-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstance.tf
164 lines (136 loc) · 4.31 KB
/
instance.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
resource "google_compute_instance" "instance" {
#############
## General ##
#############
count = var.create_template ? 0 : 1
project = var.project_id
name = "vm-${var.project_id}-${var.instance_name}"
labels = var.labels
zone = var.zone
allow_stopping_for_update = var.allow_stopping_for_update
###########################
## Machine Configuration ##
###########################
machine_type = var.machine_type
guest_accelerator {
type = var.guest_accelerator.type
count = var.guest_accelerator.count
}
enable_display = var.enable_display
#############################
## Confidential VM Service ##
#############################
dynamic "confidential_instance_config" {
for_each = var.confidential_instance_config ? [""] : []
content {
enable_confidential_compute = true
}
}
###########
## Disks ##
###########
boot_disk {
auto_delete = var.boot_disk.auto_delete
device_name = var.boot_disk.device_name
source = var.boot_disk.source_type == "EXISTING" ? var.boot_disk.source : google_compute_disk.boot_disk.0.name
}
dynamic "attached_disk" {
for_each = local.attached_disk_zonal
iterator = config
content {
source = (
config.value.source_type == "EXISTING"
? config.value.source_type : google_compute_disk.disks[config.key].self_link
)
mode = config.value.options.mode
device_name = config.value.device_name
}
}
dynamic "attached_disk" {
for_each = local.attached_disk_regional
iterator = config
content {
source = (
config.value.source_type == "EXISTING"
? config.value.source_type : google_compute_region_disk.disks[config.key].self_link
)
mode = config.value.options.mode
device_name = config.value.device_name
}
}
dynamic "scratch_disk" {
for_each = [
for i in range(var.scratch_disk.count) : var.scratch_disk.interface
]
iterator = config
content {
interface = config.value
}
}
#############################
## Identity and API access ##
#############################
service_account {
email = local.service_account_email
scopes = var.service_account_scopes
}
################
## Networking ##
################
tags = var.tags
hostname = var.hostname
can_ip_forward = var.can_ip_forward
# network_performance_config
dynamic "network_interface" {
for_each = var.network_interface
iterator = config
content {
network = config.value.network
subnetwork = config.value.subnetwork
subnetwork_project = config.value.subnetwork_project
network_ip = try(config.value.address.internal_ip, null)
dynamic "access_config" {
for_each = config.value.nat ? [""] : []
content {
nat_ip = try(config.value.address.external_ip, null)
}
}
dynamic "alias_ip_range" {
for_each = config.value.alias_ip_range
iterator = config_alias
content {
subnetwork_range_name = config_alias.key
ip_cidr_range = config_alias.value
}
}
nic_type = config.value.nic_type
stack_type = config.value.stack_type
}
}
##############
## Security ##
##############
dynamic "shielded_instance_config" {
for_each = var.shielded_instance_config != null ? [var.shielded_instance_config] : []
iterator = config
content {
enable_secure_boot = config.value.enable_secure_boot
enable_vtpm = config.value.enable_vtpm
enable_integrity_monitoring = config.value.enable_integrity_monitoring
}
}
################
## Management ##
################
description = var.description
deletion_protection = var.enable_deletion_protection
metadata_startup_script = var.startup_script
metadata = var.metadata
scheduling {
automatic_restart = local.automatic_restart
preemptible = local.preemptible
on_host_maintenance = local.on_host_maintenance
provisioning_model = var.scheduling_options.provisioning_model
instance_termination_action = local.instance_termination_action
}
}