Skip to content

Latest commit

 

History

History
 
 

compute-vm

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 

Google Compute Engine VM module

This module can operate in two distinct modes:

  • instance creation, with optional unmanaged group
  • instance template creation

In both modes, an optional service account can be created and assigned to either instances or template. If you need a managed instance group when using the module in template mode, refer to the compute-mig module.

Examples

Instance using defaults

The simplest example leverages defaults for the boot disk image and size, and uses a service account created by the module. Multiple instances can be managed via the instance_count variable.

module "simple-vm-example" {
  source     = "./modules/compute-vm"
  project_id = var.project_id
  region     = var.region
  name       = "test"
  network_interfaces = [{
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
    nat        = false
    addresses  = null
    alias_ips  = null
  }]
  service_account_create = true
  instance_count = 1
}
# tftest:modules=1:resources=2

Disk sources

Attached disks can be created and optionally initialized from a pre-existing source, or attached to VMs when pre-existing. The source and source_type attributes of the attached_disks variable allows several modes of operation:

  • source_type = "image" can be used with zonal disks in instances and templates, set source to the image name or link
  • source_type = "snapshot" can be used with instances only, set source to the snapshot name or link
  • source_type = "attach" can be used for both instances and templates to attach an existing disk, set source to the name (for zonal disks) or link (for regional disks) of the existing disk to attach; no disk will be created
  • source_type = null can be used where an empty disk is needed, source becomes irrelevant and can be left null

This is an example of attaching a pre-existing regional PD to a new instance:

module "simple-vm-example" {
  source     = "./modules/compute-vm"
  project_id = var.project_id
  region     = var.region
  name       = "test"
  network_interfaces = [{
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
    nat        = false
    addresses  = null
    alias_ips  = null
  }]
  attached_disks = [{
    name        = "repd-1"
    size        = null
    source_type = "attach"
    source      = "regions/${var.region}/disks/repd-test-1"
    options = {
      auto_delete = false
      mode        = null
      regional    = true
      type        = null
    }
  }]
  service_account_create = true
}
# tftest:modules=1:resources=2

And the same example for an instance template (where not using the full self link of the disk triggers recreation of the template)

module "simple-vm-example" {
  source     = "./modules/compute-vm"
  project_id = var.project_id
  region     = var.region
  name       = "test"
  network_interfaces = [{
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
    nat        = false
    addresses  = null
    alias_ips  = null
  }]
  attached_disks = [{
    name        = "repd"
    size        = null
    source_type = "attach"
    source      = "https://www.googleapis.com/compute/v1/projects/${var.project_id}/regions/${var.region}/disks/repd-test-1"
    options = {
      auto_delete = false
      mode        = null
      regional    = true
      type        = null
    }
  }]
  service_account_create = true
  use_instance_template  = true
}
# tftest:modules=1:resources=2

Disk encryption with Cloud KMS

This example shows how to control disk encryption via the the encryption variable, in this case the self link to a KMS CryptoKey that will be used to encrypt boot and attached disk. Managing the key with the ../kms module is of course possible, but is not shown here.

module "kms-vm-example" {
  source     = "./modules/compute-vm"
  project_id = var.project_id
  region     = var.region
  name       = "kms-test"
  network_interfaces = [{
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
    nat        = false
    addresses  = null
    alias_ips  = null
  }]
  attached_disks = [
    {
      name  = "attached-disk"
      size        = 10
      source      = null
      source_type = null
      options     = null
    }
  ]
  service_account_create = true
  instance_count         = 1
  boot_disk = {
    image        = "projects/debian-cloud/global/images/family/debian-10"
    type         = "pd-ssd"
    size         = 10
  }
  encryption = {
    encrypt_boot            = true
    disk_encryption_key_raw = null
    kms_key_self_link       = var.kms_key.self_link
  }
}
# tftest:modules=1:resources=3

Using Alias IPs

This example shows how add additional Alias IPs to your VM.

