[net-address] enable ipv6 (#1821)
--------- Co-authored-by: Luca Prete <lucaprete@google.com>
This commit is contained in:
parent
a658a91db5
commit
7c6726e79b
|
@ -19,7 +19,9 @@ locals {
|
||||||
}
|
}
|
||||||
|
|
||||||
module "addresses" {
|
module "addresses" {
|
||||||
source = "../../../modules/net-address"
|
source = "../../../modules/net-address"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
global_addresses = [local.ingress_ip_name]
|
global_addresses = {
|
||||||
|
"${local.ingress_ip_name}" = {}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,7 +19,11 @@ locals {
|
||||||
}
|
}
|
||||||
|
|
||||||
module "addresses" {
|
module "addresses" {
|
||||||
source = "../../../modules/net-address"
|
source = "../../../modules/net-address"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
global_addresses = ["grafana", "locust", "app"]
|
global_addresses = {
|
||||||
|
app = {}
|
||||||
|
grafana = {}
|
||||||
|
locust = {}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,10 +21,12 @@ locals {
|
||||||
|
|
||||||
# Reserved static IP for the Load Balancer
|
# Reserved static IP for the Load Balancer
|
||||||
module "addresses" {
|
module "addresses" {
|
||||||
source = "../../../modules/net-address"
|
source = "../../../modules/net-address"
|
||||||
count = local.glb_create ? 1 : 0
|
count = local.glb_create ? 1 : 0
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
global_addresses = ["phpipam"]
|
global_addresses = {
|
||||||
|
phpipam = {}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Global L7 HTTPS Load Balancer in front of Cloud Run
|
# Global L7 HTTPS Load Balancer in front of Cloud Run
|
||||||
|
|
|
@ -14,7 +14,10 @@ module "addresses" {
|
||||||
one = { region = "europe-west1" }
|
one = { region = "europe-west1" }
|
||||||
two = { region = "europe-west2" }
|
two = { region = "europe-west2" }
|
||||||
}
|
}
|
||||||
global_addresses = ["app-1", "app-2"]
|
global_addresses = {
|
||||||
|
app-1 = {}
|
||||||
|
app-2 = {}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=4 inventory=external.yaml
|
# tftest modules=1 resources=4 inventory=external.yaml
|
||||||
```
|
```
|
||||||
|
@ -41,6 +44,40 @@ module "addresses" {
|
||||||
# tftest modules=1 resources=2 inventory=internal.yaml
|
# tftest modules=1 resources=2 inventory=internal.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### IPv6 addresses
|
||||||
|
|
||||||
|
You can reserve both external and internal IPv6 addresses.
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "addresses" {
|
||||||
|
source = "./fabric/modules/net-address"
|
||||||
|
project_id = var.project_id
|
||||||
|
external_addresses = {
|
||||||
|
nlb = {
|
||||||
|
region = var.region
|
||||||
|
subnetwork = var.subnet.self_link
|
||||||
|
ipv6 = {
|
||||||
|
endpoint_type = "NETLB"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
internal_addresses = {
|
||||||
|
ilb = {
|
||||||
|
ipv6 = {}
|
||||||
|
purpose = "SHARED_LOADBALANCER_VIP"
|
||||||
|
region = var.region
|
||||||
|
subnetwork = var.subnet.self_link
|
||||||
|
}
|
||||||
|
vm = {
|
||||||
|
ipv6 = {}
|
||||||
|
region = var.region
|
||||||
|
subnetwork = var.subnet.self_link
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# tftest modules=1 resources=3 inventory=ipv6.yaml
|
||||||
|
```
|
||||||
|
|
||||||
### PSA addresses
|
### PSA addresses
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
|
@ -106,13 +143,13 @@ module "addresses" {
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [project_id](variables.tf#L68) | Project where the addresses will be created. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L83) | Project where the addresses will be created. | <code>string</code> | ✓ | |
|
||||||
| [external_addresses](variables.tf#L17) | Map of external addresses, keyed by name. | <code title="map(object({ region = string description = optional(string, "Terraform managed.") labels = optional(map(string), {}) name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [external_addresses](variables.tf#L17) | Map of external addresses, keyed by name. | <code title="map(object({ region = string description = optional(string, "Terraform managed.") ipv6 = optional(object({ endpoint_type = string })) labels = optional(map(string), {}) name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [global_addresses](variables.tf#L28) | List of global addresses to create. | <code>list(string)</code> | | <code>[]</code> |
|
