2021-07-19 07:39:50 -07:00
|
|
|
/**
|
|
|
|
* Copyright 2021 Google LLC
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2021-07-20 00:31:54 -07:00
|
|
|
locals {
|
2021-07-20 06:05:48 -07:00
|
|
|
psc_name = replace(var.name, "-", "")
|
2021-07-20 00:31:54 -07:00
|
|
|
}
|
|
|
|
|
2021-07-20 06:05:48 -07:00
|
|
|
module "project" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/project"
|
2021-07-20 06:05:48 -07:00
|
|
|
name = var.project_id
|
|
|
|
project_create = var.project_create == null ? false : true
|
|
|
|
billing_account = try(var.project_create.billing_account_id, null)
|
|
|
|
parent = try(var.project_create.parent, null)
|
|
|
|
service_config = {
|
|
|
|
disable_dependent_services = false
|
|
|
|
disable_on_destroy = false
|
|
|
|
}
|
2021-07-19 07:39:50 -07:00
|
|
|
services = [
|
2021-07-20 06:05:48 -07:00
|
|
|
"cloudfunctions.googleapis.com",
|
|
|
|
"cloudbuild.googleapis.com",
|
2021-07-19 07:39:50 -07:00
|
|
|
"compute.googleapis.com",
|
|
|
|
"dns.googleapis.com"
|
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# VPCs #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
module "vpc-onprem" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/net-vpc"
|
2021-07-20 06:05:48 -07:00
|
|
|
project_id = module.project.project_id
|
|
|
|
name = "${var.name}-onprem"
|
2021-07-19 07:39:50 -07:00
|
|
|
subnets = [
|
|
|
|
{
|
2021-07-19 22:52:54 -07:00
|
|
|
ip_cidr_range = var.ip_ranges.onprem
|
2021-07-20 06:05:48 -07:00
|
|
|
name = "${var.name}-onprem"
|
2021-07-19 07:39:50 -07:00
|
|
|
region = var.region
|
|
|
|
secondary_ip_range = {}
|
|
|
|
}
|
|
|
|
]
|
2021-07-20 06:24:20 -07:00
|
|
|
subnet_private_access = {
|
|
|
|
"${var.region}/${var.name}-onprem" = false
|
|
|
|
}
|
2021-07-19 07:39:50 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
module "firewall-onprem" {
|
2021-07-20 06:05:48 -07:00
|
|
|
source = "../../modules/net-vpc-firewall"
|
|
|
|
project_id = module.project.project_id
|
|
|
|
network = module.vpc-onprem.name
|
2021-07-19 07:39:50 -07:00
|
|
|
}
|
|
|
|
|
2021-07-19 22:52:54 -07:00
|
|
|
module "vpc-hub" {
|
|
|
|
source = "../../modules/net-vpc"
|
2021-07-20 06:05:48 -07:00
|
|
|
project_id = module.project.project_id
|
|
|
|
name = "${var.name}-hub"
|
2021-07-19 07:39:50 -07:00
|
|
|
subnets = [
|
|
|
|
{
|
2021-07-19 22:52:54 -07:00
|
|
|
ip_cidr_range = var.ip_ranges.hub
|
2021-07-20 06:05:48 -07:00
|
|
|
name = "${var.name}-hub"
|
2021-07-19 07:39:50 -07:00
|
|
|
region = var.region
|
|
|
|
secondary_ip_range = {}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# VPNs #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
module "vpn-onprem" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/net-vpn-ha"
|
2021-07-20 06:05:48 -07:00
|
|
|
project_id = module.project.project_id
|
2021-07-19 07:39:50 -07:00
|
|
|
region = var.region
|
|
|
|
network = module.vpc-onprem.self_link
|
2021-07-20 06:05:48 -07:00
|
|
|
name = "${var.name}-onprem-to-hub"
|
2021-07-19 07:39:50 -07:00
|
|
|
router_asn = 65001
|
|
