zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6 from juliodiez/master 

Sync branch
This commit is contained in:
Julio Diez 2023-02-01 18:01:32 +01:00 committed by GitHub
parent 4c2e31baac b95b801741
commit 462ca562c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
133 changed files with 789 additions and 453 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CHANGELOG.md
View File

@ -8,6 +8,15 @@ All notable changes to this project will be documented in this file.
### BLUEPRINTS ### BLUEPRINTS
- [[#1106](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1106)] Network Dashboard: PSA support for Filestore and Memorystore ([aurelienlegrand](https://github.com/aurelienlegrand)) <!-- 2023-01-25 15:02:31+00:00 -->
- [[#1110](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1110)] Bump cookiejar from 2.1.3 to 2.1.4 in /blueprints/apigee/bigquery-analytics/functions/export ([dependabot[bot]](https://github.com/dependabot[bot])) <!-- 2023-01-24 15:07:12+00:00 -->
- [[#1097](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1097)] Use terraform resource to activate Anthos Service Mesh ([wiktorn](https://github.com/wiktorn)) <!-- 2023-01-23 08:25:31+00:00 -->
- [[#1104](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1104)] Updated apigee hybrid for gke README ([apichick](https://github.com/apichick)) <!-- 2023-01-22 10:34:48+00:00 -->
- [[#1107](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1107)] Check linting for Python dashboard files ([ludoo](https://github.com/ludoo)) <!-- 2023-01-21 16:17:52+00:00 -->
- [[#1102](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1102)] Improvements in apigee hybrid-gke: now using workload identity and GLB ([apichick](https://github.com/apichick)) <!-- 2023-01-20 12:32:08+00:00 -->
- [[#1098](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1098)] Add shared-vpc support on data-playground blueprint ([lcaggio](https://github.com/lcaggio)) <!-- 2023-01-19 08:08:29+00:00 -->
- [[#1095](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1095)] [Data Platform] Fix Table in readme ([lcaggio](https://github.com/lcaggio)) <!-- 2023-01-17 12:39:56+00:00 -->
- [[#1089](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1089)] Update Data Platform ([lcaggio](https://github.com/lcaggio)) <!-- 2023-01-12 22:17:05+00:00 -->
- [[#1081](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1081)] Apigee hybrid on GKE ([apichick](https://github.com/apichick)) <!-- 2023-01-05 08:23:33+00:00 --> - [[#1081](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1081)] Apigee hybrid on GKE ([apichick](https://github.com/apichick)) <!-- 2023-01-05 08:23:33+00:00 -->
- [[#1082](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1082)] Fixes in Apigee Bigquery Analytics blueprint ([apichick](https://github.com/apichick)) <!-- 2023-01-04 16:42:50+00:00 --> - [[#1082](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1082)] Fixes in Apigee Bigquery Analytics blueprint ([apichick](https://github.com/apichick)) <!-- 2023-01-04 16:42:50+00:00 -->
- [[#1071](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1071)] Moved apigee bigquery analytics blueprint, added apigee network patterns ([apichick](https://github.com/apichick)) <!-- 2022-12-23 15:16:45+00:00 --> - [[#1071](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1071)] Moved apigee bigquery analytics blueprint, added apigee network patterns ([apichick](https://github.com/apichick)) <!-- 2022-12-23 15:16:45+00:00 -->
@ -20,6 +29,8 @@ All notable changes to this project will be documented in this file.
### DOCUMENTATION ### DOCUMENTATION
- [[#1101](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1101)] First batch of testing updates to core modules ([juliocc](https://github.com/juliocc)) <!-- 2023-01-20 06:49:41+00:00 -->
- [[#1089](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1089)] Update Data Platform ([lcaggio](https://github.com/lcaggio)) <!-- 2023-01-12 22:17:05+00:00 -->
- [[#1084](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1084)] Fixes in Apigee blueprints README files ([apichick](https://github.com/apichick)) <!-- 2023-01-05 11:00:46+00:00 --> - [[#1084](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1084)] Fixes in Apigee blueprints README files ([apichick](https://github.com/apichick)) <!-- 2023-01-05 11:00:46+00:00 -->
- [[#1081](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1081)] Apigee hybrid on GKE ([apichick](https://github.com/apichick)) <!-- 2023-01-05 08:23:33+00:00 --> - [[#1081](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1081)] Apigee hybrid on GKE ([apichick](https://github.com/apichick)) <!-- 2023-01-05 08:23:33+00:00 -->
- [[#1074](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1074)] Adding new section for Authentication issues ([agutta](https://github.com/agutta)) <!-- 2022-12-29 15:50:23+00:00 --> - [[#1074](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1074)] Adding new section for Authentication issues ([agutta](https://github.com/agutta)) <!-- 2022-12-29 15:50:23+00:00 -->
@ -28,6 +39,9 @@ All notable changes to this project will be documented in this file.
### FAST ### FAST
- [[#1118](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1118)] Add missing logging admin role for initial user ([ludoo](https://github.com/ludoo)) <!-- 2023-01-28 08:41:23+00:00 -->
- [[#1099](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1099)] Fix destroy in stage 1 outputs ([ludoo](https://github.com/ludoo)) <!-- 2023-01-19 09:35:41+00:00 -->
- [[#1089](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1089)] Update Data Platform ([lcaggio](https://github.com/lcaggio)) <!-- 2023-01-12 22:17:05+00:00 -->
- [[#1085](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1085)] fix restricted services not being added to the perimeter configurations ([drebes](https://github.com/drebes)) <!-- 2023-01-06 12:25:31+00:00 --> - [[#1085](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1085)] fix restricted services not being added to the perimeter configurations ([drebes](https://github.com/drebes)) <!-- 2023-01-06 12:25:31+00:00 -->
- [[#1057](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1057)] Adding new file FAQ and an image ([agutta](https://github.com/agutta)) <!-- 2022-12-22 14:00:22+00:00 --> - [[#1057](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1057)] Adding new file FAQ and an image ([agutta](https://github.com/agutta)) <!-- 2022-12-22 14:00:22+00:00 -->
- [[#1054](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1054)] FAST: fix typo in bootstrap stage README ([agutta](https://github.com/agutta)) <!-- 2022-12-16 16:00:00+00:00 --> - [[#1054](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1054)] FAST: fix typo in bootstrap stage README ([agutta](https://github.com/agutta)) <!-- 2022-12-16 16:00:00+00:00 -->
@ -35,6 +49,14 @@ All notable changes to this project will be documented in this file.
### MODULES ### MODULES
- [[#1116](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1116)] Include cloudbuild API in project module ([aymanfarhat](https://github.com/aymanfarhat)) <!-- 2023-01-27 20:38:01+00:00 -->
- [[#1115](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1115)] add new parameters support in apigee module ([blackillzone](https://github.com/blackillzone)) <!-- 2023-01-27 16:39:46+00:00 -->
- [[#1112](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1112)] Add HTTPS frontend with SNEG example ([juliodiez](https://github.com/juliodiez)) <!-- 2023-01-26 19:17:31+00:00 -->
- [[#1097](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1097)] Use terraform resource to activate Anthos Service Mesh ([wiktorn](https://github.com/wiktorn)) <!-- 2023-01-23 08:25:31+00:00 -->
- [[#1101](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1101)] First batch of testing updates to core modules ([juliocc](https://github.com/juliocc)) <!-- 2023-01-20 06:49:41+00:00 -->
- [[#1098](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1098)] Add shared-vpc support on data-playground blueprint ([lcaggio](https://github.com/lcaggio)) <!-- 2023-01-19 08:08:29+00:00 -->
- [[#1096](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1096)] [VPC-SC] Add support for scoped Policies ([lcaggio](https://github.com/lcaggio)) <!-- 2023-01-17 14:30:34+00:00 -->
- [[#1093](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1093)] Added tags to gke-cluster module ([apichick](https://github.com/apichick)) <!-- 2023-01-13 12:12:17+00:00 -->
- [[#1078](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1078)] Fixed delete_rule in compute-mig module for stateful disks ([rosmo](https://github.com/rosmo)) <!-- 2023-01-04 08:14:40+00:00 --> - [[#1078](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1078)] Fixed delete_rule in compute-mig module for stateful disks ([rosmo](https://github.com/rosmo)) <!-- 2023-01-04 08:14:40+00:00 -->
- [[#1080](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1080)] Added device_name field to compute-vm attached_disks parameter ([rosmo](https://github.com/rosmo)) <!-- 2023-01-03 20:53:48+00:00 --> - [[#1080](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1080)] Added device_name field to compute-vm attached_disks parameter ([rosmo](https://github.com/rosmo)) <!-- 2023-01-03 20:53:48+00:00 -->
- [[#1079](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1079)] Reorder org policy rules ([juliocc](https://github.com/juliocc)) <!-- 2023-01-03 16:11:29+00:00 --> - [[#1079](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1079)] Reorder org policy rules ([juliocc](https://github.com/juliocc)) <!-- 2023-01-03 16:11:29+00:00 -->
@ -53,6 +75,8 @@ All notable changes to this project will be documented in this file.
### TOOLS ### TOOLS
- [[#1107](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1107)] Check linting for Python dashboard files ([ludoo](https://github.com/ludoo)) <!-- 2023-01-21 16:17:52+00:00 -->
- [[#1101](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1101)] First batch of testing updates to core modules ([juliocc](https://github.com/juliocc)) <!-- 2023-01-20 06:49:41+00:00 -->
- [[#1091](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1091)] Fix check_documentation output ([juliocc](https://github.com/juliocc)) <!-- 2023-01-12 14:43:13+00:00 --> - [[#1091](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1091)] Fix check_documentation output ([juliocc](https://github.com/juliocc)) <!-- 2023-01-12 14:43:13+00:00 -->
- [[#1053](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1053)] Extend inventory-based testing to examples ([juliocc](https://github.com/juliocc)) <!-- 2022-12-18 19:50:34+00:00 --> - [[#1053](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1053)] Extend inventory-based testing to examples ([juliocc](https://github.com/juliocc)) <!-- 2022-12-18 19:50:34+00:00 -->

