ajout bonus NAT et terraformshow

2025-12-04 10:34:45 +00:00
parent 7dd013650d
commit 17b8c0c3e8
4 changed files with 158 additions and 2 deletions
--- a/TerraformShow.txt
+++ b/TerraformShow.txt
--- a/terraform/environement/dev/terraform.tfstate
+++ b/terraform/environement/dev/terraform.tfstate
@@ -1,7 +1,7 @@
 {
  "version": 4,
  "terraform_version": "1.14.1",
-  "serial": 41,
+  "serial": 44,
  "lineage": "cda21175-fcc8-5d20-f9f0-0bb6b6aa53e7",
  "outputs": {
    "backend_instance_name": {
@@ -918,6 +918,101 @@
        }
      ]
    },
    {
      "module": "module.network",
      "mode": "managed",
      "type": "google_compute_router",
      "name": "nat_router",
      "provider": "provider[\"registry.terraform.io/hashicorp/google\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "bgp": [],
            "creation_timestamp": "2025-12-04T02:29:18.660-08:00",
            "description": "",
            "encrypted_interconnect_router": false,
            "id": "projects/fluted-agency-478713-h5/regions/europe-west9/routers/fluted-agency-478713-h5-nat-router",
            "name": "fluted-agency-478713-h5-nat-router",
            "network": "https://www.googleapis.com/compute/v1/projects/fluted-agency-478713-h5/global/networks/fluted-agency-478713-h5-vpc",
            "project": "fluted-agency-478713-h5",
            "region": "europe-west9",
            "self_link": "https://www.googleapis.com/compute/v1/projects/fluted-agency-478713-h5/regions/europe-west9/routers/fluted-agency-478713-h5-nat-router",
            "timeouts": null
          },
          "sensitive_attributes": [],
          "identity_schema_version": 0,
          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19",
          "dependencies": [
            "module.network.google_compute_network.vpc"
          ]
        }
      ]
    },
    {
      "module": "module.network",
      "mode": "managed",
      "type": "google_compute_router_nat",
      "name": "nat",
      "provider": "provider[\"registry.terraform.io/hashicorp/google\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "auto_network_tier": "PREMIUM",
            "drain_nat_ips": null,
            "enable_dynamic_port_allocation": false,
            "enable_endpoint_independent_mapping": false,
            "endpoint_types": [
              "ENDPOINT_TYPE_VM"
            ],
            "icmp_idle_timeout_sec": 30,
            "id": "fluted-agency-478713-h5/europe-west9/fluted-agency-478713-h5-nat-router/fluted-agency-478713-h5-cloud-nat",
            "log_config": [],
            "max_ports_per_vm": 0,
            "min_ports_per_vm": 0,
            "name": "fluted-agency-478713-h5-cloud-nat",
            "nat_ip_allocate_option": "AUTO_ONLY",
            "nat_ips": null,
            "project": "fluted-agency-478713-h5",
            "region": "europe-west9",
            "router": "fluted-agency-478713-h5-nat-router",
            "rules": [],
            "source_subnetwork_ip_ranges_to_nat": "LIST_OF_SUBNETWORKS",
            "subnetwork": [
              {
                "name": "fluted-agency-478713-h5-backend-subnet",
                "secondary_ip_range_names": [],
                "source_ip_ranges_to_nat": [
                  "ALL_IP_RANGES"
                ]
              },
              {
                "name": "fluted-agency-478713-h5-database-subnet",
                "secondary_ip_range_names": [],
                "source_ip_ranges_to_nat": [
                  "ALL_IP_RANGES"
                ]
              }
            ],
            "tcp_established_idle_timeout_sec": 1200,
            "tcp_time_wait_timeout_sec": 120,
            "tcp_transitory_idle_timeout_sec": 30,
            "timeouts": null,
            "udp_idle_timeout_sec": 30
          },
          "sensitive_attributes": [],
          "identity_schema_version": 0,
          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19",
          "dependencies": [
            "module.network.google_compute_network.vpc",
            "module.network.google_compute_router.nat_router",
            "module.network.google_compute_subnetwork.backend",
            "module.network.google_compute_subnetwork.database"
          ]
        }
      ]
    },
    {
      "module": "module.network",
      "mode": "managed",
--- a/terraform/environement/dev/terraform.tfstate.backup
+++ b/terraform/environement/dev/terraform.tfstate.backup
@@ -1,7 +1,7 @@
 {
  "version": 4,
  "terraform_version": "1.14.1",
-  "serial": 39,
+  "serial": 41,
  "lineage": "cda21175-fcc8-5d20-f9f0-0bb6b6aa53e7",
  "outputs": {
    "backend_instance_name": {
@@ -556,6 +556,33 @@
        }
      ]
    },
    {
      "module": "module.iam",
      "mode": "managed",
      "type": "google_os_login_ssh_public_key",
      "name": "me",
      "provider": "provider[\"registry.terraform.io/hashicorp/google\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "expiration_time_usec": "",
            "fingerprint": "71eb6e62aaab9d725e150aa0fa1dcb91a2ff30909115fb7847146d2b5b25948d",
            "id": "users/clement.jannaire@gmail.com/sshPublicKeys/71eb6e62aaab9d725e150aa0fa1dcb91a2ff30909115fb7847146d2b5b25948d",
            "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvHKPTKUCVRU0a55sV7nlVuaAANya9BSoNHvyQ2NkBVxys87rkAIm8TR8JVBFOGSFEihkfJI2kz5XniUuj35G8SiECDv53YLSyJOoJ9EATs7RmZkk15ZsZ7XiOyOiX1fTpXvR4Mw5b4D/bg+mTfAXb7rbOCD3MmEcG4sGrX6iLCRnRMvzvxUBOwY/Jk3i+wg951buyzkJ+bTvOCzkSP5gX5lmcZaH7jfVOaGnFVOk1KHpTw0wNadJ/dS05AlaJJ0/kBFwt56biU09oZndVDR3ttSuYh9jiI25S57U3BEpXYj8wt8bbi+3N3b8o+ENUF8yeUkG5+UGEwVNToLL3Jk6zYuqgXDhyKw4K1n5DZbrqpHKFyVA3jbQh/PlP/oaJ7OT62lU+Oug6qAVUoz1+E7F4yf302KpvID49Q1LoFiTlDEtMuj//7mdr2L8KHEraUAWU8bxgVuP2tSJbwBmEJeT84dOShPc1u9rKPwvvzogvkWD3J9K5p3pANtC7vUCkCuc= clement_jannaire_gmail_com\n",
            "project": "fluted-agency-478713-h5",
            "timeouts": null,
            "user": "clement.jannaire@gmail.com"
          },
          "sensitive_attributes": [],
          "identity_schema_version": 0,
          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19",
          "dependencies": [
            "module.iam.data.google_client_openid_userinfo.me"
          ]
        }
      ]
    },
    {
      "module": "module.iam",
      "mode": "managed",
--- a/terraform/modules/network/main.tf
+++ b/terraform/modules/network/main.tf
@@ -114,3 +114,37 @@ resource "google_compute_firewall" "backend_to_database_3306" {
  target_tags = ["database"]
 }
 // Router pour Cloud NAT
 resource "google_compute_router" "nat_router" {
  name    = "${var.project_name}-nat-router"
  project = var.project_name
  region  = var.region
  network = google_compute_network.vpc.id
 }
 // Cloud NAT : permet aux instances sans IP publique
 // (backend + database) de sortir sur Internet
 resource "google_compute_router_nat" "nat" {
  name    = "${var.project_name}-cloud-nat"
  project = var.project_name
  region  = var.region
  router  = google_compute_router.nat_router.name
  // GCP alloue automatiquement des IP NAT
  nat_ip_allocate_option = "AUTO_ONLY"
  // On configure explicitement les sous-réseaux à NATer
  source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
  subnetwork {
    name                    = google_compute_subnetwork.backend.name
    source_ip_ranges_to_nat = ["ALL_IP_RANGES"]
  }
  subnetwork {
    name                    = google_compute_subnetwork.database.name
    source_ip_ranges_to_nat = ["ALL_IP_RANGES"]
  }
 }