zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/blueprints/networking/psc-glb-and-armor/producer.tf

231 lines
6.6 KiB
HCL
Raw Blame History

/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "producer_project" {
source = "../../../modules/project"
name = var.producer_project_id
project_create = var.project_create
services = [
"iam.googleapis.com",
"run.googleapis.com",
"compute.googleapis.com",
]
}
resource "google_service_account" "app" {
project = module.producer_project.project_id
account_id = "example-app"
display_name = "Example App Service Account"
}
resource "google_cloud_run_service" "app" {
name = "example-app"
location = var.region
project = module.producer_project.project_id
template {
spec {
containers {
image = "kennethreitz/httpbin:latest"
ports {
container_port = 80
}
}
service_account_name = google_service_account.app.email
}
}
autogenerate_revision_name = true
traffic {
percent = 100
latest_revision = true
}
metadata {
annotations = {
"run.googleapis.com/ingress" = "internal-and-cloud-load-balancing"
}
}
}
resource "google_compute_region_network_endpoint_group" "neg" {
name = "example-app-neg"
network_endpoint_type = "SERVERLESS"
region = var.region
project = module.producer_project.project_id
cloud_run {
service = google_cloud_run_service.app.name
}
}
resource "google_compute_forwarding_rule" "psc_ilb_target_service" {
name = "producer-forwarding-rule"
region = var.region
project = module.producer_project.project_id
load_balancing_scheme = "INTERNAL_MANAGED"
port_range = "443"
allow_global_access = true
target = google_compute_region_target_https_proxy.default.id
network = google_compute_network.psc_ilb_network.name
subnetwork = google_compute_subnetwork.ilb_subnetwork.name
}
resource "google_compute_region_target_https_proxy" "default" {
name = "l7-ilb-target-http-proxy"
provider = google-beta
region = var.region
project = module.producer_project.project_id
url_map = google_compute_region_url_map.default.id
ssl_certificates = [google_compute_region_ssl_certificate.default.id]
}
resource "google_compute_region_ssl_certificate" "default" {
region = var.region
project = module.producer_project.project_id
name = "my-certificate"
private_key = tls_private_key.example.private_key_pem
certificate = tls_self_signed_cert.example.cert_pem
}
resource "google_compute_region_url_map" "default" {
name = "l7-ilb-regional-url-map"
provider = google-beta
region = var.region
project = module.producer_project.project_id
default_service = google_compute_region_backend_service.producer_service_backend.id
}
resource "tls_private_key" "example" {
algorithm = "RSA"
rsa_bits = 2048
}
resource "tls_self_signed_cert" "example" {
private_key_pem = tls_private_key.example.private_key_pem
subject {
common_name = "app.example.com"
organization = "Org"
}
validity_period_hours = 12
allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
}
resource "google_compute_region_backend_service" "producer_service_backend" {
name = "producer-service"
region = var.region
project = module.producer_project.project_id
load_balancing_scheme = "INTERNAL_MANAGED"
protocol = "HTTPS"
backend {
group = google_compute_region_network_endpoint_group.neg.id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
}
resource "google_compute_network" "psc_ilb_network" {
name = "psc-ilb-network"
auto_create_subnetworks = false
project = module.producer_project.project_id
}
resource "google_compute_subnetwork" "ilb_subnetwork" {
name = "ilb-subnetwork"
region = var.region
project = module.producer_project.project_id
network = google_compute_network.psc_ilb_network.id
ip_cidr_range = "10.0.0.0/16"
purpose = "INTERNAL_HTTPS_LOAD_BALANCER"
role = "ACTIVE"
}
resource "google_compute_subnetwork" "psc_private_subnetwork" {
name = "psc-private-subnetwork"
region = var.region
project = module.producer_project.project_id
network = google_compute_network.psc_ilb_network.id
ip_cidr_range = "10.3.0.0/16"
purpose = "PRIVATE"
role = "ACTIVE"
}
resource "google_compute_subnetwork" "psc_ilb_nat" {
name = "psc-ilb-nat"
region = var.region
project = module.producer_project.project_id
network = google_compute_network.psc_ilb_network.id
purpose = "PRIVATE_SERVICE_CONNECT"
ip_cidr_range = "10.1.0.0/16"
}
resource "google_compute_subnetwork" "vms" {
name = "vms"
region = var.region
project = module.producer_project.project_id
network = google_compute_network.psc_ilb_network.id
ip_cidr_range = "10.4.0.0/16"
}
resource "google_compute_service_attachment" "psc_ilb_service_attachment" {
name = "my-psc-ilb"
region = var.region
project = module.producer_project.project_id
description = "A service attachment configured with Terraform"
enable_proxy_protocol = false
connection_preference = "ACCEPT_AUTOMATIC"
nat_subnets = [google_compute_subnetwork.psc_ilb_nat.id]
target_service = google_compute_forwarding_rule.psc_ilb_target_service.id
}
resource "google_service_account" "noop" {
project = module.producer_project.project_id
account_id = "noop-sa"
display_name = "Service Account for NOOP VM"
}
resource "google_compute_instance" "noop-vm" {
project = module.producer_project.project_id
name = "noop-ilb-vm"
machine_type = "e2-medium"
zone = var.zone
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
network_interface {
network = google_compute_network.psc_ilb_network.id
subnetwork = google_compute_subnetwork.vms.id
}
service_account {
email = google_service_account.noop.email
scopes = []
}
}
Reference in New Issue View Git Blame Copy Permalink