def __init__(self,
name: str,
args: ServerArgs,
opts: ResourceOptions = None):
super().__init__("my:modules:Server", name, {}, opts)
firewall = compute.Firewall(name,
network=args.subnet.network,
allows=[{
"protocol": "tcp",
"ports": args.ports,
}],
target_tags=[args.service_name],
opts=ResourceOptions(parent=self)
)
addr = compute.address.Address(name,
opts=ResourceOptions(parent=self)
)
self.instance = compute.Instance(name,
machine_type=args.machine_type,
boot_disk={
"initializeParams": {
"image": "ubuntu-os-cloud/ubuntu-1804-lts"
}
},
network_interfaces=[{
"subnetwork": args.subnet.self_link,
"accessConfigs": [{
"nat_ip": addr.address
}]
}],
tags=[args.service_name],
metadata=args.metadata,
metadata_startup_script=args.metadata_startup_script,
opts=ResourceOptions(parent=self)
)
self.register_outputs({})
def __init__(self,
name: str,
args: ServerArgs,
opts: ResourceOptions = None):
super().__init__("my:modules:Server", name, {}, opts)
firewall = compute.Firewall(name,
network=args.subnet.network,
allows=[
compute.FirewallAllowArgs(
protocol="tcp",
ports=args.ports,
)
],
target_tags=[args.service_name],
opts=ResourceOptions(parent=self))
addr = compute.address.Address(name, opts=ResourceOptions(parent=self))
self.instance = compute.Instance(
name,
machine_type=args.machine_type,
boot_disk=compute.InstanceBootDiskArgs(
initialize_params=compute.InstanceBootDiskInitializeParamsArgs(
image="ubuntu-os-cloud/ubuntu-1804-lts")),
network_interfaces=[
compute.InstanceNetworkInterfaceArgs(
subnetwork=args.subnet.self_link,
access_configs=[
compute.InstanceNetworkInterfaceAccessConfigArgs(
nat_ip=addr.address)
])
],
tags=[args.service_name],
metadata=args.metadata,
metadata_startup_script=args.metadata_startup_script,
opts=ResourceOptions(parent=self))
self.register_outputs({})
import pulumi
from pulumi_gcp import compute
#
# network and firewall for both virtual machines
#
network = compute.Network("poc")
firewall = compute.Firewall("poc",
network=network.self_link,
allows=[
compute.FirewallAllowArgs(protocol="tcp",
ports=["22"]),
compute.FirewallAllowArgs(protocol="tcp",
ports=["80"]),
])
#
# virtual machine running nginx via a [startup script](https://cloud.google.com/compute/docs/startupscript)
#
script = """#!/bin/bash
apt -y update
apt -y install nginx
"""
instance_addr = compute.address.Address("poc")
instance = compute.Instance(
"poc",
machine_type="f1-micro",
boot_disk=compute.InstanceBootDiskArgs(
initialize_params=compute.InstanceBootDiskInitializeParamsArgs(
}
addr = compute.address.Address(resource_name='orb-pulumi-gcp')
external_ip = addr.address
network = compute.Network("network")
network_interface = [{
'network': network.id,
'accessConfigs': [{
'nat_ip': external_ip
}],
}]
firewall = compute.Firewall("firewall",
network=network.self_link,
allows=[{
'protocol': "tcp",
'ports': ["22", "5000"]
}])
instance = compute.Instance('orb-pulumi-gcp',
name='orb-pulumi-gcp',
boot_disk=disk,
machine_type='g1-small',
network_interfaces=network_interface,
metadata=meta_data)
# Export the DNS name of the bucket
pulumi.export('instance_name', instance.name)
pulumi.export('instance_meta_data', instance.metadata)
pulumi.export('instance_network', instance.network_interfaces)
pulumi.export('external_ip', addr.address)
region_zone = config.zone
project_name = config.project
compute_network = compute.Network(
"network",
