mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-03 09:11:06 +00:00
Import examples that were formerly in the Terraform core repository
This commit is contained in:
commit
8dbe153426
3
examples/content-based-load-balancing/.gitignore
vendored
Normal file
3
examples/content-based-load-balancing/.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
terraform.tfstate
|
||||||
|
terraform.tfstate.backup
|
||||||
|
terraform.tfvars
|
35
examples/content-based-load-balancing/README.md
Normal file
35
examples/content-based-load-balancing/README.md
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
# Content Based Load Balancing in Google Cloud
|
||||||
|
|
||||||
|
This provides a template for running an HTTP load balancer that distributes traffic to different instances based on the
|
||||||
|
path in the request URL. It is based on the tutorial at [https://cloud.google.com/compute/docs/load-balancing/http/content-based-example](https://cloud.google.com/compute/docs/load-balancing/http/content-based-example).
|
||||||
|
|
||||||
|
To start, [download your credentials from Google Cloud Console](https://www.terraform.io/docs/providers/google/#credentials); suggested path for downloaded file is `~/.gcloud/Terraform.json`.
|
||||||
|
|
||||||
|
Optionally update `variables.tf` to specify a default value for the `project_name` variable, and check other variables.
|
||||||
|
|
||||||
|
After you run `terraform apply` on this configuration, it will
|
||||||
|
automatically output the public IP address of the load balancer.
|
||||||
|
After your instance registers, the LB should respond with the following at its root:
|
||||||
|
|
||||||
|
```html
|
||||||
|
<h1>www</h1>
|
||||||
|
```
|
||||||
|
|
||||||
|
And the following at the /video/ url:
|
||||||
|
```html
|
||||||
|
<h1>www-video</h1>
|
||||||
|
```
|
||||||
|
|
||||||
|
To run, configure your Google Cloud provider as described in
|
||||||
|
|
||||||
|
https://www.terraform.io/docs/providers/google/index.html
|
||||||
|
|
||||||
|
Run with a command like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
terraform apply \
|
||||||
|
-var="region=us-central1" \
|
||||||
|
-var="region_zone=us-central1-f" \
|
||||||
|
-var="project_name=my-project-id-123" \
|
||||||
|
-var="credentials_file_path=~/.gcloud/Terraform.json" \
|
||||||
|
```
|
159
examples/content-based-load-balancing/main.tf
Normal file
159
examples/content-based-load-balancing/main.tf
Normal file
@ -0,0 +1,159 @@
|
|||||||
|
# https://cloud.google.com/compute/docs/load-balancing/http/content-based-example
|
||||||
|
|
||||||
|
provider "google" {
|
||||||
|
region = "${var.region}"
|
||||||
|
project = "${var.project_name}"
|
||||||
|
credentials = "${file("${var.credentials_file_path}")}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance" "www" {
|
||||||
|
name = "tf-www-compute"
|
||||||
|
machine_type = "f1-micro"
|
||||||
|
zone = "${var.region_zone}"
|
||||||
|
tags = ["http-tag"]
|
||||||
|
|
||||||
|
disk {
|
||||||
|
image = "projects/debian-cloud/global/images/family/debian-8"
|
||||||
|
}
|
||||||
|
|
||||||
|
network_interface {
|
||||||
|
network = "default"
|
||||||
|
|
||||||
|
access_config {
|
||||||
|
// Ephemeral IP
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
metadata_startup_script = "${file("scripts/install-www.sh")}"
|
||||||
|
|
||||||
|
service_account {
|
||||||
|
scopes = ["https://www.googleapis.com/auth/compute.readonly"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance" "www-video" {
|
||||||
|
name = "tf-www-video-compute"
|
||||||
|
machine_type = "f1-micro"
|
||||||
|
zone = "${var.region_zone}"
|
||||||
|
tags = ["http-tag"]
|
||||||
|
|
||||||
|
disk {
|
||||||
|
image = "projects/debian-cloud/global/images/family/debian-8"
|
||||||
|
}
|
||||||
|
|
||||||
|
network_interface {
|
||||||
|
network = "default"
|
||||||
|
|
||||||
|
access_config {
|
||||||
|
// Ephemeral IP
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
metadata_startup_script = "${file("scripts/install-video.sh")}"
|
||||||
|
|
||||||
|
service_account {
|
||||||
|
scopes = ["https://www.googleapis.com/auth/compute.readonly"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_global_address" "external-address" {
|
||||||
|
name = "tf-external-address"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance_group" "www-resources" {
|
||||||
|
name = "tf-www-resources"
|
||||||
|
zone = "${var.region_zone}"
|
||||||
|
|
||||||
|
instances = ["${google_compute_instance.www.self_link}"]
|
||||||
|
|
||||||
|
named_port {
|
||||||
|
name = "http"
|
||||||
|
port = "80"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance_group" "video-resources" {
|
||||||
|
name = "tf-video-resources"
|
||||||
|
zone = "${var.region_zone}"
|
||||||
|
|
||||||
|
instances = ["${google_compute_instance.www-video.self_link}"]
|
||||||
|
|
||||||
|
named_port {
|
||||||
|
name = "http"
|
||||||
|
port = "80"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_health_check" "health-check" {
|
||||||
|
name = "tf-health-check"
