Port over initial version of v1 loadtest infra tf code

johnstcn · johnstcn · commit 6cf94c9c23e5 · 2023-05-11T17:51:13.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -54,3 +54,7 @@ site/stats/
 # direnv
 .envrc
 *.test
+
+# Loadtesting
+./scaletest/terraform/.terraform
+./scaletest/terraform/.terraform.lock.hcl
diff --git a/scaletest/README.md b/scaletest/README.md
@@ -0,0 +1,3 @@
+# Load Testing
+
+TODO: write something here.
diff --git a/scaletest/terraform/coder.tf b/scaletest/terraform/coder.tf
@@ -0,0 +1,151 @@
+data "google_client_config" "default" {}
+
+locals {
+  coder_helm_repo    = "https://helm.coder.com/v2"
+  coder_helm_chart   = "coder"
+  coder_release_name = "coder-${var.name}"
+  coder_namespace    = "coder-${var.name}"
+}
+
+provider "kubernetes" {
+  host                   = "https://${google_container_cluster.primary.endpoint}"
+  cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
+  token                  = data.google_client_config.default.access_token
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = "https://${google_container_cluster.primary.endpoint}"
+    cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
+    token                  = data.google_client_config.default.access_token
+  }
+}
+
+resource "kubernetes_namespace" "coder_namespace" {
+  metadata {
+    name = local.coder_namespace
+  }
+  depends_on = [
+    google_container_node_pool.coder
+  ]
+}
+
+resource "random_password" "postgres-admin-password" {
+  length = 12
+}
+
+resource "random_password" "coder-postgres-password" {
+  length = 12
+}
+
+resource "kubernetes_secret" "coder-db" {
+  type = "kubernetes.io/basic-auth"
+  metadata {
+    name      = "coder-db-url"
+    namespace = kubernetes_namespace.coder_namespace.metadata.0.name
+  }
+  data = {
+    url = "postgres://coder:${random_password.coder-postgres-password.result}@/${google_sql_database_instance.db.ip_address}?sslmode=disable"
+  }
+}
+
+resource "tls_private_key" "coder" {
+  algorithm = "ED25519"
+}
+
+resource "tls_self_signed_cert" "coder" {
+  private_key_pem = tls_private_key.coder.private_key_pem
+
+  subject {
+    common_name = "${local.coder_release_name}.${local.coder_namespace}.svc.cluster.local"
+  }
+
+  allowed_uses = ["server_auth", "digital_signature", "data_encipherment", "key_agreement", "key_encipherment"]
+
+  # 1 year
+  validity_period_hours = 8760
+
+  dns_names = [
+    "${local.coder_release_name}.${local.coder_namespace}.svc.cluster.local",
+    "${local.coder_release_name}.${local.coder_namespace}",
+    "${local.coder_release_name}",
+  ]
+}
+
+resource "kubernetes_secret" "coder-tls" {
+  type = "kubernetes.io/tls"
+  metadata {
+    name      = "coder-tls"
+    namespace = kubernetes_namespace.coder_namespace.metadata.0.name
+  }
+
+  data = {
+    "tls.crt" = tls_self_signed_cert.coder.cert_pem
+    "tls.key" = tls_private_key.coder.private_key_pem
+  }
+}
+
+resource "kubernetes_secret" "coder-ca" {
+  type = "Opaque"
+  metadata {
+    name      = "coder-ca"
+    namespace = kubernetes_namespace.coder_namespace.metadata.0.name
+  }
+  data = {
+    "ca.crt" = "${tls_self_signed_cert.coder.cert_pem}"
+  }
+}
+
+resource "helm_release" "coder-chart" {
+  repository = local.coder_helm_repo
+  chart      = local.coder_helm_chart
+  name       = local.coder_release_name
+  version    = var.coder_chart_version
+  namespace  = kubernetes_namespace.coder_namespace.metadata.0.name
+  depends_on = [
+    google_container_node_pool.coder,
+  ]
+  values = [<<EOF
+coder:
+  env:
+    - name: "CODER_CACHE_DIRECTORY"
+      value: "/tmp/coder"
+    - name: "CODER_LOGGING_HUMAN"
+      value: "/dev/null"
+    - name: "CODER_LOGGING_STACKDRIVER"
+      value: "/dev/stderr"
+    - name: "CODER_PG_CONNECTION_URL"
+      valueFrom:
+        secretKeyRef:
+          name: "${kubernetes_secret.coder-db.metadata.0.name}"
+          key: url
