ai-workspace-infra/observability.svc.plus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
observability.svc.plus/terraform/spec/gcp.tf
Haitao Pan e7e53c5c7e Remove sensitive files
2026-02-01 20:53:55 +08:00

255 lines
6.3 KiB
HCL
Raw Permalink Blame History

#==============================================================#
# File : gcp.tf
# Desc : 1-node pigsty meta for Google Cloud (Debian 12/13)
# Ctime : 2025-01-07
# Mtime : 2025-01-07
# Path : terraform/spec/gcp.tf
# Docs : https://pigsty.io/docs/deploy/terraform
# License : Apache-2.0 @ https://pigsty.io/docs/about/license/
# Copyright : 2018-2026 Ruohang Feng / Vonng (rh@vonng.com)
#==============================================================#
#===========================================================#
# Architecture, Instance Type, OS Images
#===========================================================#
variable "architecture" {
description = "The architecture type (amd64 or arm64)"
type = string
default = "amd64" # comment this to use arm64
#default = "arm64" # uncomment this to use arm64
}
variable "distro" {
description = "The distro code (d12 or d13)"
type = string
default = "d12" # d12 = Debian 12, d13 = Debian 13
}
variable "project" {
description = "GCP project ID"
type = string
# default = "your-project-id" # Set your project ID here or via env
}
variable "region" {
description = "GCP region"
type = string
default = "us-central1"
}
variable "zone" {
description = "GCP zone"
type = string
default = "us-central1-a"
}
locals {
disk_size = 40 # system disk size in GB
# Machine types: e2-medium for amd64, t2a-standard-2 for arm64
machine_type_map = {
amd64 = "e2-medium" # 2 vCPU, 4 GiB (shared-core)
arm64 = "t2a-standard-2" # 2 vCPU, 8 GiB (Tau T2A Arm)
}
# Debian image families
# Project: debian-cloud
image_family_map = {
amd64 = {
d12 = "debian-12"
d13 = "debian-13"
}
arm64 = {
d12 = "debian-12-arm64"
d13 = "debian-13-arm64"
}
}
selected_machine_type = local.machine_type_map[var.architecture]
selected_image_family = local.image_family_map[var.architecture][var.distro]
}
#===========================================================#
# Terraform Provider
#===========================================================#
terraform {
required_version = ">= 1.0"
required_providers {
google = {
source = "hashicorp/google"
version = "~> 5.0"
}
}
}
#===========================================================#
# Credentials
#===========================================================#
# Authenticate via gcloud CLI: gcloud auth application-default login
# Or use service account key:
# export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account-key.json"
# Or set credentials in provider block
provider "google" {
project = var.project
region = var.region
zone = var.zone
}
#===========================================================#
# VPC Network
#===========================================================#
resource "google_compute_network" "pigsty_vpc" {
name = "pigsty-vpc"
auto_create_subnetworks = false
}
#===========================================================#
# Subnet
#===========================================================#
resource "google_compute_subnetwork" "pigsty_subnet" {
name = "pigsty-subnet"
ip_cidr_range = "10.10.10.0/24"
region = var.region
network = google_compute_network.pigsty_vpc.id
private_ip_google_access = true
}
#===========================================================#
# Firewall Rules
#===========================================================#
# Allow all internal traffic within VPC
resource "google_compute_firewall" "pigsty_internal" {
name = "pigsty-allow-internal"
network = google_compute_network.pigsty_vpc.name
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["0-65535"]
}
allow {
protocol = "udp"
ports = ["0-65535"]
}
source_ranges = ["10.10.10.0/24"]
}
# Allow all external traffic (demo only - restrict in production!)
resource "google_compute_firewall" "pigsty_external" {
name = "pigsty-allow-external"
network = google_compute_network.pigsty_vpc.name
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["0-65535"]
}
allow {
protocol = "udp"
ports = ["0-65535"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["pigsty"]
}
#===========================================================#
# Static External IP
#===========================================================#
resource "google_compute_address" "pigsty_ip" {
name = "pigsty-ip"
region = var.region
}
#===========================================================#
# Compute Instance: pg-meta
#===========================================================#
resource "google_compute_instance" "pg-meta" {
name = "pg-meta"
machine_type = local.selected_machine_type
zone = var.zone
tags = ["pigsty"]
boot_disk {
initialize_params {
image = "debian-cloud/${local.selected_image_family}"
size = local.disk_size
type = "pd-ssd"
}
}
network_interface {
subnetwork = google_compute_subnetwork.pigsty_subnet.self_link
network_ip = "10.10.10.10"
access_config {
nat_ip = google_compute_address.pigsty_ip.address
}
}
# Add SSH key metadata (replace with your public key)
metadata = {
ssh-keys = "pigsty:${file("~/.ssh/id_rsa.pub")}"
}
# Enable OS Login (alternative to SSH keys)
# metadata = {
# enable-oslogin = "TRUE"
# }
labels = {
name = "pg-meta"
project = "pigsty"
managedby = "terraform"
}
# Allow instance to be stopped for maintenance
scheduling {
automatic_restart = true
on_host_maintenance = "MIGRATE"
}
# Service account (optional, uses default if not specified)
service_account {
scopes = ["cloud-platform"]
}
}
#===========================================================#
# Output
#===========================================================#
output "meta_ip" {
description = "Public IP of pg-meta instance"
value = google_compute_address.pigsty_ip.address
}
output "ssh_command" {
description = "SSH command to connect"
value = "ssh -i ~/.ssh/id_rsa pigsty@${google_compute_address.pigsty_ip.address}"
}
output "gcloud_ssh" {
description = "Alternative: SSH via gcloud"
value = "gcloud compute ssh pg-meta --zone=${var.zone}"
}
Reference in New Issue View Git Blame Copy Permalink