commit new all

main.tf

@@ -0,0 +1,31 @@
+terraform {
+  backend "local" {
+    path = "terraform.tfstate"
+  }
+}
+
+provider "google" {
+  project = var.project_id
+  region  = var.region
+}
+
+module "network" {
+  source     = "./network"
+  project_id = var.project_id
+  region     = var.region
+  network    = var.network
+  subnet     = var.subnet
+}
+
+module "backend" {
+  source = "./backend"
+}
+
+module "frontend" {
+  source        = "./frontend"
+  project_id    = var.project_id
+  region        = var.region
+  instance_type = var.instance_type
+  backend_ip    = module.network.backend_ip
+  subnet_ip     = module.network.subnet_ip
+}

modules/backend/main.tf

@@ -0,0 +1,56 @@
+terraform {
+  required_providers {
+    google = {
+      source = "hashicorp/google"
+      version = "~> 3.5.0"
+    }
+  }
+}
+
+provider "google" {
+  project = var.project_id
+  region  = var.region
+}
+
+resource "google_compute_instance" "backend" {
+  name         = "backend"
+  machine_type = "n1-standard-1"
+  tags         = ["backend"]
+
+  boot_disk {
+    initialize_params {
+      image = var.image_name
+    }
+  }
+
+  metadata_startup_script = file("${path.module}/startup-script.sh")
+
+  network_interface {
+    network = google_compute_network.backend_network.self_link
+    access_config {
+      // Allocate a one-to-one NAT IP to allow SSH and HTTP access
+    }
+  }
+
+  service_account {
+    email  = var.sa_email
+    scopes = ["userinfo-email", "compute-ro", "storage-ro"]
+  }
+}
+
+resource "google_compute_firewall" "backend_firewall" {
+  name    = "allow-backend-internal"
+  network = google_compute_network.backend_network.self_link
+
+  allow {
+    protocol = "tcp"
+    ports    = ["8081-8082"]
+  }
+
+  source_tags = ["backend"]
+  target_tags = ["backend"]
+}
+
+output "backend_ip" {
+  value = google_compute_instance.backend.network_interface[0].access_config[0].nat_ip
+}

modules/backend/startup-script.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Install logging monitor. The monitor will automatically pick up logs sent to
+# syslog.
+curl -s "https://storage.googleapis.com/signals-agents/logging/google-fluentd-install.sh" | bash
+service google-fluentd restart &
+
+# Install dependencies from apt
+apt-get update
+apt-get install -yq ca-certificates git build-essential supervisor psmisc
+
+# Install nodejs
+mkdir /opt/nodejs
+curl https://nodejs.org/dist/v16.14.0/node-v16.14.0-linux-x64.tar.gz | tar xvzf - -C /opt/nodejs --strip-components=1
+ln -s /opt/nodejs/bin/node /usr/bin/node
+ln -s /opt/nodejs/bin/npm /usr/bin/npm
+
+# Get the application source code from the Google Cloud Storage bucket.
+mkdir /fancy-store
+gsutil -m cp -r gs://fancy-store-${var.project_id}/monolith-to-microservices/microservices/* /fancy-store/
+
+# Install app dependencies.
+cd /fancy-store/
+npm install
+
+# Create a nodeapp user. The application will run as this user.
+useradd -m -d /home/nodeapp nodeapp
+chown -R nodeapp:nodeapp /fancy-store
+
+# Configure supervisor to run the node app.
+cat >/etc/supervisor/conf.d/node-app.conf << EOF
+[program:orders]
+directory=/fancy-store/orders
+command=npm start
+autostart=true
+autorestart=true
+user=nodeapp
+environment=HOME="/home/nodeapp",USER="nodeapp",NODE_ENV="production"
+stdout_logfile=syslog
+stderr_logfile=syslog
+
+[program:products]
+directory=/fancy-store/products
+command=npm start
+autostart=true
+autorestart=true
+user=nodeapp
+environment=HOME="/home/nodeapp",USER="nodeapp",NODE_ENV="production"
+stdout_logfile=syslog
+stderr_logfile=syslog
+EOF
+
+supervisorctl reread
+supervisorctl update

