[A-00228]Terraform 1000本ノック(3)
前回記事はこちら
今回はグローバル外部プロキシネットワークロードバランサーを作ります。
・グローバル外部プロキシネットワークロードバランサーを組み立てる
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "6.15.0"
}
}
}
provider "google" {
project = "${lookup(var.project_info, var.project_id)}"
region = "${lookup(var.project_info, var.region)}"
}variable "project_id" {
type = string
default = "project_id"
}
variable "region" {
type = string
default = "region"
}
variable "project_info" {
type = map(string)
}terraform {
backend "gcs" {
}
}project_info = {
project_id = "your-project"
region = "asia-northeast1"
}locals {
vpc_parameter = {
cidr = "10.0.1.0/24"
}
vpc_name = "tcp-proxy-xlb-network"
subnet_name = "tcp-proxy-xlb-subnet"
}
resource "google_compute_network" "default" {
name = local.vpc_name
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "default" {
name = local.subnet_name
ip_cidr_range = local.vpc_parameter.cidr
region = "${lookup(var.project_info, var.region)}"
network = google_compute_network.default.id
}locals {
name = "tpc-proxy-xlb-ip"
}
resource "google_compute_global_address" "default" {
name = local.name
#region = "${lookup(var.project_info, var.region)}"
}locals {
web_server = {
name = "tcp-proxy-xlb-web-server"
machine_type = "e2-micro"
target_tag = ["allow-health-check"]
image = "debian-cloud/debian-12"
size = "10"
}
server_group = {
name = "tcp-proxy-xlb-server-group"
named_port_name = "tcp"
named_port_number = "80"
}
firewall = {
name = "tcp-proxy-xlb-fw-allow-hc"
direction = "INGRESS"
source_ranges = ["130.211.0.0/22","35.191.0.0/16"]
allow_protocol = "tcp"
target_tag = ["allow-health-check"]
}
}
resource "google_compute_instance" "default" {
name = local.web_server.name
machine_type = local.web_server.machine_type
zone = "${lookup(var.project_info, var.region)}-a"
tags = local.web_server.target_tag
boot_disk {
initialize_params {
image = local.web_server.image
size = local.web_server.size
}
}
network_interface {
network = google_compute_network.default.id
subnetwork = google_compute_subnetwork.default.id
access_config {
}
}
metadata_startup_script = "sudo apt update; sudo apt install nginx -y; sudo systemctl start nginx"
}
resource "google_compute_instance_group" "default" {
name = local.server_group.name
zone = "${lookup(var.project_info,var.region)}-a"
instances = [ google_compute_instance.default.self_link ]
named_port {
name = local.server_group.named_port_name
port = local.server_group.named_port_number
}
}
resource "google_compute_firewall" "default" {
name = local.firewall.name
direction = local.firewall.direction
network = google_compute_network.default.id
source_ranges = local.firewall.source_ranges
allow {
protocol = local.firewall.allow_protocol
}
target_tags = local.firewall.target_tag
}locals {
forwarding_rule = {
name = "tcp-proxy-xlb-forwarding-rule"
protocol = "TCP"
schema = "EXTERNAL"
port_range = "80"
}
tcp_proxy = {
name = "proxy-health-check"
}
backend = {
name = "proxy-xlb-backend-service"
protocol = "TCP"
port_name = "tcp"
schema = "EXTERNAL"
timeout_sec = 10
balancing_mode = "CONNECTION"
}
health_check = {
name = "tcp-proxy-health-check"
timeout_sec = 1
check_interval_sec = 1
target_port = "80"
}
}
resource "google_compute_global_forwarding_rule" "default" {
name = local.forwarding_rule.name
#region = "${lookup(var.project_info, var.region)}"
ip_protocol = local.forwarding_rule.protocol
load_balancing_scheme = local.forwarding_rule.schema
port_range = local.forwarding_rule.port_range
target = google_compute_target_tcp_proxy.default.id
ip_address = google_compute_global_address.default.id
}
resource "google_compute_target_tcp_proxy" "default" {
name = local.tcp_proxy.name
#region = "${lookup(var.project_info, var.region)}"
backend_service = google_compute_backend_service.default.id
}
data "google_compute_instance_group" "group1" {
name = google_compute_instance_group.default.name
provider = google
zone = "${lookup(var.project_info, var.region)}-a"
}
resource "google_compute_backend_service" "default" {
name = local.backend.name
#region = "${lookup(var.project_info, var.region)}"
protocol = local.backend.protocol
port_name = local.backend.port_name
load_balancing_scheme = local.backend.schema
timeout_sec = local.backend.timeout_sec
health_checks = [ google_compute_health_check.default.id ]
backend {
group = data.google_compute_instance_group.group1.id
balancing_mode = local.backend.balancing_mode
max_connections_per_instance = 1
}
}
resource "google_compute_health_check" "default" {
name = local.health_check.name
#region = "${lookup(var.project_info, var.region)}"
timeout_sec = local.health_check.timeout_sec
check_interval_sec = local.health_check.check_interval_sec
tcp_health_check {
port = local.health_check.target_port
}
}上記を作成後、下記のコマンドにてプロビジョニングする。
terraform init -upgrade
terraform plan -var-file=dev.tfvars
terraform apply -var-file=dev.tfvarsGoogleCloudにプロビジョニングが完了したらロードバランサーのアドレスに接続して疎通確認を行う。
・Appendix
参考文献はこちら
https://cloud.google.com/load-balancing/docs/tcp/ext-tcp-proxy-lb-tf-examples?hl=ja
https://cloud.google.com/load-balancing/docs/tcp/set-up-ext-reg-tcp-proxy-migs?hl=ja
https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/modules/net-lb-ext
https://cloud.google.com/load-balancing/docs/network/networklb-backend-service?hl=ja
https://qiita.com/hajimeni/items/4afcac38e4f275edb852
コメントを残す