Update VPN-HA module to tf1.3 (wip)
This commit is contained in:
parent
f9f42729b4
commit
798d3a4136
|
@ -20,24 +20,22 @@ module "landing-to-dev-vpn-r1" {
|
|||
network = module.landing-vpc.self_link
|
||||
region = var.regions.r1
|
||||
name = "${var.prefix}-lnd-to-dev-r1"
|
||||
router_create = false
|
||||
router_name = "${var.prefix}-lnd-vpn-r1"
|
||||
# router is created and managed by the production VPN module
|
||||
# so we don't configure advertisements here
|
||||
peer_gcp_gateway = module.dev-to-landing-vpn-r1.self_link
|
||||
router_config = {
|
||||
create = false
|
||||
name = "${var.prefix}-lnd-vpn-r1"
|
||||
asn = 64514
|
||||
}
|
||||
peer_gateway = { gcp = module.dev-to-landing-vpn-r1.self_link }
|
||||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
address = "169.254.2.2"
|
||||
asn = var.vpn_configs.dev-r1.asn
|
||||
}
|
||||
# use this attribute to configure different advertisements for dev
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.2.1/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = null
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
1 = {
|
||||
|
@ -45,13 +43,8 @@ module "landing-to-dev-vpn-r1" {
|
|||
address = "169.254.2.6"
|
||||
asn = var.vpn_configs.dev-r1.asn
|
||||
}
|
||||
# use this attribute to configure different advertisements for dev
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.2.5/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = null
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
}
|
||||
|
@ -63,30 +56,24 @@ module "dev-to-landing-vpn-r1" {
|
|||
network = module.dev-vpc.self_link
|
||||
region = var.regions.r1
|
||||
name = "${var.prefix}-dev-to-lnd-r1"
|
||||
router_create = true
|
||||
router_name = "${var.prefix}-dev-vpn-r1"
|
||||
router_asn = var.vpn_configs.dev-r1.asn
|
||||
router_advertise_config = (
|
||||
var.vpn_configs.dev-r1.custom_ranges == null
|
||||
? null
|
||||
: {
|
||||
groups = null
|
||||
router_config = {
|
||||
name = "${var.prefix}-dev-vpn-r1"
|
||||
asn = var.vpn_configs.dev-r1.asn
|
||||
router_advertise_config = {
|
||||
all_subnets = false
|
||||
ip_ranges = coalesce(var.vpn_configs.dev-r1.custom_ranges, {})
|
||||
mode = "CUSTOM"
|
||||
}
|
||||
)
|
||||
peer_gcp_gateway = module.landing-to-dev-vpn-r1.self_link
|
||||
}
|
||||
peer_gateway = { gcp = module.landing-to-dev-vpn-r1.self_link }
|
||||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
address = "169.254.2.1"
|
||||
asn = var.vpn_configs.land-r1.asn
|
||||
}
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.2.2/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = module.landing-to-dev-vpn-r1.random_secret
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
|
@ -95,11 +82,8 @@ module "dev-to-landing-vpn-r1" {
|
|||
address = "169.254.2.5"
|
||||
asn = var.vpn_configs.land-r1.asn
|
||||
}
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.2.6/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = module.landing-to-dev-vpn-r1.random_secret
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
|
|
|
@ -20,31 +20,23 @@ module "landing-to-prod-vpn-r1" {
|
|||
network = module.landing-vpc.self_link
|
||||
region = var.regions.r1
|
||||
name = "${var.prefix}-lnd-to-prd-r1"
|
||||
router_create = true
|
||||
router_name = "${var.prefix}-lnd-vpn-r1"
|
||||
router_asn = var.vpn_configs.land-r1.asn
|
||||
router_advertise_config = (
|
||||
var.vpn_configs.land-r1.custom_ranges == null
|
||||
? null
|
||||
: {
|
||||
groups = null
|
||||
router_config = {
|
||||
name = "${var.prefix}-lnd-vpn-r1"
|
||||
asn = var.vpn_configs.land-r1.asn
|
||||
custom_advertise = {
|
||||
all_subnets = false
|
||||
ip_ranges = coalesce(var.vpn_configs.land-r1.custom_ranges, {})
|
||||
mode = "CUSTOM"
|
||||
}
|
||||
)
|
||||
peer_gcp_gateway = module.prod-to-landing-vpn-r1.self_link
|
||||
}
|
||||
peer_gateway = { gcp = module.prod-to-landing-vpn-r1.self_link }
|
||||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
address = "169.254.0.2"
|
||||
asn = var.vpn_configs.prod-r1.asn
|
||||
}
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.0.1/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = null
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
1 = {
|
||||
|
@ -52,12 +44,8 @@ module "landing-to-prod-vpn-r1" {
|
|||
address = "169.254.0.6"
|
||||
asn = var.vpn_configs.prod-r1.asn
|
||||
}
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.0.5/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = null
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
}
|
||||
|
@ -69,32 +57,24 @@ module "prod-to-landing-vpn-r1" {
|
|||
network = module.prod-vpc.self_link
|
||||
region = var.regions.r1
|
||||
name = "${var.prefix}-prd-to-lnd-r1"
|
||||
router_create = true
|
||||
router_name = "${var.prefix}-prd-vpn-r1"
|
||||
router_asn = var.vpn_configs.prod-r1.asn
|
||||
router_config = {
|
