diff --git a/examples/cce/basic/main.tf b/examples/cce/basic/main.tf index 13dc850f8..e73cc5980 100644 --- a/examples/cce/basic/main.tf +++ b/examples/cce/basic/main.tf @@ -1,9 +1,9 @@ -# Get the VPC where NAT gateway will be created +# Get the VPC where CCE cluster will be created data "sbercloud_vpc" "vpc_01" { name = "put_here_the_name_of_your_existing_vpc" } -# Get the subnet where NAT gateway will be created +# Get the subnet where CCE cluster will be created data "sbercloud_vpc_subnet" "subnet_01" { name = "put_here_the_name_of_your_existing_subnet" } @@ -24,6 +24,7 @@ resource "sbercloud_cce_node" "cce_01_node" { name = "cce-worker" flavor_id = "s6.large.2" availability_zone = "ru-moscow-1a" + os = "CentOS 7.6" key_pair = "put_here_the_name_of_your_existing_key_pair" root_volume { diff --git a/examples/cce/cce-nodepool/README.md b/examples/cce/cce-nodepool/README.md new file mode 100644 index 000000000..df1fb5e09 --- /dev/null +++ b/examples/cce/cce-nodepool/README.md @@ -0,0 +1,23 @@ +## Example: Node Pool for CCE Cluster + +### Requirements + +- CCE cluster (master(s)) exists in SberCloud.Advanced +- key pair exists in SberCloud.Advanced + +### Description + +This example provisions a node pool for CCE cluster with the following attributes: + +- Node flavor: s6.xlarge.4 +- Minimal number of nodes in the pool: 2 +- Initial number of nodes in the pool: 2 +- Maximum number of nodes in the pool: 10 +- Availability zone: ru-moscow-1a + +As a result, this example provisions two worker nodes. + +### Notes + +The **os** paramter is described as Optional, but it's better to set it explicitly to CentOS 7.6 +It may simplify upgrades to next CCE releases. diff --git a/examples/cce/cce-nodepool/main.tf b/examples/cce/cce-nodepool/main.tf new file mode 100644 index 000000000..043d3abe3 --- /dev/null +++ b/examples/cce/cce-nodepool/main.tf @@ -0,0 +1,37 @@ +# Get CCE cluster +data "sbercloud_cce_cluster" "cce_01" { + name = "put_here_the_name_of_your_existing_CCE_cluster" + status = "Available" +} + +# Create CCE Node pool +resource "sbercloud_cce_node_pool" "node_pool_01" { + cluster_id = data.sbercloud_cce_cluster.cce_01.id + name = "terraform-pool" + flavor_id = "s6.xlarge.4" + availability_zone = "ru-moscow-1a" + key_pair = "put_here_the_name_of_your_existing_key_pair" + scall_enable = true + min_node_count = 2 + initial_node_count = 2 + max_node_count = 10 + scale_down_cooldown_time = 100 + priority = 1 + type = "vm" + os = "CentOS 7.6" + + labels = { + created_by = "Terraform" + creation_date = "December2021" + } + + root_volume { + size = 50 + volumetype = "SAS" + } + + data_volumes { + size = 100 + volumetype = "SAS" + } +} diff --git a/examples/cce/workers-in-different-AZs/main.tf b/examples/cce/workers-in-different-AZs/main.tf index 52e7e23b0..166e51658 100644 --- a/examples/cce/workers-in-different-AZs/main.tf +++ b/examples/cce/workers-in-different-AZs/main.tf @@ -33,8 +33,9 @@ resource "sbercloud_cce_node" "cce_01_node" { count = local.number_of_workers cluster_id = sbercloud_cce_cluster.cce_01.id name = "cce-worker-${count.index}" - flavor_id = "s6.large.2" + flavor_id = "c6.large.4" availability_zone = data.sbercloud_availability_zones.list_of_az.names[count.index % local.number_of_az] + os = "CentOS 7.6" key_pair = "put_here_the_name_of_your_existing_key_pair" root_volume { diff --git a/examples/css/basic/README.md b/examples/css/basic/README.md new file mode 100644 index 000000000..f6dc76897 --- /dev/null +++ b/examples/css/basic/README.md @@ -0,0 +1,24 @@ +## Example: CSS Instance + +### Requirements + +- VPC exists in SberCloud.Advanced +- subnet exists in SberCloud.Advanced +- security group exists in SberCloud.Advanced + +### Description + +This example provisions a CSS instance with the following attributes: + +- flavor: ess.spec-4u32g (which corresponds to m6.xlarge.8) +- number of nodes: 1 +- availability zone: ru-moscow-1a +- Elasticsearch version: 7.9.3 +- Disk storage size: 80 GB +- Disk storage type: SSD + +### Notes + +Please note that there is a backup policy configured and a tag attached to the instance. +Backups (snapshots) will be performed daily at 01:00 MSK, put into the "p-test-02" bucket, into the "css_backups/css-terraform" folder, and stored for 4 days. +The "css_obs_agency" will be used to store backups in OBS. diff --git a/examples/css/basic/main.tf b/examples/css/basic/main.tf new file mode 100644 index 000000000..0ec5bc37a --- /dev/null +++ b/examples/css/basic/main.tf @@ -0,0 +1,46 @@ +# Get the VPC where RDS instance will be created +data "sbercloud_vpc" "vpc_01" { + name = "put_here_name_of_your_existing_VPC" +} + +# Get the subnet where RDS instance will be created +data "sbercloud_vpc_subnet" "subnet_01" { + name = "put_here_name_of_your_existing_subnet" +} + +# Get the security group for RDS instance +data "sbercloud_networking_secgroup" "sg_01" { + name = "put_here_name_of_your_existing_security_group" +} + +resource "sbercloud_css_cluster" "css_prod" { + expect_node_num = 1 + name = "css-terraform" + engine_version = "7.9.3" + + node_config { + flavor = "ess.spec-4u32g" + network_info { + security_group_id = data.sbercloud_networking_secgroup.sg_01.id + subnet_id = data.sbercloud_vpc_subnet.subnet_01.id + vpc_id = data.sbercloud_vpc.vpc_01.id + } + volume { + volume_type = "ULTRAHIGH" + size = 80 + } + availability_zone = "ru-moscow-1a" + } + + backup_strategy { + bucket = "p-test-02" + backup_path = "css_backups/css-terraform" + agency = "css_obs_agency" + start_time = "01:00 GMT+03:00" + keep_days = 4 + } + + tags = { + "environment" = "prod" + } +} diff --git a/examples/dcs/redis-cluster/README.md b/examples/dcs/redis-cluster/README.md new file mode 100644 index 000000000..aca38da97 --- /dev/null +++ b/examples/dcs/redis-cluster/README.md @@ -0,0 +1,23 @@ +## Example: DCS Cluster (Redis) + +### Requirements + +- VPC exists in SberCloud.Advanced +- subnet exists in SberCloud.Advanced + +### Description + +This example provisions a DCS cluster of Redis with the following attributes: + +- flavor: redis.cluster.xu1.large.r2.8 +- availability zones: ru-moscow-1a, ru-moscow-1b. That is, our Redis cluster is geo-redundant. +- Engine: Redis 5.0 +- Cache size: 8 GB +- Password protected + +### Notes + +You can get the list of flavor names by execuring [this API call](https://support.hc.sbercloud.ru/api/dcs/dcs-api-0312040.html) or by looking at the DCS instance creation process in the console. + +Note the tag attached to the cluster. +Note the backup schedule configured for the cluster. Backups will be performed each Tuesday, Thursday and Saturday, at **05:00 MSK** (in main.tf time is GMT), and stored for 5 days. diff --git a/examples/dcs/redis-cluster/main.tf b/examples/dcs/redis-cluster/main.tf new file mode 100644 index 000000000..acf5c10f1 --- /dev/null +++ b/examples/dcs/redis-cluster/main.tf @@ -0,0 +1,34 @@ +# Get the VPC where RDS instance will be created +data "sbercloud_vpc" "vpc_01" { + name = "put_here_name_of_your_existing_VPC" +} + +# Get