k-popov · December 22, 2021 20:06 · Dec 22, 2021 · Dec 22, 2021
diff --git a/bastion.tf b/bastion.tf
@@ -0,0 +1,33 @@
+resource "yandex_compute_instance" "bastion" {
+  name        = "bastion"
+  hostname    = "bastion"
+  platform_id = "standard-v1"
+  zone        = "ru-central1-c"
+
+  labels = {
+    group = "bastion-hosts"
+    vds   = "bastion"
+  }
+
+  resources {
+    cores  = 2
+    memory = 1
+    core_fraction = 5
+  }
+
+  boot_disk {
+    initialize_params {
+      image_id = var.image_id_bastion
+    }
+  }
+
+  network_interface {
+    subnet_id = yandex_vpc_subnet.subnet-c.id
+    nat       = true
+    security_group_ids = [ yandex_vpc_security_group.sec-group.id ]
+  }
+
+  metadata = {
+    ssh-keys  = "${var.username}:${file(var.public_key_path)}"
+  }
+}
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -1 +0,0 @@
-new file

diff --git a/network.tf b/network.tf
@@ -0,0 +1,41 @@
+resource "yandex_vpc_network" "networks" {
+  for_each = { "netology-network" = "some text"}
+  name = each.key
+}
+
+variable "subnets" {
+  type = map(object({
+    zone = string
+    v4_cidr_blocks = list(string)
+    add_default_route = bool
+  }))
+  default  = {
+    "subnet-a" = {
+      zone = "ru-central1-a"
+      v4_cidr_blocks = ["10.0.1.0/24"]
+      add_default_route = true
+    },
+    "subnet-b" = {
+      zone = "ru-central1-b"
+      v4_cidr_blocks = ["10.0.2.0/24"]
+      add_default_route = true
+    }
+  }
+}
+
+resource "yandex_vpc_subnet" "subnets" {
+  for_each = var.subnets
+  name           = each.key
+  zone           = each.value.zone
+  network_id     = yandex_vpc_network.networks["netology-network"].id
+  v4_cidr_blocks = each.value.v4_cidr_blocks
+  route_table_id = each.value.add_default_route ? yandex_vpc_route_table.default_route.id : null
+}
+
+resource "yandex_vpc_subnet" "subnet-c" {
+  name           = "subnet-c"
+  zone           = "ru-central1-c"
+  network_id     = yandex_vpc_network.networks["netology-network"].id
+  v4_cidr_blocks = ["10.0.3.0/24"]
+}
+
diff --git a/private-variables.tf b/private-variables.tf
@@ -0,0 +1,16 @@
+variable "oauth_token" {
+    type = string
+    default = "AQAAAAABZgLiAATuwZCa5yregkOCjtEhFlIVi1qU"
+}
+variable "cloud_id" {
+    type = string
+    default = "b1gbfmcnli0qbnh558o18"
+}
+variable "folder_id" {
+    type = string
+    default = "b1gcb5c8lbq0p898u2leg"
+}
+variable "service_account_id" {
+    type = string
+    default = "b1gbfmcnli0qbnh558o38"
+}
diff --git a/provider.tf b/provider.tf
@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    yandex = {
+      source  = "yandex-cloud/yandex"
+      version = "0.67.0"
+    }
+  }
+}
+
+provider "yandex" {
+  token     = var.oauth_token
+  cloud_id  = var.cloud_id
+  folder_id = var.folder_id
+#  zone      = "ru-central1-a"
+}
+
diff --git a/security_group.tf b/security_group.tf
@@ -0,0 +1,68 @@
+
+resource "yandex_vpc_security_group" "sec-group" {
+  name        = "sec-group"
+  network_id  = yandex_vpc_network.networks["netology-network"].id
+}
+
+
+resource "yandex_vpc_security_group_rule" "rule1" {
+  security_group_binding = yandex_vpc_security_group.sec-group.id
+  direction              = "ingress"
+  description            = "SSH"
+  v4_cidr_blocks         = ["0.0.0.0/0"]
+  port                   = 22
+  protocol               = "TCP"
+}
+
+resource "yandex_vpc_security_group_rule" "rule2" {
+  security_group_binding = yandex_vpc_security_group.sec-group.id
+  direction              = "ingress"
+  description            = "web"
+  v4_cidr_blocks         = ["0.0.0.0/0"]
+  port                   = 80
+  protocol               = "ANY"
+}
+
+resource "yandex_vpc_security_group_rule" "rule3" {
