zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename network load balancer modules (#1466) 

* update LB modules to new names

* update LB modules names

* update test paths
This commit is contained in:
Ludovico Magnocavallo 2023-06-26 09:50:10 +02:00 committed by GitHub
parent 4b6552a6f6
commit 638841c8d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
106 changed files with 189 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
CHANGELOG.md
View File

@ -51,8 +51,8 @@ All notable changes to this project will be documented in this file.
### MODULES
- [[#1417](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1417)] Remove hardcoded description from instance groups created under net-ilb ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-06-05 09:35:17+00:00 -->
- [[#1415](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1415)] Add notice to net-ilb module on routes ([ludoo](https://github.com/ludoo)) <!-- 2023-06-05 07:40:34+00:00 -->
- [[#1417](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1417)] Remove hardcoded description from instance groups created under net-lb-int ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-06-05 09:35:17+00:00 -->
- [[#1415](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1415)] Add notice to net-lb-int module on routes ([ludoo](https://github.com/ludoo)) <!-- 2023-06-05 07:40:34+00:00 -->
- [[#1403](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1403)] add alloydb module ([prabhaarya](https://github.com/prabhaarya)) <!-- 2023-06-04 10:12:32+00:00 -->
- [[#1411](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1411)] Add networksecurity to JIT identity list ([rosmo](https://github.com/rosmo)) <!-- 2023-06-02 16:32:53+00:00 -->
- [[#1410](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1410)] **incompatible change:** Ensure all modules have an `id` output ([ludoo](https://github.com/ludoo)) <!-- 2023-06-02 14:07:23+00:00 -->
@ -156,7 +156,7 @@ All notable changes to this project will be documented in this file.
- [[#1365](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1365)] feat(net-cloudnat): add toggle for independent endpoint mapping and dynamic port allocation ([JSchwerberg](https://github.com/JSchwerberg)) <!-- 2023-05-12 13:38:01+00:00 -->
- [[#1367](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1367)] fix routes priority typo ([fawzihmouda](https://github.com/fawzihmouda)) <!-- 2023-05-09 14:26:24+00:00 -->
- [[#1360](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1360)] Add support for Shared VPC in Cloud Run ([juliodiez](https://github.com/juliodiez)) <!-- 2023-05-05 18:17:49+00:00 -->
- [[#1329](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1329)] fix: Change net-glb serve_while_stale type to number ([tobbbles](https://github.com/tobbbles)) <!-- 2023-05-05 07:41:13+00:00 -->
- [[#1329](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1329)] fix: Change net-lb-app-ext serve_while_stale type to number ([tobbbles](https://github.com/tobbbles)) <!-- 2023-05-05 07:41:13+00:00 -->
- [[#1308](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1308)] Add cloud dataplex module ([prabhaarya](https://github.com/prabhaarya)) <!-- 2023-05-05 07:26:46+00:00 -->
- [[#1352](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1352)] **incompatible change:** Switch FAST networking stages to network policies for Google domains ([ludoo](https://github.com/ludoo)) <!-- 2023-05-04 05:38:41+00:00 -->
- [[#1349](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1349)] Enhance GKE Backup Configuration Support ([tacchino](https://github.com/tacchino)) <!-- 2023-05-02 14:59:12+00:00 -->
@ -294,7 +294,7 @@ All notable changes to this project will be documented in this file.
- [[#1269](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1269)] Ignore changes to metadata.0.annotations in Cloud Run module ([juliocc](https://github.com/juliocc)) <!-- 2023-03-21 11:21:59+00:00 -->
- [[#1267](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1267)] Improvements to NCC-RA spoke module. ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-03-21 07:07:44+00:00 -->
- [[#1268](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1268)] simple-nva: add ability to parse BGP configs as strings. ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-03-21 06:41:13+00:00 -->
- [[#1258](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1258)] Add backend service names to outputs for net-glb and net-ilb-l7 ([rosmo](https://github.com/rosmo)) <!-- 2023-03-17 10:40:11+00:00 -->
- [[#1258](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1258)] Add backend service names to outputs for net-lb-app-ext and net-lb-app-int ([rosmo](https://github.com/rosmo)) <!-- 2023-03-17 10:40:11+00:00 -->
- [[#1259](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1259)] Add support for `iam_additive` and simplify factory interface in net VPC module ([ludoo](https://github.com/ludoo)) <!-- 2023-03-17 10:12:35+00:00 -->
- [[#1255](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1255)] **incompatible change:** Change `target_vpcs` variable in firewall policy module to support dynamic values ([ludoo](https://github.com/ludoo)) <!-- 2023-03-17 07:14:10+00:00 -->
- [[#1256](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1256)] **incompatible change:** Pin local provider ([ludoo](https://github.com/ludoo)) <!-- 2023-03-16 10:59:07+00:00 -->
@ -302,7 +302,7 @@ All notable changes to this project will be documented in this file.
- [[#1241](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1241)] **incompatible change:** Allow using existing boot disk in compute-vm module ([ludoo](https://github.com/ludoo)) <!-- 2023-03-12 09:54:00+00:00 -->
- [[#1239](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1239)] Allow overriding name in net-vpc subnet factory ([ludoo](https://github.com/ludoo)) <!-- 2023-03-11 08:30:43+00:00 -->
- [[#1226](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1226)] Fix policy_based_routing.sh script on simple-nva module ([simonebruzzechesse](https://github.com/simonebruzzechesse)) <!-- 2023-03-10 17:36:08+00:00 -->
- [[#1234](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1234)] Fixed connection tracking configuration on LB backend in net-ilb module ([simonebruzzechesse](https://github.com/simonebruzzechesse)) <!-- 2023-03-10 14:25:30+00:00 -->
- [[#1234](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1234)] Fixed connection tracking configuration on LB backend in net-lb-int module ([simonebruzzechesse](https://github.com/simonebruzzechesse)) <!-- 2023-03-10 14:25:30+00:00 -->
- [[#1232](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1232)] Network firewall policy module ([ludoo](https://github.com/ludoo)) <!-- 2023-03-10 08:21:50+00:00 -->
- [[#1219](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1219)] Network Connectivity Center module ([juliodiez](https://github.com/juliodiez)) <!-- 2023-03-09 15:01:51+00:00 -->
- [[#1227](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1227)] Add CMEK support on BQML blueprint ([lcaggio](https://github.com/lcaggio)) <!-- 2023-03-09 09:12:50+00:00 -->
@ -311,12 +311,12 @@ All notable changes to this project will be documented in this file.
- [[#1211](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1211)] **incompatible change:** Add support for proxy and psc subnets to net-vpc module factory ([ludoo](https://github.com/ludoo)) <!-- 2023-03-05 16:08:43+00:00 -->
- [[#1206](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1206)] Dataproc module. Fix output. ([lcaggio](https://github.com/lcaggio)) <!-- 2023-03-02 12:59:19+00:00 -->
- [[#1205](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1205)] Fix issue with GKE cluster notifications topic & static output for pubsub module ([rosmo](https://github.com/rosmo)) <!-- 2023-03-02 10:43:40+00:00 -->
- [[#1204](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1204)] Fix url_redirect issue on net-glb module ([erabusi](https://github.com/erabusi)) <!-- 2023-03-02 06:51:40+00:00 -->
- [[#1204](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1204)] Fix url_redirect issue on net-lb-app-ext module ([erabusi](https://github.com/erabusi)) <!-- 2023-03-02 06:51:40+00:00 -->
- [[#1199](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1199)] [Dataproc module] Fix Variables ([lcaggio](https://github.com/lcaggio)) <!-- 2023-03-01 11:16:11+00:00 -->
- [[#1200](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1200)] Add test for #1197 ([juliocc](https://github.com/juliocc)) <!-- 2023-03-01 09:15:13+00:00 -->
- [[#1198](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1198)] Fix secondary ranges in net-vpc readme ([ludoo](https://github.com/ludoo)) <!-- 2023-03-01 07:08:08+00:00 -->
- [[#1196](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1196)] Fix compute-vm:CloudKMS test for provider>=4.54.0 ([dan-farmer](https://github.com/dan-farmer)) <!-- 2023-02-28 15:53:41+00:00 -->
- [[#1194](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1194)] Fix HTTPS health check mismapped to HTTP in compute-mig and net-ilb modules ([jogoldberg](https://github.com/jogoldberg)) <!-- 2023-02-28 14:48:13+00:00 -->
- [[#1194](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1194)] Fix HTTPS health check mismapped to HTTP in compute-mig and net-lb-int modules ([jogoldberg](https://github.com/jogoldberg)) <!-- 2023-02-28 14:48:13+00:00 -->
- [[#1192](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1192)] Dataproc module: Fix outputs ([lcaggio](https://github.com/lcaggio)) <!-- 2023-02-28 10:47:23+00:00 -->
- [[#1190](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1190)] Dataproc Module ([lcaggio](https://github.com/lcaggio)) <!-- 2023-02-28 06:45:41+00:00 -->
- [[#1191](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1191)] Fix external gateway in VPN HA module ([ludoo](https://github.com/ludoo)) <!-- 2023-02-27 23:46:51+00:00 -->
@ -335,7 +335,7 @@ All notable changes to this project will be documented in this file.
- [[#1160](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1160)] Allow additive IAM grants by robots name ([wiktorn](https://github.com/wiktorn)) <!-- 2023-02-16 13:39:21+00:00 -->
- [[#1158](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1158)] changed pod_range reference to include secondary_pod_range issue #1157 ([chemapolo](https://github.com/chemapolo)) <!-- 2023-02-15 05:28:48+00:00 -->
- [[#1156](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1156)] Add 'max_time_travel_hours ' support on BQ module ([lcaggio](https://github.com/lcaggio)) <!-- 2023-02-14 08:10:12+00:00 -->
- [[#1151](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1151)] Add example about referencing existing MIGs to net-ilb module readme ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-02-11 16:45:16+00:00 -->
- [[#1151](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1151)] Add example about referencing existing MIGs to net-lb-int module readme ([LucaPrete](https://github.com/LucaPrete)) <!-- 2023-02-11 16:45:16+00:00 -->
- [[#1149](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1149)] Add documentation about JIT-ed service accounts ([wiktorn](https://github.com/wiktorn)) <!-- 2023-02-11 14:52:47+00:00 -->
- [[#1131](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1131)] Add Autopilot Support for cluster_autoscaling Configuration in GKE Module ([tacchino](https://github.com/tacchino)) <!-- 2023-02-10 12:31:57+00:00 -->
- [[#1140](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1140)] CloudSQL Backup Configuration: Support Point In Time Recovery ([tacchino](https://github.com/tacchino)) <!-- 2023-02-10 11:24:50+00:00 -->
@ -449,7 +449,7 @@ All notable changes to this project will be documented in this file.
### BLUEPRINTS
- [[#1045](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1045)] Assorted module fixes ([ludoo](https://github.com/ludoo)) <!-- 2022-12-10 14:40:15+00:00 -->
- [[#1044](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1044)] **incompatible change:** Refactor net-glb module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) <!-- 2022-12-08 16:35:45+00:00 -->
- [[#1044](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1044)] **incompatible change:** Refactor net-lb-app-ext module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) <!-- 2022-12-08 16:35:45+00:00 -->