||||
name = "${var.prefix}-prd-vpn-r1"
|
||||
asn = var.vpn_configs.prod-r1.asn
|
||||
# the router is managed here but shared with the dev VPN
|
||||
router_advertise_config = (
|
||||
var.vpn_configs.prod-r1.custom_ranges == null
|
||||
? null
|
||||
: {
|
||||
groups = null
|
||||
custom_advertise = {
|
||||
all_subnets = false
|
||||
ip_ranges = coalesce(var.vpn_configs.prod-r1.custom_ranges, {})
|
||||
mode = "CUSTOM"
|
||||
}
|
||||
)
|
||||
peer_gcp_gateway = module.landing-to-prod-vpn-r1.self_link
|
||||
}
|
||||
peer_gateway = { gcp = module.landing-to-prod-vpn-r1.self_link }
|
||||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
address = "169.254.0.1"
|
||||
asn = var.vpn_configs.land-r1.asn
|
||||
}
|
||||
# use this attribute to configure different advertisements for prod
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.0.2/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = module.landing-to-prod-vpn-r1.random_secret
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
|
@ -103,12 +83,8 @@ module "prod-to-landing-vpn-r1" {
|
|||
address = "169.254.0.5"
|
||||
asn = var.vpn_configs.land-r1.asn
|
||||
}
|
||||
# use this attribute to configure different advertisements for prod
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.0.6/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = module.landing-to-prod-vpn-r1.random_secret
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
|
|
|
@ -79,40 +79,32 @@ module "vpn-onprem" {
|
|||
region = var.region
|
||||
network = module.vpc-onprem.self_link
|
||||
name = "${var.name}-onprem-to-hub"
|
||||
router_asn = 65001
|
||||
router_advertise_config = {
|
||||
groups = ["ALL_SUBNETS"]
|
||||
ip_ranges = {
|
||||
router_config = {
|
||||
asn = 65001
|
||||
custom_advertise = {
|
||||
all_subnets = true
|
||||
ip_ranges = {}
|
||||
}
|
||||
mode = "CUSTOM"
|
||||
}
|
||||
peer_gcp_gateway = module.vpn-hub.self_link
|
||||
peer_gateway = { gcp = module.vpn-hub.self_link }
|
||||
tunnels = {
|
||||
tunnel-0 = {
|
||||
bgp_peer = {
|
||||
address = "169.254.0.2"
|
||||
asn = 65002
|
||||
}
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.0.1/30"
|
||||
ike_version = 2
|
||||
vpn_gateway_interface = 0
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = ""
|
||||
}
|
||||
tunnel-1 = {
|
||||
bgp_peer = {
|
||||
address = "169.254.0.6"
|
||||
asn = 65002
|
||||
}
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.0.5/30"
|
||||
ike_version = 2
|
||||
vpn_gateway_interface = 1
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = ""
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -123,15 +115,17 @@ module "vpn-hub" {
|
|||
region = var.region
|
||||
network = module.vpc-hub.name
|
||||
name = "${var.name}-hub-to-onprem"
|
||||
router_asn = 65002
|
||||
peer_gcp_gateway = module.vpn-onprem.self_link
|
||||
router_advertise_config = {
|
||||
groups = ["ALL_SUBNETS"]
|
||||
router_config = {
|
||||
asn = 65002
|
||||
custom_advertise = {
|
||||
all_subnets = true
|
||||
ip_ranges = {
|
||||
(var.psc_endpoint) = "to-psc-endpoint"
|
||||
}
|
||||
mode = "CUSTOM"
|
||||
}
|
||||
}
|
||||
peer_gateway = { gcp = module.vpn-onprem.self_link }
|
||||
|
||||
tunnels = {
|
||||
tunnel-0 = {
|
||||
bgp_peer = {
|
||||
|
|
|
@ -235,10 +235,7 @@ variable "vpn_onprem_configs" {
|
|||
})
|
||||
peer_external_gateway = object({
|
||||
redundancy_type = string
|
||||
interfaces = list(object({
|
||||
id = number
|
||||
ip_address = string
|
||||
}))
|
||||
interfaces = list(string)
|
||||
})
|
||||
tunnels = list(object({
|
||||
peer_asn = number
|
||||
|
@ -258,9 +255,7 @@ variable "vpn_onprem_configs" {
|
|||
}
|
||||
peer_external_gateway = {
|
||||
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
|
||||
interfaces = [
|
||||
{ id = 0, ip_address = "8.8.8.8" },
|
||||
]
|
||||
interfaces = ["8.8.8.8"]
|
||||
}
|
||||
tunnels = [
|
||||
{
|
||||
|
@ -288,9 +283,7 @@ variable "vpn_onprem_configs" {
|
|||
}
|
||||
peer_external_gateway = {
|
||||
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
|
||||
interfaces = [
|
||||
{ id = 0, ip_address = "8.8.8.8" },
|
||||
]
|
||||
interfaces = ["8.8.8.8"]
|
||||
}
|
||||
tunnels = [
|
||||
{
|
||||
|
|
|
@ -39,10 +39,13 @@ module "landing-to-onprem-ew1-vpn" {
|
|||
network = module.landing-trusted-vpc.self_link
|
||||
region = "europe-west1"
|
||||
name = "vpn-to-onprem-ew1"
|
||||
router_create = true
|
||||
router_name = "landing-onprem-vpn-ew1"
|
||||
router_asn = var.router_configs.landing-trusted-ew1.asn
|
||||
peer_external_gateway = var.vpn_onprem_configs.landing-trusted-ew1.peer_external_gateway
|
||||
router_config = {
|
||||
name = "landing-onprem-vpn-ew1"
|
||||
asn = var.router_configs.landing-trusted-ew1.asn
|
||||
}
|
||||
peer_gateway = {
|
||||
external = var.vpn_onprem_configs.landing-trusted-ew1.peer_external_gateway
|
||||
}
|
||||
