github.com/candidpartners/terraform@v0.9.5-0.20171005231213-29f5f88820f6/examples/google-internal-load-balancing/main.tf (about) 1 provider "google" { 2 region = "${var.region}" 3 project = "${var.project_name}" 4 } 5 6 resource "google_compute_network" "my-custom-network" { 7 name = "my-custom-network" 8 } 9 10 resource "google_compute_subnetwork" "my-custom-subnet" { 11 name = "my-custom-subnet" 12 ip_cidr_range = "10.128.0.0/20" 13 network = "${google_compute_network.my-custom-network.self_link}" 14 region = "${var.region}" 15 } 16 17 resource "google_compute_firewall" "allow-all-internal" { 18 name = "allow-all-10-128-0-0-20" 19 network = "${google_compute_network.my-custom-network.name}" 20 21 allow { 22 protocol = "tcp" 23 } 24 25 allow { 26 protocol = "udp" 27 } 28 29 allow { 30 protocol = "icmp" 31 } 32 33 source_ranges = ["10.128.0.0/20"] 34 } 35 36 resource "google_compute_firewall" "allow-ssh-rdp-icmp" { 37 name = "allow-tcp22-tcp3389-icmp" 38 network = "${google_compute_network.my-custom-network.name}" 39 40 allow { 41 protocol = "tcp" 42 ports = ["22", "3389",] 43 } 44 45 allow { 46 protocol = "icmp" 47 } 48 } 49 50 resource "google_compute_instance" "ilb-instance-1" { 51 name = "ilb-instance-1" 52 machine_type = "n1-standard-1" 53 zone = "${var.region_zone}" 54 55 tags = ["int-lb"] 56 57 disk { 58 image = "debian-cloud/debian-8" 59 } 60 61 network_interface { 62 subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}" 63 access_config { 64 // Ephemeral IP 65 } 66 } 67 68 service_account { 69 scopes = ["compute-rw"] 70 } 71 72 metadata_startup_script = "${file("startup.sh")}" 73 } 74 75 resource "google_compute_instance" "ilb-instance-2" { 76 name = "ilb-instance-2" 77 machine_type = "n1-standard-1" 78 zone = "${var.region_zone}" 79 80 tags = ["int-lb"] 81 82 disk { 83 image = "debian-cloud/debian-8" 84 } 85 86 network_interface { 87 subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}" 88 access_config { 89 // Ephemeral IP 90 } 91 } 92 93 service_account { 94 scopes = ["compute-rw"] 95 } 96 97 metadata_startup_script = "${file("startup.sh")}" 98 } 99 100 resource "google_compute_instance" "ilb-instance-3" { 101 name = "ilb-instance-3" 102 machine_type = "n1-standard-1" 103 zone = "${var.region_zone_2}" 104 105 tags = ["int-lb"] 106 107 disk { 108 image = "debian-cloud/debian-8" 109 } 110 111 network_interface { 112 subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}" 113 access_config { 114 // Ephemeral IP 115 } 116 } 117 118 service_account { 119 scopes = ["compute-rw"] 120 } 121 122 metadata_startup_script = "${file("startup.sh")}" 123 } 124 125 resource "google_compute_instance" "ilb-instance-4" { 126 name = "ilb-instance-4" 127 machine_type = "n1-standard-1" 128 zone = "${var.region_zone_2}" 129 130 tags = ["int-lb"] 131 132 disk { 133 image = "debian-cloud/debian-8" 134 } 135 136 network_interface { 137 subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}" 138 access_config { 139 // Ephemeral IP 140 } 141 } 142 143 service_account { 144 scopes = ["compute-rw"] 145 } 146 147 metadata_startup_script = "${file("startup.sh")}" 148 } 149 150 resource "google_compute_instance_group" "us-ig1" { 151 name = "us-ig1" 152 153 instances = [ 154 "${google_compute_instance.ilb-instance-1.self_link}", 155 "${google_compute_instance.ilb-instance-2.self_link}" 156 ] 157 158 zone = "${var.region_zone}" 159 } 160 161 resource "google_compute_instance_group" "us-ig2" { 162 name = "us-ig2" 163 164 instances = [ 165 "${google_compute_instance.ilb-instance-3.self_link}", 166 "${google_compute_instance.ilb-instance-4.self_link}" 167 ] 168 169 zone = "${var.region_zone_2}" 170 } 171 172 resource "google_compute_health_check" "my-tcp-health-check" { 173 name = "my-tcp-health-check" 174 175 tcp_health_check { 176 port = "80" 177 } 178 } 179 180 resource "google_compute_region_backend_service" "my-int-lb" { 181 name = "my-int-lb" 182 health_checks = ["${google_compute_health_check.my-tcp-health-check.self_link}"] 183 region = "${var.region}" 184 185 backend { 186 group = "${google_compute_instance_group.us-ig1.self_link}" 187 } 188 189 backend { 190 group = "${google_compute_instance_group.us-ig2.self_link}" 191 } 192 } 193 194 resource "google_compute_forwarding_rule" "my-int-lb-forwarding-rule" { 195 name = "my-int-lb-forwarding-rule" 196 load_balancing_scheme = "INTERNAL" 197 ports = ["80"] 198 network = "${google_compute_network.my-custom-network.self_link}" 199 subnetwork = "${google_compute_subnetwork.my-custom-subnet.self_link}" 200 backend_service = "${google_compute_region_backend_service.my-int-lb.self_link}" 201 } 202 203 resource "google_compute_firewall" "allow-internal-lb" { 204 name = "allow-internal-lb" 205 network = "${google_compute_network.my-custom-network.name}" 206 207 allow { 208 protocol = "tcp" 209 ports = ["80", "443"] 210 } 211 212 source_ranges = ["10.128.0.0/20"] 213 target_tags = ["int-lb"] 214 } 215 216 resource "google_compute_firewall" "allow-health-check" { 217 name = "allow-health-check" 218 network = "${google_compute_network.my-custom-network.name}" 219 220 allow { 221 protocol = "tcp" 222 } 223 224 source_ranges = ["130.211.0.0/22","35.191.0.0/16"] 225 target_tags = ["int-lb"] 226 } 227 228 resource "google_compute_instance" "standalone-instance-1" { 229 name = "standalone-instance-1" 230 machine_type = "n1-standard-1" 231 zone = "${var.region_zone}" 232 233 tags = ["standalone"] 234 235 disk { 236 image = "debian-cloud/debian-8" 237 } 238 239 network_interface { 240 subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}" 241 access_config { 242 // Ephemeral IP 243 } 244 } 245 } 246 247 resource "google_compute_firewall" "allow-ssh-to-standalone" { 248 name = "allow-ssh-to-standalone" 249 network = "${google_compute_network.my-custom-network.name}" 250 251 allow { 252 protocol = "tcp" 253 ports = ["22"] 254 } 255 256 target_tags = ["standalone"] 257 }