[net-address] enable ipv6 (#1821)
--------- Co-authored-by: Luca Prete <lucaprete@google.com>
This commit is contained in:
Luca Prete
GitHub
parent
a658a91db5
commit
7c6726e79b
|
|
@ -19,7 +19,9 @@ locals {
|
|||
}
|
||||
|
||||
module "addresses" {
|
||||
source = "../../../modules/net-address"
|
||||
project_id = module.project.project_id
|
||||
global_addresses = [local.ingress_ip_name]
|
||||
source = "../../../modules/net-address"
|
||||
project_id = module.project.project_id
|
||||
global_addresses = {
|
||||
"${local.ingress_ip_name}" = {}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,11 @@ locals {
|
|||
}
|
||||
|
||||
module "addresses" {
|
||||
source = "../../../modules/net-address"
|
||||
project_id = module.project.project_id
|
||||
global_addresses = ["grafana", "locust", "app"]
|
||||
source = "../../../modules/net-address"
|
||||
project_id = module.project.project_id
|
||||
global_addresses = {
|
||||
app = {}
|
||||
grafana = {}
|
||||
locust = {}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,10 +21,12 @@ locals {
|
|||
|
||||
# Reserved static IP for the Load Balancer
|
||||
module "addresses" {
|
||||
source = "../../../modules/net-address"
|
||||
count = local.glb_create ? 1 : 0
|
||||
project_id = var.project_id
|
||||
global_addresses = ["phpipam"]
|
||||
source = "../../../modules/net-address"
|
||||
count = local.glb_create ? 1 : 0
|
||||
project_id = var.project_id
|
||||
global_addresses = {
|
||||
phpipam = {}
|
||||
}
|
||||
}
|
||||
|
||||
# Global L7 HTTPS Load Balancer in front of Cloud Run
|
||||
|
|
|
|||
|
|
@ -14,7 +14,10 @@ module "addresses" {
|
|||
one = { region = "europe-west1" }
|
||||
two = { region = "europe-west2" }
|
||||
}
|
||||
global_addresses = ["app-1", "app-2"]
|
||||
global_addresses = {
|
||||
app-1 = {}
|
||||
app-2 = {}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4 inventory=external.yaml
|
||||
```
|
||||
|
|
@ -41,6 +44,40 @@ module "addresses" {
|
|||
# tftest modules=1 resources=2 inventory=internal.yaml
|
||||
```
|
||||
|
||||
### IPv6 addresses
|
||||
|
||||
You can reserve both external and internal IPv6 addresses.
|
||||
|
||||
```hcl
|
||||
module "addresses" {
|
||||
source = "./fabric/modules/net-address"
|
||||
project_id = var.project_id
|
||||
external_addresses = {
|
||||
nlb = {
|
||||
region = var.region
|
||||
subnetwork = var.subnet.self_link
|
||||
ipv6 = {
|
||||
endpoint_type = "NETLB"
|
||||
}
|
||||
}
|
||||
}
|
||||
internal_addresses = {
|
||||
ilb = {
|
||||
ipv6 = {}
|
||||
purpose = "SHARED_LOADBALANCER_VIP"
|
||||
region = var.region
|
||||
subnetwork = var.subnet.self_link
|
||||
}
|
||||
vm = {
|
||||
ipv6 = {}
|
||||
region = var.region
|
||||
subnetwork = var.subnet.self_link
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3 inventory=ipv6.yaml
|
||||
```
|
||||
|
||||
### PSA addresses
|
||||
|
||||
```hcl
|
||||
|
|
@ -106,13 +143,13 @@ module "addresses" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L68) | Project where the addresses will be created. | <code>string</code> | ✓ | |
|
||||
| [external_addresses](variables.tf#L17) | Map of external addresses, keyed by name. | <code title="map(object({ region = string description = optional(string, "Terraform managed.") labels = optional(map(string), {}) name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [global_addresses](variables.tf#L28) | List of global addresses to create. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [internal_addresses](variables.tf#L34) | Map of internal addresses to create, keyed by name. | <code title="map(object({ region = string subnetwork = string address = optional(string) description = optional(string, "Terraform managed.") labels = optional(map(string)) name = optional(string) purpose = optional(string) tier = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [ipsec_interconnect_addresses](variables.tf#L49) | Map of internal addresses used for HPA VPN over Cloud Interconnect. | <code title="map(object({ region = string address = string network = string description = optional(string, "Terraform managed.") name = optional(string) prefix_length = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [psa_addresses](variables.tf#L73) | Map of internal addresses used for Private Service Access. | <code title="map(object({ address = string network = string prefix_length = number description = optional(string, "Terraform managed.") name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [psc_addresses](variables.tf#L86) | Map of internal addresses used for Private Service Connect. | <code title="map(object({ address = string network = string description = optional(string, "Terraform managed.") name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [project_id](variables.tf#L83) | Project where the addresses will be created. | <code>string</code> | ✓ | |
