Add IPv6 to HA VPN module + test inventories (#1901)
--------- Co-authored-by: Luca Prete <lucaprete@google.com>
This commit is contained in:
Luca Prete
GitHub
parent
21297f28a6
commit
7916cd2081
|
|
@ -76,7 +76,7 @@ module "vpn-2" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=18
|
||||
# tftest modules=2 resources=18 inventory=gcp-to-gcp.yaml
|
||||
```
|
||||
|
||||
Note: When using the `for_each` meta-argument you might experience a Cycle Error due to the multiple `net-vpn-ha` modules referencing each other. To fix this you can create the [google_compute_ha_vpn_gateway](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_ha_vpn_gateway) resources separately and reference them in the `net-vpn-ha` module via the `vpn_gateway` and `peer_gcp_gateway` variables.
|
||||
|
|
@ -122,7 +122,61 @@ module "vpn_ha" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=10
|
||||
# tftest modules=1 resources=10 inventory=gcp-to-onprem.yaml
|
||||
```
|
||||
|
||||
### IPv6 (dual-stack)
|
||||
|
||||
You can optionally set your HA VPN gateway (and BGP sessions) to carry both IPv4 and IPv6 traffic. IPv6 only is not supported.
|
||||
|
||||
```hcl
|
||||
module "vpn_ha" {
|
||||
source = "./fabric/modules/net-vpn-ha"
|
||||
project_id = var.project_id
|
||||
region = var.region
|
||||
name = "mynet-to-onprem"
|
||||
network = var.vpc.self_link
|
||||
peer_gateways = {
|
||||
default = {
|
||||
external = {
|
||||
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
|
||||
interfaces = ["8.8.8.8"] # on-prem router ip address
|
||||
}
|
||||
}
|
||||
}
|
||||
router_config = { asn = 64514 }
|
||||
tunnels = {
|
||||
remote-0 = {
|
||||
bgp_peer = {
|
||||
address = "169.254.1.1"
|
||||
asn = 64513
|
||||
ipv6 = {}
|
||||
}
|
||||
bgp_session_range = "169.254.1.2/30"
|
||||
peer_external_gateway_interface = 0
|
||||
shared_secret = "mySecret"
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
remote-1 = {
|
||||
bgp_peer = {
|
||||
address = "169.254.2.1"
|
||||
asn = 64513
|
||||
ipv6 = {
|
||||
nexthop_address = "2600:2d00:0:2::1"
|
||||
peer_nexthop_address = "2600:2d00:0:3::1"
|
||||
}
|
||||
}
|
||||
bgp_session_range = "169.254.2.2/30"
|
||||
peer_external_gateway_interface = 0
|
||||
shared_secret = "mySecret"
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
}
|
||||
vpn_gateway_create = {
|
||||
stack_type = "IPV4_IPV6"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=10 intentory=ipv6.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
|
@ -135,9 +189,9 @@ module "vpn_ha" {
|
|||
| [region](variables.tf#L52) | Region used for resources. | <code>string</code> | ✓ | |
|
||||
| [router_config](variables.tf#L57) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | <code title="object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) })">object({…})</code> | ✓ | |
|
||||
| [peer_gateways](variables.tf#L27) | Configuration of the (external or GCP) peer gateway. | <code title="map(object({ external = optional(object({ redundancy_type = string interfaces = list(string) description = optional(string, "Terraform managed external VPN gateway") })) gcp = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [tunnels](variables.tf#L72) | VPN tunnel configurations. | <code title="map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [vpn_gateway](variables.tf#L100) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | <code>string</code> | | <code>null</code> |
|
||||
| [vpn_gateway_create](variables.tf#L106) | Create HA VPN Gateway. Set to null to avoid creation. | <code title="object({ description = optional(string, "Terraform managed external VPN gateway") })">object({…})</code> | | <code>{}</code> |
