Add IPv6 to HA VPN module + test inventories (#1901)
--------- Co-authored-by: Luca Prete <lucaprete@google.com>
This commit is contained in:
parent
21297f28a6
commit
7916cd2081
|
@ -76,7 +76,7 @@ module "vpn-2" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=2 resources=18
|
# tftest modules=2 resources=18 inventory=gcp-to-gcp.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
Note: When using the `for_each` meta-argument you might experience a Cycle Error due to the multiple `net-vpn-ha` modules referencing each other. To fix this you can create the [google_compute_ha_vpn_gateway](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_ha_vpn_gateway) resources separately and reference them in the `net-vpn-ha` module via the `vpn_gateway` and `peer_gcp_gateway` variables.
|
Note: When using the `for_each` meta-argument you might experience a Cycle Error due to the multiple `net-vpn-ha` modules referencing each other. To fix this you can create the [google_compute_ha_vpn_gateway](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_ha_vpn_gateway) resources separately and reference them in the `net-vpn-ha` module via the `vpn_gateway` and `peer_gcp_gateway` variables.
|
||||||
|
@ -122,7 +122,61 @@ module "vpn_ha" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=10
|
# tftest modules=1 resources=10 inventory=gcp-to-onprem.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
### IPv6 (dual-stack)
|
||||||
|
|
||||||
|
You can optionally set your HA VPN gateway (and BGP sessions) to carry both IPv4 and IPv6 traffic. IPv6 only is not supported.
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "vpn_ha" {
|
||||||
|
source = "./fabric/modules/net-vpn-ha"
|
||||||
|
project_id = var.project_id
|
||||||
|
region = var.region
|
||||||
|
name = "mynet-to-onprem"
|
||||||
|
network = var.vpc.self_link
|
||||||
|
peer_gateways = {
|
||||||
|
default = {
|
||||||
|
external = {
|
||||||
|
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
|
||||||
|
interfaces = ["8.8.8.8"] # on-prem router ip address
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
router_config = { asn = 64514 }
|
||||||
|
tunnels = {
|
||||||
|
remote-0 = {
|
||||||
|
bgp_peer = {
|
||||||
|
address = "169.254.1.1"
|
||||||
|
asn = 64513
|
||||||
|
ipv6 = {}
|
||||||
|
}
|
||||||
|
bgp_session_range = "169.254.1.2/30"
|
||||||
|
peer_external_gateway_interface = 0
|
||||||
|
shared_secret = "mySecret"
|
||||||
|
vpn_gateway_interface = 0
|
||||||
|
}
|
||||||
|
remote-1 = {
|
||||||
|
bgp_peer = {
|
||||||
|
address = "169.254.2.1"
|
||||||
|
asn = 64513
|
||||||
|
ipv6 = {
|
||||||
|
nexthop_address = "2600:2d00:0:2::1"
|
||||||
|
peer_nexthop_address = "2600:2d00:0:3::1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
bgp_session_range = "169.254.2.2/30"
|
||||||
|
peer_external_gateway_interface = 0
|
||||||
|
shared_secret = "mySecret"
|
||||||
|
vpn_gateway_interface = 1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
vpn_gateway_create = {
|
||||||
|
stack_type = "IPV4_IPV6"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# tftest modules=1 resources=10 intentory=ipv6.yaml
|
||||||
```
|
```
|
||||||
<!-- BEGIN TFDOC -->
|
<!-- BEGIN TFDOC -->
|
||||||
## Variables
|
## Variables
|
||||||
|
@ -135,9 +189,9 @@ module "vpn_ha" {
|
||||||
| [region](variables.tf#L52) | Region used for resources. | <code>string</code> | ✓ | |
|
| [region](variables.tf#L52) | Region used for resources. | <code>string</code> | ✓ | |
|
||||||
| [router_config](variables.tf#L57) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | <code title="object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) })">object({…})</code> | ✓ | |
|
| [router_config](variables.tf#L57) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | <code title="object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) })">object({…})</code> | ✓ | |
|
||||||