|
|
router_advertise_config = {
|
|
|
|
groups = ["ALL_SUBNETS"]
|
|
|
|
ip_ranges = {
|
|
|
|
}
|
|
|
|
mode = "CUSTOM"
|
|
|
|
}
|
2021-07-19 22:52:54 -07:00
|
|
|
peer_gcp_gateway = module.vpn-hub.self_link
|
2021-07-19 07:39:50 -07:00
|
|
|
tunnels = {
|
|
|
|
tunnel-0 = {
|
|
|
|
bgp_peer = {
|
|
|
|
address = "169.254.0.2"
|
|
|
|
asn = 65002
|
|
|
|
}
|
|
|
|
bgp_peer_options = null
|
|
|
|
bgp_session_range = "169.254.0.1/30"
|
|
|
|
ike_version = 2
|
|
|
|
vpn_gateway_interface = 0
|
|
|
|
peer_external_gateway_interface = null
|
|
|
|
router = null
|
|
|
|
shared_secret = ""
|
|
|
|
}
|
|
|
|
tunnel-1 = {
|
|
|
|
bgp_peer = {
|
|
|
|
address = "169.254.0.6"
|
|
|
|
asn = 65002
|
|
|
|
}
|
|
|
|
bgp_peer_options = null
|
|
|
|
bgp_session_range = "169.254.0.5/30"
|
|
|
|
ike_version = 2
|
|
|
|
vpn_gateway_interface = 1
|
|
|
|
peer_external_gateway_interface = null
|
|
|
|
router = null
|
|
|
|
shared_secret = ""
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-07-19 22:52:54 -07:00
|
|
|
module "vpn-hub" {
|
|
|
|
source = "../../modules/net-vpn-ha"
|
2021-07-20 06:05:48 -07:00
|
|
|
project_id = module.project.project_id
|
2021-07-19 07:39:50 -07:00
|
|
|
region = var.region
|
2021-07-19 22:52:54 -07:00
|
|
|
network = module.vpc-hub.name
|
2021-07-20 06:05:48 -07:00
|
|
|
name = "${var.name}-hub-to-onprem"
|
2021-07-19 07:39:50 -07:00
|
|
|
router_asn = 65002
|
|
|
|
peer_gcp_gateway = module.vpn-onprem.self_link
|
|
|
|
router_advertise_config = {
|
2021-07-20 06:05:48 -07:00
|
|
|
groups = ["ALL_SUBNETS"]
|
2021-07-19 07:39:50 -07:00
|
|
|
ip_ranges = {
|
|
|
|
(var.psc_endpoint) = "to-psc-endpoint"
|
|
|
|
}
|
2021-07-20 06:05:48 -07:00
|
|
|
mode = "CUSTOM"
|
2021-07-19 07:39:50 -07:00
|
|
|
}
|
|
|
|
tunnels = {
|
|
|
|
tunnel-0 = {
|
|
|
|
bgp_peer = {
|
|
|
|
address = "169.254.0.1"
|
|
|
|
asn = 65001
|
|
|
|
}
|
|
|
|
bgp_peer_options = null
|
|
|
|
bgp_session_range = "169.254.0.2/30"
|
|
|
|
ike_version = 2
|
|
|
|
vpn_gateway_interface = 0
|
|
|
|
peer_external_gateway_interface = null
|
|
|
|
router = null
|
|
|
|
shared_secret = module.vpn-onprem.random_secret
|
|
|
|
}
|
|
|
|
tunnel-1 = {
|
|
|
|
bgp_peer = {
|
|
|
|
address = "169.254.0.5"
|
|
|
|
asn = 65001
|
|
|
|
}
|
|
|
|
bgp_peer_options = null
|
|
|
|
bgp_session_range = "169.254.0.6/30"
|
|
|
|
ike_version = 2
|
|
|
|
vpn_gateway_interface = 1
|
|
|
|
peer_external_gateway_interface = null
|
|
|
|
router = null
|
|
|
|
shared_secret = module.vpn-onprem.random_secret
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# VMs #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
module "test-vm" {
|
2021-07-20 06:05:48 -07:00
|
|
|
source = "../../modules/compute-vm"
|
|
|
|
project_id = module.project.project_id
|
2021-10-04 01:46:44 -07:00
|
|
|
zone = "${var.region}-b"
|
2021-07-20 06:05:48 -07:00
|
|
|
name = "${var.name}-test"
|
|
|
|
instance_type = "e2-micro"
|
|
|
|
boot_disk = {
|
|
|
|
image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2104"
|
|
|
|
type = "pd-balanced"
