def __init__(self, name: str, args: VpcArgs, opts: ResourceOptions = None): super().__init__("my:modules:Vpc", name, {}, opts) child_opts = ResourceOptions(parent=self) self.network = compute.Network(name, auto_create_subnetworks=False, opts=ResourceOptions(parent=self)) self.subnets = [] for i, ip_cidr_range in enumerate(args.subnet_cidr_blocks): subnet = compute.Subnetwork( f"{name}-{i}", network=self.network.self_link, ip_cidr_range=ip_cidr_range, opts=ResourceOptions(parent=self.network)) self.subnets.append(subnet) self.router = compute.Router(name, network=self.network.self_link, opts=ResourceOptions(parent=self.network)) self.nat = compute.RouterNat( name, router=self.router.name, nat_ip_allocate_option="AUTO_ONLY", source_subnetwork_ip_ranges_to_nat="ALL_SUBNETWORKS_ALL_IP_RANGES", opts=ResourceOptions(parent=self.network)) self.register_outputs({})
import pulumi from pulumi_gcp import compute # # network and firewall for both virtual machines # network = compute.Network("poc") firewall = compute.Firewall("poc", network=network.self_link, allows=[ compute.FirewallAllowArgs(protocol="tcp", ports=["22"]), compute.FirewallAllowArgs(protocol="tcp", ports=["80"]), ]) # # virtual machine running nginx via a [startup script](https://cloud.google.com/compute/docs/startupscript) # script = """#!/bin/bash apt -y update apt -y install nginx """ instance_addr = compute.address.Address("poc") instance = compute.Instance( "poc", machine_type="f1-micro", boot_disk=compute.InstanceBootDiskArgs( initialize_params=compute.InstanceBootDiskInitializeParamsArgs(
'initializeParams': { 'image': 'projects/cos-cloud/global/images/cos-stable-69-10895-62-0' } } meta_data = { "gce-container-declaration": "spec:\n containers:\n - name: test-docker\n image: '" + docker_image + "'\n stdin: false\n tty: false\n restartPolicy: Always\n" } addr = compute.address.Address(resource_name='orb-pulumi-gcp') external_ip = addr.address network = compute.Network("network") network_interface = [{ 'network': network.id, 'accessConfigs': [{ 'nat_ip': external_ip }], }] firewall = compute.Firewall("firewall", network=network.self_link, allows=[{ 'protocol': "tcp", 'ports': ["22", "5000"] }]) instance = compute.Instance('orb-pulumi-gcp',
# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from pulumi_gcp import config, compute region_zone = config.zone project_name = config.project compute_network = compute.Network( "network", project=project_name, auto_create_subnetworks=True, ) compute_firewall = compute.Firewall( "firewall", project=project_name, network=compute_network.self_link, allows=[ { "protocol": "icmp", }, { "protocol": "tcp", "ports": ["22", "80"], },
import pulumi from pulumi import ResourceOptions from pulumi_gcp import compute compute_network = compute.Network( "network", auto_create_subnetworks=True, ) compute_firewall = compute.Firewall( "firewall", network=compute_network.self_link, allows=[compute.FirewallAllowArgs( protocol="tcp", ports=["22", "80"], )] ) # A simple bash script that will run when the webserver is initalized startup_script = """#!/bin/bash echo "Hello, World!" > index.html nohup python -m SimpleHTTPServer 80 &""" instance_addr = compute.address.Address("address") compute_instance = compute.Instance( "instance", machine_type="f1-micro", metadata_startup_script=startup_script, boot_disk=compute.InstanceBootDiskArgs( initialize_params=compute.InstanceBootDiskInitializeParamsArgs( image="debian-cloud/debian-9-stretch-v20181210"
import pulumi from pulumi_gcp import compute network = compute.Network("template-network") firewall = compute.Firewall("template-firewall", network=network.self_link, allows=[ compute.FirewallAllowArgs(protocol="tcp", ports=["22"]), compute.FirewallAllowArgs(protocol="tcp", ports=["80"]), compute.FirewallAllowArgs(protocol="tcp", ports=["443"]), compute.FirewallAllowArgs(protocol="tcp", ports=["2376"]), compute.FirewallAllowArgs(protocol="tcp", ports=["6443"]), ]) script = """ #!/bin/bash sudo echo "#ubuntu deb http://archive.ubuntu.com/ubuntu focal main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu focal-updates main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu focal-proposed restricted main universe multiverse #security deb http://security.ubuntu.com/ubuntu focal-security main restricted universe multiverse #partner deb http://archive.canonical.com/ubuntu focal partner" > /etc/apt/sources.list
"""A Google Cloud Python Pulumi program""" import pulumi from pulumi import ResourceOptions from pulumi_gcp import compute # Read init script with open('scripts/vm_startup_script.txt', 'r') as startup_script: data = startup_script.read() script = data # Read ssh key from pulumi configs config = pulumi.Config() sshkey = config.require_secret('sshkey') # Read the secret: sshkey # Create VPC network compute_network = compute.Network("default-network") # Create firewall rules to VPC network compute_firewall = compute.Firewall( "firewall", network=compute_network.name, allows=[compute.FirewallAllowArgs(protocol="tcp", ports=["22", "80"])]) # Create IP address instance_addr = compute.Address("demo-instance-address", region="asia-east1") # Create Instance compute_instance = compute.Instance( "demo-instance", zone="asia-east1-a", boot_disk=compute.InstanceBootDiskArgs(
def create_vpc(config_file): r""" Generate network block Dict load from config file { "vpctest": { "auto_create_subnetworks": false, "region": { "asia-southeast1": { "subnet": [ "10.26.1.0/24" ], "subnet_name": "webzone" }, "us-central1": { "subnet": [ "10.26.1.0/24" ], "subnet_name": "dbzone" } }, "routing_mode": "GLOBAL", "vpc_name": "vpctest" }, } """ config_vpcs = load_config(config_file) ###Load VPC config all_created_vpcs, all_created_subnetwork = [], [] ####Generate VPC from yaml config files = dict for key, value in config_vpcs.items(): network_instance = compute.Network( value["vpc_name"], name=value["vpc_name"], ####Disable auto-naming auto_create_subnetworks = value["auto_create_subnetworks"], routing_mode = value["routing_mode"] ) all_created_vpcs.append(network_instance) all_subnet_per_vpc = [] ######Generate subnet for vpc if auto_create_subnetworks == false if(value["auto_create_subnetworks"] == False): for region, region_val in value["region"].items(): for item in region_val["subnet"]: subnetwork_instance = compute.Subnetwork( region_val["subnet_name"], name=region_val["subnet_name"], ####Disable auto-naming ip_cidr_range = item, network = network_instance.self_link, region = region, opts = ResourceOptions(depends_on=[network_instance]) ) all_subnet_per_vpc.append(item) all_created_subnetwork.append(subnetwork_instance) #######Generate internal FW block rule_name = "allowinternal" + value["vpc_name"] rule_name = compute.Firewall( rule_name, network = network_instance, allows = [ { "protocol": "icmp", }, { "protocol": "tcp", "ports": ["0-65535"] }, { "protocol": "udp", "ports": ["0-65535"] } ], source_ranges = all_subnet_per_vpc ) #########Generate FW outside FW block rule_name = "allowingress" + value["vpc_name"] rule_name = compute.Firewall( rule_name, network = network_instance, allows = [ { "protocol": "tcp", "ports": ["22", "80", "443"] } ] ) return { "all_created_vpcs": all_created_vpcs, "all_created_subnetwork": all_created_subnetwork }
import pulumi from pulumi import ResourceOptions from pulumi_gcp import compute import init_scripts #setup the network settings network=compute.Network("network-4-demo") firewall=compute.Firewall( "firewall-4-demo", network=network.self_link, allows=[ compute.FirewallAllowArgs( protocol="tcp", ports=["22"] ), compute.FirewallAllowArgs( protocol="tcp", ports=["80"] ) ] ) #setup the policy server and init it with the script instance_srvaddr=compute.Address("addr-4-demoserver",network_tier="STANDARD") instance_srv=compute.Instance( "instance-4-policyserver", machine_type="e2-small", boot_disk=compute.InstanceBootDiskArgs( initialize_params=compute.InstanceBootDiskInitializeParamsArgs(
import pulumi from pulumi import ResourceOptions from pulumi_gcp import compute import script_init_nginx #setup the network settings network = compute.Network("network-4-intro") firewall = compute.Firewall( "firewall-4-intro", network=network.self_link, allows=[ compute.FirewallAllowArgs(protocol="tcp", ports=["22"]), compute.FirewallAllowArgs(protocol="tcp", ports=["80"]), #WARN: for unit test demo only. # compute.FirewallAllowArgs( # protocol="udp", # ports=["53"] # ) ]) #setup the compute engine and init it with the script instance_addr = compute.Address("addr-4-intro", network_tier="STANDARD") instance = compute.Instance( "instance-4-intro", machine_type="e2-small", boot_disk=compute.InstanceBootDiskArgs( initialize_params=compute.InstanceBootDiskInitializeParamsArgs( image="ubuntu-os-cloud/ubuntu-1804-bionic-v20200414"), ), network_interfaces=[ compute.InstanceNetworkInterfaceArgs(
def create(): cc = ClusterConfig() public_address = compute.address.Address("kubernetes-the-hard-way") cc.public_address = public_address network = compute.Network("kubernetes-the-hard-way", auto_create_subnetworks=False) subnet = compute.Subnetwork("kubernetes", network=network, ip_cidr_range="10.240.0.0/24") cc.network = network cc.subnet = subnet firewall_external = compute.Firewall( "kubernetes-the-hard-way-allow-external", network=network.self_link, source_ranges=["0.0.0.0/0"], allows=[{ "protocol": "tcp", "ports": ["22", "6443"] }, { "protocol": "icmp" }]) firewall_internal = compute.Firewall( "kubernetes-the-hard-way-allow-internal", network=network.self_link, source_ranges=["10.240.0.0/24", "10.200.0.0/16"], allows=[ { "protocol": "tcp" }, { "protocol": "icmp" }, { "protocol": "udp" }, ]) cc.firewall_external = firewall_external cc.firewall_internal = firewall_internal #Create controllers for i in range(0, 3): instance = compute.Instance( "controller-" + str(i), name="controller-" + str(i), machine_type="g1-small", #machine_type="n1-standard-1", boot_disk={ "initializeParams": { "size": 200, "image": "ubuntu-os-cloud/ubuntu-1804-lts" } }, can_ip_forward=True, network_interfaces=[{ "network": network.id, "subnetwork": subnet.id, "network_ip": "10.240.0.1" + str(i), "accessConfigs": [{ #Assign External IP address to the instance "network_tier": "STANDARD" }] }], service_account={ "scopes": [ "compute-rw", "storage-ro", "service-management", "service-control", "logging-write", "monitoring" ], }, tags=["kubernetes-the-hard-way", "controller"]) cc.instances["controllers"][i] = instance #TODO if a resource is not created then one cannot call export on an unpopulated property/key since it will throw error #pulumi.export("controller-" + str(i), instance.network_interfaces[0]['accessConfigs'][0]['natIp']) #print("controller-" + str(i)) #pulumi.export("print-controller-"+str(i), instance.name.apply(lambda name: print(name))) #pulumi.export("print-controller-"+str(i), cc.instances["controllers"][i].network_interfaces.apply(lambda network_interfaces: print(network_interfaces[0]['accessConfigs'][0]['natIp']))) #Create workers for i in range(0, 3): instance = compute.Instance( "worker-" + str(i), name="worker-" + str(i), machine_type="g1-small", #machine_type="n1-standard-1", boot_disk={ "initializeParams": { "size": 200, "image": "ubuntu-os-cloud/ubuntu-1804-lts" } }, can_ip_forward=True, network_interfaces=[{ "network": network.id, "subnetwork": subnet.id, "network_ip": "10.240.0.2" + str(i), "accessConfigs": [{ #Assign External IP address to the instance "network_tier": "STANDARD" }] }], service_account={ "scopes": [ "compute-rw", "storage-ro", "service-management", "service-control", "logging-write", "monitoring" ], }, metadata={"pod-cidr": "10.200." + str(i) + ".0/24"}, tags=["kubernetes-the-hard-way", "worker"]) cc.instances["workers"][i] = instance #TODO if a resource is not created then one cannot call export on an unpopulated property/key since it will throw error #pulumi.export("worker-" + str(i), instance.network_interfaces[0]['accessConfigs'][0]['natIp']) #print("worker-" + str(i)) #pulumi.export("print-worker-"+str(i), instance.name.apply(lambda name: print(name))) #pulumi.export("print-worker-"+str(i), cc.instances["workers"][i].network_interfaces.apply(lambda network_interfaces: print(network_interfaces[0]['accessConfigs'][0]['natIp']))) #Fill in ips when instance creation is done #cc.fill_instances_ips() return cc