14
blueprints/apigee/bigquery-analytics/README.md
View File

@ -60,14 +60,14 @@ Do the following to verify that everything works as expected.
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [envgroups](variables.tf#L24) | Environment groups (NAME => [HOSTNAMES]). | <code>map&#40;list&#40;string&#41;&#41;</code> | ✓ | | | [envgroups](variables.tf#L24) | Environment groups (NAME => [HOSTNAMES]). | <code>map&#40;list&#40;string&#41;&#41;</code> | ✓ | |
| [environments](variables.tf#L30) | Environments. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10; node_config &#61; optional&#40;object&#40;&#123;&#10; min_node_count &#61; optional&#40;number&#41;&#10; max_node_count &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10; envgroups &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | | | [environments](variables.tf#L30) | Environments. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10; node_config &#61; optional&#40;object&#40;&#123;&#10; min_node_count &#61; optional&#40;number&#41;&#10; max_node_count &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10; envgroups &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [instances](variables.tf#L45) | Instance. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10; region &#61; string&#10; environments &#61; list&#40;string&#41;&#10; psa_ip_cidr_range &#61; string&#10; disk_encryption_key &#61; optional&#40;string&#41;&#10; consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | | | [instances](variables.tf#L45) | Instance. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10; region &#61; string&#10; environments &#61; list&#40;string&#41;&#10; runtime_ip_cidr_range &#61; string&#10; troubleshooting_ip_cidr_range &#61; string&#10; disk_encryption_key &#61; optional&#40;string&#41;&#10; consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [project_id](variables.tf#L91) | Project ID. | <code>string</code> | ✓ | | | [project_id](variables.tf#L92) | Project ID. | <code>string</code> | ✓ | |
| [psc_config](variables.tf#L97) | PSC configuration. | <code>map&#40;string&#41;</code> | ✓ | | | [psc_config](variables.tf#L98) | PSC configuration. | <code>map&#40;string&#41;</code> | ✓ | |
| [datastore_name](variables.tf#L17) | Datastore. | <code>string</code> | | <code>&#34;gcs&#34;</code> | | [datastore_name](variables.tf#L17) | Datastore. | <code>string</code> | | <code>&#34;gcs&#34;</code> |
| [organization](variables.tf#L59) | Apigee organization. | <code title="object&#40;&#123;&#10; display_name &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10; description &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10; authorized_network &#61; optional&#40;string, &#34;vpc&#34;&#41;&#10; runtime_type &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10; billing_type &#61; optional&#40;string&#41;&#10; database_encryption_key &#61; optional&#40;string&#41;&#10; analytics_region &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10;&#125;">&#123;&#8230;&#125;</code> | | [organization](variables.tf#L60) | Apigee organization. | <code title="object&#40;&#123;&#10; display_name &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10; description &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10; authorized_network &#61; optional&#40;string, &#34;vpc&#34;&#41;&#10; runtime_type &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10; billing_type &#61; optional&#40;string&#41;&#10; database_encryption_key &#61; optional&#40;string&#41;&#10; analytics_region &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [path](variables.tf#L75) | Bucket path. | <code>string</code> | | <code>&#34;&#47;analytics&#34;</code> | | [path](variables.tf#L76) | Bucket path. | <code>string</code> | | <code>&#34;&#47;analytics&#34;</code> |
| [project_create](variables.tf#L82) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L83) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [vpc_create](variables.tf#L103) | Boolean flag indicating whether the VPC should be created or not. | <code>bool</code> | | <code>true</code> | | [vpc_create](variables.tf#L104) | Boolean flag indicating whether the VPC should be created or not. | <code>bool</code> | | <code>true</code> |
## Outputs ## Outputs

12
blueprints/apigee/bigquery-analytics/functions/export/package-lock.json generated
View File

@ -826,9 +826,9 @@
"integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==" "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
}, },
"node_modules/cookiejar": { "node_modules/cookiejar": {
"version": "2.1.3", "version": "2.1.4",
"resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.3.tgz", "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.4.tgz",
"integrity": "sha512-JxbCBUdrfr6AQjOXrxoTvAMJO4HBTUIlBzslcJPAz+/KT8yk53fXun51u+RenNYvad/+Vc2DIz5o9UxlCDymFQ==" "integrity": "sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw=="
}, },
"node_modules/debug": { "node_modules/debug": {
"version": "2.6.9", "version": "2.6.9",
@ -3783,9 +3783,9 @@
"integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==" "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
}, },
"cookiejar": { "cookiejar": {
"version": "2.1.3", "version": "2.1.4",
"resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.3.tgz", "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.4.tgz",
"integrity": "sha512-JxbCBUdrfr6AQjOXrxoTvAMJO4HBTUIlBzslcJPAz+/KT8yk53fXun51u+RenNYvad/+Vc2DIz5o9UxlCDymFQ==" "integrity": "sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw=="
}, },
"debug": { "debug": {
"version": "2.6.9", "version": "2.6.9",

7
blueprints/apigee/bigquery-analytics/main.tf
View File

@ -68,9 +68,12 @@ module "vpc" {
region = k region = k
}] }]
psa_config = { psa_config = {
ranges = { ranges = merge({ for k, v in var.instances :
for k, v in var.instances : "apigee-${k}" => v.psa_ip_cidr_range "apigee-runtime-${k}" => v.runtime_ip_cidr_range
}, { for k, v in var.instances :
"apigee-troubleshooting-${k}" => v.troubleshooting_ip_cidr_range
} }
)
} }
} }

3
blueprints/apigee/bigquery-analytics/terraform.tfvars.sample
View File

@ -15,7 +15,8 @@ instances = {
instance-ew1 = { instance-ew1 = {
region = "europe-west1" region = "europe-west1"
environments = ["apis-test"] environments = ["apis-test"]
psa_ip_cidr_range = "10.0.4.0/22" runtime_ip_cidr_range = "10.0.4.0/22"
troubleshooting_ip_cidr_range = "10.1.1.0/28"
} }
} }
psc_config = { psc_config = {

3
blueprints/apigee/bigquery-analytics/variables.tf
View File

@ -49,7 +49,8 @@ variable "instances" {
description = optional(string) description = optional(string)
region = string region = string
environments = list(string) environments = list(string)
psa_ip_cidr_range = string runtime_ip_cidr_range = string
troubleshooting_ip_cidr_range = string
disk_encryption_key = optional(string) disk_encryption_key = optional(string)
consumer_accept_list = optional(list(string)) consumer_accept_list = optional(list(string))
})) }))

4
blueprints/apigee/bigquery-analytics/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

21
blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md
View File

@ -46,18 +46,19 @@ Do the following to verify that everything works as expected.
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [apigee_project_id](variables.tf#L17) | Project ID. | <code>string</code> | ✓ | | | [apigee_project_id](variables.tf#L17) | Project ID. | <code>string</code> | ✓ | |
| [billing_account_id](variables.tf#L47) | Parameters for the creation of the new project. | <code>string</code> | ✓ | | | [billing_account_id](variables.tf#L53) | Parameters for the creation of the new project. | <code>string</code> | ✓ | |
| [hostname](variables.tf#L52) | Host name. | <code>string</code> | ✓ | | | [hostname](variables.tf#L58) | Host name. | <code>string</code> | ✓ | |
| [onprem_project_id](variables.tf#L57) | Project ID. | <code>string</code> | ✓ | | | [onprem_project_id](variables.tf#L63) | Project ID. | <code>string</code> | ✓ | |
| [parent](variables.tf#L75) | Parent (organizations/organizationID or folders/folderID). | <code>string</code> | ✓ | | | [parent](variables.tf#L81) | Parent (organizations/organizationID or folders/folderID). | <code>string</code> | ✓ | |
| [apigee_proxy_only_subnet_ip_cidr_range](variables.tf#L23) | Subnet IP CIDR range. | <code>string</code> | | <code>&#34;10.2.1.0&#47;24&#34;</code> | | [apigee_proxy_only_subnet_ip_cidr_range](variables.tf#L23) | Subnet IP CIDR range. | <code>string</code> | | <code>&#34;10.2.1.0&#47;24&#34;</code> |
| [apigee_psa_ip_cidr_range](variables.tf#L29) | Apigee PSA IP CIDR range. | <code>string</code> | | <code>&#34;10.0.4.0&#47;22&#34;</code> | | [apigee_psc_subnet_ip_cidr_range](variables.tf#L29) | Subnet IP CIDR range. | <code>string</code> | | <code>&#34;10.2.2.0&#47;24&#34;</code> |
| [apigee_psc_subnet_ip_cidr_range](variables.tf#L35) | Subnet IP CIDR range. | <code>string</code> | | <code>&#34;10.2.2.0&#47;24&#34;</code> | | [apigee_runtime_ip_cidr_range](variables.tf#L35) | Apigee PSA IP CIDR range. | <code>string</code> | | <code>&#34;10.0.4.0&#47;22&#34;</code> |
| [apigee_subnet_ip_cidr_range](variables.tf#L41) | Subnet IP CIDR range. | <code>string</code> | | <code>&#34;10.2.0.0&#47;24&#34;</code> | | [apigee_subnet_ip_cidr_range](variables.tf#L41) | Subnet IP CIDR range. | <code>string</code> | | <code>&#34;10.2.0.0&#47;24&#34;</code> |
| [onprem_proxy_only_subnet_ip_cidr_range](variables.tf#L63) | Subnet IP CIDR range. | <code>string</code> | | <code>&#34;10.1.1.0&#47;24&#34;</code> | | [apigee_troubleshooting_ip_cidr_range](variables.tf#L47) | Apigee PSA IP CIDR range. | <code>string</code> | | <code>&#34;10.1.0.0&#47;28&#34;</code> |
| [onprem_subnet_ip_cidr_range](variables.tf#L69) | Subnet IP CIDR range. | <code>string</code> | | <code>&#34;10.1.0.0&#47;24&#34;</code> | | [onprem_proxy_only_subnet_ip_cidr_range](variables.tf#L69) | Subnet IP CIDR range. | <code>string</code> | | <code>&#34;10.1.1.0&#47;24&#34;</code> |
| [region](variables.tf#L80) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [onprem_subnet_ip_cidr_range](variables.tf#L75) | Subnet IP CIDR range. | <code>string</code> | | <code>&#34;10.1.0.0&#47;24&#34;</code> |
| [zone](variables.tf#L86) | Zone. | <code>string</code> | | <code>&#34;europe-west1-c&#34;</code> | | [region](variables.tf#L86) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [zone](variables.tf#L92) | Zone. | <code>string</code> | | <code>&#34;europe-west1-c&#34;</code> |
## Outputs ## Outputs