| [peer_gateways](variables.tf#L27) | Configuration of the (external or GCP) peer gateway. | <code title="map(object({ external = optional(object({ redundancy_type = string interfaces = list(string) description = optional(string, "Terraform managed external VPN gateway") })) gcp = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [peer_gateways](variables.tf#L27) | Configuration of the (external or GCP) peer gateway. | <code title="map(object({ external = optional(object({ redundancy_type = string interfaces = list(string) description = optional(string, "Terraform managed external VPN gateway") })) gcp = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [tunnels](variables.tf#L72) | VPN tunnel configurations. | <code title="map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number }))">map(object({…}))</code> | | <code>{}</code> |
|
| [tunnels](variables.tf#L72) | VPN tunnel configurations. | <code title="map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) ipv6 = optional(object({ nexthop_address = optional(string) peer_nexthop_address = optional(string) })) }) bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [vpn_gateway](variables.tf#L100) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | <code>string</code> | | <code>null</code> |
|
| [vpn_gateway](variables.tf#L104) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | <code>string</code> | | <code>null</code> |
|
||||||
| [vpn_gateway_create](variables.tf#L106) | Create HA VPN Gateway. Set to null to avoid creation. | <code title="object({ description = optional(string, "Terraform managed external VPN gateway") })">object({…})</code> | | <code>{}</code> |
|
| [vpn_gateway_create](variables.tf#L110) | Create HA VPN Gateway. Set to null to avoid creation. | <code title="object({ description = optional(string, "Terraform managed external VPN gateway") ipv6 = optional(bool, false) })">object({…})</code> | | <code>{}</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
@ -38,9 +38,11 @@ locals {
|
||||||
resource "google_compute_ha_vpn_gateway" "ha_gateway" {
|
resource "google_compute_ha_vpn_gateway" "ha_gateway" {
|
||||||
count = var.vpn_gateway_create != null ? 1 : 0
|
count = var.vpn_gateway_create != null ? 1 : 0
|
||||||
name = var.name
|
name = var.name
|
||||||
|
description = var.vpn_gateway_create.description
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
network = var.network
|
network = var.network
|
||||||
|
stack_type = var.vpn_gateway_create.ipv6 ? "IPV4_IPV6" : "IPV4_ONLY"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_external_vpn_gateway" "external_gateway" {
|
resource "google_compute_external_vpn_gateway" "external_gateway" {
|
||||||
|
@ -115,7 +117,10 @@ resource "google_compute_router_peer" "bgp_peer" {
|
||||||
description = range.value
|
description = range.value
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
enable_ipv6 = try(each.value.bgp_peer.ipv6, null) == null ? false : true
|
||||||
interface = google_compute_router_interface.router_interface[each.key].name
|
interface = google_compute_router_interface.router_interface[each.key].name
|
||||||
|
ipv6_nexthop_address = try(each.value.bgp_peer.ipv6.nexthop_address, null)
|
||||||
|
peer_ipv6_nexthop_address = try(each.value.bgp_peer.ipv6.peer_nexthop_address, null)
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_router_interface" "router_interface" {
|
resource "google_compute_router_interface" "router_interface" {
|
||||||
|
|
|
@ -82,6 +82,10 @@ variable "tunnels" {
|
||||||
all_peer_vpc_subnets = bool
|
all_peer_vpc_subnets = bool
|
||||||
ip_ranges = map(string)
|
ip_ranges = map(string)
|
||||||
}))
|
}))
|
||||||
|
ipv6 = optional(object({
|
||||||
|
nexthop_address = optional(string)
|
||||||
|
peer_nexthop_address = optional(string)
|
||||||
|
}))
|
||||||
})
|
})
|
||||||
# each BGP session on the same Cloud Router must use a unique /30 CIDR
|
# each BGP session on the same Cloud Router must use a unique /30 CIDR
|
||||||
# from the 169.254.0.0/16 block.
|
# from the 169.254.0.0/16 block.
|
||||||
|
@ -107,6 +111,7 @@ variable "vpn_gateway_create" {
|
||||||
description = "Create HA VPN Gateway. Set to null to avoid creation."
|
description = "Create HA VPN Gateway. Set to null to avoid creation."