- [[#982](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/982)] Adding Secondary IP Utilization calculation ([brianhmj](https://github.com/brianhmj)) <!-- 2022-12-07 10:45:21+00:00 -->
- [[#1037](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1037)] Bump qs and formidable in /blueprints/cloud-operations/apigee/functions/export ([dependabot[bot]](<https://github.com/dependabot[bot]>)) <!-- 2022-12-06 15:43:35+00:00 -->
- [[#1034](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1034)] feat(blueprints): get audience from tfc environment variable ([Thomgrus](https://github.com/Thomgrus)) <!-- 2022-12-05 20:15:31+00:00 -->
@ -513,7 +513,7 @@ All notable changes to this project will be documented in this file.
- [[#1048](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1048)] Document new testing approach ([ludoo](https://github.com/ludoo)) <!-- 2022-12-12 19:59:47+00:00 -->
- [[#1045](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1045)] Assorted module fixes ([ludoo](https://github.com/ludoo)) <!-- 2022-12-10 14:40:15+00:00 -->
- [[#1014](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1014)] Update typos in `net-vpc-firewall` README.md ([aymanfarhat](https://github.com/aymanfarhat)) <!-- 2022-12-08 16:48:26+00:00 -->
- [[#1044](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1044)] **incompatible change:** Refactor net-glb module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) <!-- 2022-12-08 16:35:45+00:00 -->
- [[#1044](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1044)] **incompatible change:** Refactor net-lb-app-ext module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) <!-- 2022-12-08 16:35:45+00:00 -->
- [[#1009](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1009)] Fix encryption in Data Playground blueprint ([lcaggio](https://github.com/lcaggio)) <!-- 2022-11-25 15:19:02+00:00 -->
- [[#1006](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1006)] Add settings for autoscaling to Bigtable module. ([iht](https://github.com/iht)) <!-- 2022-11-24 15:59:32+00:00 -->
- [[#1007](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1007)] fast README, one line fix: 00-cicd stage got moved to extras/ ([skalolazka](https://github.com/skalolazka)) <!-- 2022-11-23 15:31:01+00:00 -->
@ -570,7 +570,7 @@ All notable changes to this project will be documented in this file.
- [[#1045](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1045)] Assorted module fixes ([ludoo](https://github.com/ludoo)) <!-- 2022-12-10 14:40:15+00:00 -->
- [[#1040](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1040)] Fix name in google_pubsub_schema resource ([VictorCavalcanteLG](https://github.com/VictorCavalcanteLG)) <!-- 2022-12-08 17:25:36+00:00 -->
- [[#1043](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1043)] added reverse lookup feature to module dns #1042 ([chemapolo](https://github.com/chemapolo)) <!-- 2022-12-08 17:13:05+00:00 -->
- [[#1044](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1044)] **incompatible change:** Refactor net-glb module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) <!-- 2022-12-08 16:35:45+00:00 -->
- [[#1044](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1044)] **incompatible change:** Refactor net-lb-app-ext module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) <!-- 2022-12-08 16:35:45+00:00 -->
- [[#1036](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1036)] **incompatible change:** Fix status ingress/egress policies in vpc-sc module ([ludoo](https://github.com/ludoo)) <!-- 2022-12-05 08:00:01+00:00 -->
- [[#1033](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1033)] strongSwan: switch base image to debian-slim ([kunzese](https://github.com/kunzese)) <!-- 2022-12-02 12:11:02+00:00 -->
- [[#1026](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1026)] add lifecycle ignore_changes for apigee PAYG env ([g-greatdevaks](https://github.com/g-greatdevaks)) <!-- 2022-12-01 10:38:19+00:00 -->
@ -599,7 +599,7 @@ All notable changes to this project will be documented in this file.
- [[#978](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/978)] Worker pool support for `cloud-function` ([maunope](https://github.com/maunope)) <!-- 2022-11-15 16:38:42+00:00 -->
- [[#977](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/977)] Replace Docker's `gcplogs` driver with the GCP COS logging agent ([kunzese](https://github.com/kunzese)) <!-- 2022-11-15 12:19:52+00:00 -->
- [[#975](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/975)] Add validation for health check port specification to ILB L7 module ([ludoo](https://github.com/ludoo)) <!-- 2022-11-14 15:20:01+00:00 -->
- [[#974](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/974)] **incompatible change:** Refactor net-ilb-l7 module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) <!-- 2022-11-14 13:39:00+00:00 -->
- [[#974](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/974)] **incompatible change:** Refactor net-lb-app-int module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) <!-- 2022-11-14 13:39:00+00:00 -->
- [[#970](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/970)] Update logging sinks to tf1.3 in resman modules ([juliocc](https://github.com/juliocc)) <!-- 2022-11-12 18:36:59+00:00 -->
- [[#969](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/969)] Update folder and project org policy tests ([juliocc](https://github.com/juliocc)) <!-- 2022-11-11 17:01:26+00:00 -->
- [[#964](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/964)] prefix variable consistency across modules ([skalolazka](https://github.com/skalolazka)) <!-- 2022-11-11 13:38:51+00:00 -->
@ -749,7 +749,7 @@ All notable changes to this project will be documented in this file.
- [[#805](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/805)] Change `modules/project` service_config default ([juliocc](https://github.com/juliocc)) <!-- 2022-09-09 07:54:31+00:00 -->
- [[#787](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/787)] Support manager role in cloud identity group module ([lcaggio](https://github.com/lcaggio)) <!-- 2022-08-31 10:29:05+00:00 -->
- [[#786](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/786)] Secret manager flag sensitive output ([ddaluka](https://github.com/ddaluka)) <!-- 2022-08-29 11:22:52+00:00 -->
- [[#775](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/775)] net-glb: Added support for regional external HTTP(s) load balancing ([rosmo](https://github.com/rosmo)) <!-- 2022-08-27 20:58:11+00:00 -->
- [[#775](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/775)] net-lb-app-ext: Added support for regional external HTTP(s) load balancing ([rosmo](https://github.com/rosmo)) <!-- 2022-08-27 20:58:11+00:00 -->
- [[#784](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/784)] fix envoy-traffic-director config for xDS v3 ([drebes](https://github.com/drebes)) <!-- 2022-08-24 14:34:33+00:00 -->
- [[#785](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/785)] nginx-tls module ([drebes](https://github.com/drebes)) <!-- 2022-08-24 14:20:36+00:00 -->
- [[#783](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/783)] fix service unit indent on cloud-config-container module ([drebes](https://github.com/drebes)) <!-- 2022-08-24 07:38:48+00:00 -->
@ -774,7 +774,7 @@ All notable changes to this project will be documented in this file.
- [[#729](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/729)] Fix connector create logic in cloud run module ([ludoo](https://github.com/ludoo)) <!-- 2022-07-10 09:34:42+00:00 -->
- [[#726](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/726)] Fix documentation for organization-policy module ([averbuks](https://github.com/averbuks)) <!-- 2022-07-10 07:12:47+00:00 -->
- [[#722](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/722)] OrgPolicy module (factory) using new org-policy API, #698 ([averbuks](https://github.com/averbuks)) <!-- 2022-07-08 13:38:42+00:00 -->
- [[#695](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/695)] Modified reserved IP address outputs in net-glb module ([apichick](https://github.com/apichick)) <!-- 2022-07-01 17:13:10+00:00 -->
- [[#695](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/695)] Modified reserved IP address outputs in net-lb-app-ext module ([apichick](https://github.com/apichick)) <!-- 2022-07-01 17:13:10+00:00 -->
- [[#709](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/709)] Fix incompatibility between logging and monitor config/service arguments in GKE module ([psabhishekgoogle](https://github.com/psabhishekgoogle)) <!-- 2022-06-29 12:34:13+00:00 -->
- [[#708](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/708)] Fix incompatibility between backup and autopilot in GKE module ([ludoo](https://github.com/ludoo)) <!-- 2022-06-28 16:53:55+00:00 -->
- [[#707](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/707)] Fix addons for autopilot clusters and add specific tests in GKE module ([juliocc](https://github.com/juliocc)) <!-- 2022-06-28 10:41:46+00:00 -->
@ -832,7 +832,7 @@ All notable changes to this project will be documented in this file.
- optionally turn off gcplogs driver in COS modules
- fix `tag` output on `data-catalog-policy-tag` module
- add shared-vpc support on `gcs-to-bq-with-least-privileges`
- new `net-ilb-l7` module
- new `net-lb-app-int` module
- new `02-networking-peering` networking stage
- **incompatible change** the variable for PSA ranges in networking stages have changed
@ -866,7 +866,7 @@ All notable changes to this project will be documented in this file.
## [13.0.0] - 2022-01-27
- **initial Fabric FAST implementation**
- new `net-glb` module for Global External Load balancer
- new `net-lb-app-ext` module for Global External Load balancer
- new `project-factory` module in [`blueprints/factories`](./blueprints/factories)
- add missing service identity accounts (artifactregistry, composer) in project module
- new "Cloud Storage to Bigquery with Cloud Dataflow with least privileges" example
@ -1197,7 +1197,7 @@ All notable changes to this project will be documented in this file.
- **incompatible change** routes in the `net-vpc` module now interpolate the VPC name to ensure uniqueness, upgrading from a previous version will drop and recreate routes
- the top-level `docker-images` folder has been moved inside `modules/cloud-config-container/onprem`
- `dns_keys` output added to the `dns` module
- add `group-config` variable, `groups` and `group_self_links` outputs to `net-ilb` module to allow creating ILBs for externally managed instances
- add `group-config` variable, `groups` and `group_self_links` outputs to `net-lb-int` module to allow creating ILBs for externally managed instances
- make the IAM bindings depend on the compute instance in the `compute-vm` module
## [2.0.0] - 2020-06-11
@ -1245,7 +1245,7 @@ All notable changes to this project will be documented in this file.
- **incompatible change** subnets in the `net-vpc` modules are now passed as a list instead of map, and all related variables for IAM and flow logs use `region/name` instead of `name` keys; it's now possible to have the same subnet name in different regions
- replace all references to the removed `resourceviews.googleapis.com` API with `container.googleapis.com`
- fix advanced options in `gke-nodepool` module
- fix health checks in `compute-mig` and `net-ilb` modules
- fix health checks in `compute-mig` and `net-lb-int` modules
- new `cos-generic-metadata` module in the `cloud-config-container` suite
- new `envoy-traffic-director` module in the `cloud-config-container` suite
- new `pubsub` module
@ -1263,7 +1263,7 @@ All notable changes to this project will be documented in this file.
- add peering route configuration for private clusters to GKE cluster module
- **incompatible changes** in the GKE nodepool module: rename `node_config_workload_metadata_config` variable to `workload_metadata_config`, new default for `workload_metadata_config` is `GKE_METADATA_SERVER`
- **incompatible change** in the `compute-vm` module: removed support for MIG and the `group_manager` variable
- add `compute-mig` and `net-ilb` modules
- add `compute-mig` and `net-lb-int` modules
- **incompatible change** in `net-vpc`: a new `name` attribute has been added to the `subnets` variable, allowing to directly set subnet name, to update to the new module add an extra `name = false` attribute to each subnet
## [1.3.0] - 2020-04-08