6
blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf
View File

@ -57,7 +57,8 @@ module "apigee_vpc" {
}] }]
psa_config = { psa_config = {
ranges = { ranges = {
"apigee" = var.apigee_psa_ip_cidr_range "apigee-runtime" = var.apigee_runtime_ip_cidr_range
"apigee-troubleshooting" = var.apigee_troubleshooting_ip_cidr_range
} }
} }
} }
@ -81,7 +82,8 @@ module "apigee" {
instance-1 = { instance-1 = {
region = var.region region = var.region
environments = [local.environment] environments = [local.environment]
psa_ip_cidr_range = var.apigee_psa_ip_cidr_range runtime_ip_cidr_range = var.apigee_runtime_ip_cidr_range
troubleshooting_ip_cidr_range = var.apigee_troubleshooting_ip_cidr_range
} }
} }
endpoint_attachments = { endpoint_attachments = {

18
blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf
View File

@ -26,24 +26,30 @@ variable "apigee_proxy_only_subnet_ip_cidr_range" {
default = "10.2.1.0/24" default = "10.2.1.0/24"
} }
variable "apigee_psa_ip_cidr_range" {
description = "Apigee PSA IP CIDR range."
type = string
default = "10.0.4.0/22"
}
variable "apigee_psc_subnet_ip_cidr_range" { variable "apigee_psc_subnet_ip_cidr_range" {
description = "Subnet IP CIDR range." description = "Subnet IP CIDR range."
type = string type = string
default = "10.2.2.0/24" default = "10.2.2.0/24"
} }
variable "apigee_runtime_ip_cidr_range" {
description = "Apigee PSA IP CIDR range."
type = string
default = "10.0.4.0/22"
}
variable "apigee_subnet_ip_cidr_range" { variable "apigee_subnet_ip_cidr_range" {
description = "Subnet IP CIDR range." description = "Subnet IP CIDR range."
type = string type = string
default = "10.2.0.0/24" default = "10.2.0.0/24"
} }
variable "apigee_troubleshooting_ip_cidr_range" {
description = "Apigee PSA IP CIDR range."
type = string
default = "10.1.0.0/28"
}
variable "billing_account_id" { variable "billing_account_id" {
description = "Parameters for the creation of the new project." description = "Parameters for the creation of the new project."
type = string type = string

4
blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/cloud-operations/adfs/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/cloud-operations/asset-inventory-feed-remediation/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/cloud-operations/dns-fine-grained-iam/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/cloud-operations/dns-shared-vpc/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/cloud-operations/iam-delegated-role-grants/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

271
blueprints/cloud-operations/network-dashboard/dashboards/quotas-utilization.json
View File

@ -1,5 +1,4 @@
{ {
"category": "CUSTOM",
"displayName": "quotas_utilization", "displayName": "quotas_utilization",
"mosaicLayout": { "mosaicLayout": {
"columns": 12, "columns": 12,
@ -18,7 +17,6 @@
"plotType": "LINE", "plotType": "LINE",
"targetAxis": "Y1", "targetAxis": "Y1",
"timeSeriesQuery": { "timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": { "timeSeriesFilter": {
"aggregation": { "aggregation": {
"alignmentPeriod": "3600s", "alignmentPeriod": "3600s",
@ -40,9 +38,7 @@
} }
} }
}, },
"width": 6, "width": 6
"xPos": 0,
"yPos": 0
}, },
{ {
"height": 4, "height": 4,
@ -58,7 +54,6 @@
"plotType": "LINE", "plotType": "LINE",
"targetAxis": "Y1", "targetAxis": "Y1",
"timeSeriesQuery": { "timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": { "timeSeriesFilter": {
"aggregation": { "aggregation": {
"alignmentPeriod": "3600s", "alignmentPeriod": "3600s",
@ -81,7 +76,6 @@
} }
}, },
"width": 6, "width": 6,
"xPos": 0,
"yPos": 12 "yPos": 12
}, },
{ {
@ -98,7 +92,6 @@
"plotType": "LINE", "plotType": "LINE",
"targetAxis": "Y1", "targetAxis": "Y1",
"timeSeriesQuery": { "timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": { "timeSeriesFilter": {
"aggregation": { "aggregation": {
"alignmentPeriod": "3600s", "alignmentPeriod": "3600s",
@ -121,7 +114,6 @@
} }
}, },
"width": 6, "width": 6,
"xPos": 0,
"yPos": 8 "yPos": 8
}, },
{ {
@ -138,7 +130,6 @@
"plotType": "LINE", "plotType": "LINE",
"targetAxis": "Y1", "targetAxis": "Y1",
"timeSeriesQuery": { "timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": { "timeSeriesFilter": {
"aggregation": { "aggregation": {
"alignmentPeriod": "3600s", "alignmentPeriod": "3600s",
@ -178,7 +169,6 @@
"plotType": "LINE", "plotType": "LINE",
"targetAxis": "Y1", "targetAxis": "Y1",
"timeSeriesQuery": { "timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": { "timeSeriesFilter": {
"aggregation": { "aggregation": {
"alignmentPeriod": "3600s", "alignmentPeriod": "3600s",
@ -201,7 +191,6 @@
} }
}, },
"width": 6, "width": 6,
"xPos": 0,
"yPos": 4 "yPos": 4
}, },
{ {
@ -218,7 +207,6 @@
"plotType": "LINE", "plotType": "LINE",
"targetAxis": "Y1", "targetAxis": "Y1",
"timeSeriesQuery": { "timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": { "timeSeriesFilter": {
"aggregation": { "aggregation": {
"alignmentPeriod": "3600s", "alignmentPeriod": "3600s",
@ -241,8 +229,7 @@
} }
}, },
"width": 6, "width": 6,
"xPos": 6, "xPos": 6
"yPos": 0
}, },
{ {
"height": 4, "height": 4,
@ -258,7 +245,6 @@
"plotType": "LINE", "plotType": "LINE",
"targetAxis": "Y1", "targetAxis": "Y1",
"timeSeriesQuery": { "timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": { "timeSeriesFilter": {
"aggregation": { "aggregation": {
"alignmentPeriod": "3600s", "alignmentPeriod": "3600s",
@ -298,7 +284,6 @@
"plotType": "LINE", "plotType": "LINE",
"targetAxis": "Y1", "targetAxis": "Y1",
"timeSeriesQuery": { "timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": { "timeSeriesFilter": {
"aggregation": { "aggregation": {
"alignmentPeriod": "3600s", "alignmentPeriod": "3600s",
@ -330,17 +315,19 @@
}, },
"dataSets": [ "dataSets": [
{ {
"minAlignmentPeriod": "60s", "minAlignmentPeriod": "3600s",
"plotType": "LINE", "plotType": "LINE",
"targetAxis": "Y1", "targetAxis": "Y1",
"timeSeriesQuery": { "timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": { "timeSeriesFilter": {
"aggregation": { "aggregation": {
"alignmentPeriod": "60s", "alignmentPeriod": "3600s",
"perSeriesAligner": "ALIGN_MEAN" "perSeriesAligner": "ALIGN_NEXT_OLDER"
}, },
"filter": "metric.type=\"custom.googleapis.com/netmon/peering_group/routes_dynamic_used_ratio\" resource.type=\"global\"" "filter": "metric.type=\"custom.googleapis.com/netmon/peering_group/routes_dynamic_used_ratio\" resource.type=\"global\"",
"secondaryAggregation": {
"alignmentPeriod": "60s"
}
} }
} }
} }
@ -353,7 +340,6 @@
} }
}, },
"width": 6, "width": 6,
"xPos": 0,
"yPos": 20 "yPos": 20
}, },
{ {
@ -366,21 +352,23 @@
}, },
"dataSets": [ "dataSets": [
{ {
"minAlignmentPeriod": "60s", "minAlignmentPeriod": "3600s",
"plotType": "LINE", "plotType": "LINE",
"targetAxis": "Y1", "targetAxis": "Y1",
"timeSeriesQuery": { "timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": { "timeSeriesFilter": {
"aggregation": { "aggregation": {
"alignmentPeriod": "60s", "alignmentPeriod": "3600s",
"crossSeriesReducer": "REDUCE_SUM", "crossSeriesReducer": "REDUCE_SUM",
"groupByFields": [ "groupByFields": [
"metric.label.\"project\"" "metric.label.\"project\""
], ],
"perSeriesAligner": "ALIGN_MEAN" "perSeriesAligner": "ALIGN_NEXT_OLDER"
}, },
"filter": "metric.type=\"custom.googleapis.com/netmon/project/firewall_rules_used_ratio\" resource.type=\"global\"" "filter": "metric.type=\"custom.googleapis.com/netmon/project/firewall_rules_used_ratio\" resource.type=\"global\"",
"secondaryAggregation": {
"alignmentPeriod": "60s"
}
} }
} }
} }
@ -393,8 +381,7 @@
} }
}, },
"width": 6, "width": 6,
"xPos": 0, "yPos": 28
"yPos": 32
}, },
{ {
"height": 4, "height": 4,
@ -406,17 +393,19 @@
}, },
"dataSets": [ "dataSets": [
{ {
"minAlignmentPeriod": "60s", "minAlignmentPeriod": "3600s",
"plotType": "LINE", "plotType": "LINE",
"targetAxis": "Y1", "targetAxis": "Y1",
"timeSeriesQuery": { "timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": { "timeSeriesFilter": {
"aggregation": { "aggregation": {
"alignmentPeriod": "60s", "alignmentPeriod": "3600s",
"perSeriesAligner": "ALIGN_MEAN" "perSeriesAligner": "ALIGN_NEXT_OLDER"
}, },
"filter": "metric.type=\"custom.googleapis.com/netmon/firewall_policy/tuples_used_ratio\" resource.type=\"global\"" "filter": "metric.type=\"custom.googleapis.com/netmon/firewall_policy/tuples_used_ratio\" resource.type=\"global\"",
"secondaryAggregation": {
"alignmentPeriod": "60s"
}
} }
} }
} }
@ -430,7 +419,7 @@
}, },
"width": 6, "width": 6,
"xPos": 6, "xPos": 6,
"yPos": 28 "yPos": 24
}, },
{ {
"height": 4, "height": 4,
@ -442,17 +431,135 @@
}, },
"dataSets": [ "dataSets": [
{ {
"minAlignmentPeriod": "60s", "minAlignmentPeriod": "3600s",
"plotType": "LINE", "plotType": "LINE",
"targetAxis": "Y1", "targetAxis": "Y1",
"timeSeriesQuery": { "timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": { "timeSeriesFilter": {
"aggregation": { "aggregation": {
"alignmentPeriod": "60s", "alignmentPeriod": "3600s",
"perSeriesAligner": "ALIGN_MEAN" "perSeriesAligner": "ALIGN_NEXT_OLDER"
}, },
"filter": "metric.type=\"custom.googleapis.com/netmon/subnetwork/addresses_used_ratio\" resource.type=\"global\"" "filter": "metric.type=\"custom.googleapis.com/netmon/subnetwork/addresses_used_ratio\" resource.type=\"global\"",
"secondaryAggregation": {
"alignmentPeriod": "60s"
}
}
}
}
],
"timeshiftDuration": "0s",
"yAxis": {
"label": "y1Axis",
"scale": "LINEAR"
}
}
},
"width": 6,
"yPos": 16
},
{
"height": 4,
"widget": {
"title": "Project static routes used",
"xyChart": {
"chartOptions": {
"mode": "COLOR"
},
"dataSets": [
{
"minAlignmentPeriod": "3600s",
"plotType": "LINE",
"targetAxis": "Y1",
"timeSeriesQuery": {
"timeSeriesFilter": {
"aggregation": {
"alignmentPeriod": "3600s",
"crossSeriesReducer": "REDUCE_SUM",
"groupByFields": [
"metric.label.\"project\""
],
"perSeriesAligner": "ALIGN_NEXT_OLDER"
},
"filter": "metric.type=\"custom.googleapis.com/netmon/project/routes_static_used_ratio\" resource.type=\"global\"",
"secondaryAggregation": {
"alignmentPeriod": "60s"
}
}
}
}
],
"timeshiftDuration": "0s",
"yAxis": {
"label": "y1Axis",
"scale": "LINEAR"
}
}
},
"width": 6,
"xPos": 6,
"yPos": 20
},
{
"height": 4,
"widget": {
"title": "Peering group static routes used",
"xyChart": {
"chartOptions": {
"mode": "COLOR"
},
"dataSets": [
{
"minAlignmentPeriod": "3600s",
"plotType": "LINE",
"targetAxis": "Y1",
"timeSeriesQuery": {
"timeSeriesFilter": {
"aggregation": {
"alignmentPeriod": "3600s",
"perSeriesAligner": "ALIGN_NEXT_OLDER"
},
"filter": "metric.type=\"custom.googleapis.com/netmon/peering_group/routes_static_used_ratio\" resource.type=\"global\"",
"secondaryAggregation": {
"alignmentPeriod": "60s"
}
}
}
}
],
"timeshiftDuration": "0s",
"yAxis": {
"label": "y1Axis",
"scale": "LINEAR"
}
}
},
"width": 6,
"yPos": 24
},
{
"height": 4,
"widget": {
"title": "Addresses used ratio per psa range [NEXT OLDER]",
"xyChart": {
"chartOptions": {
"mode": "COLOR"
},
"dataSets": [
{
"minAlignmentPeriod": "3600s",
"plotType": "LINE",
"targetAxis": "Y1",
"timeSeriesQuery": {
"timeSeriesFilter": {
"aggregation": {
"alignmentPeriod": "3600s",
"perSeriesAligner": "ALIGN_NEXT_OLDER"
},
"filter": "metric.type=\"custom.googleapis.com/netmon/network/psa/addresses_used_ratio\" resource.type=\"global\"",
"secondaryAggregation": {
"alignmentPeriod": "60s"
}
} }
} }
} }
@ -467,88 +574,6 @@
"width": 6, "width": 6,
"xPos": 6, "xPos": 6,
"yPos": 16 "yPos": 16
},
{
"height": 4,
"widget": {
"title": "Project static routes used",
"xyChart": {
"chartOptions": {
"mode": "COLOR"
},
"dataSets": [
{
"minAlignmentPeriod": "60s",
"plotType": "LINE",
"targetAxis": "Y1",
"timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": {
"aggregation": {
"alignmentPeriod": "60s",
"crossSeriesReducer": "REDUCE_SUM",
"groupByFields": [
"metric.label.\"project\""
],
"perSeriesAligner": "ALIGN_MEAN"
},
"filter": "metric.type=\"custom.googleapis.com/netmon/project/routes_static_used_ratio\" resource.type=\"global\"",
"secondaryAggregation": {
"alignmentPeriod": "60s",
"perSeriesAligner": "ALIGN_NONE"
}
}
}
}
],
"thresholds": [],
"timeshiftDuration": "0s",
"yAxis": {
"label": "y1Axis",
"scale": "LINEAR"
}
}
},
"width": 6,
"xPos": 0,
"yPos": 24
},
{
"height": 4,
"widget": {
"title": "Peering group static routes used",
"xyChart": {
"chartOptions": {
"mode": "COLOR"
},
"dataSets": [
{
"minAlignmentPeriod": "60s",
"plotType": "LINE",
"targetAxis": "Y1",
"timeSeriesQuery": {
"apiSource": "DEFAULT_CLOUD",
"timeSeriesFilter": {
"aggregation": {
"alignmentPeriod": "60s",
"perSeriesAligner": "ALIGN_MEAN"
},
"filter": "metric.type=\"custom.googleapis.com/netmon/peering_group/routes_static_used_ratio\" resource.type=\"global\""
}
}
}
],
"thresholds": [],
"timeshiftDuration": "0s",
"yAxis": {
"label": "y1Axis",
"scale": "LINEAR"
}
}
},
"width": 6,
"xPos": 0,
"yPos": 28
} }
] ]
} }

