Add example for internal load balancing

2024-07-01 07:42:40 +00:00 · 2016-12-15 13:28:57 -08:00 · 2016-12-15 13:28:57 -08:00 · e476ad1514
commit e476ad1514
parent baeb764181
3 changed files with 297 additions and 0 deletions
--- a/examples/internal-load-balancing/.gitignore
+++ b/examples/internal-load-balancing/.gitignore
@ -0,0 +1,3 @@
+terraform.tfstate
+terraform.tfstate.backup
+terraform.tfvars
--- a/examples/internal-load-balancing/main.tf
+++ b/examples/internal-load-balancing/main.tf
@ -0,0 +1,274 @@
+provider "google" {
+	region      = "${var.region}"
+	project     = "${var.project_name}"
+	credentials = "${file("${var.credentials_file_path}")}"
+}
+
+resource "google_compute_network" "my-custom-network" {
+	name = "my-custom-network"
+}
+
+resource "google_compute_subnetwork" "my-custom-subnet" {
+	name          = "my-custom-subnet"
+	ip_cidr_range = "10.128.0.0/20"
+	network       = "${google_compute_network.my-custom-network.self_link}"
+	region        = "${var.region}"
+}
+
+resource "google_compute_firewall" "allow-all-internal" {
+	name    = "allow-all-10-128-0-0-20"
+	network = "${google_compute_network.my-custom-network.name}"
+
+	allow {
+		protocol = "tcp"
+	}
+
+	allow {
+		protocol = "udp"
+	}
+
+	allow {
+		protocol = "icmp"
+	}
+
+	source_ranges = ["10.128.0.0/20"]
+}
+
+resource "google_compute_firewall" "allow-ssh-rdp-icmp" {
+	name    = "allow-tcp22-tcp3389-icmp"
+	network = "${google_compute_network.my-custom-network.name}"
+
+	allow {
+		protocol = "tcp"
+		ports    = ["22", "3389",]
+	}
+
+	allow {
+		protocol = "icmp"
+	}
+}
+
+resource "google_compute_instance" "ilb-instance-1" {
+	name         = "ilb-instance-1"
+	machine_type = "n1-standard-1"
+	zone         = "${var.region_zone}"
+
+	tags = ["int-lb"]
+
+	disk {
+		image = "debian-cloud/debian-8"
+	}
+
+	network_interface {
+		subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
+		access_config {
+			// Ephemeral IP
+		}
+	}
+
+	metadata_startup_script = <<EOF
+#! /bin/bash
+apt-get update
+apt-get install apache2 -y
+a2ensite default-ssl
+a2enmod ssl
+service apache2 restart
+echo '<!doctype html><html><body><h1>ilb-instance-1</h1></body></html>' | tee /var/www/html/index.html
+EOF
+}
+
+resource "google_compute_instance" "ilb-instance-2" {
+	name         = "ilb-instance-2"
+	machine_type = "n1-standard-1"
+	zone         = "${var.region_zone}"
+
+	tags = ["int-lb"]
+
+	disk {
+		image = "debian-cloud/debian-8"
+	}
+
+	network_interface {
+		subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
+		access_config {
+			// Ephemeral IP
+		}
+	}
+
+	metadata_startup_script = <<EOF
+#! /bin/bash
+apt-get update
+apt-get install apache2 -y
+a2ensite default-ssl
+a2enmod ssl
+service apache2 restart
+echo '<!doctype html><html><body><h1>ilb-instance-2</h1></body></html>' | tee /var/www/html/index.html
+EOF
+}
+
+resource "google_compute_instance" "ilb-instance-3" {
+	name         = "ilb-instance-3"
+	machine_type = "n1-standard-1"
+	zone         = "${var.region_zone_2}"
+
+	tags = ["int-lb"]
+
+	disk {
+		image = "debian-cloud/debian-8"
+	}
+
+	network_interface {
+		subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
+		access_config {
+			// Ephemeral IP
+		}
+	}
+
+	metadata_startup_script = <<EOF
+#! /bin/bash
+apt-get update
+apt-get install apache2 -y
+a2ensite default-ssl
+a2enmod ssl
+service apache2 restart
+echo '<!doctype html><html><body><h1>ilb-instance-3</h1></body></html>' | tee /var/www/html/index.html
+EOF
+}
+
+resource "google_compute_instance" "ilb-instance-4" {
+	name         = "ilb-instance-4"
+	machine_type = "n1-standard-1"
+	zone         = "${var.region_zone_2}"
+
+	tags = ["int-lb"]
+
+	disk {
