github.com/weaveworks/common@v0.0.0-20230728070032-dd9e68f319d5/tools/provisioning/gcp/main.tf

github.com/weaveworks/common@v0.0.0-20230728070032-dd9e68f319d5/tools/provisioning/gcp/main.tf (about)

     1  provider "google" {
     2    # Set the below environment variables:
     3    # - GOOGLE_CREDENTIALS
     4    # - GOOGLE_PROJECT
     5    # - GOOGLE_REGION
     6    # or configure directly below.
     7    # See also:
     8    # - https://www.terraform.io/docs/providers/google/
     9    # - https://console.cloud.google.com/apis/credentials/serviceaccountkey?project=<PROJECT ID>&authuser=1
    10    region = "${var.gcp_region}"
    11  
    12    project = "${var.gcp_project}"
    13  }
    14  
    15  resource "google_compute_instance" "tf_test_vm" {
    16    name         = "${var.name}-${count.index}"
    17    machine_type = "${var.gcp_size}"
    18    zone         = "${var.gcp_zone}"
    19    count        = "${var.num_hosts}"
    20  
    21    disk {
    22      image = "${var.gcp_image}"
    23    }
    24  
    25    tags = [
    26      "${var.app}",
    27      "${var.name}",
    28      "terraform",
    29    ]
    30  
    31    network_interface {
    32      network = "${var.gcp_network}"
    33  
    34      access_config {
    35        // Ephemeral IP
    36      }
    37    }
    38  
    39    metadata {
    40      ssh-keys = "${var.gcp_username}:${file("${var.gcp_public_key_path}")}"
    41    }
    42  
    43    # Wait for machine to be SSH-able:
    44    provisioner "remote-exec" {
    45      inline = ["exit"]
    46  
    47      connection {
    48        type        = "ssh"
    49        user        = "${var.gcp_username}"
    50        private_key = "${file("${var.gcp_private_key_path}")}"
    51      }
    52    }
    53  }
    54  
    55  resource "google_compute_firewall" "fw-allow-docker-and-weave" {
    56    name        = "${var.name}-allow-docker-and-weave"
    57    network     = "${var.gcp_network}"
    58    target_tags = ["${var.name}"]
    59  
    60    allow {
    61      protocol = "tcp"
    62      ports    = ["2375", "12375"]
    63    }
    64  
    65    source_ranges = ["${var.client_ip}"]
    66  }
    67  
    68  # Required for FastDP crypto in Weave Net:
    69  resource "google_compute_firewall" "fw-allow-esp" {
    70    name        = "${var.name}-allow-esp"
    71    network     = "${var.gcp_network}"
    72    target_tags = ["${var.name}"]
    73  
    74    allow {
    75      protocol = "esp"
    76    }
    77  
    78    source_ranges = ["${var.gcp_network_global_cidr}"]
    79  }
    80  
    81  # Required for WKS Kubernetes API server access
    82  resource "google_compute_firewall" "fw-allow-kube-apiserver" {
    83    name        = "${var.name}-allow-kube-apiserver"
    84    network     = "${var.gcp_network}"
    85    target_tags = ["${var.name}"]
    86  
    87    allow {
    88      protocol = "tcp"
    89      ports    = ["6443"]
    90    }
    91  
    92    source_ranges = ["${var.client_ip}"]
    93  }