[A-00226]Terraform 1000本ノック(1)
terraformトレーニングのための1000本ノックシリーズです。
terraformの基本を知らない方はこちらの記事参照
・グローバル外部アプリケーションロードバランサーを作る
グローバル外部アプリケーションロードバランサーを作って、VMに立てたNginxにアクセスしてみます。
terraformソースはこちら
variable "project_id" {
type = string
}
variable "region" {
type = string
}
variable "name" {
type = string
}terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "6.15.0"
}
}
}
provider "google" {
project = var.project_id
region = var.region
}output "lb-ip" {
value = google_compute_global_address.address.address
}resource "google_compute_network" "lb_network" {
name = "${var.name}-lb-networ"
project = var.project_id
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "lb_subnet" {
name = "${var.name}-lb-subnet"
project = var.project_id
ip_cidr_range = "10.0.1.0/24"
region = var.region
network = google_compute_network.lb_network.id
}terraform {
backend "gcs" {
}
}resource "google_compute_backend_service" "service" {
name = "backend-service"
port_name = "http"
protocol = "HTTP"
enable_cdn = false
timeout_sec = 10
health_checks = [ google_compute_health_check.tracking_lb.self_link ]
backend {
group = google_compute_instance_group.vm_group.self_link
}
}
resource "google_compute_url_map" "url_map" {
name = "url-map"
default_service = google_compute_backend_service.service.id
}
resource "google_compute_target_http_proxy" "http_proxy" {
name = "http-proxy"
url_map = google_compute_url_map.url_map.id
}
resource "google_compute_global_address" "address" {
name = "address"
project = var.project_id
ip_version = "IPV4"
}
resource "google_compute_global_forwarding_rule" "forwarding_rule" {
name = "forwarding-rule"
target = google_compute_target_http_proxy.http_proxy.id
port_range = "80"
ip_address = google_compute_global_address.address.address
ip_protocol = "TCP"
depends_on = [
google_compute_target_http_proxy.http_proxy,
google_compute_global_address.address
]
}resource "google_compute_health_check" "lb_health_check" {
name = "${var.name}-health-check"
project = var.project_id
timeout_sec = 1
check_interval_sec = 1
tcp_health_check {
port = 80
}
}
resource "google_compute_health_check" "tracking_lb" {
name = "tracking-lb"
project = var.project_id
timeout_sec = 5
check_interval_sec = 5
healthy_threshold = 4
unhealthy_threshold = 5
http_health_check {
port = 80
}
}resource "google_compute_firewall" "ssh_fw" {
name = "allow-ssh"
project = var.project_id
network = google_compute_network.lb_network.id
priority = 1000
source_ranges = ["0.0.0.0/0"]
target_tags = ["ssh"]
direction = "INGRESS"
allow {
protocol = "tcp"
ports = ["22"]
}
}
resource "google_compute_firewall" "http_fw" {
name = "allow-http-https"
project = var.project_id
network = google_compute_network.lb_network.id
priority = 1000
source_ranges = [ "0.0.0.0/0" ]
target_tags = [ "web" ]
direction = "INGRESS"
allow {
protocol = "tcp"
ports = [ "80", "443" ]
}
}
resource "google_compute_firewall" "web_fw" {
name = "web-fw"
project = var.project_id
network = google_compute_network.lb_network.id
allow {
protocol = "tcp"
ports = [ "80" ]
}
source_ranges = [
"130.211.0.0/22",
"35.191.0.0/16"
]
target_tags = [ "web" ]
}project_id = "your-project"
region = "asia-northeast1"
name = "example"resource "google_compute_instance" "web_server" {
name = "web-server"
machine_type = "e2-micro"
zone = "${var.region}-a"
tags = [ "web" ]
boot_disk {
initialize_params {
image = "debian-cloud/debian-12"
size = "10"
type = "pd-standard"
}
}
network_interface {
network = google_compute_network.lb_network.id
subnetwork = google_compute_subnetwork.lb_subnet.id
access_config {
}
}
metadata_startup_script = "sudo apt update; sudo apt install nginx -y; sudo systemctl start nginx"
}
resource "google_compute_instance_group" "vm_group" {
name = "web-server-group"
description = "web-server instance group"
zone = "${var.region}-a"
instances = [ google_compute_instance.web_server.self_link ]
named_port {
name = "http"
port = "80"
}
}下記のコマンドでplan,applyします。
terraform plan -var-file=dev.tfvars
terraform apply -var-file=dev.tfvarsoutput.tfで出力されたIPアドレスをブラウザのアドレスバーに貼り付けてアクセスします。
apply後すぐだと表示されないので5分くらい置いておきます。
・Appendix
参考文献はこちら
https://note.com/leslesnoa/n/nbc4bc19a2fb4
https://cloud.google.com/load-balancing/docs/https/ext-http-lb-tf-module-examples?hl=ja
https://zenn.dev/tosa/articles/6aadf0ea37d343
https://cloud.google.com/load-balancing/docs/https/ext-https-lb-simple?hl=ja#terraform
https://cloud.google.com/compute/docs/tutorials/high-availability-load-balancing?hl=ja
https://cloud.google.com/load-balancing/docs/network/setting-up-network-backend-service?hl=ja
https://dev.classmethod.jp/articles/gce-lb1
https://medium.com/@mvaldiearsanur/setup-a-web-server-with-google-load-balancer-e4ddf31f0347
https://docs.vultr.com/how-to-install-apache-webserver-on-debian-12
https://github.com/gruntwork-io/terraform-google-load-balancer
https://github.com/terraform-google-modules/terraform-google-lb
https://github.com/gruntwork-io/terraform-google-load-balancer/tree/v0.5.0
https://cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-internal?hl=ja
https://cloud.google.com/load-balancing/docs/l7-internal/int-https-lb-tf-examples?hl=ja
https://github.com/terraform-google-modules/terraform-google-lb-http/tree/main
https://www.cloudskillsboost.google/focuses/1206?parent=catalog
https://cloud.google.com/load-balancing?hl=ja#take-the-next-step
https://medium.com/google-cloud-jp/serverless-neg-and-google-cloud-load-balancing-cbb341d3b636
https://book.st-hakky.com/hakky/about-google-cloud-load-balancing
https://medium.com/google-cloud-jp/private-cloud-storage-bucket-for-load-balancing-3975c1d2b743
https://dev.classmethod.jp/articles/terraform-google-cloud-storage
コメントを残す