def __init__(self, name: str, args: VpcArgs, opts: ResourceOptions = None):
super().__init__("my:modules:Vpc", name, {}, opts)
child_opts = ResourceOptions(parent=self)
self.network = compute.Network(name,
auto_create_subnetworks=False,
opts=ResourceOptions(parent=self))
self.subnets = []
for i, ip_cidr_range in enumerate(args.subnet_cidr_blocks):
subnet = compute.Subnetwork(
f"{name}-{i}",
network=self.network.self_link,
ip_cidr_range=ip_cidr_range,
opts=ResourceOptions(parent=self.network))
self.subnets.append(subnet)
self.router = compute.Router(name,
network=self.network.self_link,
opts=ResourceOptions(parent=self.network))
self.nat = compute.RouterNat(
name,
router=self.router.name,
nat_ip_allocate_option="AUTO_ONLY",
source_subnetwork_ip_ranges_to_nat="ALL_SUBNETWORKS_ALL_IP_RANGES",
opts=ResourceOptions(parent=self.network))
self.register_outputs({})
import pulumi
from pulumi_gcp import compute
#
# network and firewall for both virtual machines
#
network = compute.Network("poc")
firewall = compute.Firewall("poc",
network=network.self_link,
allows=[
compute.FirewallAllowArgs(protocol="tcp",
ports=["22"]),
compute.FirewallAllowArgs(protocol="tcp",
ports=["80"]),
])
#
# virtual machine running nginx via a [startup script](https://cloud.google.com/compute/docs/startupscript)
#
script = """#!/bin/bash
apt -y update
apt -y install nginx
"""
instance_addr = compute.address.Address("poc")
instance = compute.Instance(
"poc",
machine_type="f1-micro",
boot_disk=compute.InstanceBootDiskArgs(
initialize_params=compute.InstanceBootDiskInitializeParamsArgs(
'initializeParams': {
'image': 'projects/cos-cloud/global/images/cos-stable-69-10895-62-0'
}
}
meta_data = {
"gce-container-declaration":
"spec:\n containers:\n - name: test-docker\n image: '" +
docker_image +
"'\n stdin: false\n tty: false\n restartPolicy: Always\n"
}
addr = compute.address.Address(resource_name='orb-pulumi-gcp')
external_ip = addr.address
network = compute.Network("network")
network_interface = [{
'network': network.id,
'accessConfigs': [{
'nat_ip': external_ip
}],
}]
firewall = compute.Firewall("firewall",
network=network.self_link,
allows=[{
'protocol': "tcp",
'ports': ["22", "5000"]
}])
instance = compute.Instance('orb-pulumi-gcp',
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from pulumi_gcp import config, compute
region_zone = config.zone
project_name = config.project
compute_network = compute.Network(
"network",
project=project_name,
auto_create_subnetworks=True,
)
compute_firewall = compute.Firewall(
"firewall",
project=project_name,
network=compute_network.self_link,
allows=[
{
"protocol": "icmp",
},
{
"protocol": "tcp",
"ports": ["22", "80"],
},
import pulumi
from pulumi import ResourceOptions
from pulumi_gcp import compute
compute_network = compute.Network(
"network",
auto_create_subnetworks=True,
)
compute_firewall = compute.Firewall(
"firewall",
network=compute_network.self_link,
allows=[compute.FirewallAllowArgs(
protocol="tcp",
ports=["22", "80"],
)]
)
# A simple bash script that will run when the webserver is initalized
startup_script = """#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &"""
instance_addr = compute.address.Address("address")
compute_instance = compute.Instance(
"instance",
machine_type="f1-micro",
metadata_startup_script=startup_script,
boot_disk=compute.InstanceBootDiskArgs(
initialize_params=compute.InstanceBootDiskInitializeParamsArgs(
image="debian-cloud/debian-9-stretch-v20181210"
import pulumi
from pulumi_gcp import compute
network = compute.Network("template-network")
firewall = compute.Firewall("template-firewall",
network=network.self_link,
allows=[
compute.FirewallAllowArgs(protocol="tcp",
ports=["22"]),
compute.FirewallAllowArgs(protocol="tcp",
ports=["80"]),
compute.FirewallAllowArgs(protocol="tcp",
ports=["443"]),
compute.FirewallAllowArgs(protocol="tcp",
ports=["2376"]),
compute.FirewallAllowArgs(protocol="tcp",
ports=["6443"]),
])
script = """
#!/bin/bash
sudo echo "#ubuntu
deb http://archive.ubuntu.com/ubuntu focal main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu focal-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu focal-proposed restricted main universe multiverse