|
||||
| [tunnels](variables.tf#L72) | VPN tunnel configurations. | <code title="map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) ipv6 = optional(object({ nexthop_address = optional(string) peer_nexthop_address = optional(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [vpn_gateway](variables.tf#L104) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | <code>string</code> | | <code>null</code> |
|
||||
| [vpn_gateway_create](variables.tf#L110) | Create HA VPN Gateway. Set to null to avoid creation. | <code title="object({ description = optional(string, "Terraform managed external VPN gateway") ipv6 = optional(bool, false) })">object({…})</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -36,11 +36,13 @@ locals {
|
|||
}
|
||||
|
||||
resource "google_compute_ha_vpn_gateway" "ha_gateway" {
|
||||
count = var.vpn_gateway_create != null ? 1 : 0
|
||||
name = var.name
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
network = var.network
|
||||
count = var.vpn_gateway_create != null ? 1 : 0
|
||||
name = var.name
|
||||
description = var.vpn_gateway_create.description
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
network = var.network
|
||||
stack_type = var.vpn_gateway_create.ipv6 ? "IPV4_IPV6" : "IPV4_ONLY"
|
||||
}
|
||||
|
||||
resource "google_compute_external_vpn_gateway" "external_gateway" {
|
||||
|
|
@ -115,7 +117,10 @@ resource "google_compute_router_peer" "bgp_peer" {
|
|||
description = range.value
|
||||
}
|
||||
}
|
||||
interface = google_compute_router_interface.router_interface[each.key].name
|
||||
enable_ipv6 = try(each.value.bgp_peer.ipv6, null) == null ? false : true
|
||||
interface = google_compute_router_interface.router_interface[each.key].name
|
||||
ipv6_nexthop_address = try(each.value.bgp_peer.ipv6.nexthop_address, null)
|
||||
peer_ipv6_nexthop_address = try(each.value.bgp_peer.ipv6.peer_nexthop_address, null)
|
||||
}
|
||||
|
||||
resource "google_compute_router_interface" "router_interface" {
|
||||
|
|
|
|||
|
|
@ -82,6 +82,10 @@ variable "tunnels" {
|
|||
all_peer_vpc_subnets = bool
|
||||
ip_ranges = map(string)
|
||||
}))
|
||||
ipv6 = optional(object({
|
||||
nexthop_address = optional(string)
|
||||
peer_nexthop_address = optional(string)
|
||||
}))
|
||||
})
|
||||
# each BGP session on the same Cloud Router must use a unique /30 CIDR
|
||||
# from the 169.254.0.0/16 block.
|
||||
|
|
@ -107,6 +111,7 @@ variable "vpn_gateway_create" {
|
|||
description = "Create HA VPN Gateway. Set to null to avoid creation."
|
||||
type = object({
|
||||
description = optional(string, "Terraform managed external VPN gateway")
|
||||
ipv6 = optional(bool, false)
|
||||
})
|
||||
default = {}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,13 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
|
@ -0,0 +1,216 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpn-1.google_compute_ha_vpn_gateway.ha_gateway[0]:
|
||||
description: Terraform managed external VPN gateway
|
||||
name: net1-to-net-2
|
||||
network: projects/xxx/global/networks/bbb
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
stack_type: IPV4_ONLY
|
||||
module.vpn-1.google_compute_router.router[0]:
|
||||
bgp:
|
||||
- advertise_mode: CUSTOM
|
||||
advertised_groups:
|
||||
- ALL_SUBNETS
|
||||
advertised_ip_ranges:
|
||||
- description: default
|
||||
range: 10.0.0.0/8
|
||||
asn: 64514
|
||||
keepalive_interval: 20
|
||||
description: null
|
||||
encrypted_interconnect_router: null
|
||||
name: vpn-net1-to-net-2
|
