_instance.gitlab resource
aws_key_pair.gitlab_ssh resource
aws_route53_record.email_domain_amazonses_verification_record resource
aws_s3_bucket.gitlab_backup resource
aws_s3_bucket_acl.gitlab_backup resource
aws_security_group.gitlab resource
aws_security_group.gitlab_lb resource
aws_security_group.gitlab_rds resource
aws_security_group.gitlab_redis resource
aws_ses_domain_identity.email_domain resource
aws_ses_domain_identity_verification.email_domain_verification resource
local_sensitive_file.gitlab_config_file resource
local_sensitive_file.rendered_gitlab_config_file resource
null_resource.gitlab_reconfigure resource
aws_iam_policy_document.gitlab_s3_backup data source
aws_iam_policy_document.gitlab_ses_sender data source
aws_route53_zone.email_domain data source
aws_route53_zone.zone data source
aws_vpc.vpc data source
local_sensitive_file.gitlab_additional_config data source
template_file.gitlab_config_template data source

Inputs

Name Description Type Default Required
acm_certificate_arn ARN for ACM certificate to use for Gitlab domain. string null no
additional_tags A map of additional tags to attach to the resources. map(string) {} no
ami_id Gitlab published AMI id. Default is GitLab CE 14.9.3 ap-south-1 region AMI. string "ami-00c7d9a63c83ba329" no
aws_region AWS region code. Eg: ap-south-1 string "ap-south-1" no
create_acm_certificate Whether to create SSL certificate for the Gitlab domain. If false, yo need to provide a valid AMC certificate arn in acm_certificate_arn variable. bool true no
create_gitlab_route53_record Whether to create a domain in Route53 for your Gitlab. bool true no
create_ses_identity Create a Amazon SES domain identity for Gitlab SMTP service. The domain should be hosted on Route53. bool false no
enable_gitlab_backup_to_s3 Enable Gitlab backup on S3 bucket bool false no
environment Development environment. Eg: staging, production, etc. string "production" no
gitlab_backup_bucket_name Name of S3 bucket to be used for Gitlab backup string null no
gitlab_domain Domain name for the hosted Gitlab instance. Eg: gitlab in gitlab.example.com string n/a yes
gitlab_fqdn Fully qualified domain name for the hosted Gitlab instance. Eg: gitlab.example.com string n/a yes
gitlab_pg_allocated_storage Gitlab RDS Postgres allocated storage number 100 no
gitlab_pg_create_db_parameter_group Create parameter group for Gitlab RDS bool false no
gitlab_pg_db_instance_class Postgres RDS instance class string "db.m5.large" no
gitlab_pg_db_name Postgres DB name for Gitlab string "gitlabhq-production" no
gitlab_pg_engine_version Postgres engine version string "12.11" no
gitlab_pg_parameter_group_name Parameter Group name for Gitlab RDS Postgres string null no
gitlab_pg_parameters Parameter list for Gitlab RDS list(map(string)) [] no
gitlab_pg_password Password for Gitlab Postgres DB string n/a yes
gitlab_pg_port The port on which the DB accepts connections number 5432 no
gitlab_pg_publicly_accessible Allow Gitlab RDS publicly accessible bool false no
gitlab_pg_storage_type Storage type for Gitlab RDS Postgres string "gp3" no
gitlab_pg_subnet_ids List of subnet-ids for Gitlab RDS list(string) n/a yes
gitlab_pg_username Username for Gitlab Postgres DB string n/a yes
gitlab_redis_create_parameter_group Create parameter group for Gitlab Redis bool false no
gitlab_redis_create_subnet_group Create subnet group for Gitlab Redis bool true no
gitlab_redis_engine_version Redis engine version for Gitlab Redis string "7.0" no
gitlab_redis_node_type Instance class for Gitlab Redis string "cache.t3.medium" no
gitlab_redis_num_cache_nodes Number of cache node in Gitlab Redis number 1 no
gitlab_redis_parameter_group Gitlab Redis Parameter group config 
object({
    name   = string
    family = string
  })
 
{
  "family": null,
  "name": null
}
 no
gitlab_redis_parameter_group_name Parameter group name for Gitlab Redis string null no
gitlab_redis_port Redis port for Gitlab Redis number 6379 no
gitlab_redis_subnet_group_name Subnet group name for Gitlab Redis string null no
gitlab_redis_subnet_ids List of subnet-ids for Gitlab Redis list(string) [] no
gitlab_ssh_public_key Public key to the key pair to access Gitlab over SSH string null no
healthcheck_healthy_threshold Number of consecutive health checks successes required before considering an unhealthy target healthy. number 3 no
healthcheck_interval Approximate amount of time, in seconds, between health checks of an individual target. number 30 no
healthcheck_path Destination for the health check request. string "/-/readiness" no
healthcheck_port Port to use to connect with the target. string "80" no
healthcheck_protocol Protocol to use to connect with the target. string "HTTP" no
healthcheck_timeout Amount of time, in seconds, during which no response means a failed health check. number 5 no
healthcheck_unhealthy_threshold Number of consecutive health check failures required before considering the target unhealthy. number 3 no
hosted_zone Route53 hosted zone where gitlab domain will be created. Eg: example.com string n/a yes
instance_type Gitlab EC2 instance type. Default is c5.xlarge. string "c5.xlarge" no
private_key Private key to execute ansible playbook on Gitlab instance. string n/a yes
private_subnet_id Id of a private subnet for the VPC where Gitlab instance is located. string n/a yes
public_subnet_ids List of public subnet Ids for Gitlab load balancer. list(string) n/a yes
ses_domain Route53 hosted domain name for Amazon SES. If no value provided, value of Gitlab hosted zone will be assumed as default. string null no
ses_username Username for Gitlab SMTP user string "gitlab-smtp-user" no
volume_iops IOPS for the Gitlab EBS volume number 3000 no
volume_size Size of root EBS volume for Gitlab instance. number 100 no
volume_type Root EBS volume type for Gitlab instance. string "gp3" no
vpc_id Id for VPC where Gitlab instance is located. string n/a yes

Outputs

Name Description
acm_certificate_arn The ARN of the certificate.
acm_certificate_status Status of the certificate.
gitlab_complete_url n/a
gitlab_instance_id Instance Id of the Gitlab EC2 instance.
gitlab_lb_arn The ARN for Gitlab load balancer.
gitlab_lb_sg_id Id of Gitlab load balancer security group.
gitlab_pg_address Gitlab RDS DB instance address
gitlab_redis_address Gitlab Redis cluster address
gitlab_sg_id Id of Gitlab instance security group.