Complete restructure

modules/network/firewall/main.tf

@@ -0,0 +1,21 @@
+## Firewall Rules to allow Front-End and Back-End
+
+resource "google_compute_firewall" "fw_fe" {
+  name    = "fw-fe"
+  network = "default"
+  allow {
+    protocol = "tcp"
+    ports    = ["8080"]
+  }
+  target_tags = ["frontend"]
+}
+
+resource "google_compute_firewall" "fw_be" {
+  name    = "fw-be"
+  network = "default"
+  allow {
+    protocol = "tcp"
+    ports    = ["8081-8082"]
+  }
+  target_tags = ["backend"]
+}

modules/network/healthchecks/main.tf

@@ -0,0 +1,40 @@
+#Create HealthChecks
+
+resource "google_compute_http_health_check" "fancy_fe_hc" {
+  name = "fancy-fe-hc"
+  port = "8080"
+  request_path = "/"
+  check_interval_sec = 30
+  timeout_sec = 10
+  healthy_threshold = 1
+  unhealthy_threshold = 3
+}
+
+resource "google_compute_http_health_check" "fancy_be_hc" {
+  name = "fancy-be-hc"
+  port = "8081"
+  request_path = "/api/orders"
+  check_interval_sec = 30
+  timeout_sec = 10
+  healthy_threshold = 1
+  unhealthy_threshold = 3
+}
+
+
+resource "google_compute_http_health_check" "fancy_fe_frontend_hc" {
+  name = "fancy-fe-frontend-hc"
+  request_path = "/"
+  port = 8080
+}
+
+resource "google_compute_http_health_check" "fancy_be_orders_hc" {
+  name = "fancy-be-orders-hc"
+  request_path = "/api/orders"
+  port = 8081
+}
+
+resource "google_compute_http_health_check" "fancy_be_products_hc" {
+  name = "fancy-be-products-hc"
+  request_path = "/api/products"
+  port = 8082
+}

modules/network/loadbalancer/main.tf

@@ -0,0 +1,98 @@
+resource "google_compute_backend_service" "fancy_fe_frontend" {
+  name = "fancy-fe-frontend"
+  port_name = "frontend"
+  protocol = "HTTP"
+  load_balancing_scheme = "INTERNAL_SELF_MANAGED"
+
+  backend {
+    group = google_compute_instance_group_manager.fancy_fe_mig.self_link
+  }
+
+  health_checks = [
+    google_compute_http_health_check.fancy_fe_frontend_hc.self_link
+  ]
+}
+
+resource "google_compute_backend_service" "fancy_be_orders" {
+  name = "fancy-be-orders"
+  port_name = "orders"
+  protocol = "HTTP"
+  load_balancing_scheme = "INTERNAL_SELF_MANAGED"
+
+  backend {
+    group = google_compute_instance_group_manager.fancy_be_mig.self_link
+  }
+
+  health_checks = [
+    google_compute_http_health_check.fancy_be_orders_hc.self_link
+  ]
+}
+
+resource "google_compute_backend_service" "fancy_be_products" {
+  name = "fancy-be-products"
+  port_name = "products"
+  protocol = "HTTP"
+  load_balancing_scheme = "INTERNAL_SELF_MANAGED"
+
+  backend {
+    group = google_compute_instance_group_manager.fancy_be_mig.self_link
+  }
+
+  health_checks = [
+    google_compute_http_health_check.fancy_be_products_hc.self_link
+  ]
+}
+
+resource "google_compute_url_map" "fancy_map" {
+  name = "fancy-map"
+  default_service = google_compute_backend_service.fancy_fe_frontend.self_link
+}
+
+resource "google_compute_path_matcher" "fancy_path_matcher" {
+  name = "orders"
+  default_service = google_compute_backend_service.fancy_fe_frontend.self_link
+
+  path_rule {
+    paths = ["/api/orders"]
+    service = google_compute_backend_service.fancy_be_orders.self_link
+  }
+
+  path_rule {
+    paths = ["/api/products"]
+    service = google_compute_backend_service.fancy_be_products.self_link
+  }
+
+  url_map = google_compute_url_map.fancy_map.self_link
+}
+
+resource "google_compute_target_http_proxy" "fancy_proxy" {
+  name = "fancy-proxy"
+  url_map = google_compute_url_map.fancy_map.self_link
+}
+
+resource "google_compute_global_forwarding_rule" "fancy_http_rule" {
+  name = "fancy-http-rule"
+  target = google_compute_target_http_proxy.fancy_proxy.self_link
+  port_range = "80"
+}
+
+
+
+
+# ENABLE CDN
+resource "google_compute_backend_service" "fancy_fe_frontend" {
+  name = "fancy-fe-frontend"
+  port_name = "frontend"
+  protocol = "HTTP"
+  load_balancing_scheme = "INTERNAL_SELF_MANAGED"
+
+  backend {
+    group = google_compute_instance_group_manager.fancy_fe_mig.self_link
+  }
+
+  health_checks = [
+    google_compute_http_health_check.fancy_fe_frontend_hc.self_link
+  ]
+
+  enable_cdn = true
+}

