Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
# On-prem DNS and Google Private Access
2021-12-02 06:27:08 -08:00
This example leverages the [on prem in a box ](../../modules/cloud-config-container/onprem ) module to bootstrap an emulated on-premises environment on GCP, then connects it via VPN and sets up BGP and DNS so that several specific features can be tested:
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
- [Cloud DNS forwarding zone ](https://cloud.google.com/dns/docs/overview#fz-targets ) to on-prem
- DNS forwarding from on-prem via a [Cloud DNS inbound policy ](https://cloud.google.com/dns/docs/policies#create-in )
- [Private Access for on-premises hosts ](https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid )
The example has been purposefully kept simple to show how to use and wire the on-prem module, but it lends itself well to experimenting and can be combined with the other [infrastructure examples ](../ ) in this repository to test different GCP networking patterns in connection to on-prem. This is the high level diagram:
![High-level diagram ](diagram.png "High-level diagram" )
## Managed resources and services
This sample creates several distinct groups of resources:
2021-01-28 10:53:26 -08:00
- one VPC with two regions
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
- one set of firewall rules
2021-01-28 10:53:26 -08:00
- one Cloud NAT configuration per region
- one test instance on each region
- one service account for the test instances
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
- one service account for the onprem instance
2021-01-28 10:53:26 -08:00
- two dynamic VPN gateways in each of the regions with a single tunnel
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
- two DNS zones (private and forwarding) and a DNS inbound policy
- one emulated on-premises environment in a single GCP instance
## Cloud DNS inbound forwarder entry point
The Cloud DNS inbound policy reserves an IP address in the VPC, which is used by the on-prem DNS server to forward queries to Cloud DNS. This address needs of course to be explicitly set in the on-prem DNS configuration (see below for details), but since there's currently no way for Terraform to find the exact address (cf [Google provider issue ](https://github.com/terraform-providers/terraform-provider-google/issues/3753 )), the following manual workaround needs to be applied.
### Find out the forwarder entry point address
Run this gcloud command to (find out the address assigned to the inbound forwarder)[https://cloud.google.com/dns/docs/policies#list-in-entrypoints]:
```bash
2021-08-18 08:41:28 -07:00
gcloud compute addresses list --project [your project id]
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
```
In the list of addresses, look for the address with purpose `DNS_RESOLVER` in the subnet `to-onprem-default` . If its IP address is `10.0.0.2` it matches the default value in the Terraform `forwarder_address` variable, which means you're all set. If it's different, proceed to the next step.
### Update the forwarder address variable and recreate on-prem
If the forwader address does not match the Terraform variable, add the correct value in your `terraform.tfvars` (or change the default value in `variables.tf` ), then taint the onprem instance and apply to recreate it with the correct value in the DNS configuration:
```bash
tf apply
2020-04-16 00:07:16 -07:00
tf taint 'module.vm-onprem.google_compute_instance.default["onprem-1"]'
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
tf apply
```
## CoreDNS configuration for on-premises
The on-prem module uses a CoreDNS container to expose its DNS service, configured with foru distinct blocks:
- the onprem block serving static records for the `onprem.example.com` zone that map to each of the on-prem containers
- the forwarding block for the `gcp.example.com` zone and for Google Private Access, that map to the IP address of the Cloud DNS inbound policy
- the `google.internal` block that exposes to containers a name for the instance metadata address
- the default block that forwards to Google public DNS resolvers
This is the CoreDNS configuration:
```coredns
onprem.example.com {
root /etc/coredns
hosts onprem.hosts
log
errors
}
gcp.example.com googleapis.com {
forward . ${resolver_address}
log
errors
}
