Skip to content

Instantly share code, notes, and snippets.

@phoenix24

phoenix24/terraform script

Last active April 19, 2019 17:10
Show Gist options
  • Save phoenix24/b5acd49887e9d02ad03db88ef9a8a43e to your computer and use it in GitHub Desktop.
Save phoenix24/b5acd49887e9d02ad03db88ef9a8a43e to your computer and use it in GitHub Desktop.
Download ZIP
terraform script
Raw
terraform script
provider "google-beta" {
region = "${var.region}"
version = "2.5.0"
}
//create dns.
//create vpn.
//create ssh gateway.
//create mysql / cloudsql.
//create internet gateway. (establish outgoing I/O).
data "google_client_config" "current" {}
//data "google_compute_zones" "available" {}
//data "google_container_engine_versions" "default" {
// location = "${var.location}"
// version_prefix = "1.13."
//}
resource "random_id" "bucket-assets" {
prefix = "${data.google_client_config.current.project}-assets"
byte_length = 2
}
resource "google_storage_bucket" "assets" {
name = "${random_id.bucket-assets.hex}"
location = "US"
force_destroy = true
}
resource "google_storage_bucket_acl" "assets-acl" {
bucket = "${google_storage_bucket.assets.name}"
predefined_acl = "publicRead"
}
resource "google_compute_backend_bucket" "assets" {
name = "${random_id.bucket-assets.hex}"
bucket_name = "${google_storage_bucket.assets.name}"
enable_cdn = true
}
resource "google_compute_network" "default" {
name = "${var.network_name}"
auto_create_subnetworks = "false"
}
resource "google_compute_subnetwork" "default" {
name = "${var.network_name}"
ip_cidr_range = "10.125.0.0/20"
network = "${google_compute_network.default.self_link}"
region = "${var.region}"
private_ip_google_access = true
}
resource "google_container_cluster" "default" {
name = "${var.cluster_name}"
location = "${var.location}"
initial_node_count = 3
min_master_version = "${var.kubernetes_version}"
network = "${google_compute_subnetwork.default.name}"
subnetwork = "${google_compute_subnetwork.default.name}"
// Use ABAC until official Kubernetes plugin supports RBAC.
enable_legacy_abac = true
node_config = {
tags = ["${var.node_tag}"]
oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
}
}
module "nat" {
source = "GoogleCloudPlatform/nat-gateway/google"
version = "1.2.2"
region = "${var.region}"
network = "default"
subnetwork = "default"
providers {
google = "google-beta"
}
}
module "mig" {
source = "GoogleCloudPlatform/managed-instance-group/google"
version = "1.1.14"
region = "${var.region}"
zone = "${var.location}"
name = "group1"
size = 2
service_port = 80
service_port_name = "http"
http_health_check = false
// target_pools = ["${module.gce-lb-https.target_pool}"]
// target_tags = ["allow-service1"]
ssh_source_ranges = ["0.0.0.0/0"]
providers {
google = "google-beta"
}
}
module "named-port" {
source = "github.com/danisla/terraform-google-named-ports"
instance_group = "${element(google_container_cluster.default.instance_group_urls, 0)}"
name = "${var.port_name}"
port = "${var.port_number}"
}
module "gce-lb-https" {
source = "GoogleCloudPlatform/lb-http/google"
version = "1.0.10"
name = "lb-https"
ssl = true
private_key = "${tls_private_key.default.private_key_pem}"
certificate = "${tls_self_signed_cert.default.cert_pem}"
firewall_networks = ["${var.network_name}"]
//tags = ["${var.env}"]
// Make sure when you create the cluster that you provide the `--tags` argument to add the appropriate `target_tags` referenced in the http module.
target_tags = ["${var.target_tags}"]
// Use custom url map.
url_map = "${google_compute_url_map.url-map.self_link}"
create_url_map = false
// Get selfLink URLs for the actual instance groups (not the manager) of the existing GKE cluster:
// gcloud compute instance-groups list --uri
backends = {
"0" = [
{
# Each node pool instance group should be added to the backend.
group = "${var.backend}"
},
]
}
// You also must add the named port on the existing GKE clusters instance group that correspond to the `service_port` and `service_port_name` referenced in the module definition.
// gcloud compute instance-groups set-named-ports INSTANCE_GROUP_NAME --named-ports=NAME:PORT
// replace `INSTANCE_GROUP_NAME` with the name of your GKE cluster's instance group and `NAME` and `PORT` with the values of `service_port_name` and `service_port` respectively.
backend_params = [
// health check path, port name, port number, timeout seconds.
"/,${var.service_port_name},${var.service_port},10",
]
}
resource "google_compute_url_map" "url-map" {
// note that this is the name of the load balancer
name = "url-map"
default_service = "${module.gce-lb-https.backend_services[0]}"
host_rule = {
hosts = ["*"]
path_matcher = "allpaths"
}
path_matcher = {
name = "allpaths"
default_service = "${module.gce-lb-https.backend_services[0]}"
path_rule {
paths = ["/assets", "/assets/*"]
service = "${google_compute_backend_bucket.assets.self_link}"
}
}
}
@psalaberria002
Copy link

psalaberria002 commented Apr 19, 2019
edited
Loading

These modules work fine with the 1.18 Google provider. At that version the google-beta provider did not exist. Here you have a working example.

provider "google" {
  region = "europe-west1"
  version = "1.18"
  project = "yourproject"
}


module "nat" {
  source     = "GoogleCloudPlatform/nat-gateway/google"
  version    = "1.2.2"
  region     = "europe-west1"
  network    = "default"
  subnetwork = "default"

}

module "mig" {
  source            = "GoogleCloudPlatform/managed-instance-group/google"
  version           = "1.1.15"
  region            = "europe-west1"
  zone              = "europe-west1-b"
  name              = "group1"
  size              = 2
  service_port      = 80
  service_port_name = "http"
  http_health_check = false
//  target_pools      = ["${module.gce-lb-https.target_pool}"]
//  target_tags       = ["allow-service1"]
  ssh_source_ranges = ["0.0.0.0/0"]


}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment