├── BinAuthz ├── AlwaysDeny_policy.yaml ├── DR_AlwaysDeny_policy.yaml ├── deployment.yaml └── readme.md ├── CloudArmor ├── backend-config.yaml ├── deployment.yaml ├── ingress.yaml ├── readme.md └── service.yaml ├── CloudSQL ├── README.md ├── main.tf ├── output.tf └── variables.tf ├── Create Master Terraform Project and Service Account ├── README.md ├── backend.tf └── gcp_tf_prep.sh ├── Create Project ├── README.md ├── gcp_tf_IaC.sh └── project.tf ├── MIG ├── README.md ├── apache-mig-glb │ ├── README.md │ ├── main.tf │ └── variables.tf ├── apache │ ├── README.md │ ├── instance_template_and_mig_apache.tf │ └── variables.tf └── old │ └── instance_template_and_mig.tf ├── README.md ├── consul ├── README.md ├── consul.tf └── master.yml ├── consul_vars ├── README.md ├── consul_with_vars.tf ├── master.yml └── variables.tf ├── dataflow └── wc.maven ├── gce ├── README.md ├── compute.tf └── glusterfs.tf ├── gcs-backend ├── README.md ├── example_referencing.txt └── gcs.tf ├── gke ├── README.md ├── gke.tf └── variables.tf ├── http-https-redirect └── myimage │ ├── Dockerfile.template │ ├── Makefile │ ├── README.md │ ├── global.conf │ └── http.conf ├── log_purge ├── gcs.txt └── stackdriver.txt ├── nginx-ingress-controller ├── nginx-ingress-controller.yaml └── nginx-ingress-default-backend.yaml ├── packer ├── README.md ├── apache.json ├── docker.json ├── gcp_v1.json ├── gcp_v2.json ├── gcp_v3.json ├── glusterfs.json └── provisioner.sh ├── private_catalog ├── README.md ├── final_preksm │ ├── private_catalog.jinja │ └── private_catalog.jinja.schema ├── private_catalog.jinja ├── private_catalog.jinja.schema └── private_catalog.yaml ├── prometheus ├── clusterRole.yaml ├── config-map.yaml ├── metrics.png ├── patch.sh ├── prometheus-deployment.yaml └── readme.md ├── vault ├── README.md ├── config.json ├── master.yml ├── variables.tf └── vault.tf └── vpc ├── README.md └── custom_vpc.tf /BinAuthz/AlwaysDeny_policy.yaml: -------------------------------------------------------------------------------- 1 | admissionWhitelistPatterns: 2 | - namePattern: gcr.io/google_containers/* 3 | - namePattern: gcr.io/google-containers/* 4 | - namePattern: k8s.gcr.io/* 5 | - namePattern: gcr.io/stackdriver-agents/* 6 | defaultAdmissionRule: 7 | enforcementMode: ENFORCED_BLOCK_AND_AUDIT_LOG 8 | evaluationMode: ALWAYS_DENY 9 | name: projects/PROJECT_ID/policy 10 | -------------------------------------------------------------------------------- /BinAuthz/DR_AlwaysDeny_policy.yaml: -------------------------------------------------------------------------------- 1 | admissionWhitelistPatterns: 2 | - namePattern: gcr.io/google_containers/* 3 | - namePattern: gcr.io/google-containers/* 4 | - namePattern: k8s.gcr.io/* 5 | - namePattern: gcr.io/stackdriver-agents/* 6 | defaultAdmissionRule: 7 | enforcementMode: DRYRUN_AUDIT_LOG_ONLY 8 | evaluationMode: ALWAYS_DENY 9 | name: projects/PROJECT_ID/policy 10 | -------------------------------------------------------------------------------- /BinAuthz/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: binauthz-nginx-deployment 5 | labels: 6 | app: nginx 7 | spec: 8 | replicas: 3 9 | selector: 10 | matchLabels: 11 | app: nginx 12 | template: 13 | metadata: 14 | labels: 15 | app: nginx 16 | spec: 17 | containers: 18 | - name: nginx 19 | image: nginx:1.7.9 20 | ports: 21 | - containerPort: 80 22 | -------------------------------------------------------------------------------- /BinAuthz/readme.md: -------------------------------------------------------------------------------- 1 | # View current policy to YAML 2 | gcloud container binauthz policy export > old-policy.yaml
3 | gcloud container binauthz policy export > policy.yaml 4 | # 5 | # Check and edit policy.yaml