google.internal {
hosts {
169.254.169.254 metadata.google.internal
}
}
. {
forward . 8.8.8.8
log
errors
}
```
## Testing
### Onprem to cloud
```bash
2021-01-28 10:53:26 -08:00
# check containers are running
sudo docker ps
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
# connect to the onprem instance
2020-04-16 00:07:16 -07:00
gcloud compute ssh onprem-1
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
2021-01-28 10:53:26 -08:00
# check that the VPN tunnels are up
sudo docker exec -it onprem_vpn_1 ipsec statusall
Status of IKE charon daemon (strongSwan 5.8.1, Linux 5.4.0-1029-gcp, x86_64):
uptime: 6 minutes, since Nov 30 08:42:08 2020
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 8
loaded plugins: charon aesni mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 xcbc cmac curl sqlite attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap dhcp unity counters
Listening IP addresses:
10.0.16.2
169.254.1.2
169.254.2.2
Connections:
gcp: %any...35.233.104.67,0.0.0.0/0,::/0 IKEv2, dpddelay=30s
gcp: local: uses pre-shared key authentication
gcp: remote: [35.233.104.67] uses pre-shared key authentication
gcp: child: 0.0.0.0/0 === 0.0.0.0/0 TUNNEL, dpdaction=restart
gcp2: %any...35.246.101.51,0.0.0.0/0,::/0 IKEv2, dpddelay=30s
gcp2: local: uses pre-shared key authentication
gcp2: remote: [35.246.101.51] uses pre-shared key authentication
gcp2: child: 0.0.0.0/0 === 0.0.0.0/0 TUNNEL, dpdaction=restart
Security Associations (2 up, 0 connecting):
gcp2[4]: ESTABLISHED 6 minutes ago, 10.0.16.2[34.76.57.103]...35.246.101.51[35.246.101.51]
gcp2[4]: IKEv2 SPIs: 227cb2c52085a743_i 13b18b0ad5d4de2b_r*, pre-shared key reauthentication in 9 hours
gcp2[4]: IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_512/MODP_2048
gcp2{4}: INSTALLED, TUNNEL, reqid 2, ESP in UDP SPIs: cb6fdb84_i eea28dee_o
gcp2{4}: AES_GCM_16_256, 3298 bytes_i, 3051 bytes_o (48 pkts, 3s ago), rekeying in 2 hours
gcp2{4}: 0.0.0.0/0 === 0.0.0.0/0
gcp[3]: ESTABLISHED 6 minutes ago, 10.0.16.2[34.76.57.103]...35.233.104.67[35.233.104.67]
gcp[3]: IKEv2 SPIs: e2cffed5395b63dd_i 99f343468625507c_r*, pre-shared key reauthentication in 9 hours
gcp[3]: IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_512/MODP_2048
gcp{3}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c3f09701_i 4e8cc8d5_o
gcp{3}: AES_GCM_16_256, 3438 bytes_i, 3135 bytes_o (49 pkts, 8s ago), rekeying in 2 hours
gcp{3}: 0.0.0.0/0 === 0.0.0.0/0
# check that the BGP sessions works and the advertised routes are set
sudo docker exec -it onprem_bird_1 ip route
default via 10.0.16.1 dev eth0
10.0.0.0/24 proto bird src 10.0.16.2
nexthop via 169.254.1.1 dev vti0 weight 1
nexthop via 169.254.2.1 dev vti1 weight 1
10.0.16.0/24 dev eth0 proto kernel scope link src 10.0.16.2
10.10.0.0/24 proto bird src 10.0.16.2
nexthop via 169.254.1.1 dev vti0 weight 1
nexthop via 169.254.2.1 dev vti1 weight 1
35.199.192.0/19 proto bird src 10.0.16.2
nexthop via 169.254.1.1 dev vti0 weight 1
nexthop via 169.254.2.1 dev vti1 weight 1
169.254.1.0/30 dev vti0 proto kernel scope link src 169.254.1.2
169.254.2.0/30 dev vti1 proto kernel scope link src 169.254.2.2
199.36.153.4/30 proto bird src 10.0.16.2
nexthop via 169.254.1.1 dev vti0 weight 1
nexthop via 169.254.2.1 dev vti1 weight 1
199.36.153.8/30 proto bird src 10.0.16.2
nexthop via 169.254.1.1 dev vti0 weight 1
nexthop via 169.254.2.1 dev vti1 weight 1
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
# get a shell on the toolbox container
sudo docker exec -it onprem_toolbox_1 sh
2021-01-28 10:53:26 -08:00
# test pinging the IP address of the test instances (check outputs for it)
2020-04-16 00:07:16 -07:00
ping 10.0.0.3
2021-01-28 10:53:26 -08:00
ping 10.10.0.3
2020-04-16 00:07:16 -07:00
# note: if you are able to ping the IP but the DNS tests below do not work,
# refer to the sections above on configuring the DNS inbound fwd IP
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
# test forwarding from CoreDNS via the Cloud DNS inbound policy
2021-01-28 10:53:26 -08:00
dig test-1-1.gcp.example.org +short
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
10.0.0.3
2021-01-28 10:53:26 -08:00
dig test-2-1.gcp.example.org +short
10.10.0.3
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
# test that Private Access is configured correctly
dig compute.googleapis.com +short
private.googleapis.com.