tunnels = {
|
||||
for t in var.vpn_onprem_configs.landing-trusted-ew1.tunnels :
|
||||
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {
|
||||
|
@ -68,10 +71,13 @@ module "landing-to-onprem-ew4-vpn" {
|
|||
network = module.landing-trusted-vpc.self_link
|
||||
region = "europe-west4"
|
||||
name = "vpn-to-onprem-ew4"
|
||||
router_create = true
|
||||
router_name = "landing-onprem-vpn-ew4"
|
||||
router_asn = var.router_configs.landing-trusted-ew4.asn
|
||||
peer_external_gateway = var.vpn_onprem_configs.landing-trusted-ew4.peer_external_gateway
|
||||
router_config = {
|
||||
name = "landing-onprem-vpn-ew4"
|
||||
asn = var.router_configs.landing-trusted-ew4.asn
|
||||
}
|
||||
peer_gateway = {
|
||||
external = var.vpn_onprem_configs.landing-trusted-ew4.peer_external_gateway
|
||||
}
|
||||
tunnels = {
|
||||
for t in var.vpn_onprem_configs.landing-trusted-ew4.tunnels :
|
||||
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {
|
||||
|
|
|
@ -213,10 +213,7 @@ variable "vpn_onprem_configs" {
|
|||
})
|
||||
peer_external_gateway = object({
|
||||
redundancy_type = string
|
||||
interfaces = list(object({
|
||||
id = number
|
||||
ip_address = string
|
||||
}))
|
||||
interfaces = list(string)
|
||||
})
|
||||
tunnels = list(object({
|
||||
peer_asn = number
|
||||
|
@ -236,9 +233,7 @@ variable "vpn_onprem_configs" {
|
|||
}
|
||||
peer_external_gateway = {
|
||||
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
|
||||
interfaces = [
|
||||
{ id = 0, ip_address = "8.8.8.8" },
|
||||
]
|
||||
interfaces = ["8.8.8.8"]
|
||||
}
|
||||
tunnels = [
|
||||
{
|
||||
|
|
|
@ -39,10 +39,13 @@ module "landing-to-onprem-ew1-vpn" {
|
|||
network = module.landing-vpc.self_link
|
||||
region = "europe-west1"
|
||||
name = "vpn-to-onprem-ew1"
|
||||
router_create = true
|
||||
router_name = "landing-onprem-vpn-ew1"
|
||||
router_asn = var.router_onprem_configs.landing-ew1.asn
|
||||
peer_external_gateway = var.vpn_onprem_configs.landing-ew1.peer_external_gateway
|
||||
router_config = {
|
||||
name = "landing-onprem-vpn-ew1"
|
||||
asn = var.router_onprem_configs.landing-ew1.asn
|
||||
}
|
||||
peer_gateway = {
|
||||
external = var.vpn_onprem_configs.landing-ew1.peer_external_gateway
|
||||
}
|
||||
tunnels = {
|
||||
for t in var.vpn_onprem_configs.landing-ew1.tunnels :
|
||||
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {
|
||||
|
@ -54,7 +57,6 @@ module "landing-to-onprem-ew1-vpn" {
|
|||
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = t.peer_external_gateway_interface
|
||||
router = null
|
||||
shared_secret = t.secret
|
||||
vpn_gateway_interface = t.vpn_gateway_interface
|
||||
}
|
||||
|
|
|
@ -207,10 +207,7 @@ variable "vpn_onprem_configs" {
|
|||
})
|
||||
peer_external_gateway = object({
|
||||
redundancy_type = string
|
||||
interfaces = list(object({
|
||||
id = number
|
||||
ip_address = string
|
||||
}))
|
||||
interfaces = list(string)
|
||||
})
|
||||
tunnels = list(object({
|
||||
peer_asn = number
|
||||
|
@ -230,9 +227,8 @@ variable "vpn_onprem_configs" {
|
|||
}
|
||||
peer_external_gateway = {
|
||||
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
|
||||
interfaces = [
|
||||
{ id = 0, ip_address = "8.8.8.8" },
|
||||
]
|
||||
interfaces = ["8.8.8.8"]
|
||||
|
||||
}
|
||||
tunnels = [
|
||||
{
|
||||
|
@ -260,9 +256,7 @@ variable "vpn_onprem_configs" {
|
|||
}
|
||||
peer_external_gateway = {
|
||||
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
|
||||
interfaces = [
|
||||
{ id = 0, ip_address = "8.8.8.8" },
|
||||
]
|
||||
interfaces = ["8.8.8.8"]
|
||||
}
|
||||
tunnels = [
|
||||
{
|
||||
|
|
|
@ -39,10 +39,13 @@ module "dev-to-onprem-ew1-vpn" {
|
|||
network = module.dev-spoke-vpc.self_link
|
||||
region = "europe-west1"
|
||||
name = "vpn-to-onprem-ew1"
|
||||
router_create = true
|
||||
router_name = "dev-onprem-vpn-ew1"
|
||||
router_asn = var.router_onprem_configs.dev-ew1.asn
|
||||
peer_external_gateway = var.vpn_onprem_configs.dev-ew1.peer_external_gateway
|
||||
router_config = {
|
||||
name = "dev-onprem-vpn-ew1"
|
||||
asn = var.router_onprem_configs.dev-ew1.asn
|
||||
}
|
||||
peer_gateway = {
|
||||
external = var.vpn_onprem_configs.dev-ew1.peer_external_gateway
|
||||
}
|
||||
tunnels = {
|
||||
for t in var.vpn_onprem_configs.dev-ew1.tunnels :
|
||||
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {
|
||||
|
@ -54,7 +57,6 @@ module "dev-to-onprem-ew1-vpn" {
|
|||
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = t.peer_external_gateway_interface
|
||||
router = null
|
||||
shared_secret = t.secret
|
||||
vpn_gateway_interface = t.vpn_gateway_interface
|
||||
}
|
||||
|
|
|
@ -23,10 +23,13 @@ module "prod-to-onprem-ew1-vpn" {
|
|||
network = module.prod-spoke-vpc.self_link
|
||||
region = "europe-west1"
|
||||
name = "vpn-to-onprem-ew1"
|
||||
router_create = true
|
||||
router_name = "prod-onprem-vpn-ew1"