56
CONTRIBUTING.md
View File

@ -7,22 +7,22 @@ Contributors are the engine that keeps Fabric alive so if you were or are planni
- [I just found a bug / have a feature request](#i-just-found-a-bug--have-a-feature-request)
- [Quick developer workflow](#quick-developer-workflow)
- [Developer's handbook](#developers-handbook)
* [The Zen of Fabric](#the-zen-of-fabric)
* [Design principles in action](#design-principles-in-action)
* [FAST stage design](#fast-stage-design)
* [Style guide reference](#style-guide-reference)
* [Interacting with checks and tools](#interacting-with-checks-and-tools)
- [The Zen of Fabric](#the-zen-of-fabric)
- [Design principles in action](#design-principles-in-action)
- [FAST stage design](#fast-stage-design)
- [Style guide reference](#style-guide-reference)
- [Interacting with checks and tools](#interacting-with-checks-and-tools)
- [Using and writing tests](#using-and-writing-tests)
* [Testing via README.md example blocks.](#testing-via-readmemd-example-blocks)
+ [Testing examples against an inventory YAML](#testing-examples-against-an-inventory-yaml)
+ [Using external files](#using-external-files)
+ [Running tests for specific examples](#running-tests-for-specific-examples)
+ [Generating the inventory automatically](#generating-the-inventory-automatically)
+ [Building tests for blueprints](#building-tests-for-blueprints)
* [Testing via `tfvars` and `yaml` (aka `tftest`-based tests)](#testing-via-tfvars-and-yaml-aka-tftest-based-tests)
+ [Generating the inventory for `tftest`-based tests](#generating-the-inventory-for-tftest-based-tests)
* [Writing tests in Python (legacy approach)](#writing-tests-in-python-legacy-approach)
* [Running tests from a temporary directory](#running-tests-from-a-temporary-directory)
- [Testing via README.md example blocks.](#testing-via-readmemd-example-blocks)
- [Testing examples against an inventory YAML](#testing-examples-against-an-inventory-yaml)
- [Using external files](#using-external-files)
- [Running tests for specific examples](#running-tests-for-specific-examples)
- [Generating the inventory automatically](#generating-the-inventory-automatically)
- [Building tests for blueprints](#building-tests-for-blueprints)
- [Testing via `tfvars` and `yaml` (aka `tftest`-based tests)](#testing-via-tfvars-and-yaml-aka-tftest-based-tests)
- [Generating the inventory for `tftest`-based tests](#generating-the-inventory-for-tftest-based-tests)
- [Writing tests in Python (legacy approach)](#writing-tests-in-python-legacy-approach)
- [Running tests from a temporary directory](#running-tests-from-a-temporary-directory)
- [Fabric tools](#fabric-tools)
## I just found a bug / have a feature request
@ -205,11 +205,11 @@ We have several such interfaces defined for IAM, log sinks, organizational polic
#### Design interfaces to support actual usage
> “When developing a module, look for opportunities to take a little bit of extra suffering upon yourself in order to reduce the suffering of your users.”
>
>
> “Providing choice is good, but interfaces should be designed to make the common case as simple as possible”
>
>
> — John Ousterhout in "A Philosophy of Software Design"
Variables should not simply map to the underlying resource attributes, but their **interfaces should be designed to match common use cases** to reduce friction and offer the highest possible degree of legibility.
This translates into different practical approaches:
@ -300,7 +300,6 @@ module "project" {
>
> — John Ousterhout in "A Philosophy of Software Design"
Designing variable spaces is one of the most complex aspects to get right, as they are the main entry point through which users consume modules, examples and FAST stages. We always strive to **design small variable spaces by leveraging objects and implementing defaults** so that users can quickly produce highly readable code.
One of many examples of this approach comes from disk support in the `compute-vm` module, where preset defaults allow quick VM management with very few lines of code, and optional variables allow progressively expanding the code when more control is needed.
@ -688,7 +687,7 @@ In the following sections we describe the three testing approaches we currently
- [tfvars-based tests](#testing-via-tfvars-and-yaml): allows you to test a module or blueprint by providing variables via tfvar files and an expected plan result in form of an inventory. This type of test is useful, for example, for FAST stages that don't have any examples within their READMEs.
- [Python-based (legacy) tests](#writing-tests-in-python--legacy-approach-): in some situations you might still want to interact directly with `tftest` via Python, if that's the case, use this method to write custom Python logic to test your module in any way you see fit.
### Testing via README.md example blocks.
### Testing via README.md example blocks
This is the preferred method to write tests for modules and blueprints. Example-based tests are triggered from [HCL Markdown fenced code blocks](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks#syntax-highlighting) in any file named README.md, hence there's no need to create any additional files or revert to Python to write a test. Most of our documentation examples are using this method.
@ -795,6 +794,7 @@ module "private-dns" {
}
# tftest modules=1 resources=2 files=records
```
```yaml
# tftest-file id=records path=records/example.yaml
A localhost:
@ -814,6 +814,7 @@ As mentioned before, we use `pytest` as our test runner, so you can use any of t
Example-based test are named based on the section within the README.md that contains them. You can use this name to select specific tests.
Here we show a few commonly used selection commands:
- Run all examples:
- `pytest tests/examples/`
- Run all examples for modules:
@ -919,7 +920,7 @@ The second approach to testing requires you to:
- define `yaml` "inventory" files with the plan and output results you want to test
- declare which of these files need to be run as tests in a `tftest.yaml` file
Let's go through each step in succession, assuming you are testing the new `net-glb` module.
Let's go through each step in succession, assuming you are testing the new `net-lb-app-ext` module.
First create a new folder under `tests/modules` replacing any dash in the module name with underscores. Note that if you were testing a blueprint the folder would go in `tests/blueprints`.
@ -973,7 +974,7 @@ Create as many pairs of `tfvars`/`yaml` files as you need to test every scenario
```yaml
# file: tests/modules/net_glb/tftest.yaml
module: modules/net-glb
module: modules/net-lb-app-ext
# if there are variables shared among all tests you can define a common file
# common_tfvars:
# - defaults.tfvars
@ -1052,12 +1053,13 @@ You can now use this output to create the inventory file for your test. As menti
Where possible, we recommend using the testing methods described in the previous sections. However, if you need it, you can still write tests using Python directly.
In general, you should try to use the `plan_summary` fixture, which runs a a terraform plan and returns a `PlanSummary` object. The most important arguments to `plan_summary` are:
- the path of the Terraform module you want to test, relative to the root of the repository
- a list of paths representing the tfvars file to pass in to terraform. These paths are relative to the python file defining the test.
If successful, `plan_summary` will return a `PlanSummary` object with the `values`, `counts` and `outputs` attributes following the same semantics described in the previous section. You can use this fields to write your custom tests.
Like before let's imagine we're writing a (python) test for `net-glb` module. First create a new folder under `tests/modules` replacing any dash in the module name with underscores. You also need to create an empty `__init__.py` file in it, to ensure `pytest` discovers you new tests automatically.
Like before let's imagine we're writing a (python) test for `net-lb-app-ext` module. First create a new folder under `tests/modules` replacing any dash in the module name with underscores. You also need to create an empty `__init__.py` file in it, to ensure `pytest` discovers you new tests automatically.
```bash
mkdir tests/modules/net_glb
@ -1065,9 +1067,10 @@ touch tests/modules/net_glb/__init__.py
```
Now create a file containing your tests, e.g. `test_plan.py`:
```python
def test_name(plan_summary, tfvars_to_yaml, tmp_path):
s = plan_summary('modules/net-glb', tf_var_files=['test-plan.tfvars'])
s = plan_summary('modules/net-lb-app-ext', tf_var_files=['test-plan.tfvars'])
address = 'google_compute_url_map.default'
assert s.values[address]['project'] == 'my-project'
```
@ -1081,16 +1084,19 @@ Most of the time you can run tests using the `pytest` command as described in pr
To enable this option, just define the environment variable `TFTEST_COPY` and any tests using the `plan_summary` fixture will automatically run from a temporary directory.
Running tests from temporary directories is useful if:
- you're running tests in parallel using `pytest-xdist`. In this case, just run you tests as follows:
```bash
TFTEST_COPY=1 pytest -n 4
```
- you're running tests for the `fast/` directory which contain tfvars and auto.tfvars files (which are read by terraform automatically) making your tests fail. In this case, you can run
```
TFTEST_COPY=1 pytest fast/
```
## Fabric tools
The main tool you will interact with in development is `tfdoc`, used to generate file, output and variable tables in README documents.

2
README.md
View File

@ -30,7 +30,7 @@ The current list of modules supports most of the core foundational and networkin
Currently available modules:
- **foundational** - [billing budget](./modules/billing-budget), [Cloud Identity group](./modules/cloud-identity-group/), [folder](./modules/folder), [service accounts](./modules/iam-service-account), [logging bucket](./modules/logging-bucket), [organization](./modules/organization), [project](./modules/project), [projects-data-source](./modules/projects-data-source)
- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [Global Load Balancer (classic)](./modules/net-glb/), [L4 ILB](./modules/net-ilb), [L7 ILB](./modules/net-ilb-l7), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [Network LB](./modules/net-nlb), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC firewall policy](./modules/net-vpc-firewall-policy), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory)
- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [External Application LB](./modules/net-lb-app-ext/), [External Network Passthrough LB](./modules/net-lb-ext), [Internal Application LB](./modules/net-lb-app-int), [Internal Network Passthrough LB](./modules/net-lb-int), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC firewall policy](./modules/net-vpc-firewall-policy), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory)
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool)
- **data** - [AlloyDB instance](./modules/alloydb-instance), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Cloud Dataplex](./modules/cloud-dataplex), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub)
- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository)

5
blueprints/apigee/README.md
View File

@ -20,5 +20,6 @@ The blueprints in this folder contain a variety of deployment scenarios for Apig
The following blueprints demonstrate a set of networking scenarios that can be implemented for Apigee X deployments.
#### Apigee X - Northbound: GLB with PSC Neg, Southbouth: PSC with ILB (L7) and Hybrid NEG
<a href="./network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg" title="Apigee X - Northbound: GLB with PSC Neg, Southbouth: PSC with ILB (L7) and Hybrid NEG"><img src="./network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/diagram.png" align="left" width="280px"></a>This [blueprint](./network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/) shows how to expose an on-prem target backend to clients in the Internet.
#### Apigee X - Northbound: External Application LB with PSC Neg, Southbouth: PSC with Internal Application LB and Hybrid NEG
<a href="./network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg" title="Northbound: External Application LB with PSC Neg, Southbouth: PSC with Internal Application LB and Hybrid NEG"><img src="./network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/diagram.png" align="left" width="280px"></a>This [blueprint](./network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/) shows how to expose an on-prem target backend to clients in the Internet.

2
blueprints/apigee/bigquery-analytics/main.tf
View File

@ -88,7 +88,7 @@ module "apigee" {
}
module "glb" {
source = "../../../modules/net-glb"
source = "../../../modules/net-lb-app-ext"
name = "glb"
project_id = module.project.project_id
protocol = "HTTPS"

5
blueprints/apigee/network-patterns/README.md
View File

@ -2,5 +2,6 @@
The blueprints in this folder demonstrate a set of networking scenarios that can be implemented for Apigee X deployments.