|
||||||
|
|
||||||
|
http_health_check {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_backend_service" "www-service" {
|
||||||
|
name = "tf-www-service"
|
||||||
|
protocol = "HTTP"
|
||||||
|
|
||||||
|
backend {
|
||||||
|
group = "${google_compute_instance_group.www-resources.self_link}"
|
||||||
|
}
|
||||||
|
|
||||||
|
health_checks = ["${google_compute_health_check.health-check.self_link}"]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_backend_service" "video-service" {
|
||||||
|
name = "tf-video-service"
|
||||||
|
protocol = "HTTP"
|
||||||
|
|
||||||
|
backend {
|
||||||
|
group = "${google_compute_instance_group.video-resources.self_link}"
|
||||||
|
}
|
||||||
|
|
||||||
|
health_checks = ["${google_compute_health_check.health-check.self_link}"]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_url_map" "web-map" {
|
||||||
|
name = "tf-web-map"
|
||||||
|
default_service = "${google_compute_backend_service.www-service.self_link}"
|
||||||
|
|
||||||
|
host_rule {
|
||||||
|
hosts = ["*"]
|
||||||
|
path_matcher = "tf-allpaths"
|
||||||
|
}
|
||||||
|
|
||||||
|
path_matcher {
|
||||||
|
name = "tf-allpaths"
|
||||||
|
default_service = "${google_compute_backend_service.www-service.self_link}"
|
||||||
|
|
||||||
|
path_rule {
|
||||||
|
paths = ["/video", "/video/*",]
|
||||||
|
service = "${google_compute_backend_service.video-service.self_link}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_target_http_proxy" "http-lb-proxy" {
|
||||||
|
name = "tf-http-lb-proxy"
|
||||||
|
url_map = "${google_compute_url_map.web-map.self_link}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_global_forwarding_rule" "default" {
|
||||||
|
name = "tf-http-content-gfr"
|
||||||
|
target = "${google_compute_target_http_proxy.http-lb-proxy.self_link}"
|
||||||
|
ip_address = "${google_compute_global_address.external-address.address}"
|
||||||
|
port_range = "80"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_firewall" "default" {
|
||||||
|
name = "tf-www-firewall-allow-internal-only"
|
||||||
|
network = "default"
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "tcp"
|
||||||
|
ports = ["80"]
|
||||||
|
}
|
||||||
|
|
||||||
|
source_ranges = ["130.211.0.0/22", "35.191.0.0/16"]
|
||||||
|
target_tags = ["http-tag"]
|
||||||
|
}
|
3
examples/content-based-load-balancing/output.tf
Normal file
3
examples/content-based-load-balancing/output.tf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
output "application_public_ip" {
|
||||||
|
value = "${google_compute_global_forwarding_rule.default.ip_address}"
|
||||||
|
}
|
@ -0,0 +1,9 @@
|
|||||||
|
#!/bin/bash -xe
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get install apache2 -y
|
||||||
|
sudo a2ensite default-ssl
|
||||||
|
sudo a2enmod ssl
|
||||||
|
sudo service apache2 restart
|
||||||
|
echo '<!doctype html><html><body><h1>www-video</h1></body></html>' | sudo tee /var/www/html/index.html
|
||||||
|
sudo mkdir /var/www/html/video
|
||||||
|
echo '<!doctype html><html><body><h1>www-video</h1></body></html>' | sudo tee /var/www/html/video/index.html
|
@ -0,0 +1,7 @@
|
|||||||
|
#!/bin/bash -xe
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get install apache2 -y
|
||||||
|
sudo a2ensite default-ssl
|
||||||
|
sudo a2enmod ssl
|
||||||
|
sudo service apache2 restart
|
||||||
|
echo '<!doctype html><html><body><h1>www</h1></body></html>' | sudo tee /var/www/html/index.html
|
@ -0,0 +1,4 @@
|
|||||||
|
region = "us-central1"
|
||||||
|
region_zone = "us-central1-b"
|
||||||
|
project_name = "my-project-id-123"
|
||||||
|
credentials_file_path = "~/.gcloud/Terraform.json"
|
16
examples/content-based-load-balancing/variables.tf
Normal file
16
examples/content-based-load-balancing/variables.tf
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
variable "region" {
|
||||||
|
default = "us-central1"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "region_zone" {
|
||||||
|
default = "us-central1-f"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "project_name" {
|
||||||
|
description = "The ID of the Google Cloud project"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "credentials_file_path" {
|
||||||
|
description = "Path to the JSON file used to describe your account credentials"
|
||||||
|
default = "~/.gcloud/Terraform.json"
|
||||||
|
}
|
3
examples/internal-load-balancing/.gitignore
vendored
Normal file
3
examples/internal-load-balancing/.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
terraform.tfstate
|
||||||
|
terraform.tfstate.backup
|
||||||
|
terraform.tfvars
|
34
examples/internal-load-balancing/README.md
Normal file
34
examples/internal-load-balancing/README.md
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
# Internal Load Balancing in Google Cloud
|
||||||
|
|
||||||
|
This provides a template for setting up internal load balancing in Google Cloud. It directly mirrors the tutorial in the [GCP Internal Load Balancing Documentation](https://cloud.google.com/compute/docs/load-balancing/internal/).