|
||||
router_asn = var.router_onprem_configs.prod-ew1.asn
|
||||
peer_external_gateway = var.vpn_onprem_configs.prod-ew1.peer_external_gateway
|
||||
router_config = {
|
||||
name = "prod-onprem-vpn-ew1"
|
||||
asn = var.router_onprem_configs.prod-ew1.asn
|
||||
}
|
||||
peer_gateway = {
|
||||
external = var.vpn_onprem_configs.prod-ew1.peer_external_gateway
|
||||
}
|
||||
tunnels = {
|
||||
for t in var.vpn_onprem_configs.prod-ew1.tunnels :
|
||||
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {
|
||||
|
@ -38,7 +41,6 @@ module "prod-to-onprem-ew1-vpn" {
|
|||
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = t.peer_external_gateway_interface
|
||||
router = null
|
||||
shared_secret = t.secret
|
||||
vpn_gateway_interface = t.vpn_gateway_interface
|
||||
}
|
||||
|
|
|
@ -213,10 +213,7 @@ variable "vpn_onprem_configs" {
|
|||
})
|
||||
peer_external_gateway = object({
|
||||
redundancy_type = string
|
||||
interfaces = list(object({
|
||||
id = number
|
||||
ip_address = string
|
||||
}))
|
||||
interfaces = list(string)
|
||||
})
|
||||
tunnels = list(object({
|
||||
peer_asn = number
|
||||
|
@ -236,9 +233,7 @@ variable "vpn_onprem_configs" {
|
|||
}
|
||||
peer_external_gateway = {
|
||||
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
|
||||
interfaces = [
|
||||
{ id = 0, ip_address = "8.8.8.8" },
|
||||
]
|
||||
interfaces = ["8.8.8.8"]
|
||||
}
|
||||
tunnels = [
|
||||
{
|
||||
|
|
|
@ -39,10 +39,13 @@ module "landing-to-onprem-ew1-vpn" {
|
|||
network = module.landing-vpc.self_link
|
||||
region = "europe-west1"
|
||||
name = "vpn-to-onprem-ew1"
|
||||
router_create = true
|
||||
router_name = "landing-onprem-vpn-ew1"
|
||||
router_asn = var.router_onprem_configs.landing-ew1.asn
|
||||
peer_external_gateway = var.vpn_onprem_configs.landing-ew1.peer_external_gateway
|
||||
router_config = {
|
||||
name = "landing-onprem-vpn-ew1"
|
||||
asn = var.router_onprem_configs.landing-ew1.asn
|
||||
}
|
||||
peer_gateway = {
|
||||
external = var.vpn_onprem_configs.landing-ew1.peer_external_gateway
|
||||
}
|
||||
tunnels = {
|
||||
for t in var.vpn_onprem_configs.landing-ew1.tunnels :
|
||||
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {
|
||||
|
@ -54,7 +57,6 @@ module "landing-to-onprem-ew1-vpn" {
|
|||
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = t.peer_external_gateway_interface
|
||||
router = null
|
||||
shared_secret = t.secret
|
||||
vpn_gateway_interface = t.vpn_gateway_interface
|
||||
}
|
||||
|
|
|
@ -39,11 +39,13 @@ module "landing-to-dev-ew1-vpn" {
|
|||
network = module.landing-vpc.self_link
|
||||
region = "europe-west1"
|
||||
name = "vpn-to-dev-ew1"
|
||||
router_config = {
|
||||
# The router used for this VPN is managed in vpn-prod.tf
|
||||
router_create = false
|
||||
router_name = "landing-vpn-ew1"
|
||||
router_asn = var.router_spoke_configs.landing-ew1.asn
|
||||
peer_gcp_gateway = module.dev-to-landing-ew1-vpn.self_link
|
||||
create = false
|
||||
name = "landing-vpn-ew1"
|
||||
asn = var.router_spoke_configs.landing-ew1.asn
|
||||
}
|
||||
peer_gateway = { gcp = module.dev-to-landing-ew1-vpn.self_link }
|
||||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
|
@ -55,9 +57,6 @@ module "landing-to-dev-ew1-vpn" {
|
|||
cidrhost("169.254.0.0/27", 2)
|
||||
}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = null
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
1 = {
|
||||
|
@ -70,9 +69,6 @@ module "landing-to-dev-ew1-vpn" {
|
|||
cidrhost("169.254.0.0/27", 6)
|
||||
}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = null
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
}
|
||||
|
@ -87,10 +83,11 @@ module "dev-to-landing-ew1-vpn" {
|
|||
network = module.dev-spoke-vpc.self_link
|
||||
region = "europe-west1"
|
||||
name = "vpn-to-landing-ew1"
|
||||
router_create = true
|
||||
router_name = "dev-spoke-vpn-ew1"
|
||||
router_asn = var.router_spoke_configs.spoke-dev-ew1.asn
|
||||
peer_gcp_gateway = module.landing-to-dev-ew1-vpn.self_link
|
||||
router_config = {
|
||||
name = "dev-spoke-vpn-ew1"
|
||||
asn = var.router_spoke_configs.spoke-dev-ew1.asn
|
||||
}
|
||||
peer_gateway = { gcp = module.landing-to-dev-ew1-vpn.self_link }
|
||||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
|
@ -102,8 +99,6 @@ module "dev-to-landing-ew1-vpn" {
|
|||
cidrhost("169.254.0.0/27", 1)
|
||||
}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = module.landing-to-dev-ew1-vpn.random_secret
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
|
@ -117,8 +112,6 @@ module "dev-to-landing-ew1-vpn" {
|
|||
cidrhost("169.254.0.0/27", 5)
|
||||
}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = module.landing-to-dev-ew1-vpn.random_secret
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
|
|
|
@ -24,10 +24,11 @@ module "landing-to-prod-ew1-vpn" {
|
|||