modules/backend/variables.tf

@@ -0,0 +1,19 @@
+variable "project_id" {
+  type        = string
+  description = "The ID of the Google Cloud project to use for resources."
+}
+
+variable "region" {
+  type        = string
+  description = "The region to create resources in."
+}
+
+variable "sa_email" {
+  type        = string
+  description = "The email address of the service account to associate with the instance."
+}
+
+variable "image_name" {
+  type        = string
+  description = "The name of the image to use for the instance boot disk."
+}

modules/firewall/main.tf

@@ -0,0 +1,11 @@
+resource "google_compute_firewall" "default" {
+  name    = var.firewall_name
+  network = var.network_name
+
+  allow {
+    protocol = "tcp"
+    ports    = var.allowed_ports
+  }
+
+  source_ranges = var.source_ranges
+}

modules/firewall/variables.tf

@@ -0,0 +1,21 @@
+variable "firewall_name" {
+  description = "The name of the firewall"
+  type        = string
+}
+
+variable "network_name" {
+  description = "The name of the network to apply the firewall rule to"
+  type        = string
+}
+
+variable "allowed_ports" {
+  description = "The list of ports that are allowed by the firewall"
+  type        = list(number)
+  default     = [80, 443]
+}
+
+variable "source_ranges" {
+  description = "The list of source IP ranges that are allowed by the firewall"
+  type        = list(string)
+  default     = ["0.0.0.0/0"]
+}

modules/frontend/main.tf

@@ -0,0 +1,31 @@
+provider "google" {
+  project = var.project_id
+  region  = var.region
+}
+
+resource "google_compute_instance" "frontend" {
+  name         = "frontend"
+  machine_type = "e2-micro"
+  zone         = var.zone
+
+  boot_disk {
+    initialize_params {
+      image = "ubuntu-os-cloud/ubuntu-2004-lts"
+    }
+  }
+
+  network_interface {
+    network = var.network_name
+    access_config {
+      // Allocate a one-to-one NAT IP to the instance
+    }
+  }
+
+  metadata_startup_script = file(var.startup_script_path)
+
+  tags = ["http-server"]
+}
+
+output "frontend_ip" {
+  value = google_compute_instance.frontend.network_interface.0.access_config.0.nat_ip
+}

modules/frontend/variables.tf

@@ -0,0 +1,33 @@
+variable "project_id" {
+  description = "The ID of the Google Cloud project where resources will be created"
+}
+
+variable "region" {
+  description = "The region in which to create the resources"
+}
+
+variable "zone" {
+  description = "The zone in which to create the resources"
+}
+
+variable "instance_name" {
+  description = "The name to assign to the Compute Engine instance"
+}
+
+variable "machine_type" {
+  description = "The machine type of the Compute Engine instance"
+  default     = "f1-micro"
+}
+
+variable "image_name" {
+  description = "The name of the image to use for the Compute Engine instance boot disk"
+  default     = "ubuntu-os-cloud/ubuntu-2004-lts"
+}
+
+variable "network_name" {
+  description = "The name of the network to which the Compute Engine instance will be attached"
+}
+
+variable "startup_script_path" {
+  description = "The local path to the startup script to be run on the Compute Engine instance"
+}

modules/network/main.tf

@@ -0,0 +1,41 @@
+# Define VPC
+resource "google_compute_network" "vpc_network" {
+  name                    = var.vpc_name
+  project                 = var.project_id
+  auto_create_subnetworks = false
+}
+
+# Define subnetwork
+resource "google_compute_subnetwork" "vpc_subnet" {
+  name          = var.subnet_name
+  ip_cidr_range = var.subnet_cidr_range
+  region        = var.region
+  network       = google_compute_network.vpc_network.self_link
+}
+
+# Define firewall rule for frontend instances
+resource "google_compute_firewall" "frontend_firewall" {
+  name    = "allow-frontend"
+  network = google_compute_network.vpc_network.self_link
+
+  allow {
+    protocol = "tcp"
+    ports    = ["8080"]
+  }
+
+  target_tags = ["frontend"]
+}
+
+# Define firewall rule for backend instances
+resource "google_compute_firewall" "backend_firewall" {
+  name    = "allow-backend"
+  network = google_compute_network.vpc_network.self_link
+
+  allow {
+    protocol = "tcp"
+    ports    = ["8081-8082"]
+  }
+
+  target_tags = ["backend"]
+}
+