|
||||||
|
|
||||||
|
To run the example,
|
||||||
|
|
||||||
|
* Log in to gcloud with an account that has permission to create the necessary resources using `gcloud init`.
|
||||||
|
* Optionally update `variables.tf` to specify a default value for the `project_name` variable, and check other variables.
|
||||||
|
* Run with a command like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
terraform apply \
|
||||||
|
-var="region=us-central1" \
|
||||||
|
-var="region_zone=us-central1-b" \
|
||||||
|
-var="region_zone_2=us-central1-c" \
|
||||||
|
-var="project_name=my-project-id-123" \
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
After you run `terraform apply` on this configuration, it will
|
||||||
|
automatically output the internal IP address of the load balancer.
|
||||||
|
|
||||||
|
Since the load balancer is only reachable from within the network, ssh into the standalone instance using
|
||||||
|
|
||||||
|
```
|
||||||
|
gcloud compute ssh --zone us-central1-b standalone-instance-1
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
Using `curl` on the IP address given, the LB should respond with a simple header:
|
||||||
|
|
||||||
|
```html
|
||||||
|
<!doctype html><html><body><h1>ilb-instance-X</h1></body></html>
|
||||||
|
```
|
257
examples/internal-load-balancing/main.tf
Normal file
257
examples/internal-load-balancing/main.tf
Normal file
@ -0,0 +1,257 @@
|
|||||||
|
provider "google" {
|
||||||
|
region = "${var.region}"
|
||||||
|
project = "${var.project_name}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_network" "my-custom-network" {
|
||||||
|
name = "my-custom-network"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_subnetwork" "my-custom-subnet" {
|
||||||
|
name = "my-custom-subnet"
|
||||||
|
ip_cidr_range = "10.128.0.0/20"
|
||||||
|
network = "${google_compute_network.my-custom-network.self_link}"
|
||||||
|
region = "${var.region}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_firewall" "allow-all-internal" {
|
||||||
|
name = "allow-all-10-128-0-0-20"
|
||||||
|
network = "${google_compute_network.my-custom-network.name}"
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "tcp"
|
||||||
|
}
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "udp"
|
||||||
|
}
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "icmp"
|
||||||
|
}
|
||||||
|
|
||||||
|
source_ranges = ["10.128.0.0/20"]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_firewall" "allow-ssh-rdp-icmp" {
|
||||||
|
name = "allow-tcp22-tcp3389-icmp"
|
||||||
|
network = "${google_compute_network.my-custom-network.name}"
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "tcp"
|
||||||
|
ports = ["22", "3389",]
|
||||||
|
}
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "icmp"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance" "ilb-instance-1" {
|
||||||
|
name = "ilb-instance-1"
|
||||||
|
machine_type = "n1-standard-1"
|
||||||
|
zone = "${var.region_zone}"
|
||||||
|
|
||||||
|
tags = ["int-lb"]
|
||||||
|
|
||||||
|
disk {
|
||||||
|
image = "debian-cloud/debian-8"
|
||||||
|
}
|
||||||
|
|
||||||
|
network_interface {
|
||||||
|
subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
|
||||||
|
access_config {
|
||||||
|
// Ephemeral IP
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
service_account {
|
||||||
|
scopes = ["compute-rw"]
|
||||||
|
}
|
||||||
|
|
||||||
|
metadata_startup_script = "${file("startup.sh")}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance" "ilb-instance-2" {
|
||||||
|
name = "ilb-instance-2"
|
||||||
|
machine_type = "n1-standard-1"
|
||||||
|
zone = "${var.region_zone}"
|
||||||
|
|
||||||
|
tags = ["int-lb"]
|
||||||
|
|
||||||
|
disk {
|
||||||
|
image = "debian-cloud/debian-8"
|
||||||
|
}
|
||||||
|
|
||||||
|
network_interface {
|
||||||
|
subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
|
||||||
|
access_config {
|
||||||
|
// Ephemeral IP
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
service_account {
|
||||||
|
scopes = ["compute-rw"]
|
||||||
|
}
|
||||||
|
|
||||||
|
metadata_startup_script = "${file("startup.sh")}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance" "ilb-instance-3" {
|
||||||
|
name = "ilb-instance-3"
|
||||||
|
machine_type = "n1-standard-1"
|
||||||
|
zone = "${var.region_zone_2}"
