Add default googleapi route creation to net-vpc
This commit is contained in:
Julio Castillo
parent
868507e932
commit
7a91a7e41c
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -51,17 +51,9 @@ module "landing-vpc" {
|
|||
inbound = true
|
||||
}
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
data_folder = "${var.factories_config.data_dir}/subnets/landing"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -53,17 +53,9 @@ module "dev-spoke-vpc" {
|
|||
data_folder = "${var.factories_config.data_dir}/subnets/dev"
|
||||
psa_config = try(var.psa_ranges.dev, null)
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -52,17 +52,9 @@ module "prod-spoke-vpc" {
|
|||
data_folder = "${var.factories_config.data_dir}/subnets/prod"
|
||||
psa_config = try(var.psa_ranges.prod, null)
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -51,17 +51,9 @@ module "landing-vpc" {
|
|||
inbound = true
|
||||
}
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
data_folder = "${var.factories_config.data_dir}/subnets/landing"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -53,17 +53,9 @@ module "dev-spoke-vpc" {
|
|||
data_folder = "${var.factories_config.data_dir}/subnets/dev"
|
||||
psa_config = try(var.psa_ranges.dev, null)
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -52,17 +52,9 @@ module "prod-spoke-vpc" {
|
|||
data_folder = "${var.factories_config.data_dir}/subnets/prod"
|
||||
psa_config = try(var.psa_ranges.prod, null)
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -116,17 +116,9 @@ module "landing-trusted-vpc" {
|
|||
inbound = true
|
||||
}
|
||||
# Set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -53,19 +53,11 @@ module "dev-spoke-vpc" {
|
|||
delete_default_routes_on_create = true
|
||||
psa_config = try(var.psa_ranges.dev, null)
|
||||
# Set explicit routes for googleapis; send everything else to NVAs
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
nva-primary-to-primary = {
|
||||
dest_range = "0.0.0.0/0"
|
||||
priority = 1000
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -52,19 +52,11 @@ module "prod-spoke-vpc" {
|
|||
delete_default_routes_on_create = true
|
||||
psa_config = try(var.psa_ranges.prod, null)
|
||||
# Set explicit routes for googleapis; send everything else to NVAs
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
nva-primary-to-primary = {
|
||||
dest_range = "0.0.0.0/0"
|
||||
priority = 1000
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -53,17 +53,9 @@ module "dev-spoke-vpc" {
|
|||
data_folder = "${var.factories_config.data_dir}/subnets/dev"
|
||||
psa_config = try(var.psa_ranges.dev, null)
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -52,17 +52,9 @@ module "prod-spoke-vpc" {
|
|||
data_folder = "${var.factories_config.data_dir}/subnets/prod"
|
||||
psa_config = try(var.psa_ranges.prod, null)
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -117,17 +117,9 @@ module "landing-trusted-vpc" {
|
|||
inbound = true
|
||||
}
|
||||
# Set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -53,19 +53,9 @@ module "dev-spoke-vpc" {
|
|||
delete_default_routes_on_create = true
|
||||
psa_config = try(var.psa_ranges.dev, null)
|
||||
# Set explicit routes for googleapis; send everything else to NVAs
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -52,19 +52,9 @@ module "prod-spoke-vpc" {
|
|||
delete_default_routes_on_create = true
|
||||
psa_config = try(var.psa_ranges.prod, null)
|
||||
# Set explicit routes for googleapis; send everything else to NVAs
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_default_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -457,27 +457,28 @@ module "vpc" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L72) | The name of the network being created. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L88) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L84) | The name of the network being created. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L100) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | |
|
||||
| [auto_create_subnetworks](variables.tf#L17) | Set to true to create an auto mode subnet, defaults to custom mode. | <code>bool</code> | | <code>false</code> |
|
||||
| [data_folder](variables.tf#L23) | An optional folder containing the subnet configurations in YaML format. | <code>string</code> | | <code>null</code> |
|
||||
| [delete_default_routes_on_create](variables.tf#L29) | Set to true to delete the default routes at creation time. | <code>bool</code> | | <code>false</code> |
|
||||
| [description](variables.tf#L35) | An optional description of this resource (triggers recreation on change). | <code>string</code> | | <code>"Terraform-managed."</code> |
|
||||
| [dns_policy](variables.tf#L41) | DNS policy setup for the VPC. | <code title="object({ inbound = optional(bool) logging = optional(bool) outbound = optional(object({ private_ns = list(string) public_ns = list(string) })) })">object({…})</code> | | <code>null</code> |
|
||||
| [firewall_policy_enforcement_order](variables.tf#L54) | Order that Firewall Rules and Firewall Policies are evaluated. Can be either 'BEFORE_CLASSIC_FIREWALL' or 'AFTER_CLASSIC_FIREWALL'. | <code>string</code> | | <code>"AFTER_CLASSIC_FIREWALL"</code> |
|
||||
| [mtu](variables.tf#L66) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | <code>number</code> | | <code>null</code> |
|
||||
| [peering_config](variables.tf#L77) | VPC peering configuration. | <code title="object({ peer_vpc_self_link = string create_remote_peer = optional(bool, true) export_routes = optional(bool) import_routes = optional(bool) })">object({…})</code> | | <code>null</code> |
|
||||
| [psa_config](variables.tf#L93) | The Private Service Access configuration for Service Networking. | <code title="object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) })">object({…})</code> | | <code>null</code> |
|
||||
| [routes](variables.tf#L103) | Network routes, keyed by name. | <code title="map(object({ dest_range = string next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb next_hop = string priority = optional(number) tags = optional(list(string)) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [routing_mode](variables.tf#L123) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>"GLOBAL"</code> |
|
||||
| [shared_vpc_host](variables.tf#L133) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
|
||||