+		image = "debian-cloud/debian-8"
+	}
+
+	network_interface {
+		subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
+		access_config {
+			// Ephemeral IP
+		}
+	}
+
+	metadata_startup_script = <<EOF
+#! /bin/bash
+apt-get update
+apt-get install apache2 -y
+a2ensite default-ssl
+a2enmod ssl
+service apache2 restart
+echo '<!doctype html><html><body><h1>ilb-instance-4</h1></body></html>' | tee /var/www/html/index.html
+EOF
+}
+
+resource "google_compute_instance_group" "us-ig1" {
+	name        = "us-ig1"
+
+	instances = [
+		"${google_compute_instance.ilb-instance-1.self_link}",
+		"${google_compute_instance.ilb-instance-2.self_link}"
+	]
+
+	zone = "${var.region_zone}"
+}
+
+resource "google_compute_instance_group" "us-ig2" {
+	name        = "us-ig2"
+
+	instances = [
+		"${google_compute_instance.ilb-instance-3.self_link}",
+		"${google_compute_instance.ilb-instance-4.self_link}"
+	]
+
+	zone = "${var.region_zone_2}"
+}
+
+resource "google_compute_health_check" "my-tcp-health-check" {
+	name = "my-tcp-health-check"
+
+	tcp_health_check {
+		port = "80"
+	}
+}
+
+resource "google_compute_region_backend_service" "my-int-lb" {
+	name                  = "my-int-lb"
+	health_checks         = ["${google_compute_health_check.my-tcp-health-check.self_link}"]
+	region                = "${var.region}"
+
+	backend {
+		group = "${google_compute_instance_group.us-ig1.self_link}"
+	}
+
+	backend {
+		group = "${google_compute_instance_group.us-ig2.self_link}"
+	}
+}
+
+resource "google_compute_forwarding_rule" "my-int-lb-forwarding-rule" {
+	name                  = "my-int-lb-forwarding-rule"
+	load_balancing_scheme = "INTERNAL"
+	ports                 = ["80"]
+	network               = "${google_compute_network.my-custom-network.self_link}"
+	subnetwork            = "${google_compute_subnetwork.my-custom-subnet.self_link}"
+	backend_service       = "${google_compute_region_backend_service.my-int-lb.self_link}"
+}
+
+resource "google_compute_firewall" "allow-internal-lb" {
+	name    = "allow-internal-lb"
+	network = "${google_compute_network.my-custom-network.name}"
+
+	allow {
+		protocol = "tcp"
+		ports    = ["80", "443"]
+	}
+
+	source_ranges = ["10.128.0.0/20"]
+	target_tags = ["int-lb"]
+}
+
+resource "google_compute_firewall" "allow-health-check" {
+	name    = "allow-health-check"
+	network = "${google_compute_network.my-custom-network.name}"
+
+	allow {
+		protocol = "tcp"
+	}
+
+	source_ranges = ["130.211.0.0/22","35.191.0.0/16"]
+	target_tags = ["int-lb"]
+}
+
+resource "google_compute_instance" "standalone-instance-1" {
+	name         = "standalone-instance-1"
+	machine_type = "n1-standard-1"
+	zone         = "${var.region_zone}"
+
+	tags = ["standalone"]
+
+	disk {
+		image = "debian-cloud/debian-8"
+	}
+
+	network_interface {
+		subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
+		access_config {
+			// Ephemeral IP
+		}
+	}
+}
+
+resource "google_compute_firewall" "allow-ssh-to-standalone" {
+	name    = "allow-ssh-to-standalone"
+	network = "${google_compute_network.my-custom-network.name}"
+
+	allow {
+		protocol = "tcp"
+		ports    = ["22"]
+	}
+
+	target_tags = ["standalone"]
+}
--- a/examples/internal-load-balancing/variables.tf
+++ b/examples/internal-load-balancing/variables.tf
@ -0,0 +1,20 @@
+variable "region" {
+  default = "us-central1"
+}
+
+variable "region_zone" {
+  default = "us-central1-b"
+}
+
+variable "region_zone_2" {
+  default = "us-central1-c"
+}
+
+variable "project_name" {
+  description = "The ID of the Google Cloud project"
+}
+
+variable "credentials_file_path" {
+  description = "Path to the JSON file used to describe your account credentials"
+  default     = "~/.gcloud/Terraform.json"
+}