|
||||||
type = object({
|
type = object({
|
||||||
description = optional(string, "Terraform managed external VPN gateway")
|
description = optional(string, "Terraform managed external VPN gateway")
|
||||||
|
ipv6 = optional(bool, false)
|
||||||
})
|
})
|
||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
# Copyright 2023 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
|
@ -0,0 +1,216 @@
|
||||||
|
# Copyright 2023 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
values:
|
||||||
|
module.vpn-1.google_compute_ha_vpn_gateway.ha_gateway[0]:
|
||||||
|
description: Terraform managed external VPN gateway
|
||||||
|
name: net1-to-net-2
|
||||||
|
network: projects/xxx/global/networks/bbb
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
stack_type: IPV4_ONLY
|
||||||
|
module.vpn-1.google_compute_router.router[0]:
|
||||||
|
bgp:
|
||||||
|
- advertise_mode: CUSTOM
|
||||||
|
advertised_groups:
|
||||||
|
- ALL_SUBNETS
|
||||||
|
advertised_ip_ranges:
|
||||||
|
- description: default
|
||||||
|
range: 10.0.0.0/8
|
||||||
|
asn: 64514
|
||||||
|
keepalive_interval: 20
|
||||||
|
description: null
|
||||||
|
encrypted_interconnect_router: null
|
||||||
|
name: vpn-net1-to-net-2
|
||||||
|
network: projects/xxx/global/networks/bbb
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
module.vpn-1.google_compute_router_interface.router_interface["remote-0"]:
|
||||||
|
interconnect_attachment: null
|
||||||
|
ip_range: 169.254.1.2/30
|
||||||
|
name: net1-to-net-2-remote-0
|
||||||
|
private_ip_address: null
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
router: vpn-net1-to-net-2
|
||||||
|
subnetwork: null
|
||||||
|
vpn_tunnel: net1-to-net-2-remote-0
|
||||||
|
module.vpn-1.google_compute_router_interface.router_interface["remote-1"]:
|
||||||
|
interconnect_attachment: null
|
||||||
|
ip_range: 169.254.2.2/30
|
||||||
|
name: net1-to-net-2-remote-1
|
||||||
|
private_ip_address: null
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
router: vpn-net1-to-net-2
|
||||||
|
subnetwork: null
|
||||||
|
vpn_tunnel: net1-to-net-2-remote-1
|
||||||
|
module.vpn-1.google_compute_router_peer.bgp_peer["remote-0"]:
|
||||||
|
advertise_mode: DEFAULT
|
||||||
|
advertised_groups: []
|
||||||
|
advertised_ip_ranges: []
|
||||||
|
advertised_route_priority: 1000
|
||||||
|
enable: true
|
||||||
|
enable_ipv6: false
|
||||||
|
interface: net1-to-net-2-remote-0
|
||||||
|
name: net1-to-net-2-remote-0
|
||||||
|
peer_asn: 64513
|
||||||
|
peer_ip_address: 169.254.1.1
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
router: vpn-net1-to-net-2
|
||||||
|
router_appliance_instance: null
|
||||||
|
module.vpn-1.google_compute_router_peer.bgp_peer["remote-1"]:
|
||||||
|
advertise_mode: DEFAULT
|
||||||
|
advertised_groups: []
|
||||||
|
advertised_ip_ranges: []
|
||||||
|
advertised_route_priority: 1000
|
||||||
|
enable: true
|
||||||
|
enable_ipv6: false
|
||||||
|
interface: net1-to-net-2-remote-1
|
||||||
|
name: net1-to-net-2-remote-1
|
||||||
|
peer_asn: 64513
|
||||||
|
peer_ip_address: 169.254.2.1
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
router: vpn-net1-to-net-2
|
||||||
|
router_appliance_instance: null
|
||||||
|
module.vpn-1.google_compute_vpn_tunnel.tunnels["remote-0"]:
|
||||||
|
description: null
|
||||||
|
ike_version: 2
|
||||||
|
name: net1-to-net-2-remote-0
|
||||||
|
peer_external_gateway: null
