Support 1k environment without load balancer (!1303) · Merge requests · GitLab.org / GitLab Environment Toolkit

What does this MR do?

Adding ability to configure 1k environment without HAProxy

Terraform:
- GCP: by passing gitlab_rails_external_ips to map to Rails node nat_ip and configuring required firewall rules
- AWS: by passing gitlab_rails_elastic_ip_allocation_ids to map to Rails node to Elastic ID and configuring required security groups
- Azure: by passing gitlab_rails_external_ip_names to map to Rails node to IP name and configuring require security groups
- Migrating from external_ssh_port to gitlab_shell_ssh_port, external_ssh_port to be deprecated in v4
- GitLab Rails SSH rule will be created only if HAProxy is being used or custom gitlab_shell_ssh_port is provided. This allows for 1k without LB to fallback to the default external SSH rule for port 22
Ansible: Adjusting GitLab Shell SSH port to fallback to 22 to allow git over SSH to work.

When ready for review, the Author applies the workflowready for review label and mention @gl-quality/get-maintainers:

Merge request:
- Corresponding Issue raised and reviewed by the GET maintainers team.
- Merge Request Title and Description are up-to-date, accurate, and descriptive
- MR targeting the appropriate branch
- MR has a green pipeline
- MR has no new security alerts in the widget from the Secret Detection and IaC Scan (SAST) jobs.
Code:
- Check the area changed works as expected. Consider testing it in different environment sizes (1k,3k,10k,etc.).
- Documentation created/updated in the same MR.
- If this MR adds an optional configuration - check that all permutations continue to work.
- For Terraform changes: set up a previous version environment, then run a terraform plan with your new changes and ensure nothing will be destroyed. If anything will be destroyed and this can't be avoided please add a comment to the current MR.

Edited May 13, 2024 by Nailia Iskhakova