| [global_addresses](variables.tf#L38) | List of global addresses to create. | <code title="map(object({ description = optional(string, "Terraform managed.") ipv6 = optional(map(string)) # To be left empty for ipv6 name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [internal_addresses](variables.tf#L34) | Map of internal addresses to create, keyed by name. | <code title="map(object({ region = string subnetwork = string address = optional(string) description = optional(string, "Terraform managed.") labels = optional(map(string)) name = optional(string) purpose = optional(string) tier = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [internal_addresses](variables.tf#L48) | Map of internal addresses to create, keyed by name. | <code title="map(object({ region = string subnetwork = string address = optional(string) description = optional(string, "Terraform managed.") ipv6 = optional(map(string)) # To be left empty for ipv6 labels = optional(map(string)) name = optional(string) purpose = optional(string) tier = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [ipsec_interconnect_addresses](variables.tf#L49) | Map of internal addresses used for HPA VPN over Cloud Interconnect. | <code title="map(object({ region = string address = string network = string description = optional(string, "Terraform managed.") name = optional(string) prefix_length = number }))">map(object({…}))</code> | | <code>{}</code> |
|
| [ipsec_interconnect_addresses](variables.tf#L64) | Map of internal addresses used for HPA VPN over Cloud Interconnect. | <code title="map(object({ region = string address = string network = string description = optional(string, "Terraform managed.") name = optional(string) prefix_length = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [psa_addresses](variables.tf#L73) | Map of internal addresses used for Private Service Access. | <code title="map(object({ address = string network = string prefix_length = number description = optional(string, "Terraform managed.") name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [psa_addresses](variables.tf#L88) | Map of internal addresses used for Private Service Access. | <code title="map(object({ address = string network = string prefix_length = number description = optional(string, "Terraform managed.") name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [psc_addresses](variables.tf#L86) | Map of internal addresses used for Private Service Connect. | <code title="map(object({ address = string network = string description = optional(string, "Terraform managed.") name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [psc_addresses](variables.tf#L101) | Map of internal addresses used for Private Service Connect. | <code title="map(object({ address = string network = string description = optional(string, "Terraform managed.") name = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
@ -15,20 +15,24 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
resource "google_compute_global_address" "global" {
|
resource "google_compute_global_address" "global" {
|
||||||
for_each = toset(var.global_addresses)
|
for_each = var.global_addresses
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
name = each.value
|
name = coalesce(each.value.name, each.key)
|
||||||
|
description = each.value.description
|
||||||
|
ip_version = each.value.ipv6 != null ? "IPV6" : "IPV4"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_address" "external" {
|
resource "google_compute_address" "external" {
|
||||||
provider = google-beta
|
provider = google-beta
|
||||||
for_each = var.external_addresses
|
for_each = var.external_addresses
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
name = coalesce(each.value.name, each.key)
|
name = coalesce(each.value.name, each.key)
|
||||||
description = each.value.description
|
description = each.value.description
|
||||||
address_type = "EXTERNAL"
|
address_type = "EXTERNAL"
|
||||||
region = each.value.region
|
ip_version = each.value.ipv6 != null ? "IPV6" : "IPV4"
|
||||||
labels = each.value.labels
|
ipv6_endpoint_type = try(each.value.ipv6.endpoint_type, null)
|
||||||
|
region = each.value.region
|
||||||
|
labels = each.value.labels
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_address" "internal" {
|
resource "google_compute_address" "internal" {
|
||||||
|
@ -41,6 +45,7 @@ resource "google_compute_address" "internal" {
|
||||||
region = each.value.region
|
region = each.value.region
|
||||||
subnetwork = each.value.subnetwork
|
subnetwork = each.value.subnetwork
|
||||||
address = each.value.address
|
address = each.value.address
|
||||||
|
ip_version = each.value.ipv6 != null ? "IPV6" : "IPV4"
|
||||||
network_tier = each.value.tier
|
network_tier = each.value.tier
|
||||||
purpose = each.value.purpose
|
purpose = each.value.purpose
|
||||||
labels = coalesce(each.value.labels, {})
|
labels = coalesce(each.value.labels, {})
|
||||||
|
|
|
@ -19,16 +19,30 @@ variable "external_addresses" {
|
||||||
type = map(object({
|
type = map(object({
|
||||||
region = string
|
region = string
|
||||||
description = optional(string, "Terraform managed.")