+    - name: "CODER_VERBOSE"
+      value: "true"
+  image: ${var.coder_image_repo}:${var.coder_image_tag}
+  replicaCount: "${var.coder_replicas}"
+  resources:
+    requests:
+      cpu: "${var.coder_cpu}"
+      memory: "${var.coder_mem}"
+    limits:
+      cpu: "${var.coder_cpu}"
+      memory: "${var.coder_mem}"
+  securityContext:
+    readOnlyRootFilesystem: true
+  service:
+    enable: true
+  tls:
+    secretNames:
+    - "${kubernetes_secret.coder-tls.metadata.0.name}"
+  volumeMounts:
+  - mountPath: "/tmp"
+    name: cache
+    readOnly: false
+  volumes:
+  - emptyDir:
+      sizeLimit: 1024Mi
+    name: cache
+
+EOF
+  ]
+}
diff --git a/scaletest/terraform/gcp_cluster.tf b/scaletest/terraform/gcp_cluster.tf
@@ -0,0 +1,127 @@
+data "google_compute_default_service_account" "default" {
+  project = var.project_id
+}
+
+resource "google_container_cluster" "primary" {
+  name                     = "${var.name}-cluster"
+  location                 = var.zone
+  project                  = var.project_id
+  network                  = google_compute_network.vpc.name
+  subnetwork               = google_compute_subnetwork.subnet.name
+  initial_node_count       = 1
+  remove_default_node_pool = true
+  network_policy {
+    enabled = true
+  }
+  depends_on = [
+    google_project_service.api["container.googleapis.com"]
+  ]
+  monitoring_config {
+    enable_components = []
+    managed_prometheus {
+      enabled = true
+    }
+  }
+}
+
+resource "google_container_node_pool" "coder" {
+  name       = "${var.name}-node-pool-coder"
+  location   = var.zone
+  project    = var.project_id
+  cluster    = google_container_cluster.primary.name
+  node_count = var.nodepool_size_coder
+  node_config {
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring",
+      "https://www.googleapis.com/auth/trace.append",
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/service.management.readonly",
+      "https://www.googleapis.com/auth/servicecontrol",
+    ]
+    disk_size_gb    = var.node_disk_size_gb
+    machine_type    = var.nodepool_machine_type_coder
+    image_type      = var.node_image_type
+    preemptible     = var.node_preemptible
+    service_account = data.google_compute_default_service_account.default.email
+    tags            = ["gke-node", "${var.project_id}-gke"]
+    labels = {
+      env = var.project_id
+    }
+    metadata = {
+      disable-legacy-endpoints = "true"
+    }
+  }
+
+  depends_on = [
+    google_container_cluster.primary
+  ]
+}
+
+resource "google_container_node_pool" "workspaces" {
+  name       = "${var.name}-node-pool-workspaces"
+  location   = var.zone
+  project    = var.project_id
+  cluster    = google_container_cluster.primary.name
+  node_count = var.nodepool_size_workspaces
+  node_config {
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring",
+      "https://www.googleapis.com/auth/trace.append",
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/service.management.readonly",
+      "https://www.googleapis.com/auth/servicecontrol",
+    ]
+    disk_size_gb    = var.node_disk_size_gb
+    machine_type    = var.nodepool_machine_type_workspaces
+    image_type      = var.node_image_type
+    preemptible     = var.node_preemptible
+    service_account = data.google_compute_default_service_account.default.email
+    tags            = ["gke-node", "${var.project_id}-gke"]
+    labels = {
+      env = var.project_id
+    }
+    metadata = {
+      disable-legacy-endpoints = "true"
+    }
+  }
+
+  depends_on = [
+    google_container_cluster.primary
+  ]
+}
+
+resource "google_container_node_pool" "misc" {
+  name       = "${var.name}-node-pool-misc"
+  location   = var.zone
+  project    = var.project_id
+  cluster    = google_container_cluster.primary.name
+  node_count = var.nodepool_size_misc
+  node_config {
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring",
