Pour tout problème contactez-nous par mail : support@froggit.fr | La FAQ :grey_question: | Rejoignez-nous sur le Chat :speech_balloon:

Skip to content
Snippets Groups Projects
Normal view Permalink
main.tf 5.46 KiB
Newer Older
Nicolas's avatar
Add Magento Terraform manifests and deployment
Nicolas committed
1 2 3 4 5 6 7 8 9 10 11 12 13 
terraform {
  backend "http" {
  }

  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "4.3.0"
    }
  }
}

provider "google" {
Nicolas's avatar
debug service account  
Nicolas committed
14 
  credentials = file("./gcp-sa.json")
Nicolas's avatar
Add Magento Terraform manifests and deployment
Nicolas committed
15 16 17 18 
  project     = var.project_id
  region      = var.region
}
Nicolas's avatar
debug undeclared ressource  
Nicolas committed
19 20 21 22 23 
data "google_project" "project" {
  provider   = google
  project_id = var.project_id
}
Nicolas's avatar
Add Magento Terraform manifests and deployment
Nicolas committed
24 25 26 27 
### Reserve Static IP
resource "google_compute_global_address" "static_ip" {
  provider = google
  project  = var.project_id
Nicolas's avatar
Rename Magento to GKE  
Nicolas committed
28 
  name     = "gke-frontend"
Nicolas's avatar
Add Magento Terraform manifests and deployment
Nicolas committed
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 
}

### Create Network
resource "google_compute_network" "vpc_network" {
  provider                = google
  project                 = var.project_id
  name                    = var.vpc_network_name
  auto_create_subnetworks = false
  mtu                     = 1460
  routing_mode            = "GLOBAL"
}

### Create Subnetwork
resource "google_compute_subnetwork" "vpc_subnetwork" {
  provider      = google
  project       = var.project_id
  name          = var.vpc_subnetwork_name
  ip_cidr_range = "192.168.100.0/24"
  region        = var.region
  network       = google_compute_network.vpc_network.id
  secondary_ip_range {
    range_name    = "pods"
    ip_cidr_range = "10.0.0.0/14"
  }
  secondary_ip_range {
    range_name    = "services"
    ip_cidr_range = "10.4.0.0/19"
  }
  private_ip_google_access = true

  depends_on = [
    google_compute_network.vpc_network
  ]
}

### Create VPC network peering
resource "google_compute_global_address" "vpc_private_ip_address" {
  provider      = google
  project       = var.project_id
  name          = var.vpc_private_ip_address_name
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
  prefix_length = 16
  network       = google_compute_network.vpc_network.id
}

resource "google_service_networking_connection" "vpc_private_vpc_connection" {
Nicolas's avatar
refactoring  
Nicolas committed
76 77 78 
  provider = google
  network  = google_compute_network.vpc_network.id
  service  = "servicenetworking.googleapis.com"
Nicolas's avatar
Add Magento Terraform manifests and deployment
Nicolas committed
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 
  reserved_peering_ranges = [
    google_compute_global_address.vpc_private_ip_address.name
  ]
}

### Create firewall rules
resource "google_compute_firewall" "fw_http" {
  provider = google
  project  = var.project_id
  name     = var.fw_http_name
  network  = google_compute_network.vpc_network.name
  allow {
    protocol = "tcp"
    ports    = ["80"]
  }
  target_tags   = ["http-server"]
  source_ranges = ["0.0.0.0/0"]
  disabled      = false
}

resource "google_compute_firewall" "fw_https" {
  provider = google
  project  = var.project_id
  name     = var.fw_https_name
  network  = google_compute_network.vpc_network.name
  allow {
    protocol = "tcp"
    ports    = ["443"]
  }
  target_tags   = ["https-server"]
  source_ranges = ["0.0.0.0/0"]
  disabled      = false
}

resource "google_compute_firewall" "allow_from_iap_to_instances" {
  provider = google
  project  = var.project_id
  name     = var.fw_ssh_name
  network  = google_compute_network.vpc_network.name
  allow {
    protocol = "tcp"
    ports    = ["22"]
  }
  source_ranges = ["35.235.240.0/20"]
}

### Create Cloud NAT
resource "google_compute_router" "router" {
  provider = google
  project  = var.project_id
  name     = var.router_name
  region   = var.region
  network  = google_compute_network.vpc_network.id
  bgp {
    asn = 64514
  }
}

resource "google_compute_router_nat" "cloud_nat" {
  provider                           = google
  project                            = var.project_id
  name                               = var.cloud_nat_name
  region                             = var.region
  router                             = google_compute_router.router.name
  nat_ip_allocate_option             = "AUTO_ONLY"
  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"

  log_config {
    enable = false
    filter = "ERRORS_ONLY"
  }

  min_ports_per_vm = 64
}

### Create Kubernetes Cluster
resource "google_container_cluster" "cluster" {
Nicolas's avatar
refactoring  
Nicolas committed
156 157 158 159 
  provider                  = google
  project                   = var.project_id
  name                      = var.cluster_name
  location                  = var.region
Nicolas's avatar
Add Magento Terraform manifests and deployment
Nicolas committed
160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 
  remove_default_node_pool  = true
  initial_node_count        = 1
  logging_service           = "logging.googleapis.com/kubernetes"
  default_max_pods_per_node = 20
  networking_mode           = "VPC_NATIVE"
  network                   = google_compute_network.vpc_network.id
  subnetwork                = google_compute_subnetwork.vpc_subnetwork.id
  enable_shielded_nodes     = true

  private_cluster_config {
    enable_private_endpoint = false
    enable_private_nodes    = true
    master_ipv4_cidr_block  = "172.16.0.0/28"
  }

  default_snat_status {
    disabled = false
  }

  ip_allocation_policy {
    cluster_secondary_range_name  = "pods"
    services_secondary_range_name = "services"
  }

  workload_identity_config {
Nicolas's avatar
refactoring  
Nicolas committed
185 
    workload_pool = "${data.google_project.project.project_id}.svc.id.goog"
Nicolas's avatar
Add Magento Terraform manifests and deployment
Nicolas committed
186 187 188 189 
  }

  depends_on = [
    google_compute_network.vpc_network,
Nicolas's avatar
debug manifests  
Nicolas committed
190 
    google_compute_subnetwork.vpc_subnetwork
Nicolas's avatar
Add Magento Terraform manifests and deployment
Nicolas committed
191 192 193 194 195 196 197 198 199 200 201 202 203 
  ]
}

### Create Kubernetes Node Pool
resource "google_container_node_pool" "node_pool" {
  provider   = google
  project    = var.project_id
  name       = var.node_pool_name
  location   = var.region
  cluster    = google_container_cluster.cluster.name
  node_count = 1

  node_config {
Nicolas's avatar
refactoring  
Nicolas committed
204 
    preemptible  = true
Nicolas's avatar
Reduce Node pool  
Nicolas committed
205 206 
    machine_type = "e2-micro"
    disk_size_gb = "10"
Nicolas's avatar
refactoring  
Nicolas committed
207 208 209 
    disk_type    = "pd-ssd"
    image_type   = "cos"
    oauth_scopes = [
Nicolas's avatar
Add Magento Terraform manifests and deployment
Nicolas committed
210 211 212 213 214 215 216 217 218 219 
      "https://www.googleapis.com/auth/cloud-platform"
    ]

    labels = {
      disktype    = "ssd"
      cputype     = "e2"
      preemptible = "true"
    }
  }
}

Froggit est fièrement fabriqué avec amour par Lydra avec des Logiciels Libres et hébergé en France chez Scaleway | Status du service