#security
deb http://security.ubuntu.com/ubuntu focal-security main restricted universe multiverse
#partner
deb http://archive.canonical.com/ubuntu focal partner" > /etc/apt/sources.list
"""A Google Cloud Python Pulumi program"""
import pulumi
from pulumi import ResourceOptions
from pulumi_gcp import compute
# Read init script
with open('scripts/vm_startup_script.txt', 'r') as startup_script:
data = startup_script.read()
script = data
# Read ssh key from pulumi configs
config = pulumi.Config()
sshkey = config.require_secret('sshkey') # Read the secret: sshkey
# Create VPC network
compute_network = compute.Network("default-network")
# Create firewall rules to VPC network
compute_firewall = compute.Firewall(
"firewall",
network=compute_network.name,
allows=[compute.FirewallAllowArgs(protocol="tcp", ports=["22", "80"])])
# Create IP address
instance_addr = compute.Address("demo-instance-address", region="asia-east1")
# Create Instance
compute_instance = compute.Instance(
"demo-instance",
zone="asia-east1-a",
boot_disk=compute.InstanceBootDiskArgs(
def create_vpc(config_file):
r"""
Generate network block
Dict load from config file
{
"vpctest": {
"auto_create_subnetworks": false,
"region": {
"asia-southeast1": {
"subnet": [
"10.26.1.0/24"
],
"subnet_name": "webzone"
},
"us-central1": {
"subnet": [
"10.26.1.0/24"
],
"subnet_name": "dbzone"
}
},
"routing_mode": "GLOBAL",
"vpc_name": "vpctest"
},
}
"""
config_vpcs = load_config(config_file) ###Load VPC config
all_created_vpcs, all_created_subnetwork = [], []
####Generate VPC from yaml config files = dict
for key, value in config_vpcs.items():
network_instance = compute.Network(
value["vpc_name"],
name=value["vpc_name"], ####Disable auto-naming
auto_create_subnetworks = value["auto_create_subnetworks"],
routing_mode = value["routing_mode"]
)
all_created_vpcs.append(network_instance)
all_subnet_per_vpc = []
######Generate subnet for vpc if auto_create_subnetworks == false
if(value["auto_create_subnetworks"] == False):
for region, region_val in value["region"].items():
for item in region_val["subnet"]:
subnetwork_instance = compute.Subnetwork(
region_val["subnet_name"],
name=region_val["subnet_name"], ####Disable auto-naming
ip_cidr_range = item,
network = network_instance.self_link,
region = region,
opts = ResourceOptions(depends_on=[network_instance])
)
all_subnet_per_vpc.append(item)
all_created_subnetwork.append(subnetwork_instance)
#######Generate internal FW block
rule_name = "allowinternal" + value["vpc_name"]
rule_name = compute.Firewall(
rule_name,
network = network_instance,
allows = [
{
"protocol": "icmp",
},
{
"protocol": "tcp",
"ports": ["0-65535"]
},
{
"protocol": "udp",
"ports": ["0-65535"]
}
],
source_ranges = all_subnet_per_vpc
)
#########Generate FW outside FW block
rule_name = "allowingress" + value["vpc_name"]
rule_name = compute.Firewall(
rule_name,
network = network_instance,
allows = [
{
"protocol": "tcp",
"ports": ["22", "80", "443"]
}
]
)
return {
"all_created_vpcs": all_created_vpcs,
"all_created_subnetwork": all_created_subnetwork
}
import pulumi
from pulumi import ResourceOptions
from pulumi_gcp import compute
import init_scripts
#setup the network settings
network=compute.Network("network-4-demo")
firewall=compute.Firewall(
"firewall-4-demo",
network=network.self_link,
allows=[
compute.FirewallAllowArgs(
protocol="tcp",
ports=["22"]
),
compute.FirewallAllowArgs(
protocol="tcp",
ports=["80"]
)
]
)
#setup the policy server and init it with the script
instance_srvaddr=compute.Address("addr-4-demoserver",network_tier="STANDARD")
instance_srv=compute.Instance(
"instance-4-policyserver",
machine_type="e2-small",
boot_disk=compute.InstanceBootDiskArgs(
initialize_params=compute.InstanceBootDiskInitializeParamsArgs(
import pulumi
from pulumi import ResourceOptions
from pulumi_gcp import compute
import script_init_nginx
#setup the network settings
network = compute.Network("network-4-intro")
firewall = compute.Firewall(
"firewall-4-intro",
network=network.self_link,
allows=[
compute.FirewallAllowArgs(protocol="tcp", ports=["22"]),
compute.FirewallAllowArgs(protocol="tcp", ports=["80"]),
#WARN: for unit test demo only.