2
blueprints/cloud-operations/network-dashboard/deploy-cloud-function/README.md
View File

@ -74,7 +74,7 @@ dashboard_json_path = "../dashboards/quotas-utilization.json"
| [name](variables.tf#L75) | Name used to create Cloud Function related resources. | <code>string</code> | | <code>&#34;net-dash&#34;</code> | | [name](variables.tf#L75) | Name used to create Cloud Function related resources. | <code>string</code> | | <code>&#34;net-dash&#34;</code> |
| [project_create_config](variables.tf#L81) | Optional configuration if project creation is required. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent_id &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create_config](variables.tf#L81) | Optional configuration if project creation is required. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent_id &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [region](variables.tf#L95) | Compute region where the Cloud Function will be deployed. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L95) | Compute region where the Cloud Function will be deployed. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [schedule_config](variables.tf#L101) | Schedule timer configuration in crontab format. | <code>string</code> | | <code>&#34;0&#47;30 &#42; &#42; &#42; &#42;&#34;</code> | | [schedule_config](variables.tf#L101) | Schedule timer configuration in crontab format. | <code>string</code> | | <code>&#34;&#42;&#47;30 &#42; &#42; &#42; &#42;&#34;</code> |
## Outputs ## Outputs

2
blueprints/cloud-operations/network-dashboard/deploy-cloud-function/variables.tf
View File

@ -101,5 +101,5 @@ variable "region" {
variable "schedule_config" { variable "schedule_config" {
description = "Schedule timer configuration in crontab format." description = "Schedule timer configuration in crontab format."
type = string type = string
default = "0/30 * * * *" default = "*/30 * * * *"
} }

50
blueprints/cloud-operations/network-dashboard/src/plugins/discover-cai.py
View File

@ -39,7 +39,9 @@ TYPES = {
'subnetworks': 'compute.googleapis.com/Subnetwork', 'subnetworks': 'compute.googleapis.com/Subnetwork',
'routers': 'compute.googleapis.com/Router', 'routers': 'compute.googleapis.com/Router',
'routes': 'compute.googleapis.com/Route', 'routes': 'compute.googleapis.com/Route',
'sql_instances': 'sqladmin.googleapis.com/Instance' 'sql_instances': 'sqladmin.googleapis.com/Instance',
'filestore_instances': 'file.googleapis.com/Instance',
'memorystore_instances': 'redis.googleapis.com/Instance',
} }
NAMES = {v: k for k, v in TYPES.items()} NAMES = {v: k for k, v in TYPES.items()}
@ -82,10 +84,16 @@ def _handle_resource(resources, asset_type, data):
# e.g. assetType = GlobalAddress but discoveryName = Address # e.g. assetType = GlobalAddress but discoveryName = Address
resource_name = NAMES[asset_type] resource_name = NAMES[asset_type]
resource = { resource = {
'id': attrs.get('id'), 'id':
'name': attrs['name'], attrs.get('id'),
'self_link': _self_link(attrs['selfLink']), 'name':
'assetType': asset_type attrs['name'],
# Some resources (ex: Filestore) don't have a self_link, using parent + name in that case
'self_link':
f'{data["parent"]}/{attrs["name"]}'
if not 'selfLink' in attrs else _self_link(attrs['selfLink']),
'assetType':
asset_type
} }
# derive parent type and id and skip if parent is not within scope # derive parent type and id and skip if parent is not within scope
parent_data = _get_parent(data['parent'], resources) parent_data = _get_parent(data['parent'], resources)
@ -212,6 +220,38 @@ def _handle_sql_instances(resource, data):
], ],
'region': data['region'], 'region': data['region'],
'availabilityType': data['settings']['availabilityType'], 'availabilityType': data['settings']['availabilityType'],
'network': data['settings']['ipConfiguration']['privateNetwork']
}
def _handle_filestore_instances(resource, data):
'Handles filestore instance type resource data.'
return {
# Getting only the instance name, removing the rest
'name': data['name'].split('/')[-1],
# Is a list but for now, only one network is supported for Filestore
'network': data['networks'][0]['network'],
'reservedIpRange': data['networks'][0]['reservedIpRange'],
'ipAddresses': data['networks'][0]['ipAddresses']
}
def _handle_memorystore_instances(resource, data):
'Handles Memorystore (Redis) instance type resource data.'
return {
# Getting only the instance name, removing the rest
'name':
data['name'].split('/')[-1],
'locationId':
data['locationId'],
'replicaCount':
0 if not 'replicaCount' in data else data['replicaCount'],
'network':
data['authorizedNetwork'],
'reservedIpRange':
'' if not 'reservedIpRange' in data else data['reservedIpRange'],
'host':
'' if not 'host' in data else data['host'],
} }