project=project_name,
auto_create_subnetworks=True,
)
compute_firewall = compute.Firewall(
"firewall",
project=project_name,
network=compute_network.self_link,
allows=[
{
"protocol": "icmp",
},
{
"protocol": "tcp",
"ports": ["22", "80"],
},
],
)
compute_instance = compute.Instance(
"instance",
project=project_name,
machine_type="f1-micro",
zone=region_zone,
boot_disk={
"initializeParams": {
"image": "debian-cloud/debian-9",
import pulumi
from pulumi import ResourceOptions
from pulumi_gcp import compute
compute_network = compute.Network(
"network",
auto_create_subnetworks=True,
)
compute_firewall = compute.Firewall(
"firewall",
network=compute_network.self_link,
allows=[compute.FirewallAllowArgs(
protocol="tcp",
ports=["22", "80"],
)]
)
# A simple bash script that will run when the webserver is initalized
startup_script = """#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &"""
instance_addr = compute.address.Address("address")
compute_instance = compute.Instance(
"instance",
machine_type="f1-micro",
metadata_startup_script=startup_script,
boot_disk=compute.InstanceBootDiskArgs(
initialize_params=compute.InstanceBootDiskInitializeParamsArgs(
image="debian-cloud/debian-9-stretch-v20181210"
import pulumi
from pulumi import ResourceOptions
from pulumi_gcp import compute
compute_network = compute.Network(
"network",
auto_create_subnetworks=True,
)
compute_firewall = compute.Firewall("firewall",
network=compute_network.self_link,
allows=[{
"protocol": "tcp",
"ports": ["22", "80"],
}])
# A simple bash script that will run when the webserver is initalized
startup_script = """#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &"""
instance_addr = compute.address.Address("address")
compute_instance = compute.Instance(
"instance",
machine_type="f1-micro",
metadata_startup_script=startup_script,
boot_disk={
"initializeParams": {
"image": "debian-cloud/debian-9-stretch-v20181210"
}
},
import pulumi
from pulumi_gcp import compute
network = compute.Network("template-network")
firewall = compute.Firewall("template-firewall",
network=network.self_link,
allows=[
compute.FirewallAllowArgs(protocol="tcp",
ports=["22"]),
compute.FirewallAllowArgs(protocol="tcp",
ports=["80"]),
compute.FirewallAllowArgs(protocol="tcp",
ports=["443"]),
compute.FirewallAllowArgs(protocol="tcp",
ports=["2376"]),
compute.FirewallAllowArgs(protocol="tcp",
ports=["6443"]),
])
script = """
#!/bin/bash
sudo echo "#ubuntu
deb http://archive.ubuntu.com/ubuntu focal main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu focal-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu focal-proposed restricted main universe multiverse
#security
deb http://security.ubuntu.com/ubuntu focal-security main restricted universe multiverse
#partner
deb http://archive.canonical.com/ubuntu focal partner" > /etc/apt/sources.list
# Read init script
with open('scripts/vm_startup_script.txt', 'r') as startup_script:
data = startup_script.read()
script = data
# Read ssh key from pulumi configs
config = pulumi.Config()
sshkey = config.require_secret('sshkey') # Read the secret: sshkey
# Create VPC network
compute_network = compute.Network("default-network")
# Create firewall rules to VPC network
compute_firewall = compute.Firewall(
"firewall",
network=compute_network.name,
allows=[compute.FirewallAllowArgs(protocol="tcp", ports=["22", "80"])])