# compute.FirewallAllowArgs(
# protocol="udp",
# ports=["53"]
# )
])
#setup the compute engine and init it with the script
instance_addr = compute.Address("addr-4-intro", network_tier="STANDARD")
instance = compute.Instance(
"instance-4-intro",
machine_type="e2-small",
boot_disk=compute.InstanceBootDiskArgs(
initialize_params=compute.InstanceBootDiskInitializeParamsArgs(
image="ubuntu-os-cloud/ubuntu-1804-bionic-v20200414"), ),
network_interfaces=[
compute.InstanceNetworkInterfaceArgs(
def create():
cc = ClusterConfig()
public_address = compute.address.Address("kubernetes-the-hard-way")
cc.public_address = public_address
network = compute.Network("kubernetes-the-hard-way",
auto_create_subnetworks=False)
subnet = compute.Subnetwork("kubernetes",
network=network,
ip_cidr_range="10.240.0.0/24")
cc.network = network
cc.subnet = subnet
firewall_external = compute.Firewall(
"kubernetes-the-hard-way-allow-external",
network=network.self_link,
source_ranges=["0.0.0.0/0"],
allows=[{
"protocol": "tcp",
"ports": ["22", "6443"]
}, {
"protocol": "icmp"
}])
firewall_internal = compute.Firewall(
"kubernetes-the-hard-way-allow-internal",
network=network.self_link,
source_ranges=["10.240.0.0/24", "10.200.0.0/16"],
allows=[
{
"protocol": "tcp"
},
{
"protocol": "icmp"
},
{
"protocol": "udp"
},
])
cc.firewall_external = firewall_external
cc.firewall_internal = firewall_internal
#Create controllers
for i in range(0, 3):
instance = compute.Instance(
"controller-" + str(i),
name="controller-" + str(i),
machine_type="g1-small",
#machine_type="n1-standard-1",
boot_disk={
"initializeParams": {
"size": 200,
"image": "ubuntu-os-cloud/ubuntu-1804-lts"
}
},
can_ip_forward=True,
network_interfaces=[{
"network":
network.id,
"subnetwork":
subnet.id,
"network_ip":
"10.240.0.1" + str(i),
"accessConfigs": [{
#Assign External IP address to the instance
"network_tier": "STANDARD"
}]
}],
service_account={
"scopes": [
"compute-rw", "storage-ro", "service-management",
"service-control", "logging-write", "monitoring"
],
},
tags=["kubernetes-the-hard-way", "controller"])
cc.instances["controllers"][i] = instance
#TODO if a resource is not created then one cannot call export on an unpopulated property/key since it will throw error
#pulumi.export("controller-" + str(i), instance.network_interfaces[0]['accessConfigs'][0]['natIp'])
#print("controller-" + str(i))
#pulumi.export("print-controller-"+str(i), instance.name.apply(lambda name: print(name)))
#pulumi.export("print-controller-"+str(i), cc.instances["controllers"][i].network_interfaces.apply(lambda network_interfaces: print(network_interfaces[0]['accessConfigs'][0]['natIp'])))
#Create workers
for i in range(0, 3):
instance = compute.Instance(
"worker-" + str(i),
name="worker-" + str(i),
machine_type="g1-small",
#machine_type="n1-standard-1",
boot_disk={
"initializeParams": {
"size": 200,
"image": "ubuntu-os-cloud/ubuntu-1804-lts"
}
},
can_ip_forward=True,
network_interfaces=[{
"network":
network.id,
"subnetwork":
subnet.id,
"network_ip":
"10.240.0.2" + str(i),
"accessConfigs": [{
#Assign External IP address to the instance
"network_tier": "STANDARD"
}]
}],
service_account={
"scopes": [
"compute-rw", "storage-ro", "service-management",
"service-control", "logging-write", "monitoring"
],
},
metadata={"pod-cidr": "10.200." + str(i) + ".0/24"},
tags=["kubernetes-the-hard-way", "worker"])
cc.instances["workers"][i] = instance
#TODO if a resource is not created then one cannot call export on an unpopulated property/key since it will throw error
#pulumi.export("worker-" + str(i), instance.network_interfaces[0]['accessConfigs'][0]['natIp'])
#print("worker-" + str(i))
#pulumi.export("print-worker-"+str(i), instance.name.apply(lambda name: print(name)))
#pulumi.export("print-worker-"+str(i), cc.instances["workers"][i].network_interfaces.apply(lambda network_interfaces: print(network_interfaces[0]['accessConfigs'][0]['natIp'])))
#Fill in ips when instance creation is done
#cc.fill_instances_ips()
return cc