Merge pull request #10844 from danawillow/google-ilb

google: Add example for Internal Load Balancing
9 years ago · 183b73d5e1
parent 306f0dd12c 0bd27f068d
commit 183b73d5e1
7 changed files with 327 additions and 0 deletions
--- a/examples/google-internal-load-balancing/.gitignore
+++ b/examples/google-internal-load-balancing/.gitignore
@ -0,0 +1,3 @@
+terraform.tfstate
+terraform.tfstate.backup
+terraform.tfvars
--- a/examples/google-internal-load-balancing/README.md
+++ b/examples/google-internal-load-balancing/README.md
@ -0,0 +1,34 @@
+# Internal Load Balancing in Google Cloud
+
+This provides a template for setting up internal load balancing in Google Cloud. It directly mirrors the tutorial in the [GCP Internal Load Balancing Documentation](https://cloud.google.com/compute/docs/load-balancing/internal/).
+
+To run the example,
+
+* Log in to gcloud with an account that has permission to create the necessary resources using `gcloud init`.
+* Optionally update `variables.tf` to specify a default value for the `project_name` variable, and check other variables.
+* Run with a command like this:
+
+```
+terraform apply \
+	-var="region=us-central1" \
+	-var="region_zone=us-central1-b" \
+	-var="region_zone_2=us-central1-c" \
+	-var="project_name=my-project-id-123" \
+```
+
+
+After you run `terraform apply` on this configuration, it will
+automatically output the internal IP address of the load balancer.
+
+Since the load balancer is only reachable from within the network, ssh into the standalone instance using
+
+```
+gcloud compute ssh --zone us-central1-b standalone-instance-1
+```
+
+
+Using `curl` on the IP address given, the LB should respond with a simple header:
+
+```html
+<!doctype html><html><body><h1>ilb-instance-X</h1></body></html>
+```
--- a/examples/google-internal-load-balancing/main.tf
+++ b/examples/google-internal-load-balancing/main.tf
@ -0,0 +1,257 @@
+provider "google" {
+	region      = "${var.region}"
+	project     = "${var.project_name}"
+}
+
+resource "google_compute_network" "my-custom-network" {
+	name = "my-custom-network"
+}
+
+resource "google_compute_subnetwork" "my-custom-subnet" {
+	name          = "my-custom-subnet"
+	ip_cidr_range = "10.128.0.0/20"
+	network       = "${google_compute_network.my-custom-network.self_link}"
+	region        = "${var.region}"
+}
+
+resource "google_compute_firewall" "allow-all-internal" {
+	name    = "allow-all-10-128-0-0-20"
+	network = "${google_compute_network.my-custom-network.name}"
+
+	allow {
+		protocol = "tcp"
+	}
+
+	allow {
+		protocol = "udp"
+	}
+
+	allow {
+		protocol = "icmp"
+	}
+
+	source_ranges = ["10.128.0.0/20"]
+}
+
+resource "google_compute_firewall" "allow-ssh-rdp-icmp" {
+	name    = "allow-tcp22-tcp3389-icmp"
+	network = "${google_compute_network.my-custom-network.name}"
+
+	allow {
+		protocol = "tcp"
+		ports    = ["22", "3389",]
+	}
+
+	allow {
+		protocol = "icmp"
+	}
+}
+
+resource "google_compute_instance" "ilb-instance-1" {
+	name         = "ilb-instance-1"
+	machine_type = "n1-standard-1"
+	zone         = "${var.region_zone}"
+
+	tags = ["int-lb"]
+
+	disk {
+		image = "debian-cloud/debian-8"
+	}
+
+	network_interface {
+		subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
+		access_config {
+			// Ephemeral IP
+		}
+	}
+
+	service_account {
+    	scopes = ["compute-rw"]
+  	}
+
+	metadata_startup_script = "${file("startup.sh")}"
+}
+
+resource "google_compute_instance" "ilb-instance-2" {
+	name         = "ilb-instance-2"
+	machine_type = "n1-standard-1"
+	zone         = "${var.region_zone}"
+
+	tags = ["int-lb"]
+
+	disk {
+		image = "debian-cloud/debian-8"
+	}
+
+	network_interface {
+		subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
+		access_config {
+			// Ephemeral IP
+		}
+	}
+
+	service_account {
+    	scopes = ["compute-rw"]
+  	}
+
+	metadata_startup_script = "${file("startup.sh")}"
+}
+
+resource "google_compute_instance" "ilb-instance-3" {
+	name         = "ilb-instance-3"
+	machine_type = "n1-standard-1"
+	zone         = "${var.region_zone_2}"
+
+	tags = ["int-lb"]
+
+	disk {
+		image = "debian-cloud/debian-8"
+	}
+
+	network_interface {
+		subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
+		access_config {
+			// Ephemeral IP
+		}
+	}
+
+	service_account {
+    	scopes = ["compute-rw"]
+  	}
+
+	metadata_startup_script = "${file("startup.sh")}"
+}
+
+resource "google_compute_instance" "ilb-instance-4" {
+	name         = "ilb-instance-4"
+	machine_type = "n1-standard-1"
+	zone         = "${var.region_zone_2}"
+
+	tags = ["int-lb"]
+
+	disk {
+		image = "debian-cloud/debian-8"
