zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/blueprints/networking/psc-glb-and-armor/modules/producer/main.tf

158 lines
4.0 KiB
HCL
Raw Blame History

/**
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "producer-project" {
source = "../../../../../modules/project"
name = var.producer_project_id
project_create = var.project_create_config != null
billing_account = try(var.project_create_config.billing_account, null)
parent = try(var.project_create_config.parent, null)
prefix = var.prefix
services = [
"iam.googleapis.com",
"run.googleapis.com",
"compute.googleapis.com",
]
}
module "app" {
source = "../../../../../modules/cloud-run-v2"
name = "example-app"
project_id = module.producer-project.project_id
region = var.region
containers = {
hello = {
image = "kennethreitz/httpbin:latest"
ports = {
http = { container_port = 80 }
}
}
}
ingress = "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"
service_account_create = true
}
module "producer-ilb" {
source = "../../../../../modules/net-lb-app-int"
name = "example-app"
project_id = module.producer-project.project_id
region = var.region
backend_service_configs = {
default = {
backends = [{
group = "my-neg"
}]
health_checks = []
}
}
global_access = true
health_check_configs = {}
neg_configs = {
my-neg = {
cloudrun = {
region = var.region
target_service = {
name = module.app.service_name
}
}
}
}
protocol = "HTTPS"
ssl_certificates = {
create_configs = {
default = {
# certificate and key could also be read via file() from external files
certificate = tls_self_signed_cert.example.cert_pem
private_key = tls_private_key.example.private_key_pem
}
}
}
vpc_config = {
network = module.producer-vpc.self_link
subnetwork = module.producer-vpc.subnets["${var.region}/ilb-subnetwork"].self_link
}
}
resource "tls_private_key" "example" {
algorithm = "RSA"
rsa_bits = 2048
}
resource "tls_self_signed_cert" "example" {
private_key_pem = tls_private_key.example.private_key_pem
subject {
common_name = "app.example.com"
organization = "Org"
}
validity_period_hours = 12
allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
}
module "producer-vpc" {
source = "../../../../../modules/net-vpc"
project_id = module.producer-project.project_id
name = "psc-ilb-network"
subnets = [
{
ip_cidr_range = "10.0.0.0/24"
name = "ilb-subnetwork"
region = var.region
},
]
subnets_proxy_only = [
{
ip_cidr_range = "10.0.1.0/24"
name = "l7-ilb-proxy-subnet"
region = var.region
active = true
},
]
subnets_psc = [
{
ip_cidr_range = "10.3.0.0/16"
name = "psc-private-subnetwork"
region = var.region
}
]
}
resource "google_compute_service_attachment" "exposed-psc-service" {
name = "producer-app"
region = var.region
project = module.producer-project.project_id
description = "A service attachment configured with Terraform"
enable_proxy_protocol = false
connection_preference = "ACCEPT_MANUAL"
nat_subnets = [module.producer-vpc.subnets_psc["${var.region}/psc-private-subnetwork"].id]
target_service = module.producer-ilb.id
consumer_accept_lists {
connection_limit = 10
project_id_or_num = var.consumer_project_id
}
}
Reference in New Issue View Git Blame Copy Permalink