network = module.landing-vpc.self_link
|
||||
region = "europe-west1"
|
||||
name = "vpn-to-prod-ew1"
|
||||
router_create = true
|
||||
router_name = "landing-vpn-ew1"
|
||||
router_asn = var.router_spoke_configs.landing-ew1.asn
|
||||
peer_gcp_gateway = module.prod-to-landing-ew1-vpn.self_link
|
||||
router_config = {
|
||||
name = "landing-vpn-ew1"
|
||||
asn = var.router_spoke_configs.landing-ew1.asn
|
||||
}
|
||||
peer_gateway = { gcp = module.prod-to-landing-ew1-vpn.self_link }
|
||||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
|
@ -39,9 +40,6 @@ module "landing-to-prod-ew1-vpn" {
|
|||
cidrhost("169.254.0.64/27", 2)
|
||||
}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = null
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
1 = {
|
||||
|
@ -54,9 +52,6 @@ module "landing-to-prod-ew1-vpn" {
|
|||
cidrhost("169.254.0.64/27", 6)
|
||||
}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = null
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
}
|
||||
|
@ -68,10 +63,11 @@ module "prod-to-landing-ew1-vpn" {
|
|||
network = module.prod-spoke-vpc.self_link
|
||||
region = "europe-west1"
|
||||
name = "vpn-to-landing-ew1"
|
||||
router_create = true
|
||||
router_name = "prod-spoke-vpn-ew1"
|
||||
router_asn = var.router_spoke_configs.spoke-prod-ew1.asn
|
||||
peer_gcp_gateway = module.landing-to-prod-ew1-vpn.self_link
|
||||
router_config = {
|
||||
name = "prod-spoke-vpn-ew1"
|
||||
asn = var.router_spoke_configs.spoke-prod-ew1.asn
|
||||
}
|
||||
peer_gateway = { gcp = module.landing-to-prod-ew1-vpn.self_link }
|
||||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
|
|
|
@ -24,10 +24,11 @@ module "landing-to-prod-ew4-vpn" {
|
|||
network = module.landing-vpc.self_link
|
||||
region = "europe-west4"
|
||||
name = "vpn-to-prod-ew4"
|
||||
router_create = true
|
||||
router_name = "landing-vpn-ew4"
|
||||
router_asn = var.router_spoke_configs.landing-ew4.asn
|
||||
peer_gcp_gateway = module.prod-to-landing-ew4-vpn.self_link
|
||||
router_config = {
|
||||
name = "landing-vpn-ew4"
|
||||
asn = var.router_spoke_configs.landing-ew4.asn
|
||||
}
|
||||
peer_gateway = { gcp = module.prod-to-landing-ew4-vpn.self_link }
|
||||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
|
@ -39,9 +40,6 @@ module "landing-to-prod-ew4-vpn" {
|
|||
cidrhost("169.254.0.96/27", 2)
|
||||
}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = null
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
1 = {
|
||||
|
@ -54,9 +52,6 @@ module "landing-to-prod-ew4-vpn" {
|
|||
cidrhost("169.254.0.96/27", 6)
|
||||
}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = null
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
}
|
||||
|
@ -68,10 +63,11 @@ module "prod-to-landing-ew4-vpn" {
|
|||
network = module.prod-spoke-vpc.self_link
|
||||
region = "europe-west4"
|
||||
name = "vpn-to-landing-ew4"
|
||||
router_create = true
|
||||
router_name = "prod-spoke-vpn-ew4"
|
||||
router_asn = var.router_spoke_configs.spoke-prod-ew4.asn
|
||||
peer_gcp_gateway = module.landing-to-prod-ew4-vpn.self_link
|
||||
router_config = {
|
||||
name = "prod-spoke-vpn-ew4"
|
||||
asn = var.router_spoke_configs.spoke-prod-ew4.asn
|
||||
}
|
||||
peer_gateway = { gcp = module.landing-to-prod-ew4-vpn.self_link }
|
||||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
|
@ -83,8 +79,6 @@ module "prod-to-landing-ew4-vpn" {
|
|||
cidrhost("169.254.0.96/27", 1)
|
||||
}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = module.landing-to-prod-ew4-vpn.random_secret
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
|
@ -98,8 +92,6 @@ module "prod-to-landing-ew4-vpn" {
|
|||
cidrhost("169.254.0.96/27", 5)
|
||||
}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = module.landing-to-prod-ew4-vpn.random_secret
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
|
|
|
@ -5,20 +5,21 @@ This module makes it easy to deploy either GCP-to-GCP or GCP-to-On-prem [Cloud H
|
|||
|
||||
### GCP to GCP
|
||||
```hcl
|
||||
module "vpn_ha-1" {
|
||||
module "vpn-1" {
|
||||
source = "./fabric/modules/net-vpn-ha"
|
||||
project_id = "<PROJECT_ID>"
|
||||
project_id = var.project_id
|
||||
region = "europe-west4"
|
||||
network = "https://www.googleapis.com/compute/v1/projects/<PROJECT_ID>/global/networks/network-1"
|
||||
network = var.vpc1.self_link
|
||||
name = "net1-to-net-2"
|
||||
peer_gcp_gateway = module.vpn_ha-2.self_link
|
||||
router_asn = 64514
|
||||
router_advertise_config = {
|
||||
groups = ["ALL_SUBNETS"]
|
||||
peer_gateway = { gcp = module.vpn-2.self_link }
|
||||
router_config = {
|
||||
asn = 64514
|
||||
custom_advertise = {
|
||||
all_subnets = true
|
||||
ip_ranges = {
|
||||
"10.0.0.0/8" = "default"
|
||||
}
|
||||
mode = "CUSTOM"
|
||||
}
|
||||
}
|
||||
tunnels = {
|
||||
remote-0 = {
|
||||
|
@ -26,12 +27,7 @@ module "vpn_ha-1" {
|
|||
address = "169.254.1.1"
|
||||
asn = 64513
