Simplify new CF from onprem via PSC example (#280)
* add support for PSC addresses to net-address module * simplify PSC CF example * update diagram
This commit is contained in:
parent
6a7e907b65
commit
813ea55d0d
|
@ -47,6 +47,26 @@ module "addresses" {
|
|||
# tftest:modules=1:resources=2
|
||||
```
|
||||
|
||||
### PSC addresses
|
||||
|
||||
```hcl
|
||||
module "addresses" {
|
||||
source = "./modules/net-address"
|
||||
project_id = var.project_id
|
||||
psc_addresses = {
|
||||
one = {
|
||||
address = null
|
||||
network = var.vpc.self_link
|
||||
}
|
||||
two = {
|
||||
address = "10.0.0.32"
|
||||
network = var.vpc.self_link
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest:modules=1:resources=2
|
||||
```
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
|
@ -57,6 +77,7 @@ module "addresses" {
|
|||
| *global_addresses* | List of global addresses to create. | <code title="list(string)">list(string)</code> | | <code title="">[]</code> |
|
||||
| *internal_addresses* | Map of internal addresses to create, keyed by name. | <code title="map(object({ region = string subnetwork = string }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *internal_addresses_config* | Optional configuration for internal addresses, keyed by name. Unused options can be set to null. | <code title="map(object({ address = string purpose = string tier = string }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
| *psc_addresses* | Map of internal addresses used for Private Service Connect. | <code title="map(object({ address = string network = string }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
@ -65,4 +86,5 @@ module "addresses" {
|
|||
| external_addresses | None | |
|
||||
| global_addresses | None | |
|
||||
| internal_addresses | None | |
|
||||
| psc_addresses | None | |
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
@ -44,3 +44,15 @@ resource "google_compute_address" "internal" {
|
|||
purpose = try(var.internal_addresses_config[each.key].purpose, null)
|
||||
# labels = lookup(var.internal_address_labels, each.key, {})
|
||||
}
|
||||
|
||||
resource "google_compute_global_address" "psc" {
|
||||
for_each = var.psc_addresses
|
||||
project = var.project_id
|
||||
name = each.key
|
||||
description = "Terraform managed."
|
||||
address_type = "INTERNAL"
|
||||
network = each.value.network
|
||||
address = try(each.value.address, null)
|
||||
purpose = "PRIVATE_SERVICE_CONNECT"
|
||||
# labels = lookup(var.internal_address_labels, each.key, {})
|
||||
}
|
||||
|
|
|
@ -20,7 +20,6 @@ output "external_addresses" {
|
|||
address.name => {
|
||||
address = address.address
|
||||
self_link = address.self_link
|
||||
users = address.users
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -41,7 +40,16 @@ output "internal_addresses" {
|
|||
address.name => {
|
||||
address = address.address
|
||||
self_link = address.self_link
|
||||
users = address.users
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
output "psc_addresses" {
|
||||
value = {
|
||||
for address in google_compute_global_address.psc :
|
||||
address.name => {
|
||||
address = address.address
|
||||
self_link = address.self_link
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -61,3 +61,12 @@ variable "project_id" {
|
|||
description = "Project where the addresses will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "psc_addresses" {
|
||||
description = "Map of internal addresses used for Private Service Connect."
|
||||
type = map(object({
|
||||
address = string
|
||||
network = string
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
|
|
@ -19,16 +19,12 @@ curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/YOUR_FUNCTION_NAME
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---: |:---:|:---:|
|
||||
| billing_account_id | Billing account id used as default for new projects. | <code title="">string</code> | ✓ | |
|
||||
| cloud_function_gcs_bucket | Google Storage Bucket used as staging location for the Cloud Function source code. | <code title="">string</code> | ✓ | |
|
||||
| projects_id | ID of the projects used in this solution. | <code title="object({ onprem = string function = string })">object({...})</code> | ✓ | |
|
||||
| root_node | Root folder or organization under which the projects will be created. | <code title="">string</code> | ✓ | |
|
||||
| *create_projects* | Whether need to create the projects. | <code title="">bool</code> | | <code title="">true</code> |
|
||||
| project_id | Project id. | <code title="">string</code> | ✓ | |
|
||||
| *ip_ranges* | IP ranges used for the VPCs. | <code title="object({ onprem = string hub = string })">object({...})</code> | | <code title="{ onprem = "10.0.1.0/24", hub = "10.0.2.0/24" }">...</code> |
|
||||
| *prefix* | Prefix used for resources that need unique names. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *psc_endpoint* | IP used for the Private Service Connect endpoint, it must not overlap with the hub_ip_range. | <code title="">string</code> | | <code title="">10.100.100.100</code> |
