Networking examples: Few fixes to "private cloud function from onprem" code
This commit is contained in:
Andrea Gandolfi
parent
e228cfc4d4
commit
1e0053548a
|
|
@ -9,7 +9,7 @@ The Terraform script in this folder will create two projects connected via VPN:
|
|||
The "on-prem" project contains a small VM that can be used to test the accessibility to the private Cloud Function:
|
||||
|
||||
```bash
|
||||
curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/my-hello-function
|
||||
curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/YOUR_FUNCTION_NAME
|
||||
```
|
||||
|
||||
|
||||
|
|
@ -21,11 +21,11 @@ curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/my-hello-function
|
|||
|---|---|:---: |:---:|:---:|
|
||||
| billing_account_id | Billing account id used as default for new projects. | <code title="">string</code> | ✓ | |
|
||||
| cloud_function_gcs_bucket | Google Storage Bucket used as staging location for the Cloud Function source code. | <code title="">string</code> | ✓ | |
|
||||
| function_project_id | ID of the project that will contain the Cloud Function. | <code title="">string</code> | ✓ | |
|
||||
| onprem_project_id | None | <code title="">string</code> | ✓ | |
|
||||
| root_id | Root folder or organization under which the projects will be created. | <code title="">string</code> | ✓ | |
|
||||
| projects_id | ID of the projects used in this solution. | <code title="object({ onprem = string function = string })">object({...})</code> | ✓ | |
|
||||
| root_node | Root folder or organization under which the projects will be created. | <code title="">string</code> | ✓ | |
|
||||
| *create_projects* | Whether need to create the projects. | <code title="">bool</code> | | <code title="">true</code> |
|
||||
| *ip_ranges* | IP ranges used for the VPCs. | <code title="map(string)">map(string)</code> | | <code title="{ onprem = "10.0.1.0/24", hub = "10.0.2.0/24" }">...</code> |
|
||||
| *ip_ranges* | IP ranges used for the VPCs. | <code title="object({ onprem = string hub = string })">object({...})</code> | | <code title="{ onprem = "10.0.1.0/24", hub = "10.0.2.0/24" }">...</code> |
|
||||
| *prefix* | Prefix used for resources that need unique names. | <code title="">string</code> | | <code title=""></code> |
|
||||
| *psc_endpoint* | IP used for the Private Service Connect endpoint, it must not overlap with the hub_ip_range. | <code title="">string</code> | | <code title="">10.100.100.100</code> |
|
||||
| *region* | Region where the resources will be created. | <code title="">string</code> | | <code title="">europe-west1</code> |
|
||||
| *zone* | Zone where the test VM will be created. | <code title="">string</code> | | <code title="">europe-west1-b</code> |
|
||||
|
|
|
|||
|
|
@ -14,6 +14,13 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
###############################################################################
|
||||
# locals #
|
||||
###############################################################################
|
||||
locals {
|
||||
prefix = var.prefix != null ? "${var.prefix}-" : ""
|
||||
}
|
||||
|
||||
###############################################################################
|
||||
# projects #
|
||||
###############################################################################
|
||||
|
|
@ -21,9 +28,10 @@
|
|||
module "project-onprem" {
|
||||
source = "../../modules/project"
|
||||
billing_account = var.billing_account_id
|
||||
name = var.onprem_project_id
|
||||
parent = var.root_id
|
||||
name = var.projects_id.onprem
|
||||
parent = var.root_node
|
||||
project_create = var.create_projects
|
||||
prefix = var.prefix
|
||||
services = [
|
||||
"compute.googleapis.com",
|
||||
"dns.googleapis.com"
|
||||
|
|
@ -34,9 +42,10 @@ module "project-onprem" {
|
|||
module "project-hub" {
|
||||
source = "../../modules/project"
|
||||
billing_account = var.billing_account_id
|
||||
name = var.function_project_id
|
||||
parent = var.root_id
|
||||
name = var.projects_id.function
|
||||
parent = var.root_node
|
||||
project_create = var.create_projects
|
||||
prefix = var.prefix
|
||||
services = [
|
||||
"compute.googleapis.com",
|
||||
"cloudfunctions.googleapis.com",
|
||||
|
|
@ -51,11 +60,11 @@ module "project-hub" {
|
|||
module "vpc-onprem" {
|
||||
source = "../../modules/net-vpc"
|
||||
project_id = module.project-onprem.project_id
|
||||
name = "onprem"
|
||||
name = "${local.prefix}onprem"
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.onprem
|
||||
name = "onprem-subnet"
|
||||
name = "${local.prefix}onprem"
|
||||
region = var.region
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
|
|
@ -74,11 +83,11 @@ module "firewall-onprem" {
|
|||
module "vpc-hub" {
|
||||
source = "../../modules/net-vpc"
|
||||
project_id = module.project-hub.project_id
|
||||
name = "hub"
|
||||
name = "${local.prefix}hub"
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.hub
|
||||
name = "hub-subnet"
|
||||
name = "${local.prefix}hub"
|
||||
region = var.region