## Apigee X - Northbound: GLB with PSC Neg, Southbouth: PSC with ILB (L7) and Hybrid NEG
<a href="./nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg" title="Apigee X - Northbound: GLB with PSC Neg, Southbouth: PSC with ILB (L7) and Hybrid NEG"><img src="./nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/diagram.png" align="left" width="280px"></a>This [blueprint](./nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/) shows how to expose an on-prem target backend to clients in the Internet.g
## Northbound: External Application LB with PSC Neg, Southbouth: PSC with Internal Application LB and Hybrid NEG
<a href="./nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg" title="Northbound: External Application LB with PSC Neg, Southbouth: PSC with Internal Application LB and Hybrid NEG"><img src="./nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/diagram.png" align="left" width="280px"></a>This [blueprint](./nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/) shows how to expose an on-prem target backend to clients in the Internet.g

2
blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md
View File

@ -1,4 +1,4 @@
# Apigee X - Northbound GLB with PSC Neg, Southbouth PSC with ILB (L7) and Hybrid NEG
# Apigee X - Northbound: External Application LB with PSC Neg, Southbouth: PSC with Internal Application LB and Hybrid NEG
The following blueprint shows how to expose an on-prem target backend to clients in the Internet.

2
blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee_nb.tf
View File

@ -15,7 +15,7 @@
*/
module "glb" {
source = "../../../../modules/net-glb"
source = "../../../../modules/net-lb-app-ext"
name = "glb"
project_id = module.apigee_project.project_id
protocol = "HTTPS"

2
blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee_sb.tf
View File

@ -15,7 +15,7 @@
*/
module "apigee_ilb_l7" {
source = "../../../../modules/net-ilb-l7"
source = "../../../../modules/net-lb-app-int"
name = "apigee-ilb"
project_id = module.apigee_project.project_id
region = var.region

2
blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/onprem.tf
View File

@ -116,7 +116,7 @@ module "mig" {
}
module "onprem_ilb_l7" {
source = "../../../../modules/net-ilb-l7"
source = "../../../../modules/net-lb-app-int"
name = "ilb"
project_id = module.onprem_project.project_id
region = var.region

2
blueprints/cloud-operations/adfs/main.tf
View File

@ -96,7 +96,7 @@ module "server" {
}
module "glb" {
source = "../../../modules/net-glb"
source = "../../../modules/net-lb-app-ext"
name = "${var.prefix}-glb"
project_id = module.project.project_id
protocol = "HTTPS"

2
blueprints/cloud-operations/network-dashboard/README.md
View File

@ -72,7 +72,7 @@ Refer to the [Cloud Function deployment instructions](./deploy-cloud-function/)
## Assumptions and limitations
- The tool assumes all VPCs in peering groups are within the same organization, except for PSA peerings.
- The tool will only fetch subnet utilization data from the PSA peerings (not the VMs, ILB or routes usage).
- The tool will only fetch subnet utilization data from the PSA peerings (not the VMs, LB or routes usage).
- The tool assumes global routing is ON, this impacts dynamic routes usage calculation.
- The tool assumes custom routes importing/exporting is ON, this impacts static and dynamic routes usage calculation.
- The tool assumes all networks in peering groups have the same global routing and custom routes sharing configuration.

16
blueprints/data-solutions/sqlserver-alwayson/README.md
View File

@ -1,16 +1,16 @@
## SQL Server Always On Groups blueprint
This is an blueprint of building [SQL Server Always On Availability Groups](https://cloud.google.com/compute/docs/instances/sql-server/configure-availability)
using Fabric modules. It builds a two node cluster with a fileshare witness instance in an existing VPC and adds the necessary firewalling.
This is an blueprint of building [SQL Server Always On Availability Groups](https://cloud.google.com/compute/docs/instances/sql-server/configure-availability)
using Fabric modules. It builds a two node cluster with a fileshare witness instance in an existing VPC and adds the necessary firewalling.
![Architecture diagram](https://cloud.google.com/compute/images/sqlserver-ag-architecture.svg)
The actual setup process (apart from Active Directory operations) has been scripted, so that least amount of
manual works needs to performed:
The actual setup process (apart from Active Directory operations) has been scripted, so that least amount of
manual works needs to performed:
- Joining the domain using appropriate credentials
- Running an automatically generated initialization script (`C:\InitializeCluster.ps1`)
- Creating the [Availability Groups using the wizard](https://cloud.google.com/compute/docs/instances/sql-server/configure-availability#creating_an_availability_group)
- Joining the domain using appropriate credentials
- Running an automatically generated initialization script (`C:\InitializeCluster.ps1`)
- Creating the [Availability Groups using the wizard](https://cloud.google.com/compute/docs/instances/sql-server/configure-availability#creating_an_availability_group)
(please note that healthchecks are automatically configured when the appropriate AGs are created)
To monitor the installation process, the startup scripts log output to Application Log (visible under Windows Logs in Event Viewer)
@ -29,7 +29,7 @@ and to `C:\GcpSetupLog.txt` file.
| [secrets.tf](./secrets.tf) | Creates SQL admin user password secret. | <code>secret-manager</code> |
| [service-accounts.tf](./service-accounts.tf) | Creates service accounts for the instances. | <code>iam-service-account</code> |
| [variables.tf](./variables.tf) | Module variables. | |
| [vpc.tf](./vpc.tf) | Creates the VPC and manages the firewall rules and ILB. | <code>net-address</code> · <code>net-ilb</code> · <code>net-vpc</code> · <code>net-vpc-firewall</code> |
| [vpc.tf](./vpc.tf) | Creates the VPC and manages the firewall rules and LB. | <code>net-address</code> · <code>net-lb-int</code> · <code>net-vpc</code> · <code>net-vpc-firewall</code> |
## Variables

4
blueprints/data-solutions/sqlserver-alwayson/vpc.tf
View File

@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# tfdoc:file:description Creates the VPC and manages the firewall rules and ILB.
# tfdoc:file:description Creates the VPC and manages the firewall rules and LB.
locals {
internal_addresses = merge(
@ -135,7 +135,7 @@ module "ip-addresses" {
}
module "listener-ilb" {
source = "../../../modules/net-ilb"
source = "../../../modules/net-lb-int"
for_each = toset(var.always_on_groups)
project_id = var.project_id
region = var.region

6
blueprints/networking/README.md
View File

@ -52,9 +52,9 @@ The sample highlights the lack of transitivity in peering: the absence of connec
<br clear="left">
### ILB as next hop
### Internal Network LB as next hop
<a href="./ilb-next-hop/" title="ILB as next hop"><img src="./ilb-next-hop/diagram.png" align="left" width="280px"></a> This [blueprint](./ilb-next-hop/) allows testing [ILB as next hop](https://cloud.google.com/load-balancing/docs/internal/ilb-next-hop-overview) using simple Linux gateway VMS between two VPCs, to emulate virtual appliances. An optional additional ILB can be enabled to test multiple load balancer configurations and hashing.
<a href="./ilb-next-hop/" title="Internal Network LB as next hop"><img src="./ilb-next-hop/diagram.png" align="left" width="280px"></a> This [blueprint](./ilb-next-hop/) allows testing [Internal Network LB as next hop](https://cloud.google.com/load-balancing/docs/internal/ilb-next-hop-overview) using simple Linux gateway VMS between two VPCs, to emulate virtual appliances. An optional additional Internal Network LB can be enabled to test multiple load balancer configurations and hashing.
<br clear="left">
@ -95,4 +95,4 @@ It is meant to be used as a starting point for most Shared VPC configurations, a
It is meant to be used as a starting point for users that want to explore PSC to reduce some of the complexity in their network setup.
<br clear="left">
<br clear="left">

2
blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/main.tf
View File

@ -303,7 +303,7 @@ module "proxy-vm" {
}
module "glb" {
source = "../../../modules/net-glb"
source = "../../../modules/net-lb-app-ext"
project_id = module.project.project_id
name = "${var.prefix}-reverse-proxy-glb"
health_check_configs = {

2
blueprints/networking/filtering-proxy-psc/main.tf
View File

@ -201,7 +201,7 @@ module "squid-mig" {
}
module "squid-ilb" {
source = "../../../modules/net-ilb"
source = "../../../modules/net-lb-int"
project_id = module.project.project_id
region = var.region
name = "squid-ilb"

2
blueprints/networking/filtering-proxy/main.tf
View File

@ -202,7 +202,7 @@ module "squid-mig" {
module "squid-ilb" {
count = var.mig ? 1 : 0
source = "../../../modules/net-ilb"
source = "../../../modules/net-lb-int"
project_id = module.project-host.project_id
region = var.region
name = "squid-ilb"

2
blueprints/networking/glb-and-armor/main.tf
View File

@ -192,7 +192,7 @@ module "mig_ue1" {
}
module "glb" {
source = "../../../modules/net-glb"
source = "../../../modules/net-lb-app-ext"
name = "${var.prefix}-http-lb"
project_id = module.project.project_id
backend_service_configs = {

33
blueprints/networking/glb-hybrid-neg-internal/README.md
View File

@ -1,12 +1,12 @@
# GLB and multi-regional daisy-chaining through hybrid NEGs
# External Application LB and multi-regional daisy-chaining through hybrid NEGs
The blueprint shows the experimental use of hybrid NEGs behind eXternal Global Load Balancers (GLBs) to connect to GCP instances living in spoke VPCs and behind Network Virtual Appliances (NVAs).
The blueprint shows the experimental use of hybrid NEGs behind External Application Load Balancers to connect to GCP instances living in spoke VPCs and behind Network Virtual Appliances (NVAs).
<p align="center"> <img src="diagram.png" width="700"> </p>
This allows users to not configure per-destination-VM NAT rules in the NVAs.
The user traffic will enter the GLB, it will go across the NVAs and it will be routed to the destination VMs (or the ILBs behind the VMs) in the spokes.
The user traffic will enter the External Application LB, it will go across the NVAs and it will be routed to the destination VMs (or the LBs behind the VMs) in the spokes.
## What the blueprint creates
@ -16,23 +16,23 @@ The ids `primary` and `secondary` are used to identify two regions. By default,
- Projects: landing, spoke-01
- VPCs and subnets
+ landing-untrusted: primary - 192.168.1.0/24 and secondary - 192.168.2.0/24
+ landing-trusted: primary - 192.168.11.0/24 and secondary - 192.168.22.0/24
+ spoke-01: primary - 192.168.101.0/24 and secondary - 192.168.102.0/24
- landing-untrusted: primary - 192.168.1.0/24 and secondary - 192.168.2.0/24
- landing-trusted: primary - 192.168.11.0/24 and secondary - 192.168.22.0/24
- spoke-01: primary - 192.168.101.0/24 and secondary - 192.168.102.0/24
- Cloud NAT
+ landing-untrusted (both for primary and secondary)
+ in spoke-01 (both for primary and secondary) - this is just for test purposes, so you VMs can automatically install nginx, even if NVAs are still not ready
- landing-untrusted (both for primary and secondary)
- in spoke-01 (both for primary and secondary) - this is just for test purposes, so you VMs can automatically install nginx, even if NVAs are still not ready
- VMs
+ NVAs in MIGs in the landing project, both in primary and secondary, with NICs in the untrusted and in the trusted VPCs
+ Test VMs, in spoke-01, both in primary and secondary. Optionally, deployed in MIGs
- NVAs in MIGs in the landing project, both in primary and secondary, with NICs in the untrusted and in the trusted VPCs
- Test VMs, in spoke-01, both in primary and secondary. Optionally, deployed in MIGs
- Hybrid NEGs in the untrusted VPC, both in primary and secondary, either pointing to the test VMs in the spoke or -optionally- to ILBs in the spokes (if test VMs are deployed as MIGs)
- Hybrid NEGs in the untrusted VPC, both in primary and secondary, either pointing to the test VMs in the spoke or -optionally- to LBs in the spokes (if test VMs are deployed as MIGs)
- Internal Load balancers (L4 ILBs)
+ in the untrusted VPC, pointing to NVA MIGs, both in primary and secondary. Their VIPs are used by custom routes in the untrusted VPC, so that all traffic that arrives in the untrusted VPC destined for the test VMs in the spoke is sent through the NVAs
+ optionally, in the spokes. They are created if the user decides to deploy the test VMs as MIGs
- Internal Network Load balancers (L4 LBs)
- in the untrusted VPC pointing to NVA MIGs, both in primary and secondary. Their VIPs are used by custom routes in the untrusted VPC, so that all traffic that arrives in the untrusted VPC destined for the test VMs in the spoke is sent through the NVAs
- optionally, in the spokes. They are created if the user decides to deploy the test VMs as MIGs
- External Global Load balancer (GLB) in the untrusted VPC, using the hybrid NEGs as its backends
@ -48,7 +48,7 @@ The blueprint configures some custom routes in the untrusted VPC and routing/NAT
Specifically:
- we create two custom routes in the untrusted VPC (one per region) so that traffic for the spoke subnets is sent to the VIP of the L4 ILBs in front of the NVAs
- we create two custom routes in the untrusted VPC (one per region) so that traffic for the spoke subnets is sent to the VIP of the L4 LBs in front of the NVAs
- we configure the NVAs so they know how to route traffic to the spokes via the trusted VPC gateway
@ -56,7 +56,7 @@ Specifically:
## Change the ilb_create variable
Through the `ilb_create` variable you can decide whether test VMs in the spoke will be deployed as MIGs with ILBs in front. This will also configure NEGs, so they point to the ILB VIPs, instead of the VM IPs.
Through the `ilb_create` variable you can decide whether test VMs in the spoke will be deployed as MIGs with LBs in front. This will also configure NEGs, so they point to the LB VIPs, instead of the VM IPs.
At the moment, every time a user changes the configuration of a NEG, the NEG is recreated. When this happens, the provider doesn't check if it is used by other resources, such as GLB backend services. Until this doesn't get fixed, every time you'll need to change the NEG configuration (i.e. when changing the variable `ilb_create`) you'll have to workaround it. Here is how:
@ -86,6 +86,7 @@ At the moment, every time a user changes the configuration of a NEG, the NEG is
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/networking/glb-hybrid-neg-internal"

2
blueprints/networking/glb-hybrid-neg-internal/glb.tf
View File

@ -17,7 +17,7 @@
# tfdoc:file:description External Global Load Balancer.
module "hybrid-glb" {
source = "../../../modules/net-glb"
source = "../../../modules/net-lb-app-ext"
project_id = module.project_landing.project_id
name = "hybrid-glb"
backend_service_configs = {

2
blueprints/networking/glb-hybrid-neg-internal/nva.tf
View File

@ -67,7 +67,7 @@ module "nva_migs" {
module "nva_untrusted_ilbs" {
for_each = var.regions
source = "../../../modules/net-ilb"
source = "../../../modules/net-lb-int"
project_id = module.project_landing.project_id
region = each.value
name = "nva-ilb-${local.zones[each.key]}"

2
blueprints/networking/glb-hybrid-neg-internal/spoke.tf
View File

@ -126,7 +126,7 @@ module "test_vm_migs" {
module "test_vm_ilbs" {
for_each = var.ilb_create ? var.regions : {}
source = "../../../modules/net-ilb"
source = "../../../modules/net-lb-int"
project_id = module.project_spoke_01.project_id
region = each.value
name = "test-vm-ilb-${each.value}"

8
blueprints/networking/ilb-next-hop/README.md
View File

@ -1,4 +1,4 @@
# Internal Load Balancer as Next Hop
# Internal Network Load Balancer as Next Hop
This blueprint bootstraps a minimal infrastructure for testing [ILB as next hop](https://cloud.google.com/load-balancing/docs/internal/ilb-next-hop-overview), using simple Linux gateway VMS between two VPCs to emulate virtual appliances.
@ -10,13 +10,13 @@ Two ILBs are configured on the primary and secondary interfaces of gateway VMs w
## Testing
This setup can be used to test and verify new ILB features like [forwards all protocols on ILB as next hops](https://cloud.google.com/load-balancing/docs/internal/ilb-next-hop-overview#all-traffic) and [symmetric hashing](https://cloud.google.com/load-balancing/docs/internal/ilb-next-hop-overview#symmetric-hashing), using simple `curl` and `ping` tests on clients. To make this practical, test VMs on both VPCs have `nginx` pre-installed and active on port 80.
This setup can be used to test and verify new Internal Network LB features like [forwards all protocols on Internal Network LB as next hops](https://cloud.google.com/load-balancing/docs/internal/ilb-next-hop-overview#all-traffic) and [symmetric hashing](https://cloud.google.com/load-balancing/docs/internal/ilb-next-hop-overview#symmetric-hashing), using simple `curl` and `ping` tests on clients. To make this practical, test VMs on both VPCs have `nginx` pre-installed and active on port 80.
On the gateways, `iftop` and `tcpdump` are installed by default to quickly monitor traffic passing forwarded across VPCs.
Session affinity on the ILB backend services can be changed using `gcloud compute backend-services update` on each of the ILBs, or by setting the `ilb_session_affinity` variable to update both ILBs.
Session affinity on the Internal Network LB backend services can be changed using `gcloud compute backend-services update` on each of the Internal Network LBs, or by setting the `ilb_session_affinity` variable to update both Internal Network LBs.
Simple `/root/start.sh` and `/root/stop.sh` scripts are pre-installed on both gateways to configure `iptables` so that health check requests are rejected and re-enabled, to quickly simulate removing instances from the ILB backends.
Simple `/root/start.sh` and `/root/stop.sh` scripts are pre-installed on both gateways to configure `iptables` so that health check requests are rejected and re-enabled, to quickly simulate removing instances from the Internal Network LB backends.
Some scenarios to test:

4
blueprints/networking/ilb-next-hop/gateways.tf
View File

@ -60,7 +60,7 @@ module "gw" {
}
module "ilb-left" {
source = "../../../modules/net-ilb"
source = "../../../modules/net-lb-int"
project_id = module.project.project_id
region = var.region
name = "${var.prefix}-ilb-left"
@ -84,7 +84,7 @@ module "ilb-left" {
}
module "ilb-right" {
source = "../../../modules/net-ilb"
source = "../../../modules/net-lb-int"
project_id = module.project.project_id
region = var.region
name = "${var.prefix}-ilb-right"

4
blueprints/networking/psc-glb-and-armor/README.md
View File

@ -27,7 +27,7 @@ This architecture is ideal, if the external Load Balancer and the application ar
In a real world implementation, the IaC code might be split into two separate repositories, and the application team raises changes to the load balancer using a pull request. Also the service attachment in the producer project is configured to allow all connections via `connection_preference = "ACCEPT_AUTOMATIC"` in a real world setup you would want to use a manual white listing instead.
The Terraform IaC also deploys a VM to the producer VPC network, this VM is only needed for the internal Layer 7 Load Balancer to properly work with Cloud Run, but has no logical function in the setup, no traffic is routed via this machine.
The Terraform IaC also deploys a VM to the producer VPC network, this VM is only needed for the internal Layer 7 Load Balancer to properly work with Cloud Run, but has no logical function in the setup, no traffic is routed via this machine.
## Setup
@ -101,7 +101,7 @@ The above command will delete the associated resources so there will be no billa
|---|---|:---:|:---:|:---:|
| [consumer_project_id](variables.tf#L17) | The consumer project, in which the GCLB and Cloud Armor should be created. | <code>string</code> | ✓ | |
| [prefix](variables.tf#L22) | Prefix used for resource names. | <code>string</code> | ✓ | |
| [producer_project_id](variables.tf#L31) | The producer project, in which the ILB, PSC Service Attachment and Cloud Run service should be created. | <code>string</code> | ✓ | |
| [producer_project_id](variables.tf#L31) | The producer project, in which the LB, PSC Service Attachment and Cloud Run service should be created. | <code>string</code> | ✓ | |
| [project_create](variables.tf#L36) | Create project instead of using an existing one. | <code>bool</code> | | <code>false</code> |
| [region](variables.tf#L42) | The GCP region in which the resources should be deployed. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [zone](variables.tf#L48) | The GCP zone for the VM. | <code>string</code> | | <code>&#34;europe-west1-b&#34;</code> |

4
blueprints/networking/psc-glb-and-armor/variables.tf
View File

@ -29,7 +29,7 @@ variable "prefix" {
}
variable "producer_project_id" {
description = "The producer project, in which the ILB, PSC Service Attachment and Cloud Run service should be created."
description = "The producer project, in which the LB, PSC Service Attachment and Cloud Run service should be created."
type = string
}
@ -49,4 +49,4 @@ variable "zone" {
description = "The GCP zone for the VM."
type = string
default = "europe-west1-b"
}
}

2
blueprints/serverless/api-gateway/main.tf
View File

@ -102,7 +102,7 @@ module "gateways" {
}
module "glb" {
source = "../../../modules/net-glb"
source = "../../../modules/net-lb-app-ext"
project_id = module.project.project_id
name = "glb"
backend_service_configs = {

18
blueprints/serverless/cloud-run-corporate/README.md
View File

@ -7,6 +7,7 @@ This blueprint contains all the necessary Terraform modules to build and __priva
The content of this blueprint corresponds to the chapter '_Developing an enterprise application - The corporate environment_' of the [__Serverless Networking Guide__](https://services.google.com/fh/files/misc/serverless_networking_guide.pdf). This guide is an easy to follow introduction to Cloud Run, where a couple of friendly characters will guide you from the basics to more advanced topics with a very practical approach and in record time! The code here complements this learning and allows you to test the scenarios presented and your knowledge.
If you are interested in following this guide, take a look to the chapters' blueprints:
* [My serverless "Hello, World! - Exploring Cloud Run](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/blueprints/serverless/cloud-run-explore)
* [Developing an enterprise application - The corporate environment](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/blueprints/serverless/cloud-run-corporate)
@ -33,21 +34,27 @@ Below it is explained how to set this information.
### General steps
1. Clone the repo to your local machine or Cloud Shell:
```bash
git clone https://github.com/GoogleCloudPlatform/cloud-foundation-fabric
```
2. Change to the directory of the blueprint:
```bash
cd cloud-foundation-fabric/blueprints/serverless/cloud-run-corporate
```
You should see this README and some terraform files.
3. To deploy a specific use case, you will need to create a file in this directory called `terraform.tfvars` and follow the corresponding instructions to set variables. Sometimes values that are meant to be substituted will be shown inside brackets but you need to omit these brackets. E.g.:
```tfvars
project_id = "[your-project_id]"
```
may become
```tfvars
project_id = "spiritual-hour-331417"
```
@ -55,6 +62,7 @@ project_id = "spiritual-hour-331417"
Use cases are self-contained so you can deploy any of them at will.
4. The usual terraform commands will do the work:
```bash
terraform init
terraform plan
@ -72,10 +80,13 @@ This use case deploys a Cloud Run service and a VM in the same project. To priva
<p align="center"> <img src="images/use-case-1.png" width="600"> </p>
In this case the only variable that you need to set in `terraform.tfvars` is the main project ID:
```tfvars
prj_main_id = "[your-main-project-id]"
```
Alternatively you can pass this value on the command line:
```bash
terraform apply -var prj_main_id="[your-main-project-id]"
```
@ -93,6 +104,7 @@ This use case deploys a Cloud Run service in a GCP project and simulates an on-p
<p align="center"> <img src="images/use-case-2.png" width="600"> </p>
You will need to set both the main and the on-prem project IDs in `terraform.tfvars`:
```tfvars
prj_main_id = "[your-main-project-id]"
prj_onprem_id = "[your-onprem-project-id]"
@ -165,11 +177,11 @@ prj_svc1_id = "[your-service-project1-id]"
### Use case 4: Access to Cloud Run with custom domain
You need to use a L7 ILB with Serverless NEGs (in Preview) to set a custom domain for Cloud Run. As a practical example, this blueprint deploys this configuration in a Shared VPC environment with two Cloud Run services running in a service project and the ILB exposing them via a custom domain, pointing to them through a URL map: `/cart` and `/checkout`.
You need to use an Internal Application LB (L7) with Serverless NEGs (in Preview) to set a custom domain for Cloud Run. As a practical example, this blueprint deploys this configuration in a Shared VPC environment with two Cloud Run services running in a service project and the LB exposing them via a custom domain, pointing to them through a URL map: `/cart` and `/checkout`.
<p align="center"> <img src="images/use-case-4.png" width="600"> </p>
The blueprint uses an HTTP connection to the ILB to avoid management of SSL certificates. To test access, VMs are created in the host and service projects. Set the following in `terraform.tfvars`:
The blueprint uses an HTTP connection to the LB to avoid management of SSL certificates. To test access, VMs are created in the host and service projects. Set the following in `terraform.tfvars`:
```tfvars
prj_main_id = "[your-main-project-id]" # Used as host project
@ -184,9 +196,11 @@ SSH into a test VM and run `curl` specifying as URL the host, your custom domain
## Cleaning up your environment
The easiest way to remove all the deployed resources is to run the following command:
```bash
terraform destroy
```
The above command will delete the associated resources so there will be no billable charges made afterwards. Projects are removed from Terraform state but not deleted from Google Cloud.
<!-- BEGIN TFDOC -->