|
||||||
|
|
||||||
|
tags = ["int-lb"]
|
||||||
|
|
||||||
|
disk {
|
||||||
|
image = "debian-cloud/debian-8"
|
||||||
|
}
|
||||||
|
|
||||||
|
network_interface {
|
||||||
|
subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
|
||||||
|
access_config {
|
||||||
|
// Ephemeral IP
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
service_account {
|
||||||
|
scopes = ["compute-rw"]
|
||||||
|
}
|
||||||
|
|
||||||
|
metadata_startup_script = "${file("startup.sh")}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance" "ilb-instance-4" {
|
||||||
|
name = "ilb-instance-4"
|
||||||
|
machine_type = "n1-standard-1"
|
||||||
|
zone = "${var.region_zone_2}"
|
||||||
|
|
||||||
|
tags = ["int-lb"]
|
||||||
|
|
||||||
|
disk {
|
||||||
|
image = "debian-cloud/debian-8"
|
||||||
|
}
|
||||||
|
|
||||||
|
network_interface {
|
||||||
|
subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
|
||||||
|
access_config {
|
||||||
|
// Ephemeral IP
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
service_account {
|
||||||
|
scopes = ["compute-rw"]
|
||||||
|
}
|
||||||
|
|
||||||
|
metadata_startup_script = "${file("startup.sh")}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance_group" "us-ig1" {
|
||||||
|
name = "us-ig1"
|
||||||
|
|
||||||
|
instances = [
|
||||||
|
"${google_compute_instance.ilb-instance-1.self_link}",
|
||||||
|
"${google_compute_instance.ilb-instance-2.self_link}"
|
||||||
|
]
|
||||||
|
|
||||||
|
zone = "${var.region_zone}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance_group" "us-ig2" {
|
||||||
|
name = "us-ig2"
|
||||||
|
|
||||||
|
instances = [
|
||||||
|
"${google_compute_instance.ilb-instance-3.self_link}",
|
||||||
|
"${google_compute_instance.ilb-instance-4.self_link}"
|
||||||
|
]
|
||||||
|
|
||||||
|
zone = "${var.region_zone_2}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_health_check" "my-tcp-health-check" {
|
||||||
|
name = "my-tcp-health-check"
|
||||||
|
|
||||||
|
tcp_health_check {
|
||||||
|
port = "80"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_region_backend_service" "my-int-lb" {
|
||||||
|
name = "my-int-lb"
|
||||||
|
health_checks = ["${google_compute_health_check.my-tcp-health-check.self_link}"]
|
||||||
|
region = "${var.region}"
|
||||||
|
|
||||||
|
backend {
|
||||||
|
group = "${google_compute_instance_group.us-ig1.self_link}"
|
||||||
|
}
|
||||||
|
|
||||||
|
backend {
|
||||||
|
group = "${google_compute_instance_group.us-ig2.self_link}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_forwarding_rule" "my-int-lb-forwarding-rule" {
|
||||||
|
name = "my-int-lb-forwarding-rule"
|
||||||
|
load_balancing_scheme = "INTERNAL"
|
||||||
|
ports = ["80"]
|
||||||
|
network = "${google_compute_network.my-custom-network.self_link}"
|
||||||
|
subnetwork = "${google_compute_subnetwork.my-custom-subnet.self_link}"
|
||||||
|
backend_service = "${google_compute_region_backend_service.my-int-lb.self_link}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_firewall" "allow-internal-lb" {
|
||||||
|
name = "allow-internal-lb"
|
||||||
|
network = "${google_compute_network.my-custom-network.name}"
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "tcp"
|
||||||
|
ports = ["80", "443"]
|
||||||
|
}
|
||||||
|
|
||||||
|
source_ranges = ["10.128.0.0/20"]
|
||||||
|
target_tags = ["int-lb"]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_firewall" "allow-health-check" {
|
||||||
|
name = "allow-health-check"
|
||||||
|
network = "${google_compute_network.my-custom-network.name}"
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "tcp"
|
||||||
|
}
|
||||||
|
|
||||||
|
source_ranges = ["130.211.0.0/22","35.191.0.0/16"]
|
||||||
|
target_tags = ["int-lb"]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance" "standalone-instance-1" {
|
||||||
|
name = "standalone-instance-1"
|
||||||
|
machine_type = "n1-standard-1"
|
||||||
|
zone = "${var.region_zone}"
|
||||||
|
|
||||||
|
tags = ["standalone"]
|
||||||
|
|
||||||
|
disk {
|
||||||
|
image = "debian-cloud/debian-8"
|
||||||
|
}
|
||||||
|
|
||||||
|
network_interface {
|
||||||
|
subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
|
||||||
|
access_config {
|
||||||
|
// Ephemeral IP
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_firewall" "allow-ssh-to-standalone" {
