Merge branch 'master' into master
This commit is contained in:
commit
48fcfa8233
|
@ -0,0 +1,61 @@
|
|||
# Containerized Nginx with self-signed TLS on Container Optimized OS
|
||||
|
||||
This module manages a `cloud-config` configuration that starts a containerized Nginx with a self-signed TLS cert on Container Optimized OS.
|
||||
This can be useful if you need quickly a VM or instance group answering HTTPS for prototyping.
|
||||
|
||||
The generated cloud config is rendered in the `cloud_config` output, and is meant to be used in instances or instance templates via the `user-data` metadata.
|
||||
|
||||
This module depends on the [`cos-generic-metadata` module](../cos-generic-metadata) being in the parent folder. If you change its location be sure to adjust the `source` attribute in `main.tf`.
|
||||
|
||||
## Examples
|
||||
|
||||
### Default configuration
|
||||
|
||||
```hcl
|
||||
# Nginx with self-signed TLS config
|
||||
module "cos-nginx-tls" {
|
||||
source = "./modules/cloud-config-container/nginx-tls"
|
||||
}
|
||||
|
||||
# COS VM
|
||||
module "vm-nginx-tls" {
|
||||
source = "./modules/compute-vm"
|
||||
project_id = local.project_id
|
||||
zone = local.zone
|
||||
name = "cos-nginx-tls"
|
||||
network_interfaces = [{
|
||||
network = local.vpc.self_link,
|
||||
subnetwork = local.vpc.subnet_self_link,
|
||||
nat = false,
|
||||
addresses = null
|
||||
}]
|
||||
|
||||
metadata = {
|
||||
user-data = module.cos-nginx-tls.cloud_config
|
||||
}
|
||||
|
||||
boot_disk = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
type = "pd-ssd"
|
||||
size = 10
|
||||
}
|
||||
|
||||
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
|
||||
}
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [docker_logging](variables.tf#L23) | Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead. | <code>bool</code> | | <code>true</code> |
|
||||
| [nginx_image](variables.tf#L17) | Nginx container image to use. | <code>string</code> | | <code>"nginx:1.23.1"</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | |
|
||||
|
||||
<!-- END TFDOC -->
|
|
@ -0,0 +1,18 @@
|
|||
#!/bin/bash
|
||||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
HOSTNAME=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/hostname)
|
||||
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj /CN=$HOSTNAME/ -keyout /etc/ssl/self-signed.key -out /etc/ssl/self-signed.crt
|
||||
sed -i "s/HOSTNAME/${HOSTNAME}/" /etc/nginx/conf.d/default.conf
|
|
@ -0,0 +1,20 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen 443 ssl;
|
||||
server_name HOSTNAME;
|
||||
ssl_certificate /etc/ssl/self-signed.crt;
|
||||
ssl_certificate_key /etc/ssl/self-signed.key;
|
||||
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,58 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "cos-envoy-td" {
|
||||
source = "../cos-generic-metadata"
|
||||
|
||||
boot_commands = [
|
||||
"systemctl start node-problem-detector",
|
||||
]
|
||||
|
||||
container_image = var.nginx_image
|
||||
container_name = "nginx"
|
||||
container_args = ""
|
||||
|
||||
container_volumes = [
|
||||
{ host = "/etc/nginx/conf.d", container = "/etc/nginx/conf.d" },
|
||||
{ host = "/etc/ssl", container = "/etc/ssl" },
|
||||
]
|
||||
|
||||
docker_args = "--network host --pid host"
|
||||
|
||||
files = {
|
||||
"/var/run/nginx/customize.sh" = {
|
||||
content = file("${path.module}/files/customize.sh")
|
||||
owner = "root"
|
||||
permissions = "0744"
|
||||
}
|
||||
"/etc/nginx/conf.d/default.conf" = {
|
||||
content = file("${path.module}/files/default.conf")
|
||||
owner = "root"
|
||||
permissions = "0644"
|
||||
}
|
||||
}
|
||||
|
||||
gcp_logging = var.docker_logging
|
||||
|
||||
run_commands = [
|
||||
"iptables -I INPUT 1 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT",
|
||||
"iptables -I INPUT 1 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT",
|
||||
"/var/run/nginx/customize.sh",
|
||||
"systemctl daemon-reload",
|
||||
"systemctl start nginx",
|
||||
]
|
||||
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "cloud_config" {
|
||||
description = "Rendered cloud-config file to be passed as user-data instance metadata."
|
||||
value = module.cos-envoy-td.cloud_config
|
||||
}
|
|
@ -0,0 +1,27 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "nginx_image" {
|
||||
description = "Nginx container image to use."
|
||||
type = string
|
||||
default = "nginx:1.23.1"
|
||||
}
|
||||
|
||||
variable "docker_logging" {
|
||||
description = "Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
terraform {
|
||||
required_version = ">= 1.1.0"
|
||||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.32.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.32.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue