[IVYNET-90] Add LB, DNS and VM (backend) modules (#5)

Add module for:

    Backend VM
    DNS Zone
    LB for traffic to backend

Adjust network module to match the new ones

.pre-commit-config.yaml

@@ -24,6 +24,15 @@ repos:
   - repo: https://github.com/terraform-docs/terraform-docs
     rev: v0.19.0
     hooks:
+      - id: terraform-docs-go
+        name: tfdocs - backend module
+        args: ["backend"]
+      - id: terraform-docs-go
+        name: tfdocs - dns_zone module
+        args: ["dns_zone"]
+      - id: terraform-docs-go
+        name: tfdocs - lb module
+        args: ["lb"]
       - id: terraform-docs-go
         name: tfdocs - network module
         args: ["network"]

README.md

@@ -1,2 +1,19 @@
 # otofu-modules
 Modules for Open Tofu (Terraform)
+
+## Module list
+
+- backend - vm for the backend
+- dns_zone - dns zone in GCP
+- lb - Load Balancer for Backend
+- network - a GCP network (for backend)
+
+
+# Repository Technical info
+
+Each module requires an extra Terraform Docs PreCommit hook. E.g.:
+```
+      - id: terraform-docs-go
+        name: tfdocs - backend module
+        args: ["backend"]
+```

backend/README.md

@@ -0,0 +1,54 @@
+# Overview
+
+This module a backend VM and instance group based on it.
+
+# Versions
+- backend-1 - initial backend vm
+
+# TF Docs
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_google"></a> [google](#provider\_google) | 6.6.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_compute_firewall.backend_services](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource |
+| [google_compute_firewall.healh_check](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource |
+| [google_compute_firewall.ssh](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource |
+| [google_compute_instance.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance) | resource |
+| [google_compute_instance_group.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance_group) | resource |
+| [google_compute_image.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_dns_zone"></a> [dns\_zone](#input\_dns\_zone) | Zone for DNS and SSL | `string` | `"test.ivynet.dev."` | no |
+| <a name="input_name"></a> [name](#input\_name) | The name of the VM (and instance group) | `string` | n/a | yes |
+| <a name="input_network-id"></a> [network-id](#input\_network-id) | The ID of the network to add VM to | `string` | n/a | yes |
+| <a name="input_network-proxy-cidr"></a> [network-proxy-cidr](#input\_network-proxy-cidr) | The CIDR range of the proxy (load balancer) | `string` | n/a | yes |
+| <a name="input_network-subnet-id"></a> [network-subnet-id](#input\_network-subnet-id) | The ID of the subnet toadd VM to | `string` | n/a | yes |
+| <a name="input_project"></a> [project](#input\_project) | Name of the GCP project | `string` | `"ivynet-tests"` | no |
+| <a name="input_region"></a> [region](#input\_region) | Name of the region | `string` | `"us-central1"` | no |
+| <a name="input_region_zone"></a> [region\_zone](#input\_region\_zone) | Letter for the zone (by default based on the region) | `string` | `"c"` | no |
+| <a name="input_vm-type"></a> [vm-type](#input\_vm-type) | VM size/type | `string` | `"n2-standard-2"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_backend-group-id"></a> [backend-group-id](#output\_backend-group-id) | ID of the Backend VM group |
+<!-- END_TF_DOCS -->

backend/firewall.tf

@@ -0,0 +1,44 @@
+resource "google_compute_firewall" "ssh" {
+  name = "${var.name}-allow-ssh"
+  allow {
+    ports    = ["22"]
+    protocol = "tcp"
+  }
+  direction     = "INGRESS"
+  network       = var.network-id
+  priority      = 1000
+  project       = var.project
+  source_ranges = ["0.0.0.0/0"]
+  target_tags   = ["ssh"]
+}
+
+resource "google_compute_firewall" "healh_check" {
+  name = "${var.name}-allow-health-check"
+  allow {
+    protocol = "tcp"
+  }
+  direction     = "INGRESS"
+  network       = var.network-id
+  priority      = 100
+  project       = var.project
+  source_ranges = ["130.211.0.0/22", "35.191.0.0/16"]
+  target_tags   = ["ivynet-backend"]
+}
+
+resource "google_compute_firewall" "backend_services" {
+  name = "${var.name}-allow-backend-services"
+  allow {
+    ports    = ["8080"]
+    protocol = "tcp"
+  }
+  allow {
+    ports    = ["50050"]
+    protocol = "tcp"
+  }
+  direction     = "INGRESS"
+  network       = var.network-id
+  priority      = 200
+  project       = var.project
+  source_ranges = [var.network-proxy-cidr]
+  target_tags   = ["ivynet-backend"]
+}

backend/main.tf

@@ -0,0 +1,47 @@
+data "google_compute_image" "this" {
+  family  = "ivynet-backend"
+  project = var.project
+}
+
+resource "google_compute_instance" "this" {
+  name = var.name
+  boot_disk {
+    initialize_params {
+      image = data.google_compute_image.this.self_link
+    }
+  }
+  labels = {
+    creator = "terraform"
+    area    = "backend"
+  }
+  machine_type = var.vm-type
+  network_interface {
+    network    = var.network-id
+    subnetwork = var.network-subnet-id
+    access_config {}
+  }
+  project = var.project
+  tags = [
+    "ivynet-backend",
+    "ssh"
+  ]
+  zone = "${var.region}-${var.region_zone}"
+}
+
+resource "google_compute_instance_group" "this" {
+  name        = var.name
+  description = "Instance Group with Backend VM"
+  instances = [
+    google_compute_instance.this.id,
+  ]
+  named_port {
+    name = "http"
+    port = "8080"
+  }
+  named_port {
+    name = "grpc"
+    port = "50050"
+  }
+  project = var.project
+  zone    = "${var.region}-${var.region_zone}"
+}