|
||||||
|
peer_external_gateway_interface: null
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
router: vpn-net1-to-net-2
|
||||||
|
target_vpn_gateway: null
|
||||||
|
vpn_gateway_interface: 0
|
||||||
|
module.vpn-1.google_compute_vpn_tunnel.tunnels["remote-1"]:
|
||||||
|
description: null
|
||||||
|
ike_version: 2
|
||||||
|
name: net1-to-net-2-remote-1
|
||||||
|
peer_external_gateway: null
|
||||||
|
peer_external_gateway_interface: null
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
router: vpn-net1-to-net-2
|
||||||
|
target_vpn_gateway: null
|
||||||
|
vpn_gateway_interface: 1
|
||||||
|
module.vpn-1.random_id.secret:
|
||||||
|
byte_length: 8
|
||||||
|
module.vpn-2.google_compute_ha_vpn_gateway.ha_gateway[0]:
|
||||||
|
description: Terraform managed external VPN gateway
|
||||||
|
name: net2-to-net1
|
||||||
|
network: projects/xxx/global/networks/ccc
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
stack_type: IPV4_ONLY
|
||||||
|
module.vpn-2.google_compute_router.router[0]:
|
||||||
|
bgp:
|
||||||
|
- advertise_mode: DEFAULT
|
||||||
|
advertised_groups: []
|
||||||
|
advertised_ip_ranges: []
|
||||||
|
asn: 64513
|
||||||
|
keepalive_interval: 20
|
||||||
|
description: null
|
||||||
|
encrypted_interconnect_router: null
|
||||||
|
name: vpn-net2-to-net1
|
||||||
|
network: projects/xxx/global/networks/ccc
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
module.vpn-2.google_compute_router_interface.router_interface["remote-0"]:
|
||||||
|
interconnect_attachment: null
|
||||||
|
ip_range: 169.254.1.1/30
|
||||||
|
name: net2-to-net1-remote-0
|
||||||
|
private_ip_address: null
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
router: vpn-net2-to-net1
|
||||||
|
subnetwork: null
|
||||||
|
vpn_tunnel: net2-to-net1-remote-0
|
||||||
|
module.vpn-2.google_compute_router_interface.router_interface["remote-1"]:
|
||||||
|
interconnect_attachment: null
|
||||||
|
ip_range: 169.254.2.1/30
|
||||||
|
name: net2-to-net1-remote-1
|
||||||
|
private_ip_address: null
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
router: vpn-net2-to-net1
|
||||||
|
subnetwork: null
|
||||||
|
vpn_tunnel: net2-to-net1-remote-1
|
||||||
|
module.vpn-2.google_compute_router_peer.bgp_peer["remote-0"]:
|
||||||
|
advertise_mode: DEFAULT
|
||||||
|
advertised_groups: []
|
||||||
|
advertised_ip_ranges: []
|
||||||
|
advertised_route_priority: 1000
|
||||||
|
enable: true
|
||||||
|
enable_ipv6: false
|
||||||
|
interface: net2-to-net1-remote-0
|
||||||
|
name: net2-to-net1-remote-0
|
||||||
|
peer_asn: 64514
|
||||||
|
peer_ip_address: 169.254.1.2
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
router: vpn-net2-to-net1
|
||||||
|
router_appliance_instance: null
|
||||||
|
module.vpn-2.google_compute_router_peer.bgp_peer["remote-1"]:
|
||||||
|
advertise_mode: DEFAULT
|
||||||
|
advertised_groups: []
|
||||||
|
advertised_ip_ranges: []
|
||||||
|
advertised_route_priority: 1000
|
||||||
|
enable: true
|
||||||
|
enable_ipv6: false
|
||||||
|
interface: net2-to-net1-remote-1
|
||||||
|
name: net2-to-net1-remote-1
|
||||||
|
peer_asn: 64514
|
||||||
|
peer_ip_address: 169.254.2.2
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
router: vpn-net2-to-net1
|
||||||
|
router_appliance_instance: null
|
||||||
|
module.vpn-2.google_compute_vpn_tunnel.tunnels["remote-0"]:
|
||||||
|
description: null
|
