Google Git
Sign in
go / playground / 0eefa27dcbc5bab25c7ce1c50baf6e504f783bf8^! / .
commit0eefa27dcbc5bab25c7ce1c50baf6e504f783bf8[log] [tgz]
authorBrad Fitzpatrick <bradfitz@golang.org>Tue Jan 14 20:01:12 2020 +0000
committerBrad Fitzpatrick <bradfitz@golang.org>Tue Jan 14 20:08:23 2020 +0000
tree958bb0e4c63bbaff99ed917444c04695cf3e0fe6
parent62f81bd9157bf7f29142fc0030f1a7a62bd68edd [diff]
sandbox: create larger VMs, add instance tags to permits health checks

The GCP VMs were "failing" health checks before due to the firewall not
allowing GCP's health checks.

Added, per https://cloud.google.com/load-balancing/docs/health-checks#firewall_rules

I just added both types of firewall rules (for legacy and non-legacy)
so we can adjust which type of health checks we use in the future.

Updates golang/go#25224

Change-Id: Ie8e585f76d97e770f1993b945e7a53732aec2cb8
Reviewed-on: https://go-review.googlesource.com/c/playground/+/214681
Reviewed-by: Alexander Rakoczy <alex@golang.org>

diff --git a/sandbox/sandbox.tf b/sandbox/sandbox.tf
index b13adef..e9554dd 100644
--- a/sandbox/sandbox.tf
+++ b/sandbox/sandbox.tf

@@ -1,5 +1,8 @@
 # TODO: move the network configuration into terraform too? It was created by hand with:
 # gcloud compute networks subnets update golang --region=us-central1 --enable-private-ip-google-access
+#
+# Likewise, the firewall rules for health checking were created imperatively based on
+# https://cloud.google.com/load-balancing/docs/health-checks#firewall_rules
 
 terraform {
   backend "gcs" {
@@ -35,7 +38,7 @@
 
 resource "google_compute_instance_template" "inst_tmpl" {
   name         = "play-sandbox-tmpl"
-  machine_type = "n1-standard-1"
+  machine_type = "n1-standard-8"
   metadata = {
     "ssh-keys"                  = "bradfitz:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaRpEbckQ+harGnrKUjk3JziwYqvz2bRNn0ngpzROaeCwm1XetDby/fgmQruZE/OBpbeOaCOd/yyP89Oer9CJx41AFEfHbudePZti/y+fmZ05N+QoBSAG0JtYWVydIjAjCenKBbNrYmwcQ840uNdIv9Ztqu3lbO/syMgcajappzdqMlwVZuHTJUe1JQD355PiinFHPTa7l0MrZPfiSsBdiTGmO39iVa312yshu6dZAvDgRL+bgIzTL6udPL/cVq+zlkvoZbzC4ajuZs4w2in+kqXHQSxbKHlXOhPrej1fwhspm+0Y7hEZOaN5Juc5GseNCHImtJh1rei1Qa4U/nTjt bradfitz@bradfitz-dev"
     "gce-container-declaration" = data.local_file.konlet.content
@@ -44,6 +47,9 @@
   network_interface {
     network = "golang"
   }
+  # Allow both "non-legacy" and "legacy" health checks, so we can change types in the future.
+  # See https://cloud.google.com/load-balancing/docs/health-checks
+  tags = ["allow-health-checks", "allow-network-lb-health-checks"]
   service_account {
     scopes = ["storage-ro"]
   }