Change ALWAYS_ALLOW to ALWAYS_DENY 6 | nano policy.yaml 7 | # 8 | # Import your new policy 9 | gcloud container binauthz policy import policy.yaml 10 | # 11 | # Testing the policy (Deployment will fail) 12 | kubectl apply -f deployment.yaml 13 | # 14 | # Change ENFORCED_BLOCK_AND_AUDIT_LOG to DRYRUN_AUDIT_LOG_ONLY 15 | nano policy.yaml 16 | # 17 | # Dry-Run the policy (Deployment will work) 18 | gcloud container binauthz policy import policy.yaml 19 | # 20 | # Look for dry-run in StackDriver Logging (Kubernetes Cluster / Filter: dry-run) 21 | # 22 | # Clean-Up 23 | gcloud container binauthz policy import old-policy.yaml 24 | -------------------------------------------------------------------------------- /CloudArmor/backend-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cloud.google.com/v1beta1 2 | kind: BackendConfig 3 | metadata: 4 | namespace: cloud-armor-how-to 5 | name: my-backend-config 6 | spec: 7 | securityPolicy: 8 | name: "ca-how-to-security-policy" 9 | sessionAffinity: 10 | affinityType: "GENERATED_COOKIE" 11 | affinityCookieTtlSec: 50 12 | -------------------------------------------------------------------------------- /CloudArmor/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | namespace: cloud-armor-how-to 5 | name: my-deployment 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: hello-app 10 | replicas: 2 11 | template: 12 | metadata: 13 | labels: 14 | app: hello-app 15 | spec: 16 | containers: 17 | - name: hello-app-container 18 | image: gcr.io/google-samples/hello-app:1.0 19 | ports: 20 | - containerPort: 8080 21 | -------------------------------------------------------------------------------- /CloudArmor/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | namespace: cloud-armor-how-to 5 | name: my-ingress 6 | annotations: 7 | kubernetes.io/ingress.global-static-ip-name: "cloud-armor-how-to-address" 8 | ingress.kubernetes.io/affinity: 'cookie' 9 | spec: 10 | backend: 11 | serviceName: my-service 12 | servicePort: 80 13 | -------------------------------------------------------------------------------- /CloudArmor/readme.md: -------------------------------------------------------------------------------- 1 | # Create Namespace 2 | kubectl create namespace cloud-armor-how-to 3 | # 4 | # Deploy Workload 5 | kubectl apply -f deployment.yaml 6 | # 7 | # Create CA Policy and Rules 8 | gcloud beta compute security-policies create ca-how-to-security-policy --description "policy for Google Cloud Armor how-to topic"
9 | gcloud beta compute security-policies rules create 1000 --security-policy ca-how-to-security-policy --description "Deny traffic from 192.0.2.0/24." --src-ip-ranges "192.0.2.0/24" --action "deny-404" 10 | # 11 | # Create BackendConfig that says which policy to use 12 | kubectl apply -f backend-config.yaml 13 | # 14 | # Check Deployment and CA policy in UI 15 | # 16 | # Create Service with Annotation to BackEndconfig thus making the link between the BES and the CA Policy 17 | kubectl apply -f service.yaml 18 | # 19 | # Reserve External IP and give it a name 20 | gcloud compute addresses create cloud-armor-how-to-address --global 21 | # 22 | # Create Ingress that point to my BES and uses the reserved external IP via Annotation. 23 | kubectl create -f ingress.yaml 24 | # 25 | # Check CA Policy Target in UI 26 | # 27 | # Clean Up 28 | kubectl delete ingress my-ingress --namespace cloud-armor-how-to
29 | kubectl delete service my-service --namespace cloud-armor-how-to
30 | kubectl delete backendconfig my-backend-config --namespace cloud-armor-how-to
31 | kubectl delete deployment my-deployment --namespace cloud-armor-how-to
32 | kubectl delete namespace cloud-armor-how-to
33 | gcloud compute addresses delete cloud-armor-how-to-address --global
34 | gcloud beta compute security-policies delete ca-how-to-security-policy 35 | -------------------------------------------------------------------------------- /CloudArmor/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: cloud-armor-how-to 5 | name: my-service 6 | labels: 7 | app: hello-app 8 | annotations: 9 | beta.cloud.google.com/backend-config: '{"ports": {"80":"my-backend-config"}}' 10 | cloud.google.com/load-balancer-type: "Internal" 11 | spec: 12 | type: LoadBalancer 13 | selector: 14 | app: hello-app 15 | ports: 16 | - port: 80 17 | protocol: TCP 18 | targetPort: 8080 19 | -------------------------------------------------------------------------------- /CloudSQL/README.md: -------------------------------------------------------------------------------- 1 | # gcp/CloudSQL 2 | Terraform script sample to deploy a non-HA CloudSQL instance. 