||||
network: projects/xxx/global/networks/bbb
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
module.vpn-1.google_compute_router_interface.router_interface["remote-0"]:
|
||||
interconnect_attachment: null
|
||||
ip_range: 169.254.1.2/30
|
||||
name: net1-to-net-2-remote-0
|
||||
private_ip_address: null
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
router: vpn-net1-to-net-2
|
||||
subnetwork: null
|
||||
vpn_tunnel: net1-to-net-2-remote-0
|
||||
module.vpn-1.google_compute_router_interface.router_interface["remote-1"]:
|
||||
interconnect_attachment: null
|
||||
ip_range: 169.254.2.2/30
|
||||
name: net1-to-net-2-remote-1
|
||||
private_ip_address: null
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
router: vpn-net1-to-net-2
|
||||
subnetwork: null
|
||||
vpn_tunnel: net1-to-net-2-remote-1
|
||||
module.vpn-1.google_compute_router_peer.bgp_peer["remote-0"]:
|
||||
advertise_mode: DEFAULT
|
||||
advertised_groups: []
|
||||
advertised_ip_ranges: []
|
||||
advertised_route_priority: 1000
|
||||
enable: true
|
||||
enable_ipv6: false
|
||||
interface: net1-to-net-2-remote-0
|
||||
name: net1-to-net-2-remote-0
|
||||
peer_asn: 64513
|
||||
peer_ip_address: 169.254.1.1
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
router: vpn-net1-to-net-2
|
||||
router_appliance_instance: null
|
||||
module.vpn-1.google_compute_router_peer.bgp_peer["remote-1"]:
|
||||
advertise_mode: DEFAULT
|
||||
advertised_groups: []
|
||||
advertised_ip_ranges: []
|
||||
advertised_route_priority: 1000
|
||||
enable: true
|
||||
enable_ipv6: false
|
||||
interface: net1-to-net-2-remote-1
|
||||
name: net1-to-net-2-remote-1
|
||||
peer_asn: 64513
|
||||
peer_ip_address: 169.254.2.1
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
router: vpn-net1-to-net-2
|
||||
router_appliance_instance: null
|
||||
module.vpn-1.google_compute_vpn_tunnel.tunnels["remote-0"]:
|
||||
description: null
|
||||
ike_version: 2
|
||||
name: net1-to-net-2-remote-0
|
||||
peer_external_gateway: null
|
||||
peer_external_gateway_interface: null
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
router: vpn-net1-to-net-2
|
||||
target_vpn_gateway: null
|
||||
vpn_gateway_interface: 0
|
||||
module.vpn-1.google_compute_vpn_tunnel.tunnels["remote-1"]:
|
||||
description: null
|
||||
ike_version: 2
|
||||
name: net1-to-net-2-remote-1
|
||||
peer_external_gateway: null
|
||||
peer_external_gateway_interface: null
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
router: vpn-net1-to-net-2
|
||||
target_vpn_gateway: null
|
||||
vpn_gateway_interface: 1
|
||||
module.vpn-1.random_id.secret:
|
||||
byte_length: 8
|
||||
module.vpn-2.google_compute_ha_vpn_gateway.ha_gateway[0]:
|
||||
description: Terraform managed external VPN gateway
|
||||
name: net2-to-net1
|
||||
network: projects/xxx/global/networks/ccc
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
stack_type: IPV4_ONLY
|
||||
module.vpn-2.google_compute_router.router[0]:
|
||||
bgp:
|
||||
- advertise_mode: DEFAULT
|
||||
advertised_groups: []
|
||||
advertised_ip_ranges: []
|
||||
asn: 64513
|
||||
keepalive_interval: 20
|
||||
description: null
|
||||
encrypted_interconnect_router: null
|
||||
name: vpn-net2-to-net1
|
||||
network: projects/xxx/global/networks/ccc
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
module.vpn-2.google_compute_router_interface.router_interface["remote-0"]:
|
||||
interconnect_attachment: null
|
||||
ip_range: 169.254.1.1/30
|
||||
name: net2-to-net1-remote-0
|
||||
private_ip_address: null
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