# Create IP address
instance_addr = compute.Address("demo-instance-address", region="asia-east1")
# Create Instance
compute_instance = compute.Instance(
"demo-instance",
zone="asia-east1-a",
boot_disk=compute.InstanceBootDiskArgs(
initialize_params=compute.InstanceBootDiskInitializeParamsArgs(
image="ubuntu-1804-bionic-v20210211")),
machine_type="e2-medium",
network_interfaces=[
compute.InstanceNetworkInterfaceArgs(
import pulumi
from pulumi_gcp import compute
script = "#!/bin/bash\nsudo touch /tmp/a.txt\nsudo yum install -y nginx\nsudo service nginx start"
addr = compute.address.Address("poc")
network = compute.Network("poc")
firewall = compute.Firewall("poc",
network=network.self_link,
allows=[{
"protocol": "tcp",
"ports": ["22"]
}, {
"protocol": "tcp",
"ports": ["80"]
}])
instance = compute.Instance(
"poc",
name="poc",
machine_type="f1-micro",
boot_disk={
"initializeParams": {
"image": "centos-cloud/centos-7-v20190116"
}
},
network_interfaces=[{
"network": network.id,
"accessConfigs": [{
def create_vpc(config_file):
r"""
Generate network block
Dict load from config file
{
"vpctest": {
"auto_create_subnetworks": false,
"region": {
"asia-southeast1": {
"subnet": [
"10.26.1.0/24"
],
"subnet_name": "webzone"
},
"us-central1": {
"subnet": [
"10.26.1.0/24"
],
"subnet_name": "dbzone"
}
},
"routing_mode": "GLOBAL",
"vpc_name": "vpctest"
},
}
"""
config_vpcs = load_config(config_file) ###Load VPC config
all_created_vpcs, all_created_subnetwork = [], []
####Generate VPC from yaml config files = dict
for key, value in config_vpcs.items():
network_instance = compute.Network(
value["vpc_name"],
name=value["vpc_name"], ####Disable auto-naming
auto_create_subnetworks = value["auto_create_subnetworks"],
routing_mode = value["routing_mode"]
)
all_created_vpcs.append(network_instance)
all_subnet_per_vpc = []
######Generate subnet for vpc if auto_create_subnetworks == false
if(value["auto_create_subnetworks"] == False):
for region, region_val in value["region"].items():
for item in region_val["subnet"]:
subnetwork_instance = compute.Subnetwork(
region_val["subnet_name"],
name=region_val["subnet_name"], ####Disable auto-naming
ip_cidr_range = item,
network = network_instance.self_link,
region = region,
opts = ResourceOptions(depends_on=[network_instance])
)
all_subnet_per_vpc.append(item)
all_created_subnetwork.append(subnetwork_instance)
#######Generate internal FW block
rule_name = "allowinternal" + value["vpc_name"]
rule_name = compute.Firewall(
rule_name,
network = network_instance,
allows = [
{
"protocol": "icmp",
},
{
"protocol": "tcp",
"ports": ["0-65535"]
},
{
"protocol": "udp",
"ports": ["0-65535"]
}
],
source_ranges = all_subnet_per_vpc
)
#########Generate FW outside FW block
rule_name = "allowingress" + value["vpc_name"]
rule_name = compute.Firewall(
rule_name,
network = network_instance,
allows = [
{
"protocol": "tcp",
"ports": ["22", "80", "443"]
}
]
)
return {
"all_created_vpcs": all_created_vpcs,
"all_created_subnetwork": all_created_subnetwork
}
import pulumi
from pulumi import ResourceOptions
from pulumi_gcp import compute
import script_init_nginx
#setup the network settings
network = compute.Network("network-4-intro")
firewall = compute.Firewall(
"firewall-4-intro",
network=network.self_link,
allows=[
compute.FirewallAllowArgs(protocol="tcp", ports=["22"]),
compute.FirewallAllowArgs(protocol="tcp", ports=["80"]),
#WARN: for unit test demo only.
