public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-07-03 16:52:40 +00:00
Code Issues Projects Releases Wiki Activity
91bca3a4fa
terraform-provider-google/examples/shared-vpc/main.tf
Riley Karson a4a453dc1b
Deprecate assigned_nat_ip in compute_instance family (#2155) 
Part of #2143
2018-10-02 16:07:28 -07:00

252 lines
7.4 KiB
HCL
Raw Blame History

# https://cloud.google.com/vpc/docs/shared-vpc
provider "google" {
region = "${var.region}"
credentials = "${file("${var.credentials_file_path}")}"
}
provider "random" {}
resource "random_id" "host_project_name" {
byte_length = 8
}
resource "random_id" "service_project_1_name" {
byte_length = 8
}
resource "random_id" "service_project_2_name" {
byte_length = 8
}
resource "random_id" "standalone_project_name" {
byte_length = 8
}
# The project which owns the VPC.
resource "google_project" "host_project" {
name = "Host Project"
project_id = "tf-vpc-${random_id.host_project_name.hex}"
org_id = "${var.org_id}"
billing_account = "${var.billing_account_id}"
}
# One project which will use the VPC.
resource "google_project" "service_project_1" {
name = "Service Project 1"
project_id = "tf-vpc-${random_id.service_project_1_name.hex}"
org_id = "${var.org_id}"
billing_account = "${var.billing_account_id}"
}
# The other project which will use the VPC.
resource "google_project" "service_project_2" {
name = "Service Project 2"
project_id = "tf-vpc-${random_id.service_project_2_name.hex}"
org_id = "${var.org_id}"
billing_account = "${var.billing_account_id}"
}
# A project which will not use the VPC, for the sake of demonstration.
resource "google_project" "standalone_project" {
name = "Standalone Project"
project_id = "tf-vpc-${random_id.standalone_project_name.hex}"
org_id = "${var.org_id}"
billing_account = "${var.billing_account_id}"
}
# Compute service needs to be enabled for all four new projects.
resource "google_project_service" "host_project" {
project = "${google_project.host_project.project_id}"
service = "compute.googleapis.com"
}
resource "google_project_service" "service_project_1" {
project = "${google_project.service_project_1.project_id}"
service = "compute.googleapis.com"
}
resource "google_project_service" "service_project_2" {
project = "${google_project.service_project_2.project_id}"
service = "compute.googleapis.com"
}
resource "google_project_service" "standalone_project" {
project = "${google_project.standalone_project.project_id}"
service = "compute.googleapis.com"
}
# Enable shared VPC hosting in the host project.
resource "google_compute_shared_vpc_host_project" "host_project" {
project = "${google_project.host_project.project_id}"
depends_on = ["google_project_service.host_project"]
}
# Enable shared VPC in the two service projects - explicitly depend on the host
# project enabling it, because enabling shared VPC will fail if the host project
# is not yet hosting.
resource "google_compute_shared_vpc_service_project" "service_project_1" {
host_project = "${google_project.host_project.project_id}"
service_project = "${google_project.service_project_1.project_id}"
depends_on = ["google_compute_shared_vpc_host_project.host_project",
"google_project_service.service_project_1",
]
}
resource "google_compute_shared_vpc_service_project" "service_project_2" {
host_project = "${google_project.host_project.project_id}"
service_project = "${google_project.service_project_2.project_id}"
depends_on = ["google_compute_shared_vpc_host_project.host_project",
"google_project_service.service_project_2",
]
}
# Create the hosted network.
resource "google_compute_network" "shared_network" {
name = "shared-network"
auto_create_subnetworks = "true"
project = "${google_compute_shared_vpc_host_project.host_project.project}"
depends_on = ["google_compute_shared_vpc_service_project.service_project_1",
"google_compute_shared_vpc_service_project.service_project_2",
]
}
# Allow the hosted network to be hit over ICMP, SSH, and HTTP.
resource "google_compute_firewall" "shared_network" {
name = "allow-ssh-and-icmp"
network = "${google_compute_network.shared_network.self_link}"
project = "${google_compute_network.shared_network.project}"
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["22", "80"]
}
}
# Create a standalone network with the same firewall rules.
resource "google_compute_network" "standalone_network" {
name = "standalone-network"
auto_create_subnetworks = "true"
project = "${google_project.standalone_project.project_id}"
depends_on = ["google_project_service.standalone_project"]
}
resource "google_compute_firewall" "standalone_network" {
name = "allow-ssh-and-icmp"
network = "${google_compute_network.standalone_network.self_link}"
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["22", "80"]
}
project = "${google_project.standalone_project.project_id}"
}
# Create a VM which hosts a web page stating its identity ("VM1")
resource "google_compute_instance" "project_1_vm" {
name = "tf-project-1-vm"
project = "${google_project.service_project_1.project_id}"
machine_type = "f1-micro"
zone = "${var.region_zone}"
boot_disk {
initialize_params {
image = "projects/debian-cloud/global/images/family/debian-8"
}
}
metadata_startup_script = "VM_NAME=VM1\n${file("scripts/install-vm.sh")}"
network_interface {
network = "${google_compute_network.shared_network.self_link}"
access_config {
// Ephemeral IP
}
}
service_account {
scopes = ["https://www.googleapis.com/auth/compute.readonly"]
}
depends_on = ["google_project_service.service_project_1"]
}
# Create a VM which hosts a web page demonstrating the example networking.
resource "google_compute_instance" "project_2_vm" {
name = "tf-project-2-vm"
machine_type = "f1-micro"
project = "${google_project.service_project_2.project_id}"
zone = "${var.region_zone}"
boot_disk {
initialize_params {
image = "projects/debian-cloud/global/images/family/debian-8"
}
}
metadata_startup_script = <<EOF
VM1_EXT_IP=${google_compute_instance.project_1_vm.network_interface.0.access_config.0.nat_ip}
ST_VM_EXT_IP=${google_compute_instance.standalone_project_vm.network_interface.0.access_config.0.nat_ip}
VM1_INT_IP=${google_compute_instance.project_1_vm.network_interface.0.address}
ST_VM_INT_IP=${google_compute_instance.standalone_project_vm.network_interface.0.address}
${file("scripts/install-network-page.sh")}
EOF
network_interface {
network = "${google_compute_network.shared_network.self_link}"
access_config {
// Ephemeral IP
}
}
service_account {
scopes = ["https://www.googleapis.com/auth/compute.readonly"]
}
depends_on = ["google_project_service.service_project_2"]
}
# Create a VM which hosts a web page stating its identity ("standalone").
resource "google_compute_instance" "standalone_project_vm" {
name = "tf-standalone-vm"
machine_type = "f1-micro"
project = "${google_project.standalone_project.project_id}"
zone = "${var.region_zone}"
boot_disk {
initialize_params {
image = "projects/debian-cloud/global/images/family/debian-8"
}
}
metadata_startup_script = "VM_NAME=standalone\n${file("scripts/install-vm.sh")}"
network_interface {
network = "${google_compute_network.standalone_network.self_link}"
access_config {
// Ephemeral IP
}
}
service_account {
scopes = ["https://www.googleapis.com/auth/compute.readonly"]
}
depends_on = ["google_project_service.standalone_project"]
}
Reference in New Issue View Git Blame Copy Permalink