+      "https://www.googleapis.com/auth/trace.append",
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/service.management.readonly",
+      "https://www.googleapis.com/auth/servicecontrol",
+    ]
+    disk_size_gb    = var.node_disk_size_gb
+    machine_type    = var.nodepool_machine_type_misc
+    image_type      = var.node_image_type
+    preemptible     = var.node_preemptible
+    service_account = data.google_compute_default_service_account.default.email
+    tags            = ["gke-node", "${var.project_id}-gke"]
+    labels = {
+      env = var.project_id
+    }
+    metadata = {
+      disable-legacy-endpoints = "true"
+    }
+  }
+
+  depends_on = [
+    google_container_cluster.primary
+  ]
+}
diff --git a/scaletest/terraform/gcp_db.tf b/scaletest/terraform/gcp_db.tf
@@ -0,0 +1,49 @@
+data "google_compute_network" "default" {
+  project = var.project_id
+  name    = "default"
+}
+
+data "google_compute_global_address" "sql_peering" {
+  name = "sql-ip-address"
+}
+
+resource "google_service_networking_connection" "private_vpc_connection" {
+  network                 = data.google_compute_network.default.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.sql_peering.name]
+}
+
+resource "google_sql_database_instance" "db" {
+  name             = "${var.name}-db"
+  region           = var.region
+  database_version = var.cloudsql_version
+
+  depends_on = [google_service_networking_connection.private_vpc_connection]
+
+  settings {
+    tier              = var.cloudsql_tier
+    activation_policy = "ALWAYS"
+    availability_type = "ZONAL"
+
+    location_preference {
+      zone = var.zone
+    }
+
+    database_flags {
+      name  = "max_connections"
+      value = "500"
+    }
+
+    ip_configuration {
+      ipv4_enabled    = false
+      private_network = data.google_compute_network.default.id
+    }
+
+    insights_config {
+      query_insights_enabled  = true
+      query_string_length     = 1024
+      record_application_tags = false
+      record_client_address   = false
+    }
+  }
+}
diff --git a/scaletest/terraform/gcp_project.tf b/scaletest/terraform/gcp_project.tf
@@ -0,0 +1,32 @@
+provider "google" {
+  region  = var.region
+  project = var.project_id
+}
+
+locals {
+  project_apis = [
+    "cloudtrace",
+    "compute",
+    "container",
+    "logging",
+    "monitoring",
+    "servicemanagement",
+    "servicenetworking",
+    "sqladmin",
+    "stackdriver",
+    "storage-api",
+  ]
+}
+
+data "google_project" "project" {
+  project_id = var.project_id
+}
+
+resource "google_project_service" "api" {
+  for_each = toset(local.project_apis)
+  project  = data.google_project.project.project_id
+  service  = "${each.value}.googleapis.com"
+
+  disable_dependent_services = false
+  disable_on_destroy         = false
+}
diff --git a/scaletest/terraform/gcp_vpc.tf b/scaletest/terraform/gcp_vpc.tf
@@ -0,0 +1,24 @@
+resource "google_compute_network" "vpc" {
+  project                 = var.project_id
+  name                    = "${var.name}-vpc"
+  auto_create_subnetworks = "false"
+  depends_on = [
+    google_project_service.api["compute.googleapis.com"]
+  ]
+}
+
+resource "google_compute_subnetwork" "subnet" {
+  name          = "${var.name}-subnet"
+  project       = var.project_id
+  region        = var.region
+  network       = google_compute_network.vpc.name
+  ip_cidr_range = "10.10.0.0/24"
+}
+
+resource "google_compute_global_address" "sql_peering" {
+  name          = "${var.name}-sql-peering"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  # prefix_length = 16
+  network       = google_compute_network.vpc.id
+}
diff --git a/scaletest/terraform/main.tf b/scaletest/terraform/main.tf
diff --git a/scaletest/terraform/vars.tf b/scaletest/terraform/vars.tf

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# Load Testing`
	`2`	`+`
	`3`	`+TODO: write something here.`