[A-00167] TerraformでVPC Peeringを作成してVM同士を疎通してみる
VPCピアリングをTerraformで構築し、プリエンプティブルVM同士をpingで疎通してみます。
・アーキテクチャ
・Terraformの作成/実行
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "4.79.0"
}
}
}
provider "google" {
project = var.project_id
region = var.region
}variable "project_id" {
default = "<project_id>"
}
variable "region" {
default = "asia-northeast1"
}resource "google_compute_network_peering" "peering1" {
name = "peering1"
network = google_compute_network.vpc1.self_link
peer_network = google_compute_network.vpc2.self_link
}
resource "google_compute_network_peering" "peering2" {
name = "peering2"
network = google_compute_network.vpc2.self_link
peer_network = google_compute_network.vpc1.self_link
}
resource "google_compute_network" "vpc1" {
name = "vpc1"
auto_create_subnetworks = false
}
resource "google_compute_network" "vpc2" {
name = "vpc2"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "vpc1_subnet" {
name = "vpc1-subnet"
network = google_compute_network.vpc1.id
ip_cidr_range = "10.1.0.0/24"
region = var.region
}
resource "google_compute_subnetwork" "vpc2_subnet" {
name = "vpc2-subnet"
network = google_compute_network.vpc2.id
ip_cidr_range = "10.2.0.0/24"
region = var.region
}resource "google_compute_instance" "vpc1-vm" {
name = "vpc1-vm"
machine_type = "e2-micro"
zone = "${var.region}-a"
tags = [ "ssh" ]
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
scheduling {
preemptible = true
automatic_restart = false
}
network_interface {
subnetwork = google_compute_subnetwork.vpc1_subnet.id
}
}
resource "google_compute_instance" "vpc2-vm" {
name = "vpc2-vm"
machine_type = "e2-micro"
zone = "${var.region}-b"
tags = [ "ssh" ]
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
scheduling {
preemptible = true
automatic_restart = false
}
network_interface {
subnetwork = google_compute_subnetwork.vpc2_subnet.id
}
}resource "google_compute_firewall" "vpc1-subnet-firewall" {
name = "allow-ssh1"
allow {
protocol = "icmp"
}
allow {
ports = [ "22" ]
protocol = "tcp"
}
network = google_compute_network.vpc1.id
priority = 100
source_ranges = [ "0.0.0.0/0" ]
target_tags = [ "ssh" ]
}
resource "google_compute_firewall" "vpc2-subnet-firewall" {
name = "allow-ssh2"
allow {
protocol = "icmp"
}
allow {
ports = [ "22" ]
protocol = "tcp"
}
network = google_compute_network.vpc2.id
priority = 100
source_ranges = [ "0.0.0.0/0" ]
target_tags = [ "ssh" ]
}下記のコマンドを実行してデプロイします。
terraform init
terraform plan
terraform applyデプロイできたら下記のようにVPCピアリングが作成されます。
プリエンプティブルVM1にSSH接続します。
VPC1からVPC2の静的内部IPをpingで実行すると下記のように通信ができます。
次にプリエンプティブルVM2にSSH接続します。
VM2からVM1の静的内部IPをpingで叩くと下記のように疎通できます。
・Appendix
公式ドキュメントはこちら
https://cloud.google.com/compute/docs/instances/create-use-spot?hl=ja
https://cloud.google.com/compute/docs/instances/preemptible?hl=ja
https://cloud.google.com/compute/docs/instances/create-use-preemptible?hl=ja#python
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall
https://cloud.google.com/vpc/docs/create-modify-vpc-networks?hl=ja#gcloud
https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address?hl=ja
https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address?hl=ja
参考文献はこちら
https://docs.confluent.io/ja-jp/cloud/current/networking/peering/gcp-peering.html
https://hajimenoit.com/pcne02/
コメントを残す