Hello Guys, Today we will learn how to use Terraform on Google Cloud Platform. This tutorial is for beginners. We will follow these steps:
- Install Terraform on Debian
- Create terraform files
- Write provider block
- Configure authentication with two methods:
- Using Gcloud authentication command - Using service account
- Create two Networks with differents IP ranges
- Create VMs
- Configure peering between them
we will learn how to create two VMs, one for frontend that will contain Apache2 and the second for backend and it will contain mysql and after that we will configure the peering and test it.
# setup the GCP provider | provider.tf
terraform {
required_version = ">= 0.12"
}
provider "google" {
project = var.app_project
region = "europe-west1"
}
variables.tf
# define GCP project name
variable "app_project" {
type = string
description = "InfraOps"
}
# VPC
variable "frontvpc-name" {
type = string
description = "name of the created vpc"
}
variable "backvpc-name" {
type = string
description = "name of the created vpc"
}
# SUBNET
variable "frontsubnet-name" {
type = string
description = "name of frontend subnet"
}
variable "backsubnet-name" {
type = string
description = "name of backend subnet"
}
# SUBNET
variable "frontsubnet-ip-cidr" {
type = string
description = "frontsubnet-cidr-ip"
}
variable "backsubnet-ip-cidr" {
type = string
description = "backsubnet-cidr-ip"
}
# REGION
variable "gcp_region_1" {
type = string
description = "gcp_region_1"
}
terraform.tfvars
# GCP Settings
gcp_region_1 = "europe-west1"
#gcp_zone_1 = "europe-west1-b"
gcp_auth_file = "infraops-282914-5c728faa9957.json"
app_project = "infraops-282914"
frontvpc-name = "front-vpc"
frontsubnet-name = "front-subnet"
frontsubnet-ip-cidr = "172.16.0.0/28"
backvpc-name = "backend-vpc"
backsubnet-name = "back-subnet"
backsubnet-ip-cidr = "10.8.1.0/24"
main.tf
//Networking
// Create VPC for frontend
resource "google_compute_network" "front-vpc" {
name = var.frontvpc-name
auto_create_subnetworks = "false"
}
// Create front Subnet
resource "google_compute_subnetwork" "front-subnet" {
name = var.frontsubnet-name
ip_cidr_range = var.frontsubnet-ip-cidr
network = var.frontvpc-name
region = var.gcp_region_1
depends_on = [google_compute_network.front-vpc]
}
// Create VPC for backend
resource "google_compute_network" "back-vpc" {
name = var.backvpc-name
auto_create_subnetworks = "false"
}
// Create backend Subnet
resource "google_compute_subnetwork" "back-subnet" {
name = var.backsubnet-name
ip_cidr_range = var.backsubnet-ip-cidr
network = var.backvpc-name
region = var.gcp_region_1
depends_on = [google_compute_network.back-vpc]
}
// VMs
resource "google_compute_instance" "backend-vm" {
name = "backend-vm-test"
machine_type = "f1-micro"
zone = "europe-west1-b"
allow_stopping_for_update = true
depends_on = [google_compute_subnetwork.back-subnet]
boot_disk {
initialize_params {
image = "debian-cloud/debian-10"
}
}
network_interface {
network = var.backvpc-name
subnetwork = var.backsubnet-name
}
metadata_startup_script = "sudo apt-get update && sudo apt install mysql-server"
// Apply the firewall rule to allow external IPs to access this instance
tags = ["mysql-server"]
}
resource "google_compute_instance" "frontend-vm" {
name = "frontend-vm-test"
machine_type = "f1-micro"
zone = "europe-west1-b"
allow_stopping_for_update = true
depends_on = [google_compute_subnetwork.front-subnet]
boot_disk {
initialize_params {
image = "debian-cloud/debian-10"
}
}
network_interface {
network = var.frontvpc-name
subnetwork = var.frontsubnet-name
}
metadata_startup_script = "sudo apt-get update && sudo apt-get install apache2 -y && echo '<!doctype html><html><body><h1>Hello Hello Even</h1></body></html>' | sudo tee /var/www/html/index.html"
// Apply the firewall rule to allow external IPs to access this instance
tags = ["frontend-server"]
}
//Firewall
resource "google_compute_firewall" "back-front" {
name = "back-front"
network = var.frontvpc-name
source_ranges = [google_compute_instance.backend-vm.network_interface.0.network_ip]
depends_on = [google_compute_network.front-vpc]
allow {
protocol = "tcp"
ports = ["80","22"]
}
allow {
protocol = "icmp"
}
}
resource "google_compute_firewall" "front-back" {
name = "front-back"
network = var.backvpc-name
source_ranges = [google_compute_instance.frontend-vm.network_interface.0.network_ip]
depends_on = [google_compute_network.back-vpc]
allow {
protocol = "tcp"
ports = ["3306","22"]
}
allow {
protocol = "icmp"
}
}
resource "google_compute_firewall" "allow-iap-front-vpc" {
name = "allow-ssh-iap-front-vpc"
network = var.frontvpc-name
source_ranges = ["35.235.240.0/20"]
depends_on = [google_compute_network.front-vpc]
allow {
protocol = "tcp"
ports = ["80","22"]
}
allow {
protocol = "icmp"
}
}
resource "google_compute_firewall" "allow-iap-back-vpc" {
name = "allow-ssh-iap-back-vpc"
network = var.backvpc-name
source_ranges = ["35.235.240.0/20"]
depends_on = [google_compute_network.back-vpc]
allow {
protocol = "tcp"
ports = ["80","22"]
}
allow {
protocol = "icmp"
}
}
// Peering between vm front and vm back
resource "google_compute_network_peering" "peering1" {
name = "peering1"
network = google_compute_network.front-vpc.id
peer_network = google_compute_network.back-vpc.id
depends_on = [google_compute_instance.backend-vm]
}
resource "google_compute_network_peering" "peering2" {
name = "peering2"
network = google_compute_network.back-vpc.id
peer_network = google_compute_network.front-vpc.id
depends_on = [google_compute_instance.backend-vm]
}