Added iniital Game Client VM Terraform

googleforgames · Oct 30, 2023 · f896ae5 · f896ae5
1 parent 168810e
commit f896ae5
Show file tree

Hide file tree

Showing 4 changed files with 151 additions and 1 deletion.
diff --git a/infrastructure/game-client.tf b/infrastructure/game-client.tf
@@ -0,0 +1,102 @@
+# Copyright 2023 Google LLC All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+resource "google_service_account" "game_client_vm" {
+  count = var.enable_game_client_vm ? 1 : 0
+
+  project = var.project
+
+  account_id   = "game-client-vm"
+  display_name = "Custom SA for Game Client VM"
+}
+
+resource "google_compute_address" "game_client_vm_static_ip" {
+  count = var.enable_game_client_vm ? 1 : 0
+
+  project = var.project
+  name    = "game-client-vm-static-ip"
+  region  = var.game_client_vm_region
+}
+
+data "google_compute_image" "game_client_vm_os" {
+  count = var.enable_game_client_vm ? 1 : 0
+
+  family  = var.game_client_vm_os_family
+  project = var.game_client_vm_os_project
+}
+
+resource "google_compute_instance" "game_client_vm" {
+  count = var.enable_game_client_vm ? 1 : 0
+
+  project = var.project
+
+  name         = "game-client-vm"
+  machine_type = var.game_client_vm_machine_type
+  zone         = "${var.game_client_vm_region}-a"
+
+  tags = ["game-client-vm-ssh"]
+
+  scheduling {
+    on_host_maintenance = "TERMINATE"
+  }
+
+  boot_disk {
+    initialize_params {
+      image = data.google_compute_image.game_client_vm_os[0].self_link
+    }
+  }
+
+  // Local SSD disk
+  scratch_disk {
+    interface = "NVME"
+  }
+
+  network_interface {
+    subnetwork = google_compute_subnetwork.subnet["${var.game_client_vm_region}"].self_link
+    # network = google_compute_network.vpc.id
+
+    access_config {
+      // Ephemeral public IP
+      nat_ip = google_compute_address.game_client_vm_static_ip[0].address
+    }
+  }
+
+  metadata = {
+    serial-port-logging-enable = "TRUE"
+  }
+
+  metadata_startup_script = "echo hi > /test.txt"
+
+  service_account {
+    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+    email  = google_service_account.game_client_vm[0].email
+    scopes = ["cloud-platform"]
+  }
+}
+
+resource "google_compute_firewall" "game-client-vm-ssh" {
+  project = var.project
+
+  name    = "game-client-vm-ssh"
+  network = google_compute_network.vpc.id
+
+  allow {
+    protocol = "tcp"
+    ports    = ["22"]
+  }
+
+  target_tags   = ["game-client-vm-ssh"]
+  source_ranges = var.game_client_vm_allowed_cidr
+}
diff --git a/infrastructure/game-server.tf b/infrastructure/game-server.tf
@@ -36,6 +36,7 @@ resource "google_secret_manager_secret_iam_binding" "cloud_build_binding" {
   secret_id = google_secret_manager_secret.secret_github_packages.id
   role      = "roles/secretmanager.secretAccessor"
   members = [
-    "serviceAccount:cloudbuild-cicd@${var.project}.iam.gserviceaccount.com",
+    # "serviceAccount:cloudbuild-cicd@${var.project}.iam.gserviceaccount.com",
+    google_service_account.cloudbuild-sa.member
   ]
 }
diff --git a/infrastructure/terraform.tfvars.sample b/infrastructure/terraform.tfvars.sample
@@ -18,6 +18,15 @@
 project            = "PROJECT_ID"
 resource_env_label = "demo-global-game"
 
+# Game Client Configuration
+enable_game_client_vm       = true
+game_client_vm_machine_type = "g2-standard-4"
+game_client_vm_region       = "us-central1" # MUST MATCH one of the below VPC regions
+game_client_vm_storage      = 100
+game_client_vm_os_family    = "centos-stream-8"
+game_client_vm_os_project   = "centos-cloud"
+game_client_vm_allowed_cidr = ["0.0.0.0/0"]
+
 # Cloud Deploy Configuration
 platform_directory = "../platform"              # Relative to Terraform directory
 services_directory = "../services"              # Relative to Terraform directory

diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf
@@ -149,3 +149,41 @@ variable "github_pat" {
   type        = string
   description = "A GitHub personal access token (classic) with at least read:packages scope"
 }
+
+### Game Client VM Variables
+
+variable "enable_game_client_vm" {
+  type        = bool
+  description = "Whether to create or not a Linux Game Client VM"
+  default     = false
+}
+
+variable "game_client_vm_machine_type" {
+  type        = string
+  description = "Game Client VM Machine Type"
+}
+
+variable "game_client_vm_allowed_cidr" {
+  type        = list(any)
+  description = "Game Client VM Allowed CIDRs"
+}
+
+variable "game_client_vm_region" {
+  type        = string
+  description = "Game Client VM Region"
+}
+
+variable "game_client_vm_storage" {
+  type        = number
+  description = "Game Client VM Storage Size"
+}
+
+variable "game_client_vm_os_family" {
+  type        = string
+  description = "Game Client VM OS Image Family"
+}
+
+variable "game_client_vm_os_project" {
+  type        = string
+  description = "Game Client OS Image Project"
+}