| provider "google" { |
| region = var.region |
| project = var.project_name |
| } |
| |
| resource "google_compute_network" "my-custom-network" { |
| name = "my-custom-network" |
| } |
| |
| resource "google_compute_subnetwork" "my-custom-subnet" { |
| name = "my-custom-subnet" |
| ip_cidr_range = "10.128.0.0/20" |
| network = google_compute_network.my-custom-network.self_link |
| region = var.region |
| } |
| |
| resource "google_compute_firewall" "allow-all-internal" { |
| name = "allow-all-10-128-0-0-20" |
| network = google_compute_network.my-custom-network.name |
| |
| allow { |
| protocol = "tcp" |
| } |
| |
| allow { |
| protocol = "udp" |
| } |
| |
| allow { |
| protocol = "icmp" |
| } |
| |
| source_ranges = ["10.128.0.0/20"] |
| } |
| |
| resource "google_compute_firewall" "allow-ssh-rdp-icmp" { |
| name = "allow-tcp22-tcp3389-icmp" |
| network = google_compute_network.my-custom-network.name |
| |
| allow { |
| protocol = "tcp" |
| ports = ["22", "3389"] |
| } |
| |
| allow { |
| protocol = "icmp" |
| } |
| } |
| |
| resource "google_compute_instance" "ilb-instance-1" { |
| name = "ilb-instance-1" |
| machine_type = "n1-standard-1" |
| zone = var.region_zone |
| |
| tags = ["int-lb"] |
| |
| boot_disk { |
| initialize_params { |
| image = "debian-cloud/debian-8" |
| } |
| } |
| |
| network_interface { |
| subnetwork = google_compute_subnetwork.my-custom-subnet.name |
| |
| access_config { |
| // Ephemeral IP |
| } |
| } |
| |
| service_account { |
| scopes = ["compute-rw"] |
| } |
| |
| metadata_startup_script = file("startup.sh") |
| } |
| |
| resource "google_compute_instance" "ilb-instance-2" { |
| name = "ilb-instance-2" |
| machine_type = "n1-standard-1" |
| zone = var.region_zone |
| |
| tags = ["int-lb"] |
| |
| boot_disk { |
| initialize_params { |
| image = "debian-cloud/debian-8" |
| } |
| } |
| |
| network_interface { |
| subnetwork = google_compute_subnetwork.my-custom-subnet.name |
| |
| access_config { |
| // Ephemeral IP |
| } |
| } |
| |
| service_account { |
| scopes = ["compute-rw"] |
| } |
| |
| metadata_startup_script = file("startup.sh") |
| } |
| |
| resource "google_compute_instance" "ilb-instance-3" { |
| name = "ilb-instance-3" |
| machine_type = "n1-standard-1" |
| zone = var.region_zone_2 |
| |
| tags = ["int-lb"] |
| |
| boot_disk { |
| initialize_params { |
| image = "debian-cloud/debian-8" |
| } |
| } |
| |
| network_interface { |
| subnetwork = google_compute_subnetwork.my-custom-subnet.name |
| |
| access_config { |
| // Ephemeral IP |
| } |
| } |
| |
| service_account { |
| scopes = ["compute-rw"] |
| } |
| |
| metadata_startup_script = file("startup.sh") |
| } |
| |
| resource "google_compute_instance" "ilb-instance-4" { |
| name = "ilb-instance-4" |
| machine_type = "n1-standard-1" |
| zone = var.region_zone_2 |
| |
| tags = ["int-lb"] |
| |
| boot_disk { |
| initialize_params { |
| image = "debian-cloud/debian-8" |
| } |
| } |
| |
| network_interface { |
| subnetwork = google_compute_subnetwork.my-custom-subnet.name |
| |
| access_config { |
| // Ephemeral IP |
| } |
| } |
| |
| service_account { |
| scopes = ["compute-rw"] |
| } |
| |
| metadata_startup_script = file("startup.sh") |
| } |
| |
| resource "google_compute_instance_group" "us-ig1" { |
| name = "us-ig1" |
| |
| instances = [ |
| google_compute_instance.ilb-instance-1.self_link, |
| google_compute_instance.ilb-instance-2.self_link, |
| ] |
| |
| zone = var.region_zone |
| } |
| |
| resource "google_compute_instance_group" "us-ig2" { |
| name = "us-ig2" |
| |
| instances = [ |
| google_compute_instance.ilb-instance-3.self_link, |
| google_compute_instance.ilb-instance-4.self_link, |
| ] |
| |
| zone = var.region_zone_2 |
| } |
| |
| resource "google_compute_health_check" "my-tcp-health-check" { |
| name = "my-tcp-health-check" |
| |
| tcp_health_check { |
| port = "80" |
| } |
| } |
| |
| resource "google_compute_region_backend_service" "my-int-lb" { |
| name = "my-int-lb" |
| health_checks = [google_compute_health_check.my-tcp-health-check.self_link] |
| region = var.region |
| |
| backend { |
| group = google_compute_instance_group.us-ig1.self_link |
| } |
| |
| backend { |
| group = google_compute_instance_group.us-ig2.self_link |
| } |
| } |
| |
| resource "google_compute_forwarding_rule" "my-int-lb-forwarding-rule" { |
| name = "my-int-lb-forwarding-rule" |
| load_balancing_scheme = "INTERNAL" |
| ports = ["80"] |
| network = google_compute_network.my-custom-network.self_link |
| subnetwork = google_compute_subnetwork.my-custom-subnet.self_link |
| backend_service = google_compute_region_backend_service.my-int-lb.self_link |
| } |
| |
| resource "google_compute_firewall" "allow-internal-lb" { |
| name = "allow-internal-lb" |
| network = google_compute_network.my-custom-network.name |
| |
| allow { |
| protocol = "tcp" |
| ports = ["80", "443"] |
| } |
| |
| source_ranges = ["10.128.0.0/20"] |
| target_tags = ["int-lb"] |
| } |
| |
| resource "google_compute_firewall" "allow-health-check" { |
| name = "allow-health-check" |
| network = google_compute_network.my-custom-network.name |
| |
| allow { |
| protocol = "tcp" |
| } |
| |
| source_ranges = ["130.211.0.0/22", "35.191.0.0/16"] |
| target_tags = ["int-lb"] |
| } |
| |
| resource "google_compute_instance" "standalone-instance-1" { |
| name = "standalone-instance-1" |
| machine_type = "n1-standard-1" |
| zone = var.region_zone |
| |
| tags = ["standalone"] |
| |
| boot_disk { |
| initialize_params { |
| image = "debian-cloud/debian-8" |
| } |
| } |
| |
| network_interface { |
| subnetwork = google_compute_subnetwork.my-custom-subnet.name |
| |
| access_config { |
| // Ephemeral IP |
| } |
| } |
| } |
| |
| resource "google_compute_firewall" "allow-ssh-to-standalone" { |
| name = "allow-ssh-to-standalone" |
| network = google_compute_network.my-custom-network.name |
| |
| allow { |
| protocol = "tcp" |
| ports = ["22"] |
| } |
| |
| target_tags = ["standalone"] |
| } |
