This module can operate in two distinct modes:
- instance creation, with optional unmanaged group
- instance template creation
In both modes, an optional service account can be created and assigned to either instances or template. If you need a managed instance group when using the module in template mode, refer to the compute-mig
module.
The simplest example leverages defaults for the boot disk image and size, and uses a service account created by the module. Multiple instances can be managed via the instance_count
variable.
module "simple-vm-example" {
source = "./modules/compute-vm"
project_id = var.project_id
region = var.region
name = "test"
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
alias_ips = null
}]
service_account_create = true
instance_count = 1
}
# tftest:modules=1:resources=2
Attached disks can be created and optionally initialized from a pre-existing source, or attached to VMs when pre-existing. The source
and source_type
attributes of the attached_disks
variable allows several modes of operation:
source_type = "image"
can be used with zonal disks in instances and templates, setsource
to the image name or linksource_type = "snapshot"
can be used with instances only, setsource
to the snapshot name or linksource_type = "attach"
can be used for both instances and templates to attach an existing disk, set source to the name (for zonal disks) or link (for regional disks) of the existing disk to attach; no disk will be createdsource_type = null
can be used where an empty disk is needed,source
becomes irrelevant and can be left null
This is an example of attaching a pre-existing regional PD to a new instance:
module "simple-vm-example" {
source = "./modules/compute-vm"
project_id = var.project_id
region = var.region
name = "test"
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
alias_ips = null
}]
attached_disks = [{
name = "repd-1"
size = null
source_type = "attach"
source = "regions/${var.region}/disks/repd-test-1"
options = {
auto_delete = false
mode = null
regional = true
type = null
}
}]
service_account_create = true
}
# tftest:modules=1:resources=2
And the same example for an instance template (where not using the full self link of the disk triggers recreation of the template)
module "simple-vm-example" {
source = "./modules/compute-vm"
project_id = var.project_id
region = var.region
name = "test"
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
alias_ips = null
}]
attached_disks = [{
name = "repd"
size = null
source_type = "attach"
source = "https://www.googleapis.com/compute/v1/projects/${var.project_id}/regions/${var.region}/disks/repd-test-1"
options = {
auto_delete = false
mode = null
regional = true
type = null
}
}]
service_account_create = true
use_instance_template = true
}
# tftest:modules=1:resources=2
This example shows how to control disk encryption via the the encryption
variable, in this case the self link to a KMS CryptoKey that will be used to encrypt boot and attached disk. Managing the key with the ../kms
module is of course possible, but is not shown here.
module "kms-vm-example" {
source = "./modules/compute-vm"
project_id = var.project_id
region = var.region
name = "kms-test"
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
alias_ips = null
}]
attached_disks = [
{
name = "attached-disk"
size = 10
source = null
source_type = null
options = null
}
]
service_account_create = true
instance_count = 1
boot_disk = {
image = "projects/debian-cloud/global/images/family/debian-10"
type = "pd-ssd"
size = 10
}
encryption = {
encrypt_boot = true
disk_encryption_key_raw = null
kms_key_self_link = var.kms_key.self_link
}
}
# tftest:modules=1:resources=3
This example shows how add additional Alias IPs to your VM.
module "vm-with-alias-ips" {
source = "./modules/compute-vm"
project_id = "my-project"
region = "europe-west1"
name = "test"
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
alias_ips = {
alias1 = [
"10.16.0.10/32", # alias1 IP for first instance
"10.16.0.11/32", # alias1 IP for second instance
"10.16.0.12/32", # alias1 IP for third instance
]
}
}]
service_account_create = true
instance_count = 3
}
# tftest:modules=1:resources=4
This example shows how to use the module to manage an instance template that defines an additional attached disk for each instance, and overrides defaults for the boot disk image and service account.
module "cos-test" {
source = "./modules/compute-vm"
project_id = "my-project"
region = "europe-west1"
name = "test"
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
alias_ips = null
}]
instance_count = 1
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
type = "pd-ssd"
size = 10
}
attached_disks = [
{
name = "disk-1"
size = 10
source = null
source_type = null
options = null
}
]
service_account = "[email protected]"
use_instance_template = true
}
# tftest:modules=1:resources=1
If an instance group is needed when operating in instance mode, simply set the group
variable to a non null map. The map can contain named port declarations, or be empty if named ports are not needed.
locals {
cloud_config = "my cloud config"
}
module "instance-group" {
source = "./modules/compute-vm"
project_id = "my-project"
region = "europe-west1"
name = "ilb-test"
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
type = "pd-ssd"
size = 10
}
service_account = var.service_account.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
metadata = {
user-data = local.cloud_config
}
group = { named_ports = {} }
}
# tftest:modules=1:resources=2
name | description | type | required | default |
---|---|---|---|---|
name | Instances base name. | string |
✓ | |
network_interfaces | Network interfaces configuration. Use self links for Shared VPC, set addresses and alias_ips to null if not needed. | list(object({...})) |
✓ | |
project_id | Project id. | string |
✓ | |
region | Compute region. | string |
✓ | |
attached_disk_defaults | Defaults for attached disks options. | object({...}) |
... |
|
attached_disks | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | list(object({...})) |
... |
|
boot_disk | Boot disk properties. | object({...}) |
... |
|
can_ip_forward | Enable IP forwarding. | bool |
false |
|
confidential_compute | Enable Confidential Compute for these instances. | bool |
false |
|
enable_display | Enable virtual display on the instances | bool |
false |
|
encryption | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | object({...}) |
null |
|
group | Define this variable to create an instance group for instances. Disabled for template use. | object({...}) |
null |
|
hostname | Instance FQDN name. | string |
null |
|
iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) |
{} |
|
instance_count | Number of instances to create (only for non-template usage). | number |
1 |
|
instance_type | Instance type. | string |
f1-micro |
|
labels | Instance labels. | map(string) |
{} |
|
metadata | Instance metadata. | map(string) |
{} |
|
metadata_list | List of instance metadata that will be cycled through. Ignored for template use. | list(map(string)) |
[] |
|
min_cpu_platform | Minimum CPU platform. | string |
null |
|
options | Instance options. | object({...}) |
... |
|
scratch_disks | Scratch disks configuration. | object({...}) |
... |
|
service_account | Service account email. Unused if service account is auto-created. | string |
null |
|
service_account_create | Auto-create service account. | bool |
false |
|
service_account_scopes | Scopes applied to service account. | list(string) |
[] |
|
shielded_config | Shielded VM configuration of the instances. | object({...}) |
null |
|
single_name | Do not append progressive count to instance name. | bool |
false |
|
tags | Instance tags. | list(string) |
[] |
|
use_instance_template | Create instance template instead of instances. | bool |
false |
|
zones | Compute zone, instance will cycle through the list, defaults to the 'b' zone in the region. | list(string) |
[] |
name | description | sensitive |
---|---|---|
external_ips | Instance main interface external IP addresses. | |
groups | Instance group resources. | |
instances | Instance resources. | |
internal_ips | Instance main interface internal IP addresses. | |
names | Instance names. | |
self_links | Instance self links. | |
service_account | Service account resource. | |
service_account_email | Service account email. | |
service_account_iam_email | Service account email. | |
template | Template resource. | |
template_name | Template name. |
- add support for instance groups