diff --git a/CHANGELOG.md b/CHANGELOG.md
index 61962c3a..32db3f32 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file.
- CloudSQ: fixed Terraform change detection when backup is disabled
- Allow multiple CIDR blocks in the ip_range for Apigee Instance
- Add prefix to project factory SA bindings
+- Add support for Private Service Connect and Reginal Managed Proxy subnets for `net-vpc` module
**FAST**
diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index 4102d92e..a963b671 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -258,7 +258,9 @@ flow_logs: # enable, set to empty map to use defaults
| [subnet_private_access](variables.tf#L169) | Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'. | map(bool)
| | {}
|
| [subnets](variables.tf#L175) | List of subnets being created. | list(object({…}))
| | []
|
| [subnets_l7ilb](variables.tf#L186) | List of subnets for private HTTPS load balancer. | list(object({…}))
| | []
|
-| [vpc_create](variables.tf#L197) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool
| | true
|
+| [subnets_l7rlb](variables.tf#L197) | List of proxy-only subnets for HTTPS regional load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…}))
| | []
|
+| [subnets_psc](variables.tf#L208) | List of subnets for Private Service Connect service producers. | list(object({…}))
| | []
|
+| [vpc_create](variables.tf#L218) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool
| | true
|
## Outputs
diff --git a/modules/net-vpc/subnets.tf b/modules/net-vpc/subnets.tf
index 05ad0aa3..c46c394e 100644
--- a/modules/net-vpc/subnets.tf
+++ b/modules/net-vpc/subnets.tf
@@ -89,6 +89,14 @@ locals {
for subnet in var.subnets_l7ilb :
"${subnet.region}/${subnet.name}" => subnet
}
+ subnets_l7rlb = {
+ for subnet in var.subnets_l7rlb :
+ "${subnet.region}/${subnet.name}" => subnet
+ }
+ subnets_psc = {
+ for subnet in var.subnets_psc :
+ "${subnet.region}/${subnet.name}" => subnet
+ }
}
resource "google_compute_subnetwork" "subnetwork" {
@@ -142,6 +150,41 @@ resource "google_compute_subnetwork" "l7ilb" {
)
}
+resource "google_compute_subnetwork" "l7rlb" {
+ provider = google-beta
+ for_each = local.subnets_l7rlb
+ project = var.project_id
+ network = local.network.name
+ region = each.value.region
+ name = each.value.name
+ ip_cidr_range = each.value.ip_cidr_range
+ purpose = "REGIONAL_MANAGED_PROXY"
+ role = (
+ each.value.active || each.value.active == null ? "ACTIVE" : "BACKUP"
+ )
+ description = lookup(
+ local.subnet_descriptions,
+ "${each.value.region}/${each.value.name}",
+ "Terraform-managed."
+ )
+}
+
+resource "google_compute_subnetwork" "psc" {
+ provider = google-beta
+ for_each = local.subnets_psc
+ project = var.project_id
+ network = local.network.name
+ region = each.value.region
+ name = each.value.name
+ ip_cidr_range = each.value.ip_cidr_range
+ purpose = "PRIVATE_SERVICE_CONNECT"
+ description = lookup(
+ local.subnet_descriptions,
+ "${each.value.region}/${each.value.name}",
+ "Terraform-managed."
+ )
+}
+
resource "google_compute_subnetwork_iam_binding" "binding" {
for_each = {
for binding in local.subnet_iam_members :
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index 464ccfa0..5a85e921 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -194,6 +194,27 @@ variable "subnets_l7ilb" {
default = []
}
+variable "subnets_l7rlb" {
+ description = "List of proxy-only subnets for HTTPS regional load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active."
+ type = list(object({
+ active = bool
+ name = string
+ ip_cidr_range = string
+ region = string
+ }))
+ default = []
+}
+
+variable "subnets_psc" {
+ description = "List of subnets for Private Service Connect service producers."
+ type = list(object({
+ name = string
+ ip_cidr_range = string
+ region = string
+ }))
+ default = []
+}
+
variable "vpc_create" {
description = "Create VPC. When set to false, uses a data source to reference existing VPC."
type = bool