Update networking stages to use multiple folders
Co-authored-by: Daniel Marzini <dmarzi@google.com>
This commit is contained in:
parent
ed4fc477a7
commit
18adf869ae
|
@ -175,12 +175,12 @@ Due to its simplicity, this stage lends itself easily to customizations: adding
|
||||||
|
|
||||||
| name | description | sensitive | consumers |
|
| name | description | sensitive | consumers |
|
||||||
|---|---|:---:|---|
|
|---|---|:---:|---|
|
||||||
| [networking](outputs.tf#L84) | Data for the networking stage. | | <code>02-networking</code> |
|
| [networking](outputs.tf#L88) | Data for the networking stage. | | <code>02-networking</code> |
|
||||||
| [project_factories](outputs.tf#L94) | Data for the project factories stage. | | <code>xx-teams</code> |
|
| [project_factories](outputs.tf#L98) | Data for the project factories stage. | | <code>xx-teams</code> |
|
||||||
| [providers](outputs.tf#L111) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
|
| [providers](outputs.tf#L115) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
|
||||||
| [sandbox](outputs.tf#L118) | Data for the sandbox stage. | | <code>xx-sandbox</code> |
|
| [sandbox](outputs.tf#L122) | Data for the sandbox stage. | | <code>xx-sandbox</code> |
|
||||||
| [security](outputs.tf#L128) | Data for the networking stage. | | <code>02-security</code> |
|
| [security](outputs.tf#L132) | Data for the networking stage. | | <code>02-security</code> |
|
||||||
| [teams](outputs.tf#L138) | Data for the teams stage. | | |
|
| [teams](outputs.tf#L142) | Data for the teams stage. | | |
|
||||||
| [tfvars](outputs.tf#L151) | Terraform variable files for the following stages. | ✓ | |
|
| [tfvars](outputs.tf#L155) | Terraform variable files for the following stages. | ✓ | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
@ -321,19 +321,19 @@ Don't forget to add a peering zone in the landing project and point it to the ne
|
||||||
| name | description | type | required | default | producer |
|
| name | description | type | required | default | producer |
|
||||||
|---|---|:---:|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|:---:|
|
||||||
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||||
| [organization](variables.tf#L99) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
| [folder_ids](variables.tf#L59) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code>map(string)</code> | ✓ | | <code>01-resman</code> |
|
||||||
| [prefix](variables.tf#L115) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
| [organization](variables.tf#L91) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||||
|
| [prefix](variables.tf#L107) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||||
| [custom_adv](variables.tf#L23) | Custom advertisement definitions in name => range format. | <code>map(string)</code> | | <code title="{ cloud_dns = "35.199.192.0/19" gcp_all = "10.128.0.0/16" gcp_dev_ew1 = "10.128.128.0/19" gcp_dev_ew4 = "10.128.160.0/19" gcp_landing_trusted_ew1 = "10.128.64.0/19" gcp_landing_trusted_ew4 = "10.128.96.0/19" gcp_landing_untrusted_ew1 = "10.128.0.0/19" gcp_landing_untrusted_ew4 = "10.128.32.0/19" gcp_prod_ew1 = "10.128.192.0/19" gcp_prod_ew4 = "10.128.224.0/19" googleapis_private = "199.36.153.8/30" googleapis_restricted = "199.36.153.4/30" rfc_1918_10 = "10.0.0.0/8" rfc_1918_172 = "172.16.0.0/12" rfc_1918_192 = "192.168.0.0/16" }">{…}</code> | |
|
| [custom_adv](variables.tf#L23) | Custom advertisement definitions in name => range format. | <code>map(string)</code> | | <code title="{ cloud_dns = "35.199.192.0/19" gcp_all = "10.128.0.0/16" gcp_dev_ew1 = "10.128.128.0/19" gcp_dev_ew4 = "10.128.160.0/19" gcp_landing_trusted_ew1 = "10.128.64.0/19" gcp_landing_trusted_ew4 = "10.128.96.0/19" gcp_landing_untrusted_ew1 = "10.128.0.0/19" gcp_landing_untrusted_ew4 = "10.128.32.0/19" gcp_prod_ew1 = "10.128.192.0/19" gcp_prod_ew4 = "10.128.224.0/19" googleapis_private = "199.36.153.8/30" googleapis_restricted = "199.36.153.4/30" rfc_1918_10 = "10.0.0.0/8" rfc_1918_172 = "172.16.0.0/12" rfc_1918_192 = "192.168.0.0/16" }">{…}</code> | |
|
||||||
