The purpose of this repo is to demonstrate how to deploy infrastructure on GCP via Terraform. At a high level we deploy:
- Shared VPC network (Host Project resides in Management Folder & Service Projects in application folder)
- 4 subnets (5 total to show how easy to add subnets) in a single region for simplicity
- Firewall rules to allow internal network connectivity, SSH and Web access from external internet on certain resources.
- Bastion Host that resides in subnet 01
- MIG running apache web server that resides in subnet 03 that cannot be accessed via the public internet.
- HTTP Load balancer that exposes the apache webserver on port 80 and forwards the incoming traffic to the backend server.
TODO(antoniordz96) add architecture diagram
This repo is meant for use with Terraform 0.13.7. You can manage different versions of terraform in the local workstation using tfenv.
- Bootstrap a GCP organization, creating all the required GCP resources & permissions to start using the Cloud Foundation Toolkit (CFT). You will be running this through the terraform seed SA
- GCP Organization
- Terraform
- gcloud
Name | Version |
---|---|
terraform | ~> v0.13.7 |
3.76.0 | |
google-beta | 3.76.0 |
null | 3.1.0 |
random | 3.1.0 |
template | ~> 2.2.0 |
Name | Version |
---|---|
3.76.0 | |
random | 3.1.0 |
template | ~> 2.2.0 |
Name | Source | Version |
---|---|---|
host_project | terraform-google-modules/project-factory/google | ~> 11.1.0 |
http-lb | GoogleCloudPlatform/lb-http/google | 6.0.1 |
mig | terraform-google-modules/vm/google//modules/mig | 6.2.0 |
mig_template | terraform-google-modules/vm/google//modules/instance_template | 6.2.0 |
networking | ./modules/network | n/a |
service-project | terraform-google-modules/project-factory/google//modules/svpc_service_project | ~> 11.1.0 |
Name | Type |
---|---|
google_compute_instance.instance | resource |
google_folder.application | resource |
google_folder.management | resource |
google_project_iam_member.project | resource |
random_id.default | resource |
google_compute_image.redhat_image | data source |
template_file.application | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
billing_account_id | Billing Account to associate resources to. | string |
n/a | yes |
organization_id | GCP organization ID. | string |
n/a | yes |
region | GCP Region to deploy resources. | string |
"us-central1" |
no |
Name | Description |
---|---|
application_external_ip | HTTP Load Balancer external IP for reaching Apache Web Server. |
host_project | Host Project ID. |
service_project | Service Project ID. |
subnets | Subnets created in environment. |
# Downloading Repo
git clone https://github.com/antoniordz96/shared-vpc-demo.git
cd shared-vpc-demo
# Configuring Terraform
tfenv install 0.13.7
tfenv use 0.13.7
terraform version
# Configuring gcloud
gcloud auth login
# Using terraform seed project and SA
gcloud config set project $TERRAFORM_SEED_PROJECT
gcloud iam service-accounts keys create key.json --iam-account={terraform-seed-sa}@project-id.iam.gserviceaccount.com
export GOOGLE_APPLICATION_CREDENTIALS=${SERVICE_ACCOUNT_KEY_PATH}
# remember to set input variables. Use terraform.tfvars
touch terraform.tfvars
terraform init
terraform plan
terraform apply
Note: You do not necessarily need to download the seed SA. One can perform service account impersonation and run terraform to deploy the resources. For more info see public docs.