modules/network/main.tf

@@ -1,41 +1,59 @@
-# Define VPC
-resource "google_compute_network" "vpc_network" {
-  name                    = var.vpc_name
-  project                 = var.project_id
-  auto_create_subnetworks = false
+resource "google_compute_backend_service" "fancy_backend_service" {
+  name = "fancy-backend-service"
+  protocol = "HTTP"
+  
+  backend {
+    group = google_compute_instance_group_manager.fancy_be_mig.self_link
+  }
+  
+  health_checks = [
+    google_compute_http_health_check.fancy_be_hc.self_link
+  ]
+  
+  port_name = "orders"
+  
+  named_port {
+    name = "orders"
+    port = "8081"
+  }
+  
+  named_port {
+    name = "products"
+    port = "8082"
+  }
 }
 
-# Define subnetwork
-resource "google_compute_subnetwork" "vpc_subnet" {
-  name          = var.subnet_name
-  ip_cidr_range = var.subnet_cidr_range
-  region        = var.region
-  network       = google_compute_network.vpc_network.self_link
+resource "google_compute_backend_service" "fancy_frontend_service" {
+  name = "fancy-frontend-service"
+  protocol = "HTTP"
+  
+  backend {
+    group = google_compute_instance_group_manager.fancy_fe_mig.self_link
+  }
+  
+  health_checks = [
+    google_compute_http_health_check.fancy_fe_hc.self_link
+  ]
+  
+  port_name = "frontend"
+  
+  named_port {
+    name = "frontend"
+    port = "8080"
+  }
 }
 
-# Define firewall rule for frontend instances
-resource "google_compute_firewall" "frontend_firewall" {
-  name    = "allow-frontend"
-  network = google_compute_network.vpc_network.self_link
+resource "google_compute_firewall" "allow_health_check" {
+  name    = "allow-health-check"
+  network = "default"
 
   allow {
     protocol = "tcp"
-    ports    = ["8080"]
+    ports    = ["8080-8081"]
   }
 
-  target_tags = ["frontend"]
-}
-
-# Define firewall rule for backend instances
-resource "google_compute_firewall" "backend_firewall" {
-  name    = "allow-backend"
-  network = google_compute_network.vpc_network.self_link
-
-  allow {
-    protocol = "tcp"
-    ports    = ["8081-8082"]
-  }
-
-  target_tags = ["backend"]
-}
-
+  source_ranges = [
+    "130.211.0.0/22",
+    "35.191.0.0/16"
+  ]
+}

modules/network/nat_gateway/main.tf

@@ -1,71 +0,0 @@
-provider "google" {
-  project = var.project_id
-  region  = var.region
-}
-
-resource "google_compute_network" "vpc_network" {
-  name                    = var.vpc_name
-  auto_create_subnetworks = false
-}
-
-resource "google_compute_subnetwork" "subnet" {
-  name          = var.subnet_name
-  network       = google_compute_network.vpc_network.self_link
-  ip_cidr_range = var.subnet_cidr_range
-}
-
-resource "google_compute_router" "router" {
-  name    = var.router_name
-  region  = var.region
-  network = google_compute_network.vpc_network.self_link
-
-  bgp {
-    asn = 64514
-  }
-
-  dynamic "interface" {
-    for_each = var.router_interfaces
-    content {
-      name               = interface.value.name
-      ip_address         = interface.value.ip_address
-      management        = interface.value.management
-      management_config = interface.value.management_config
-    }
-  }
-}
-
-resource "google_compute_address" "nat_ip" {
-  name         = var.nat_ip_name
-  region       = var.region
-  address_type = "EXTERNAL"
-}
-
-resource "google_compute_instance" "nat_instance" {
-  name         = var.nat_instance_name
-  machine_type = var.machine_type
-  zone         = var.zone
-  tags         = ["nat"]
-  boot_disk {
-    initialize_params {
-      image = var.image_name
-    }
-  }
-  network_interface {
-    network = google_compute_network.vpc_network.self_link
-    access_config {
-      nat_ip = google_compute_address.nat_ip.address
-    }
-  }
-}
-
-resource "google_compute_route" "nat_route" {
-  name                   = var.nat_route_name
-  destination_range      = var.destination_range
-  next_hop_instance      = google_compute_instance.nat_instance.self_link
-  next_hop_instance_zone = var.zone
-  tags                   = ["nat"]
-}
-
-output "nat_ip_address" {
-  value = google_compute_address.nat_ip.address
-}

modules/network/nat_gateway/variables.tf

@@ -1,96 +0,0 @@
-# Variables for network module
-variable "region" {
-  description = "The region where the network will be created"
-  type        = string
-}
-
-variable "project_id" {
-  description = "The project id where the network will be created"
-  type        = string
-}
-
-variable "network_name" {
-  description = "The name of the VPC network"
-  type        = string
-}
-
-variable "subnet_name" {
-  description = "The name of the subnet within the VPC network"
-  type        = string
-}
-
-variable "subnet_ip_cidr_range" {
-  description = "The IP CIDR range of the subnet within the VPC network"
-  type        = string
-}
-
-# Variables for backend module
-variable "bucket_name" {
-  description = "The name of the GCS bucket"
-  type        = string
-}
-
-# Variables for frontend module
-variable "instance_name" {
-  description = "The name of the instance"
-  type        = string
-}
-
-variable "instance_zone" {
-  description = "The zone where the instance will be created"
-  type        = string
-}
-
-variable "machine_type" {
-  description = "The machine type of the instance"
-  type        = string
-}
-
-variable "instance_startup_script" {
-  description = "The startup script for the instance"
-  type        = string
-}
-
-variable "firewall_allow_80" {
-  description = "Whether or not to allow incoming traffic on port 80"
-  type        = bool
-}
-
-# Variables for nat_gateway module
-variable "nat_gateway_name" {
-  description = "The name of the NAT gateway instance"
-  type        = string
-}
-
-variable "nat_gateway_zone" {
-  description = "The zone where the NAT gateway instance will be created"
-  type        = string
-}
-
-variable "nat_gateway_machine_type" {
-  description = "The machine type of the NAT gateway instance"
-  type        = string
-}
-
-variable "nat_gateway_startup_script" {
-  description = "The startup script for the NAT gateway instance"
-  type        = string
-}
-
-variable "nat_subnet_name" {
-  description = "The name of the subnet in which to deploy the NAT gateway"
-  type        = string
-}
-
-# Variables for firewall module
-variable "allowed_ingress_ports" {
-  description = "The list of ingress ports allowed to access the instance"
-  type        = list(number)
-  default     = [22, 80]
-}
-
-variable "allowed_egress_ports" {
-  description = "The list of egress ports allowed to leave the instance"
-  type        = list(number)
-  default     = []
-}

modules/network/outputs.tf

@@ -1,19 +0,0 @@
-output "vpc_network_name" {
-  value = google_compute_network.vpc_network.name
-}
-
-output "subnet_name" {
-  value = google_compute_subnetwork.vpc_subnet.name
-}
-
-output "subnet_cidr_range" {
-  value = google_compute_subnetwork.vpc_subnet.ip_cidr_range
-}
-
-output "frontend_firewall_name" {
-  value = google_compute_firewall.frontend_firewall.name
-}
-
-output "backend_firewall_name" {
-  value = google_compute_firewall.backend_firewall.name
-}

modules/network/variables.tf

@@ -1,23 +0,0 @@
-variable "project_id" {
-  description = "The ID of the Google Cloud project to deploy resources to."
-}
-
-variable "region" {
-  description = "The region where the resources will be created."
-  default     = "us-central1"
-}
-
-variable "vpc_name" {
-  description = "The name of the VPC network to be created."
-  default     = "fancy-store-vpc"
-}
-
-variable "subnet_name" {
-  description = "The name of the subnet to be created."
-  default     = "fancy-store-subnet"
-}
-
-variable "subnet_cidr_range" {
-  description = "The CIDR range of the subnet to be created."
-  default     = "10.0.0.0/24"
-}