| [data_dir](variables.tf#L45) | Relative path for the folder storing configuration data for network resources. | <code>string</code> | | <code>"data"</code> | |
|
| [data_dir](variables.tf#L45) | Relative path for the folder storing configuration data for network resources. | <code>string</code> | | <code>"data"</code> | |
|
||||||
| [dns](variables.tf#L51) | Onprem DNS resolvers | <code>map(list(string))</code> | | <code title="{ onprem = ["10.0.200.3"] }">{…}</code> | |
|
| [dns](variables.tf#L51) | Onprem DNS resolvers | <code>map(list(string))</code> | | <code title="{ onprem = ["10.0.200.3"] }">{…}</code> | |
|
||||||
| [folder_id](variables.tf#L59) | Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code>string</code> | | <code>null</code> | <code>01-resman</code> |
|
| [l7ilb_subnets](variables.tf#L65) | Subnets used for L7 ILBs. | <code title="map(list(object({ ip_cidr_range = string region = string })))">map(list(object({…})))</code> | | <code title="{ prod = [ { ip_cidr_range = "10.128.92.0/24", region = "europe-west1" }, { ip_cidr_range = "10.128.93.0/24", region = "europe-west4" } ] dev = [ { ip_cidr_range = "10.128.60.0/24", region = "europe-west1" }, { ip_cidr_range = "10.128.61.0/24", region = "europe-west4" } ] }">{…}</code> | |
|
||||||
| [l7ilb_subnets](variables.tf#L73) | Subnets used for L7 ILBs. | <code title="map(list(object({ ip_cidr_range = string region = string })))">map(list(object({…})))</code> | | <code title="{ prod = [ { ip_cidr_range = "10.128.92.0/24", region = "europe-west1" }, { ip_cidr_range = "10.128.93.0/24", region = "europe-west4" } ] dev = [ { ip_cidr_range = "10.128.60.0/24", region = "europe-west1" }, { ip_cidr_range = "10.128.61.0/24", region = "europe-west4" } ] }">{…}</code> | |
|
| [onprem_cidr](variables.tf#L83) | Onprem addresses in name => range format. | <code>map(string)</code> | | <code title="{ main = "10.0.0.0/24" }">{…}</code> | |
|
||||||
| [onprem_cidr](variables.tf#L91) | Onprem addresses in name => range format. | <code>map(string)</code> | | <code title="{ main = "10.0.0.0/24" }">{…}</code> | |
|
| [outputs_location](variables.tf#L101) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||||
| [outputs_location](variables.tf#L109) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
| [project_factory_sa](variables.tf#L113) | IAM emails for project factory service accounts | <code>map(string)</code> | | <code>{}</code> | <code>01-resman</code> |
|
||||||
| [project_factory_sa](variables.tf#L121) | IAM emails for project factory service accounts | <code>map(string)</code> | | <code>{}</code> | <code>01-resman</code> |
|
| [psa_ranges](variables.tf#L120) | IP ranges used for Private Service Access (e.g. CloudSQL). | <code>map(map(string))</code> | | <code title="{ prod = { cloudsql-mysql = "10.128.94.0/24" cloudsql-sqlserver = "10.128.95.0/24" } dev = { cloudsql-mysql = "10.128.62.0/24" cloudsql-sqlserver = "10.128.63.0/24" } }">{…}</code> | |
|
||||||
| [psa_ranges](variables.tf#L128) | IP ranges used for Private Service Access (e.g. CloudSQL). | <code>map(map(string))</code> | | <code title="{ prod = { cloudsql-mysql = "10.128.94.0/24" cloudsql-sqlserver = "10.128.95.0/24" } dev = { cloudsql-mysql = "10.128.62.0/24" cloudsql-sqlserver = "10.128.63.0/24" } }">{…}</code> | |
|
| [router_configs](variables.tf#L135) | Configurations for CRs and onprem routers. | <code title="map(object({ adv = object({ custom = list(string) default = bool }) asn = number }))">map(object({…}))</code> | | <code title="{ landing-trusted-ew1 = { asn = "65534" adv = null } landing-trusted-ew4 = { asn = "65534" adv = null } }">{…}</code> | |
|
||||||
| [router_configs](variables.tf#L143) | Configurations for CRs and onprem routers. | <code title="map(object({ adv = object({ custom = list(string) default = bool }) asn = number }))">map(object({…}))</code> | | <code title="{ landing-trusted-ew1 = { asn = "65534" adv = null } landing-trusted-ew4 = { asn = "65534" adv = null } }">{…}</code> | |
|