|
||||
| [external_addresses](variables.tf#L17) | Map of external addresses, keyed by name. | <code title="map(object({ region = string description = optional(string, "Terraform managed.") ipv6 = optional(object({ endpoint_type = string })) labels = optional(map(string), {}) name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [global_addresses](variables.tf#L38) | List of global addresses to create. | <code title="map(object({ description = optional(string, "Terraform managed.") ipv6 = optional(map(string)) # To be left empty for ipv6 name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [internal_addresses](variables.tf#L48) | Map of internal addresses to create, keyed by name. | <code title="map(object({ region = string subnetwork = string address = optional(string) description = optional(string, "Terraform managed.") ipv6 = optional(map(string)) # To be left empty for ipv6 labels = optional(map(string)) name = optional(string) purpose = optional(string) tier = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [ipsec_interconnect_addresses](variables.tf#L64) | Map of internal addresses used for HPA VPN over Cloud Interconnect. | <code title="map(object({ region = string address = string network = string description = optional(string, "Terraform managed.") name = optional(string) prefix_length = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [psa_addresses](variables.tf#L88) | Map of internal addresses used for Private Service Access. | <code title="map(object({ address = string network = string prefix_length = number description = optional(string, "Terraform managed.") name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [psc_addresses](variables.tf#L101) | Map of internal addresses used for Private Service Connect. | <code title="map(object({ address = string network = string description = optional(string, "Terraform managed.") name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -15,20 +15,24 @@
|
|||
*/
|
||||
|
||||
resource "google_compute_global_address" "global" {
|
||||
for_each = toset(var.global_addresses)
|
||||
project = var.project_id
|
||||
name = each.value
|
||||
for_each = var.global_addresses
|
||||
project = var.project_id
|
||||
name = coalesce(each.value.name, each.key)
|
||||
description = each.value.description
|
||||
ip_version = each.value.ipv6 != null ? "IPV6" : "IPV4"
|
||||
}
|
||||
|
||||
resource "google_compute_address" "external" {
|
||||
provider = google-beta
|
||||
for_each = var.external_addresses
|
||||
project = var.project_id
|
||||
name = coalesce(each.value.name, each.key)
|
||||
description = each.value.description
|
||||
address_type = "EXTERNAL"
|
||||
region = each.value.region
|
||||
labels = each.value.labels
|
||||
provider = google-beta
|
||||
for_each = var.external_addresses
|
||||
project = var.project_id
|
||||
name = coalesce(each.value.name, each.key)
|
||||
description = each.value.description
|
||||
address_type = "EXTERNAL"
|
||||
ip_version = each.value.ipv6 != null ? "IPV6" : "IPV4"
|
||||
ipv6_endpoint_type = try(each.value.ipv6.endpoint_type, null)
|
||||
region = each.value.region
|
||||
labels = each.value.labels
|
||||
}
|
||||
|
||||
resource "google_compute_address" "internal" {
|
||||
|
|
@ -41,6 +45,7 @@ resource "google_compute_address" "internal" {
|
|||
region = each.value.region
|
||||
subnetwork = each.value.subnetwork
|
||||
address = each.value.address
|
||||
ip_version = each.value.ipv6 != null ? "IPV6" : "IPV4"
|
||||
network_tier = each.value.tier
|
||||
purpose = each.value.purpose
|
||||
labels = coalesce(each.value.labels, {})
|
||||
|
|
|
|||
|
|
@ -19,16 +19,30 @@ variable "external_addresses" {
|
|||
type = map(object({
|
||||
region = string
|
||||
description = optional(string, "Terraform managed.")