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
|
|
@ -94,7 +103,7 @@ module "vpn-onprem" {
|
|||
project_id = module.project-onprem.project_id
|
||||
region = var.region
|
||||
network = module.vpc-onprem.self_link
|
||||
name = "onprem-to-hub"
|
||||
name = "${local.prefix}onprem-to-hub"
|
||||
router_asn = 65001
|
||||
router_advertise_config = {
|
||||
groups = ["ALL_SUBNETS"]
|
||||
|
|
@ -138,7 +147,7 @@ module "vpn-hub" {
|
|||
project_id = module.project-hub.project_id
|
||||
region = var.region
|
||||
network = module.vpc-hub.name
|
||||
name = "hub-to-onprem"
|
||||
name = "${local.prefix}hub-to-onprem"
|
||||
router_asn = 65002
|
||||
peer_gcp_gateway = module.vpn-onprem.self_link
|
||||
router_advertise_config = {
|
||||
|
|
@ -187,7 +196,7 @@ module "test-vm" {
|
|||
project_id = module.project-onprem.project_id
|
||||
region = var.region
|
||||
zones = ["${var.zone}"]
|
||||
name = "test-vm"
|
||||
name = "${local.prefix}test-vm"
|
||||
instance_type = "e2-micro"
|
||||
instance_count = 1
|
||||
boot_disk = { image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2104", type = "pd-standard", size = 10 }
|
||||
|
|
@ -195,10 +204,10 @@ module "test-vm" {
|
|||
network_interfaces = [
|
||||
{
|
||||
network = module.vpc-onprem.self_link,
|
||||
subnetwork = module.vpc-onprem.subnet_self_links["${var.region}/onprem-subnet"],
|
||||
subnetwork = module.vpc-onprem.subnet_self_links["${var.region}/${local.prefix}onprem"],
|
||||
nat = false,
|
||||
addresses = {
|
||||
internal = [cidrhost(var.ip_ranges.onprem, 2)]
|
||||
internal = []
|
||||
external = []
|
||||
},
|
||||
alias_ips = null
|
||||
|
|
@ -222,28 +231,22 @@ module "test-vm" {
|
|||
module "function-hello" {
|
||||
source = "../../modules/cloud-function"
|
||||
project_id = module.project-hub.project_id
|
||||
name = "my-hello-function"
|
||||
bucket_name = module.bucket-functions.bucket.name
|
||||
name = "${local.prefix}my-hello-function"
|
||||
bucket_name = var.cloud_function_gcs_bucket
|
||||
ingress_settings = "ALLOW_INTERNAL_ONLY"
|
||||
bundle_config = {
|
||||
source_dir = "assets"
|
||||
output_path = "bundle.zip"
|
||||
}
|
||||
bucket_config = {
|
||||
location = var.region
|
||||
lifecycle_delete_age = null
|
||||
}
|
||||
iam = {
|
||||
"roles/cloudfunctions.invoker" = ["allUsers"]
|
||||
}
|
||||
}
|
||||
|
||||
###############################################################################
|
||||
# GCS #
|
||||
###############################################################################
|
||||
|
||||
module "bucket-functions" {
|
||||
source = "../../modules/gcs"
|
||||
project_id = module.project-hub.project_id
|
||||
name = var.cloud_function_gcs_bucket
|
||||
}
|
||||
|
||||
###############################################################################
|
||||
# DNS #
|
||||
###############################################################################
|
||||
|
|
@ -252,8 +255,8 @@ module "private-dns-onprem" {
|
|||
source = "../../modules/dns"
|
||||
project_id = module.project-onprem.project_id
|
||||
type = "private"
|
||||
name = "private-cloud-function"
|
||||
domain = "${var.region}-${var.function_project_id}.cloudfunctions.net."
|
||||
name = "${local.prefix}private-cloud-function"
|
||||
domain = "${var.region}-${local.prefix}${var.projects_id.function}.cloudfunctions.net."
|
||||
client_networks = [module.vpc-onprem.self_link]
|
||||
recordsets = [{
|
||||
name = "",
|
||||
|
|
|
|||
|
|
@ -30,19 +30,23 @@ variable "zone" {
|
|||
default = "europe-west1-b"
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix used for resources that need unique names."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "billing_account_id" {
|
||||
description = "Billing account id used as default for new projects."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "onprem_project_id" {
|
||||
description = "ID of the project used for the \"onprem\" environment."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "function_project_id" {
|
||||
description = "ID of the project that will contain the Cloud Function."
|
||||
type = string
|
||||
variable "projects_id" {
|
||||
description = "ID of the projects used in this solution."
|
||||
type = object({
|
||||
onprem = string
|
||||
function = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "create_projects" {
|
||||
|
|
@ -51,7 +55,7 @@ variable "create_projects" {
|
|||
default = true
|
||||
}
|
||||
|
||||
variable "root_id" {
|
||||
variable "root_node" {
|
||||
description = "Root folder or organization under which the projects will be created."
|
||||
type = string
|
||||
}
|
||||
|
|
@ -63,7 +67,10 @@ variable "cloud_function_gcs_bucket" {
|
|||
|
||||
variable "ip_ranges" {
|
||||
description = "IP ranges used for the VPCs."
|
||||
type = map(string)
|
||||
type = object({
|
||||
onprem = string
|
||||
hub = string
|
||||
})
|
||||
default = {
|
||||
onprem = "10.0.1.0/24",
|
||||
hub = "10.0.2.0/24"
|
||||
|
|
|
|||
Loading…
Reference in New Issue