refactored to recommended method
This commit is contained in:
Dave Gulli
parent
db5030e93f
commit
5f2bc7fa92
|
|
@ -54,4 +54,5 @@ blueprints/gke/autopilot/ansible/gssh.sh
|
|||
blueprints/gke/autopilot/ansible/vars/vars.yaml
|
||||
blueprints/gke/autopilot/bundle/monitoring/kustomization.yaml
|
||||
blueprints/gke/autopilot/bundle/locust/kustomization.yaml
|
||||
blueprints/gke/autopilot/bundle.tar.gz
|
||||
blueprints/gke/autopilot/bundle.tar.gz
|
||||
modules/net-vpc/README.md
|
||||
|
|
|
|||
|
|
@ -286,7 +286,6 @@ Along with common private subnets module supports creation more service specific
|
|||
|
||||
- [Proxy-only subnets](https://cloud.google.com/load-balancing/docs/proxy-only-subnets) for Regional HTTPS Internal HTTPS Load Balancers
|
||||
- [Private Service Connect](https://cloud.google.com/vpc/docs/private-service-connect#psc-subnets) subnets
|
||||
- [Global Proxy-only subnets](https://cloud.google.com/load-balancing/docs/proxy-only-subnets#envoy-lb) with purpose for Cross-region internal Application Load Balancers
|
||||
|
||||
```hcl
|
||||
module "vpc" {
|
||||
|
|
@ -300,6 +299,13 @@ module "vpc" {
|
|||
name = "regional-proxy"
|
||||
region = "europe-west1"
|
||||
active = true
|
||||
},
|
||||
{
|
||||
ip_cidr_range = "10.0.4.0/24"
|
||||
name = "global-proxy"
|
||||
region = "australia-southeast2"
|
||||
active = true
|
||||
global = true
|
||||
}
|
||||
]
|
||||
subnets_psc = [
|
||||
|
|
@ -309,14 +315,6 @@ module "vpc" {
|
|||
region = "europe-west1"
|
||||
}
|
||||
]
|
||||
subnets_global_proxy_only = [
|
||||
{
|
||||
ip_cidr_range = "10.0.5.0/24"
|
||||
name = "global-proxy"
|
||||
region = "europe-west1"
|
||||
active = true
|
||||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml
|
||||
```
|
||||
|
|
@ -394,13 +392,6 @@ flow_logs: # enable, set to empty map to use defaults
|
|||
filter_expression: null
|
||||
```
|
||||
|
||||
```yaml
|
||||
# tftest-file id=subnet-global-proxy path=config/subnets/subnet-global-proxy.yaml
|
||||
region: europe-west4
|
||||
ip_cidr_range: 10.0.5.0/24
|
||||
purpose: GLOBAL_MANAGED_PROXY
|
||||
```
|
||||
|
||||
```yaml
|
||||
# tftest-file id=subnet-proxy path=config/subnets/subnet-proxy.yaml
|
||||
region: europe-west4
|
||||
|
|
@ -537,7 +528,6 @@ module "vpc" {
|
|||
# tftest modules=1 resources=5 inventory=ipv6.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|
|
@ -563,10 +553,9 @@ module "vpc" {
|
|||
| [subnet_iam_bindings](variables.tf#L173) | Authoritative IAM bindings in {REGION/NAME => {ROLE => {members = [], condition = {}}}}. | <code title="map(map(object({ members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })))">map(map(object({…})))</code> | | <code>{}</code> |
|
||||
| [subnet_iam_bindings_additive](variables.tf#L187) | Individual additive IAM bindings. Keys are arbitrary. | <code title="map(object({ member = string role = string subnet = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [subnets](variables.tf#L203) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) enable_private_access = optional(bool, true) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string, "INTERNAL") })) secondary_ip_ranges = optional(map(string)) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_global_proxy_only](variables.tf#L230) | List of proxy-only subnets for Cross-region Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = bool }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_proxy_only](variables.tf#L243) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = bool }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_psc](variables.tf#L256) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [vpc_create](variables.tf#L268) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
||||
| [subnets_proxy_only](variables.tf#L230) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = bool global = optional(bool, false) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_psc](variables.tf#L244) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [vpc_create](variables.tf#L256) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
@ -585,7 +574,6 @@ module "vpc" {
|
|||
| [subnet_secondary_ranges](outputs.tf#L110) | Map of subnet secondary ranges keyed by name. | |
|
||||
| [subnet_self_links](outputs.tf#L121) | Map of subnet self links keyed by name. | |
|
||||
| [subnets](outputs.tf#L126) | Subnet resources. | |
|
||||
| [subnets_global_proxy_only](outputs.tf#L131) | Cross-region internal L7 ILB resources. | |
|
||||
| [subnets_proxy_only](outputs.tf#L136) | L7 ILB or L7 Regional LB subnet resources. | |
|
||||
| [subnets_psc](outputs.tf#L141) | Private Service Connect subnet resources. | |
|
||||
| [subnets_proxy_only](outputs.tf#L131) | L7 ILB or L7 Regional LB subnet resources. | |
|
||||
| [subnets_psc](outputs.tf#L136) | Private Service Connect subnet resources. | |
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -128,11 +128,6 @@ output "subnets" {
|
|||
value = { for k, v in google_compute_subnetwork.subnetwork : k => v }
|
||||
}
|
||||
|
||||
output "subnets_global_proxy_only" {
|
||||
description = "Cross-region internal L7 ILB resources."
|
||||
value = { for k, v in google_compute_subnetwork.global_proxy_only : k => v }
|
||||
}
|
||||
|
||||
output "subnets_proxy_only" {
|
||||
description = "L7 ILB or L7 Regional LB subnet resources."
|
||||
value = { for k, v in google_compute_subnetwork.proxy_only : k => v }
|
||||
|
|
|
|||
|
|
@ -79,10 +79,6 @@ locals {
|
|||
{ for s in var.subnets_psc : "${s.region}/${s.name}" => s },
|
||||
{ for k, v in local._factory_subnets : k => v if v.purpose == "PRIVATE_SERVICE_CONNECT" }
|
||||
)
|
||||
subnets_global_proxy_only = merge(
|
||||
{ for s in var.subnets_global_proxy_only : "${s.region}/${s.name}" => s },
|
||||
{ for k, v in local._factory_subnets : k => v if v.purpose == "GLOBAL_MANAGED_PROXY" }
|
||||
)
|
||||
}
|
||||
|
||||
resource "google_compute_subnetwork" "subnetwork" {
|
||||
|
|
@ -134,25 +130,10 @@ resource "google_compute_subnetwork" "proxy_only" {
|
|||
ip_cidr_range = each.value.ip_cidr_range
|
||||
description = (
|
||||
each.value.description == null
|
||||
? "Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB."
|
||||
? "Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB"
|
||||
: each.value.description
|
||||
)
|
||||
purpose = "REGIONAL_MANAGED_PROXY"
|
||||
role = each.value.active != false ? "ACTIVE" : "BACKUP"
|
||||
}
|
||||
resource "google_compute_subnetwork" "global_proxy_only" {
|
||||
for_each = local.subnets_global_proxy_only
|
||||
project = var.project_id
|
||||
network = local.network.name
|
||||
name = each.value.name
|
||||
region = each.value.region
|
||||
ip_cidr_range = each.value.ip_cidr_range
|
||||
description = (
|
||||
each.value.description == null
|
||||
? "Terraform-managed proxy-only subnet for cross-regional Internal HTTPS LB."
|
||||
: each.value.description
|
||||
)
|
||||
purpose = "GLOBAL_MANAGED_PROXY"
|
||||
purpose = each.value.global != false ? "GLOBAL_MANAGED_PROXY" : "REGIONAL_MANAGED_PROXY"
|
||||
role = each.value.active != false ? "ACTIVE" : "BACKUP"
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -227,27 +227,15 @@ variable "subnets" {
|
|||
nullable = false
|
||||
}
|
||||
|
||||
variable "subnets_global_proxy_only" {
|
||||
description = "List of proxy-only subnets for Cross-region Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active."
|
||||
type = list(object({
|
||||
name = string
|
||||
ip_cidr_range = string
|
||||
region = string
|
||||
description = optional(string)
|
||||
active = bool
|
||||
}))
|
||||
default = []
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "subnets_proxy_only" {
|
||||
description = "List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active."
|
||||
description = "List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active."
|
||||
type = list(object({
|
||||
name = string
|
||||
ip_cidr_range = string
|
||||
region = string
|
||||
description = optional(string)
|
||||
active = bool
|
||||
global = optional(bool, false)
|
||||
}))
|
||||
default = []
|
||||
nullable = false
|
||||
|
|
|
|||
|
|
@ -16,15 +16,6 @@ values:
|
|||
module.vpc.google_compute_network.network[0]:
|
||||
name: my-network
|
||||
project: my-project
|
||||
module.vpc.google_compute_subnetwork.global_proxy_only["europe-west1/global-proxy"]:
|
||||
description: Terraform-managed global proxy-only subnet for cross-region Internal HTTPS LB.
|
||||
ip_cidr_range: 10.0.5.0/24
|
||||
log_config: []
|
||||
name: global-proxy
|
||||
project: my-project
|
||||
purpose: GLOBAL_MANAGED_PROXY
|
||||
region: europe-west1
|
||||
role: ACTIVE
|
||||
module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]:
|
||||
description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB.
|
||||
ip_cidr_range: 10.0.1.0/24
|
||||
|
|
@ -34,6 +25,15 @@ values:
|
|||
purpose: REGIONAL_MANAGED_PROXY
|
||||
region: europe-west1
|
||||
role: ACTIVE
|
||||
module.vpc.google_compute_subnetwork.proxy_only["australia-southeast2/global-proxy"]:
|
||||
description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB.
|
||||
ip_cidr_range: 10.0.4.0/24
|
||||
log_config: []
|
||||
name: global-proxy
|
||||
project: my-project
|
||||
purpose: GLOBAL_MANAGED_PROXY
|
||||
region: australia-southeast2
|
||||
role: ACTIVE
|
||||
module.vpc.google_compute_subnetwork.psc["europe-west1/psc"]:
|
||||
description: Terraform-managed subnet for Private Service Connect (PSC NAT).
|
||||
ip_cidr_range: 10.0.3.0/24
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
lint
|
||||
Loading…
Reference in New Issue