wikiv1:lesson_terraform_cgp_02
Table of Contents
Lição Terraform GCP 02
Arquivos
- provider.tf
terraform { required_providers { google = { source = "hashicorp/google" version = "4.51.0" } } } provider "google" { credentials = "/home/gean/gcp/svc-account/singular-carver-376919-f09b67c64df6.json" project = "singular-carver-376919" region = "us-central1" }
- network.tf
resource "google_compute_network" "vpc_network" { name = "vpc-network" auto_create_subnetworks = false }
- firewall.tf
resource "google_compute_firewall" "allow-icmp-ssh" { name = "allow-icmp-ssh" network = google_compute_network.vpc_network.self_link allow { protocol = "icmp" } allow { protocol = "tcp" ports = ["22"] } source_ranges = ["0.0.0.0/0"] }
- subnet.tf
resource "google_compute_subnetwork" "subnetwork_internal_ipv4" { name = "internal-subnetwork-ipv4" ip_cidr_range = "10.0.0.0/22" region = "us-central1" network = google_compute_network.vpc_network.self_link }
- disk.tf
resource "google_compute_disk" "default" { name = "test-disk" type = "pd-ssd" zone = "us-central1-a" size = 30 }
- instance.tf
resource "google_compute_instance" "default" { name = "test" machine_type = "e2-medium" zone = "us-central1-a" boot_disk { initialize_params { image = "debian-cloud/debian-11" } } network_interface { network = google_compute_network.vpc_network.self_link subnetwork = google_compute_subnetwork.subnetwork_internal_ipv4.self_link access_config { } } attached_disk { source = google_compute_disk.default.self_link } allow_stopping_for_update = true }
Levantar a infra
$ terraform init Initializing the backend... Initializing provider plugins... - Reusing previous version of hashicorp/google from the dependency lock file - Using previously-installed hashicorp/google v4.51.0 Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
$ terraform fmt $ terraform validate Success! The configuration is valid.
$ terraform plan Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # google_compute_disk.default will be created + resource "google_compute_disk" "default" { + creation_timestamp = (known after apply) + id = (known after apply) + label_fingerprint = (known after apply) + last_attach_timestamp = (known after apply) + last_detach_timestamp = (known after apply) + name = "test-disk" + physical_block_size_bytes = (known after apply) + project = (known after apply) + provisioned_iops = (known after apply) + self_link = (known after apply) + size = 30 + source_disk_id = (known after apply) + source_image_id = (known after apply) + source_snapshot_id = (known after apply) + type = "pd-ssd" + users = (known after apply) + zone = "us-central1-a" } # google_compute_firewall.allow-icmp-ssh will be created + resource "google_compute_firewall" "allow-icmp-ssh" { + creation_timestamp = (known after apply) + destination_ranges = (known after apply) + direction = (known after apply) + enable_logging = (known after apply) + id = (known after apply) + name = "allow-icmp-ssh" + network = "vpc-network" + priority = 1000 + project = (known after apply) + self_link = (known after apply) + source_ranges = [ + "0.0.0.0/0", ] + allow { + ports = [ + "22", ] + protocol = "tcp" } + allow { + ports = [] + protocol = "icmp" } } # google_compute_instance.default will be created + resource "google_compute_instance" "default" { + allow_stopping_for_update = true + can_ip_forward = false + cpu_platform = (known after apply) + current_status = (known after apply) + deletion_protection = false + guest_accelerator = (known after apply) + id = (known after apply) + instance_id = (known after apply) + label_fingerprint = (known after apply) + machine_type = "e2-medium" + metadata_fingerprint = (known after apply) + min_cpu_platform = (known after apply) + name = "test" + project = (known after apply) + self_link = (known after apply) + tags_fingerprint = (known after apply) + zone = "us-central1-a" + attached_disk { + device_name = (known after apply) + disk_encryption_key_sha256 = (known after apply) + kms_key_self_link = (known after apply) + mode = "READ_WRITE" + source = (known after apply) } + boot_disk { + auto_delete = true + device_name = (known after apply) + disk_encryption_key_sha256 = (known after apply) + kms_key_self_link = (known after apply) + mode = "READ_WRITE" + source = (known after apply) + initialize_params { + image = "debian-cloud/debian-11" + labels = (known after apply) + size = (known after apply) + type = (known after apply) } } + confidential_instance_config { + enable_confidential_compute = (known after apply) } + network_interface { + ipv6_access_type = (known after apply) + name = (known after apply) + network = (known after apply) + network_ip = (known after apply) + stack_type = (known after apply) + subnetwork = (known after apply) + subnetwork_project = (known after apply) } + reservation_affinity { + type = (known after apply) + specific_reservation { + key = (known after apply) + values = (known after apply) } } + scheduling { + automatic_restart = (known after apply) + instance_termination_action = (known after apply) + min_node_cpus = (known after apply) + on_host_maintenance = (known after apply) + preemptible = (known after apply) + provisioning_model = (known after apply) + node_affinities { + key = (known after apply) + operator = (known after apply) + values = (known after apply) } } } # google_compute_network.vpc_network will be created + resource "google_compute_network" "vpc_network" { + auto_create_subnetworks = false + delete_default_routes_on_create = false + gateway_ipv4 = (known after apply) + id = (known after apply) + internal_ipv6_range = (known after apply) + mtu = (known after apply) + name = "vpc-network" + project = (known after apply) + routing_mode = (known after apply) + self_link = (known after apply) } # google_compute_subnetwork.subnetwork_internal_ipv4 will be created + resource "google_compute_subnetwork" "subnetwork_internal_ipv4" { + creation_timestamp = (known after apply) + external_ipv6_prefix = (known after apply) + fingerprint = (known after apply) + gateway_address = (known after apply) + id = (known after apply) + ip_cidr_range = "10.0.0.0/22" + ipv6_cidr_range = (known after apply) + name = "internal-subnetwork-ipv4" + network = (known after apply) + private_ip_google_access = (known after apply) + private_ipv6_google_access = (known after apply) + project = (known after apply) + purpose = (known after apply) + region = "us-central1" + secondary_ip_range = (known after apply) + self_link = (known after apply) + stack_type = (known after apply) } Plan: 5 to add, 0 to change, 0 to destroy. ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
$ terraform apply -auto-approve
$ terraform state list google_compute_disk.default google_compute_firewall.allow-icmp-ssh google_compute_instance.default google_compute_network.vpc_network google_compute_subnetwork.subnetwork_internal_ipv4
Para destruir
$ terraform destroy -auto-approve
Referências
wikiv1/lesson_terraform_cgp_02.txt · Last modified: by 127.0.0.1