An Example Multi-Cloud Terraform Configuration

This is an unusual article as it is principally only exists to deliver and explain a Terraform configuration that can be used as part of a broader investigation of running workloads in a multi-cloud infrastructure; specifically Google Cloud Platform (GCP) and Amazon Web Services (AWS).

The specific requirements of this configuration are:

  • Demonstrate workloads running on virtual machines (VM); i.e., Google Compute Engine (GCE) and Amazon Elastic Compute Cloud (EC2)
  • Demonstrate workloads running on managed Kubernetes, i.e., Google Kubernetes Engine (GKE) and Amazon Elastic Kubernetes Service (EKS)
  • Workloads run on virtual machines (including the Kubernetes nodes) with no public IP addresses
  • Workloads (including Kubernetes pods) have globally routable private IP addresses
  • Workloads can freely communicate amongst themselves; here using ICMP as the representative protocol
  • Using bastion hosts, one can SSH into the virtual machines (including the Kubernetes nodes)

Prerequisites

You will need to copy the terraform.tfvars.sample file to terraform.tfvars in the root of the project; updating the following variables:

  • aws_key_name: AWS EC2 key pair name
  • gcp_project: The GCP project’s Project ID

To install the resources; from the root of the project run:

  • terraform init
  • terraform apply

To uninstall the resource; from the root of the project run:

  • terraform destroy

Google Cloud Platform (GCP)

Specifically:

  • Virtual Private Cloud (VPC)
  • Subnet (10.1.0.0/24 primary and secondaries: 10.1.64.0/18 and 172.16.1.0/24). VMs (including Kubernetes nodes) on the primary, Kubernetes pods on the first secondary, and Kubernetes services on the second secondary
  • Cloud NAT (NAT)
  • GCE instance bastion (B)
  • GCE instance (I)
  • GKE cluster with three nodes (N); the diagram is missing the third zone and node

Amazon Web Services (AWS)

Specifically:

  • Virtual Private Cloud (10.0.0.0/16)
  • Public Subnets (10.0.0.0/24 and 10.0.1.0/24)
  • Private Subnets (10.0.64.0/18 and 10.0.128.0/18)
  • NAT Gateways (NAT)
  • Internet Gateway (IG)
  • EC2 instance bastion (B)
  • EC2 instance (I)
  • EKS cluster with two nodes (N)

Virtual Private Network (VPN)

Broad infrastructure, development, and soft-skill background