| [vpn_onprem_configs](variables.tf#L158) | VPN gateway configuration for onprem interconnection. | <code title="map(object({ adv = object({ default = bool custom = list(string) }) peer_external_gateway = object({ redundancy_type = string interfaces = list(object({ id = number ip_address = string })) }) tunnels = list(object({ peer_asn = number peer_external_gateway_interface = number secret = string session_range = string vpn_gateway_interface = number })) }))">map(object({…}))</code> | | <code title="{ landing-trusted-ew1 = { adv = { default = false custom = [ "cloud_dns", "googleapis_private", "googleapis_restricted", "gcp_all" ] } peer_external_gateway = { redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT" interfaces = [ { id = 0, ip_address = "8.8.8.8" }, ] } tunnels = [ { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.0/30" vpn_gateway_interface = 0 }, { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.4/30" vpn_gateway_interface = 1 } ] } landing-trusted-ew4 = { adv = { default = false custom = [ "cloud_dns", "googleapis_private", "googleapis_restricted", "gcp_all" ] } peer_external_gateway = { redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT" interfaces = [ { id = 0, ip_address = "8.8.8.8" }, ] } tunnels = [ { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.0/30" vpn_gateway_interface = 0 }, { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.4/30" vpn_gateway_interface = 1 } ] } }">{…}</code> | |
|
||||||
| [vpn_onprem_configs](variables.tf#L166) | VPN gateway configuration for onprem interconnection. | <code title="map(object({ adv = object({ default = bool custom = list(string) }) peer_external_gateway = object({ redundancy_type = string interfaces = list(object({ id = number ip_address = string })) }) tunnels = list(object({ peer_asn = number peer_external_gateway_interface = number secret = string session_range = string vpn_gateway_interface = number })) }))">map(object({…}))</code> | | <code title="{ landing-trusted-ew1 = { adv = { default = false custom = [ "cloud_dns", "googleapis_private", "googleapis_restricted", "gcp_all" ] } peer_external_gateway = { redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT" interfaces = [ { id = 0, ip_address = "8.8.8.8" }, ] } tunnels = [ { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.0/30" vpn_gateway_interface = 0 }, { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.4/30" vpn_gateway_interface = 1 } ] } landing-trusted-ew4 = { adv = { default = false custom = [ "cloud_dns", "googleapis_private", "googleapis_restricted", "gcp_all" ] } peer_external_gateway = { redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT" interfaces = [ { id = 0, ip_address = "8.8.8.8" }, ] } tunnels = [ { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.0/30" vpn_gateway_interface = 0 }, { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.4/30" vpn_gateway_interface = 1 } ] } }">{…}</code> | |
|
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
@ -29,8 +29,8 @@ module "folder" {
|
||||||
source = "../../../modules/folder"
|
source = "../../../modules/folder"
|
||||||
parent = "organizations/${var.organization.id}"
|
parent = "organizations/${var.organization.id}"
|
||||||
name = "Networking"
|
name = "Networking"
|
||||||
folder_create = var.folder_id == null
|
folder_create = var.folder_ids.networking == null
|
||||||
id = var.folder_id
|
id = var.folder_ids.networking
|
||||||
firewall_policy_factory = {
|
firewall_policy_factory = {
|
||||||
cidr_file = "${var.data_dir}/cidrs.yaml"
|
cidr_file = "${var.data_dir}/cidrs.yaml"
|
||||||
policy_name = null
|
policy_name = null
|
||||||
|
|
|
@ -56,18 +56,10 @@ variable "dns" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "folder_id" {
|
variable "folder_ids" {
|
||||||
# tfdoc:variable:source 01-resman
|
# tfdoc:variable:source 01-resman
|
||||||
description = "Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
||||||
type = string
|
type = map(string)
|
||||||
default = null
|
|
||||||
validation {
|
|
||||||
condition = (
|
|
||||||
var.folder_id == null ||
|
|
||||||
can(regex("folders/[0-9]{8,}", var.folder_id))
|
|
||||||
)
|
|
||||||
error_message = "Invalid folder_id. Should be in 'folders/nnnnnnnnnnn' format."
