terraform { required_version = ">= 1.9" required_providers { google = { source = "hashicorp/google" version = "~> 6.0" } } } resource "google_compute_instance" "gitlab" { count = var.node_count name = "${local.name_prefix}-${count.index + 1}" machine_type = var.machine_type tags = distinct(concat([var.prefix, var.node_type, "${var.prefix}-${var.node_type}"], var.tags)) zone = var.zones == null ? null : element(var.zones, count.index) allow_stopping_for_update = var.allow_stopping_for_update shielded_instance_config { enable_secure_boot = var.machine_secure_boot } # TODO: var.additional_labels is deprecated and will be removed in 4.x boot_disk { initialize_params { image = var.machine_image size = var.disk_size type = var.disk_type labels = merge(var.additional_labels, var.custom_labels) } kms_key_self_link = var.disk_kms_key } metadata = merge({ enable-oslogin = "TRUE" }, var.custom_metadata) # TODO: var.additional_labels is deprecated and will be removed in 4.x labels = merge({ gitlab_node_prefix = var.prefix gitlab_node_type = var.node_type gitlab_node_level = var.label_secondaries == true ? (count.index == 0 ? "${var.node_type}-primary" : "${var.node_type}-secondary") : null gitlab_geo_site = var.geo_site gitlab_geo_deployment = var.geo_deployment gitlab_geo_full_role = var.geo_site == null ? null : (count.index == 0 ? "${var.geo_site}-${var.node_type}-primary" : "${var.geo_site}-${var.node_type}-secondary") }, var.additional_labels, var.custom_labels) network_interface { network = var.vpc subnetwork = var.subnet dynamic "access_config" { # Dynamic block is used here to be able to completely omit it if not needed. for_each = var.setup_external_ip ? [local.external_ips[count.index]] : [] content { nat_ip = access_config.value } } } service_account { email = module.google_service_account[0].email scopes = var.service_account_iam_scopes } dynamic "attached_disk" { for_each = var.disks content { source = google_compute_disk.gitlab["${attached_disk.value["device_name"]}-${count.index}"].self_link device_name = attached_disk.value["device_name"] } } lifecycle { ignore_changes = [ min_cpu_platform, boot_disk, ] } } locals { name_prefix = var.name_override == null ? "${var.prefix}-${var.node_type}" : var.name_override external_ips = length(var.external_ips) == 0 ? google_compute_address.gitlab[*].address : var.external_ips node_data_disks = flatten([ for i in range(var.node_count) : [ for data_disk in var.disks : { device_name = data_disk.device_name size = coalesce(data_disk.size, var.disk_size) type = coalesce(data_disk.type, var.disk_type) node_num = i zone = var.zones == null ? null : element(var.zones, i) snapshot = try(data_disk.source_snapshots["${local.name_prefix}-${data_disk.device_name}-${i}"], null) snapshot_kms_key = try(data_disk.source_snapshot_kms_key, null) } ] ]) } module "google_service_account" { source = "../gitlab_gcp_service_account" count = min(var.node_count, 1) # Create account_id = "${var.service_account_prefix}-${var.node_type}" display_name = local.name_prefix service_account_profiles = var.service_account_profiles setup_default_service_account_user_member = length(var.service_account_user_members) == 0 ? true : false service_account_user_members = var.service_account_user_members # Custom custom_service_account_email = var.custom_service_account_email } ## Data Disks ## TODO: var.additional_labels is deprecated and will be removed in 4.x resource "google_compute_disk" "gitlab" { for_each = { for d in local.node_data_disks : "${d.device_name}-${d.node_num}" => d } name = "${local.name_prefix}-${each.value.device_name}-${each.value.node_num}" type = each.value.type size = each.value.size zone = each.value.zone labels = merge(var.additional_labels, var.custom_labels) dynamic "disk_encryption_key" { for_each = range(var.disk_kms_key != null ? 1 : 0) content { kms_key_self_link = var.disk_kms_key } } snapshot = each.value.snapshot dynamic "source_snapshot_encryption_key" { for_each = range(each.value.snapshot != null && each.value.snapshot_kms_key != null ? 1 : 0) content { kms_key_self_link = each.value.snapshot_kms_key } } lifecycle { ignore_changes = [ disk_encryption_key[0].kms_key_self_link, snapshot, source_snapshot_encryption_key[0].kms_key_self_link ] } } ## External IP resource "google_compute_address" "gitlab" { count = length(var.external_ips) == 0 && var.setup_external_ip ? var.node_count : 0 name = "${local.name_prefix}-ip-${count.index + 1}" } ## Refactors moved { from = google_service_account.gitlab to = module.google_service_account[0].google_service_account.gitlab }