||||||
|
ike_version: 2
|
||||||
|
name: net2-to-net1-remote-0
|
||||||
|
peer_external_gateway: null
|
||||||
|
peer_external_gateway_interface: null
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
router: vpn-net2-to-net1
|
||||||
|
target_vpn_gateway: null
|
||||||
|
vpn_gateway_interface: 0
|
||||||
|
module.vpn-2.google_compute_vpn_tunnel.tunnels["remote-1"]:
|
||||||
|
description: null
|
||||||
|
ike_version: 2
|
||||||
|
name: net2-to-net1-remote-1
|
||||||
|
peer_external_gateway: null
|
||||||
|
peer_external_gateway_interface: null
|
||||||
|
project: project-id
|
||||||
|
region: europe-west4
|
||||||
|
router: vpn-net2-to-net1
|
||||||
|
target_vpn_gateway: null
|
||||||
|
vpn_gateway_interface: 1
|
||||||
|
module.vpn-2.random_id.secret:
|
||||||
|
byte_length: 8
|
||||||
|
|
||||||
|
counts:
|
||||||
|
google_compute_ha_vpn_gateway: 2
|
||||||
|
google_compute_router: 2
|
||||||
|
google_compute_router_interface: 4
|
||||||
|
google_compute_router_peer: 4
|
||||||
|
google_compute_vpn_tunnel: 4
|
||||||
|
modules: 2
|
||||||
|
random_id: 2
|
||||||
|
resources: 18
|
|
@ -0,0 +1,130 @@
|
||||||
|
# Copyright 2023 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
values:
|
||||||
|
module.vpn_ha.google_compute_external_vpn_gateway.external_gateway["default"]:
|
||||||
|
description: Terraform managed external VPN gateway
|
||||||
|
interface:
|
||||||
|
- id: 0
|
||||||
|
ip_address: 8.8.8.8
|
||||||
|
name: mynet-to-onprem-default
|
||||||
|
project: project-id
|
||||||
|
redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
|
||||||
|
module.vpn_ha.google_compute_ha_vpn_gateway.ha_gateway[0]:
|
||||||
|
description: Terraform managed external VPN gateway
|
||||||
|
name: mynet-to-onprem
|
||||||
|
network: projects/xxx/global/networks/aaa
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
stack_type: IPV4_ONLY
|
||||||
|
module.vpn_ha.google_compute_router.router[0]:
|
||||||
|
bgp:
|
||||||
|
- advertise_mode: DEFAULT
|
||||||
|
advertised_groups: []
|
||||||
|
advertised_ip_ranges: []
|
||||||
|
asn: 64514
|
||||||
|
keepalive_interval: 20
|
||||||
|
description: null
|
||||||
|
encrypted_interconnect_router: null
|
||||||
|
name: vpn-mynet-to-onprem
|
||||||
|
network: projects/xxx/global/networks/aaa
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
module.vpn_ha.google_compute_router_interface.router_interface["remote-0"]:
|
||||||
|
interconnect_attachment: null
|
||||||
|
ip_range: 169.254.1.2/30
|
||||||
|
name: mynet-to-onprem-remote-0
|
||||||
|
private_ip_address: null
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
router: vpn-mynet-to-onprem
|
||||||
|
subnetwork: null
|
||||||
|
vpn_tunnel: mynet-to-onprem-remote-0
|
||||||
|
module.vpn_ha.google_compute_router_interface.router_interface["remote-1"]:
|
||||||
|
interconnect_attachment: null
|
||||||
|
ip_range: 169.254.2.2/30
|
||||||
|
name: mynet-to-onprem-remote-1
|
||||||
|
private_ip_address: null
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
router: vpn-mynet-to-onprem
|
||||||
|
subnetwork: null
|
||||||
|
vpn_tunnel: mynet-to-onprem-remote-1
|
||||||
|
module.vpn_ha.google_compute_router_peer.bgp_peer["remote-0"]:
|
||||||
|
advertise_mode: DEFAULT
|
||||||
|
advertised_groups: []
|
||||||
|
advertised_ip_ranges: []
|
||||||
|
advertised_route_priority: 1000
|
||||||
|
enable: true
|
||||||
|
enable_ipv6: false