+	}
+
+	network_interface {
+		subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
+		access_config {
+			// Ephemeral IP
+		}
+	}
+
+	service_account {
+    	scopes = ["compute-rw"]
+  	}
+
+	metadata_startup_script = "${file("startup.sh")}"
+}
+
+resource "google_compute_instance_group" "us-ig1" {
+	name        = "us-ig1"
+
+	instances = [
+		"${google_compute_instance.ilb-instance-1.self_link}",
+		"${google_compute_instance.ilb-instance-2.self_link}"
+	]
+
+	zone = "${var.region_zone}"
+}
+
+resource "google_compute_instance_group" "us-ig2" {
+	name        = "us-ig2"
+
+	instances = [
+		"${google_compute_instance.ilb-instance-3.self_link}",
+		"${google_compute_instance.ilb-instance-4.self_link}"
+	]
+
+	zone = "${var.region_zone_2}"
+}
+
+resource "google_compute_health_check" "my-tcp-health-check" {
+	name = "my-tcp-health-check"
+
+	tcp_health_check {
+		port = "80"
+	}
+}
+
+resource "google_compute_region_backend_service" "my-int-lb" {
+	name                  = "my-int-lb"
+	health_checks         = ["${google_compute_health_check.my-tcp-health-check.self_link}"]
+	region                = "${var.region}"
+
+	backend {
+		group = "${google_compute_instance_group.us-ig1.self_link}"
+	}
+
+	backend {
+		group = "${google_compute_instance_group.us-ig2.self_link}"
+	}
+}
+
+resource "google_compute_forwarding_rule" "my-int-lb-forwarding-rule" {
+	name                  = "my-int-lb-forwarding-rule"
+	load_balancing_scheme = "INTERNAL"
+	ports                 = ["80"]
+	network               = "${google_compute_network.my-custom-network.self_link}"
+	subnetwork            = "${google_compute_subnetwork.my-custom-subnet.self_link}"
+	backend_service       = "${google_compute_region_backend_service.my-int-lb.self_link}"
+}
+
+resource "google_compute_firewall" "allow-internal-lb" {
+	name    = "allow-internal-lb"
+	network = "${google_compute_network.my-custom-network.name}"
+
+	allow {
+		protocol = "tcp"
+		ports    = ["80", "443"]
+	}
+
+	source_ranges = ["10.128.0.0/20"]
+	target_tags = ["int-lb"]
+}
+
+resource "google_compute_firewall" "allow-health-check" {
+	name    = "allow-health-check"
+	network = "${google_compute_network.my-custom-network.name}"
+
+	allow {
+		protocol = "tcp"
+	}
+
+	source_ranges = ["130.211.0.0/22","35.191.0.0/16"]
+	target_tags = ["int-lb"]
+}
+
+resource "google_compute_instance" "standalone-instance-1" {
+	name         = "standalone-instance-1"
+	machine_type = "n1-standard-1"
+	zone         = "${var.region_zone}"
+
+	tags = ["standalone"]
+
+	disk {
+		image = "debian-cloud/debian-8"
+	}
+
+	network_interface {
+		subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}"
+		access_config {
+			// Ephemeral IP
+		}
+	}
+}
+
+resource "google_compute_firewall" "allow-ssh-to-standalone" {
+	name    = "allow-ssh-to-standalone"
+	network = "${google_compute_network.my-custom-network.name}"
+
+	allow {
+		protocol = "tcp"
+		ports    = ["22"]
+	}
+
+	target_tags = ["standalone"]
+}
--- a/examples/google-internal-load-balancing/output.tf
+++ b/examples/google-internal-load-balancing/output.tf
@ -0,0 +1,3 @@
+output "internal_load_balancer_ip" {
+  value = "${google_compute_forwarding_rule.my-int-lb-forwarding-rule.ip_address}"
+}
--- a/examples/google-internal-load-balancing/startup.sh
+++ b/examples/google-internal-load-balancing/startup.sh
@ -0,0 +1,10 @@
+#! /bin/bash
+apt-get update
+apt-get install apache2 -y
+a2ensite default-ssl
+a2enmod ssl
+service apache2 restart
+INSTANCE_NAME=`curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/hostname | awk -F "." '{print $1}'`
+ZONE=`curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/zone | awk -F "/" '{print $NF}'`
+echo '<!doctype html><html><body><h1>'$INSTANCE_NAME'</h1></body></html>' | tee /var/www/html/index.html
+gcloud compute instances delete-access-config $INSTANCE_NAME --zone $ZONE
--- a/examples/google-internal-load-balancing/terraform.tfvars.example
+++ b/examples/google-internal-load-balancing/terraform.tfvars.example
@ -0,0 +1,5 @@
+region = "us-central1"
+region_zone = "us-central1-b"
+region_zone2 = "us-central1-c"
+project_name = "my-project-id-123"
+credentials_file_path = "~/.gcloud/Terraform.json"
--- a/examples/google-internal-load-balancing/variables.tf
+++ b/examples/google-internal-load-balancing/variables.tf
@ -0,0 +1,15 @@
+variable "region" {
+  default = "us-central1"
+}
+
+variable "region_zone" {
+  default = "us-central1-b"
+}
+
+variable "region_zone_2" {
+  default = "us-central1-c"
+}
+
+variable "project_name" {
+  description = "The ID of the Google Cloud project"
+}