3 | 4 | Script uses a GCP service account and a JSON file with your account token and info in variables.tf 5 | -------------------------------------------------------------------------------- /CloudSQL/main.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${var.credentials}" 3 | project = "${var.project}" 4 | region = "${var.region}" 5 | } 6 | 7 | resource "google_sql_database_instance" "master" { 8 | name = "${var.name}" 9 | project = "${var.project}" 10 | region = "${var.region}" 11 | database_version = "${var.database_version}" 12 | 13 | settings { 14 | tier = "${var.tier}" 15 | activation_policy = "${var.activation_policy}" 16 | authorized_gae_applications = ["${var.authorized_gae_applications}"] 17 | disk_autoresize = "${var.disk_autoresize}" 18 | backup_configuration = ["${var.backup_configuration}"] 19 | ip_configuration = ["${var.ip_configuration}"] 20 | location_preference = ["${var.location_preference}"] 21 | maintenance_window = ["${var.maintenance_window}"] 22 | disk_size = "${var.disk_size}" 23 | disk_type = "${var.disk_type}" 24 | pricing_plan = "${var.pricing_plan}" 25 | replication_type = "${var.replication_type}" 26 | } 27 | 28 | replica_configuration = ["${var.replica_configuration}"] 29 | } 30 | 31 | resource "google_sql_database" "default" { 32 | name = "${var.db_name}" 33 | project = "${var.project}" 34 | instance = "${google_sql_database_instance.master.name}" 35 | charset = "${var.db_charset}" 36 | collation = "${var.db_collation}" 37 | } 38 | 39 | resource "random_id" "user-password" { 40 | byte_length = 8 41 | } 42 | 43 | resource "google_sql_user" "default" { 44 | name = "${var.user_name}" 45 | project = "${var.project}" 46 | instance = "${google_sql_database_instance.master.name}" 47 | host = "${var.user_host}" 48 | password = "${var.user_password == "" ? random_id.user-password.hex : var.user_password}" 49 | } 50 | -------------------------------------------------------------------------------- /CloudSQL/output.tf: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 Google Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output instance_name { 18 | description = "The name of the database instance" 19 | value = "${google_sql_database_instance.master.name}" 20 | } 21 | 22 | output instance_address { 23 | description = "The IPv4 address of the master database instnace" 24 | value = "${google_sql_database_instance.master.ip_address.0.ip_address}" 25 | } 26 | 27 | output instance_address_time_to_retire { 28 | description = "The time the master instance IP address will be retired. RFC 3339 format." 29 | value = "${google_sql_database_instance.master.ip_address.0.time_to_retire}" 30 | } 31 | 32 | output self_link { 33 | description = "Self link to the master instance" 34 | value = "${google_sql_database_instance.master.self_link}" 35 | } 36 | 37 | output generated_user_password { 38 | description = "The auto generated default user password if no input password was provided" 39 | value = "${random_id.user-password.hex}" 40 | sensitive = true 41 | } 42 | -------------------------------------------------------------------------------- /CloudSQL/variables.tf: -------------------------------------------------------------------------------- 1 | variable "credentials" { default = "../terraform.json" } 2 | variable "project" { default = "terraform-sandbox-194417" } 3 | variable "region" { default = "northamerica-northeast1" } 4 | variable "zone" { default = "northamerica-northeast1-a" } 5 | # 6 | variable name { 7 | description = "Name for the database instance. Must be unique and cannot be reused for up to one week." 8 | } 9 | 10 | variable database_version { 11 | description = "The version of of the database. For example, `MYSQL_5_6` or `POSTGRES_9_6`." 