[A-00229]Terraform 1000本ノック(4)
前回記事はこちら
今回はCloud Runを使ってServerless NEG+LoadBalancer+Cloud Run構成をプロビジョニングしたいと思います。
variable "project_id" {
type = string
default = "project_id"
}
variable "region" {
type = string
default = "region"
}
variable "project_config" {
type = map(string)
}project_config = {
project_id = "your-project"
region = "asia-northeast1"
}terraform {
backend "gcs" {
}
}locals {
ip_address = {
name = "lb-ip-address"
network_tier="STANDARD"
}
}
resource "google_compute_address" "default" {
name = local.ip_address.name
network_tier = local.ip_address.network_tier
region = "${lookup(var.project_config, var.region)}"
}terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "6.15.0"
}
}
}
provider "google" {
project = lookup(var.project_config, var.project_id)
region = lookup(var.project_config, var.region)
}locals {
vpc = {
name = "lb-network"
}
subnet = {
name = "lb-subnet"
ip_range = "10.1.2.0/24"
}
proxy_subnet = {
name = "proxy-only-subnet"
purpose = "REGIONAL_MANAGED_PROXY"
role = "ACTIVE"
ip_range = "10.129.0.0/23"
}
}
resource "google_compute_network" "default" {
name = local.vpc.name
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "default" {
name = local.subnet.name
ip_cidr_range = local.subnet.ip_range
region = lookup(var.project_config, var.region)
network = google_compute_network.default.id
}
resource "google_compute_subnetwork" "proxy_subnet" {
name = local.proxy_subnet.name
purpose = local.proxy_subnet.purpose
role = local.proxy_subnet.role
region = lookup(var.project_config, var.region)
ip_cidr_range = local.proxy_subnet.ip_range
network = google_compute_network.default.id
}locals {
neg = {
name = "serverless-neg"
type = "SERVERLESS"
}
}
resource "google_compute_region_network_endpoint_group" "default" {
name = local.neg.name
network_endpoint_type = local.neg.type
region = "${lookup(var.project_config, var.region)}"
cloud_run {
service = google_cloud_run_service.default.name
}
}locals {
cloud_run = {
name = "hello-service"
image = "gcr.io/cloudrun/hello"
users = "allUsers"
percent = 100
latest_revision = true
}
}
resource "google_cloud_run_service" "default" {
name = local.cloud_run.name
location = "${lookup(var.project_config, var.region)}"
template {
spec {
containers {
image = local.cloud_run.image
}
}
}
traffic {
percent = local.cloud_run.percent
latest_revision = local.cloud_run.latest_revision
}
}
data "google_iam_policy" "noauth" {
binding {
role = "roles/run.invoker"
members = [
"allUsers",
]
}
}
resource "google_cloud_run_service_iam_policy" "noauth" {
location = "${lookup(var.project_config, var.region)}"
project = "${lookup(var.project_config, var.project_id)}"
service = google_cloud_run_service.default.name
policy_data = data.google_iam_policy.noauth.policy_data
}locals {
backend = {
name = "lb-backend-service"
schema = "EXTERNAL_MANAGED"
protocol = "HTTP"
mode = "UTILIZATION"
scaler = 1.0
timeout_sec = 10
}
url_map = {
name = "service-url-map"
}
http_proxy = {
name = "http-proxy"
}
forward_rule = {
name = "http-forwarding-rule"
schema = "EXTERNAL_MANAGED"
tier = "STANDARD"
port_range = "80"
}
}
resource "google_compute_region_backend_service" "default" {
name = local.backend.name
load_balancing_scheme = local.backend.schema
protocol = local.backend.protocol
region = "${lookup(var.project_config, var.region)}"
backend {
group = google_compute_region_network_endpoint_group.default.id
balancing_mode = local.backend.mode
capacity_scaler = local.backend.scaler
}
}
resource "google_compute_region_url_map" "default" {
name = local.url_map.name
default_service = google_compute_region_backend_service.default.id
region = "${lookup(var.project_config, var.region)}"
}
resource "google_compute_region_target_http_proxy" "default" {
name = local.http_proxy.name
url_map = google_compute_region_url_map.default.id
region = "${lookup(var.project_config, var.region)}"
}
resource "google_compute_forwarding_rule" "default" {
name = local.forward_rule.name
region = "${lookup(var.project_config, var.region)}"
load_balancing_scheme = local.forward_rule.schema
network_tier = local.forward_rule.tier
target = google_compute_region_target_http_proxy.default.id
network = google_compute_network.default.id
ip_address = google_compute_address.default.id
port_range = local.forward_rule.port_range
depends_on = [ google_compute_subnetwork.proxy_subnet ]
}上記を作成したら下記のコマンドでprovisioningします。
terraform init -upgrade
terraform plan -var-file=dev.tfvars
terraform apply -var-file=dev.tfvarsprovisioningしたらロードバランサーのIPアドレスにアクセスすると下記の画面が表示されます。
Appendix
参考文献はこちら
https://cloud.google.com/load-balancing/docs/https/setting-up-reg-ext-https-serverless?hl=ja
https://cloud.google.com/run/docs/deploying?hl=ja
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_service
https://github.com/GoogleCloudPlatform/cloud-run-hello
https://cloud.google.com/load-balancing/docs/negs/serverless-neg-concepts?hl=ja#regional-external
https://cloud.google.com/load-balancing/docs/https/setting-up-https-serverless?hl=ja
コメントを残す