|
||||||
|
interface: mynet-to-onprem-remote-0
|
||||||
|
name: mynet-to-onprem-remote-0
|
||||||
|
peer_asn: 64513
|
||||||
|
peer_ip_address: 169.254.1.1
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
router: vpn-mynet-to-onprem
|
||||||
|
router_appliance_instance: null
|
||||||
|
module.vpn_ha.google_compute_router_peer.bgp_peer["remote-1"]:
|
||||||
|
advertise_mode: DEFAULT
|
||||||
|
advertised_groups: []
|
||||||
|
advertised_ip_ranges: []
|
||||||
|
advertised_route_priority: 1000
|
||||||
|
enable: true
|
||||||
|
enable_ipv6: false
|
||||||
|
interface: mynet-to-onprem-remote-1
|
||||||
|
name: mynet-to-onprem-remote-1
|
||||||
|
peer_asn: 64513
|
||||||
|
peer_ip_address: 169.254.2.1
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
router: vpn-mynet-to-onprem
|
||||||
|
router_appliance_instance: null
|
||||||
|
module.vpn_ha.google_compute_vpn_tunnel.tunnels["remote-0"]:
|
||||||
|
description: null
|
||||||
|
ike_version: 2
|
||||||
|
name: mynet-to-onprem-remote-0
|
||||||
|
peer_external_gateway_interface: 0
|
||||||
|
peer_gcp_gateway: null
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
router: vpn-mynet-to-onprem
|
||||||
|
shared_secret: mySecret
|
||||||
|
target_vpn_gateway: null
|
||||||
|
vpn_gateway_interface: 0
|
||||||
|
module.vpn_ha.google_compute_vpn_tunnel.tunnels["remote-1"]:
|
||||||
|
description: null
|
||||||
|
ike_version: 2
|
||||||
|
name: mynet-to-onprem-remote-1
|
||||||
|
peer_external_gateway_interface: 0
|
||||||
|
peer_gcp_gateway: null
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
router: vpn-mynet-to-onprem
|
||||||
|
shared_secret: mySecret
|
||||||
|
target_vpn_gateway: null
|
||||||
|
vpn_gateway_interface: 1
|
||||||
|
module.vpn_ha.random_id.secret:
|
||||||
|
byte_length: 8
|
||||||
|
|
||||||
|
counts:
|
||||||
|
google_compute_external_vpn_gateway: 1
|
||||||
|
google_compute_ha_vpn_gateway: 1
|
||||||
|
google_compute_router: 1
|
||||||
|
google_compute_router_interface: 2
|
||||||
|
google_compute_router_peer: 2
|
||||||
|
google_compute_vpn_tunnel: 2
|
||||||
|
modules: 1
|
||||||
|
random_id: 1
|
||||||
|
resources: 10
|
|
@ -0,0 +1,135 @@
|
||||||
|
# Copyright 2023 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
values:
|
||||||
|
module.vpn_ha.google_compute_external_vpn_gateway.external_gateway["default"]:
|
||||||
|
description: Terraform managed external VPN gateway
|
||||||
|
interface:
|
||||||
|
- id: 0
|
||||||
|
ip_address: 8.8.8.8
|
||||||
|
labels: null
|
||||||
|
name: mynet-to-onprem-default
|
||||||
|
project: project-id
|
||||||
|
redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
|
||||||
|
module.vpn_ha.google_compute_ha_vpn_gateway.ha_gateway[0]:
|
||||||
|
description: Terraform managed external VPN gateway
|
||||||
|
name: mynet-to-onprem
|
||||||
|
network: projects/xxx/global/networks/aaa
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
stack_type: IPV4_IPV6
|
||||||
|
module.vpn_ha.google_compute_router.router[0]:
|
||||||
|
bgp:
|
||||||
|
- advertise_mode: DEFAULT
|
||||||
|
advertised_groups: []
|
||||||
|
advertised_ip_ranges: []
|
||||||
|
asn: 64514
|
||||||
|
keepalive_interval: 20
|
||||||
|
description: null
|
||||||
|
encrypted_interconnect_router: null
|
||||||
|
name: vpn-mynet-to-onprem
|
||||||
|
network: projects/xxx/global/networks/aaa
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
