From 1b8de0600affd3da8f2579eedd9fb88b014f6a88 Mon Sep 17 00:00:00 2001
From: Damian Szymanski <damian@assembla.com>
Date: Fri, 30 Aug 2019 12:05:29 +0200
Subject: [PATCH 1/7] Allow cert manager webhook

---
 travis-ci-prod-services-1/firewall.tf    | 14 ++++++++++++++
 travis-ci-staging-services-1/firewall.tf | 14 ++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 travis-ci-prod-services-1/firewall.tf
 create mode 100644 travis-ci-staging-services-1/firewall.tf

diff --git a/travis-ci-prod-services-1/firewall.tf b/travis-ci-prod-services-1/firewall.tf
new file mode 100644
index 00000000..de7dbeb5
--- /dev/null
+++ b/travis-ci-prod-services-1/firewall.tf
@@ -0,0 +1,14 @@
+
+resource "google_compute_firewall" "cert-manager-webhook-allow" {
+  name    = "cert-manager-webhook-allow"
+  network = "${module.networking.main_network_name}"
+  project = "${module.project.project_id}"
+
+  source_ranges = ["172.16.0.0/28"]
+  allow {
+    protocol = "tcp"
+    ports    = ["6443"]
+  }
+
+  source_tags = ["services"]
+}
diff --git a/travis-ci-staging-services-1/firewall.tf b/travis-ci-staging-services-1/firewall.tf
new file mode 100644
index 00000000..de7dbeb5
--- /dev/null
+++ b/travis-ci-staging-services-1/firewall.tf
@@ -0,0 +1,14 @@
+
+resource "google_compute_firewall" "cert-manager-webhook-allow" {
+  name    = "cert-manager-webhook-allow"
+  network = "${module.networking.main_network_name}"
+  project = "${module.project.project_id}"
+
+  source_ranges = ["172.16.0.0/28"]
+  allow {
+    protocol = "tcp"
+    ports    = ["6443"]
+  }
+
+  source_tags = ["services"]
+}

From bcee7f078636fbbb8ce249b6f41eb54d5aff20ac Mon Sep 17 00:00:00 2001
From: Damian Szymanski <damian@assembla.com>
Date: Fri, 30 Aug 2019 12:15:44 +0200
Subject: [PATCH 2/7] Fix build

---
 travis-ci-prod-services-1/firewall.tf    | 2 +-
 travis-ci-staging-services-1/firewall.tf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/travis-ci-prod-services-1/firewall.tf b/travis-ci-prod-services-1/firewall.tf
index de7dbeb5..36ddaf79 100644
--- a/travis-ci-prod-services-1/firewall.tf
+++ b/travis-ci-prod-services-1/firewall.tf
@@ -1,10 +1,10 @@
-
 resource "google_compute_firewall" "cert-manager-webhook-allow" {
   name    = "cert-manager-webhook-allow"
   network = "${module.networking.main_network_name}"
   project = "${module.project.project_id}"
 
   source_ranges = ["172.16.0.0/28"]
+
   allow {
     protocol = "tcp"
     ports    = ["6443"]
diff --git a/travis-ci-staging-services-1/firewall.tf b/travis-ci-staging-services-1/firewall.tf
index de7dbeb5..f64f99cf 100644
--- a/travis-ci-staging-services-1/firewall.tf
+++ b/travis-ci-staging-services-1/firewall.tf
@@ -1,10 +1,10 @@
-
 resource "google_compute_firewall" "cert-manager-webhook-allow" {
   name    = "cert-manager-webhook-allow"
   network = "${module.networking.main_network_name}"
   project = "${module.project.project_id}"
 
   source_ranges = ["172.16.0.0/28"]
+  
   allow {
     protocol = "tcp"
     ports    = ["6443"]

From 34f3dd6ff52a5310dbc7f7eadb73f1187e3480de Mon Sep 17 00:00:00 2001
From: Damian Szymanski <damian@assembla.com>
Date: Fri, 30 Aug 2019 12:21:53 +0200
Subject: [PATCH 3/7] Fix build

---
 travis-ci-staging-services-1/firewall.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/travis-ci-staging-services-1/firewall.tf b/travis-ci-staging-services-1/firewall.tf
index f64f99cf..36ddaf79 100644
--- a/travis-ci-staging-services-1/firewall.tf
+++ b/travis-ci-staging-services-1/firewall.tf
@@ -4,7 +4,7 @@ resource "google_compute_firewall" "cert-manager-webhook-allow" {
   project = "${module.project.project_id}"
 
   source_ranges = ["172.16.0.0/28"]
-  
+
   allow {
     protocol = "tcp"
     ports    = ["6443"]

From b5774532af3e5c9e30e9f15f36635dfdffcbd76e Mon Sep 17 00:00:00 2001
From: Duologic <jeroen@simplistic.be>
Date: Tue, 10 Sep 2019 13:01:54 +0200
Subject: [PATCH 4/7] Add Stackdriver and related to project services

---
 modules/gce_project/project.tf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/gce_project/project.tf b/modules/gce_project/project.tf
index fbc201de..945e2164 100644
--- a/modules/gce_project/project.tf
+++ b/modules/gce_project/project.tf
@@ -19,6 +19,9 @@ resource "google_project_services" "project" {
     "container.googleapis.com",
     "containerregistry.googleapis.com",
     "storage-component.googleapis.com",
+    "monitoring.googleapis.com",
+    "stackdriver.googleapis.com",
+    "logging.googleapis.com",
   ]
 }
 

From 9a47d230534fe3d50132bc4c566d7a6e7949ee16 Mon Sep 17 00:00:00 2001
From: Damian Szymanski <damian@assembla.com>
Date: Tue, 10 Sep 2019 14:13:24 +0200
Subject: [PATCH 5/7] cert manager module

---
 .../gce_net_services/cert-manager.tf                     | 7 ++++---
 modules/gce_net_services/variables.tf                    | 9 +++++++++
 travis-ci-prod-services-1/modules.tf                     | 6 ++++--
 travis-ci-prod-services-1/variables.tf                   | 5 +++++
 travis-ci-staging-services-1/modules.tf                  | 6 ++++--
 travis-ci-staging-services-1/variables.tf                | 5 +++++
 6 files changed, 31 insertions(+), 7 deletions(-)
 rename travis-ci-staging-services-1/firewall.tf => modules/gce_net_services/cert-manager.tf (54%)

diff --git a/travis-ci-staging-services-1/firewall.tf b/modules/gce_net_services/cert-manager.tf
similarity index 54%
rename from travis-ci-staging-services-1/firewall.tf
rename to modules/gce_net_services/cert-manager.tf
index 36ddaf79..907500d6 100644
--- a/travis-ci-staging-services-1/firewall.tf
+++ b/modules/gce_net_services/cert-manager.tf
@@ -1,7 +1,8 @@
 resource "google_compute_firewall" "cert-manager-webhook-allow" {
+  count   = "${var.cert_manager_enabled}"
   name    = "cert-manager-webhook-allow"
-  network = "${module.networking.main_network_name}"
-  project = "${module.project.project_id}"
+  network = "${google_compute_network.main.name}"
+  project = "${var.project}"
 
   source_ranges = ["172.16.0.0/28"]
 
@@ -10,5 +11,5 @@ resource "google_compute_firewall" "cert-manager-webhook-allow" {
     ports    = ["6443"]
   }
 
-  source_tags = ["services"]
+  source_tags = "${var.cert_manager_source_tags}"
 }
diff --git a/modules/gce_net_services/variables.tf b/modules/gce_net_services/variables.tf
index 1a93a748..990ba5a3 100644
--- a/modules/gce_net_services/variables.tf
+++ b/modules/gce_net_services/variables.tf
@@ -7,3 +7,12 @@ variable "nat_ip_count" {
 variable "services_subnet_cidr_range" {
   default = "10.80.0.0/16"
 }
+
+variable "cert_manager_enabled" {
+  default = 0
+}
+
+variable "cert_manager_source_tags" {
+  type = "list"
+  default = []
+}
diff --git a/travis-ci-prod-services-1/modules.tf b/travis-ci-prod-services-1/modules.tf
index 61e367e3..444bf5fd 100644
--- a/travis-ci-prod-services-1/modules.tf
+++ b/travis-ci-prod-services-1/modules.tf
@@ -7,7 +7,9 @@ module "project" {
 module "networking" {
   source = "../modules/gce_net_services"
 
-  project = "${module.project.project_id}"
+  project                  = "${module.project.project_id}"
+  cert_manager_enabled     = 1
+  cert_manager_source_tags = "${var.node_pool_tags}"
 }
 
 module "kubernetes_cluster" {
@@ -22,7 +24,7 @@ module "kubernetes_cluster" {
   subnetwork        = "${module.networking.services_network_name}"
 
   node_locations       = ["us-central1-b", "us-central1-c"]
-  node_pool_tags       = ["services"]
+  node_pool_tags       = "${var.node_pool_tags}"
   max_node_count       = 10
   machine_type         = "c2-standard-4"
   enable_private_nodes = true
diff --git a/travis-ci-prod-services-1/variables.tf b/travis-ci-prod-services-1/variables.tf
index 98a012b7..d77c9462 100644
--- a/travis-ci-prod-services-1/variables.tf
+++ b/travis-ci-prod-services-1/variables.tf
@@ -9,3 +9,8 @@ variable "project_id" {
 variable "region" {
   default = "us-central1"
 }
+
+variable "node_pool_tags" {
+  type = "list"
+  default = ["services"]
+}
diff --git a/travis-ci-staging-services-1/modules.tf b/travis-ci-staging-services-1/modules.tf
index 61e367e3..444bf5fd 100644
--- a/travis-ci-staging-services-1/modules.tf
+++ b/travis-ci-staging-services-1/modules.tf
@@ -7,7 +7,9 @@ module "project" {
 module "networking" {
   source = "../modules/gce_net_services"
 
-  project = "${module.project.project_id}"
+  project                  = "${module.project.project_id}"
+  cert_manager_enabled     = 1
+  cert_manager_source_tags = "${var.node_pool_tags}"
 }
 
 module "kubernetes_cluster" {
@@ -22,7 +24,7 @@ module "kubernetes_cluster" {
   subnetwork        = "${module.networking.services_network_name}"
 
   node_locations       = ["us-central1-b", "us-central1-c"]
-  node_pool_tags       = ["services"]
+  node_pool_tags       = "${var.node_pool_tags}"
   max_node_count       = 10
   machine_type         = "c2-standard-4"
   enable_private_nodes = true
diff --git a/travis-ci-staging-services-1/variables.tf b/travis-ci-staging-services-1/variables.tf
index 61a23b62..fc9645bc 100644
--- a/travis-ci-staging-services-1/variables.tf
+++ b/travis-ci-staging-services-1/variables.tf
@@ -9,3 +9,8 @@ variable "project_id" {
 variable "region" {
   default = "us-central1"
 }
+
+variable "node_pool_tags" {
+  type = "list"
+  default = ["services"]
+}

From 8287b8cd67f2cfc2c3a540e3563d147498690008 Mon Sep 17 00:00:00 2001
From: Damian Szymanski <damian@assembla.com>
Date: Tue, 10 Sep 2019 14:23:08 +0200
Subject: [PATCH 6/7] Fix build

---
 modules/gce_net_services/variables.tf     | 2 +-
 travis-ci-prod-services-1/variables.tf    | 2 +-
 travis-ci-staging-services-1/variables.tf | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/gce_net_services/variables.tf b/modules/gce_net_services/variables.tf
index 990ba5a3..a11ad867 100644
--- a/modules/gce_net_services/variables.tf
+++ b/modules/gce_net_services/variables.tf
@@ -13,6 +13,6 @@ variable "cert_manager_enabled" {
 }
 
 variable "cert_manager_source_tags" {
-  type = "list"
+  type    = "list"
   default = []
 }
diff --git a/travis-ci-prod-services-1/variables.tf b/travis-ci-prod-services-1/variables.tf
index d77c9462..0ce2e66f 100644
--- a/travis-ci-prod-services-1/variables.tf
+++ b/travis-ci-prod-services-1/variables.tf
@@ -11,6 +11,6 @@ variable "region" {
 }
 
 variable "node_pool_tags" {
-  type = "list"
+  type    = "list"
   default = ["services"]
 }
diff --git a/travis-ci-staging-services-1/variables.tf b/travis-ci-staging-services-1/variables.tf
index fc9645bc..8d77fac0 100644
--- a/travis-ci-staging-services-1/variables.tf
+++ b/travis-ci-staging-services-1/variables.tf
@@ -11,6 +11,6 @@ variable "region" {
 }
 
 variable "node_pool_tags" {
-  type = "list"
+  type    = "list"
   default = ["services"]
 }

From 0f41d7e1d779cc08e1df4768da94a29ee4b6a205 Mon Sep 17 00:00:00 2001
From: Damian Szymanski <damian@assembla.com>
Date: Tue, 10 Sep 2019 14:23:30 +0200
Subject: [PATCH 7/7] Cleanup

---
 travis-ci-prod-services-1/firewall.tf | 14 --------------
 1 file changed, 14 deletions(-)
 delete mode 100644 travis-ci-prod-services-1/firewall.tf

diff --git a/travis-ci-prod-services-1/firewall.tf b/travis-ci-prod-services-1/firewall.tf
deleted file mode 100644
index 36ddaf79..00000000
--- a/travis-ci-prod-services-1/firewall.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-resource "google_compute_firewall" "cert-manager-webhook-allow" {
-  name    = "cert-manager-webhook-allow"
-  network = "${module.networking.main_network_name}"
-  project = "${module.project.project_id}"
-
-  source_ranges = ["172.16.0.0/28"]
-
-  allow {
-    protocol = "tcp"
-    ports    = ["6443"]
-  }
-
-  source_tags = ["services"]
-}