|
||||
}
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.1.2/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = ""
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
remote-1 = {
|
||||
|
@ -39,37 +35,29 @@ module "vpn_ha-1" {
|
|||
address = "169.254.2.1"
|
||||
asn = 64513
|
||||
}
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.2.2/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = ""
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "vpn_ha-2" {
|
||||
module "vpn-2" {
|
||||
source = "./fabric/modules/net-vpn-ha"
|
||||
project_id = "<PROJECT_ID>"
|
||||
project_id = var.project_id
|
||||
region = "europe-west4"
|
||||
network = "https://www.googleapis.com/compute/v1/projects/<PROJECT_ID>/global/networks/local-network"
|
||||
network = var.vpc2.self_link
|
||||
name = "net2-to-net1"
|
||||
router_asn = 64513
|
||||
peer_gcp_gateway = module.vpn_ha-1.self_link
|
||||
router_config = { asn = 64513 }
|
||||
peer_gateway = { gcp = module.vpn-1.self_link}
|
||||
tunnels = {
|
||||
remote-0 = {
|
||||
bgp_peer = {
|
||||
address = "169.254.1.2"
|
||||
asn = 64514
|
||||
}
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.1.1/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = module.vpn_ha-1.random_secret
|
||||
shared_secret = module.vpn-1.random_secret
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
remote-1 = {
|
||||
|
@ -77,12 +65,9 @@ module "vpn_ha-2" {
|
|||
address = "169.254.2.2"
|
||||
asn = 64514
|
||||
}
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.2.1/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = null
|
||||
router = null
|
||||
shared_secret = module.vpn_ha-1.random_secret
|
||||
shared_secret = module.vpn-1.random_secret
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
}
|
||||
|
@ -101,25 +86,21 @@ module "vpn_ha" {
|
|||
region = var.region
|
||||
network = var.vpc.self_link
|
||||
name = "mynet-to-onprem"
|
||||
peer_external_gateway = {
|
||||
peer_gateway = {
|
||||
external = {
|
||||
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
|
||||
interfaces = [{
|
||||
id = 0
|
||||
ip_address = "8.8.8.8" # on-prem router ip address
|
||||
}]
|
||||
interfaces = ["8.8.8.8"] # on-prem router ip address
|
||||
}
|
||||
router_asn = 64514
|
||||
}
|
||||
router_config = { asn = 64514 }
|
||||
tunnels = {
|
||||
remote-0 = {
|
||||
bgp_peer = {
|
||||
address = "169.254.1.1"
|
||||
asn = 64513
|
||||
}
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.1.2/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = 0
|
||||
router = null
|
||||
shared_secret = "mySecret"
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
|
@ -128,11 +109,8 @@ module "vpn_ha" {
|
|||
address = "169.254.2.1"
|
||||
asn = 64513
|
||||
}
|
||||
bgp_peer_options = null
|
||||
bgp_session_range = "169.254.2.2/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = 0
|
||||
router = null
|
||||
shared_secret = "mySecret"
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
|
|
|
@ -16,28 +16,17 @@
|
|||
*/
|
||||
|
||||
locals {
|
||||
peer_external_gateway = (
|
||||
var.peer_external_gateway != null
|
||||
? google_compute_external_vpn_gateway.external_gateway[0].self_link
|
||||
: null
|
||||
|
||||
)
|
||||
router = (
|
||||
var.router_create
|
||||
? try(google_compute_router.router[0].name, null)
|
||||
: var.router_name
|
||||
)
|
||||
vpn_gateway = (
|
||||
var.vpn_gateway_create
|
||||
? try(google_compute_ha_vpn_gateway.ha_gateway[0].self_link, null)
|
||||
: var.vpn_gateway
|
||||
var.router_config.create
|
||||
? google_compute_router.router[0].name
|
||||
: var.router_config.name
|
||||
)
|
||||
vpn_gateway = one(google_compute_ha_vpn_gateway.ha_gateway[*].self_link)
|
||||
secret = random_id.secret.b64_url
|
||||
}
|
||||
|
||||
resource "google_compute_ha_vpn_gateway" "ha_gateway" {
|
||||
provider = google-beta
|
||||
count = var.vpn_gateway_create ? 1 : 0
|
||||
count = var.vpn_gateway == null ? 1 : 0
|
||||
name = var.name
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
|
@ -45,55 +34,47 @@ resource "google_compute_ha_vpn_gateway" "ha_gateway" {
|
|||
}
|
||||
|
||||
resource "google_compute_external_vpn_gateway" "external_gateway" {
|
||||
provider = google-beta
|
||||
count = var.peer_external_gateway != null ? 1 : 0
|
||||
count = var.peer_gateway.external != null ? 1 : 0
|
||||
name = "external-${var.name}"
|
||||
project = var.project_id
|
||||
redundancy_type = var.peer_external_gateway.redundancy_type
|
||||
redundancy_type = var.peer_gateway.external.redundancy_type
|
||||
description = "Terraform managed external VPN gateway"
|
||||
dynamic "interface" {
|
||||
for_each = var.peer_external_gateway.interfaces
|
||||
for_each = var.peer_gateway.external.interfaces
|
||||
content {
|
||||
id = interface.value.id
|
||||
ip_address = interface.value.ip_address
|
||||
id = interface.key