43
blueprints/cloud-operations/network-dashboard/src/plugins/series-psa.py
View File

@ -34,7 +34,28 @@ def _sql_addresses(sql_instances):
if not v['ipAddresses']: if not v['ipAddresses']:
continue continue
# 1 IP for the instance + 1 IP for the ILB + 1 IP if HA # 1 IP for the instance + 1 IP for the ILB + 1 IP if HA
yield v['ipAddresses'][0], 2 if v['availabilityType'] != 'REGIONAL' else 3 yield v['ipAddresses'][
0], 2 if v['availabilityType'] != 'REGIONAL' else 3, v['network']
def _filestore_addresses(filestore_instances):
'Returns counts of Filestore instances per PSA range.'
for v in filestore_instances.values():
if not v['ipAddresses'] or not v['reservedIpRange']:
continue
# Subnet size (reservedIpRange) can be /29, /26 or /24
yield v['ipAddresses'][0], ipaddress.ip_network(
v['reservedIpRange']).num_addresses, v['network']
def _memorystore_addresses(memorystore_instances):
'Returns counts of Memorystore (Redis) instances per PSA range.'
for v in memorystore_instances.values():
if not v['reservedIpRange'] or v['reservedIpRange'] == '':
continue
# Subnet size (reservedIpRange) can be minimum /28 or /29
yield v['host'], ipaddress.ip_network(
v['reservedIpRange']).num_addresses, v['network']
@register_timeseries @register_timeseries
@ -46,26 +67,34 @@ def timeseries(resources):
('project', 'network', 'subnetwork'), ('project', 'network', 'subnetwork'),
dtype.endswith('ratio')) dtype.endswith('ratio'))
psa_nets = { psa_nets = {
k: ipaddress.ip_network('{}/{}'.format(v['address'], v['prefixLength'])) k: {
for k, v in resources['global_addresses'].items() 'network_link':
if v['prefixLength'] v['network'],
'network_prefix':
ipaddress.ip_network('{}/{}'.format(v['address'],
v['prefixLength']))
} for k, v in resources['global_addresses'].items() if v['prefixLength']
} }
psa_counts = {} psa_counts = {}
for address, ip_count in _sql_addresses(resources.get('sql_instances', {})): for address, ip_count, network in itertools.chain(
_sql_addresses(resources.get('sql_instances', {})),
_filestore_addresses(resources.get('filestore_instances', {})),
_memorystore_addresses(resources.get('memorystore_instances', {}))):
ip_address = ipaddress.ip_address(address) ip_address = ipaddress.ip_address(address)
for k, v in psa_nets.items(): for k, v in psa_nets.items():
if ip_address in v: if network == v['network_link'] and ip_address in v['network_prefix']:
psa_counts[k] = psa_counts.get(k, 0) + ip_count psa_counts[k] = psa_counts.get(k, 0) + ip_count
break break
for k, v in psa_counts.items(): for k, v in psa_counts.items():
max_ips = psa_nets[k].num_addresses - 4 max_ips = psa_nets[k]['network_prefix'].num_addresses - 4
psa_range = resources['global_addresses'][k] psa_range = resources['global_addresses'][k]
labels = { labels = {
'network': psa_range['network'], 'network': psa_range['network'],
'project': psa_range['project_id'], 'project': psa_range['project_id'],
'psa_range': psa_range['name'] 'psa_range': psa_range['name']
} }
yield TimeSeries('network/psa/addresses_available', max_ips, labels) yield TimeSeries('network/psa/addresses_available', max_ips, labels)
yield TimeSeries('network/psa/addresses_used', v, labels) yield TimeSeries('network/psa/addresses_used', v, labels)
yield TimeSeries('network/psa/addresses_used_ratio', yield TimeSeries('network/psa/addresses_used_ratio',

4
blueprints/cloud-operations/onprem-sa-key-management/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/cloud-operations/packer-image-builder/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/cloud-operations/quota-monitoring/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/cloud-operations/scheduled-asset-inventory-export-bq/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/data-solutions/cmek-via-centralized-kms/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

2
blueprints/data-solutions/data-platform-foundations/README.md
View File

@ -219,7 +219,7 @@ module "data-platform" {
prefix = "myprefix" prefix = "myprefix"
} }
# tftest modules=39 resources=286 # tftest modules=39 resources=287
``` ```
## Customizations ## Customizations

4
blueprints/data-solutions/data-playground/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/data-solutions/gcs-to-bq-with-least-privileges/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/factories/net-vpc-firewall-yaml/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/gke/multitenant-fleet/README.md
View File

@ -115,7 +115,7 @@ module "gke-fleet" {
vpc_self_link = "projects/prj-host/global/networks/prod-0" vpc_self_link = "projects/prj-host/global/networks/prod-0"
} }
} }
# tftest modules=7 resources=26 # tftest modules=7 resources=27
``` ```
## GKE Fleet ## GKE Fleet
@ -224,7 +224,7 @@ module "gke" {
} }
} }
# tftest modules=8 resources=37 # tftest modules=8 resources=38
``` ```
<!-- TFDOC OPTS files:1 --> <!-- TFDOC OPTS files:1 -->

4
blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/networking/__need_fixing/onprem-google-access-dns/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/networking/decentralized-firewall/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/networking/filtering-proxy-psc/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/networking/filtering-proxy/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/networking/hub-and-spoke-peering/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/networking/hub-and-spoke-vpn/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/networking/ilb-next-hop/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/networking/private-cloud-function-from-onprem/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/networking/shared-vpc-gke/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
blueprints/third-party-solutions/openshift/tf/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
default-versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

1
fast/stages/00-bootstrap/README.md
View File

@ -264,6 +264,7 @@ terraform init
terraform apply \ terraform apply \
-var bootstrap_user=$(gcloud config list --format 'value(core.account)') -var bootstrap_user=$(gcloud config list --format 'value(core.account)')
``` ```
> If you see an error related to project name already exists, please make sure the project name is unique or the project was not deleted recently > If you see an error related to project name already exists, please make sure the project name is unique or the project was not deleted recently
Once the initial `apply` completes successfully, configure a remote backend using the new GCS bucket, and impersonation on the automation service account for this stage. To do this you can use the generated `providers.tf` file if you have configured output files as described above, or extract its contents from Terraform's output, then migrate state with `terraform init`: Once the initial `apply` completes successfully, configure a remote backend using the new GCS bucket, and impersonation on the automation service account for this stage. To do this you can use the generated `providers.tf` file if you have configured output files as described above, or extract its contents from Terraform's output, then migrate state with `terraform init`:

7
fast/stages/00-bootstrap/organization.tf
View File

@ -23,9 +23,10 @@ locals {
"roles/browser" = [ "roles/browser" = [
"domain:${var.organization.domain}" "domain:${var.organization.domain}"
] ]
"roles/logging.admin" = [ "roles/logging.admin" = concat(
module.automation-tf-bootstrap-sa.iam_email [module.automation-tf-bootstrap-sa.iam_email],
] local._iam_bootstrap_user
)
"roles/owner" = local._iam_bootstrap_user "roles/owner" = local._iam_bootstrap_user
"roles/resourcemanager.folderAdmin" = [ "roles/resourcemanager.folderAdmin" = [
module.automation-tf-resman-sa.iam_email module.automation-tf-resman-sa.iam_email

4
modules/__experimental/net-neg/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/api-gateway/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