the subnet where RDS instance will be created +data "sbercloud_vpc_subnet" "subnet_01" { + name = "put_here_name_of_your_existing_subnet" +} + +# Create Redis cluster +resource "sbercloud_dcs_instance" "redis_01" { + name = "redis-tf-cluster" + engine = "Redis" + engine_version = "5.0" + capacity = 8 + password = "put_here_password_for_Redis" + vpc_id = data.sbercloud_vpc.vpc_01.id + subnet_id = data.sbercloud_vpc_subnet.subnet_01.id + availability_zones = ["ru-moscow-1a", "ru-moscow-1b"] + flavor = "redis.cluster.xu1.large.r2.8" + + backup_policy { + save_days = 5 + backup_type = "auto" + begin_at = "02:00-03:00" + period_type = "weekly" + backup_at = [2, 4, 6] + } + + tags = { + "environment" = "test" + } +} diff --git a/examples/dcs/redis-single/README.md b/examples/dcs/redis-single/README.md new file mode 100644 index 000000000..2f86e208c --- /dev/null +++ b/examples/dcs/redis-single/README.md @@ -0,0 +1,20 @@ +## Example: Single DCS Instance (Redis) + +### Requirements + +- VPC exists in SberCloud.Advanced +- subnet exists in SberCloud.Advanced + +### Description + +This example provisions a single DCS instance of Redis with the following attributes: + +- flavor: redis.single.xu1.large.4 +- availability zone: ru-moscow-1b +- Engine: Redis 5.0 +- Cache size: 4 GB + +### Notes + +You can get the list of flavor names by execuring [this API call](https://support.hc.sbercloud.ru/api/dcs/dcs-api-0312040.html) or by looking at the DCS instance creation process in the console. + diff --git a/examples/dcs/redis-single/main.tf b/examples/dcs/redis-single/main.tf new file mode 100644 index 000000000..43e9b6bd3 --- /dev/null +++ b/examples/dcs/redis-single/main.tf @@ -0,0 +1,20 @@ +# Get the VPC where RDS instance will be created +data "sbercloud_vpc" "vpc_01" { + name = "put_here_name_of_your_existing_VPC" +} + +# Get the subnet where RDS instance will be created +data "sbercloud_vpc_subnet" "subnet_01" { + name = "put_here_name_of_your_existing_subnet" +} + +resource "sbercloud_dcs_instance" "redis_01" { + name = "redis-tf-single" + engine = "Redis" + engine_version = "5.0" + capacity = 4 + vpc_id = data.sbercloud_vpc.vpc_01.id + subnet_id = data.sbercloud_vpc_subnet.subnet_01.id + availability_zones = ["ru-moscow-1b"] + flavor = "redis.single.xu1.large.4" +} diff --git a/examples/dms/kafka/README.md b/examples/dms/kafka/README.md new file mode 100644 index 000000000..6df1ad49e --- /dev/null +++ b/examples/dms/kafka/README.md @@ -0,0 +1,24 @@ +## Example: DMS Cluster (Kafka) + +### Requirements + +- VPC exists in SberCloud.Advanced +- subnet exists in SberCloud.Advanced +- security group exists in SberCloud.Advanced + +### Description + +This example provisions a DMS cluster of Kafka with the following attributes: + +- engine: Kafka +- version: 2.3.0 +- availability zones: ru-moscow-1a, ru-moscow-1b and ru-moscow-1c. That is, our Kafka cluster is geo-redundant and distributed between 3 AZs. +- bandwidth: 300 MB/s +- storage space: 1200 GB +- storage type: SAS + +Also, it creates a topic called *topic_01*. + +### Notes + +It will be a 5 nodes cluster. diff --git a/examples/dms/kafka/main.tf b/examples/dms/kafka/main.tf new file mode 100644 index 000000000..ff71ec3b3 --- /dev/null +++ b/examples/dms/kafka/main.tf @@ -0,0 +1,52 @@ +# Get the VPC where RDS instance will be created +data "sbercloud_vpc" "vpc_01" { + name = "put_here_name_of_your_existing_VPC" +} + +# Get the subnet where RDS instance will be created +data "sbercloud_vpc_subnet" "subnet_01" { + name = "put_here_name_of_your_existing_subnet" +} + +# Get the security group for RDS instance +data "sbercloud_networking_secgroup" "sg_01" { + name = "put_here_name_of_your_existing_security_group" +} + +# Get the list of Availability Zones (AZ) +data "sbercloud_availability_zones" "list_of_az" {} + +# Get the Kafka product details +data "sbercloud_dms_product" "kafka" { + engine = "kafka" + instance_type = "cluster" + version = "2.3.0" + storage = 1200 + bandwidth = "300MB" + storage_spec_code = "dms.physical.storage.high" +} + +# Create Kafka instance +resource "sbercloud_dms_instance" "kafka_01" { + name = "kafka-tf" + + vpc_id = data.sbercloud_vpc.vpc_01.id + subnet_id = data.sbercloud_vpc_subnet.subnet_01.id + security_group_id = data.sbercloud_networking_secgroup.sg_01.id + + available_zones = data.sbercloud_availability_zones.list_of_az.names + + engine = data.sbercloud_dms_product.kafka.engine + specification = data.sbercloud_dms_product.kafka.bandwidth + product_id = data.sbercloud_dms_product.kafka.id + engine_version = data.sbercloud_dms_product.kafka.version + storage_space = data.sbercloud_dms_product.kafka.storage + storage_spec_code = data.sbercloud_dms_product.kafka.storage_spec_code +} + +# Create topic +resource "sbercloud_dms_kafka_topic" "topic" { + instance_id = sbercloud_dms_instance.kafka_01.id + name = "topic_01" + partitions = 16 +} diff --git a/examples/dms/rabbitmq/README.md b/examples/dms/rabbitmq/README.md new file mode 100644 index 000000000..f23b55490 --- /dev/null +++ b/examples/dms/rabbitmq/README.md @@ -0,0 +1,22 @@ +## Example: DMS Cluster (RabbitMQ) + +### Requirements + +- VPC exists in SberCloud.Advanced +- subnet exists in SberCloud.Advanced +- security group exists in SberCloud.Advanced + +### Description + +This example provisions a DMS cluster of RabbitMQ with the following attributes: + +- engine: RabbitMQ +- version: 3.7.17 +- availability zones: ru-moscow-1a, ru-moscow-1b and ru-moscow-1c. That is, our RabbitMQ cluster is geo-redundant and distributed between 3 AZs. +- storage space: 1000 GB +- storage type: SSD +- user name: admin + +### Notes + +It will be a 5 nodes cluster. diff --git a/examples/dms/rabbitmq/main.tf b/examples/dms/rabbitmq/main.tf new file mode 100644 index 000000000..9b54a7bab --- /dev/null +++ b/examples/dms/rabbitmq/main.tf @@ -0,0 +1,46 @@ +# Get the VPC where RDS instance will be created +data "sbercloud_vpc" "vpc_01" { + name = "put_here_name_of_your_existing_VPC" +} + +# Get the subnet where RDS instance will be created +data "sbercloud_vpc_subnet" "subnet_01" { + name = "put_here_name_of_your_existing_subnet" +} + +# Get the security group for RDS instance +data "sbercloud_networking_secgroup" "sg_01" { + name = "put_here_name_of_your_existing_security_group" +} + +# Get the list of Availability Zones (AZ) +data "sbercloud_availability_zones" "list_of_az" {} + +# Get the RabbitMQ product details +data "sbercloud_dms_product" "rabbitmq" { + engine = "rabbitmq" + instance_type = "cluster" + version = "3.7.17" + storage = 1000 + storage_spec_code = "dms.physical.storage.ultra" +} + +# Create RabbitMQ instance +resource "sbercloud_dms_instance" "rabbitmq_01" { + name = "rabbitmq-tf" + + vpc_id = data.sbercloud_vpc.vpc_01.id + subnet_id = data.sbercloud_vpc_subnet.subnet_01.id + security_group_id = data.sbercloud_networking_secgroup.sg_01.id + + available_zones = data.sbercloud_availability_zones.list_of_az.names + + access_user = "admin" + password = "put_here_password_of_rabbitmq_user" + + engine = data.sbercloud_dms_product.rabbitmq.engine + product_id = data.sbercloud_dms_product.rabbitmq.id + engine_version = data.sbercloud_dms_product.rabbitmq.version + storage_space = data.sbercloud_dms_product.rabbitmq.storage + storage_spec_code = data.sbercloud_dms_product.rabbitmq.storage_spec_code +} diff --git a/examples/ecs/ecs-in-different-AZs/main.tf b/examples/ecs/ecs-in-different-AZs/main.tf index 0d730df40..6892200a9 100644 --- a/examples/ecs/ecs-in-different-AZs/main.tf +++ b/examples/ecs/ecs-in-different-AZs/main.tf @@ -23,7 +23,7 @@ resource "sbercloud_compute_instance" "ecs_01" { name = "terraform-ecs-${count.index}" image_id = data.sbercloud_images_image.ubuntu_image.id - flavor_id = "s6.large.2" + flavor_id = "c6.large.2" security_groups = ["default"] availability_zone = data.sbercloud_availability_zones.list_of_az.names[count.index % local.number_of_az] key_pair = "place_the_name_of_your_existing_key_pair_here" diff --git a/examples/iam/agency/README.md b/examples/iam/agency/README.md new file mode 100644 index 000000000..0bc5bb196 --- /dev/null +++ b/examples/iam/agency/README.md @@ -0,0 +1,17 @@ +## Example: IAM Agency +### Requirements + +None. + +### Description + +This example provisions an IAM agency with the following properties: + +- delegated cloud service: FunctionGraph +- validity period: 24 hours +- delegated roles: ECS User +- delegated scope: *ru-moscow-1* project + +### Notes + +No notes so far. diff --git a/examples/iam/agency/main.tf b/examples/iam/agency/main.tf new file mode 100644 index 000000000..6594d7b82 --- /dev/null +++ b/examples/iam/agency/main.tf @@ -0,0 +1,14 @@ +# Create agency +resource "sbercloud_identity_agency" "agency_01" { + name = "tf_test_agency" + description = "Allow FG manage ECS" + delegated_service_name = "op_svc_cff" + duration = "ONEDAY" + + project_role { + project = "ru-moscow-1" + roles = [ + "ECS User", + ] + } +} diff --git a/examples/rds/primary-standby/README.md b/examples/rds/primary-standby/README.md new file mode 100644 index 000000000..96dca17f3 --- /dev/null +++ b/examples/rds/primary-standby/README.md @@ -0,0 +1,26 @@ +## Example: Primary-Standby RDS Instance (PostgreSQL) + +### Requirements + +- VPC exists in SberCloud.Advanced +- subnet exists in SberCloud.Advanced +- security group exists in SberCloud.Advanced + +### Description + +This example provisions a primary-standby RDS instance of PostgreSQL with the following attributes: + +- flavor: I don't know and I don't care :) All I know is there are 2 vCPUs and 8 GB RAM. See Notes below. +- availability zones: ru-moscow-1a and ru-moscow-1b. That is, my PG is geo-redundant. +- PG version: 12 +- Disk storage size: 100 GB +- Disk storage type: SSD + +### Notes + +Please note the **sbercloud_rds_flavors** data source. +It gets the right flavor name based on the number of vCPU and RAM amount. It helps avoid setting flavor names explicitly. + +The **ha_replication_mode** parameter is described as Optional, but it's better to set it explicitly for HA configurations. + +Please note that there is a backup policy configured and a tag attached to the instance. diff --git a/examples/rds/primary-standby/main.tf b/examples/rds/primary-standby/main.tf new file mode 100644 index 000000000..ab85ff8c9 --- /dev/null +++ b/examples/rds/primary-standby/main.tf @@ -0,0 +1,62 @@ +# Get the VPC where RDS instance will be created +data "sbercloud_vpc" "vpc_01" { + name = "put_here_name_of_your_existing_VPC" +} + +# Get the subnet where RDS instance will be created +data "sbercloud_vpc_subnet" "subnet_01" { + name = "put_here_name_of_your_existing_subnet" +} + +# Get the security group for RDS instance +data "sbercloud_networking_secgroup" "sg_01" { + name = "put_here_name_of_your_existing_security_group" +} + +# Get the list of availability zones +data "sbercloud_availability_zones" "list_of_az" {} + +# Get RDS flavors +data "sbercloud_rds_flavors" "rds_flavors" { + db_type = "PostgreSQL" + db_version = "12" + instance_mode = "ha" +} + +locals { + rds_flavor = compact([ + for item in data.sbercloud_rds_flavors.rds_flavors.flavors : + item["vcpus"] == 2 && item["memory"] == 8 ? item["name"] : "" + ])[0] +} + +# Create RDS instance +resource "sbercloud_rds_instance" "rds_01" { + name = "terraform-pg-cluster" + flavor = local.rds_flavor + vpc_id = data.sbercloud_vpc.vpc_01.id + subnet_id = data.sbercloud_vpc_subnet.subnet_01.id + security_group_id = data.sbercloud_networking_secgroup.sg_01.id + availability_zone = [data.sbercloud_availability_zones.list_of_az.names[0], data.sbercloud_availability_zones.list_of_az.names[1]] + ha_replication_mode = "async" + + db { + type = "PostgreSQL" + version = "12" + password = "put_here_password_of_database_root_user" + } + + volume { + type = "ULTRAHIGH" + size = 100 + } + + backup_strategy { + start_time = "01:00-02:00" + keep_days = 3 + } + + tags = { + "environment" = "stage" + } +} diff --git a/examples/rds/single-eip/README.md b/examples/rds/single-eip/README.md new file mode 100644 index 000000000..98a35e4bf --- /dev/null +++ b/examples/rds/single-eip/README.md @@ -0,0 +1,24 @@ +## Example: Single RDS Instance with EIP (PostgreSQL) + +### Requirements + +- VPC exists in SberCloud.Advanced +- subnet exists in SberCloud.Advanced +- security group exists in SberCloud.Advanced + +### Description + +This example provisions a single RDS instance of PostgreSQL with an EIP attached to it, with the following other attributes: + +- flavor: I don't know and I don't care :) All I know is I need 2 vCPUs and 4 GB RAM. See Notes below. +- availability zone: ru-moscow-1b +- PG version: 13 +- Disk storage size: 100 GB +- Disk storage type: SSD +- EIP charge mode: by bandwidth +- EIP bandwidth size: 4 Mbit/s + +### Notes + +Please note the **sbercloud_rds_flavors** data source. +It gets the right flavor name based on the number of vCPU and RAM amount. It helps avoid setting flavor names explicitly. diff --git a/examples/rds/single-eip/main.tf b/examples/rds/single-eip/main.tf new file mode 100644 index 000000000..d96224e48 --- /dev/null +++ b/examples/rds/single-eip/main.tf @@ -0,0 +1,74 @@ +# Get the VPC where RDS instance will be created +data "sbercloud_vpc" "vpc_01" { + name = "put_here_name_of_your_existing_VPC" +} + +# Get the subnet where RDS instance will be created +data "sbercloud_vpc_subnet" "subnet_01" { + name = "put_here_name_of_your_existing_subnet" +} + +# Get the security group for RDS instance +data "sbercloud_networking_secgroup" "sg_01" { + name = "put_here_name_of_your_existing_security_group" +} + +# Get RDS flavors +data "sbercloud_rds_flavors" "rds_flavors" { + db_type = "PostgreSQL" + db_version = "13" + instance_mode = "single" +} + +locals { + rds_flavor = compact([ + for item in data.sbercloud_rds_flavors.rds_flavors.flavors : + item["vcpus"] == 2 && item["memory"] == 4 ? item["name"] : "" + ])[0] +} + +# Create RDS instance +resource "sbercloud_rds_instance" "rds_01" { + name = "terraform-pg-single" + flavor = local.rds_flavor + vpc_id = data.sbercloud_vpc.vpc_01.id + subnet_id = data.sbercloud_vpc_subnet.subnet_01.id + security_group_id = data.sbercloud_networking_secgroup.sg_01.id + availability_zone = ["ru-moscow-1b"] + + db { + type = "PostgreSQL" + version = "13" + password = "put_here_password_of_database_root_user" + } + + volume { + type = "ULTRAHIGH" + size = 100 + } +} + +# Create EIP for RDS +resource "sbercloud_vpc_eip" "eip_rds" { + publicip { + type = "5_bgp" + } + bandwidth { + share_type = "PER" + name = "eip-for-rds" + size = 4 + charge_mode = "bandwidth" + } +} + +# Get the port of the RDS instance by private_ip +data "sbercloud_networking_port" "rds_port" { + network_id = data.sbercloud_vpc_subnet.subnet_01.id + fixed_ip = sbercloud_rds_instance.rds_01.private_ips[0] +} + +# Attach EIP to the RDS instance +resource "sbercloud_networking_eip_associate" "associated" { + public_ip = sbercloud_vpc_eip.eip_rds.address + port_id = data.sbercloud_networking_port.rds_port.id +} diff --git a/examples/rds/single/README.md b/examples/rds/single/README.md new file mode 100644 index 000000000..254556a23 --- /dev/null +++ b/examples/rds/single/README.md @@ -0,0 +1,21 @@ +## Example: Single RDS Instance (MySQL) + +### Requirements + +- VPC exists in SberCloud.Advanced +- subnet exists in SberCloud.Advanced +- security group exists in SberCloud.Advanced + +### Description + +This example provisions a single-node RDS instance of MySQL with the following attributes: + +- flavor: rds.mysql.c6.large.2 (that is, 2 vCPU, 4 GB RAM) +- availability zone: ru-moscow-1a +- MySQL version: 8 +- Disk storage size: 60 GB +- Disk storage type: SAS + +### Notes + +No notes so far. diff --git a/examples/rds/single/main.tf b/examples/rds/single/main.tf new file mode 100644 index 000000000..2905b2f95 --- /dev/null +++ b/examples/rds/single/main.tf @@ -0,0 +1,35 @@ +# Get the VPC where RDS instance will be created +data "sbercloud_vpc" "vpc_01" { + name = "put_here_name_of_your_vpc" +} + +# Get the subnet where RDS instance will be created +data "sbercloud_vpc_subnet" "subnet_01" { + name = "put_here_name_of_your_subnet" +} + +# Get the security group for RDS instance +data "sbercloud_networking_secgroup" "sg_01" { + name = "put_here_name_of_your_security_group" +} + +# Create RDS instance +resource "sbercloud_rds_instance" "rds_01" { + name = "terraform_mysql_single" + flavor = "rds.mysql.c6.large.2" + vpc_id = data.sbercloud_vpc.vpc_01.id + subnet_id = data.sbercloud_vpc_subnet.subnet_01.id + security_group_id = data.sbercloud_networking_secgroup.sg_01.id + availability_zone = ["ru-moscow-1a"] + + db { + type = "MySQL" + version = "8" + password = "put_here_root_password_for_database" + } + + volume { + type = "HIGH" + size = 60 + } +} diff --git a/examples/vpc/eip/README.md b/examples/vpc/eip/README.md new file mode 100644 index 000000000..cf96314ae --- /dev/null +++ b/examples/vpc/eip/README.md @@ -0,0 +1,16 @@ +## Example: EIP (Elastic IP) + +### Requirements + +None. + +### Description + +This example provisions an EIP with the following attributes: + +- bandwidth size: 3 Mbit/s +- charging mode: by bandwidth + +### Notes + +EIP can then be used with other services: ECS, RDS, and some others. diff --git a/examples/vpc/eip/main.tf b/examples/vpc/eip/main.tf new file mode 100644 index 000000000..66c3d55ff --- /dev/null +++ b/examples/vpc/eip/main.tf @@ -0,0 +1,12 @@ +# Create EIP +resource "sbercloud_vpc_eip" "eip_01" { + publicip { + type = "5_bgp" + } + bandwidth { + share_type = "PER" + name = "eip-demo" + size = 3 + charge_mode = "bandwidth" + } +} diff --git a/examples/vpc/nacl/README.md b/examples/vpc/nacl/README.md new file mode 100644 index 000000000..02863fce2 --- /dev/null +++ b/examples/vpc/nacl/README.md @@ -0,0 +1,16 @@ +## Example: NACL (Network Access Control List) with several rules + +### Requirements + +- subnet exists in SberCloud.Advanced + +### Description + +This example provisions a network access control list (NACL) with 2 inbound rules and 1 outbound rule. +Rule details are defined in a local variables: *inbound_rules* and *outbound_rules*, respectively. Each has a *map* type. + +### Notes + +Please note the usage of the **for_each** meta-argument in the *sbercloud_networking_secgroup_rule* resource. It allows to iterate over a set or map object, and in this example it helps add several rules in just one resource. +This way you can automate the creation of quite complex NACL with many rules. The rules content can be passed in external variables. +Please also note how one iterates over rules created by **for_each**: the *for .. in ..* statement is very helpful. diff --git a/examples/vpc/nacl/main.tf b/examples/vpc/nacl/main.tf new file mode 100644 index 000000000..47aa844ba --- /dev/null +++ b/examples/vpc/nacl/main.tf @@ -0,0 +1,71 @@ +# Define rules content for NACL rules in local variables. You can pass it via terraform.tfvars, too. +locals { + inbound_rules = { + rule_http = { + name = "rule-http", + description = "Allow HTTP from anywhere", + protocol = "tcp", + action = "allow", + source_ip_address = "0.0.0.0/0", + destination_ip_address = "172.16.10.0/24", + destination_port = "80" + }, + rule-ssh = { + name = "rule-ssh", + description = "Allow SSH from 172.16.20.23 to 172.16.10.16", + protocol = "tcp", + action = "allow", + source_ip_address = "172.16.20.23/32", + destination_ip_address = "172.16.10.16/32", + destination_port = "22" + } + } + outbound_rules = { + rule_all = { + name = "rule-all", + description = "Allow all from 172.16.10.100", + protocol = "any", + action = "allow", + source_ip_address = "172.16.10.100/32", + destination_ip_address = "0.0.0.0/0" + } + } +} + +# Get the subnet which NACL will be associated with +data "sbercloud_vpc_subnet" "subnet_01" { + name = "put_here_name_of_your_existing_subnet" +} + +# Create inbound NACL rules +resource "sbercloud_network_acl_rule" "inbound_rules" { + for_each = local.inbound_rules + + name = each.value.name + description = each.value.description + protocol = each.value.protocol + action = each.value.action + source_ip_address = each.value.source_ip_address + destination_ip_address = each.value.destination_ip_address + destination_port = each.value.destination_port +} + +# Create outbound NACL rules +resource "sbercloud_network_acl_rule" "outbound_rules" { + for_each = local.outbound_rules + + name = each.value.name + description = each.value.description + protocol = each.value.protocol + action = each.value.action + source_ip_address = each.value.source_ip_address + destination_ip_address = each.value.destination_ip_address +} + +# Create NACL and associate it with subnet +resource "sbercloud_network_acl" "nacl_01" { + name = "nacl-tf" + subnets = [data.sbercloud_vpc_subnet.subnet_01.id] + inbound_rules = [for rule in sbercloud_network_acl_rule.inbound_rules: rule.id] + outbound_rules = [for rule in sbercloud_network_acl_rule.outbound_rules: rule.id] +}