| [shared_vpc_service_projects](variables.tf#L139) | Shared VPC service projects to register with this host. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [subnet_iam](variables.tf#L145) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [subnet_iam_additive](variables.tf#L151) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [subnets](variables.tf#L158) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) enable_private_access = optional(bool, true) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string) enable_private_access = optional(bool, true) })) secondary_ip_ranges = optional(map(string)) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_proxy_only](variables.tf#L183) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = bool }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_psc](variables.tf#L195) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [vpc_create](variables.tf#L206) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
||||
| [create_default_routes](variables.tf#L23) | Toggle creation of googleapis private/restricted routes. | <code title="object({ private = optional(bool, true) private6 = optional(bool, false) restricted = optional(bool, true) restricted6 = optional(bool, false) })">object({…})</code> | | <code>{}</code> |
|
||||
| [data_folder](variables.tf#L35) | An optional folder containing the subnet configurations in YaML format. | <code>string</code> | | <code>null</code> |
|
||||
| [delete_default_routes_on_create](variables.tf#L41) | Set to true to delete the default routes at creation time. | <code>bool</code> | | <code>false</code> |
|
||||
| [description](variables.tf#L47) | An optional description of this resource (triggers recreation on change). | <code>string</code> | | <code>"Terraform-managed."</code> |
|
||||
| [dns_policy](variables.tf#L53) | DNS policy setup for the VPC. | <code title="object({ inbound = optional(bool) logging = optional(bool) outbound = optional(object({ private_ns = list(string) public_ns = list(string) })) })">object({…})</code> | | <code>null</code> |
|
||||
| [firewall_policy_enforcement_order](variables.tf#L66) | Order that Firewall Rules and Firewall Policies are evaluated. Can be either 'BEFORE_CLASSIC_FIREWALL' or 'AFTER_CLASSIC_FIREWALL'. | <code>string</code> | | <code>"AFTER_CLASSIC_FIREWALL"</code> |
|
||||
| [mtu](variables.tf#L78) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | <code>number</code> | | <code>null</code> |
|
||||
| [peering_config](variables.tf#L89) | VPC peering configuration. | <code title="object({ peer_vpc_self_link = string create_remote_peer = optional(bool, true) export_routes = optional(bool) import_routes = optional(bool) })">object({…})</code> | | <code>null</code> |
|
||||
| [psa_config](variables.tf#L105) | The Private Service Access configuration for Service Networking. | <code title="object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) })">object({…})</code> | | <code>null</code> |
|
||||
| [routes](variables.tf#L115) | Network routes, keyed by name. | <code title="map(object({ dest_range = string next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb next_hop = string priority = optional(number) tags = optional(list(string)) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [routing_mode](variables.tf#L135) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>"GLOBAL"</code> |
|
||||
| [shared_vpc_host](variables.tf#L145) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
|
||||
| [shared_vpc_service_projects](variables.tf#L151) | Shared VPC service projects to register with this host. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [subnet_iam](variables.tf#L157) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [subnet_iam_additive](variables.tf#L163) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [subnets](variables.tf#L170) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) enable_private_access = optional(bool, true) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string) enable_private_access = optional(bool, true) })) secondary_ip_ranges = optional(map(string)) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_proxy_only](variables.tf#L195) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = bool }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_psc](variables.tf#L207) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [vpc_create](variables.tf#L218) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -88,3 +88,43 @@ resource "google_compute_route" "vpn_tunnel" {
|
|||
tags = each.value.tags
|
||||
next_hop_vpn_tunnel = each.value.next_hop
|
||||
}
|
||||
|
||||
resource "google_compute_route" "private" {
|
||||
count = var.create_default_routes.private ? 1 : 0
|
||||
project = var.project_id
|
||||
network = local.network.name
|
||||
name = "private-googleapis-default"
|
||||
description = "Terraform-managed."
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_gateway = "default-internet-gateway"
|
||||
}
|
||||
|
||||
resource "google_compute_route" "private6" {
|
||||
count = var.create_default_routes.private6 ? 1 : 0
|
||||
project = var.project_id
|
||||
network = local.network.name
|
||||
name = "private6-googleapis-default"
|
||||
description = "Terraform-managed."
|
||||
dest_range = "2600:2d00:0002:2000::/64"
|
||||
next_hop_gateway = "default-internet-gateway"
|
||||
}
|
||||
|
||||
resource "google_compute_route" "restricted" {
|
||||
count = var.create_default_routes.restricted ? 1 : 0
|
||||
project = var.project_id
|
||||
network = local.network.name
|
||||
name = "restricted-googleapis-default"
|
||||
description = "Terraform-managed."
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_gateway = "default-internet-gateway"
|
||||
}
|
||||
|
||||
resource "google_compute_route" "restricted6" {
|
||||
count = var.create_default_routes.restricted6 ? 1 : 0
|
||||
project = var.project_id
|
||||
network = local.network.name
|
||||
name = "restricted6-googleapis-default"
|
||||
description = "Terraform-managed."
|
||||
dest_range = "2600:2d00:0002:1000::/64"
|
||||
next_hop_gateway = "default-internet-gateway"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -20,6 +20,18 @@ variable "auto_create_subnetworks" {
|
|||
default = false
|
||||
}
|
||||
|
||||
variable "create_default_routes" {
|
||||
description = "Toggle creation of googleapis private/restricted routes."
|
||||
type = object({
|
||||
private = optional(bool, true)
|
||||
private6 = optional(bool, false)
|
||||
restricted = optional(bool, true)
|
||||
restricted6 = optional(bool, false)
|
||||
})
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "data_folder" {
|
||||
description = "An optional folder containing the subnet configurations in YaML format."
|
||||
type = string
|
||||
|
|
|
|||
Loading…
Reference in New Issue