21
modules/apigee/README.md
View File

@ -27,11 +27,15 @@ module "apigee" {
apis-test = { apis-test = {
display_name = "APIs test" display_name = "APIs test"
description = "APIs Test" description = "APIs Test"
deployment_type = "ARCHIVE"
api_proxy_type = "PROGRAMMABLE"
envgroups = ["test"] envgroups = ["test"]
} }
apis-prod = { apis-prod = {
display_name = "APIs prod" display_name = "APIs prod"
description = "APIs prod" description = "APIs prod"
deployment_type = "PROXY"
api_proxy_type = "CONFIGURABLE"
envgroups = ["prod"] envgroups = ["prod"]
iam = { iam = {
"roles/viewer" = ["group:devops@myorg.com"] "roles/viewer" = ["group:devops@myorg.com"]
@ -42,12 +46,14 @@ module "apigee" {
instance-test-ew1 = { instance-test-ew1 = {
region = "europe-west1" region = "europe-west1"
environments = ["apis-test"] environments = ["apis-test"]
psa_ip_cidr_range = "10.0.4.0/22" runtime_ip_cidr_range = "10.0.4.0/22"
troubleshooting_ip_cidr_range = "10.1.1.0.0/28"
} }
instance-prod-ew3 = { instance-prod-ew3 = {
region = "europe-west3" region = "europe-west3"
environments = ["apis-prod"] environments = ["apis-prod"]
psa_ip_cidr_range = "10.0.5.0/22" runtime_ip_cidr_range = "10.0.8.0/22"
troubleshooting_ip_cidr_range = "10.1.16.0/28"
} }
} }
endpoint_attachments = { endpoint_attachments = {
@ -139,7 +145,8 @@ module "apigee" {
instance-test-ew1 = { instance-test-ew1 = {
region = "europe-west1" region = "europe-west1"
environments = ["apis-test"] environments = ["apis-test"]
psa_ip_cidr_range = "10.0.4.0/22" runtime_ip_cidr_range = "10.0.4.0/22"
troubleshooting_ip_cidr_range = "10.1.1.0/28"
} }
} }
} }
@ -169,12 +176,12 @@ module "apigee" {
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L75) | Project ID. | <code>string</code> | ✓ | | | [project_id](variables.tf#L78) | Project ID. | <code>string</code> | ✓ | |
| [endpoint_attachments](variables.tf#L17) | Endpoint attachments. | <code title="map&#40;object&#40;&#123;&#10; region &#61; string&#10; service_attachment &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> | | [endpoint_attachments](variables.tf#L17) | Endpoint attachments. | <code title="map&#40;object&#40;&#123;&#10; region &#61; string&#10; service_attachment &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |
| [envgroups](variables.tf#L26) | Environment groups (NAME => [HOSTNAMES]). | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>null</code> | | [envgroups](variables.tf#L26) | Environment groups (NAME => [HOSTNAMES]). | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>null</code> |
| [environments](variables.tf#L32) | Environments. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10; node_config &#61; optional&#40;object&#40;&#123;&#10; min_node_count &#61; optional&#40;number&#41;&#10; max_node_count &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10; envgroups &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> | | [environments](variables.tf#L32) | Environments. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10; deployment_type &#61; optional&#40;string&#41;&#10; api_proxy_type &#61; optional&#40;string&#41;&#10; node_config &#61; optional&#40;object&#40;&#123;&#10; min_node_count &#61; optional&#40;number&#41;&#10; max_node_count &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10; envgroups &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |
| [instances](variables.tf#L47) | Instances. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10; region &#61; string&#10; environments &#61; list&#40;string&#41;&#10; psa_ip_cidr_range &#61; string&#10; disk_encryption_key &#61; optional&#40;string&#41;&#10; consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> | | [instances](variables.tf#L49) | Instances. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10; region &#61; string&#10; environments &#61; list&#40;string&#41;&#10; runtime_ip_cidr_range &#61; string&#10; troubleshooting_ip_cidr_range &#61; string&#10; disk_encryption_key &#61; optional&#40;string&#41;&#10; consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |
| [organization](variables.tf#L61) | Apigee organization. If set to null the organization must already exist. | <code title="object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10; authorized_network &#61; optional&#40;string&#41;&#10; runtime_type &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10; billing_type &#61; optional&#40;string&#41;&#10; database_encryption_key &#61; optional&#40;string&#41;&#10; analytics_region &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [organization](variables.tf#L64) | Apigee organization. If set to null the organization must already exist. | <code title="object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string, &#34;Terraform-managed&#34;&#41;&#10; authorized_network &#61; optional&#40;string&#41;&#10; runtime_type &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10; billing_type &#61; optional&#40;string&#41;&#10; database_encryption_key &#61; optional&#40;string&#41;&#10; analytics_region &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs ## Outputs

4
modules/apigee/main.tf
View File

@ -44,6 +44,8 @@ resource "google_apigee_environment" "environments" {
name = each.key name = each.key
display_name = each.value.display_name display_name = each.value.display_name
description = each.value.description description = each.value.description
deployment_type = each.value.deployment_type
api_proxy_type = each.value.api_proxy_type
dynamic "node_config" { dynamic "node_config" {
for_each = try(each.value.node_config, null) != null ? [""] : [] for_each = try(each.value.node_config, null) != null ? [""] : []
content { content {
@ -91,7 +93,7 @@ resource "google_apigee_instance" "instances" {
description = each.value.description description = each.value.description
location = each.value.region location = each.value.region
org_id = local.org_id org_id = local.org_id
ip_range = each.value.psa_ip_cidr_range ip_range = "${each.value.runtime_ip_cidr_range},${each.value.troubleshooting_ip_cidr_range}"
disk_encryption_key_name = each.value.disk_encryption_key disk_encryption_key_name = each.value.disk_encryption_key
consumer_accept_list = each.value.consumer_accept_list consumer_accept_list = each.value.consumer_accept_list
} }

5
modules/apigee/variables.tf
View File

@ -34,6 +34,8 @@ variable "environments" {
type = map(object({ type = map(object({
display_name = optional(string) display_name = optional(string)
description = optional(string, "Terraform-managed") description = optional(string, "Terraform-managed")
deployment_type = optional(string)
api_proxy_type = optional(string)
node_config = optional(object({ node_config = optional(object({
min_node_count = optional(number) min_node_count = optional(number)
max_node_count = optional(number) max_node_count = optional(number)
@ -51,7 +53,8 @@ variable "instances" {
description = optional(string, "Terraform-managed") description = optional(string, "Terraform-managed")
region = string region = string
environments = list(string) environments = list(string)
psa_ip_cidr_range = string runtime_ip_cidr_range = string
troubleshooting_ip_cidr_range = string
disk_encryption_key = optional(string) disk_encryption_key = optional(string)
consumer_accept_list = optional(list(string)) consumer_accept_list = optional(list(string))
})) }))

4
modules/apigee/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/artifact-registry/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/bigquery-dataset/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/bigtable-instance/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/billing-budget/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/binauthz/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloud-config-container/__need_fixing/onprem/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloud-config-container/coredns/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloud-config-container/cos-generic-metadata/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloud-config-container/envoy-traffic-director/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloud-config-container/mysql/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloud-config-container/nginx-tls/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloud-config-container/nginx/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloud-config-container/simple-nva/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloud-config-container/squid/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloud-function/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloud-identity-group/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloud-run/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/cloudsql-instance/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/compute-mig/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/compute-vm/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/container-registry/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/data-catalog-policy-tag/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/datafusion/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/dns/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/endpoints/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/folder/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/gcs/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

