193. 테라폼-GCP-VPC네트워크,VM인스턴스

테라폼으로 VPC 네트워크와 우분트 VM인스턴스 하나 만들어 보자~

<1> 테라폼 파일

<2> 테라폼 실행

<3> VM 네트워크와 인스턴스 확인

<4> 삭제

<1> 테라폼 파일

gcp_compute.tf

gcp_networking.tf

gcp_outputs.tf

gcp_security.tf

gcp_variables.tf

gcp_variables-vm.tf

main.tf

topasseoseo1@cloudshell:~ (secret-zephyr-348001)$ more *.tf

::::::::::::::

gcp_compute.tf

::::::::::::::

data "google_compute_zones" "available" {

region = var.gcp_region

}

resource "google_compute_address" "gcp-ip" {

name = "gcp-vm-ip-${var.gcp_region}"

region = var.gcp_region

}

resource "google_compute_instance" "gcp-vm" {

name = "gcp-vm-${var.gcp_region}"

machine_type = var.gcp_instance_type

zone = data.google_compute_zones.available.names[0]

boot_disk {

initialize_params {

image = var.gcp_disk_image

}

}

network_interface {

subnetwork = google_compute_subnetwork.gcp-subnet1.name

network_ip = var.gcp_vm_address

access_config {

# Static IP

nat_ip = google_compute_address.gcp-ip.address

}

}

}

::::::::::::::

gcp_networking.tf

::::::::::::::

resource "google_compute_network" "gcp-network" {

name = "bgame-gcp-dev-vpc"

auto_create_subnetworks = "false"

}

resource "google_compute_subnetwork" "gcp-subnet1" {

name = "bgame-gcp-dev-pub-subnet1"

ip_cidr_range = var.gcp_subnet1_cidr

network = google_compute_network.gcp-network.name

region = var.gcp_region

}

::::::::::::::

gcp_outputs.tf

::::::::::::::

output "gcp_instance_external_ip" {

value = <<-EOF

${google_compute_instance.gcp-vm.network_interface[0].access_config[0].nat_ip}

EOF

}

output "gcp_instance_internal_ip" {

value = google_compute_instance.gcp-vm.network_interface[0].network_ip

}

::::::::::::::

gcp_security.tf

::::::::::::::

# Allow PING testing.

resource "google_compute_firewall" "gcp-allow-icmp" {

name = "${google_compute_network.gcp-network.name}-gcp-allow-icmp"

network = google_compute_network.gcp-network.name

allow {

protocol = "icmp"

}

source_ranges = [

"0.0.0.0/0",

]

}

# Allow SSH for iperf testing.

resource "google_compute_firewall" "gcp-allow-ssh" {

name = "${google_compute_network.gcp-network.name}-gcp-allow-ssh"

network = google_compute_network.gcp-network.name

allow {

protocol = "tcp"

ports = ["22"]

}

source_ranges = [

"0.0.0.0/0",

]

}

# Allow TCP traffic from the Internet.

resource "google_compute_firewall" "gcp-allow-internet" {

name = "${google_compute_network.gcp-network.name}-gcp-allow-internet"

network = google_compute_network.gcp-network.name

allow {

protocol = "tcp"

ports = ["80"]

}

source_ranges = [

"0.0.0.0/0",

]

}

resource "google_compute_firewall" "https" {

name = "gcp-network-https"

network = google_compute_network.gcp-network.name

allow {

protocol = "tcp"

ports = ["443"]

}

direction = "INGRESS"

source_ranges = ["0.0.0.0/0"]

}

resource "google_compute_firewall" "gcp-allow-all" {

name = "gcp-network-allow-all"

network = google_compute_network.gcp-network.name

allow {

protocol = "all"

}

direction = "INGRESS"

source_ranges = ["0.0.0.0/0"]

}

::::::::::::::

gcp_variables.tf

::::::::::::::

variable "gcp_region" {

description = "Default region."

default = "asia-northeast3"

}

variable "gcp_network_cidr" {

default = "10.0.8.0/21"

}

variable "gcp_subnet1_cidr" {

default = "10.0.8.0/24"

}

::::::::::::::

gcp_variables_vm.tf

::::::::::::::

variable "gcp_instance_type" {

description = "Machine Type. Correlates to an network egress cap."

default = "n1-standard-1"

}

variable "gcp_disk_image" {

description = "Boot disk for gcp_instance_type."

default = "projects/ubuntu-os-cloud/global/images/family/ubuntu-1804-lts"

}

variable "gcp_vm_address" {

description = "Private IP address for GCP VM instance."

default = "10.0.8.100"

}

::::::::::::::

main.tf

::::::::::::::

provider "google" {

region = var.gcp_region

}

topasseoseo1@cloudshell:~ (secret-zephyr-348001)$

10 terraform.tf files-간단히

<2> 테라폼 실행

terraform init

terraform plan

terraform apply

yes

<3> VM 네트워크와 인스턴스 확인

1

VM 네트워크 확인

GCP-IP-2022-0509.xlsx

2

VM인스턴스 확인

Compute Engine > VM 인스턴스 >

리스트 확인

gcloud compute instances list

삭제는

gcloud compute instances delete gcp-vm-asia-northeast3

3

Firewall 확인

4

웹서비스 올리고 접속 확인

sudo apt-get update

sudo apt-get install apache2 php7.0

Y

sudo service apache2 restart

ps -ef |grep apache

topasseoseo1@gcp-vm-asia-northeast3:~$ ps -ef |grep apache

root 10293 1 0 08:16 ? 00:00:00 /usr/sbin/apache2 -k start

www-data 10296 10293 0 08:16 ? 00:00:00 /usr/sbin/apache2 -k start

www-data 10297 10293 0 08:16 ? 00:00:00 /usr/sbin/apache2 -k start

topasse+ 10354 2684 0 08:16 pts/0 00:00:00 grep --color=auto apache

<4> 삭제

terraform destroy

Enter a value: yes

https://brunch.co.kr/@topasvga/2419

(몰아보기) 테라폼-GCP

감사합니다.