Add support for Private Service Connect and Reginal Managed Proxy subnets for net-vpc module
This commit is contained in:
parent
7f6a5bf548
commit
6ab121a836
|
@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file.
|
||||||
- CloudSQ: fixed Terraform change detection when backup is disabled
|
- CloudSQ: fixed Terraform change detection when backup is disabled
|
||||||
- Allow multiple CIDR blocks in the ip_range for Apigee Instance
|
- Allow multiple CIDR blocks in the ip_range for Apigee Instance
|
||||||
- Add prefix to project factory SA bindings
|
- Add prefix to project factory SA bindings
|
||||||
|
- Add support for Private Service Connect and Reginal Managed Proxy subnets for `net-vpc` module
|
||||||
|
|
||||||
**FAST**
|
**FAST**
|
||||||
|
|
||||||
|
|
|
@ -258,7 +258,9 @@ flow_logs: # enable, set to empty map to use defaults
|
||||||
| [subnet_private_access](variables.tf#L169) | Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'. | <code>map(bool)</code> | | <code>{}</code> |
|
| [subnet_private_access](variables.tf#L169) | Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'. | <code>map(bool)</code> | | <code>{}</code> |
|
||||||
| [subnets](variables.tf#L175) | List of subnets being created. | <code title="list(object({ name = string ip_cidr_range = string region = string secondary_ip_range = map(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
| [subnets](variables.tf#L175) | List of subnets being created. | <code title="list(object({ name = string ip_cidr_range = string region = string secondary_ip_range = map(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||||
| [subnets_l7ilb](variables.tf#L186) | List of subnets for private HTTPS load balancer. | <code title="list(object({ active = bool name = string ip_cidr_range = string region = string }))">list(object({…}))</code> | | <code>[]</code> |
|
| [subnets_l7ilb](variables.tf#L186) | List of subnets for private HTTPS load balancer. | <code title="list(object({ active = bool name = string ip_cidr_range = string region = string }))">list(object({…}))</code> | | <code>[]</code> |
|
||||||
| [vpc_create](variables.tf#L197) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
| [subnets_l7rlb](variables.tf#L197) | List of proxy-only subnets for HTTPS regional load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ active = bool name = string ip_cidr_range = string region = string }))">list(object({…}))</code> | | <code>[]</code> |
|
||||||
|
| [subnets_psc](variables.tf#L208) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string }))">list(object({…}))</code> | | <code>[]</code> |
|
||||||
|
| [vpc_create](variables.tf#L218) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
@ -89,6 +89,14 @@ locals {
|
||||||
for subnet in var.subnets_l7ilb :
|
for subnet in var.subnets_l7ilb :
|
||||||
"${subnet.region}/${subnet.name}" => subnet
|
"${subnet.region}/${subnet.name}" => subnet
|
||||||
}
|
}
|
||||||
|
subnets_l7rlb = {
|
||||||
|
for subnet in var.subnets_l7rlb :
|
||||||
|
"${subnet.region}/${subnet.name}" => subnet
|
||||||
|
}
|
||||||
|
subnets_psc = {
|
||||||
|
for subnet in var.subnets_psc :
|
||||||
|
"${subnet.region}/${subnet.name}" => subnet
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_subnetwork" "subnetwork" {
|
resource "google_compute_subnetwork" "subnetwork" {
|
||||||
|
@ -142,6 +150,41 @@ resource "google_compute_subnetwork" "l7ilb" {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "google_compute_subnetwork" "l7rlb" {
|
||||||
|
provider = google-beta
|
||||||
|
for_each = local.subnets_l7rlb
|
||||||
|
project = var.project_id
|
||||||
|
network = local.network.name
|
||||||
|
region = each.value.region
|
||||||
|
name = each.value.name
|
||||||
|
ip_cidr_range = each.value.ip_cidr_range
|
||||||
|
purpose = "REGIONAL_MANAGED_PROXY"
|
||||||
|
role = (
|
||||||
|
each.value.active || each.value.active == null ? "ACTIVE" : "BACKUP"
|
||||||
|
)
|
||||||
|
description = lookup(
|
||||||
|
local.subnet_descriptions,
|
||||||
|
"${each.value.region}/${each.value.name}",
|
||||||
|
"Terraform-managed."
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_subnetwork" "psc" {
|
||||||
|
provider = google-beta
|
||||||
|
for_each = local.subnets_psc
|
||||||
|
project = var.project_id
|
||||||
|
network = local.network.name
|
||||||
|
region = each.value.region
|
||||||
|
name = each.value.name
|
||||||
|
ip_cidr_range = each.value.ip_cidr_range
|
||||||
|
purpose = "PRIVATE_SERVICE_CONNECT"
|
||||||
|
description = lookup(
|
||||||
|
local.subnet_descriptions,
|
||||||
|
"${each.value.region}/${each.value.name}",
|
||||||
|
"Terraform-managed."
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
resource "google_compute_subnetwork_iam_binding" "binding" {
|
resource "google_compute_subnetwork_iam_binding" "binding" {
|
||||||
for_each = {
|
for_each = {
|
||||||
for binding in local.subnet_iam_members :
|
for binding in local.subnet_iam_members :
|
||||||
|
|
|
@ -194,6 +194,27 @@ variable "subnets_l7ilb" {
|
||||||
default = []
|
default = []
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "subnets_l7rlb" {
|
||||||
|
description = "List of proxy-only subnets for HTTPS regional load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active."
|
||||||
|
type = list(object({
|
||||||
|
active = bool
|
||||||
|
name = string
|
||||||
|
ip_cidr_range = string
|
||||||
|
region = string
|
||||||
|
}))
|
||||||
|
default = []
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "subnets_psc" {
|
||||||
|
description = "List of subnets for Private Service Connect service producers."
|
||||||
|
type = list(object({
|
||||||
|
name = string
|
||||||
|
ip_cidr_range = string
|
||||||
|
region = string
|
||||||
|
}))
|
||||||
|
default = []
|
||||||
|
}
|
||||||
|
|
||||||
variable "vpc_create" {
|
variable "vpc_create" {
|
||||||
description = "Create VPC. When set to false, uses a data source to reference existing VPC."
|
description = "Create VPC. When set to false, uses a data source to reference existing VPC."
|
||||||
type = bool
|
type = bool
|
||||||
|
|
Loading…
Reference in New Issue