|
||||||
|
name = "allow-ssh-to-standalone"
|
||||||
|
network = "${google_compute_network.my-custom-network.name}"
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "tcp"
|
||||||
|
ports = ["22"]
|
||||||
|
}
|
||||||
|
|
||||||
|
target_tags = ["standalone"]
|
||||||
|
}
|
3
examples/internal-load-balancing/output.tf
Normal file
3
examples/internal-load-balancing/output.tf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
output "internal_load_balancer_ip" {
|
||||||
|
value = "${google_compute_forwarding_rule.my-int-lb-forwarding-rule.ip_address}"
|
||||||
|
}
|
10
examples/internal-load-balancing/startup.sh
Normal file
10
examples/internal-load-balancing/startup.sh
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
apt-get update
|
||||||
|
apt-get install apache2 -y
|
||||||
|
a2ensite default-ssl
|
||||||
|
a2enmod ssl
|
||||||
|
service apache2 restart
|
||||||
|
INSTANCE_NAME=`curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/hostname | awk -F "." '{print $1}'`
|
||||||
|
ZONE=`curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/zone | awk -F "/" '{print $NF}'`
|
||||||
|
echo '<!doctype html><html><body><h1>'$INSTANCE_NAME'</h1></body></html>' | tee /var/www/html/index.html
|
||||||
|
gcloud compute instances delete-access-config $INSTANCE_NAME --zone $ZONE
|
@ -0,0 +1,5 @@
|
|||||||
|
region = "us-central1"
|
||||||
|
region_zone = "us-central1-b"
|
||||||
|
region_zone2 = "us-central1-c"
|
||||||
|
project_name = "my-project-id-123"
|
||||||
|
credentials_file_path = "~/.gcloud/Terraform.json"
|
15
examples/internal-load-balancing/variables.tf
Normal file
15
examples/internal-load-balancing/variables.tf
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
variable "region" {
|
||||||
|
default = "us-central1"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "region_zone" {
|
||||||
|
default = "us-central1-b"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "region_zone_2" {
|
||||||
|
default = "us-central1-c"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "project_name" {
|
||||||
|
description = "The ID of the Google Cloud project"
|
||||||
|
}
|
1
examples/two-tier/.gitignore
vendored
Normal file
1
examples/two-tier/.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
terraform.tfvars
|
50
examples/two-tier/README.md
Normal file
50
examples/two-tier/README.md
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
# Basic Two-Tier Architecture in Google Cloud
|
||||||
|
|
||||||
|
This provides a template for running a simple two-tier architecture on Google Cloud.
|
||||||
|
The premise is that you have stateless app servers running behind
|
||||||
|
a load balancer serving traffic.
|
||||||
|
|
||||||
|
To simplify the example, this intentionally ignores deploying and
|
||||||
|
getting your application onto the servers. However, you could do so either via
|
||||||
|
[startup script](http://terraform.io/docs/providers/google/r/compute_instance.html#metadata_startup_script) or
|
||||||
|
[provisioners](https://www.terraform.io/docs/provisioners/) and a configuration
|
||||||
|
management tool, or by pre-baking configured images with
|
||||||
|
[Packer](https://packer.io/docs/builders/googlecompute.html).
|
||||||
|
|
||||||
|
You will need to generate SSH keys as follows:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
$ ssh-keygen -f ~/.ssh/gcloud_id_rsa
|
||||||
|
# press <Enter> when asked (twice) for a pass-phrase
|
||||||
|
```
|
||||||
|
|
||||||
|
Then [download your credentials from Google Cloud Console](https://www.terraform.io/docs/providers/google/#credentials); suggested path for downloaded file is `~/.gcloud/Terraform.json`.
|
||||||
|
|
||||||
|
Optionally update `variables.tf` to specify a default value for the `project_name` variable, and check other variables.
|
||||||
|
|
||||||
|
After you run `terraform apply` on this configuration, it will
|
||||||
|
automatically output the public IP address of the load balancer.
|
||||||
|
After your instance registers, the LB should respond with a simple header:
|
||||||
|
|
||||||
|
```html
|
||||||
|
<h1>Welcome to instance 0</h1>
|
||||||
|
```
|
||||||
|
|
||||||
|
The index may differ once you increase `count` of `google_compute_instance`
|
||||||
|
(i.e. provision more instances).