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "l7ilb_subnets" {
|
variable "l7ilb_subnets" {
|
||||||
|
|
|
@ -20,7 +20,7 @@ module "landing-project" {
|
||||||
source = "../../../modules/project"
|
source = "../../../modules/project"
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
name = "prod-net-landing-0"
|
name = "prod-net-landing-0"
|
||||||
parent = var.folder_id
|
parent = var.folder_ids.networking
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
service_config = {
|
service_config = {
|
||||||
disable_on_destroy = false
|
disable_on_destroy = false
|
||||||
|
|
|
@ -20,7 +20,7 @@ module "dev-spoke-project" {
|
||||||
source = "../../../modules/project"
|
source = "../../../modules/project"
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
name = "dev-net-spoke-0"
|
name = "dev-net-spoke-0"
|
||||||
parent = var.folder_id
|
parent = var.folder_ids.networking-dev
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
service_config = {
|
service_config = {
|
||||||
disable_on_destroy = false
|
disable_on_destroy = false
|
||||||
|
|
|
@ -20,7 +20,7 @@ module "prod-spoke-project" {
|
||||||
source = "../../../modules/project"
|
source = "../../../modules/project"
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
name = "prod-net-spoke-0"
|
name = "prod-net-spoke-0"
|
||||||
parent = var.folder_id
|
parent = var.folder_ids.networking-prod
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
service_config = {
|
service_config = {
|
||||||
disable_on_destroy = false
|
disable_on_destroy = false
|
||||||
|
|
|
@ -309,20 +309,20 @@ DNS configurations are centralised in the `dns.tf` file. Spokes delegate DNS res
|
||||||
| name | description | type | required | default | producer |
|
| name | description | type | required | default | producer |
|
||||||
|---|---|:---:|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|:---:|
|
||||||
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||||
| [organization](variables.tf#L93) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
| [folder_idd](variables.tf#L61) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code>map(string)</code> | ✓ | | <code>01-resman</code> |
|
||||||
| [prefix](variables.tf#L109) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
| [organization](variables.tf#L85) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||||
|
| [prefix](variables.tf#L101) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||||
| [custom_adv](variables.tf#L23) | Custom advertisement definitions in name => range format. | <code>map(string)</code> | | <code title="{ cloud_dns = "35.199.192.0/19" gcp_all = "10.128.0.0/16" gcp_dev = "10.128.32.0/19" gcp_landing = "10.128.0.0/19" gcp_prod = "10.128.64.0/19" googleapis_private = "199.36.153.8/30" googleapis_restricted = "199.36.153.4/30" rfc_1918_10 = "10.0.0.0/8" rfc_1918_172 = "172.16.0.0/12" rfc_1918_192 = "192.168.0.0/16" }">{…}</code> | |
|
| [custom_adv](variables.tf#L23) | Custom advertisement definitions in name => range format. | <code>map(string)</code> | | <code title="{ cloud_dns = "35.199.192.0/19" gcp_all = "10.128.0.0/16" gcp_dev = "10.128.32.0/19" gcp_landing = "10.128.0.0/19" gcp_prod = "10.128.64.0/19" googleapis_private = "199.36.153.8/30" googleapis_restricted = "199.36.153.4/30" rfc_1918_10 = "10.0.0.0/8" rfc_1918_172 = "172.16.0.0/12" rfc_1918_192 = "192.168.0.0/16" }">{…}</code> | |
|
||||||
| [custom_roles](variables.tf#L40) | Custom roles defined at the org level, in key => id format. | <code>map(string)</code> | | <code>{}</code> | <code>00-bootstrap</code> |
|
