-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.tf
124 lines (105 loc) · 2.98 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "3.53.0"
}
}
}
provider "google" {
credentials = file(var.credentials_file_path)
project = var.project_id
region = var.region
zone = var.main_zone
}
module "google_networks" {
source = "./networks"
nat_subnet_name = "application-subnet "
#==========================SUBNETS=============================
subnets = [
{
subnet_name = "presentation-subnet"
subnet_ip_range = var.presentation_ip_range
subnet_region = "us-central1"
},
{
subnet_name = "application-subnet"
subnet_ip_range = var.application_ip_range
subnet_region = "us-central1"
subnet_private_access = true
},
{
subnet_name = "database-subnet"
subnet_ip_range = var.database_ip_range
subnet_region = "us-central1"
subnet_private_access = true
},
]
#============================ROUTES=============================
routes = [
{
name = "igw-route"
destination_range = var.igw_destination
next_hop_internet = "true"
},
]
#=========================FIREWALL-RULES========================
firewall_rules = [
{
name = "presentation-firewall-rule"
direction = "INGRESS"
ranges = var.presentation_firewall_ranges
target_tags = ["public"]
source_tags = null
allow = [{
protocol = "all"
ports = null
}]
deny = []
},
{
name = "application-firewall-rule"
direction = "INGRESS"
ranges = var.application_firewall_ranges
target_tags = ["application"]
source_tags = null
allow = [{
protocol = "all"
ports = null
}]
deny = []
},
{
name = "database-firewall-rule"
direction = "INGRESS"
ranges = var.database_firewall_ranges
source_tags = null
target_tags = ["database"]
allow = [{
protocol = "all"
ports = null
}]
deny = []
}
]
}
module "google_kubernetes_cluster" {
source = "./kubernetes_cluster"
location = "us-central1-b"
network = module.google_networks.vpc_name
subnet_name = module.google_networks.subnet_name[0]
ip_range_pods = module.google_networks.cluster_pods_ip_cidr_range
ip_range_services = module.google_networks.cluster_services_ip_cidr_range
master_ipv4_cidr_block = module.google_networks.cluster_master_ip_cidr_range
authorized_ipv4_cidr_block = "${module.bastion.ip}/32"
tags = ["application"]
}
module "bastion" {
source = "./bastion"
region = var.region
project_id = var.project_id
zone = var.main_zone
bastion_name = "app-cluster"
vpc_name = module.google_networks.vpc_name
subnet_name = module.google_networks.subnet_name[2]
}