|
||||||
|
|
||||||
|
To run, configure your Google Cloud provider as described in
|
||||||
|
|
||||||
|
https://www.terraform.io/docs/providers/google/index.html
|
||||||
|
|
||||||
|
Run with a command like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
terraform apply \
|
||||||
|
-var="region=us-central1" \
|
||||||
|
-var="region_zone=us-central1-f" \
|
||||||
|
-var="project_name=my-project-id-123" \
|
||||||
|
-var="credentials_file_path=~/.gcloud/Terraform.json" \
|
||||||
|
-var="public_key_path=~/.ssh/gcloud_id_rsa.pub" \
|
||||||
|
-var="private_key_path=~/.ssh/gcloud_id_rsa"
|
||||||
|
```
|
96
examples/two-tier/main.tf
Normal file
96
examples/two-tier/main.tf
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
# See https://cloud.google.com/compute/docs/load-balancing/network/example
|
||||||
|
|
||||||
|
provider "google" {
|
||||||
|
region = "${var.region}"
|
||||||
|
project = "${var.project_name}"
|
||||||
|
credentials = "${file("${var.credentials_file_path}")}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_http_health_check" "default" {
|
||||||
|
name = "tf-www-basic-check"
|
||||||
|
request_path = "/"
|
||||||
|
check_interval_sec = 1
|
||||||
|
healthy_threshold = 1
|
||||||
|
unhealthy_threshold = 10
|
||||||
|
timeout_sec = 1
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_target_pool" "default" {
|
||||||
|
name = "tf-www-target-pool"
|
||||||
|
instances = ["${google_compute_instance.www.*.self_link}"]
|
||||||
|
health_checks = ["${google_compute_http_health_check.default.name}"]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_forwarding_rule" "default" {
|
||||||
|
name = "tf-www-forwarding-rule"
|
||||||
|
target = "${google_compute_target_pool.default.self_link}"
|
||||||
|
port_range = "80"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance" "www" {
|
||||||
|
count = 3
|
||||||
|
|
||||||
|
name = "tf-www-${count.index}"
|
||||||
|
machine_type = "f1-micro"
|
||||||
|
zone = "${var.region_zone}"
|
||||||
|
tags = ["www-node"]
|
||||||
|
|
||||||
|
disk {
|
||||||
|
image = "ubuntu-os-cloud/ubuntu-1404-trusty-v20160602"
|
||||||
|
}
|
||||||
|
|
||||||
|
network_interface {
|
||||||
|
network = "default"
|
||||||
|
|
||||||
|
access_config {
|
||||||
|
# Ephemeral
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
metadata {
|
||||||
|
ssh-keys = "root:${file("${var.public_key_path}")}"
|
||||||
|
}
|
||||||
|
|
||||||
|
provisioner "file" {
|
||||||
|
source = "${var.install_script_src_path}"
|
||||||
|
destination = "${var.install_script_dest_path}"
|
||||||
|
|
||||||
|
connection {
|
||||||
|
type = "ssh"
|
||||||
|
user = "root"
|
||||||
|
private_key = "${file("${var.private_key_path}")}"
|
||||||
|
agent = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
provisioner "remote-exec" {
|
||||||
|
connection {
|
||||||
|
type = "ssh"
|
||||||
|
user = "root"
|
||||||
|
private_key = "${file("${var.private_key_path}")}"
|
||||||
|
agent = false
|
||||||
|
}
|
||||||
|
|
||||||
|
inline = [
|
||||||
|
"chmod +x ${var.install_script_dest_path}",
|
||||||
|
"sudo ${var.install_script_dest_path} ${count.index}",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
service_account {
|
||||||
|
scopes = ["https://www.googleapis.com/auth/compute.readonly"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_firewall" "default" {
|
||||||
|
name = "tf-www-firewall"
|
||||||
|
network = "default"
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "tcp"
|
||||||
|
ports = ["80"]
|
||||||
|
}
|
||||||
|
|
||||||
|
source_ranges = ["0.0.0.0/0"]
|
||||||
|
target_tags = ["www-node"]
|
||||||
|
}
|
7
examples/two-tier/output.tf
Normal file
7
examples/two-tier/output.tf
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
output "pool_public_ip" {
|
||||||
|
value = "${google_compute_forwarding_rule.default.ip_address}"
|
||||||
|
}
|
||||||
|
|
||||||
|
output "instance_ips" {
|
||||||
|
value = "${join(" ", google_compute_instance.www.*.network_interface.0.access_config.0.assigned_nat_ip)}"
|
||||||
|
}
|
8
examples/two-tier/scripts/install.sh
Normal file
8
examples/two-tier/scripts/install.sh
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
#!/bin/bash -xe
|
||||||
|
|
||||||
|
RESOURCE_INDEX=$1
|
||||||
|
apt-get -y update
|
||||||
|
apt-get -y install nginx
|
||||||
|
IP=$(curl -s -H "Metadata-Flavor:Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/ip)
|
||||||
|
echo "Welcome to Resource ${RESOURCE_INDEX} - ${HOSTNAME} (${IP})" > /usr/share/nginx/html/index.html
|
||||||
|
service nginx start
|
6
examples/two-tier/terraform.tfvars.example
Normal file
6
examples/two-tier/terraform.tfvars.example
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
region = "us-central1"
|