backend/outputs.tf

@@ -0,0 +1,4 @@
+output "backend-group-id" {
+  description = "ID of the Backend VM group"
+  value       = google_compute_instance_group.this.id
+}

backend/tests/main.tftest.hcl

@@ -0,0 +1,38 @@
+provider "google" {}
+
+mock_provider "google" {
+  alias = "fake"
+}
+
+run "setup_plan" {
+  command = plan
+  module {
+    source = "./tests/setup"
+  }
+}
+
+run "setup" {
+  module {
+    source = "./tests/setup"
+  }
+}
+
+run "plan_ok" {
+  command = plan
+  variables {
+    name               = "test44"
+    network-id         = run.setup.net
+    network-subnet-id  = run.setup.back-id
+    network-proxy-cidr = run.setup.proxy-cidr
+  }
+}
+
+run "apply" {
+  command = apply
+  variables {
+    name               = "test44"
+    network-id         = run.setup.net
+    network-subnet-id  = run.setup.back-id
+    network-proxy-cidr = run.setup.proxy-cidr
+  }
+}

backend/tests/setup/main.tf

@@ -0,0 +1,16 @@
+module "network" {
+  source = "../../../network"
+  name   = "test44"
+}
+
+output "net" {
+  value = module.network.network-id
+}
+
+output "back-id" {
+  value = module.network.subnet-id-backend
+}
+
+output "proxy-cidr" {
+  value = module.network.subnet-cidr-proxy
+}

backend/variables.tf

@@ -0,0 +1,48 @@
+variable "dns_zone" {
+  default     = "test.ivynet.dev."
+  description = "Zone for DNS and SSL"
+  type        = string
+}
+
+variable "name" {
+  description = "The name of the VM (and instance group)"
+  type        = string
+}
+
+variable "network-id" {
+  description = "The ID of the network to add VM to"
+  type        = string
+}
+variable "network-proxy-cidr" {
+  description = "The CIDR range of the proxy (load balancer)"
+  type        = string
+}
+
+variable "network-subnet-id" {
+  description = "The ID of the subnet toadd VM to"
+  type        = string
+}
+
+variable "project" {
+  default     = "ivynet-tests"
+  description = "Name of the GCP project"
+  type        = string
+}
+
+variable "region" {
+  default     = "us-central1"
+  description = "Name of the region"
+  type        = string
+}
+
+variable "region_zone" {
+  default     = "c"
+  description = "Letter for the zone (by default based on the region)"
+  type        = string
+}
+
+variable "vm-type" {
+  default     = "n2-standard-2"
+  description = "VM size/type"
+  type        = string
+}

dns_zone/README.md

@@ -0,0 +1,44 @@
+# Overview
+
+This module creates a DNS ZONE in GCP.
+
+# Versions
+- dns_zone-1 - initial version of dns_zone
+
+# TF Docs
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_google"></a> [google](#provider\_google) | 6.6.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_dns_managed_zone.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_dns_zone"></a> [dns\_zone](#input\_dns\_zone) | DNS Zone to add | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | Name for the DNS Zone | `string` | n/a | yes |
+| <a name="input_project"></a> [project](#input\_project) | Name of the GCP project | `string` | `"ivynet-tests"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_dns_zone_domain"></a> [dns\_zone\_domain](#output\_dns\_zone\_domain) | the domain name |
+| <a name="output_dns_zone_name"></a> [dns\_zone\_name](#output\_dns\_zone\_name) | the name of the DNS Zone |
+<!-- END_TF_DOCS -->

dns_zone/main.tf

@@ -0,0 +1,5 @@
+resource "google_dns_managed_zone" "this" {
+  name     = var.name
+  dns_name = var.dns_zone
+  project  = var.project
+}

dns_zone/outputs.tf

@@ -0,0 +1,9 @@
+output "dns_zone_domain" {
+  description = "the domain name"
+  value       = google_dns_managed_zone.this.dns_name
+}
+
+output "dns_zone_name" {
+  description = "the name of the DNS Zone"
+  value       = google_dns_managed_zone.this.name
+}

dns_zone/tests/main.tftest.hcl

@@ -0,0 +1,17 @@
+provider "google" {}
+
+run "plan_ok" {
+  command = plan
+  variables {
+    name     = "tofutest"
+    dns_zone = "waw.ivynet.dev."
+  }
+}
+
+run "apply" {
+  command = apply
+  variables {
+    name     = "tofutest"
+    dns_zone = "waw.ivynet.dev."
+  }
+}

dns_zone/variables.tf

@@ -0,0 +1,15 @@
+variable "dns_zone" {
+  description = "DNS Zone to add"
+  type        = string
+}
+
+variable "name" {
+  description = "Name for the DNS Zone"
+  type        = string
+}
+
+variable "project" {
+  default     = "ivynet-tests"
+  description = "Name of the GCP project"
+  type        = string
+}