module "vm-with-alias-ips" {
  source     = "./modules/compute-vm"
  project_id = "my-project"
  region     = "europe-west1"
  name       = "test"
  network_interfaces = [{
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
    nat        = false
    addresses  = null
    alias_ips = {
      alias1 = [
        "10.16.0.10/32", # alias1 IP for first instance
        "10.16.0.11/32", # alias1 IP for second instance
        "10.16.0.12/32", # alias1 IP for third instance
      ]
    }
  }]
  service_account_create = true
  instance_count         = 3
}
# tftest:modules=1:resources=4

Instance template

This example shows how to use the module to manage an instance template that defines an additional attached disk for each instance, and overrides defaults for the boot disk image and service account.

module "cos-test" {
  source     = "./modules/compute-vm"
  project_id = "my-project"
  region     = "europe-west1"
  name       = "test"
  network_interfaces = [{
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
    nat        = false
    addresses  = null
    alias_ips  = null
  }]
  instance_count = 1
  boot_disk      = {
    image = "projects/cos-cloud/global/images/family/cos-stable"
    type  = "pd-ssd"
    size  = 10
  }
  attached_disks = [
    {
      name        = "disk-1"
      size        = 10
      source      = null
      source_type = null
      options     = null
    }
  ]
  service_account        = "[email protected]"
  use_instance_template  = true
}
# tftest:modules=1:resources=1

Instance group

If an instance group is needed when operating in instance mode, simply set the group variable to a non null map. The map can contain named port declarations, or be empty if named ports are not needed.

locals {
  cloud_config = "my cloud config"
}

module "instance-group" {
  source     = "./modules/compute-vm"
  project_id = "my-project"
  region     = "europe-west1"
  name       = "ilb-test"
  network_interfaces = [{
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
    nat        = false
    addresses  = null
    alias_ips  = null
  }]
  boot_disk = {
    image = "projects/cos-cloud/global/images/family/cos-stable"
    type  = "pd-ssd"
    size  = 10
  }
  service_account        = var.service_account.email
  service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
  metadata = {
    user-data = local.cloud_config
  }
  group = { named_ports = {} }
}
# tftest:modules=1:resources=2

Variables

name description type required default
name Instances base name. string
network_interfaces Network interfaces configuration. Use self links for Shared VPC, set addresses and alias_ips to null if not needed. list(object({...}))
project_id Project id. string
region Compute region. string
attached_disk_defaults Defaults for attached disks options. object({...}) ...
attached_disks Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. list(object({...})) ...
boot_disk Boot disk properties. object({...}) ...
can_ip_forward Enable IP forwarding. bool false
confidential_compute Enable Confidential Compute for these instances. bool false
enable_display Enable virtual display on the instances bool false
encryption Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. object({...}) null
group Define this variable to create an instance group for instances. Disabled for template use. object({...}) null
hostname Instance FQDN name. string null
iam IAM bindings in {ROLE => [MEMBERS]} format. map(list(string)) {}
instance_count Number of instances to create (only for non-template usage). number 1
instance_type Instance type. string f1-micro
labels Instance labels. map(string) {}
metadata Instance metadata. map(string) {}
metadata_list List of instance metadata that will be cycled through. Ignored for template use. list(map(string)) []
min_cpu_platform Minimum CPU platform. string null
options Instance options. object({...}) ...
scratch_disks Scratch disks configuration. object({...}) ...
service_account Service account email. Unused if service account is auto-created. string null
service_account_create Auto-create service account. bool false
service_account_scopes Scopes applied to service account. list(string) []
shielded_config Shielded VM configuration of the instances. object({...}) null
single_name Do not append progressive count to instance name. bool false
tags Instance tags. list(string) []
use_instance_template Create instance template instead of instances. bool false
zones Compute zone, instance will cycle through the list, defaults to the 'b' zone in the region. list(string) []

Outputs

name description sensitive
external_ips Instance main interface external IP addresses.
groups Instance group resources.
instances Instance resources.
internal_ips Instance main interface internal IP addresses.
names Instance names.
self_links Instance self links.
service_account Service account resource.
service_account_email Service account email.
service_account_iam_email Service account email.
template Template resource.
template_name Template name.

TODO

  • add support for instance groups