12 | default = "MYSQL_5_7" 13 | } 14 | 15 | variable tier { 16 | description = "The machine tier (First Generation) or type (Second Generation). See this page for supported tiers and pricing: https://cloud.google.com/sql/pricing" 17 | default = "db-f1-micro" 18 | } 19 | 20 | variable db_name { 21 | description = "Name of the default database to create" 22 | default = "default" 23 | } 24 | 25 | variable db_charset { 26 | description = "The charset for the default database" 27 | default = "" 28 | } 29 | 30 | variable db_collation { 31 | description = "The collation for the default database. Example for MySQL databases: 'utf8', and Postgres: 'en_US.UTF8'" 32 | default = "" 33 | } 34 | 35 | variable user_name { 36 | description = "The name of the default user" 37 | default = "default" 38 | } 39 | 40 | variable user_host { 41 | description = "The host for the default user" 42 | default = "%" 43 | } 44 | 45 | variable user_password { 46 | description = "The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable." 47 | default = "" 48 | } 49 | 50 | variable activation_policy { 51 | description = "This specifies when the instance should be active. Can be either `ALWAYS`, `NEVER` or `ON_DEMAND`." 52 | default = "ALWAYS" 53 | } 54 | 55 | variable authorized_gae_applications { 56 | description = "A list of Google App Engine (GAE) project names that are allowed to access this instance." 57 | type = "list" 58 | default = [] 59 | } 60 | 61 | variable disk_autoresize { 62 | description = "Second Generation only. Configuration to increase storage size automatically." 63 | default = true 64 | } 65 | 66 | variable disk_size { 67 | description = "Second generation only. The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased." 68 | default = 10 69 | } 70 | 71 | variable disk_type { 72 | description = "Second generation only. The type of data disk: `PD_SSD` or `PD_HDD`." 73 | default = "PD_SSD" 74 | } 75 | 76 | variable pricing_plan { 77 | description = "First generation only. Pricing plan for this instance, can be one of `PER_USE` or `PACKAGE`." 78 | default = "PER_USE" 79 | } 80 | 81 | variable replication_type { 82 | description = "Replication type for this instance, can be one of `ASYNCHRONOUS` or `SYNCHRONOUS`." 83 | default = "SYNCHRONOUS" 84 | } 85 | 86 | variable backup_configuration { 87 | description = "The backup_configuration settings subblock for the database setings" 88 | type = "map" 89 | default = {} 90 | } 91 | 92 | variable ip_configuration { 93 | description = "The ip_configuration settings subblock" 94 | type = "list" 95 | default = [{}] 96 | } 97 | 98 | variable location_preference { 99 | description = "The location_preference settings subblock" 100 | type = "list" 101 | default = [] 102 | } 103 | 104 | variable maintenance_window { 105 | description = "The maintenance_window settings subblock" 106 | type = "list" 107 | default = [] 108 | } 109 | 110 | variable replica_configuration { 111 | description = "The optional replica_configuration block for the database instance" 112 | type = "list" 113 | default = [] 114 | } 115 | 116 | -------------------------------------------------------------------------------- /Create Master Terraform Project and Service Account/README.md: -------------------------------------------------------------------------------- 1 | # gcp/Create Master Terraform Project and Service Account 2 | Shell and Terraform script to create an admin project for Terraform and also create a service account for automation of future GCP related tasks. 3 | 4 | Scripts uses a GCP service account and a JSON file with your account token. 5 | -------------------------------------------------------------------------------- /Create Master Terraform Project and Service Account/backend.tf: -------------------------------------------------------------------------------- 1 | // GCS backend for .tfstate file 2 | 3 | terraform { 4 | backend "gcs" { 5 | bucket = "-terraform-admin" 6 | path = "/terraform.tfstate" 7 | project = "-terraform-admin" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /Create Master Terraform Project and Service Account/gcp_tf_prep.