router: vpn-net2-to-net1
|
||||
subnetwork: null
|
||||
vpn_tunnel: net2-to-net1-remote-0
|
||||
module.vpn-2.google_compute_router_interface.router_interface["remote-1"]:
|
||||
interconnect_attachment: null
|
||||
ip_range: 169.254.2.1/30
|
||||
name: net2-to-net1-remote-1
|
||||
private_ip_address: null
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
router: vpn-net2-to-net1
|
||||
subnetwork: null
|
||||
vpn_tunnel: net2-to-net1-remote-1
|
||||
module.vpn-2.google_compute_router_peer.bgp_peer["remote-0"]:
|
||||
advertise_mode: DEFAULT
|
||||
advertised_groups: []
|
||||
advertised_ip_ranges: []
|
||||
advertised_route_priority: 1000
|
||||
enable: true
|
||||
enable_ipv6: false
|
||||
interface: net2-to-net1-remote-0
|
||||
name: net2-to-net1-remote-0
|
||||
peer_asn: 64514
|
||||
peer_ip_address: 169.254.1.2
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
router: vpn-net2-to-net1
|
||||
router_appliance_instance: null
|
||||
module.vpn-2.google_compute_router_peer.bgp_peer["remote-1"]:
|
||||
advertise_mode: DEFAULT
|
||||
advertised_groups: []
|
||||
advertised_ip_ranges: []
|
||||
advertised_route_priority: 1000
|
||||
enable: true
|
||||
enable_ipv6: false
|
||||
interface: net2-to-net1-remote-1
|
||||
name: net2-to-net1-remote-1
|
||||
peer_asn: 64514
|
||||
peer_ip_address: 169.254.2.2
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
router: vpn-net2-to-net1
|
||||
router_appliance_instance: null
|
||||
module.vpn-2.google_compute_vpn_tunnel.tunnels["remote-0"]:
|
||||
description: null
|
||||
ike_version: 2
|
||||
name: net2-to-net1-remote-0
|
||||
peer_external_gateway: null
|
||||
peer_external_gateway_interface: null
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
router: vpn-net2-to-net1
|
||||
target_vpn_gateway: null
|
||||
vpn_gateway_interface: 0
|
||||
module.vpn-2.google_compute_vpn_tunnel.tunnels["remote-1"]:
|
||||
description: null
|
||||
ike_version: 2
|
||||
name: net2-to-net1-remote-1
|
||||
peer_external_gateway: null
|
||||
peer_external_gateway_interface: null
|
||||
project: project-id
|
||||
region: europe-west4
|
||||
router: vpn-net2-to-net1
|
||||
target_vpn_gateway: null
|
||||
vpn_gateway_interface: 1
|
||||
module.vpn-2.random_id.secret:
|
||||
byte_length: 8
|
||||
|
||||
counts:
|
||||
google_compute_ha_vpn_gateway: 2
|
||||
google_compute_router: 2
|
||||
google_compute_router_interface: 4
|
||||
google_compute_router_peer: 4
|
||||
google_compute_vpn_tunnel: 4
|
||||
modules: 2
|
||||
random_id: 2
|
||||
resources: 18
|
||||
|
|
@ -0,0 +1,130 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpn_ha.google_compute_external_vpn_gateway.external_gateway["default"]:
|
||||
description: Terraform managed external VPN gateway
|
||||
interface:
|
||||
- id: 0
|
||||
ip_address: 8.8.8.8
|
||||
name: mynet-to-onprem-default
|
||||
project: project-id
|
||||
redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
|
||||
module.vpn_ha.google_compute_ha_vpn_gateway.ha_gateway[0]:
|
||||
description: Terraform managed external VPN gateway
|
||||
name: mynet-to-onprem
|
||||
network: projects/xxx/global/networks/aaa
|
||||
project: project-id
|
||||
region: region
|
||||
stack_type: IPV4_ONLY
|
||||
module.vpn_ha.google_compute_router.router[0]:
|
||||
bgp:
|
||||
- advertise_mode: DEFAULT
|
||||
advertised_groups: []
|
||||
advertised_ip_ranges: []
|
||||
asn: 64514
|
||||
keepalive_interval: 20
|
||||
description: null
|
||||
encrypted_interconnect_router: null
|
||||
name: vpn-mynet-to-onprem
|
||||
network: projects/xxx/global/networks/aaa
|
||||
project: project-id
|
||||
region: region