|
||||
ip_address = interface.value
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_router" "router" {
|
||||
count = var.router_create ? 1 : 0
|
||||
name = var.router_name == "" ? "vpn-${var.name}" : var.router_name
|
||||
count = var.router_config.create ? 1 : 0
|
||||
name = var.router_config.name == null ? "vpn-${var.name}" : var.router_config.name
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
network = var.network
|
||||
bgp {
|
||||
advertise_mode = (
|
||||
var.router_advertise_config == null
|
||||
? null
|
||||
: var.router_advertise_config.mode
|
||||
var.router_config.custom_advertise != null
|
||||
? "CUSTOM"
|
||||
: "DEFAULT"
|
||||
)
|
||||
advertised_groups = (
|
||||
var.router_advertise_config == null ? null : (
|
||||
var.router_advertise_config.mode != "CUSTOM"
|
||||
? null
|
||||
: var.router_advertise_config.groups
|
||||
)
|
||||
try(var.router_config.custom_advertise.all_subnets, false)
|
||||
? ["ALL_SUBNETS"]
|
||||
: []
|
||||
)
|
||||
dynamic "advertised_ip_ranges" {
|
||||
for_each = (
|
||||
var.router_advertise_config == null ? {} : (
|
||||
var.router_advertise_config.mode != "CUSTOM"
|
||||
? null
|
||||
: var.router_advertise_config.ip_ranges
|
||||
)
|
||||
)
|
||||
for_each = try(var.router_config.custom_advertise.ip_ranges, {})
|
||||
iterator = range
|
||||
content {
|
||||
range = range.key
|
||||
description = range.value
|
||||
}
|
||||
}
|
||||
asn = var.router_asn
|
||||
keepalive_interval = try(var.router_config.keepalive, null)
|
||||
asn = var.router_config.asn
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -105,31 +86,19 @@ resource "google_compute_router_peer" "bgp_peer" {
|
|||
router = local.router
|
||||
peer_ip_address = each.value.bgp_peer.address
|
||||
peer_asn = each.value.bgp_peer.asn
|
||||
advertised_route_priority = (
|
||||
each.value.bgp_peer_options == null ? var.route_priority : (
|
||||
each.value.bgp_peer_options.route_priority == null
|
||||
? var.route_priority
|
||||
: each.value.bgp_peer_options.route_priority
|
||||
)
|
||||
)
|
||||
advertised_route_priority = each.value.bgp_peer.route_priority
|
||||
advertise_mode = (
|
||||
each.value.bgp_peer_options == null ? null : each.value.bgp_peer_options.advertise_mode
|
||||
)
|
||||
advertised_groups = (
|
||||
each.value.bgp_peer_options == null ? null : (
|
||||
each.value.bgp_peer_options.advertise_mode != "CUSTOM"
|
||||
? null
|
||||
: each.value.bgp_peer_options.advertise_groups
|
||||
try(each.value.bgp_peer.custom_advertise, null) != null
|
||||
? "CUSTOM"
|
||||
: "DEFAULT"
|
||||
)
|
||||
advertised_groups = concat(
|
||||
try(each.value.bgp_peer.custom_advertise.all_subnets, false) ? ["ALL_SUBNETS"] : [],
|
||||
try(each.value.bgp_peer.custom_advertise.all_vpc_subnets, false) ? ["ALL_VPC_SUBNETS"] : [],
|
||||
try(each.value.bgp_peer.custom_advertise.all_peer_vpc_subnets, false) ? ["ALL_PEER_VPC_SUBNETS"] : []
|
||||
)
|
||||
dynamic "advertised_ip_ranges" {
|
||||
for_each = (
|
||||
each.value.bgp_peer_options == null ? {} : (
|
||||
each.value.bgp_peer_options.advertise_mode != "CUSTOM"
|
||||
? {}
|
||||
: each.value.bgp_peer_options.advertise_ip_ranges
|
||||
)
|
||||
)
|
||||
for_each = try(each.value.bgp_peer.custom_advertise.ip_ranges, {})
|
||||
iterator = range
|
||||
content {
|
||||
range = range.key
|
||||
|
@ -145,27 +114,23 @@ resource "google_compute_router_interface" "router_interface" {
|
|||
region = var.region
|
||||
name = "${var.name}-${each.key}"
|
||||
router = local.router
|
||||
# FIXME: can bgp_session_range be null?
|
||||
ip_range = each.value.bgp_session_range == "" ? null : each.value.bgp_session_range
|
||||
vpn_tunnel = google_compute_vpn_tunnel.tunnels[each.key].name
|
||||
}
|
||||
|
||||
resource "google_compute_vpn_tunnel" "tunnels" {
|
||||
provider = google-beta
|
||||
for_each = var.tunnels
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
name = "${var.name}-${each.key}"
|
||||
router = local.router
|
||||
peer_external_gateway = local.peer_external_gateway
|
||||
peer_external_gateway = one(google_compute_external_vpn_gateway.external_gateway[*].self_link)
|
||||
peer_external_gateway_interface = each.value.peer_external_gateway_interface
|
||||
peer_gcp_gateway = var.peer_gcp_gateway
|
||||
peer_gcp_gateway = var.peer_gateway.gcp
|
||||
vpn_gateway_interface = each.value.vpn_gateway_interface
|
||||
ike_version = each.value.ike_version
|
||||
shared_secret = (
|
||||
each.value.shared_secret == "" || each.value.shared_secret == null
|
||||
? local.secret
|
||||
: each.value.shared_secret
|
||||
)
|
||||
shared_secret = coalesce(each.value.shared_secret, local.secret)
|
||||
vpn_gateway = local.vpn_gateway
|
||||
}
|
||||
|
||||
|
|
|
@ -24,29 +24,17 @@ output "bgp_peers" {
|
|||
|
||||
output "external_gateway" {
|
||||
description = "External VPN gateway resource."
