====== Lição Terraform GCP 02 ======
===== Arquivos =====
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "4.51.0"
}
}
}
provider "google" {
credentials = "/home/gean/gcp/svc-account/singular-carver-376919-f09b67c64df6.json"
project = "singular-carver-376919"
region = "us-central1"
}
resource "google_compute_network" "vpc_network" {
name = "vpc-network"
auto_create_subnetworks = false
}
resource "google_compute_firewall" "allow-icmp-ssh" {
name = "allow-icmp-ssh"
network = google_compute_network.vpc_network.self_link
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["22"]
}
source_ranges = ["0.0.0.0/0"]
}
resource "google_compute_subnetwork" "subnetwork_internal_ipv4" {
name = "internal-subnetwork-ipv4"
ip_cidr_range = "10.0.0.0/22"
region = "us-central1"
network = google_compute_network.vpc_network.self_link
}
resource "google_compute_disk" "default" {
name = "test-disk"
type = "pd-ssd"
zone = "us-central1-a"
size = 30
}
resource "google_compute_instance" "default" {
name = "test"
machine_type = "e2-medium"
zone = "us-central1-a"
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
network_interface {
network = google_compute_network.vpc_network.self_link
subnetwork = google_compute_subnetwork.subnetwork_internal_ipv4.self_link
access_config {
}
}
attached_disk {
source = google_compute_disk.default.self_link
}
allow_stopping_for_update = true
}
===== Levantar a infra =====
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Reusing previous version of hashicorp/google from the dependency lock file
- Using previously-installed hashicorp/google v4.51.0
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
$ terraform fmt
$ terraform validate
Success! The configuration is valid.
$ terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# google_compute_disk.default will be created
+ resource "google_compute_disk" "default" {
+ creation_timestamp = (known after apply)
+ id = (known after apply)
+ label_fingerprint = (known after apply)
+ last_attach_timestamp = (known after apply)
+ last_detach_timestamp = (known after apply)
+ name = "test-disk"
+ physical_block_size_bytes = (known after apply)
+ project = (known after apply)
+ provisioned_iops = (known after apply)
+ self_link = (known after apply)
+ size = 30
+ source_disk_id = (known after apply)
+ source_image_id = (known after apply)
+ source_snapshot_id = (known after apply)
+ type = "pd-ssd"
+ users = (known after apply)
+ zone = "us-central1-a"
}
# google_compute_firewall.allow-icmp-ssh will be created
+ resource "google_compute_firewall" "allow-icmp-ssh" {
+ creation_timestamp = (known after apply)
+ destination_ranges = (known after apply)
+ direction = (known after apply)
+ enable_logging = (known after apply)
+ id = (known after apply)
+ name = "allow-icmp-ssh"
+ network = "vpc-network"
+ priority = 1000
+ project = (known after apply)
+ self_link = (known after apply)
+ source_ranges = [
+ "0.0.0.0/0",
]
+ allow {
+ ports = [
+ "22",
]
+ protocol = "tcp"
}
+ allow {
+ ports = []
+ protocol = "icmp"
}
}
# google_compute_instance.default will be created
+ resource "google_compute_instance" "default" {
+ allow_stopping_for_update = true
+ can_ip_forward = false
+ cpu_platform = (known after apply)
+ current_status = (known after apply)
+ deletion_protection = false
+ guest_accelerator = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ label_fingerprint = (known after apply)
+ machine_type = "e2-medium"
+ metadata_fingerprint = (known after apply)
+ min_cpu_platform = (known after apply)
+ name = "test"
+ project = (known after apply)
+ self_link = (known after apply)
+ tags_fingerprint = (known after apply)
+ zone = "us-central1-a"
+ attached_disk {
+ device_name = (known after apply)
+ disk_encryption_key_sha256 = (known after apply)
+ kms_key_self_link = (known after apply)
+ mode = "READ_WRITE"
+ source = (known after apply)
}
+ boot_disk {
+ auto_delete = true
+ device_name = (known after apply)
+ disk_encryption_key_sha256 = (known after apply)
+ kms_key_self_link = (known after apply)
+ mode = "READ_WRITE"
+ source = (known after apply)
+ initialize_params {
+ image = "debian-cloud/debian-11"
+ labels = (known after apply)
+ size = (known after apply)
+ type = (known after apply)
}
}
+ confidential_instance_config {
+ enable_confidential_compute = (known after apply)
}
+ network_interface {
+ ipv6_access_type = (known after apply)
+ name = (known after apply)
+ network = (known after apply)
+ network_ip = (known after apply)
+ stack_type = (known after apply)
+ subnetwork = (known after apply)
+ subnetwork_project = (known after apply)
}
+ reservation_affinity {
+ type = (known after apply)
+ specific_reservation {
+ key = (known after apply)
+ values = (known after apply)
}
}
+ scheduling {
+ automatic_restart = (known after apply)
+ instance_termination_action = (known after apply)
+ min_node_cpus = (known after apply)
+ on_host_maintenance = (known after apply)
+ preemptible = (known after apply)
+ provisioning_model = (known after apply)
+ node_affinities {
+ key = (known after apply)
+ operator = (known after apply)
+ values = (known after apply)
}
}
}
# google_compute_network.vpc_network will be created
+ resource "google_compute_network" "vpc_network" {
+ auto_create_subnetworks = false
+ delete_default_routes_on_create = false
+ gateway_ipv4 = (known after apply)
+ id = (known after apply)
+ internal_ipv6_range = (known after apply)
+ mtu = (known after apply)
+ name = "vpc-network"
+ project = (known after apply)
+ routing_mode = (known after apply)
+ self_link = (known after apply)
}
# google_compute_subnetwork.subnetwork_internal_ipv4 will be created
+ resource "google_compute_subnetwork" "subnetwork_internal_ipv4" {
+ creation_timestamp = (known after apply)
+ external_ipv6_prefix = (known after apply)
+ fingerprint = (known after apply)
+ gateway_address = (known after apply)
+ id = (known after apply)
+ ip_cidr_range = "10.0.0.0/22"
+ ipv6_cidr_range = (known after apply)
+ name = "internal-subnetwork-ipv4"
+ network = (known after apply)
+ private_ip_google_access = (known after apply)
+ private_ipv6_google_access = (known after apply)
+ project = (known after apply)
+ purpose = (known after apply)
+ region = "us-central1"
+ secondary_ip_range = (known after apply)
+ self_link = (known after apply)
+ stack_type = (known after apply)
}
Plan: 5 to add, 0 to change, 0 to destroy.
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
now.
$ terraform apply -auto-approve
$ terraform state list
google_compute_disk.default
google_compute_firewall.allow-icmp-ssh
google_compute_instance.default
google_compute_network.vpc_network
google_compute_subnetwork.subnetwork_internal_ipv4
===== Para destruir =====
$ terraform destroy -auto-approve
===== Referências =====
- [[https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/getting_started|Getting Started with the Google Provider]]