2
blueprints/serverless/cloud-run-corporate/main.tf
View File

@ -349,7 +349,7 @@ resource "google_compute_global_forwarding_rule" "psc_endpoint_prj1" {
###############################################################################
module "ilb-l7" {
source = "../../../modules/net-ilb-l7"
source = "../../../modules/net-lb-app-int"
count = var.custom_domain == null ? 0 : 1
project_id = module.project_main.project_id
name = "ilb-l7-cr"

2
blueprints/serverless/cloud-run-explore/main.tf
View File

@ -67,7 +67,7 @@ resource "google_compute_global_address" "default" {
# Global L7 HTTPS Load Balancer in front of Cloud Run
module "glb" {
source = "../../../modules/net-glb"
source = "../../../modules/net-lb-app-ext"
count = local.gclb_create ? 1 : 0
project_id = module.project.project_id
name = "glb"

2
fast/stages/2-networking-a-peering/README.md
View File

@ -88,7 +88,7 @@ Minimizing the number of routes (and subnets) in use on the cloud environment is
This stage uses a dedicated /16 block (which should of course be sized to your needs) for each region in each VPC, and subnets created in each VPC derive their ranges from the relevant block.
Spoke VPCs also define and reserve two "special" CIDR ranges dedicated to [PSA (Private Service Access)](https://cloud.google.com/vpc/docs/private-services-access) and [Internal HTTPs Load Balancers (L7ILB)](https://cloud.google.com/load-balancing/docs/l7-internal).
Spoke VPCs also define and reserve two "special" CIDR ranges dedicated to [PSA (Private Service Access)](https://cloud.google.com/vpc/docs/private-services-access) and [Internal Application Load Balancers (L7 LBs)](https://cloud.google.com/load-balancing/docs/l7-internal).
Routes in GCP are either automatically created for VPC subnets, manually created via static routes, or dynamically programmed by [Cloud Routers](https://cloud.google.com/network-connectivity/docs/router#docs) via BGP sessions, which can be configured to advertise VPC ranges, and/or custom ranges via custom advertisements.

2
fast/stages/2-networking-b-vpn/README.md
View File

@ -86,7 +86,7 @@ Minimizing the number of routes (and subnets) in use on the cloud environment is
This stage uses a dedicated /16 block (which should of course be sized to your needs) for each region in each VPC, and subnets created in each VPC derive their ranges from the relevant block.
Spoke VPCs also define and reserve two "special" CIDR ranges dedicated to [PSA (Private Service Access)](https://cloud.google.com/vpc/docs/private-services-access) and [Internal HTTPs Load Balancers (L7ILB)](https://cloud.google.com/load-balancing/docs/l7-internal).
Spoke VPCs also define and reserve two "special" CIDR ranges dedicated to [PSA (Private Service Access)](https://cloud.google.com/vpc/docs/private-services-access) and [Internal Application Load Balancers (L7 LBs)](https://cloud.google.com/load-balancing/docs/l7-internal).
Routes in GCP are either automatically created for VPC subnets, manually created via static routes, or dynamically programmed by [Cloud Routers](https://cloud.google.com/network-connectivity/docs/router#docs) via BGP sessions, which can be configured to advertise VPC ranges, and/or custom ranges via custom advertisements.

4
fast/stages/2-networking-c-nva/README.md
View File

@ -63,7 +63,7 @@ The final number of subnets, and their IP addressing will depend on the user-spe
### Multi-regional deployment
The stage deploys the the infrastructure in two regions. By default, europe-west1 and europe-west4. Regional resources include NVAs (templates, MIGs, ILBs) and test VMs.
The stage deploys the the infrastructure in two regions. By default, europe-west1 and europe-west4. Regional resources include NVAs (templates, MIGs, LBs) and test VMs.
This provides enough redundancy to be resilient to regional failures.
### VPC design
@ -135,7 +135,7 @@ Spoke VPCs also define and reserve three "special" CIDR ranges, derived from the
- The third-last /24 range is used for PSA (CloudSQL, MySQL)
- [Internal HTTPs Load Balancers (L7ILB)](https://cloud.google.com/load-balancing/docs/l7-internal):
- [Internal Application Load Balancers (L7 LBs)](https://cloud.google.com/load-balancing/docs/l7-internal):
- The last /24 range

4
fast/stages/2-networking-c-nva/nva.tf
View File

@ -124,7 +124,7 @@ module "ilb-nva-untrusted" {
subnet = "${v}/landing-untrusted-default-${local.region_shortnames[v]}"
}
}
source = "../../../modules/net-ilb"
source = "../../../modules/net-lb-int"
project_id = module.landing-project.project_id
region = each.value.region
name = "nva-untrusted-${each.key}"
@ -155,7 +155,7 @@ module "ilb-nva-trusted" {
subnet = "${v}/landing-trusted-default-${local.region_shortnames[v]}"
}
}
source = "../../../modules/net-ilb"
source = "../../../modules/net-lb-int"
project_id = module.landing-project.project_id
region = each.value.region
name = "nva-trusted-${each.key}"

2
fast/stages/2-networking-d-separate-envs/README.md
View File

@ -60,7 +60,7 @@ Minimizing the number of routes (and subnets) in use on the cloud environment is
This stage uses a dedicated /16 block (which should of course be sized to your needs) shared by all regions and environments, and subnets created in each VPC derive their ranges from their relevant block.
Each VPC also defines and reserves two "special" CIDR ranges dedicated to [PSA (Private Service Access)](https://cloud.google.com/vpc/docs/private-services-access) and [Internal HTTPs Load Balancers (L7ILB)](https://cloud.google.com/load-balancing/docs/l7-internal).
Each VPC also defines and reserves two "special" CIDR ranges dedicated to [PSA (Private Service Access)](https://cloud.google.com/vpc/docs/private-services-access) and [Internal Application Load Balancers (L7 LBs)](https://cloud.google.com/load-balancing/docs/l7-internal).
Routes in GCP are either automatically created for VPC subnets, manually created via static routes, or dynamically programmed by [Cloud Routers](https://cloud.google.com/network-connectivity/docs/router#docs) via BGP sessions, which can be configured to advertise VPC ranges, and/or custom ranges via custom advertisements.

2
fast/stages/2-networking-e-nva-bgp/README.md
View File

@ -157,7 +157,7 @@ Spoke VPCs also define and reserve three "special" CIDR ranges, derived from the
- The third-last /24 range is used for PSA (CloudSQL, MySQL)
- [Internal HTTPs Load Balancers (L7ILB)](https://cloud.google.com/load-balancing/docs/l7-internal):
- [Internal Application Load Balancers (L7 LBs)](https://cloud.google.com/load-balancing/docs/l7-internal):
- The last /24 range

8
modules/README.md
View File

@ -45,11 +45,11 @@ These modules are used in the examples included in this repository. If you are u
- [Cloud Endpoints](./endpoints)
- [DNS](./dns)
- [DNS Response Policy](./dns-response-policy/)
- [Global Load Balancer](./net-glb/)
- [L4 ILB](./net-ilb)
- [L7 ILB](./net-ilb-l7)
- [External Application Load Balancer](./net-lb-app-ext/)
- [External Network Passthrough Load Balancer](./net-lb-ext)
- [Internal Application LB](./net-lb-app-int)
- [Internal Network Passthrough Load Balancer](./net-lb-int)
- [NAT](./net-cloudnat)
- [Network Load Balancer](./net-nlb)
- [Service Directory](./service-directory)
- [VPC](./net-vpc)
- [VPC firewall](./net-vpc-firewall)

2
modules/compute-mig/README.md
View File

@ -2,7 +2,7 @@
This module allows creating a managed instance group supporting one or more application versions via instance templates. Optionally, a health check and an autoscaler can be created, and the managed instance group can be configured to be stateful.
This module can be coupled with the [`compute-vm`](../compute-vm) module which can manage instance templates, and the [`net-ilb`](../net-ilb) module to assign the MIG to a backend wired to an Internal Load Balancer. The first use case is shown in the examples below.
This module can be coupled with the [`compute-vm`](../compute-vm) module which can manage instance templates, and the [`net-lb-int`](../net-lb-int) module to assign the MIG to a backend wired to an Internal Load Balancer. The first use case is shown in the examples below.
Stateful disks can be created directly, as shown in the last example below.

0
modules/net-glb/.gitignore → modules/net-lb-app-ext/.gitignore vendored
View File