|
||||
value = (
|
||||
var.peer_external_gateway != null
|
||||
? google_compute_external_vpn_gateway.external_gateway[0]
|
||||
: null
|
||||
)
|
||||
value = one(google_compute_external_vpn_gateway.external_gateway[*])
|
||||
}
|
||||
|
||||
output "gateway" {
|
||||
description = "VPN gateway resource (only if auto-created)."
|
||||
value = (
|
||||
var.vpn_gateway_create
|
||||
? google_compute_ha_vpn_gateway.ha_gateway[0]
|
||||
: null
|
||||
)
|
||||
value = one(google_compute_ha_vpn_gateway.ha_gateway[*])
|
||||
}
|
||||
|
||||
output "name" {
|
||||
description = "VPN gateway name (only if auto-created). ."
|
||||
value = (
|
||||
var.vpn_gateway_create
|
||||
? google_compute_ha_vpn_gateway.ha_gateway[0].name
|
||||
: null
|
||||
)
|
||||
value = one(google_compute_ha_vpn_gateway.ha_gateway[*].name)
|
||||
}
|
||||
|
||||
output "random_secret" {
|
||||
|
@ -56,11 +44,7 @@ output "random_secret" {
|
|||
|
||||
output "router" {
|
||||
description = "Router resource (only if auto-created)."
|
||||
value = (
|
||||
var.router_name == ""
|
||||
? google_compute_router.router[0]
|
||||
: null
|
||||
)
|
||||
value = one(google_compute_router.router[*])
|
||||
}
|
||||
|
||||
output "router_name" {
|
||||
|
|
|
@ -24,22 +24,19 @@ variable "network" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "peer_external_gateway" {
|
||||
description = "Configuration of an external VPN gateway to which this VPN is connected."
|
||||
variable "peer_gateway" {
|
||||
type = object({
|
||||
external = optional(object({
|
||||
redundancy_type = string
|
||||
interfaces = list(object({
|
||||
id = number
|
||||
ip_address = string
|
||||
interfaces = list(string)
|
||||
}))
|
||||
gcp = optional(string)
|
||||
})
|
||||
default = null
|
||||
nullable = false
|
||||
validation {
|
||||
condition = var.peer_gateway.external != null || var.peer_gateway.gcp != null
|
||||
error_message = "TODO"
|
||||
}
|
||||
|
||||
variable "peer_gcp_gateway" {
|
||||
description = "Self Link URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
|
@ -52,38 +49,18 @@ variable "region" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "route_priority" {
|
||||
description = "Route priority, defaults to 1000."
|
||||
type = number
|
||||
default = 1000
|
||||
}
|
||||
|
||||
variable "router_advertise_config" {
|
||||
description = "Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions."
|
||||
variable "router_config" {
|
||||
type = object({
|
||||
groups = list(string)
|
||||
create = optional(bool, true)
|
||||
asn = number
|
||||
name = optional(string)
|
||||
keepalive = optional(number)
|
||||
custom_advertise = optional(object({
|
||||
all_subnets = bool
|
||||
ip_ranges = map(string)
|
||||
mode = string
|
||||
}))
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "router_asn" {
|
||||
description = "Router ASN used for auto-created router."
|
||||
type = number
|
||||
default = 64514
|
||||
}
|
||||
|
||||
variable "router_create" {
|
||||
description = "Create router."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "router_name" {
|
||||
description = "Router name used for auto created router, or to specify an existing router to use if `router_create` is set to `true`. Leave blank to use VPN name for auto created router."
|
||||
type = string
|
||||
default = ""
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "tunnels" {
|
||||
|
@ -92,33 +69,29 @@ variable "tunnels" {
|
|||
bgp_peer = object({
|
||||
address = string
|
||||
asn = number
|
||||
})
|
||||
bgp_peer_options = object({
|
||||
advertise_groups = list(string)
|
||||
advertise_ip_ranges = map(string)
|
||||
advertise_mode = string
|
||||
route_priority = number
|
||||
route_priority = optional(number, 1000)
|
||||
custom_advertise = optional(object({
|
||||
all_subnets = bool
|
||||
all_vpc_subnets = bool
|
||||
all_peer_vpc_subnets = bool
|
||||
ip_ranges = map(string)
|
||||
}))
|
||||
})
|
||||
# each BGP session on the same Cloud Router must use a unique /30 CIDR
|
||||
# from the 169.254.0.0/16 block.
|
||||
bgp_session_range = string
|
||||
ike_version = number
|
||||
peer_external_gateway_interface = number
|
||||
router = string
|
||||
shared_secret = string
|
||||
ike_version = optional(number, 2)
|
||||
peer_external_gateway_interface = optional(number)
|
||||
router = optional(string)
|
||||
shared_secret = optional(string)
|
||||
vpn_gateway_interface = number
|
||||
}))
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "vpn_gateway" {
|
||||
description = "HA VPN Gateway Self Link for using an existing HA VPN Gateway, leave empty if `vpn_gateway_create` is set to `true`."
|
||||
description = "Self link of an existing HA VPN Gateway to use. Set to null to create new VPN Gateway."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpn_gateway_create" {
|
||||
description = "Create HA VPN Gateway."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
|
|
@ -68,14 +68,21 @@ variable "subnet" {
|
|||
variable "vpc" {
|
||||
default = {
|
||||
name = "vpc_name"
|
||||
self_link = "projects/xxx/global/networks/yyy"
|
||||
self_link = "projects/xxx/global/networks/aaa"
|
||||
}
|
||||
}
|
||||
|
||||
variable "vpc1" {
|
||||
default = {
|
||||
name = "vpc_name"
|
||||
self_link = "projects/xxx/global/networks/bbb"
|
||||
}
|
||||
}
|
||||
|
||||
variable "vpc2" {
|
||||
default = {
|
||||
name = "vpc2_name"
|
||||
self_link = "vpc2_self_link"
|
||||
self_link = "projects/xxx/global/networks/ccc"
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue