Callonski

resource "google_compute_instance" "my-elastic-kibana" {
  name = "my-elastic-kibana"
  machine_type = var.machine_type_medium
  zone = var.region_zone_d
  tags = var.kibana_tags
  allow_stopping_for_update = true
  boot_disk {
    initialize_params {
      image = var.gce_image
      size = 100

Callonski

project_name = "my-project"
region = "europe-west1"
region_zone_c = "europe-west1-c"
region_zone_d = "europe-west1-d"
machine_type = "n1-standard-2" // Min req for ES
machine_type_medium = "e2-medium" // for Kibana
network_tags = ["my-special-tag"]
kibana_tags = ["kibana-tag","http-server","https-server"]
ports_to_open = ["80","9200","443","9300","3000"]. // for loadbalancer
machine_access_scopes = ["cloud-platform","userinfo-email", "compute-ro", "storage-rw", "monitoring-write", "logging-write", "https://www.googleapis.com/auth/trace.append"]

Callonski

resource "google_project_iam_custom_role" "elastic-backup" {
  role_id = "Custom-elastic-role"
  title = "Elastic role"
  description = "Role for serviceaccounts used by elastic-vms"
  permissions = ["iam.serviceAccountKeys.get","storage.objects.get","storage.buckets.get","storage.buckets.create","storage.objects.create","storage.objects.list","storage.objects.delete"]
}

resource "google_project_iam_member" "elastic-backup" {
  role = "projects/${var.project_name}/roles/Custom-elastic-role"
  member = "serviceAccount:elastic-backup@${var.project_name}.iam.gserviceaccount.com"

Callonski

resource "google_compute_network" "my-elastic-network" {
  name = "${var.project_name}-elastic-vpc"
  auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "my-elastic-subnet" {
  name = "my-elastic-subnet"
  ip_cidr_range = "select a range in your region"
  network = google_compute_network.my-elastic-network.self_link
  region = var.region

Callonski

resource "google_compute_router_nat" "elastic-nat" {
  name = "elastic-router-nat"
  router = google_compute_router.elastic-router.name
  region = var.region
  nat_ip_allocate_option = "AUTO_ONLY"
  source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
  subnetwork {
   name = google_compute_subnetwork.my-elastic-subnet.namesource_ip_ranges_to_nat = ["ALL_IP_RANGES"]
  }
  log_config {

Callonski

resource "google_vpc_access_connector" "elastic-connector" {
  name = "vpc-elastic-connector"
  provider = "google-beta"
  region = var.region
  ip_cidr_range = "10.8.0.0/28"
  network = "${var.project_name}-elastic-vpc"
  min_throughput = "200"
  max_throughput = "800"
}

Callonski

resource "google_compute_instance_group" "eu-elastic-ig-zone-d" {
  name = "eu-elastic-ig-zone-d"
  network = google_compute_network.my-elastic-network.self_link
  instances = [
  google_compute_instance.my-elastic-instance-1.self_link,
  google_compute_instance.my-elastic-instance-2.self_link,]
  zone = var.region_zone_d
}

resource "google_compute_instance_group" "eu-elastic-ig-zone-c" {

Callonski

resource "google_compute_region_backend_service" "elastic-internal-lb-i" {
  name = "elastic-internal-lb-i"
  load_balancing_scheme = "INTERNAL"
  health_checks = [google_compute_health_check.my-tcp-health-check.self_link]
  region = var.region
  backend {
   group = google_compute_instance_group.eu-elastic-ig-zone-d.self_link
  }
  backend {
   group = google_compute_instance_group.eu-elastic-ig-zone-c.self_link

Callonski

resource "google_compute_firewall" "allow-all-internal" {
  name = "allow-all-internal"
  network = google_compute_network.my-elastic-network.name
  allow {
    protocol = "tcp"
  }
  allow {
    protocol = "udp"
  }
  allow {

Callonski

#! /bin/bash
FILE=/usr/share/elasticsearch/credentials.json
if [ -f "$FILE" ]; then
    echo "$FILE exist"
    exit 0
fi