Add private, peering, forwarding dns zones

2019-10-13 15:44:15 +02:00 · 2019-10-13 15:44:15 +02:00 · 7297dab63e
parent 8eb8c84463
commit 7297dab63e
3 changed files with 98 additions and 5 deletions
--- a/infrastructure/net-hub-and-spoke/dns.tf
+++ b/infrastructure/net-hub-and-spoke/dns.tf
@ -0,0 +1,68 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+##############################################################
+#                           DNS Zones                        #
+##############################################################
+
+module "hub-private-zone" {
+  source  = "terraform-google-modules/cloud-dns/google"
+  version = "~> 2.0"
+
+  project_id = var.hub_project_id
+  type       = "private"
+  name       = "${var.private_dns_zone_name}-hub-private"
+  domain     = var.private_dns_zone_domain
+
+  private_visibility_config_networks = [module.vpc-hub.network_self_link]
+}
+
+module "spoke-1-peering-zone" {
+  source  = "terraform-google-modules/cloud-dns/google"
+  version = "~> 2.0"
+
+  project_id = var.spoke_1_project_id
+  type       = "peering"
+  name       = "${var.private_dns_zone_name}-spoke-1-peering"
+  domain     = var.private_dns_zone_domain
+
+  private_visibility_config_networks = [module.vpc-spoke-1.network_self_link]
+  target_network                     = module.vpc-hub.network_self_link
+}
+
+module "spoke-2-peering-zone" {
+  source  = "terraform-google-modules/cloud-dns/google"
+  version = "~> 2.0"
+
+  project_id = var.spoke_2_project_id
+  type       = "peering"
+  name       = "${var.private_dns_zone_name}-spoke-2-peering"
+  domain     = var.private_dns_zone_domain
+
+  private_visibility_config_networks = [module.vpc-spoke-2.network_self_link]
+  target_network                     = module.vpc-hub.network_self_link
+}
+
+module "hub-forwarding-zone" {
+  source  = "terraform-google-modules/cloud-dns/google"
+  version = "~> 2.0"
+
+  project_id = var.hub_project_id
+  type       = "forwarding"
+  name       = "${var.forwarding_dns_zone_name}-hub-forwarding"
+  domain     = var.forwarding_dns_zone_domain
+
+  private_visibility_config_networks = [module.vpc-hub.network_self_link]
+  target_name_server_addresses       = var.forwarding_zone_server_addresses
+}
--- a/infrastructure/net-hub-and-spoke/instances.tf
+++ b/infrastructure/net-hub-and-spoke/instances.tf
@ -25,7 +25,7 @@ resource "google_compute_instance" "hub" {
    }
  }
  network_interface {
-    subnetwork    = element(module.vpc-hub.subnets_self_links, count.index)
+    subnetwork = element(module.vpc-hub.subnets_self_links, count.index)
    access_config {}
  }
 }
@ -43,7 +43,7 @@ resource "google_compute_instance" "spoke-1" {
    }
  }
  network_interface {
-    subnetwork    = element(module.vpc-spoke-1.subnets_self_links, count.index)
+    subnetwork = element(module.vpc-spoke-1.subnets_self_links, count.index)
    access_config {}
  }
 }
@ -61,7 +61,7 @@ resource "google_compute_instance" "spoke-2" {
    }
  }
  network_interface {
-    subnetwork    = element(module.vpc-spoke-2.subnets_self_links, count.index)
+    subnetwork = element(module.vpc-spoke-2.subnets_self_links, count.index)
    access_config {}
  }
 }
--- a/infrastructure/net-hub-and-spoke/variables.tf
+++ b/infrastructure/net-hub-and-spoke/variables.tf
@ -28,9 +28,9 @@ variable "prefix" {
  description = "Prefix for VPC names."
 }

-variable "hub_custom_route_advertisement" {
+variable "spoke_to_spoke_route_advertisement" {
  description = "Use custom route advertisement in hub routers to advertise all spoke subnets."
-  default     = false
+  default     = true
 }

 variable "hub_bgp_asn" {
@ -96,3 +96,28 @@ variable "spoke_2_subnets" {
  ]
 }

+variable "private_dns_zone_name" {
+  description = "Private DNS Zone Name."
+  default     = "gcp-private"
+}
+
+variable "private_dns_zone_domain" {
+  description = "Private DNS Zone Domain."
+  default     = "gcp.private"
+}
+
+variable "forwarding_dns_zone_name" {
+  description = "Forwarding DNS Zone Name."
+  default     = "on-prem-private"
+}
+
+variable "forwarding_dns_zone_domain" {
+  description = "Forwarding DNS Zone Domain."
+  default     = "on-prem.private"
+}
+
+variable "forwarding_zone_server_addresses" {
+  description = "Forwarding DNS Zone Server Addresses"
+  default     = ["8.8.8.8", "8.8.4.4"]
+}
+