2021-07-19 07:39:50 -07:00
|
|
|
/**
|
|
|
|
* Copyright 2021 Google LLC
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# projects #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
module "project-onprem" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/project"
|
2021-07-19 07:39:50 -07:00
|
|
|
billing_account = var.billing_account_id
|
|
|
|
name = var.onprem_project_id
|
|
|
|
parent = var.root_id
|
|
|
|
project_create = var.create_projects
|
|
|
|
services = [
|
|
|
|
"compute.googleapis.com",
|
|
|
|
"dns.googleapis.com"
|
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-07-19 22:52:54 -07:00
|
|
|
module "project-hub" {
|
|
|
|
source = "../../modules/project"
|
2021-07-19 07:39:50 -07:00
|
|
|
billing_account = var.billing_account_id
|
2021-07-19 22:52:54 -07:00
|
|
|
name = var.function_project_id
|
2021-07-19 07:39:50 -07:00
|
|
|
parent = var.root_id
|
|
|
|
project_create = var.create_projects
|
|
|
|
services = [
|
|
|
|
"compute.googleapis.com",
|
|
|
|
"cloudfunctions.googleapis.com",
|
|
|
|
"cloudbuild.googleapis.com"
|
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# VPCs #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
module "vpc-onprem" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/net-vpc"
|
2021-07-19 07:39:50 -07:00
|
|
|
project_id = module.project-onprem.project_id
|
2021-07-19 22:52:54 -07:00
|
|
|
name = "onprem"
|
2021-07-19 07:39:50 -07:00
|
|
|
subnets = [
|
|
|
|
{
|
2021-07-19 22:52:54 -07:00
|
|
|
ip_cidr_range = var.ip_ranges.onprem
|
|
|
|
name = "onprem-subnet"
|
2021-07-19 07:39:50 -07:00
|
|
|
region = var.region
|
|
|
|
secondary_ip_range = {}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
module "firewall-onprem" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/net-vpc-firewall"
|
2021-07-19 07:39:50 -07:00
|
|
|
project_id = module.project-onprem.project_id
|
|
|
|
network = module.vpc-onprem.name
|
|
|
|
admin_ranges_enabled = true
|
2021-07-19 22:52:54 -07:00
|
|
|
admin_ranges = []
|
2021-07-19 07:39:50 -07:00
|
|
|
custom_rules = {}
|
|
|
|
}
|
|
|
|
|
2021-07-19 22:52:54 -07:00
|
|
|
module "vpc-hub" {
|
|
|
|
source = "../../modules/net-vpc"
|
|
|
|
project_id = module.project-hub.project_id
|
|
|
|
name = "hub"
|
2021-07-19 07:39:50 -07:00
|
|
|
subnets = [
|
|
|
|
{
|
2021-07-19 22:52:54 -07:00
|
|
|
ip_cidr_range = var.ip_ranges.hub
|
|
|
|
name = "hub-subnet"
|
2021-07-19 07:39:50 -07:00
|
|
|
region = var.region
|
|
|
|
secondary_ip_range = {}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# VPNs #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
module "vpn-onprem" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/net-vpn-ha"
|
2021-07-19 07:39:50 -07:00
|
|
|
project_id = module.project-onprem.project_id
|
|
|
|
region = var.region
|
|
|
|
network = module.vpc-onprem.self_link
|
2021-07-19 22:52:54 -07:00
|
|
|
name = "onprem-to-hub"
|
2021-07-19 07:39:50 -07:00
|
|
|
router_asn = 65001
|
|
|
|
router_advertise_config = {
|
|
|
|
groups = ["ALL_SUBNETS"]
|
|
|
|
ip_ranges = {
|
|
|
|
}
|
|
|
|
mode = "CUSTOM"
|
|
|
|
}
|
2021-07-19 22:52:54 -07:00
|
|
|