199.36.153.8
199.36.153.9
199.36.153.10
199.36.153.11
# issue an API call via Private Access
gcloud config set project [your project id]
gcloud compute instances list
```
### Cloud to onprem
```bash
# connect to the test instance
gcloud compute ssh test-1
# test forwarding from Cloud DNS to onprem CoreDNS (address may differ)
2020-04-06 07:27:13 -07:00
dig gw.onprem.example.org +short
10.0.16.1
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
# test a request to the onprem web server
2020-11-25 01:29:13 -08:00
curl www.onprem.example.org -s |grep h1
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
< h1 > On Prem in a Box< / h1 >
```
## Operational considerations
A single pre-existing project is used in this example to keep variables and complexity to a minimum, in a real world scenarios each spoke would probably use a separate project.
2021-01-28 10:53:26 -08:00
The VPN-s used to connect to the on-premises environment do not account for HA, upgrading to use HA VPN is reasonably simple by using the relevant [module ](../../modules/net-vpn-ha ).
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
|---|---|:---: |:---:|:---:|
| project_id | Project id for all resources. | < code title = "" > string< / code > | ✓ | |
2021-01-28 10:53:26 -08:00
| *bgp_asn* | BGP ASNs. | < code title = "map(number)" > map(number)</ code > | | < code title = "{ gcp1 = 64513 gcp2 = 64520 onprem1 = 64514 onprem2 = 64514 }" > ...</ code > |
| *bgp_interface_ranges* | BGP interface IP CIDR ranges. | < code title = "map(string)" > map(string)</ code > | | < code title = "{ gcp1 = "169.254.1.0/30" gcp2 = "169.254.2.0/30" }" > ...</ code > |
2020-06-28 02:01:13 -07:00
| *dns_forwarder_address* | Address of the DNS server used to forward queries from on-premises. | < code title = "" > string</ code > | | < code title = "" > 10.0.0.2</ code > |
| *forwarder_address* | GCP DNS inbound policy forwarder address. | < code title = "" > string</ code > | | < code title = "" > 10.0.0.2</ code > |
2021-01-28 10:53:26 -08:00
| *ip_ranges* | IP CIDR ranges. | < code title = "map(string)" > map(string)</ code > | | < code title = "{ gcp1 = "10.0.0.0/24" gcp2 = "10.10.0.0/24" onprem = "10.0.16.0/24" }" > ...</ code > |
| *region* | VPC region. | < code title = "map(string)" > map(string)</ code > | | < code title = "{ gcp1 = "europe-west1" gcp2 = "europe-west2" }" > ...</ code > |
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
| *ssh_source_ranges* | IP CIDR ranges that will be allowed to connect via SSH to the onprem instance. | < code title = "list(string)" > list(string)</ code > | | < code title = "" > ["0.0.0.0/0"]</ code > |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| onprem-instance | Onprem instance details. | |
2021-01-28 10:53:26 -08:00
| test-instance1 | Test instance details. | |
| test-instance2 | Test instance details. | |
Merge development branch (#44)
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2020-04-03 05:06:48 -07:00
<!-- END TFDOC -->