|
description = optional(string, "Terraform managed.")
|
||||||
labels = optional(map(string), {})
|
ipv6 = optional(object({
|
||||||
name = optional(string)
|
endpoint_type = string
|
||||||
|
}))
|
||||||
|
labels = optional(map(string), {})
|
||||||
|
name = optional(string)
|
||||||
}))
|
}))
|
||||||
default = {}
|
default = {}
|
||||||
|
validation {
|
||||||
|
condition = (
|
||||||
|
try(var.external_addresses.ipv6, null) == null
|
||||||
|
|| can(regex("^(NETLB|VM)$", try(var.external_addresses.ipv6.endpoint_type, null)))
|
||||||
|
)
|
||||||
|
error_message = "IPv6 endpoint type must be NETLB, VM."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "global_addresses" {
|
variable "global_addresses" {
|
||||||
description = "List of global addresses to create."
|
description = "List of global addresses to create."
|
||||||
type = list(string)
|
type = map(object({
|
||||||
default = []
|
description = optional(string, "Terraform managed.")
|
||||||
|
ipv6 = optional(map(string)) # To be left empty for ipv6
|
||||||
|
name = optional(string)
|
||||||
|
}))
|
||||||
|
default = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "internal_addresses" {
|
variable "internal_addresses" {
|
||||||
|
@ -38,6 +52,7 @@ variable "internal_addresses" {
|
||||||
subnetwork = string
|
subnetwork = string
|
||||||
address = optional(string)
|
address = optional(string)
|
||||||
description = optional(string, "Terraform managed.")
|
description = optional(string, "Terraform managed.")
|
||||||
|
ipv6 = optional(map(string)) # To be left empty for ipv6
|
||||||
labels = optional(map(string))
|
labels = optional(map(string))
|
||||||
name = optional(string)
|
name = optional(string)
|
||||||
purpose = optional(string)
|
purpose = optional(string)
|
||||||
|
|
|
@ -129,9 +129,11 @@ Redirect is implemented via an additional HTTP load balancer with a custom URL m
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "addresses" {
|
module "addresses" {
|
||||||
source = "./fabric/modules/net-address"
|
source = "./fabric/modules/net-address"
|
||||||
project_id = "myprj"
|
project_id = "myprj"
|
||||||
global_addresses = ["glb-test-0"]
|
global_addresses = {
|
||||||
|
"glb-test-0" = {}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
module "glb-test-0-redirect" {
|
module "glb-test-0-redirect" {
|
||||||
|
|
|
@ -0,0 +1,44 @@
|
||||||
|
# Copyright 2023 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
values:
|
||||||
|
module.addresses.google_compute_address.external["nlb"]:
|
||||||
|
address_type: EXTERNAL
|
||||||
|
ip_version: IPV6
|
||||||
|
ipv6_endpoint_type: NETLB
|
||||||
|
name: nlb
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
module.addresses.google_compute_address.internal["ilb"]:
|
||||||
|
address_type: INTERNAL
|
||||||
|
ip_version: IPV6
|
||||||
|
labels: null
|
||||||
|
name: ilb
|
||||||
|
network: null
|
||||||
|
project: project-id
|
||||||
|
purpose: SHARED_LOADBALANCER_VIP
|
||||||
|
region: region
|
||||||
|
subnetwork: subnet_self_link
|
||||||
|
module.addresses.google_compute_address.internal["vm"]:
|
||||||
|
address_type: INTERNAL
|
||||||
|
ip_version: IPV6
|
||||||
|
labels: null
|
||||||
|
name: vm
|
||||||
|
network: null
|
||||||
|
project: project-id
|
||||||
|
region: region
|
||||||
|
subnetwork: subnet_self_link
|
||||||
|
|
||||||
|
counts:
|
||||||
|
google_compute_address: 3
|
Loading…
Reference in New Issue