-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathredis-cluster-non-sharded-and-vm-for-php.tf
118 lines (101 loc) · 3.74 KB
/
redis-cluster-non-sharded-and-vm-for-php.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# Infrastructure for Yandex Cloud Managed Service for Redis non sharded cluster and Virtual Machine
#
# RU: https://cloud.yandex.ru/docs/managed-redis/tutorials/redis-as-php-sessions-storage
# EN: https://cloud.yandex.com/en/docs/managed-redis/tutorials/redis-as-php-sessions-storage
#
# Set the following settings:
locals {
zone_a_v4_cidr_blocks = "10.1.0.0/16" # Set the CIDR block for subnet in the ru-central1-a availability zone.
password = "" # Set the password for the Managed Service for Redis cluster.
version = "6.2" # Set the version of the Redis.
image_id = "" # Set a public image ID from https://cloud.yandex.com/en/docs/compute/operations/images-with-pre-installed-software/get-list.
vm_username = "" # Set the username to connect to the routing VM via SSH. For Ubuntu images `ubuntu` username is used by default.
vm_ssh_key_path = "" # Set the path to the public SSH public key for the routing VM. Example: "~/.ssh/key.pub".
}
resource "yandex_vpc_network" "redis-and-vm-network" {
description = "Network for the Managed Service for Redis cluster and VM"
name = "redis-and-vm-network"
}
resource "yandex_vpc_subnet" "subnet-a" {
description = "Subnet in the ru-central1-a availability zone"
name = "subnet-a"
zone = "ru-central1-a"
network_id = yandex_vpc_network.redis-and-vm-network.id
v4_cidr_blocks = [local.zone_a_v4_cidr_blocks]
}
resource "yandex_vpc_default_security_group" "redis-and-vm-security-group" {
description = "Security group for the Managed Service for Redis cluster and VM"
network_id = yandex_vpc_network.redis-and-vm-network.id
ingress {
description = "Allow incoming HTTP connections from the Internet"
protocol = "TCP"
port = 80
v4_cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow incoming HTTPS connections from the Internet"
protocol = "TCP"
port = 443
v4_cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow direct connections to cluster from the Internet"
protocol = "TCP"
port = 6379
v4_cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow incoming SSH connections to VM from the Internet"
protocol = "TCP"
port = 22
v4_cidr_blocks = ["0.0.0.0/0"]
}
egress {
description = "Allow outgoing connections to any required resource"
protocol = "ANY"
from_port = 0
to_port = 65535
v4_cidr_blocks = ["0.0.0.0/0"]
}
}
resource "yandex_mdb_redis_cluster" "redis-cluster" {
description = "Managed Service for Redis cluster"
name = "redis-cluster"
environment = "PRODUCTION"
network_id = yandex_vpc_network.redis-and-vm-network.id
security_group_ids = [yandex_vpc_default_security_group.redis-and-vm-security-group.id]
config {
password = local.password
version = local.version
}
resources {
resource_preset_id = "hm2.nano"
disk_type_id = "network-ssd"
disk_size = 16 # GB
}
host {
zone = "ru-central1-a"
subnet_id = yandex_vpc_subnet.subnet-a.id
}
}
resource "yandex_compute_instance" "lamp-vm" {
description = "Compute Virtual Machine"
name = "lamp-vm"
platform_id = "standard-v3" # Intel Ice Lake
resources {
cores = 2
memory = 2 # GB
}
boot_disk {
initialize_params {
image_id = local.image_id
}
}
network_interface {
subnet_id = yandex_vpc_subnet.subnet-a.id
nat = true # Required for connection from the Internet
}
metadata = {
ssh-keys = "${local.vm_username}:${file(local.vm_ssh_key_path)}"
}
}