+  security_group_binding = yandex_vpc_security_group.sec-group.id
+  direction              = "ingress"
+  description            = "grafana"
+  v4_cidr_blocks         = ["0.0.0.0/0"]
+  port                   = 3000
+  protocol               = "TCP"
+}
+
+resource "yandex_vpc_security_group_rule" "rule4" {
+  security_group_binding = yandex_vpc_security_group.sec-group.id
+  direction              = "ingress"
+  description            = "kibana"
+  v4_cidr_blocks         = ["0.0.0.0/0"]
+  port                   = 5601
+  protocol               = "TCP"
+}
+
+resource "yandex_vpc_security_group_rule" "rule5" {
+  security_group_binding = yandex_vpc_security_group.sec-group.id
+  direction              = "ingress"
+  description            = "Allow any local ingress"
+  v4_cidr_blocks         = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  protocol               = "ANY"
+}
+
+resource "yandex_vpc_security_group_rule" "rule6" {
+  security_group_binding = yandex_vpc_security_group.sec-group.id
+  direction              = "egress"
+  description            = "Allow any local egress"
+  v4_cidr_blocks         = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  protocol               = "ANY"
+}
+
+resource "yandex_vpc_security_group_rule" "rule7" {
+  security_group_binding = yandex_vpc_security_group.sec-group.id
+  direction              = "egress"
+  description            = "Allow egress traffic"
+  v4_cidr_blocks         = ["0.0.0.0/0"]
+  protocol               = "ANY"
+}
+
+
diff --git a/static_route_table.tf b/static_route_table.tf
@@ -0,0 +1,8 @@
+resource "yandex_vpc_route_table" "default_route" {
+  network_id = yandex_vpc_network.networks["netology-network"].id
+
+  static_route {
+    destination_prefix = "0.0.0.0/0"
+    next_hop_address   = yandex_compute_instance.bastion.network_interface.0.ip_address
+  }
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,20 @@
+variable "image_id" {
+    type = string
+    default = "fd8ot0k0vde438jv0t8j"
+}
+variable "image_id_bastion" {
+    type = string
+    default = "fd8drj7lsj7btotd7et5"
+}
+variable "username" {
+    type = string
+    default = "ubuntu"
+}
+variable "password" {
+    type = string
+    default = "qwerty"
+}
+variable "public_key_path" {
+    type = string
+    default = "~/.ssh/yandex-cloud.pub"
+}
diff --git a/web.tf b/web.tf
@@ -0,0 +1,65 @@
+variable "webservers" {
+  type = map(object({
+    name = string
+    hostname = string
+    zone = string
+    label = string
+    subnet_name = string
+  }))
+  default = {
+    "one" = {
+      name = "web1",
+      hostname = "web1",
+      zone = "ru-central1-a",
+      label = "web1",
+      subnet_name = "subnet-a"
+    },
+    "two" = {
+      name = "web2",
+      hostname = "web2",   
+      zone = "ru-central1-b",
+      label = "web2",
+      subnet_name = "subnet-b"
+    }
+  }
+}
+
+resource "yandex_compute_instance" "web1" {
+  for_each = var.webservers
+
+  name        = each.value.name
+  hostname    = each.value.hostname
+  platform_id = "standard-v1"
+  zone        = each.value.zone
+
+  labels = {
+    group = "webservers"
+    vds   = each.value.label
+  }
+
+  resources {
+    cores  = 2
+    memory = 1
+    core_fraction = 5
+  }
+
+  boot_disk {
+    initialize_params {
+      image_id = var.image_id
+    }
+  }
+
+  network_interface {
+    subnet_id = yandex_vpc_subnet.subnets[each.value.subnet_name].id
+    nat_ip_address = true
+    security_group_ids = [ yandex_vpc_security_group.sec-group.id ]
+  }
+
+  metadata = {
+    ssh-keys  = "${var.username}:${file(var.public_key_path)}"
+  }
+
+  lifecycle {
+    prevent_destroy = "false"
+  }
+}
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1 @@
+new file