/** * Copyright 2026 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ resource "google_compute_instance" "default" { provider = google-beta count = local.is_template ? 0 : 1 project = local.project_id zone = local.zone name = var.name hostname = var.hostname description = var.description tags = var.tags machine_type = var.machine_type min_cpu_platform = var.min_cpu_platform can_ip_forward = var.can_ip_forward allow_stopping_for_update = var.lifecycle_config.allow_stopping_for_update deletion_protection = var.lifecycle_config.deletion_protection key_revocation_action_type = var.lifecycle_config.key_revocation_action_type enable_display = var.enable_display labels = var.labels metadata = var.metadata metadata_startup_script = var.metadata_startup_script resource_policies = ( var.resource_policies == null && var.instance_schedule == null ? null : concat( coalesce(var.resource_policies, []), coalesce(local.ischedule, []) ) ) dynamic "advanced_machine_features" { for_each = local.advanced_mf ? [""] : [] content { enable_nested_virtualization = var.machine_features_config.enable_nested_virtualization enable_uefi_networking = var.machine_features_config.enable_uefi_networking performance_monitoring_unit = var.machine_features_config.performance_monitoring_unit threads_per_core = var.machine_features_config.threads_per_core turbo_mode = ( var.machine_features_config.enable_turbo_mode == true ? "ALL_CORE_MAX" : null ) visible_core_count = var.machine_features_config.visible_core_count } } dynamic "attached_disk" { for_each = local.attached_disks_ordered iterator = disk content { device_name = coalesce( var.attached_disks[disk.value.key].device_name, var.attached_disks[disk.value.key].name, disk.value.key ) force_attach = var.attached_disks[disk.value.key].force_attach mode = var.attached_disks[disk.value.key].mode source = ( var.attached_disks[disk.value.key].source.attach != null ? var.attached_disks[disk.value.key].source.attach : disk.value.is_regional ? google_compute_region_disk.disks[disk.value.key].id : google_compute_disk.disks[disk.value.key].name ) } } boot_disk { auto_delete = ( var.boot_disk.use_independent_disk != null ? false : var.boot_disk.auto_delete ) force_attach = var.boot_disk.force_attach source = ( var.boot_disk.use_independent_disk != null ? google_compute_disk.boot[0].id : try(coalesce( var.boot_disk.source.snapshot, var.boot_disk.source.attach ), null) ) disk_encryption_key_raw = ( var.encryption != null ? try( local.ctx_kms_keys[var.encryption.disk_encryption_key_raw], var.encryption.disk_encryption_key_raw ) : null ) kms_key_self_link = ( var.encryption != null ? try( local.ctx_kms_keys[var.encryption.kms_key_self_link], var.encryption.kms_key_self_link ) : null ) dynamic "initialize_params" { for_each = ( var.boot_disk.initialize_params == null || var.boot_disk.use_independent_disk != null || var.boot_disk.source.attach != null ? [] : [""] ) content { architecture = var.boot_disk.architecture image = var.boot_disk.source.image size = var.boot_disk.initialize_params.size type = var.boot_disk.initialize_params.type resource_manager_tags = var.tag_bindings_immutable provisioned_iops = var.boot_disk.initialize_params.hyperdisk.provisioned_iops provisioned_throughput = var.boot_disk.initialize_params.hyperdisk.provisioned_throughput storage_pool = var.boot_disk.initialize_params.hyperdisk.storage_pool } } } dynamic "confidential_instance_config" { for_each = var.confidential_compute != null ? [""] : [] content { enable_confidential_compute = true } } dynamic "network_interface" { for_each = var.network_interfaces iterator = config content { network = lookup( local.ctx.networks, config.value.network, config.value.network ) subnetwork = lookup( local.ctx.subnets, config.value.subnetwork, config.value.subnetwork ) network_ip = try( local.ctx.addresses[config.value.addresses.internal], config.value.addresses.internal, null ) nic_type = config.value.nic_type stack_type = config.value.stack_type queue_count = config.value.queue_count internal_ipv6_prefix_length = config.value.internal_ipv6_prefix_length dynamic "access_config" { for_each = config.value.nat || config.value.network_tier != null ? [""] : [] content { nat_ip = try( local.ctx.addresses[config.value.addresses.external], config.value.addresses.external, null ) network_tier = try(config.value.network_tier, null) } } dynamic "alias_ip_range" { for_each = config.value.alias_ips iterator = config_alias content { subnetwork_range_name = config_alias.key ip_cidr_range = config_alias.value } } } } dynamic "network_interface" { for_each = var.network_attached_interfaces content { network_attachment = network_interface.value } } dynamic "network_performance_config" { for_each = var.network_performance_tier != null ? [""] : [] content { total_egress_bandwidth_tier = var.network_performance_tier } } scheduling { automatic_restart = coalesce( var.scheduling_config.automatic_restart, var.scheduling_config.provisioning_model != "SPOT" ) instance_termination_action = local.termination_action on_host_maintenance = local.on_host_maintenance preemptible = var.scheduling_config.provisioning_model == "SPOT" provisioning_model = coalesce(var.scheduling_config.provisioning_model, "STANDARD") min_node_cpus = var.scheduling_config.min_node_cpus maintenance_interval = var.scheduling_config.maintenance_interval dynamic "max_run_duration" { for_each = var.scheduling_config.max_run_duration == null ? [] : [""] content { nanos = var.scheduling_config.max_run_duration.nanos seconds = var.scheduling_config.max_run_duration.seconds } } dynamic "local_ssd_recovery_timeout" { for_each = var.scheduling_config.local_ssd_recovery_timeout == null ? [] : [""] content { nanos = var.scheduling_config.local_ssd_recovery_timeout.nanos seconds = var.scheduling_config.local_ssd_recovery_timeout.seconds } } dynamic "node_affinities" { for_each = var.scheduling_config.node_affinities iterator = affinity content { key = affinity.key operator = affinity.value.in ? "IN" : "NOT_IN" values = affinity.value.values } } dynamic "graceful_shutdown" { for_each = var.lifecycle_config.graceful_shutdown != null ? [""] : [] content { enabled = var.lifecycle_config.graceful_shutdown.enabled dynamic "max_duration" { for_each = ( var.lifecycle_config.graceful_shutdown.enabled == true && var.lifecycle_config.graceful_shutdown.max_duration_secs != null ? [""] : [] ) content { seconds = var.lifecycle_config.graceful_shutdown.max_duration_secs nanos = 0 } } } } } dynamic "scratch_disk" { for_each = [ for i in range(0, var.scratch_disks.count) : var.scratch_disks.interface ] iterator = config content { interface = config.value } } dynamic "service_account" { for_each = var.service_account == null ? [] : [""] content { email = local.service_account.email scopes = local.service_account.scopes } } dynamic "shielded_instance_config" { for_each = var.shielded_config != null ? [var.shielded_config] : [] iterator = config content { enable_secure_boot = config.value.enable_secure_boot enable_vtpm = config.value.enable_vtpm enable_integrity_monitoring = config.value.enable_integrity_monitoring } } dynamic "params" { for_each = var.tag_bindings_immutable == null ? [] : [""] content { resource_manager_tags = var.tag_bindings_immutable } } dynamic "guest_accelerator" { for_each = local.gpu ? [var.gpu] : [] content { type = guest_accelerator.value.type count = guest_accelerator.value.count } } }