peer_gcp_gateway = module.vpn-hub.self_link
|
2021-07-19 07:39:50 -07:00
|
|
|
tunnels = {
|
|
|
|
tunnel-0 = {
|
|
|
|
bgp_peer = {
|
|
|
|
address = "169.254.0.2"
|
|
|
|
asn = 65002
|
|
|
|
}
|
|
|
|
bgp_peer_options = null
|
|
|
|
bgp_session_range = "169.254.0.1/30"
|
|
|
|
ike_version = 2
|
|
|
|
vpn_gateway_interface = 0
|
|
|
|
peer_external_gateway_interface = null
|
|
|
|
router = null
|
|
|
|
shared_secret = ""
|
|
|
|
}
|
|
|
|
tunnel-1 = {
|
|
|
|
bgp_peer = {
|
|
|
|
address = "169.254.0.6"
|
|
|
|
asn = 65002
|
|
|
|
}
|
|
|
|
bgp_peer_options = null
|
|
|
|
bgp_session_range = "169.254.0.5/30"
|
|
|
|
ike_version = 2
|
|
|
|
vpn_gateway_interface = 1
|
|
|
|
peer_external_gateway_interface = null
|
|
|
|
router = null
|
|
|
|
shared_secret = ""
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-07-19 22:52:54 -07:00
|
|
|
module "vpn-hub" {
|
|
|
|
source = "../../modules/net-vpn-ha"
|
|
|
|
project_id = module.project-hub.project_id
|
2021-07-19 07:39:50 -07:00
|
|
|
region = var.region
|
2021-07-19 22:52:54 -07:00
|
|
|
network = module.vpc-hub.name
|
|
|
|
name = "hub-to-onprem"
|
2021-07-19 07:39:50 -07:00
|
|
|
router_asn = 65002
|
|
|
|
peer_gcp_gateway = module.vpn-onprem.self_link
|
|
|
|
router_advertise_config = {
|
|
|
|
groups = ["ALL_SUBNETS"]
|
|
|
|
ip_ranges = {
|
|
|
|
(var.psc_endpoint) = "to-psc-endpoint"
|
|
|
|
}
|
|
|
|
mode = "CUSTOM"
|
|
|
|
}
|
|
|
|
tunnels = {
|
|
|
|
tunnel-0 = {
|
|
|
|
bgp_peer = {
|
|
|
|
address = "169.254.0.1"
|
|
|
|
asn = 65001
|
|
|
|
}
|
|
|
|
bgp_peer_options = null
|
|
|
|
bgp_session_range = "169.254.0.2/30"
|
|
|
|
ike_version = 2
|
|
|
|
vpn_gateway_interface = 0
|
|
|
|
peer_external_gateway_interface = null
|
|
|
|
router = null
|
|
|
|
shared_secret = module.vpn-onprem.random_secret
|
|
|
|
}
|
|
|
|
tunnel-1 = {
|
|
|
|
bgp_peer = {
|
|
|
|
address = "169.254.0.5"
|
|
|
|
asn = 65001
|
|
|
|
}
|
|
|
|
bgp_peer_options = null
|
|
|
|
bgp_session_range = "169.254.0.6/30"
|
|
|
|
ike_version = 2
|
|
|
|
vpn_gateway_interface = 1
|
|
|
|
peer_external_gateway_interface = null
|
|
|
|
router = null
|
|
|
|
shared_secret = module.vpn-onprem.random_secret
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# VMs #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
module "test-vm" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/compute-vm"
|
2021-07-19 07:39:50 -07:00
|
|
|
project_id = module.project-onprem.project_id
|
|
|
|
region = var.region
|
|
|
|
zones = ["${var.zone}"]
|
|
|
|
name = "test-vm"
|
|
|
|
instance_type = "e2-micro"
|
|
|
|
instance_count = 1
|
|
|
|
boot_disk = { image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2104", type = "pd-standard", size = 10 }
|
|
|
|
can_ip_forward = true
|
|
|
|
network_interfaces = [
|
|
|
|
{
|
|
|
|
network = module.vpc-onprem.self_link,
|
2021-07-19 22:52:54 -07:00
|
|
|
subnetwork = module.vpc-onprem.subnet_self_links["${var.region}/onprem-subnet"],
|
2021-07-19 07:39:50 -07:00
|
|
|
nat = false,
|
2021-07-19 22:52:54 -07:00
|
|
|
addresses = {
|
|
|
|
internal = [cidrhost(var.ip_ranges.onprem, 2)]
|
2021-07-19 07:39:50 -07:00
|
|
|
external = []
