106 lines
3.9 KiB
HCL
106 lines
3.9 KiB
HCL
/**
|
|
* Copyright 2022 Google LLC
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
###############################################################################
|
|
# Consumer project and VPC #
|
|
###############################################################################
|
|
|
|
module "vpc-consumer" {
|
|
source = "../../../modules/net-vpc"
|
|
project_id = module.project.project_id
|
|
name = "${var.prefix}-app"
|
|
subnets = [
|
|
{
|
|
name = "${var.prefix}-app"
|
|
ip_cidr_range = var.cidrs.app
|
|
region = var.region
|
|
}
|
|
]
|
|
}
|
|
|
|
###############################################################################
|
|
# Test VM #
|
|
###############################################################################
|
|
|
|
module "test-vm-consumer" {
|
|
source = "../../../modules/compute-vm"
|
|
project_id = module.project.project_id
|
|
zone = "${var.region}-b"
|
|
name = "${var.prefix}-test-vm"
|
|
instance_type = "e2-micro"
|
|
tags = ["ssh"]
|
|
network_interfaces = [{
|
|
network = module.vpc-consumer.self_link
|
|
subnetwork = module.vpc-consumer.subnet_self_links["${var.region}/${var.prefix}-app"]
|
|
nat = false
|
|
addresses = null
|
|
}]
|
|
boot_disk = {
|
|
image = "debian-cloud/debian-10"
|
|
type = "pd-standard"
|
|
size = 10
|
|
}
|
|
service_account_create = true
|
|
metadata = {
|
|
startup-script = templatefile("${path.module}/startup.sh", { proxy_url = "http://proxy.internal:3128" })
|
|
}
|
|
}
|
|
|
|
###############################################################################
|
|
# PSC Consuner #
|
|
###############################################################################
|
|
|
|
resource "google_compute_address" "psc_endpoint_address" {
|
|
name = "${var.prefix}-psc-proxy-address"
|
|
project = module.project.project_id
|
|
address_type = "INTERNAL"
|
|
subnetwork = module.vpc-consumer.subnet_self_links["${var.region}/${var.prefix}-app"]
|
|
region = var.region
|
|
}
|
|
|
|
resource "google_compute_forwarding_rule" "psc_ilb_consumer" {
|
|
name = "${var.prefix}-psc-proxy-fw-rule"
|
|
project = module.project.project_id
|
|
region = var.region
|
|
target = google_compute_service_attachment.service_attachment.id
|
|
load_balancing_scheme = ""
|
|
network = module.vpc-consumer.self_link
|
|
ip_address = google_compute_address.psc_endpoint_address.id
|
|
}
|
|
|
|
###############################################################################
|
|
# DNS and Firewall #
|
|
###############################################################################
|
|
|
|
module "private-dns" {
|
|
source = "../../../modules/dns"
|
|
project_id = module.project.project_id
|
|
type = "private"
|
|
name = "${var.prefix}-internal"
|
|
domain = "internal."
|
|
client_networks = [module.vpc-consumer.self_link]
|
|
recordsets = {
|
|
"A squid" = { ttl = 60, records = [google_compute_address.psc_endpoint_address.address] }
|
|
"CNAME proxy" = { ttl = 3600, records = ["squid.internal."] }
|
|
}
|
|
}
|
|
|
|
module "firewall-consumer" {
|
|
source = "../../../modules/net-vpc-firewall"
|
|
project_id = module.project.project_id
|
|
network = module.vpc-consumer.name
|
|
}
|