| [custom_roles](variables.tf#L40) | Custom roles defined at the org level, in key => id format. | <code>map(string)</code> | | <code>{}</code> | <code>00-bootstrap</code> |
|
||||||
| [data_dir](variables.tf#L47) | Relative path for the folder storing configuration data for network resources. | <code>string</code> | | <code>"data"</code> | |
|
| [data_dir](variables.tf#L47) | Relative path for the folder storing configuration data for network resources. | <code>string</code> | | <code>"data"</code> | |
|
||||||
| [dns](variables.tf#L53) | Onprem DNS resolvers. | <code>map(list(string))</code> | | <code title="{ onprem = ["10.0.200.3"] }">{…}</code> | |
|
| [dns](variables.tf#L53) | Onprem DNS resolvers. | <code>map(list(string))</code> | | <code title="{ onprem = ["10.0.200.3"] }">{…}</code> | |
|
||||||
| [folder_id](variables.tf#L61) | Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code>string</code> | | <code>null</code> | <code>01-resman</code> |
|
| [l7ilb_subnets](variables.tf#L67) | Subnets used for L7 ILBs. | <code title="map(list(object({ ip_cidr_range = string region = string })))">map(list(object({…})))</code> | | <code title="{ prod = [ { ip_cidr_range = "10.128.92.0/24", region = "europe-west1" }, { ip_cidr_range = "10.128.93.0/24", region = "europe-west4" } ] dev = [ { ip_cidr_range = "10.128.60.0/24", region = "europe-west1" }, { ip_cidr_range = "10.128.61.0/24", region = "europe-west4" } ] }">{…}</code> | |
|
||||||
| [l7ilb_subnets](variables.tf#L75) | Subnets used for L7 ILBs. | <code title="map(list(object({ ip_cidr_range = string region = string })))">map(list(object({…})))</code> | | <code title="{ prod = [ { ip_cidr_range = "10.128.92.0/24", region = "europe-west1" }, { ip_cidr_range = "10.128.93.0/24", region = "europe-west4" } ] dev = [ { ip_cidr_range = "10.128.60.0/24", region = "europe-west1" }, { ip_cidr_range = "10.128.61.0/24", region = "europe-west4" } ] }">{…}</code> | |
|
| [outputs_location](variables.tf#L95) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||||
| [outputs_location](variables.tf#L103) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
| [project_factory_sa](variables.tf#L107) | IAM emails for project factory service accounts. | <code>map(string)</code> | | <code>{}</code> | <code>01-resman</code> |
|
||||||
| [project_factory_sa](variables.tf#L115) | IAM emails for project factory service accounts. | <code>map(string)</code> | | <code>{}</code> | <code>01-resman</code> |
|
| [psa_ranges](variables.tf#L114) | IP ranges used for Private Service Access (e.g. CloudSQL). | <code>map(map(string))</code> | | <code title="{ prod = { cloudsql-mysql = "10.128.94.0/24" cloudsql-sqlserver = "10.128.95.0/24" } dev = { cloudsql-mysql = "10.128.62.0/24" cloudsql-sqlserver = "10.128.63.0/24" } }">{…}</code> | |
|
||||||
| [psa_ranges](variables.tf#L122) | IP ranges used for Private Service Access (e.g. CloudSQL). | <code>map(map(string))</code> | | <code title="{ prod = { cloudsql-mysql = "10.128.94.0/24" cloudsql-sqlserver = "10.128.95.0/24" } dev = { cloudsql-mysql = "10.128.62.0/24" cloudsql-sqlserver = "10.128.63.0/24" } }">{…}</code> | |
|
| [router_configs](variables.tf#L129) | Configurations for CRs and onprem routers. | <code title="map(object({ adv = object({ custom = list(string) default = bool }) asn = number }))">map(object({…}))</code> | | <code title="{ onprem-ew1 = { asn = "65534" adv = null } landing-ew1 = { asn = "64512", adv = null } landing-ew4 = { asn = "64512", adv = null } spoke-dev-ew1 = { asn = "64513", adv = null } spoke-dev-ew4 = { asn = "64513", adv = null } spoke-prod-ew1 = { asn = "64514", adv = null } spoke-prod-ew4 = { asn = "64514", adv = null } }">{…}</code> | |
|
||||||
| [router_configs](variables.tf#L137) | Configurations for CRs and onprem routers. | <code title="map(object({ adv = object({ custom = list(string) default = bool }) asn = number }))">map(object({…}))</code> | | <code title="{ onprem-ew1 = { asn = "65534" adv = null } landing-ew1 = { asn = "64512", adv = null } landing-ew4 = { asn = "64512", adv = null } spoke-dev-ew1 = { asn = "64513", adv = null } spoke-dev-ew4 = { asn = "64513", adv = null } spoke-prod-ew1 = { asn = "64514", adv = null } spoke-prod-ew4 = { asn = "64514", adv = null } }">{…}</code> | |
|
| [vpn_onprem_configs](variables.tf#L153) | VPN gateway configuration for onprem interconnection. | <code title="map(object({ adv = object({ default = bool custom = list(string) }) peer_external_gateway = object({ redundancy_type = string interfaces = list(object({ id = number ip_address = string })) }) tunnels = list(object({ peer_asn = number peer_external_gateway_interface = number secret = string session_range = string vpn_gateway_interface = number })) }))">map(object({…}))</code> | | <code title="{ landing-ew1 = { adv = { default = false custom = [ "cloud_dns", "googleapis_private", "googleapis_restricted", "gcp_all" ] } peer_external_gateway = { redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT" interfaces = [ { id = 0, ip_address = "8.8.8.8" }, ] } tunnels = [ { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.0/30" vpn_gateway_interface = 0 }, { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.4/30" vpn_gateway_interface = 1 } ] } }">{…}</code> | |
|
||||||
| [vpn_onprem_configs](variables.tf#L161) | VPN gateway configuration for onprem interconnection. | <code title="map(object({ adv = object({ default = bool custom = list(string) }) peer_external_gateway = object({ redundancy_type = string interfaces = list(object({ id = number ip_address = string })) }) tunnels = list(object({ peer_asn = number peer_external_gateway_interface = number secret = string session_range = string vpn_gateway_interface = number })) }))">map(object({…}))</code> | | <code title="{ landing-ew1 = { adv = { default = false custom = [ "cloud_dns", "googleapis_private", "googleapis_restricted", "gcp_all" ] } peer_external_gateway = { redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT" interfaces = [ { id = 0, ip_address = "8.8.8.8" }, ] } tunnels = [ { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.0/30" vpn_gateway_interface = 0 }, { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.4/30" vpn_gateway_interface = 1 } ] } }">{…}</code> | |
|
| [vpn_spoke_configs](variables.tf#L209) | VPN gateway configuration for spokes. | <code title="map(object({ adv = object({ default = bool custom = list(string) }) session_range = string }))">map(object({…}))</code> | | <code title="{ landing-ew1 = { adv = { default = false custom = ["rfc_1918_10", "rfc_1918_172", "rfc_1918_192"] } session_range = null } landing-ew4 = { adv = { default = false custom = ["rfc_1918_10", "rfc_1918_172", "rfc_1918_192"] } session_range = null } dev-ew1 = { adv = { default = false custom = ["gcp_dev"] } session_range = "169.254.0.0/27" } prod-ew1 = { adv = { default = false custom = ["gcp_prod"] } session_range = "169.254.0.64/27" } prod-ew4 = { adv = { default = false custom = ["gcp_prod"] } session_range = "169.254.0.96/27" } }">{…}</code> | |
|
||||||