|
|
|
|
size = 10
|
2021-07-19 07:39:50 -07:00
|
|
|
}
|
2021-07-20 06:05:48 -07:00
|
|
|
network_interfaces = [{
|
|
|
|
addresses = null
|
|
|
|
nat = false
|
|
|
|
network = module.vpc-onprem.self_link
|
|
|
|
subnetwork = module.vpc-onprem.subnet_self_links["${var.region}/${var.name}-onprem"]
|
|
|
|
}]
|
2021-10-04 01:46:44 -07:00
|
|
|
tags = ["ssh"]
|
2021-07-19 07:39:50 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# Cloud Function #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
module "function-hello" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/cloud-function"
|
2021-07-20 06:05:48 -07:00
|
|
|
project_id = module.project.project_id
|
|
|
|
name = var.name
|
|
|
|
bucket_name = "${var.name}-tf-cf-deploy"
|
2021-07-19 07:39:50 -07:00
|
|
|
ingress_settings = "ALLOW_INTERNAL_ONLY"
|
|
|
|
bundle_config = {
|
2021-11-07 01:46:22 -08:00
|
|
|
source_dir = "${path.module}/assets"
|
|
|
|
output_path = "bundle.zip"
|
|
|
|
excludes = null
|
2021-07-19 07:39:50 -07:00
|
|
|
}
|
2021-07-20 00:31:54 -07:00
|
|
|
bucket_config = {
|
2021-07-20 06:05:48 -07:00
|
|
|
location = var.region
|
2021-07-20 00:31:54 -07:00
|
|
|
lifecycle_delete_age = null
|
|
|
|
}
|
2021-07-20 06:05:48 -07:00
|
|
|
iam = {
|
2021-07-19 07:39:50 -07:00
|
|
|
"roles/cloudfunctions.invoker" = ["allUsers"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# DNS #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
module "private-dns-onprem" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/dns"
|
2021-07-20 06:05:48 -07:00
|
|
|
project_id = module.project.project_id
|
2021-07-19 07:39:50 -07:00
|
|
|
type = "private"
|
2021-07-20 06:05:48 -07:00
|
|
|
name = var.name
|
|
|
|
domain = "${var.region}-${module.project.project_id}.cloudfunctions.net."
|
2021-07-19 07:39:50 -07:00
|
|
|
client_networks = [module.vpc-onprem.self_link]
|
2021-10-04 09:59:14 -07:00
|
|
|
recordsets = {
|
|
|
|
"A " = { ttl = 300, records = [module.addresses.psc_addresses[local.psc_name].address] }
|
|
|
|
}
|
2021-07-19 07:39:50 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# PSCs #
|
|
|
|
###############################################################################
|
|
|
|
|
2021-07-20 06:05:48 -07:00
|
|
|
module "addresses" {
|
|
|
|
source = "../../modules/net-address"
|
|
|
|
project_id = module.project.project_id
|
|
|
|
psc_addresses = {
|
|
|
|
(local.psc_name) = {
|
|
|
|
address = var.psc_endpoint
|
|
|
|
network = module.vpc-hub.self_link
|
|
|
|
}
|
|
|
|
}
|
2021-07-19 07:39:50 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_compute_global_forwarding_rule" "psc-endpoint" {
|
|
|
|
provider = google-beta
|
2021-07-20 06:05:48 -07:00
|
|
|
project = module.project.project_id
|
|
|
|
name = local.psc_name
|
2021-07-19 22:52:54 -07:00
|
|
|
network = module.vpc-hub.self_link
|
2021-07-20 06:05:48 -07:00
|
|
|
ip_address = module.addresses.psc_addresses[local.psc_name].self_link
|
2021-07-19 07:39:50 -07:00
|
|
|
target = "vpc-sc"
|
|
|
|
load_balancing_scheme = ""
|
|
|
|
}
|