ip_ranges var

This commit is contained in:
Natalia Strelkova 2022-10-06 07:58:48 +00:00
parent b11ae47738
commit 0411dbbd51
3 changed files with 30 additions and 33 deletions

View File

@ -107,24 +107,25 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L51) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
| [wordpress_image](variables.tf#L75) | Image to run with Cloud Run, starts with \"gcr.io\" | <code>string</code> | ✓ | |
| [project_id](variables.tf#L66) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
| [wordpress_image](variables.tf#L77) | Image to run with Cloud Run, starts with \"gcr.io\" | <code>string</code> | ✓ | |
| [cloud_run_invoker](variables.tf#L18) | IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone) | <code>string</code> | | <code>&#34;allUsers&#34;</code> |
| [connector_cidr](variables.tf#L24) | CIDR block for the VPC serverless connector (10.8.0.0/28 by default) | <code>string</code> | | <code>&#34;10.8.0.0&#47;28&#34;</code> |
| [prefix](variables.tf#L30) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | | <code>&#34;&#34;</code> |
| [principals](variables.tf#L36) | List of emails of people/service accounts to give rights to, eg 'user@domain.com'. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [project_create](variables.tf#L42) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [psa_cidr](variables.tf#L57) | CIDR block for Private Service Access for CloudSQL (10.60.0.0/24 by default) | <code>string</code> | | <code>&#34;10.60.0.0&#47;24&#34;</code> |
| [region](variables.tf#L63) | Region for the created resources | <code>string</code> | | <code>&#34;europe-west4&#34;</code> |
| [sql_vpc_cidr](variables.tf#L69) | CIDR block for the VPC for the CloudSQL (10.0.0.0/20 by default) | <code>string</code> | | <code>&#34;10.0.0.0&#47;20&#34;</code> |
| [wordpress_port](variables.tf#L80) | Port for the Wordpress image (8080 by default) | <code>number</code> | | <code>8080</code> |
| [cloudsql_password](variables.tf#L24) | CloudSQL password (will be randomly generated by default) | <code>string</code> | | <code>null</code> |
| [ip_ranges](variables.tf#L31) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC | <code title="object&#40;&#123;&#10; connector &#61; string&#10; psa &#61; string&#10; sql_vpc &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; connector &#61; &#34;10.8.0.0&#47;28&#34;&#10; psa &#61; &#34;10.60.0.0&#47;24&#34;&#10; sql_vpc &#61; &#34;10.0.0.0&#47;20&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [prefix](variables.tf#L45) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | | <code>&#34;&#34;</code> |
| [principals](variables.tf#L51) | List of emails of people/service accounts to give rights to, eg 'user@domain.com'. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [project_create](variables.tf#L57) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [region](variables.tf#L71) | Region for the created resources | <code>string</code> | | <code>&#34;europe-west4&#34;</code> |
| [wordpress_password](variables.tf#L88) | Password for the Wordpress user (will be randomly generated by default) | <code>string</code> | | <code>null</code> |
| [wordpress_port](variables.tf#L82) | Port for the Wordpress image (8080 by default) | <code>number</code> | | <code>8080</code> |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [cloud_run_service](outputs.tf#L17) | CloudRun service URL | ✓ |
| [wp_password](outputs.tf#L28) | Wordpress user password | ✓ |
| [wp_user](outputs.tf#L23) | Wordpress username | |
| [cloudsql_password](outputs.tf#L23) | CloudSQL password | ✓ |
| [wp_password](outputs.tf#L34) | Wordpress user password | ✓ |
| [wp_user](outputs.tf#L29) | Wordpress username | |
<!-- END TFDOC -->

View File

@ -120,7 +120,7 @@ module "cloud_run" {
# create a VPC connector for the ClouSQL VPC
vpc_connector_create = {
ip_cidr_range = var.connector_cidr
ip_cidr_range = var.ip_ranges.connector
name = "${local.prefix}wp-connector"
vpc_self_link = module.vpc.self_link
}
@ -134,7 +134,7 @@ module "vpc" {
name = "${local.prefix}sql-vpc"
subnets = [
{
ip_cidr_range = var.sql_vpc_cidr
ip_cidr_range = var.ip_ranges.sql_vpc
name = "subnet"
region = var.region
secondary_ip_range = {}
@ -144,7 +144,7 @@ module "vpc" {
# Private Service Access
psa_config = {
ranges = {
cloud-sql = var.psa_cidr
cloud-sql = var.ip_ranges.psa
}
routes = null
}
@ -156,7 +156,7 @@ module "firewall" {
source = "../../../../modules/net-vpc-firewall"
project_id = module.project.project_id
network = module.vpc.name
admin_ranges = [var.sql_vpc_cidr]
admin_ranges = [var.ip_ranges.sql_vpc]
}

View File

@ -27,10 +27,19 @@ variable "cloudsql_password" {
default = null
}
variable "connector_cidr" {
type = string
description = "CIDR block for the VPC serverless connector (10.8.0.0/28 by default)"
default = "10.8.0.0/28"
# PSA: documentation: https://cloud.google.com/vpc/docs/configure-private-services-access#allocating-range
variable "ip_ranges" {
description = "CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC"
type = object({
connector = string
psa = string
sql_vpc = string
})
default = {
connector = "10.8.0.0/28"
psa = "10.60.0.0/24"
sql_vpc = "10.0.0.0/20"
}
}
variable "prefix" {
@ -59,25 +68,12 @@ variable "project_id" {
type = string
}
# Documentation: https://cloud.google.com/vpc/docs/configure-private-services-access#allocating-range
variable "psa_cidr" {
type = string
description = "CIDR block for Private Service Access for CloudSQL (10.60.0.0/24 by default)"
default = "10.60.0.0/24"
}
variable "region" {
type = string
description = "Region for the created resources"
default = "europe-west4"
}
variable "sql_vpc_cidr" {
type = string
description = "CIDR block for the VPC for the CloudSQL (10.0.0.0/20 by default)"
default = "10.0.0.0/20"
}
variable "wordpress_image" {
type = string
description = "Image to run with Cloud Run, starts with \"gcr.io\""