add demo on gcp

Signed-off-by: Johan Siebens <johan.siebens@gmail.com>
jsiebens · Aug 4, 2021 · 4d00aa7 · 4d00aa7
1 parent 2d95d82
commit 4d00aa7
Show file tree

Hide file tree

Showing 17 changed files with 375 additions and 20 deletions.
diff --git a/digitalocean/.gitignore → .gitignore b/digitalocean/.gitignore → .gitignore
diff --git a/digitalocean/jobs.tf b/digitalocean/jobs.tf
@@ -22,20 +22,20 @@ resource "null_resource" "nomad_readiness" {
 resource "nomad_job" "nats" {
   depends_on = [null_resource.nomad_readiness]
   jobspec = file(
-    "${path.module}/jobs/faas-nats.hcl"
+    "${path.module}/../shared/jobs/faas-nats.hcl"
   )
 }
 
 resource "nomad_job" "monitoring" {
   depends_on = [null_resource.nomad_readiness]
   jobspec = file(
-    "${path.module}/jobs/faas-monitoring.hcl"
+    "${path.module}/../shared/jobs/faas-monitoring.hcl"
   )
 }
 
 resource "nomad_job" "gateway" {
   depends_on = [null_resource.nomad_readiness]
   jobspec = file(
-    "${path.module}/jobs/faas-gateway.hcl"
+    "${path.module}/../shared/jobs/faas-gateway.hcl"
   )
 }
diff --git a/digitalocean/main.tf b/digitalocean/main.tf
@@ -43,7 +43,7 @@ resource "digitalocean_droplet" "server" {
   region    = var.region
   size      = "s-1vcpu-1gb"
   tags      = [digitalocean_tag.main.id, digitalocean_tag.server.id]
-  user_data = templatefile("${path.module}/templates/server.sh", { token = random_password.token.result })
+  user_data = templatefile("${path.module}/../shared/templates/server.sh", { token = random_password.token.result, interface = "eth1" })
   vpc_uuid  = digitalocean_vpc.this.id
   ssh_keys  = [var.ssh_key]
 }
@@ -55,7 +55,7 @@ resource "digitalocean_droplet" "client" {
   region    = var.region
   size      = "s-1vcpu-2gb"
   tags      = [digitalocean_tag.main.id, digitalocean_tag.client.id]
-  user_data = templatefile("${path.module}/templates/client.sh", { server_ip = digitalocean_droplet.server.ipv4_address_private })
+  user_data = templatefile("${path.module}/../shared/templates/client.sh", { server_ip = digitalocean_droplet.server.ipv4_address_private, interface = "eth1" })
   vpc_uuid  = digitalocean_vpc.this.id
   ssh_keys  = [var.ssh_key]
 }

diff --git a/digitalocean/outputs.tf b/digitalocean/outputs.tf
@@ -18,15 +18,5 @@ Authenticate with faas-cli:
 
 vault kv get -field=value openfaas/basic-auth-password | faas-cli login -u admin --password-stdin
 