||||||
|
region_zone = "us-central1-a"
|
||||||
|
project_name = "my-project-id-123"
|
||||||
|
credentials_file_path = "~/.gcloud/Terraform.json"
|
||||||
|
public_key_path = "~/.ssh/gcloud_id_rsa.pub"
|
||||||
|
private_key_path = "~/.ssh/gcloud_id_rsa"
|
36
examples/two-tier/variables.tf
Normal file
36
examples/two-tier/variables.tf
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
variable "region" {
|
||||||
|
default = "us-central1"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "region_zone" {
|
||||||
|
default = "us-central1-f"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "project_name" {
|
||||||
|
description = "The ID of the Google Cloud project"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "credentials_file_path" {
|
||||||
|
description = "Path to the JSON file used to describe your account credentials"
|
||||||
|
default = "~/.gcloud/Terraform.json"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "public_key_path" {
|
||||||
|
description = "Path to file containing public key"
|
||||||
|
default = "~/.ssh/gcloud_id_rsa.pub"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "private_key_path" {
|
||||||
|
description = "Path to file containing private key"
|
||||||
|
default = "~/.ssh/gcloud_id_rsa"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "install_script_src_path" {
|
||||||
|
description = "Path to install script within this repository"
|
||||||
|
default = "scripts/install.sh"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "install_script_dest_path" {
|
||||||
|
description = "Path to put the install script on each destination resource"
|
||||||
|
default = "/tmp/install.sh"
|
||||||
|
}
|
17
examples/vpn/README.md
Normal file
17
examples/vpn/README.md
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
# Google Compute Engine VPN Example
|
||||||
|
|
||||||
|
This example joins two GCE networks via VPN. The firewall rules have been set up
|
||||||
|
so that you can create an instance in each network and have them communicate
|
||||||
|
using their internal IP addresses.
|
||||||
|
|
||||||
|
See this [example](https://cloud.google.com/compute/docs/vpn) for more
|
||||||
|
information.
|
||||||
|
|
||||||
|
Run this example using
|
||||||
|
|
||||||
|
```
|
||||||
|
terraform apply \
|
||||||
|
-var="region1=us-central1" \
|
||||||
|
-var="region2=europe-west1" \
|
||||||
|
-var="project=my-project-id-123"
|
||||||
|
```
|
11
examples/vpn/variables.tf
Normal file
11
examples/vpn/variables.tf
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
variable "project" {
|
||||||
|
description = "Your project name"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "region1" {
|
||||||
|
description = "The desired region for the first network & VPN and project"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "region2" {
|
||||||
|
description = "The desired region for the second network & VPN"
|
||||||
|
}
|
182
examples/vpn/vpn.tf
Normal file
182
examples/vpn/vpn.tf
Normal file
@ -0,0 +1,182 @@
|
|||||||
|
# An example of how to connect two GCE networks with a VPN
|
||||||
|
provider "google" {
|
||||||
|
account_file = "${file("~/gce/account.json")}"
|
||||||
|
project = "${var.project}"
|
||||||
|
region = "${var.region1}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create the two networks we want to join. They must have separate, internal
|
||||||
|
# ranges.
|
||||||
|
resource "google_compute_network" "network1" {
|
||||||
|
name = "network1"
|
||||||
|
ipv4_range = "10.120.0.0/16"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_network" "network2" {
|
||||||
|
name = "network2"
|
||||||
|
ipv4_range = "10.121.0.0/16"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Attach a VPN gateway to each network.
|
||||||
|
resource "google_compute_vpn_gateway" "target_gateway1" {
|
||||||
|
name = "vpn1"
|
||||||
|
network = "${google_compute_network.network1.self_link}"
|
||||||
|
region = "${var.region1}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_vpn_gateway" "target_gateway2" {
|
||||||
|
name = "vpn2"
|
||||||
|
network = "${google_compute_network.network2.self_link}"
|
||||||
|
region = "${var.region2}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create an outward facing static IP for each VPN that will be used by the
|
||||||
|
# other VPN to connect.
|
||||||
|
resource "google_compute_address" "vpn_static_ip1" {
|
||||||
|
name = "vpn-static-ip1"
|
||||||
|
region = "${var.region1}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_address" "vpn_static_ip2" {
|
||||||
|
name = "vpn-static-ip2"
|
||||||
|
region = "${var.region2}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Forward IPSec traffic coming into our static IP to our VPN gateway.
