-
Notifications
You must be signed in to change notification settings - Fork 82
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update documentation of forwarding rule for vpc psc endpoint (#6864) (#…
…331) Signed-off-by: Modular Magician <[email protected]> Signed-off-by: Modular Magician <[email protected]>
- Loading branch information
1 parent
93ace7c
commit 56ae308
Showing
4 changed files
with
209 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# This file has some scaffolding to make sure that names are unique and that | ||
# a region and zone are selected when you try to create your Terraform resources. | ||
|
||
locals { | ||
name_suffix = "${random_pet.suffix.id}" | ||
} | ||
|
||
resource "random_pet" "suffix" { | ||
length = 2 | ||
} | ||
|
||
provider "google" { | ||
region = "us-central1" | ||
zone = "us-central1-c" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
// Forwarding rule for VPC private service connect | ||
resource "google_compute_forwarding_rule" "default" { | ||
provider = google-beta | ||
name = "psc-endpoint-${local.name_suffix}" | ||
region = "us-central1" | ||
load_balancing_scheme = "" | ||
target = google_compute_service_attachment.producer_service_attachment.id | ||
network = google_compute_network.consumer_net.name | ||
ip_address = google_compute_address.consumer_address.id | ||
} | ||
|
||
// Consumer service endpoint | ||
|
||
resource "google_compute_network" "consumer_net" { | ||
provider = google-beta | ||
name = "consumer-net-${local.name_suffix}" | ||
auto_create_subnetworks = false | ||
} | ||
|
||
resource "google_compute_subnetwork" "consumer_subnet" { | ||
provider = google-beta | ||
name = "consumer-net-${local.name_suffix}" | ||
ip_cidr_range = "10.0.0.0/16" | ||
region = "us-central1" | ||
network = google_compute_network.consumer_net.id | ||
} | ||
|
||
resource "google_compute_address" "consumer_address" { | ||
name = "website-ip-${local.name_suffix}-1" | ||
provider = google-beta | ||
region = "us-central1" | ||
subnetwork = google_compute_subnetwork.consumer_subnet.id | ||
address_type = "INTERNAL" | ||
} | ||
|
||
|
||
// Producer service attachment | ||
|
||
resource "google_compute_network" "producer_net" { | ||
provider = google-beta | ||
name = "producer-net-${local.name_suffix}" | ||
auto_create_subnetworks = false | ||
} | ||
|
||
resource "google_compute_subnetwork" "producer_subnet" { | ||
provider = google-beta | ||
name = "producer-net-${local.name_suffix}" | ||
ip_cidr_range = "10.0.0.0/16" | ||
region = "us-central1" | ||
network = google_compute_network.producer_net.id | ||
} | ||
|
||
resource "google_compute_subnetwork" "psc_producer_subnet" { | ||
provider = google-beta | ||
name = "producer-psc-net-${local.name_suffix}" | ||
ip_cidr_range = "10.1.0.0/16" | ||
region = "us-central1" | ||
|
||
purpose = "PRIVATE_SERVICE_CONNECT" | ||
network = google_compute_network.producer_net.id | ||
} | ||
|
||
resource "google_compute_service_attachment" "producer_service_attachment" { | ||
provider = google-beta | ||
name = "producer-service-${local.name_suffix}" | ||
region = "us-central1" | ||
description = "A service attachment configured with Terraform" | ||
|
||
enable_proxy_protocol = true | ||
connection_preference = "ACCEPT_AUTOMATIC" | ||
nat_subnets = [google_compute_subnetwork.psc_producer_subnet.name] | ||
target_service = google_compute_forwarding_rule.producer_target_service.id | ||
|
||
|
||
} | ||
|
||
resource "google_compute_forwarding_rule" "producer_target_service" { | ||
provider = google-beta | ||
name = "producer-forwarding-rule-${local.name_suffix}" | ||
region = "us-central1" | ||
|
||
load_balancing_scheme = "INTERNAL" | ||
backend_service = google_compute_region_backend_service.producer_service_backend.id | ||
all_ports = true | ||
network = google_compute_network.producer_net.name | ||
subnetwork = google_compute_subnetwork.producer_subnet.name | ||
|
||
|
||
} | ||
|
||
resource "google_compute_region_backend_service" "producer_service_backend" { | ||
provider = google-beta | ||
name = "producer-service-backend-${local.name_suffix}" | ||
region = "us-central1" | ||
|
||
health_checks = [google_compute_health_check.producer_service_health_check.id] | ||
} | ||
|
||
resource "google_compute_health_check" "producer_service_health_check" { | ||
provider = google-beta | ||
name = "producer-service-health-check-${local.name_suffix}" | ||
|
||
check_interval_sec = 1 | ||
timeout_sec = 1 | ||
tcp_health_check { | ||
port = "80" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
=== | ||
|
||
These examples use real resources that will be billed to the | ||
Google Cloud Platform project you use - so make sure that you | ||
run "terraform destroy" before quitting! | ||
|
||
=== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# Forwarding Rule VPC Psc - Terraform | ||
|
||
## Setup | ||
|
||
<walkthrough-author name="[email protected]" analyticsId="UA-125550242-1" tutorialName="forwarding_rule_vpc_psc" repositoryUrl="https://github.com/terraform-google-modules/docs-examples"></walkthrough-author> | ||
|
||
Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform. | ||
|
||
<walkthrough-project-billing-setup></walkthrough-project-billing-setup> | ||
|
||
Terraform provisions real GCP resources, so anything you create in this session will be billed against this project. | ||
|
||
## Terraforming! | ||
|
||
Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command | ||
to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up | ||
the project name from the environment variable. | ||
|
||
```bash | ||
export GOOGLE_CLOUD_PROJECT={{project-id}} | ||
``` | ||
|
||
After that, let's get Terraform started. Run the following to pull in the providers. | ||
|
||
```bash | ||
terraform init | ||
``` | ||
|
||
With the providers downloaded and a project set, you're ready to use Terraform. Go ahead! | ||
|
||
```bash | ||
terraform apply | ||
``` | ||
|
||
Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan. | ||
|
||
```bash | ||
yes | ||
``` | ||
|
||
|
||
## Post-Apply | ||
|
||
### Editing your config | ||
|
||
Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed. | ||
|
||
```bash | ||
terraform plan | ||
``` | ||
|
||
So let's make a change! Try editing a number, or appending a value to the name in the editor. Then, | ||
run a 'plan' again. | ||
|
||
```bash | ||
terraform plan | ||
``` | ||
|
||
Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes | ||
at the 'yes' prompt. | ||
|
||
```bash | ||
terraform apply | ||
``` | ||
|
||
```bash | ||
yes | ||
``` | ||
|
||
## Cleanup | ||
|
||
Run the following to remove the resources Terraform provisioned: | ||
|
||
```bash | ||
terraform destroy | ||
``` | ||
```bash | ||
yes | ||
``` |