35
modules/gke-cluster/README.md
View File

@ -92,37 +92,36 @@ module "cluster-autopilot" {
} }
enable_features = { enable_features = {
autopilot = true autopilot = true
workload_identity = false
} }
} }
# tftest modules=1 resources=1 inventory=autopilot.yaml # tftest modules=1 resources=1 inventory=autopilot.yaml
``` ```
<!-- BEGIN TFDOC --> <!-- BEGIN TFDOC -->
## Variables ## Variables
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [location](variables.tf#L117) | Cluster zone or region. | <code>string</code> | ✓ | | | [location](variables.tf#L118) | Cluster zone or region. | <code>string</code> | ✓ | |
| [name](variables.tf#L174) | Cluster name. | <code>string</code> | ✓ | | | [name](variables.tf#L175) | Cluster name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L200) | Cluster project id. | <code>string</code> | ✓ | | | [project_id](variables.tf#L201) | Cluster project id. | <code>string</code> | ✓ | |
| [vpc_config](variables.tf#L217) | VPC-level configuration. | <code title="object&#40;&#123;&#10; network &#61; string&#10; subnetwork &#61; string&#10; master_ipv4_cidr_block &#61; optional&#40;string&#41;&#10; secondary_range_blocks &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#41;&#10; secondary_range_names &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;, &#123; pods &#61; &#34;pods&#34;, services &#61; &#34;services&#34; &#125;&#41;&#10; master_authorized_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | | [vpc_config](variables.tf#L218) | VPC-level configuration. | <code title="object&#40;&#123;&#10; network &#61; string&#10; subnetwork &#61; string&#10; master_ipv4_cidr_block &#61; optional&#40;string&#41;&#10; secondary_range_blocks &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#41;&#10; secondary_range_names &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;, &#123; pods &#61; &#34;pods&#34;, services &#61; &#34;services&#34; &#125;&#41;&#10; master_authorized_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [cluster_autoscaling](variables.tf#L17) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | <code title="object&#40;&#123;&#10; auto_provisioning_defaults &#61; optional&#40;object&#40;&#123;&#10; boot_disk_kms_key &#61; optional&#40;string&#41;&#10; image_type &#61; optional&#40;string&#41;&#10; oauth_scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10; service_account &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; cpu_limits &#61; optional&#40;object&#40;&#123;&#10; min &#61; number&#10; max &#61; number&#10; &#125;&#41;&#41;&#10; mem_limits &#61; optional&#40;object&#40;&#123;&#10; min &#61; number&#10; max &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [cluster_autoscaling](variables.tf#L17) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | <code title="object&#40;&#123;&#10; auto_provisioning_defaults &#61; optional&#40;object&#40;&#123;&#10; boot_disk_kms_key &#61; optional&#40;string&#41;&#10; image_type &#61; optional&#40;string&#41;&#10; oauth_scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10; service_account &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; cpu_limits &#61; optional&#40;object&#40;&#123;&#10; min &#61; number&#10; max &#61; number&#10; &#125;&#41;&#41;&#10; mem_limits &#61; optional&#40;object&#40;&#123;&#10; min &#61; number&#10; max &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [description](variables.tf#L38) | Cluster description. | <code>string</code> | | <code>null</code> | | [description](variables.tf#L38) | Cluster description. | <code>string</code> | | <code>null</code> |
| [enable_addons](variables.tf#L44) | Addons enabled in the cluster (true means enabled). | <code title="object&#40;&#123;&#10; cloudrun &#61; optional&#40;bool, false&#41;&#10; config_connector &#61; optional&#40;bool, false&#41;&#10; dns_cache &#61; optional&#40;bool, false&#41;&#10; gce_persistent_disk_csi_driver &#61; optional&#40;bool, false&#41;&#10; gcp_filestore_csi_driver &#61; optional&#40;bool, false&#41;&#10; gke_backup_agent &#61; optional&#40;bool, false&#41;&#10; horizontal_pod_autoscaling &#61; optional&#40;bool, false&#41;&#10; http_load_balancing &#61; optional&#40;bool, false&#41;&#10; istio &#61; optional&#40;object&#40;&#123;&#10; enable_tls &#61; bool&#10; &#125;&#41;&#41;&#10; kalm &#61; optional&#40;bool, false&#41;&#10; network_policy &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; horizontal_pod_autoscaling &#61; true&#10; http_load_balancing &#61; true&#10;&#125;">&#123;&#8230;&#125;</code> | | [enable_addons](variables.tf#L44) | Addons enabled in the cluster (true means enabled). | <code title="object&#40;&#123;&#10; cloudrun &#61; optional&#40;bool, false&#41;&#10; config_connector &#61; optional&#40;bool, false&#41;&#10; dns_cache &#61; optional&#40;bool, false&#41;&#10; gce_persistent_disk_csi_driver &#61; optional&#40;bool, false&#41;&#10; gcp_filestore_csi_driver &#61; optional&#40;bool, false&#41;&#10; gke_backup_agent &#61; optional&#40;bool, false&#41;&#10; horizontal_pod_autoscaling &#61; optional&#40;bool, false&#41;&#10; http_load_balancing &#61; optional&#40;bool, false&#41;&#10; istio &#61; optional&#40;object&#40;&#123;&#10; enable_tls &#61; bool&#10; &#125;&#41;&#41;&#10; kalm &#61; optional&#40;bool, false&#41;&#10; network_policy &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; horizontal_pod_autoscaling &#61; true&#10; http_load_balancing &#61; true&#10;&#125;">&#123;&#8230;&#125;</code> |
| [enable_features](variables.tf#L68) | Enable cluster-level features. Certain features allow configuration. | <code title="object&#40;&#123;&#10; autopilot &#61; optional&#40;bool, false&#41;&#10; binary_authorization &#61; optional&#40;bool, false&#41;&#10; cloud_dns &#61; optional&#40;object&#40;&#123;&#10; provider &#61; optional&#40;string&#41;&#10; scope &#61; optional&#40;string&#41;&#10; domain &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; database_encryption &#61; optional&#40;object&#40;&#123;&#10; state &#61; string&#10; key_name &#61; string&#10; &#125;&#41;&#41;&#10; dataplane_v2 &#61; optional&#40;bool, false&#41;&#10; groups_for_rbac &#61; optional&#40;string&#41;&#10; intranode_visibility &#61; optional&#40;bool, false&#41;&#10; l4_ilb_subsetting &#61; optional&#40;bool, false&#41;&#10; pod_security_policy &#61; optional&#40;bool, false&#41;&#10; resource_usage_export &#61; optional&#40;object&#40;&#123;&#10; dataset &#61; string&#10; enable_network_egress_metering &#61; optional&#40;bool&#41;&#10; enable_resource_consumption_metering &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; shielded_nodes &#61; optional&#40;bool, false&#41;&#10; tpu &#61; optional&#40;bool, false&#41;&#10; upgrade_notifications &#61; optional&#40;object&#40;&#123;&#10; topic_id &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; vertical_pod_autoscaling &#61; optional&#40;bool, false&#41;&#10; workload_identity &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; workload_identity &#61; true&#10;&#125;">&#123;&#8230;&#125;</code> | | [enable_features](variables.tf#L68) | Enable cluster-level features. Certain features allow configuration. | <code title="object&#40;&#123;&#10; autopilot &#61; optional&#40;bool, false&#41;&#10; binary_authorization &#61; optional&#40;bool, false&#41;&#10; cloud_dns &#61; optional&#40;object&#40;&#123;&#10; provider &#61; optional&#40;string&#41;&#10; scope &#61; optional&#40;string&#41;&#10; domain &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; database_encryption &#61; optional&#40;object&#40;&#123;&#10; state &#61; string&#10; key_name &#61; string&#10; &#125;&#41;&#41;&#10; dataplane_v2 &#61; optional&#40;bool, false&#41;&#10; gateway_api &#61; optional&#40;bool, false&#41;&#10; groups_for_rbac &#61; optional&#40;string&#41;&#10; intranode_visibility &#61; optional&#40;bool, false&#41;&#10; l4_ilb_subsetting &#61; optional&#40;bool, false&#41;&#10; pod_security_policy &#61; optional&#40;bool, false&#41;&#10; resource_usage_export &#61; optional&#40;object&#40;&#123;&#10; dataset &#61; string&#10; enable_network_egress_metering &#61; optional&#40;bool&#41;&#10; enable_resource_consumption_metering &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; shielded_nodes &#61; optional&#40;bool, false&#41;&#10; tpu &#61; optional&#40;bool, false&#41;&#10; upgrade_notifications &#61; optional&#40;object&#40;&#123;&#10; topic_id &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; vertical_pod_autoscaling &#61; optional&#40;bool, false&#41;&#10; workload_identity &#61; optional&#40;bool, true&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; workload_identity &#61; true&#10;&#125;">&#123;&#8230;&#125;</code> |
| [issue_client_certificate](variables.tf#L105) | Enable issuing client certificate. | <code>bool</code> | | <code>false</code> | | [issue_client_certificate](variables.tf#L106) | Enable issuing client certificate. | <code>bool</code> | | <code>false</code> |
| [labels](variables.tf#L111) | Cluster resource labels. | <code>map&#40;string&#41;</code> | | <code>null</code> | | [labels](variables.tf#L112) | Cluster resource labels. | <code>map&#40;string&#41;</code> | | <code>null</code> |
| [logging_config](variables.tf#L122) | Logging configuration. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;SYSTEM_COMPONENTS&#34;&#93;</code> | | [logging_config](variables.tf#L123) | Logging configuration. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;SYSTEM_COMPONENTS&#34;&#93;</code> |
| [maintenance_config](variables.tf#L128) | Maintenance window configuration. | <code title="object&#40;&#123;&#10; daily_window_start_time &#61; optional&#40;string&#41;&#10; recurring_window &#61; optional&#40;object&#40;&#123;&#10; start_time &#61; string&#10; end_time &#61; string&#10; recurrence &#61; string&#10; &#125;&#41;&#41;&#10; maintenance_exclusions &#61; optional&#40;list&#40;object&#40;&#123;&#10; name &#61; string&#10; start_time &#61; string&#10; end_time &#61; string&#10; scope &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; daily_window_start_time &#61; &#34;03:00&#34;&#10; recurring_window &#61; null&#10; maintenance_exclusion &#61; &#91;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> | | [maintenance_config](variables.tf#L129) | Maintenance window configuration. | <code title="object&#40;&#123;&#10; daily_window_start_time &#61; optional&#40;string&#41;&#10; recurring_window &#61; optional&#40;object&#40;&#123;&#10; start_time &#61; string&#10; end_time &#61; string&#10; recurrence &#61; string&#10; &#125;&#41;&#41;&#10; maintenance_exclusions &#61; optional&#40;list&#40;object&#40;&#123;&#10; name &#61; string&#10; start_time &#61; string&#10; end_time &#61; string&#10; scope &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; daily_window_start_time &#61; &#34;03:00&#34;&#10; recurring_window &#61; null&#10; maintenance_exclusion &#61; &#91;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [max_pods_per_node](variables.tf#L151) | Maximum number of pods per node in this cluster. | <code>number</code> | | <code>110</code> | | [max_pods_per_node](variables.tf#L152) | Maximum number of pods per node in this cluster. | <code>number</code> | | <code>110</code> |
| [min_master_version](variables.tf#L157) | Minimum version of the master, defaults to the version of the most recent official release. | <code>string</code> | | <code>null</code> | | [min_master_version](variables.tf#L158) | Minimum version of the master, defaults to the version of the most recent official release. | <code>string</code> | | <code>null</code> |
| [monitoring_config](variables.tf#L163) | Monitoring components. | <code title="object&#40;&#123;&#10; enable_components &#61; optional&#40;list&#40;string&#41;&#41;&#10; managed_prometheus &#61; optional&#40;bool&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; enable_components &#61; &#91;&#34;SYSTEM_COMPONENTS&#34;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> | | [monitoring_config](variables.tf#L164) | Monitoring components. | <code title="object&#40;&#123;&#10; enable_components &#61; optional&#40;list&#40;string&#41;&#41;&#10; managed_prometheus &#61; optional&#40;bool&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; enable_components &#61; &#91;&#34;SYSTEM_COMPONENTS&#34;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [node_locations](variables.tf#L179) | Zones in which the cluster's nodes are located. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [node_locations](variables.tf#L180) | Zones in which the cluster's nodes are located. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [private_cluster_config](variables.tf#L186) | Private cluster configuration. | <code title="object&#40;&#123;&#10; enable_private_endpoint &#61; optional&#40;bool&#41;&#10; master_global_access &#61; optional&#40;bool&#41;&#10; peering_config &#61; optional&#40;object&#40;&#123;&#10; export_routes &#61; optional&#40;bool&#41;&#10; import_routes &#61; optional&#40;bool&#41;&#10; project_id &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [private_cluster_config](variables.tf#L187) | Private cluster configuration. | <code title="object&#40;&#123;&#10; enable_private_endpoint &#61; optional&#40;bool&#41;&#10; master_global_access &#61; optional&#40;bool&#41;&#10; peering_config &#61; optional&#40;object&#40;&#123;&#10; export_routes &#61; optional&#40;bool&#41;&#10; import_routes &#61; optional&#40;bool&#41;&#10; project_id &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [release_channel](variables.tf#L205) | Release channel for GKE upgrades. | <code>string</code> | | <code>null</code> | | [release_channel](variables.tf#L206) | Release channel for GKE upgrades. | <code>string</code> | | <code>null</code> |
| [tags](variables.tf#L211) | Network tags applied to nodes. | <code>list&#40;string&#41;</code> | | <code>null</code> | | [tags](variables.tf#L212) | Network tags applied to nodes. | <code>list&#40;string&#41;</code> | | <code>null</code> |
## Outputs ## Outputs

7
modules/gke-cluster/main.tf
View File

@ -197,6 +197,13 @@ resource "google_container_cluster" "cluster" {
} }
} }
dynamic "gateway_api_config" {
for_each = var.enable_features.gateway_api ? [""] : []
content {
channel = "CHANNEL_STANDARD"
}
}
maintenance_policy { maintenance_policy {
dynamic "daily_maintenance_window" { dynamic "daily_maintenance_window" {
for_each = ( for_each = (

3
modules/gke-cluster/variables.tf
View File

@ -80,6 +80,7 @@ variable "enable_features" {
key_name = string key_name = string
})) }))
dataplane_v2 = optional(bool, false) dataplane_v2 = optional(bool, false)
gateway_api = optional(bool, false)
groups_for_rbac = optional(string) groups_for_rbac = optional(string)
intranode_visibility = optional(bool, false) intranode_visibility = optional(bool, false)
l4_ilb_subsetting = optional(bool, false) l4_ilb_subsetting = optional(bool, false)
@ -95,7 +96,7 @@ variable "enable_features" {
topic_id = optional(string) topic_id = optional(string)
})) }))
vertical_pod_autoscaling = optional(bool, false) vertical_pod_autoscaling = optional(bool, false)
workload_identity = optional(bool, false) workload_identity = optional(bool, true)
}) })
default = { default = {
workload_identity = true workload_identity = true

4
modules/gke-cluster/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/gke-hub/README.md
View File

@ -119,7 +119,7 @@ module "hub" {
} }
} }
# tftest modules=4 resources=15 # tftest modules=4 resources=16
``` ```
## Multi-cluster mesh on GKE ## Multi-cluster mesh on GKE
@ -307,7 +307,7 @@ module "hub" {
| [clusters](variables.tf#L17) | Clusters members of this GKE Hub in name => id format. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | | [clusters](variables.tf#L17) | Clusters members of this GKE Hub in name => id format. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [configmanagement_clusters](variables.tf#L24) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [configmanagement_clusters](variables.tf#L24) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [configmanagement_templates](variables.tf#L31) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map&#40;object&#40;&#123;&#10; binauthz &#61; bool&#10; config_sync &#61; object&#40;&#123;&#10; git &#61; object&#40;&#123;&#10; gcp_service_account_email &#61; string&#10; https_proxy &#61; string&#10; policy_dir &#61; string&#10; secret_type &#61; string&#10; sync_branch &#61; string&#10; sync_repo &#61; string&#10; sync_rev &#61; string&#10; sync_wait_secs &#61; number&#10; &#125;&#41;&#10; prevent_drift &#61; string&#10; source_format &#61; string&#10; &#125;&#41;&#10; hierarchy_controller &#61; object&#40;&#123;&#10; enable_hierarchical_resource_quota &#61; bool&#10; enable_pod_tree_labels &#61; bool&#10; &#125;&#41;&#10; policy_controller &#61; object&#40;&#123;&#10; audit_interval_seconds &#61; number&#10; exemptable_namespaces &#61; list&#40;string&#41;&#10; log_denies_enabled &#61; bool&#10; referential_rules_enabled &#61; bool&#10; template_library_installed &#61; bool&#10; &#125;&#41;&#10; version &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [configmanagement_templates](variables.tf#L31) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map&#40;object&#40;&#123;&#10; binauthz &#61; bool&#10; config_sync &#61; object&#40;&#123;&#10; git &#61; object&#40;&#123;&#10; gcp_service_account_email &#61; string&#10; https_proxy &#61; string&#10; policy_dir &#61; string&#10; secret_type &#61; string&#10; sync_branch &#61; string&#10; sync_repo &#61; string&#10; sync_rev &#61; string&#10; sync_wait_secs &#61; number&#10; &#125;&#41;&#10; prevent_drift &#61; string&#10; source_format &#61; string&#10; &#125;&#41;&#10; hierarchy_controller &#61; object&#40;&#123;&#10; enable_hierarchical_resource_quota &#61; bool&#10; enable_pod_tree_labels &#61; bool&#10; &#125;&#41;&#10; policy_controller &#61; object&#40;&#123;&#10; audit_interval_seconds &#61; number&#10; exemptable_namespaces &#61; list&#40;string&#41;&#10; log_denies_enabled &#61; bool&#10; referential_rules_enabled &#61; bool&#10; template_library_installed &#61; bool&#10; &#125;&#41;&#10; version &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [features](variables.tf#L66) | Enable and configue fleet features. | <code title="object&#40;&#123;&#10; appdevexperience &#61; bool&#10; configmanagement &#61; bool&#10; identityservice &#61; bool&#10; multiclusteringress &#61; string&#10; multiclusterservicediscovery &#61; bool&#10; servicemesh &#61; bool&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; appdevexperience &#61; false&#10; configmanagement &#61; false&#10; identityservice &#61; false&#10; multiclusteringress &#61; null&#10; servicemesh &#61; false&#10; multiclusterservicediscovery &#61; false&#10;&#125;">&#123;&#8230;&#125;</code> | | [features](variables.tf#L66) | Enable and configue fleet features. | <code title="object&#40;&#123;&#10; appdevexperience &#61; optional&#40;bool, false&#41;&#10; configmanagement &#61; optional&#40;bool, false&#41;&#10; identityservice &#61; optional&#40;bool, false&#41;&#10; multiclusteringress &#61; optional&#40;string, null&#41;&#10; multiclusterservicediscovery &#61; optional&#40;bool, false&#41;&#10; servicemesh &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; appdevexperience &#61; false&#10; configmanagement &#61; false&#10; identityservice &#61; false&#10; multiclusteringress &#61; null&#10; servicemesh &#61; false&#10; multiclusterservicediscovery &#61; false&#10;&#125;">&#123;&#8230;&#125;</code> |
| [workload_identity_clusters](variables.tf#L92) | Clusters that will use Fleet Workload Identity. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [workload_identity_clusters](variables.tf#L92) | Clusters that will use Fleet Workload Identity. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
## Outputs ## Outputs

