123 lines
3.4 KiB
Terraform
123 lines
3.4 KiB
Terraform
|
/**
|
||
|
* Copyright 2023 Google LLC
|
||
|
*
|
||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
* you may not use this file except in compliance with the License.
|
||
|
* You may obtain a copy of the License at
|
||
|
*
|
||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||
|
*
|
||
|
* Unless required by applicable law or agreed to in writing, software
|
||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
* See the License for the specific language governing permissions and
|
||
|
* limitations under the License.
|
||
|
*/
|
||
|
|
||
|
locals {
|
||
|
zones = {
|
||
|
primary = "${var.regions.primary}-b"
|
||
|
secondary = "${var.regions.secondary}-b"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
module "project_landing" {
|
||
|
source = "../../../modules/project"
|
||
|
billing_account = (var.projects_create != null
|
||
|
? var.projects_create.billing_account_id
|
||
|
: null
|
||
|
)
|
||
|
name = var.project_names.landing
|
||
|
parent = (var.projects_create != null
|
||
|
? var.projects_create.parent
|
||
|
: null
|
||
|
)
|
||
|
prefix = var.prefix
|
||
|
project_create = var.projects_create != null
|
||
|
|
||
|
services = [
|
||
|
"compute.googleapis.com",
|
||
|
"networkmanagement.googleapis.com",
|
||
|
# Logging and Monitoring
|
||
|
"logging.googleapis.com",
|
||
|
"monitoring.googleapis.com"
|
||
|
]
|
||
|
}
|
||
|
|
||
|
module "vpc_landing_untrusted" {
|
||
|
source = "../../../modules/net-vpc"
|
||
|
project_id = module.project_landing.project_id
|
||
|
name = "landing-untrusted"
|
||
|
|
||
|
routes = {
|
||
|
spoke1-primary = {
|
||
|
dest_range = var.ip_config.spoke_primary
|
||
|
next_hop_type = "ilb"
|
||
|
next_hop = module.nva_untrusted_ilbs["primary"].forwarding_rule_self_link
|
||
|
}
|
||
|
spoke1-secondary = {
|
||
|
dest_range = var.ip_config.spoke_secondary
|
||
|
next_hop_type = "ilb"
|
||
|
next_hop = module.nva_untrusted_ilbs["secondary"].forwarding_rule_self_link
|
||
|
}
|
||
|
}
|
||
|
|
||
|
subnets = [
|
||
|
{
|
||
|
ip_cidr_range = var.ip_config.untrusted_primary
|
||
|
name = "untrusted-${var.regions.primary}"
|
||
|
region = var.regions.primary
|
||
|
},
|
||
|
{
|
||
|
ip_cidr_range = var.ip_config.untrusted_secondary
|
||
|
name = "untrusted-${var.regions.secondary}"
|
||
|
region = var.regions.secondary
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
|
||
|
module "vpc_landing_trusted" {
|
||
|
source = "../../../modules/net-vpc"
|
||
|
project_id = module.project_landing.project_id
|
||
|
name = "landing-trusted"
|
||
|
subnets = [
|
||
|
{
|
||
|
ip_cidr_range = var.ip_config.trusted_primary
|
||
|
name = "trusted-${var.regions.primary}"
|
||
|
region = var.regions.primary
|
||
|
},
|
||
|
{
|
||
|
ip_cidr_range = var.ip_config.trusted_secondary
|
||
|
name = "trusted-${var.regions.secondary}"
|
||
|
region = var.regions.secondary
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
|
||
|
module "firewall_landing_untrusted" {
|
||
|
source = "../../../modules/net-vpc-firewall"
|
||
|
project_id = module.project_landing.project_id
|
||
|
network = module.vpc_landing_untrusted.name
|
||
|
|
||
|
ingress_rules = {
|
||
|
allow-ssh-from-hcs = {
|
||
|
description = "Allow health checks to NVAs coming on port 22."
|
||
|
targets = ["ssh"]
|
||
|
source_ranges = [
|
||
|
"130.211.0.0/22",
|
||
|
"35.191.0.0/16"
|
||
|
]
|
||
|
rules = [{ protocol = "tcp", ports = [22] }]
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
module "nats_landing" {
|
||
|
for_each = var.regions
|
||
|
source = "../../../modules/net-cloudnat"
|
||
|
project_id = module.project_landing.project_id
|
||
|
region = each.value
|
||
|
name = "nat-${each.value}"
|
||
|
router_network = module.vpc_landing_untrusted.self_link
|
||
|
}
|