f62b9362a2
* rename infrastructure folder to networking * example WIP: VPCs * move ip forwarding to its own variable in compute-vm module * add per-instance metadata support to compute-vm module * ipip tunnels on linux savepoint * simple multinic gateways example * remove stale files * resolve conflicts * update diagram * rename folder * use a template for gw cloud config, rename some resources and files * Update README.md * Update README.md * add basic plan tests for all networking e2e examples * fix test for foundations/environments e2e example * fix shared vpc e2 example count error in gke node service account permissions * use module path for assets in onprem e2e example * use project id from module in ilb e2e example * add mising boilerplates in tests * run examples tests in ci * update module's README * rename ilb example * Update README.md * fix rp_filter configuration * README * Update README.md * Update README.md * Update README.md * update CHANGELOG * update CHANGELOG * Update README.md |
||
---|---|---|
.. | ||
README.md | ||
main.tf | ||
outputs.tf | ||
variables.tf |
README.md
Google Compute Engine VM module
This module can operate in two distinct modes:
- instance creation, with optional unmanaged group
- instance template creation
In both modes, an optional service account can be created and assigned to either instances or template. If you need a managed instance group when using the module in template mode, refer to the compute-mig
module.
Examples
Instance leveraging defaults
The simplest example leverages defaults for the boot disk image and size, and uses a service account created by the module. Multiple instances can be managed via the instance_count
variable.
module "simple-vm-example" {
source = "../modules/compute-vm"
project_id = "my-project"
region = "europe-west1"
name = "test"
network_interfaces = [{
network = local.network_self_link,
subnetwork = local.subnet_self_link,
nat = false,
addresses = null
}]
service_account_create = true
instance_count = 1
}
Disk encryption with Cloud KMS
This example shows how to control disk encryption via the the encryption
variable, in this case the self link to a KMS CryptoKey that will be used to encrypt boot and attached disk. Managing the key with the ../kms
module is of course possible, but is not shown here.
module "kms-vm-example" {
source = "../modules/compute-vm"
project_id = local.project_id
region = local.region
name = "kms-test"
network_interfaces = [{
network = local.network_self_link,
subnetwork = local.subnet_self_link,
nat = false,
addresses = null
}]
attached_disks = [
{
name = "attached-disk"
size = 10
image = null
options = {
auto_delete = true
mode = null
source = null
type = null
}
}
]
service_account_create = true
instance_count = 1
boot_disk = {
image = "projects/debian-cloud/global/images/family/debian-10"
type = "pd-ssd"
size = 10
}
encryption = {
encrypt_boot = true
disk_encryption_key_raw = null
kms_key_self_link = local.kms_key.self_link
}
}
Instance template
This example shows how to use the module to manage an instance template that defines an additional attached disk for each instance, and overrides defaults for the boot disk image and service account.
module "cos-test" {
source = "../modules/compute-vm"
project_id = "my-project"
region = "europe-west1"
name = "test"
network_interfaces = [{
network = local.network_self_link,
subnetwork = local.subnet_self_link,
nat = false,
addresses = null
}]
instance_count = 1
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
type = "pd-ssd"
size = 10
}
attached_disks = [
{ name = "disk-1", size = 10, image = null, options = null }
]
service_account = "vm-default@my-project.iam.gserviceaccount.com"
use_instance_template = true
}
Instance group
If an instance group is needed when operating in instance mode, simply set the group
variable to a non null map. The map can contain named port declarations, or be empty if named ports are not needed.
module "instance-group" {
source = "../../cloud-foundation-fabric/modules/compute-vm"
project_id = "my-project"
region = "europe-west1"
name = "ilb-test"
network_interfaces = [{
network = local.network_self_link,
subnetwork = local.subnetwork_self_link,
nat = false,
addresses = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
type = "pd-ssd"
size = 10
}
service_account = local.service_account_email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
metadata = {
user-data = local.cloud_config
}
group = { named_ports = {} }
}
Variables
name | description | type | required | default |
---|---|---|---|---|
name | Instances base name. | string |
✓ | |
network_interfaces | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | list(object({...})) |
✓ | |
project_id | Project id. | string |
✓ | |
region | Compute region. | string |
✓ | |
attached_disk_defaults | Defaults for attached disks options. | object({...}) |
... |
|
attached_disks | Additional disks, if options is null defaults will be used in its place. | list(object({...})) |
[] |
|
boot_disk | Boot disk properties. | object({...}) |
... |
|
can_ip_forward | Enable IP forwarding. | bool |
false |
|
encryption | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | object({...}) |
null |
|
group | Define this variable to create an instance group for instances. Disabled for template use. | object({...}) |
null |
|
hostname | Instance FQDN name. | string |
null |
|
iam_members | Map of member lists used to set authoritative bindings, keyed by role. Ignored for template use. | map(list(string)) |
{} |
|
iam_roles | List of roles used to set authoritative bindings. Ignored for template use. | list(string) |
[] |
|
instance_count | Number of instances to create (only for non-template usage). | number |
1 |
|
instance_type | Instance type. | string |
f1-micro |
|
labels | Instance labels. | map(string) |
{} |
|
metadata | Instance metadata. | map(string) |
{} |
|
metadata_list | List of instance metadata that will be cycled through. Ignored for template use. | list(map(string)) |
[] |
|
min_cpu_platform | Minimum CPU platform. | string |
null |
|
options | Instance options. | object({...}) |
... |
|
scratch_disks | Scratch disks configuration. | object({...}) |
... |
|
service_account | Service account email. Unused if service account is auto-created. | string |
null |
|
service_account_create | Auto-create service account. | bool |
false |
|
service_account_scopes | Scopes applied to service account. | list(string) |
[] |
|
shielded_config | Shielded VM configuration of the instances. | object({...}) |
null |
|
tags | Instance tags. | list(string) |
[] |
|
use_instance_template | Create instance template instead of instances. | bool |
false |
|
zones | Compute zone, instance will cycle through the list, defaults to the 'b' zone in the region. | list(string) |
[] |
Outputs
name | description | sensitive |
---|---|---|
external_ips | Instance main interface external IP addresses. | |
group | Instance group resource. | |
instances | Instance resources. | |
internal_ips | Instance main interface internal IP addresses. | |
names | Instance names. | |
self_links | Instance self links. | |
service_account | Service account resource. | |
service_account_email | Service account email. | |
service_account_iam_email | Service account email. | |
template | Template resource. | |
template_name | Template name. |
TODO
- add support for instance groups