|
||||
module.vpn_ha.google_compute_router_interface.router_interface["remote-0"]:
|
||||
interconnect_attachment: null
|
||||
ip_range: 169.254.1.2/30
|
||||
name: mynet-to-onprem-remote-0
|
||||
private_ip_address: null
|
||||
project: project-id
|
||||
region: region
|
||||
router: vpn-mynet-to-onprem
|
||||
subnetwork: null
|
||||
vpn_tunnel: mynet-to-onprem-remote-0
|
||||
module.vpn_ha.google_compute_router_interface.router_interface["remote-1"]:
|
||||
interconnect_attachment: null
|
||||
ip_range: 169.254.2.2/30
|
||||
name: mynet-to-onprem-remote-1
|
||||
private_ip_address: null
|
||||
project: project-id
|
||||
region: region
|
||||
router: vpn-mynet-to-onprem
|
||||
subnetwork: null
|
||||
vpn_tunnel: mynet-to-onprem-remote-1
|
||||
module.vpn_ha.google_compute_router_peer.bgp_peer["remote-0"]:
|
||||
advertise_mode: DEFAULT
|
||||
advertised_groups: []
|
||||
advertised_ip_ranges: []
|
||||
advertised_route_priority: 1000
|
||||
enable: true
|
||||
enable_ipv6: false
|
||||
interface: mynet-to-onprem-remote-0
|
||||
name: mynet-to-onprem-remote-0
|
||||
peer_asn: 64513
|
||||
peer_ip_address: 169.254.1.1
|
||||
project: project-id
|
||||
region: region
|
||||
router: vpn-mynet-to-onprem
|
||||
router_appliance_instance: null
|
||||
module.vpn_ha.google_compute_router_peer.bgp_peer["remote-1"]:
|
||||
advertise_mode: DEFAULT
|
||||
advertised_groups: []
|
||||
advertised_ip_ranges: []
|
||||
advertised_route_priority: 1000
|
||||
enable: true
|
||||
enable_ipv6: false
|
||||
interface: mynet-to-onprem-remote-1
|
||||
name: mynet-to-onprem-remote-1
|
||||
peer_asn: 64513
|
||||
peer_ip_address: 169.254.2.1
|
||||
project: project-id
|
||||
region: region
|
||||
router: vpn-mynet-to-onprem
|
||||
router_appliance_instance: null
|
||||
module.vpn_ha.google_compute_vpn_tunnel.tunnels["remote-0"]:
|
||||
description: null
|
||||
ike_version: 2
|
||||
name: mynet-to-onprem-remote-0
|
||||
peer_external_gateway_interface: 0
|
||||
peer_gcp_gateway: null
|
||||
project: project-id
|
||||
region: region
|
||||
router: vpn-mynet-to-onprem
|
||||
shared_secret: mySecret
|
||||
target_vpn_gateway: null
|
||||
vpn_gateway_interface: 0
|
||||
module.vpn_ha.google_compute_vpn_tunnel.tunnels["remote-1"]:
|
||||
description: null
|
||||
ike_version: 2
|
||||
name: mynet-to-onprem-remote-1
|
||||
peer_external_gateway_interface: 0
|
||||
peer_gcp_gateway: null
|
||||
project: project-id
|
||||
region: region
|
||||
router: vpn-mynet-to-onprem
|
||||
shared_secret: mySecret
|
||||
target_vpn_gateway: null
|
||||
vpn_gateway_interface: 1
|
||||
module.vpn_ha.random_id.secret:
|
||||
byte_length: 8
|
||||
|
||||
counts:
|
||||
google_compute_external_vpn_gateway: 1
|
||||
google_compute_ha_vpn_gateway: 1
|
||||
google_compute_router: 1
|
||||
google_compute_router_interface: 2
|
||||
google_compute_router_peer: 2
|
||||
google_compute_vpn_tunnel: 2
|
||||
modules: 1
|
||||
random_id: 1
|
||||
resources: 10
|
||||
|
|
@ -0,0 +1,135 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpn_ha.google_compute_external_vpn_gateway.external_gateway["default"]:
|
||||
description: Terraform managed external VPN gateway
|
||||
interface:
|
||||
- id: 0
|
||||
ip_address: 8.8.8.8
|
||||
labels: null
|
||||
name: mynet-to-onprem-default
|
||||
project: project-id
|
||||
redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
|
||||
module.vpn_ha.google_compute_ha_vpn_gateway.ha_gateway[0]:
|
||||
description: Terraform managed external VPN gateway
|
||||
name: mynet-to-onprem
|
||||
network: projects/xxx/global/networks/aaa
|
||||