module.vpn_ha.google_compute_router_interface.router_interface["remote-0"]:
|
||||||
|
interconnect_attachment: null
|
||||||
|
ip_range: 169.254.1.2/30
|
||||||
|
name: mynet-to-onprem-remote-0
|
||||||
|
private_ip_address: null
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
router: vpn-mynet-to-onprem
|
||||||
|
subnetwork: null
|
||||||
|
vpn_tunnel: mynet-to-onprem-remote-0
|
||||||
|
module.vpn_ha.google_compute_router_interface.router_interface["remote-1"]:
|
||||||
|
interconnect_attachment: null
|
||||||
|
ip_range: 169.254.2.2/30
|
||||||
|
name: mynet-to-onprem-remote-1
|
||||||
|
private_ip_address: null
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
router: vpn-mynet-to-onprem
|
||||||
|
subnetwork: null
|
||||||
|
vpn_tunnel: mynet-to-onprem-remote-1
|
||||||
|
module.vpn_ha.google_compute_router_peer.bgp_peer["remote-0"]:
|
||||||
|
advertise_mode: DEFAULT
|
||||||
|
advertised_groups: []
|
||||||
|
advertised_ip_ranges: []
|
||||||
|
advertised_route_priority: 1000
|
||||||
|
enable: true
|
||||||
|
enable_ipv6: true
|
||||||
|
interface: mynet-to-onprem-remote-0
|
||||||
|
name: mynet-to-onprem-remote-0
|
||||||
|
peer_asn: 64513
|
||||||
|
peer_ip_address: 169.254.1.1
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
router: vpn-mynet-to-onprem
|
||||||
|
router_appliance_instance: null
|
||||||
|
module.vpn_ha.google_compute_router_peer.bgp_peer["remote-1"]:
|
||||||
|
advertise_mode: DEFAULT
|
||||||
|
advertised_groups: []
|
||||||
|
advertised_ip_ranges: []
|
||||||
|
advertised_route_priority: 1000
|
||||||
|
enable: true
|
||||||
|
enable_ipv6: true
|
||||||
|
interface: mynet-to-onprem-remote-1
|
||||||
|
ipv6_nexthop_address: 2600:2d00:0:2::1
|
||||||
|
name: mynet-to-onprem-remote-1
|
||||||
|
peer_asn: 64513
|
||||||
|
peer_ip_address: 169.254.2.1
|
||||||
|
peer_ipv6_nexthop_address: 2600:2d00:0:3::1
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
router: vpn-mynet-to-onprem
|
||||||
|
router_appliance_instance: null
|
||||||
|
module.vpn_ha.google_compute_vpn_tunnel.tunnels["remote-0"]:
|
||||||
|
description: null
|
||||||
|
ike_version: 2
|
||||||
|
name: mynet-to-onprem-remote-0
|
||||||
|
peer_external_gateway_interface: 0
|
||||||
|
peer_gcp_gateway: null
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
router: vpn-mynet-to-onprem
|
||||||
|
shared_secret: mySecret
|
||||||
|
target_vpn_gateway: null
|
||||||
|
vpn_gateway_interface: 0
|
||||||
|
module.vpn_ha.google_compute_vpn_tunnel.tunnels["remote-1"]:
|
||||||
|
description: null
|
||||||
|
ike_version: 2
|
||||||
|
name: mynet-to-onprem-remote-1
|
||||||
|
peer_external_gateway_interface: 0
|
||||||
|
peer_gcp_gateway: null
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
router: vpn-mynet-to-onprem
|
||||||
|
shared_secret: mySecret
|
||||||
|
target_vpn_gateway: null
|
||||||
|
vpn_gateway_interface: 1
|
||||||
|
module.vpn_ha.random_id.secret:
|
||||||
|
byte_length: 8
|
||||||
|
keepers: null
|
||||||
|
prefix: null
|
||||||
|
|
||||||
|
counts:
|
||||||
|
google_compute_external_vpn_gateway: 1
|
||||||
|
google_compute_ha_vpn_gateway: 1
|
||||||
|
google_compute_router: 1
|
||||||
|
google_compute_router_interface: 2
|
||||||
|
google_compute_router_peer: 2
|
||||||
|
google_compute_vpn_tunnel: 2
|
||||||
|
modules: 1
|
||||||
|
random_id: 1
|
||||||
|
resources: 10
|
Loading…
Reference in New Issue