diff --git a/forwarding_rule_vpc_psc/backing_file.tf b/forwarding_rule_vpc_psc/backing_file.tf new file mode 100644 index 00000000..c60b1199 --- /dev/null +++ b/forwarding_rule_vpc_psc/backing_file.tf @@ -0,0 +1,15 @@ +# This file has some scaffolding to make sure that names are unique and that +# a region and zone are selected when you try to create your Terraform resources. + +locals { + name_suffix = "${random_pet.suffix.id}" +} + +resource "random_pet" "suffix" { + length = 2 +} + +provider "google" { + region = "us-central1" + zone = "us-central1-c" +} diff --git a/forwarding_rule_vpc_psc/main.tf b/forwarding_rule_vpc_psc/main.tf new file mode 100644 index 00000000..f85df472 --- /dev/null +++ b/forwarding_rule_vpc_psc/main.tf @@ -0,0 +1,108 @@ +// Forwarding rule for VPC private service connect +resource "google_compute_forwarding_rule" "default" { + provider = google-beta + name = "psc-endpoint-${local.name_suffix}" + region = "us-central1" + load_balancing_scheme = "" + target = google_compute_service_attachment.producer_service_attachment.id + network = google_compute_network.consumer_net.name + ip_address = google_compute_address.consumer_address.id +} + +// Consumer service endpoint + +resource "google_compute_network" "consumer_net" { + provider = google-beta + name = "consumer-net-${local.name_suffix}" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "consumer_subnet" { + provider = google-beta + name = "consumer-net-${local.name_suffix}" + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" + network = google_compute_network.consumer_net.id +} + +resource "google_compute_address" "consumer_address" { + name = "website-ip-${local.name_suffix}-1" + provider = google-beta + region = "us-central1" + subnetwork = google_compute_subnetwork.consumer_subnet.id + address_type = "INTERNAL" +} + + +// Producer service attachment + +resource "google_compute_network" "producer_net" { + provider = google-beta + name = "producer-net-${local.name_suffix}" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "producer_subnet" { + provider = google-beta + name = "producer-net-${local.name_suffix}" + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" + network = google_compute_network.producer_net.id +} + +resource "google_compute_subnetwork" "psc_producer_subnet" { + provider = google-beta + name = "producer-psc-net-${local.name_suffix}" + ip_cidr_range = "10.1.0.0/16" + region = "us-central1" + + purpose = "PRIVATE_SERVICE_CONNECT" + network = google_compute_network.producer_net.id +} + +resource "google_compute_service_attachment" "producer_service_attachment" { + provider = google-beta + name = "producer-service-${local.name_suffix}" + region = "us-central1" + description = "A service attachment configured with Terraform" + + enable_proxy_protocol = true + connection_preference = "ACCEPT_AUTOMATIC" + nat_subnets = [google_compute_subnetwork.psc_producer_subnet.name] + target_service = google_compute_forwarding_rule.producer_target_service.id + + +} + +resource "google_compute_forwarding_rule" "producer_target_service" { + provider = google-beta + name = "producer-forwarding-rule-${local.name_suffix}" + region = "us-central1" + + load_balancing_scheme = "INTERNAL" + backend_service = google_compute_region_backend_service.producer_service_backend.id + all_ports = true + network = google_compute_network.producer_net.name + subnetwork = google_compute_subnetwork.producer_subnet.name + + +} + +resource "google_compute_region_backend_service" "producer_service_backend" { + provider = google-beta + name = "producer-service-backend-${local.name_suffix}" + region = "us-central1" + + health_checks = [google_compute_health_check.producer_service_health_check.id] +} + +resource "google_compute_health_check" "producer_service_health_check" { + provider = google-beta + name = "producer-service-health-check-${local.name_suffix}" + + check_interval_sec = 1 + timeout_sec = 1 + tcp_health_check { + port = "80" + } +} diff --git a/forwarding_rule_vpc_psc/motd b/forwarding_rule_vpc_psc/motd new file mode 100644 index 00000000..45a906e8 --- /dev/null +++ b/forwarding_rule_vpc_psc/motd @@ -0,0 +1,7 @@ +=== + +These examples use real resources that will be billed to the +Google Cloud Platform project you use - so make sure that you +run "terraform destroy" before quitting! + +=== diff --git a/forwarding_rule_vpc_psc/tutorial.md b/forwarding_rule_vpc_psc/tutorial.md new file mode 100644 index 00000000..8f80f987 --- /dev/null +++ b/forwarding_rule_vpc_psc/tutorial.md @@ -0,0 +1,79 @@ +# Forwarding Rule VPC Psc - Terraform + +## Setup + + + +Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform. + + + +Terraform provisions real GCP resources, so anything you create in this session will be billed against this project. + +## Terraforming! + +Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command +to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up +the project name from the environment variable. + +```bash +export GOOGLE_CLOUD_PROJECT={{project-id}} +``` + +After that, let's get Terraform started. Run the following to pull in the providers. + +```bash +terraform init +``` + +With the providers downloaded and a project set, you're ready to use Terraform. Go ahead! + +```bash +terraform apply +``` + +Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan. + +```bash +yes +``` + + +## Post-Apply + +### Editing your config + +Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed. + +```bash +terraform plan +``` + +So let's make a change! Try editing a number, or appending a value to the name in the editor. Then, +run a 'plan' again. + +```bash +terraform plan +``` + +Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes +at the 'yes' prompt. + +```bash +terraform apply +``` + +```bash +yes +``` + +## Cleanup + +Run the following to remove the resources Terraform provisioned: + +```bash +terraform destroy +``` +```bash +yes +```