| [vpn_spoke_configs](variables.tf#L217) | VPN gateway configuration for spokes. | <code title="map(object({ adv = object({ default = bool custom = list(string) }) session_range = string }))">map(object({…}))</code> | | <code title="{ landing-ew1 = { adv = { default = false custom = ["rfc_1918_10", "rfc_1918_172", "rfc_1918_192"] } session_range = null } landing-ew4 = { adv = { default = false custom = ["rfc_1918_10", "rfc_1918_172", "rfc_1918_192"] } session_range = null } dev-ew1 = { adv = { default = false custom = ["gcp_dev"] } session_range = "169.254.0.0/27" } prod-ew1 = { adv = { default = false custom = ["gcp_prod"] } session_range = "169.254.0.64/27" } prod-ew4 = { adv = { default = false custom = ["gcp_prod"] } session_range = "169.254.0.96/27" } }">{…}</code> | |
|
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
@ -53,8 +53,8 @@ module "folder" {
|
||||||
source = "../../../modules/folder"
|
source = "../../../modules/folder"
|
||||||
parent = "organizations/${var.organization.id}"
|
parent = "organizations/${var.organization.id}"
|
||||||
name = "Networking"
|
name = "Networking"
|
||||||
folder_create = var.folder_id == null
|
folder_create = var.folder_ids.networking == null
|
||||||
id = var.folder_id
|
id = var.folder_ids.networking
|
||||||
firewall_policy_factory = {
|
firewall_policy_factory = {
|
||||||
cidr_file = "${var.data_dir}/cidrs.yaml"
|
cidr_file = "${var.data_dir}/cidrs.yaml"
|
||||||
policy_name = null
|
policy_name = null
|
||||||
|
|
|
@ -58,18 +58,10 @@ variable "dns" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "folder_id" {
|
variable "folder_idd" {
|
||||||
# tfdoc:variable:source 01-resman
|
# tfdoc:variable:source 01-resman
|
||||||
description = "Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
|
||||||
type = string
|
type = map(string)
|
||||||
default = null
|
|
||||||
validation {
|
|
||||||
condition = (
|
|
||||||
var.folder_id == null ||
|
|
||||||
can(regex("folders/[0-9]{8,}", var.folder_id))
|
|
||||||
)
|
|
||||||
error_message = "Invalid folder_id. Should be in 'folders/nnnnnnnnnnn' format."
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "l7ilb_subnets" {
|
variable "l7ilb_subnets" {
|
||||||
|
|
|
@ -20,7 +20,7 @@ module "landing-project" {
|
||||||
source = "../../../modules/project"
|
source = "../../../modules/project"
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
name = "prod-net-landing-0"
|
name = "prod-net-landing-0"
|
||||||
parent = var.folder_id
|
parent = var.folder_ids.networking
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
service_config = {
|
service_config = {
|
||||||
disable_on_destroy = false
|
disable_on_destroy = false
|
||||||
|
|
|
@ -20,7 +20,7 @@ module "dev-spoke-project" {
|
||||||
source = "../../../modules/project"
|
source = "../../../modules/project"
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
name = "dev-net-spoke-0"
|
name = "dev-net-spoke-0"
|
||||||
parent = var.folder_id
|
parent = var.folder_ids.networking-dev
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
service_config = {
|
service_config = {
|
||||||
disable_on_destroy = false
|
disable_on_destroy = false
|
||||||
|
|
|
@ -20,7 +20,7 @@ module "prod-spoke-project" {
|
||||||
source = "../../../modules/project"
|
source = "../../../modules/project"
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
name = "prod-net-spoke-0"
|
name = "prod-net-spoke-0"
|
||||||
parent = var.folder_id
|
parent = var.folder_ids.networking-prod
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
service_config = {
|
service_config = {
|
||||||
disable_on_destroy = false
|
disable_on_destroy = false
|
||||||
|
|
Loading…
Reference in New Issue