# compute.FirewallAllowArgs(
# protocol="udp",
# ports=["53"]
# )
])
#setup the compute engine and init it with the script
instance_addr = compute.Address("addr-4-intro", network_tier="STANDARD")
instance = compute.Instance(
"instance-4-intro",
machine_type="e2-small",
boot_disk=compute.InstanceBootDiskArgs(
initialize_params=compute.InstanceBootDiskInitializeParamsArgs(
image="ubuntu-os-cloud/ubuntu-1804-bionic-v20200414"), ),
network_interfaces=[
compute.InstanceNetworkInterfaceArgs(
region_zone = config.zone
project_name = config.project
compute_network = compute.Network(
"network",
project=project_name,
auto_create_subnetworks=True,
)
compute_firewall = compute.Firewall(
"firewall",
project=project_name,
network=compute_network.self_link,
allows=[
compute.FirewallAllowArgs(protocol="icmp"),
compute.FirewallAllowArgs(
protocol="tcp",
ports=["22", "80"],
),
],
)
compute_instance = compute.Instance(
"instance",
project=project_name,
machine_type="f1-micro",
zone=region_zone,
boot_disk=compute.InstanceBootDiskArgs(
initialize_params=compute.InstanceBootDiskInitializeParamsArgs(
image="debian-cloud/debian-9", ), ),
network_interfaces=[
def create():
cc = ClusterConfig()
public_address = compute.address.Address("kubernetes-the-hard-way")
cc.public_address = public_address
network = compute.Network("kubernetes-the-hard-way",
auto_create_subnetworks=False)
subnet = compute.Subnetwork("kubernetes",
network=network,
ip_cidr_range="10.240.0.0/24")
cc.network = network
cc.subnet = subnet
firewall_external = compute.Firewall(
"kubernetes-the-hard-way-allow-external",
network=network.self_link,
source_ranges=["0.0.0.0/0"],
allows=[{
"protocol": "tcp",
"ports": ["22", "6443"]
}, {
"protocol": "icmp"
}])
firewall_internal = compute.Firewall(
"kubernetes-the-hard-way-allow-internal",
network=network.self_link,
source_ranges=["10.240.0.0/24", "10.200.0.0/16"],
allows=[
{
"protocol": "tcp"
},
{
"protocol": "icmp"
},
{
"protocol": "udp"
},
])
cc.firewall_external = firewall_external
cc.firewall_internal = firewall_internal
#Create controllers
for i in range(0, 3):
instance = compute.Instance(
"controller-" + str(i),
name="controller-" + str(i),
machine_type="g1-small",
#machine_type="n1-standard-1",
boot_disk={
"initializeParams": {
"size": 200,
"image": "ubuntu-os-cloud/ubuntu-1804-lts"
}
},
can_ip_forward=True,
network_interfaces=[{
"network":
network.id,
"subnetwork":
subnet.id,
"network_ip":
"10.240.0.1" + str(i),
"accessConfigs": [{
#Assign External IP address to the instance
"network_tier": "STANDARD"
}]
}],
service_account={
"scopes": [
"compute-rw", "storage-ro", "service-management",
"service-control", "logging-write", "monitoring"
],
},
tags=["kubernetes-the-hard-way", "controller"])
cc.instances["controllers"][i] = instance
#TODO if a resource is not created then one cannot call export on an unpopulated property/key since it will throw error
#pulumi.export("controller-" + str(i), instance.network_interfaces[0]['accessConfigs'][0]['natIp'])
#print("controller-" + str(i))
#pulumi.export("print-controller-"+str(i), instance.name.apply(lambda name: print(name)))
#pulumi.export("print-controller-"+str(i), cc.instances["controllers"][i].network_interfaces.apply(lambda network_interfaces: print(network_interfaces[0]['accessConfigs'][0]['natIp'])))
#Create workers
for i in range(0, 3):
instance = compute.Instance(
"worker-" + str(i),
name="worker-" + str(i),
machine_type="g1-small",
#machine_type="n1-standard-1",
boot_disk={
"initializeParams": {
"size": 200,
"image": "ubuntu-os-cloud/ubuntu-1804-lts"
}
},
can_ip_forward=True,
network_interfaces=[{
"network":
network.id,
"subnetwork":
subnet.id,
"network_ip":
"10.240.0.2" + str(i),
"accessConfigs": [{
#Assign External IP address to the instance
"network_tier": "STANDARD"
}]
}],
service_account={
"scopes": [
"compute-rw", "storage-ro", "service-management",
"service-control", "logging-write", "monitoring"
],
},
metadata={"pod-cidr": "10.200." + str(i) + ".0/24"},
tags=["kubernetes-the-hard-way", "worker"])
cc.instances["workers"][i] = instance
#TODO if a resource is not created then one cannot call export on an unpopulated property/key since it will throw error
#pulumi.export("worker-" + str(i), instance.network_interfaces[0]['accessConfigs'][0]['natIp'])
#print("worker-" + str(i))
#pulumi.export("print-worker-"+str(i), instance.name.apply(lambda name: print(name)))
#pulumi.export("print-worker-"+str(i), cc.instances["workers"][i].network_interfaces.apply(lambda network_interfaces: print(network_interfaces[0]['accessConfigs'][0]['natIp'])))
#Fill in ips when instance creation is done
#cc.fill_instances_ips()
return cc