Remove load balancer infra for logs collector

Author: sitole

iac/provider-gcp/main.tf

@@ -105,9 +105,6 @@ module "cluster" {
   loki_node_pool         = var.loki_node_pool
   orchestrator_node_pool = var.orchestrator_node_pool
 
-  logs_health_proxy_port = var.logs_health_proxy_port
-  logs_proxy_port        = var.logs_proxy_port
-
   edge_api_port                = var.edge_api_port
   edge_proxy_port              = var.edge_proxy_port
   api_port                     = var.api_port
@@ -202,10 +199,6 @@ module "nomad" {
 
   domain_name = var.domain_name
 
-  # Telemetry
-  logs_health_proxy_port = var.logs_health_proxy_port
-  logs_proxy_port        = var.logs_proxy_port
-
   # Logs
   loki_node_pool           = var.loki_node_pool
   loki_machine_count       = var.loki_cluster_size

iac/provider-gcp/nomad-cluster/main.tf

@@ -106,9 +106,7 @@ module "network" {
   build_instance_group  = google_compute_instance_group_manager.build_pool.instance_group
   server_instance_group = google_compute_instance_group_manager.server_pool.instance_group
 
-  nomad_port             = var.nomad_port
-  logs_proxy_port        = var.logs_proxy_port
-  logs_health_proxy_port = var.logs_health_proxy_port
+  nomad_port = var.nomad_port
 
   cluster_tag_name = var.cluster_tag_name
 

iac/provider-gcp/nomad-cluster/network/main.tf

@@ -100,14 +100,6 @@ locals {
   health_checked_backends = { for backend_index, backend_value in local.backends : backend_index => backend_value }
 }
 
-# ======== IP ADDRESSES ====================
-
-// todo: (2025-09-22): this can be removed when all orchestrator will be rolled with internal logs collector server
-resource "google_compute_global_address" "orch_logs_ip" {
-  name = "${var.prefix}logs-ip"
-}
-
-
 # ======== CLOUDFLARE ====================
 
 data "cloudflare_zone" "domain" {
@@ -441,73 +433,6 @@ resource "google_compute_security_policy" "default" {
   }
 }
 
-module "gce_lb_http_logs" {
-  source            = "GoogleCloudPlatform/lb-http/google"
-  version           = "~> 12.1"
-  name              = "${var.prefix}external-logs-endpoint"
-  project           = var.gcp_project_id
-  address           = google_compute_global_address.orch_logs_ip.address
-  create_address    = false
-  target_tags       = [var.cluster_tag_name]
-  firewall_networks = [var.network_name]
-
-  labels = var.labels
-  backends = {
-    default = {
-      description                     = null
-      protocol                        = "HTTP"
-      port                            = var.logs_proxy_port.port
-      port_name                       = var.logs_proxy_port.name
-      timeout_sec                     = 20
-      connection_draining_timeout_sec = 1
-      enable_cdn                      = false
-      session_affinity                = null
-      affinity_cookie_ttl_sec         = null
-      custom_request_headers          = null
-      custom_response_headers         = null
-      security_policy                 = google_compute_security_policy.disable-bots-log-collector.self_link
-
-      health_check = {
-        check_interval_sec  = null
-        timeout_sec         = null
-        healthy_threshold   = null
-        unhealthy_threshold = null
-        request_path        = var.logs_health_proxy_port.health_path
-        port                = var.logs_health_proxy_port.port
-        host                = null
-        logging             = null
-      }
-
-      log_config = {
-        enable      = false
-        sample_rate = 0.0
-      }
-
-      groups = [
-        {
-          group                        = var.client_instance_group
-          balancing_mode               = null
-          capacity_scaler              = null
-          description                  = null
-          max_connections              = null
-          max_connections_per_instance = null
-          max_connections_per_endpoint = null
-          max_rate                     = null
-          max_rate_per_instance        = null
-          max_rate_per_endpoint        = null
-          max_utilization              = null
-        },
-      ]
-
-      iap_config = {
-        enable               = false
-        oauth2_client_id     = ""
-        oauth2_client_secret = ""
-      }
-    }
-  }
-}
-
 # Firewalls
 resource "google_compute_firewall" "default-hc" {
   name    = "${var.prefix}load-balancer-hc"
@@ -558,26 +483,6 @@ resource "google_compute_firewall" "client_proxy_firewall_ingress" {
   source_ranges = ["130.211.0.0/22", "35.191.0.0/16"]
 }
 
-resource "google_compute_firewall" "logs_collector_firewall_ingress" {
-  name    = "${var.prefix}${var.cluster_tag_name}-logs-collector-firewall-ingress"
-  network = var.network_name
-
-  allow {
-    protocol = "tcp"
-    # Health end point is already added by load balancer module automatically, but also adding it here just to make sure we don't remove it by accident
-    ports = [var.logs_proxy_port.port, var.logs_health_proxy_port.port]
-  }
-
-  priority = 999
-
-  direction   = "INGRESS"
-  target_tags = [var.cluster_tag_name]
-  # Load balancer health check IP ranges
-  # https://cloud.google.com/load-balancing/docs/health-check-concepts
-  source_ranges = ["130.211.0.0/22", "35.191.0.0/16"]
-}
-
-
 resource "google_compute_firewall" "internal_remote_connection_firewall_ingress" {
   name    = "${var.prefix}${var.cluster_tag_name}-internal-remote-connection-firewall-ingress"
   network = var.network_name
@@ -764,31 +669,3 @@ resource "google_compute_security_policy_rule" "disable-consul" {
     }
   }
 }
-
-resource "google_compute_security_policy" "disable-bots-log-collector" {
-  name = "disable-bots-log-collector"
-
-  rule {
-    action   = "allow"
-    priority = "300"
-    match {
-      expr {
-        expression = "request.path == \"/\" && request.method == \"POST\""
-      }
-    }
-
-    description = "Allow POST requests  to / (collecting logs)"
-  }
-
-  rule {
-    action      = "deny(403)"
-    priority    = "2147483647"
-    description = "Default rule, higher priority overrides it"
-    match {
-      versioned_expr = "SRC_IPS_V1"
-      config {
-        src_ip_ranges = ["*"]
-      }
-    }
-  }
-}

iac/provider-gcp/nomad-cluster/network/outputs.tf

@@ -63,21 +63,6 @@ variable "client_proxy_port" {
   })
 }
 
-variable "logs_proxy_port" {
-  type = object({
-    name = string
-    port = number
-  })
-}
-
-variable "logs_health_proxy_port" {
-  type = object({
-    name        = string
-    port        = number
-    health_path = string
-  })
-}
-
 variable "nomad_port" {
   type = number
 }

iac/provider-gcp/nomad-cluster/network/variables.tf

@@ -74,16 +74,6 @@ resource "google_compute_region_instance_group_manager" "client_pool" {
     instance_template = google_compute_instance_template.client.id
   }
 
-  named_port {
-    name = var.logs_health_proxy_port.name
-    port = var.logs_health_proxy_port.port
-  }
-
-  named_port {
-    name = var.logs_proxy_port.name
-    port = var.logs_proxy_port.port
-  }
-
   auto_healing_policies {
     health_check      = google_compute_health_check.client_nomad_check.id
     initial_delay_sec = 600

iac/provider-gcp/nomad-cluster/nodepool-client.tf

@@ -1,7 +1,3 @@
-output "logs_proxy_ip" {
-  value = module.network.logs_proxy_ip
-}
-
 output "shared_chunk_cache_path" {
   value = var.filestore_cache_enabled ? "${local.nfs_mount_path}/${local.nfs_mount_subdir}" : ""
 }

iac/provider-gcp/nomad-cluster/outputs.tf

@@ -155,22 +155,6 @@ variable "network_name" {
   default = "default"
 }
 
-variable "logs_proxy_port" {
-  type = object({
-    name = string
-    port = number
-  })
-}
-
-variable "logs_health_proxy_port" {
-  type = object({
-    name        = string
-    port        = number
-    health_path = string
-  })
-}
-
-
 variable "google_service_account_email" {
   type = string
 }

iac/provider-gcp/nomad-cluster/variables.tf

@@ -179,6 +179,10 @@ variable "logs_proxy_port" {
     name = string
     port = number
   })
+  default = {
+    name = "logs"
+    port = 30006
+  }
 }
 
 variable "logs_health_proxy_port" {
@@ -187,6 +191,11 @@ variable "logs_health_proxy_port" {
     port        = number
     health_path = string
   })
+  default = {
+    name        = "logs-health"
+    port        = 44313
+    health_path = "/health"
+  }
 }
 
 variable "analytics_collector_host_secret_name" {

iac/provider-gcp/nomad/variables.tf

@@ -177,30 +177,6 @@ variable "edge_proxy_port" {
   }
 }
 
-variable "logs_proxy_port" {
-  type = object({
-    name = string
-    port = number
-  })
-  default = {
-    name = "logs"
-    port = 30006
-  }
-}
-
-variable "logs_health_proxy_port" {
-  type = object({
-    name        = string
-    port        = number
-    health_path = string
-  })
-  default = {
-    name        = "logs-health"
-    port        = 44313
-    health_path = "/health"
-  }
-}
-
 variable "loki_cluster_size" {
   type    = number
   default = 0