40
modules/net-glb/README.md → modules/net-lb-app-ext/README.md
View File

@ -1,4 +1,4 @@
# Global HTTP/S Classic Load Balancer Module
# External Application Load Balancer Module
This module allows managing Global HTTP/HTTPS Classic Load Balancers (GLBs). It's designed to expose the full configuration of the underlying resources, and to facilitate common usage patterns by providing sensible defaults, and optionally managing prerequisite resources like health checks, instance groups, etc.
@ -27,7 +27,7 @@ An HTTP load balancer with a backend service pointing to a GCE instance group:
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -50,7 +50,7 @@ An HTTPS load balancer needs a certificate and backends can be HTTP or HTTPS. TH
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -80,7 +80,7 @@ For HTTPS backends the backend service protocol needs to be set to `HTTPS`. The
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -117,7 +117,7 @@ The module uses a classic Global Load Balancer by default. To use the non-classi
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
use_classic_version = false
@ -143,7 +143,7 @@ Health checks created by this module are controlled via the `health_check_config
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = var.project_id
name = "glb-test-0"
backend_service_configs = {
@ -168,7 +168,7 @@ To leverage existing health checks without having the module create them, simply
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = var.project_id
name = "glb-test-0"
backend_service_configs = {
@ -192,7 +192,7 @@ The module can optionally create unmanaged instance groups, which can then be re
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -263,7 +263,7 @@ module "win-mig" {
}
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -283,7 +283,7 @@ GCS bucket backends can also be managed and used in this module in a similar way
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_buckets_config = {
@ -303,7 +303,7 @@ Supported Network Endpoint Groups (NEGs) can also be used as backends. Similarly
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -327,7 +327,7 @@ This example shows how to create and manage zonal NEGs using GCE VMs as endpoint
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -367,7 +367,7 @@ This example shows how to create and manage hybrid NEGs:
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -405,7 +405,7 @@ This example shows how to create and manage internet NEGs:
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -441,7 +441,7 @@ The module supports managing PSC NEGs if the non-classic version of the load bal
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
use_classic_version = false
@ -473,7 +473,7 @@ The module supports managing Serverless NEGs for Cloud Run and Cloud Function. T
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -504,7 +504,7 @@ Serverless NEGs don't use the port name but it should be set to `http`. An HTTPS
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -548,7 +548,7 @@ The default URL map configuration sets the `default` backend service as the defa
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -611,7 +611,7 @@ resource "tls_self_signed_cert" "default" {
}
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_service_configs = {
@ -643,7 +643,7 @@ This example mixes group and NEG backends, and shows how to set HTTPS for specif
```hcl
module "glb-0" {
source = "./fabric/modules/net-glb"
source = "./fabric/modules/net-lb-app-ext"
project_id = "myprj"
name = "glb-test-0"
backend_buckets_config = {

0
modules/net-glb/backend-service.tf → modules/net-lb-app-ext/backend-service.tf
View File

0
modules/net-glb/backends.tf → modules/net-lb-app-ext/backends.tf
View File

0
modules/net-glb/health-check.tf → modules/net-lb-app-ext/health-check.tf
View File

0
modules/net-glb/main.tf → modules/net-lb-app-ext/main.tf
View File

0
modules/net-glb/negs.tf → modules/net-lb-app-ext/negs.tf
View File

0
modules/net-glb/outputs.tf → modules/net-lb-app-ext/outputs.tf
View File

0
modules/net-glb/urlmap.tf → modules/net-lb-app-ext/urlmap.tf
View File

0
modules/net-glb/variables-backend-service.tf → modules/net-lb-app-ext/variables-backend-service.tf
View File

0
modules/net-glb/variables-health-check.tf → modules/net-lb-app-ext/variables-health-check.tf
View File

0
modules/net-glb/variables-urlmap.tf → modules/net-lb-app-ext/variables-urlmap.tf
View File

0
modules/net-glb/variables.tf → modules/net-lb-app-ext/variables.tf
View File

0
modules/net-glb/versions.tf → modules/net-lb-app-ext/versions.tf
View File

30
modules/net-ilb-l7/README.md → modules/net-lb-app-int/README.md
View File

@ -1,4 +1,4 @@
# Internal (HTTP/S) Load Balancer Module
# Internal Application Load Balancer Module
This module allows managing Internal HTTP/HTTPS Load Balancers (L7 ILBs). It's designed to expose the full configuration of the underlying resources, and to facilitate common usage patterns by providing sensible defaults, and optionally managing prerequisite resources like health checks, instance groups, etc.
@ -21,7 +21,7 @@ An HTTP ILB with a backend service pointing to a GCE instance group:
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = var.project_id
region = "europe-west1"
@ -44,7 +44,7 @@ An HTTPS ILB needs a few additional fields:
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = var.project_id
region = "europe-west1"
@ -75,7 +75,7 @@ When using Shared VPC, this module also allows configuring [cross-project backen
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = "prj-host"
region = "europe-west1"
@ -113,7 +113,7 @@ Defining different health checks from the default is very easy. You can for exam
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = var.project_id
region = "europe-west1"
@ -142,7 +142,7 @@ To leverage existing health checks without having the module create them, simply
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = var.project_id
region = "europe-west1"
@ -169,7 +169,7 @@ The module can optionally create unmanaged instance groups, which can then be re
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = var.project_id
region = "europe-west1"
@ -204,7 +204,7 @@ Network Endpoint Groups (NEGs) can be used as backends, by passing their id as t
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = var.project_id
region = "europe-west1"
@ -239,7 +239,7 @@ resource "google_compute_address" "test" {
}
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = var.project_id
region = "europe-west1"
@ -279,7 +279,7 @@ module "ilb-l7" {
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = var.project_id
region = "europe-west1"
@ -313,7 +313,7 @@ module "ilb-l7" {
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = var.project_id
region = "europe-west1"
@ -350,7 +350,7 @@ module "ilb-l7" {
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = var.project_id
region = "europe-west1"
@ -387,7 +387,7 @@ The default URL map configuration sets the `default` backend service as the defa
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = var.project_id
region = "europe-west1"
@ -454,7 +454,7 @@ resource "tls_self_signed_cert" "default" {
}
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test"
project_id = var.project_id
region = "europe-west1"
@ -494,7 +494,7 @@ This example mixes group and NEG backends, and shows how to set HTTPS for specif
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-ilb-l7"
source = "./fabric/modules/net-lb-app-int"
name = "ilb-l7-test-0"
project_id = "prj-gce"
region = "europe-west8"

0
modules/net-ilb-l7/backend-service.tf → modules/net-lb-app-int/backend-service.tf
View File

0
modules/net-ilb-l7/health-check.tf → modules/net-lb-app-int/health-check.tf
View File

0
modules/net-ilb-l7/main.tf → modules/net-lb-app-int/main.tf
View File

0
modules/net-ilb-l7/outputs.tf → modules/net-lb-app-int/outputs.tf
View File

0
modules/net-ilb-l7/urlmap.tf → modules/net-lb-app-int/urlmap.tf
View File

0
modules/net-ilb-l7/variables-backend-service.tf → modules/net-lb-app-int/variables-backend-service.tf
View File

0
modules/net-ilb-l7/variables-health-check.tf → modules/net-lb-app-int/variables-health-check.tf
View File

0
modules/net-ilb-l7/variables-urlmap.tf → modules/net-lb-app-int/variables-urlmap.tf
View File

0
modules/net-ilb-l7/variables.tf → modules/net-lb-app-int/variables.tf
View File

0
modules/net-ilb-l7/versions.tf → modules/net-lb-app-int/versions.tf
View File

8
modules/net-nlb/README.md → modules/net-lb-ext/README.md
View File

@ -1,4 +1,4 @@
# Network Load Balancer Module
# External Passthrough Network Load Balancer Module
This module allows managing a GCE Network Load Balancer and integrates the forwarding rule, regional backend, and optional health check resources. It's designed to be a simple match for the [`compute-vm`](../compute-vm) module, which can be used to manage instance templates and instance groups.
@ -43,7 +43,7 @@ module "mig" {
}
module "nlb" {
source = "./fabric/modules/net-nlb"
source = "./fabric/modules/net-lb-ext"
project_id = var.project_id
region = "europe-west1"
name = "nlb-test"
@ -65,7 +65,7 @@ This examples shows how to create an NLB by combining externally managed instanc
```hcl
module "nlb" {
source = "./fabric/modules/net-nlb"
source = "./fabric/modules/net-lb-ext"
project_id = var.project_id
region = "europe-west1"
name = "nlb-test"
@ -132,7 +132,7 @@ module "instance-group" {
}
module "nlb" {
source = "./fabric/modules/net-nlb"
source = "./fabric/modules/net-lb-ext"
project_id = var.project_id
region = "europe-west1"
name = "nlb-test"

0
modules/net-nlb/groups.tf → modules/net-lb-ext/groups.tf
View File

0
modules/net-nlb/health-check.tf → modules/net-lb-ext/health-check.tf
View File

0
modules/net-nlb/main.tf → modules/net-lb-ext/main.tf
View File

0
modules/net-nlb/outputs.tf → modules/net-lb-ext/outputs.tf
View File

0
modules/net-nlb/variables.tf → modules/net-lb-ext/variables.tf
View File

0
modules/net-ilb/versions.tf → modules/net-lb-ext/versions.tf
View File

8
modules/net-ilb/README.md → modules/net-lb-int/README.md
View File

@ -1,4 +1,4 @@
# Internal Load Balancer Module
# Internal Passthrough Network Load Balancer Module
This module allows managing a GCE Internal Load Balancer and integrates the forwarding rule, regional backend, and optional health check resources. It's designed to be a simple match for the [`compute-vm`](../compute-vm) module, which can be used to manage instance templates and instance groups.
@ -51,7 +51,7 @@ module "mig" {
}
module "ilb" {
source = "./fabric/modules/net-ilb"
source = "./fabric/modules/net-lb-int"
project_id = var.project_id
region = "europe-west1"
name = "ilb-test"
@ -78,7 +78,7 @@ This examples shows how to create an ILB by combining externally managed instanc
```hcl
module "ilb" {
source = "./fabric/modules/net-ilb"
source = "./fabric/modules/net-lb-int"
project_id = var.project_id
region = "europe-west1"
name = "ilb-test"
@ -150,7 +150,7 @@ module "instance-group" {
}
module "ilb" {
source = "./fabric/modules/net-ilb"
source = "./fabric/modules/net-lb-int"
project_id = var.project_id
region = "europe-west1"
name = "ilb-test"

0
modules/net-ilb/groups.tf → modules/net-lb-int/groups.tf
View File

0
modules/net-ilb/health-check.tf → modules/net-lb-int/health-check.tf
View File

0
modules/net-ilb/main.tf → modules/net-lb-int/main.tf
View File

0
modules/net-ilb/outputs.tf → modules/net-lb-int/outputs.tf
View File

0
modules/net-ilb/variables.tf → modules/net-lb-int/variables.tf
View File

0
modules/net-nlb/versions.tf → modules/net-lb-int/versions.tf
View File

0
tests/modules/net_glb/examples/https-sneg.yaml → tests/modules/net_lb_app_ext/examples/https-sneg.yaml
View File

0
tests/modules/net_glb/test-plan.tfvars → tests/modules/net_lb_app_ext/test-plan.tfvars
View File

0
tests/modules/net_glb/test-plan.yaml → tests/modules/net_lb_app_ext/test-plan.yaml
View File

2
tests/modules/net_glb/tftest.yaml → tests/modules/net_lb_app_ext/tftest.yaml
View File

@ -12,6 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
module: modules/net-glb
module: modules/net-lb-app-ext
tests:
test-plan:

0
tests/modules/net_ilb_l7/__init__.py → tests/modules/net_lb_app_int/__init__.py
View File

0
tests/modules/net_ilb_l7/common.tfvars → tests/modules/net_lb_app_int/common.tfvars
View File

0
tests/modules/net_ilb_l7/defaults.tfvars → tests/modules/net_lb_app_int/defaults.tfvars
View File

0
tests/modules/net_ilb_l7/defaults.yaml → tests/modules/net_lb_app_int/defaults.yaml
View File

0
tests/modules/net_ilb_l7/groups.tfvars → tests/modules/net_lb_app_int/groups.tfvars
View File

0
tests/modules/net_ilb_l7/groups.yaml → tests/modules/net_lb_app_int/groups.yaml
View File

0
tests/modules/net_ilb_l7/health-checks-custom.tfvars → tests/modules/net_lb_app_int/health-checks-custom.tfvars
View File

0
tests/modules/net_ilb_l7/health-checks-custom.yaml → tests/modules/net_lb_app_int/health-checks-custom.yaml
View File

0
tests/modules/net_ilb_l7/health-checks-external.tfvars → tests/modules/net_lb_app_int/health-checks-external.tfvars
View File

0
tests/modules/net_ilb_l7/health-checks-external.yaml → tests/modules/net_lb_app_int/health-checks-external.yaml
View File

0
tests/modules/net_ilb_l7/https.tfvars → tests/modules/net_lb_app_int/https.tfvars
View File

0
tests/modules/net_ilb_l7/https.yaml → tests/modules/net_lb_app_int/https.yaml
View File

0
tests/modules/net_ilb_l7/negs.tfvars → tests/modules/net_lb_app_int/negs.tfvars
View File

0
tests/modules/net_ilb_l7/negs.yaml → tests/modules/net_lb_app_int/negs.yaml
View File

0
tests/modules/net_ilb_l7/ssl.tfvars → tests/modules/net_lb_app_int/ssl.tfvars
View File

0
tests/modules/net_ilb_l7/ssl.yaml → tests/modules/net_lb_app_int/ssl.yaml
View File

2
tests/modules/net_ilb_l7/tftest.yaml → tests/modules/net_lb_app_int/tftest.yaml
View File

@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
module: modules/net-ilb-l7
module: modules/net-lb-app-int
common_tfvars:
- common.tfvars
tests:

0
tests/modules/net_ilb_l7/urlmaps.tfvars → tests/modules/net_lb_app_int/urlmaps.tfvars
View File

Some files were not shown because too many files have changed in this diff Show More