-CONFIGURATION
-}
-
-output "env" {
-  value = <<CONFIGURATION
-export CONSUL_HTTP_ADDR=http://${digitalocean_droplet.server.ipv4_address}:8500
-export NOMAD_ADDR=http://${digitalocean_droplet.server.ipv4_address}:4646
-export VAULT_ADDR=http://${digitalocean_droplet.server.ipv4_address}:8200
-export OPENFAAS_URL=http://${digitalocean_loadbalancer.public.ip}
-export VAULT_TOKEN=$(ssh root@${digitalocean_droplet.server.ipv4_address} "grep Initial /etc/vault.d/vault-keys.log | cut -c21-")
 CONFIGURATION
 }
diff --git a/gcp/.terraform.lock.hcl b/gcp/.terraform.lock.hcl
diff --git a/gcp/compute.tf b/gcp/compute.tf
@@ -0,0 +1,92 @@
+resource "random_password" "token" {
+  length  = 16
+  special = false
+}
+
+resource "google_service_account" "default" {
+  account_id   = format("sa-%s", local.name)
+  display_name = format("%s Service Account", title(local.name))
+}
+
+resource "google_compute_instance" "server" {
+  name         = format("vm-%s-server", local.name)
+  machine_type = "e2-medium"
+  zone         = var.zone
+
+  tags = [
+    local.name,
+    format("%s-server", local.name)
+  ]
+
+  boot_disk {
+    initialize_params {
+      image = "ubuntu-os-cloud/ubuntu-2004-focal-v20210702"
+    }
+  }
+
+  metadata_startup_script = templatefile("${path.module}/../shared/templates/server.sh", { token = random_password.token.result, interface = "ens4" })
+
+  network_interface {
+    network    = google_compute_network.this.self_link
+    subnetwork = google_compute_subnetwork.this.self_link
+
+    access_config {
+      // Ephemeral IP
+    }
+  }
+
+  service_account {
+    email  = google_service_account.default.email
+    scopes = ["cloud-platform"]
+  }
+
+}
+
+resource "google_compute_instance_template" "client" {
+  name_prefix  = format("vm-%s-client-", local.name)
+  machine_type = "e2-medium"
+
+  disk {
+    source_image = "ubuntu-os-cloud/ubuntu-2004-focal-v20210702"
+  }
+
+  network_interface {
+    network    = google_compute_network.this.self_link
+    subnetwork = google_compute_subnetwork.this.self_link
+  }
+
+  service_account {
+    email  = google_service_account.default.email
+    scopes = ["cloud-platform"]
+  }
+
+  tags = [
+    local.name,
+    format("%s-client", local.name)
+  ]
+
+  metadata_startup_script = templatefile(
+    "${path.module}/../shared/templates/client.sh",
+    {
+      server_ip = google_compute_instance.server.network_interface.0.network_ip,
+      interface = "ens4"
+    }
+  )
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "google_compute_instance_group_manager" "client" {
+  name               = format("igm-%s-client", local.name)
+  base_instance_name = format("vm-%s-client", local.name)
+  zone               = var.zone
+  target_size        = "3"
+  target_pools       = [google_compute_target_pool.client.id]
+
+  version {
+    name              = local.name
+    instance_template = google_compute_instance_template.client.id
+  }
+}
diff --git a/gcp/jobs.tf b/gcp/jobs.tf
@@ -0,0 +1,41 @@
+locals {
+  nomad_addr = "http://${google_compute_instance.server.network_interface.0.access_config.0.nat_ip}:4646"
+}
+
+provider "nomad" {
+  address = local.nomad_addr
+}
+
+resource "null_resource" "nomad_readiness" {
+  triggers = {
+    address = local.nomad_addr
+  }
+
+  provisioner "local-exec" {
+    command = "while ! nomad server members > /dev/null 2>&1; do echo 'waiting for nomad api...'; sleep 10; done"
+    environment = {
+      NOMAD_ADDR = local.nomad_addr
+    }
+  }
+}
+
+resource "nomad_job" "nats" {
+  depends_on = [null_resource.nomad_readiness]
+  jobspec = file(
+    "${path.module}/../shared/jobs/faas-nats.hcl"
+  )
+}
+
+resource "nomad_job" "monitoring" {
+  depends_on = [null_resource.nomad_readiness]
+  jobspec = file(
+    "${path.module}/../shared/jobs/faas-monitoring.hcl"
+  )
+}
+
+resource "nomad_job" "gateway" {
+  depends_on = [null_resource.nomad_readiness]
+  jobspec = file(
+    "${path.module}/../shared/jobs/faas-gateway.hcl"
+  )
+}
diff --git a/gcp/lb.tf b/gcp/lb.tf
@@ -0,0 +1,24 @@
+resource "google_compute_address" "client" {
+  name = format("%s-client", local.name)
+}
+
+resource "google_compute_forwarding_rule" "client_8080" {
+  name       = format("fw-%s-client-8080", local.name)
+  region     = var.region
+  port_range = 8080
+  target     = google_compute_target_pool.client.id
+  ip_address = google_compute_address.client.address
+}
+
+resource "google_compute_target_pool" "client" {
+  name          = format("tp-%s-client", local.name)
+  health_checks = [google_compute_http_health_check.gateway.name]
+}
+
+resource "google_compute_http_health_check" "gateway" {
+  name               = format("hc-%s-gateway", local.name)
+  request_path       = "/healthz"
+  check_interval_sec = 5
+  timeout_sec        = 1
+  port               = 8080
+}
diff --git a/gcp/main.tf b/gcp/main.tf
@@ -0,0 +1,88 @@
+locals {
+  name = random_pet.name.id
+}
+
+resource "random_pet" "name" {
+}
+
+resource "google_compute_network" "this" {
+  name                    = format("vpc-%s", local.name)
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "this" {
+  name          = format("sb-%s", local.name)
+  ip_cidr_range = var.ip_range
+  network       = google_compute_network.this.id
+}
+
+resource "google_compute_router" "this" {
+  name    = format("cr-%s", local.name)
+  network = google_compute_network.this.id
+}
+
+resource "google_compute_router_nat" "this" {
+  name                               = format("rn-%s", local.name)
+  router                             = google_compute_router.this.name
+  nat_ip_allocate_option             = "AUTO_ONLY"
+  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+}
+
+module "my_ip_address" {
+  source  = "matti/resource/shell"
+  command = "curl https://ipinfo.io/ip"
+}
+
+resource "google_compute_firewall" "fwr_allow_iap" {
+  name    = format("fwr-%s-iap", local.name)
+  network = google_compute_network.this.name
+
+  allow {
+    protocol = "tcp"
+    ports    = ["22"]
+  }
+  source_ranges = ["35.235.240.0/20"]
+}
+
+resource "google_compute_firewall" "fwr_allow_server" {
+  name    = format("fwr-%s-server", local.name)
+  network = google_compute_network.this.name
+
+  allow {
+    protocol = "tcp"
+    ports    = ["4646", "8500", "8200"]
+  }
+  source_ranges = [module.my_ip_address.stdout]
+  target_tags   = [format("%s-server", local.name)]
+}
+
+resource "google_compute_firewall" "fwr_allow_internal" {
+  name    = format("fwr-%s-internal", local.name)
+  network = google_compute_network.this.name
+
+  allow {
+    protocol = "tcp"
+  }
+
+  allow {
+    protocol = "udp"
+  }
+
+  source_tags = [local.name]
+  target_tags = [local.name]
+}
+
+resource "google_compute_firewall" "allow_client_ingress" {
+  name    = format("fwr-%s-ingress", local.name)
+  network = google_compute_network.this.name
+
+  source_ranges = ["0.0.0.0/0"]
+  target_tags   = [format("%s-client", local.name)]
+
+  allow {
+    protocol = "tcp"
+    ports = [
+      "8080",
+    ]
+  }
+}