12
modules/gke-hub/variables.tf
View File

@ -66,12 +66,12 @@ variable "configmanagement_templates" {
variable "features" { variable "features" {
description = "Enable and configue fleet features." description = "Enable and configue fleet features."
type = object({ type = object({
appdevexperience = bool appdevexperience = optional(bool, false)
configmanagement = bool configmanagement = optional(bool, false)
identityservice = bool identityservice = optional(bool, false)
multiclusteringress = string multiclusteringress = optional(string, null)
multiclusterservicediscovery = bool multiclusterservicediscovery = optional(bool, false)
servicemesh = bool servicemesh = optional(bool, false)
}) })
default = { default = {
appdevexperience = false appdevexperience = false

4
modules/gke-hub/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/gke-nodepool/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/iam-service-account/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/kms/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/logging-bucket/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/net-address/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/net-cloudnat/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

101
modules/net-glb/README.md
View File

@ -214,6 +214,66 @@ module "glb-0" {
} }
# tftest modules=1 resources=6 # tftest modules=1 resources=6
``` ```
#### Managed Instance Groups
This example shows how to use the module with a manage instance group as backend:
```hcl
module "win-template" {
source = "./fabric/modules/compute-vm"
project_id = "myprj"
zone = "europe-west8-a"
name = "win-template"
instance_type = "n2d-standard-2"
create_template = true
boot_disk = {
image = "projects/windows-cloud/global/images/windows-server-2019-dc-v20221214"
type = "pd-balanced"
size = 70
}
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
}]
}
module "win-mig" {
source = "./fabric/modules/compute-mig"
project_id = "myprj"
location = "europe-west8-a"
name = "win-mig"
instance_template = module.win-template.template.self_link
autoscaler_config = {
max_replicas = 3
min_replicas = 1
cooldown_period = 30
scaling_signals = {
cpu_utilization = {
target = 0.80
}
}
}
named_ports = {
http = 80
}
}
module "glb-0" {
source = "./fabric/modules/net-glb"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
default = {
backends = [
{ backend = module.win-mig.group_manager.instance_group }
]
}
}
}
# tftest modules=3 resources=8
```
#### Storage Buckets #### Storage Buckets
@ -438,6 +498,46 @@ module "glb-0" {
# tftest modules=1 resources=5 # tftest modules=1 resources=5
``` ```
Serverless NEGs don't use the port name but it should be set to `http`. An HTTPS frontend requires the protocol to be set to `HTTPS`, and the port name field will infer this value if omitted so you need to set it explicitly:
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
default = {
backends = [
{ backend = "neg-0" }
]
health_checks = []
port_name = "http"
}
}
# with a single serverless NEG the implied default health check is not needed
health_check_configs = {}
neg_configs = {
neg-0 = {
cloudrun = {
region = "europe-west8"
target_service = {
name = "hello"
}
}
}
}
protocol = "HTTPS"
ssl_certificates = {
managed_configs = {
default = {
domains = ["glb-test-0.example.org"]
}
}
}
}
# tftest modules=1 resources=6 inventory=https-sneg.yaml
```
### URL Map ### URL Map
The module exposes the full URL map resource configuration, with some minor changes to the interface to decrease verbosity, and support for aliasing backend services via keys. The module exposes the full URL map resource configuration, with some minor changes to the interface to decrease verbosity, and support for aliasing backend services via keys.
@ -489,7 +589,6 @@ The module also allows managing managed and self-managed SSL certificates via th
THe [HTTPS example above](#minimal-https-examples) shows how to configure manage certificated, the following example shows how to use an unmanaged (or self managed) certificate. The example uses Terraform resource for the key and certificate so that the we don't depend on external files when running tests, in real use the key and certificate are generally provided via external files read by the Terraform `file()` function. THe [HTTPS example above](#minimal-https-examples) shows how to configure manage certificated, the following example shows how to use an unmanaged (or self managed) certificate. The example uses Terraform resource for the key and certificate so that the we don't depend on external files when running tests, in real use the key and certificate are generally provided via external files read by the Terraform `file()` function.
```hcl ```hcl
resource "tls_private_key" "default" { resource "tls_private_key" "default" {
algorithm = "RSA" algorithm = "RSA"
rsa_bits = 4096 rsa_bits = 4096

4
modules/net-glb/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/net-ilb-l7/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/net-ilb/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/net-interconnect-attachment-direct/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/net-vpc-firewall/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/net-vpc-peering/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

4
modules/net-vpc/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers { required_providers {
google = { google = {
source = "hashicorp/google" source = "hashicorp/google"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
google-beta = { google-beta = {
source = "hashicorp/google-beta" source = "hashicorp/google-beta"
version = ">= 4.47.0" # tftest version = ">= 4.48.0" # tftest
} }
} }
} }

Some files were not shown because too many files have changed in this diff Show More