project: project-id
|
||||
region: region
|
||||
stack_type: IPV4_IPV6
|
||||
module.vpn_ha.google_compute_router.router[0]:
|
||||
bgp:
|
||||
- advertise_mode: DEFAULT
|
||||
advertised_groups: []
|
||||
advertised_ip_ranges: []
|
||||
asn: 64514
|
||||
keepalive_interval: 20
|
||||
description: null
|
||||
encrypted_interconnect_router: null
|
||||
name: vpn-mynet-to-onprem
|
||||
network: projects/xxx/global/networks/aaa
|
||||
project: project-id
|
||||
region: region
|
||||
module.vpn_ha.google_compute_router_interface.router_interface["remote-0"]:
|
||||
interconnect_attachment: null
|
||||
ip_range: 169.254.1.2/30
|
||||
name: mynet-to-onprem-remote-0
|
||||
private_ip_address: null
|
||||
project: project-id
|
||||
region: region
|
||||
router: vpn-mynet-to-onprem
|
||||
subnetwork: null
|
||||
vpn_tunnel: mynet-to-onprem-remote-0
|
||||
module.vpn_ha.google_compute_router_interface.router_interface["remote-1"]:
|
||||
interconnect_attachment: null
|
||||
ip_range: 169.254.2.2/30
|
||||
name: mynet-to-onprem-remote-1
|
||||
private_ip_address: null
|
||||
project: project-id
|
||||
region: region
|
||||
router: vpn-mynet-to-onprem
|
||||
subnetwork: null
|
||||
vpn_tunnel: mynet-to-onprem-remote-1
|
||||
module.vpn_ha.google_compute_router_peer.bgp_peer["remote-0"]:
|
||||
advertise_mode: DEFAULT
|
||||
advertised_groups: []
|
||||
advertised_ip_ranges: []
|
||||
advertised_route_priority: 1000
|
||||
enable: true
|
||||
enable_ipv6: true
|
||||
interface: mynet-to-onprem-remote-0
|
||||
name: mynet-to-onprem-remote-0
|
||||
peer_asn: 64513
|
||||
peer_ip_address: 169.254.1.1
|
||||
project: project-id
|
||||
region: region
|
||||
router: vpn-mynet-to-onprem
|
||||
router_appliance_instance: null
|
||||
module.vpn_ha.google_compute_router_peer.bgp_peer["remote-1"]:
|
||||
advertise_mode: DEFAULT
|
||||
advertised_groups: []
|
||||
advertised_ip_ranges: []
|
||||
advertised_route_priority: 1000
|
||||
enable: true
|
||||
enable_ipv6: true
|
||||
interface: mynet-to-onprem-remote-1
|
||||
ipv6_nexthop_address: 2600:2d00:0:2::1
|
||||
name: mynet-to-onprem-remote-1
|
||||
peer_asn: 64513
|
||||
peer_ip_address: 169.254.2.1
|
||||
peer_ipv6_nexthop_address: 2600:2d00:0:3::1
|
||||
project: project-id
|
||||
region: region
|
||||
router: vpn-mynet-to-onprem
|
||||
router_appliance_instance: null
|
||||
module.vpn_ha.google_compute_vpn_tunnel.tunnels["remote-0"]:
|
||||
description: null
|
||||
ike_version: 2
|
||||
name: mynet-to-onprem-remote-0
|
||||
peer_external_gateway_interface: 0
|
||||
peer_gcp_gateway: null
|
||||
project: project-id
|
||||
region: region
|
||||
router: vpn-mynet-to-onprem
|
||||
shared_secret: mySecret
|
||||
target_vpn_gateway: null
|
||||
vpn_gateway_interface: 0
|
||||
module.vpn_ha.google_compute_vpn_tunnel.tunnels["remote-1"]:
|
||||
description: null
|
||||
ike_version: 2
|
||||
name: mynet-to-onprem-remote-1
|
||||
peer_external_gateway_interface: 0
|
||||
peer_gcp_gateway: null
|
||||
project: project-id
|
||||
region: region
|
||||
router: vpn-mynet-to-onprem
|
||||
shared_secret: mySecret
|
||||
target_vpn_gateway: null
|
||||
vpn_gateway_interface: 1
|
||||
module.vpn_ha.random_id.secret:
|
||||
byte_length: 8
|
||||
keepers: null
|
||||
prefix: null
|
||||
|
||||
counts:
|
||||
google_compute_external_vpn_gateway: 1
|
||||
google_compute_ha_vpn_gateway: 1
|
||||
google_compute_router: 1
|
||||
google_compute_router_interface: 2
|
||||
google_compute_router_peer: 2
|
||||
google_compute_vpn_tunnel: 2
|
||||
modules: 1
|
||||
random_id: 1
|
||||
resources: 10
|
||||
Loading…
Reference in New Issue