|
||||
labels = optional(map(string), {})
|
||||
name = optional(string)
|
||||
ipv6 = optional(object({
|
||||
endpoint_type = string
|
||||
}))
|
||||
labels = optional(map(string), {})
|
||||
name = optional(string)
|
||||
}))
|
||||
default = {}
|
||||
validation {
|
||||
condition = (
|
||||
try(var.external_addresses.ipv6, null) == null
|
||||
|| can(regex("^(NETLB|VM)$", try(var.external_addresses.ipv6.endpoint_type, null)))
|
||||
)
|
||||
error_message = "IPv6 endpoint type must be NETLB, VM."
|
||||
}
|
||||
}
|
||||
|
||||
variable "global_addresses" {
|
||||
description = "List of global addresses to create."
|
||||
type = list(string)
|
||||
default = []
|
||||
type = map(object({
|
||||
description = optional(string, "Terraform managed.")
|
||||
ipv6 = optional(map(string)) # To be left empty for ipv6
|
||||
name = optional(string)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "internal_addresses" {
|
||||
|
|
@ -38,6 +52,7 @@ variable "internal_addresses" {
|
|||
subnetwork = string
|
||||
address = optional(string)
|
||||
description = optional(string, "Terraform managed.")
|
||||
ipv6 = optional(map(string)) # To be left empty for ipv6
|
||||
labels = optional(map(string))
|
||||
name = optional(string)
|
||||
purpose = optional(string)
|
||||
|
|
|
|||
|
|
@ -129,9 +129,11 @@ Redirect is implemented via an additional HTTP load balancer with a custom URL m
|
|||
|
||||
```hcl
|
||||
module "addresses" {
|
||||
source = "./fabric/modules/net-address"
|
||||
project_id = "myprj"
|
||||
global_addresses = ["glb-test-0"]
|
||||
source = "./fabric/modules/net-address"
|
||||
project_id = "myprj"
|
||||
global_addresses = {
|
||||
"glb-test-0" = {}
|
||||
}
|
||||
}
|
||||
|
||||
module "glb-test-0-redirect" {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,44 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.addresses.google_compute_address.external["nlb"]:
|
||||
address_type: EXTERNAL
|
||||
ip_version: IPV6
|
||||
ipv6_endpoint_type: NETLB
|
||||
name: nlb
|
||||
project: project-id
|
||||
region: region
|
||||
module.addresses.google_compute_address.internal["ilb"]:
|
||||
address_type: INTERNAL
|
||||
ip_version: IPV6
|
||||
labels: null
|
||||
name: ilb
|
||||
network: null
|
||||
project: project-id
|
||||
purpose: SHARED_LOADBALANCER_VIP
|
||||
region: region
|
||||
subnetwork: subnet_self_link
|
||||
module.addresses.google_compute_address.internal["vm"]:
|
||||
address_type: INTERNAL
|
||||
ip_version: IPV6
|
||||
labels: null
|
||||
name: vm
|
||||
network: null
|
||||
project: project-id
|
||||
region: region
|
||||
subnetwork: subnet_self_link
|
||||
|
||||
counts:
|
||||
google_compute_address: 3
|
||||
Loading…
Reference in New Issue