|
||||||
|
resource "google_compute_forwarding_rule" "fr1_esp" {
|
||||||
|
name = "fr1-esp"
|
||||||
|
region = "${var.region1}"
|
||||||
|
ip_protocol = "ESP"
|
||||||
|
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
||||||
|
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_forwarding_rule" "fr2_esp" {
|
||||||
|
name = "fr2-esp"
|
||||||
|
region = "${var.region2}"
|
||||||
|
ip_protocol = "ESP"
|
||||||
|
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
||||||
|
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# The following two sets of forwarding rules are used as a part of the IPSec
|
||||||
|
# protocol
|
||||||
|
resource "google_compute_forwarding_rule" "fr1_udp500" {
|
||||||
|
name = "fr1-udp500"
|
||||||
|
region = "${var.region1}"
|
||||||
|
ip_protocol = "UDP"
|
||||||
|
port_range = "500"
|
||||||
|
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
||||||
|
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_forwarding_rule" "fr2_udp500" {
|
||||||
|
name = "fr2-udp500"
|
||||||
|
region = "${var.region2}"
|
||||||
|
ip_protocol = "UDP"
|
||||||
|
port_range = "500"
|
||||||
|
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
||||||
|
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_forwarding_rule" "fr1_udp4500" {
|
||||||
|
name = "fr1-udp4500"
|
||||||
|
region = "${var.region1}"
|
||||||
|
ip_protocol = "UDP"
|
||||||
|
port_range = "4500"
|
||||||
|
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
||||||
|
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_forwarding_rule" "fr2_udp4500" {
|
||||||
|
name = "fr2-udp4500"
|
||||||
|
region = "${var.region2}"
|
||||||
|
ip_protocol = "UDP"
|
||||||
|
port_range = "4500"
|
||||||
|
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
||||||
|
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Each tunnel is responsible for encrypting and decrypting traffic exiting
|
||||||
|
# and leaving its associated gateway
|
||||||
|
resource "google_compute_vpn_tunnel" "tunnel1" {
|
||||||
|
name = "tunnel1"
|
||||||
|
region = "${var.region1}"
|
||||||
|
peer_ip = "${google_compute_address.vpn_static_ip2.address}"
|
||||||
|
shared_secret = "a secret message"
|
||||||
|
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||||
|
|
||||||
|
depends_on = ["google_compute_forwarding_rule.fr1_udp500",
|
||||||
|
"google_compute_forwarding_rule.fr1_udp4500",
|
||||||
|
"google_compute_forwarding_rule.fr1_esp",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_vpn_tunnel" "tunnel2" {
|
||||||
|
name = "tunnel2"
|
||||||
|
region = "${var.region2}"
|
||||||
|
peer_ip = "${google_compute_address.vpn_static_ip1.address}"
|
||||||
|
shared_secret = "a secret message"
|
||||||
|
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||||
|
|
||||||
|
depends_on = ["google_compute_forwarding_rule.fr2_udp500",
|
||||||
|
"google_compute_forwarding_rule.fr2_udp4500",
|
||||||
|
"google_compute_forwarding_rule.fr2_esp",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
# Each route tells the associated network to send all traffic in the dest_range
|
||||||
|
# through the VPN tunnel
|
||||||
|
resource "google_compute_route" "route1" {
|
||||||
|
name = "route1"
|
||||||
|
network = "${google_compute_network.network1.name}"
|
||||||
|
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}"
|
||||||
|
dest_range = "${google_compute_network.network2.ipv4_range}"
|
||||||
|
priority = 1000
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_route" "route2" {
|
||||||
|
name = "route2"
|
||||||
|
network = "${google_compute_network.network2.name}"
|
||||||
|
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel2.self_link}"
|
||||||
|
dest_range = "${google_compute_network.network1.ipv4_range}"
|
||||||
|
priority = 1000
|
||||||
|
}
|
||||||
|
|
||||||
|
# We want to allow the two networks to communicate, so we need to unblock
|
||||||
|
# them in the firewall
|
||||||
|
resource "google_compute_firewall" "network1-allow-network1" {
|
||||||
|
name = "network1-allow-network1"
|
||||||
|
network = "${google_compute_network.network1.name}"
|
||||||
|
source_ranges = ["${google_compute_network.network1.ipv4_range}"]
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "tcp"
|
||||||
|
}
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "udp"
|
||||||
|
}
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "icmp"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_firewall" "network1-allow-network2" {
|
||||||
|
name = "network1-allow-network2"
|
||||||
|
network = "${google_compute_network.network1.name}"
|
||||||
|
source_ranges = ["${google_compute_network.network2.ipv4_range}"]
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "tcp"
|
||||||
|
}
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "udp"
|
||||||
|
}
|
||||||
|
|
||||||
|
allow {
|
||||||
|
protocol = "icmp"
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user