Loading...
Hopefully not for too long :)
Google Cloud
Cloud computing platform to host and fly the application in the sky
infra/gcp.tf
data "google_compute_image" "cos_image" {
family = "cos-101-lts"
project = "cos-cloud"
}
resource "google_compute_instance" "instance" {
name = "${terraform.workspace}-${var.app_name}-vm"
machine_type = var.vm_machine_type
zone = var.zone
tags = google_compute_firewall.http.target_tags
...
}Google Virtual Machine Instance
Google Compute Instances refer to the virtual machines (VMs) that are hosted on Google's infrastructure. They have the capability to run public images for Linux and Windows Server provided by Google, as well as custom images created or imported by users. To illustrate, I have deployed a custom Docker container on the instance that runs the container-optimized OS Google Compute public image (COS-101-LTS). This particular OS is designed by Google specifically for containerized applications and offers several advantages. For example, it does not have a package manager, which ensures increased security as one cannot directly install additional software packages onto the instance. Any necessary configuration options must be handled at the container level.
infra/gcp.tf
# Reserve a static IP address for VM to utilize
resource "google_compute_address" "ip_address" {
name = "my-portfolio-ip-${terraform.workspace}"
}VM External IP Address
Every virtual machine instance has an ephemeral internal IP address, which can be supplemented with an optional external IP address. The internal is employed for communication between instances within the same network, while the external is needed to connect with the Internet and instances located outside the network. As for my setup, In the above snippet, I have reserved the external IP address for the VM instance, as I intend to point the DNS record to it. Furthermore, in order to differentiate the IP addresses between development and production, I have concatenated the Terraform workspace to the name of the IP.
infra/gcp.tf
# Reference to the VPN network where the VM will live, data block
data "google_compute_network" "default" {
name = "default"
}VPC Network
I have utilized the Google VPC default network by referncing to it as a data block. It is an automatically created network within a Google Cloud project, which provides by default an IP address range and subnet for the VM instances to connect to and communicate with one another. When a new VM instance is created without specifying any specific network and subnet parameters, the instance is placed by default into this VPC default network and assigned a corresponding ephemeral internal IP address.
infra/gcp.tf
# Firewall rule for allowing http traffic
resource "google_compute_firewall" "http" {
name = "firewall-http-${terraform.workspace}"
network = data.google_compute_network.default.name
source_ranges = ["0.0.0.0/0"]
target_tags = ["firewall-http-${terraform.workspace}"]
allow {
protocol = "tcp"
ports = ["80"]
}
}VPC Firewall Rule
The VPC firewall rule on Google Cloud refers to a set of conditions that regulate the inbound and outbound network traffic for a target set of VM instances. Here I have defined the firewall rule to allow HTTP traffic from any IP address by setting the source-ranges parameter to 0.0.0.0/0. The ports setting to 80 parameter specifies that the traffic allowed is using the HTTP protocol on TCP port 80. The target_tags parameter indicates to the sets of instances located in the network parameter that may make network connections as specified in the firewall rule. Additionally, as always, I am injecting the Terraform workpace, (dev/prod) to the firewall naming prefixes to separate them.