modules/network/outputs.tf

@@ -0,0 +1,19 @@
+output "vpc_network_name" {
+  value = google_compute_network.vpc_network.name
+}
+
+output "subnet_name" {
+  value = google_compute_subnetwork.vpc_subnet.name
+}
+
+output "subnet_cidr_range" {
+  value = google_compute_subnetwork.vpc_subnet.ip_cidr_range
+}
+
+output "frontend_firewall_name" {
+  value = google_compute_firewall.frontend_firewall.name
+}
+
+output "backend_firewall_name" {
+  value = google_compute_firewall.backend_firewall.name
+}

modules/network/variables.tf

@@ -0,0 +1,23 @@
+variable "project_id" {
+  description = "The ID of the Google Cloud project to deploy resources to."
+}
+
+variable "region" {
+  description = "The region where the resources will be created."
+  default     = "us-central1"
+}
+
+variable "vpc_name" {
+  description = "The name of the VPC network to be created."
+  default     = "fancy-store-vpc"
+}
+
+variable "subnet_name" {
+  description = "The name of the subnet to be created."
+  default     = "fancy-store-subnet"
+}
+
+variable "subnet_cidr_range" {
+  description = "The CIDR range of the subnet to be created."
+  default     = "10.0.0.0/24"
+}

network.tf

@@ -0,0 +1,90 @@
+terraform {
+  required_providers {
+    google = {
+      source = "hashicorp/google"
+      version = "3.86.0"
+    }
+  }
+}
+
+provider "google" {
+  project = var.project_id
+  region  = var.region
+}
+
+module "network" {
+  source      = "./network"
+  project_id  = var.project_id
+  region      = var.region
+  network_cidr= var.network_cidr
+}
+
+resource "google_compute_instance" "backend" {
+  name         = "backend"
+  machine_type = "n1-standard-1"
+  zone         = var.zone
+
+  boot_disk {
+    initialize_params {
+      image = var.image
+    }
+  }
+
+  network_interface {
+    network = module.network.network_name
+
+    access_config {
+      // Ephemeral IP
+    }
+  }
+
+  metadata_startup_script = var.startup_script
+  tags = ["backend"]
+}
+
+resource "google_compute_instance" "frontend" {
+  name         = "frontend"
+  machine_type = "n1-standard-1"
+  zone         = var.zone
+
+  boot_disk {
+    initialize_params {
+      image = var.image
+    }
+  }
+
+  network_interface {
+    network = module.network.network_name
+
+    access_config {
+      // Ephemeral IP
+    }
+  }
+
+  metadata_startup_script = var.startup_script
+  tags = ["frontend"]
+}
+
+resource "google_compute_firewall" "fw_fe" {
+  name    = "fw-fe"
+  network = module.network.network_name
+
+  allow {
+    protocol = "tcp"
+    ports    = ["8080"]
+  }
+
+  source_tags = ["frontend"]
+}
+
+resource "google_compute_firewall" "fw_be" {
+  name    = "fw-be"
+  network = module.network.network_name
+
+  allow {
+    protocol = "tcp"
+    ports    = ["8081-8082"]
+  }
+
+  source_tags = ["backend"]
+}

provider.tf

@@ -0,0 +1,5 @@
+provider "google" {
+  project = var.project_id
+  region  = var.region
+  zone    = var.zone
+}

variables.tf

@@ -0,0 +1,7 @@
+variable "project_id" {}
+variable "region" {
+  default = "us-central1"
+}
+variable "zone" {
+  default = "us-central1-f"
+}