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Enter your GCP info in here 4 | export TF_VAR_org_id=your_org_id 5 | export TF_VAR_billing_account=your_billing_account_id 6 | export TF_ADMIN=your_user-terraform-admin 7 | export TF_CREDS=your_tf_admin_creds.JSON 8 | # 9 | # CREATE TF ADMIN PROJECT 10 | gcloud projects create ${TF_ADMIN} --organization ${TF_VAR_org_id} --set-as-default 11 | gcloud beta billing projects link ${TF_ADMIN} --billing-account ${TF_VAR_billing_account} 12 | # 13 | # CREATE TF service account 14 | gcloud iam service-accounts create terraform --display-name "Terraform admin account" 15 | gcloud iam service-accounts keys create ${TF_CREDS} --iam-account terraform@${TF_ADMIN}.iam.gserviceaccount.com 16 | # 17 | # Grant the service account permission to view the Admin Project and manage Cloud Storage: 18 | gcloud projects add-iam-policy-binding ${TF_ADMIN} --member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com --role roles/viewer 19 | gcloud projects add-iam-policy-binding ${TF_ADMIN} --member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com --role roles/storage.admin 20 | # 21 | # Any actions that Terraform performs require that the API be enabled to do so. In this guide, Terraform requires the following: 22 | gcloud services enable cloudresourcemanager.googleapis.com 23 | gcloud services enable cloudbilling.googleapis.com 24 | gcloud services enable iam.googleapis.com 25 | gcloud services enable compute.googleapis.com 26 | # 27 | #Add organization/folder-level permissions 28 | #Grant the service account permission to create projects and assign billing accounts: 29 | gcloud organizations add-iam-policy-binding ${TF_VAR_org_id} --member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com --role roles/resourcemanager.projectCreator 30 | gcloud organizations add-iam-policy-binding ${TF_VAR_org_id} --member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com --role roles/billing.user 31 | # 32 | # If your billing account is owned by another organization, then make sure the service account email has been added as a Billing Account User to the billing account permissions. 33 | # 34 | # Create the remote backend bucket in Cloud Storage and the backend.tf file for storage of the terraform.tfstate file: 35 | gsutil mb -p ${TF_ADMIN} gs://${TF_ADMIN} 36 | cat > backend.tf < /var/www/html/index.html 83 | 84 | 85 | Apache Server - $(hostname) 86 | Google Cloud

87 | Packer 88 | Terraform 89 | Apache 90 |

Hostname: $(hostname)
Internal IP: $INT_IP
External IP: $EXT_IP

91 |

A Packer built, Terraform deployed, GCP Auto Scalling, Managed Instance Group with Load Balancer serving Apache Web Server

92 | 93 | 94 | SCRIPT 95 | } 96 | 97 | network_interface { 98 | network = "${var.network}" 99 | # 100 | # Give a Public IP to instance(s) 101 | #access_config { 102 | # // Ephemeral IP 103 | #} 104 | } 105 | 106 | service_account { 107 | scopes = ["userinfo-email", "compute-ro", "storage-ro"] 108 | } 109 | 110 | lifecycle { 111 | create_before_destroy = true 112 | } 113 | } 114 | # 115 | # Compute Healthcheck 116 | resource "google_compute_health_check" "default" { 117 | name = "${var.hc_name}" 118 | check_interval_sec = 1 119 | timeout_sec = 1 120 | 121 | tcp_health_check { 122 | port = "${var.hc_port}" 123 | } 124 | } 125 | # 126 | # Regional MIG AutoScaler 127 | resource "google_compute_region_autoscaler" "cras" { 128 | name = "${var.rmig_as_name}" 129 | region = "${var.region}" 130 | target = "${google_compute_region_instance_group_manager.rmig.self_link}" 131 | 132 | autoscaling_policy = { 133 | max_replicas = 5 134 | min_replicas = 3 135 | cooldown_period = 60 136 | cpu_utilization { 137 | target = 0.5 138 | } 139 | } 140 | } 141 | # 142 | # Global Forwarding Rule 143 | resource "google_compute_global_forwarding_rule" "gfr" { 144 | name = "${var.gfr_name}" 145 | target = "${google_compute_target_http_proxy.thp.self_link}" 146 | port_range = "${var.gfr_portrange}" 147 | } 148 | resource "google_compute_target_http_proxy" "thp" { 149 | name = "${var.thp_name}" 150 | url_map = "${google_compute_url_map.urlmap.self_link}" 151 | } 152 | resource "google_compute_url_map" "urlmap" { 153 | name = "${var.urlmap_name}" 154 | default_service = "${google_compute_backend_service.rbs.self_link}" 155 | } 156 | # 157 | # Firewall rules for specific Tags 158 | resource "google_compute_firewall" "default" { 