|
|
|
|
},
|
|
|
|
alias_ips = null
|
|
|
|
}
|
|
|
|
]
|
|
|
|
options = {
|
|
|
|
allow_stopping_for_update = true
|
|
|
|
deletion_protection = false
|
|
|
|
preemptible = false
|
|
|
|
}
|
|
|
|
metadata = {}
|
|
|
|
service_account = null
|
|
|
|
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
|
2021-07-19 22:52:54 -07:00
|
|
|
tags = ["ssh"]
|
2021-07-19 07:39:50 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# Cloud Function #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
module "function-hello" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/cloud-function"
|
|
|
|
project_id = module.project-hub.project_id
|
2021-07-19 07:39:50 -07:00
|
|
|
name = "my-hello-function"
|
2021-07-19 22:52:54 -07:00
|
|
|
bucket_name = module.bucket-functions.bucket.name
|
2021-07-19 07:39:50 -07:00
|
|
|
ingress_settings = "ALLOW_INTERNAL_ONLY"
|
|
|
|
bundle_config = {
|
2021-07-19 22:52:54 -07:00
|
|
|
source_dir = "assets"
|
2021-07-19 07:39:50 -07:00
|
|
|
output_path = "bundle.zip"
|
|
|
|
}
|
|
|
|
iam = {
|
|
|
|
"roles/cloudfunctions.invoker" = ["allUsers"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# GCS #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
module "bucket-functions" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/gcs"
|
|
|
|
project_id = module.project-hub.project_id
|
2021-07-19 07:39:50 -07:00
|
|
|
name = var.cloud_function_gcs_bucket
|
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# DNS #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
module "private-dns-onprem" {
|
2021-07-19 22:52:54 -07:00
|
|
|
source = "../../modules/dns"
|
2021-07-19 07:39:50 -07:00
|
|
|
project_id = module.project-onprem.project_id
|
|
|
|
type = "private"
|
|
|
|
name = "private-cloud-function"
|
2021-07-19 22:52:54 -07:00
|
|
|
domain = "${var.region}-${var.function_project_id}.cloudfunctions.net."
|
2021-07-19 07:39:50 -07:00
|
|
|
client_networks = [module.vpc-onprem.self_link]
|
|
|
|
recordsets = [{
|
|
|
|
name = "",
|
|
|
|
type = "A",
|
|
|
|
ttl = 300,
|
|
|
|
records = [var.psc_endpoint]
|
|
|
|
}]
|
|
|
|
}
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
# PSCs #
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
resource "google_compute_global_address" "psc-address" {
|
|
|
|
provider = google
|
2021-07-19 22:52:54 -07:00
|
|
|
project = module.project-hub.project_id
|
2021-07-19 07:39:50 -07:00
|
|
|
name = "pscaddress"
|
|
|
|
purpose = "PRIVATE_SERVICE_CONNECT"
|
|
|
|
address_type = "INTERNAL"
|
|
|
|
address = var.psc_endpoint
|
2021-07-19 22:52:54 -07:00
|
|
|
network = module.vpc-hub.self_link
|
2021-07-19 07:39:50 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_compute_global_forwarding_rule" "psc-endpoint" {
|
|
|
|
provider = google-beta
|
2021-07-19 22:52:54 -07:00
|
|
|
project = module.project-hub.project_id
|
2021-07-19 07:39:50 -07:00
|
|
|
name = "pscendpoint"
|
2021-07-19 22:52:54 -07:00
|
|
|
network = module.vpc-hub.self_link
|
2021-07-19 07:39:50 -07:00
|
|
|
ip_address = google_compute_global_address.psc-address.id
|
|
|
|
target = "vpc-sc"
|
|
|
|
load_balancing_scheme = ""
|
|
|
|
}
|