159 | name = "${var.network}-${var.fwr_name}" 160 | network = "${var.network}" 161 | project = "${var.project}" 162 | 163 | allow { 164 | protocol = "tcp" 165 | ports = ["80", "443"] 166 | } 167 | } 168 | -------------------------------------------------------------------------------- /MIG/apache-mig-glb/variables.tf: -------------------------------------------------------------------------------- 1 | # Creds and default location 2 | variable "credentials" { default = "your_account.json" } // Change with you service account .json file 3 | variable "project" { default = "your_project_id" } // Your GCP Project ID 4 | variable "region" { default = "northamerica-northeast1" } 5 | variable "zone" { default = "northamerica-northeast1-a" } 6 | # 7 | # Instance Template 8 | variable "prefix" { default = "apache-" } 9 | variable "desc" { default = "This template is used to create Apache server instances." } 10 | variable "tags" { default = "webserver" } 11 | variable "desc_inst" { default = "Apache Web server instance" } 12 | variable "machine_type" { default = "n1-standard-1" } 13 | variable "source_image" { default = "apache" } //This is the family tag used when building the Golden Image with Packer. 14 | variable "network" { default = "default" } 15 | # 16 | # Managed Instace Group 17 | variable "rmig_name" { default = "apache-rmig" } 18 | variable "base_instance_name" { default = "apache" } 19 | variable "target_size" { default = "3" } 20 | # 21 | # Healthcheck 22 | variable "hc_name" { default = "apache-healthcheck" } 23 | variable "hc_port" { default = "80" } 24 | # 25 | # Backend 26 | variable "be_name" { default = "http-backend" } 27 | variable "be_protocol" { default = "HTTP" } 28 | variable "be_port_name" { default = "http" } 29 | variable "be_timeout" { default = "10" } 30 | variable "be_session_affinity" { default = "NONE" } 31 | # 32 | # RMIG Autoscaler 33 | variable "rmig_as_name" { default = "rmig-as" } 34 | # 35 | # Global Forwarding Rule 36 | variable "gfr_name" { default = "website-forwarding-rule" } 37 | variable "gfr_portrange" { default = "80" } 38 | variable "thp_name" { default = "http-proxy" } 39 | variable "urlmap_name" { default = "http-lb-url-map" } 40 | # 41 | # Firewall Rules 42 | variable "fwr_name" { default = "allow-http-https" } 43 | -------------------------------------------------------------------------------- /MIG/apache/README.md: -------------------------------------------------------------------------------- 1 | # gcp/MIG/apache 2 | Terraform script to create a an instance template from a Packer built image followed by the creation of an instance group with a minimum of 3 Apache Server with a burst to 5 instances running. It also opens port 80 and 443 in firewall rules for default network for target with the tag webserver. 3 | 4 | Scripts uses a GCP service account and a JSON file with your account token and VARS defined in variables.tf 5 | 6 | The Golden Image used for template creation can be created with Packer and this script: https://github.com/sveronneau/gcp/blob/master/packer/apache.json 7 | -------------------------------------------------------------------------------- /MIG/apache/instance_template_and_mig_apache.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${var.credentials}" 3 | project = "${var.project}" 4 | region = "${var.region}" 5 | } 6 | # 7 | # Template creation 8 | resource "google_compute_instance_template" "instance_template" { 9 | name_prefix = "${var.prefix}" 10 | description = "${var.desc}" 11 | project = "${var.project}" 12 | region = "${var.region}" 13 | tags = ["${var.tags}"] 14 | instance_description = "${var.desc_inst}" 15 | machine_type = "${var.machine_type}" 16 | can_ip_forward = false // Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false. 17 | 18 | scheduling { 19 | automatic_restart = true 20 | on_host_maintenance = "MIGRATE" 21 | } 22 | 23 | // Create a new boot disk from an image (Lets use one created by Packer) 24 | disk { 25 | source_image = "${var.source_image}" 26 | auto_delete = true 27 | boot = true 28 | } 29 | 30 | metadata { 31 | startup-script = <