|
||||
| *name* | Name used for new resources. | <code title="">string</code> | | <code title="">psc-onprem</code> |
|
||||
| *project_create* | If non null, creates project instead of using an existing one. | <code title="object({ billing_account_id = string parent = string })">object({...})</code> | | <code title="">null</code> |
|
||||
| *psc_endpoint* | IP used for the Private Service Connect endpoint, it must not overlap with the hub_ip_range. | <code title="">string</code> | | <code title="">172.16.32.1</code> |
|
||||
| *region* | Region where the resources will be created. | <code title="">string</code> | | <code title="">europe-west1</code> |
|
||||
| *zone* | Zone where the test VM will be created. | <code title="">string</code> | | <code title="">europe-west1-b</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 48 KiB After Width: | Height: | Size: 63 KiB |
|
@ -14,57 +14,40 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
###############################################################################
|
||||
# locals #
|
||||
###############################################################################
|
||||
locals {
|
||||
prefix = var.prefix != null ? "${var.prefix}-" : ""
|
||||
psc_name = replace(var.name, "-", "")
|
||||
}
|
||||
|
||||
###############################################################################
|
||||
# projects #
|
||||
###############################################################################
|
||||
|
||||
module "project-onprem" {
|
||||
module "project" {
|
||||
source = "../../modules/project"
|
||||
billing_account = var.billing_account_id
|
||||
name = var.projects_id.onprem
|
||||
parent = var.root_node
|
||||
project_create = var.create_projects
|
||||
prefix = var.prefix
|
||||
name = var.project_id
|
||||
project_create = var.project_create == null ? false : true
|
||||
billing_account = try(var.project_create.billing_account_id, null)
|
||||
parent = try(var.project_create.parent, null)
|
||||
service_config = {
|
||||
disable_dependent_services = false
|
||||
disable_on_destroy = false
|
||||
}
|
||||
services = [
|
||||
"cloudfunctions.googleapis.com",
|
||||
"cloudbuild.googleapis.com",
|
||||
"compute.googleapis.com",
|
||||
"dns.googleapis.com"
|
||||
]
|
||||
}
|
||||
|
||||
|
||||
module "project-hub" {
|
||||
source = "../../modules/project"
|
||||
billing_account = var.billing_account_id
|
||||
name = var.projects_id.function
|
||||
parent = var.root_node
|
||||
project_create = var.create_projects
|
||||
prefix = var.prefix
|
||||
services = [
|
||||
"compute.googleapis.com",
|
||||
"cloudfunctions.googleapis.com",
|
||||
"cloudbuild.googleapis.com"
|
||||
]
|
||||
}
|
||||
|
||||
###############################################################################
|
||||
# VPCs #
|
||||
###############################################################################
|
||||
|
||||
module "vpc-onprem" {
|
||||
source = "../../modules/net-vpc"
|
||||
project_id = module.project-onprem.project_id
|
||||
name = "${local.prefix}onprem"
|
||||
project_id = module.project.project_id
|
||||
name = "${var.name}-onprem"
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.onprem
|
||||
name = "${local.prefix}onprem"
|
||||
name = "${var.name}-onprem"
|
||||
region = var.region
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
|
@ -73,21 +56,18 @@ module "vpc-onprem" {
|
|||
|
||||
module "firewall-onprem" {
|
||||
source = "../../modules/net-vpc-firewall"
|
||||
project_id = module.project-onprem.project_id
|
||||
project_id = module.project.project_id
|
||||
network = module.vpc-onprem.name
|
||||
admin_ranges_enabled = true
|
||||
admin_ranges = []
|
||||
custom_rules = {}
|
||||
}
|
||||
|
||||
module "vpc-hub" {
|
||||
source = "../../modules/net-vpc"
|
||||
project_id = module.project-hub.project_id
|
||||
name = "${local.prefix}hub"
|
||||
project_id = module.project.project_id
|
||||
name = "${var.name}-hub"
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.ip_ranges.hub
|
||||
name = "${local.prefix}hub"
|
||||
name = "${var.name}-hub"
|
||||
region = var.region
|
||||
secondary_ip_range = {}
|
||||
}
|
||||
|
@ -100,10 +80,10 @@ module "vpc-hub" {
|
|||
|
||||
module "vpn-onprem" {
|
||||
source = "../../modules/net-vpn-ha"
|
||||
project_id = module.project-onprem.project_id
|
||||
project_id = module.project.project_id
|
||||
region = var.region
|
||||
network = module.vpc-onprem.self_link
|
||||
name = "${local.prefix}onprem-to-hub"
|
||||
name = "${var.name}-onprem-to-hub"
|
||||
router_asn = 65001
|
||||
router_advertise_config = {
|
||||
groups = ["ALL_SUBNETS"]
|
||||
|
@ -144,10 +124,10 @@ module "vpn-onprem" {
|
|||
|
||||
module "vpn-hub" {
|
||||
source = "../../modules/net-vpn-ha"
|
||||
project_id = module.project-hub.project_id
|
||||
project_id = module.project.project_id
|
||||
region = var.region
|
||||
network = module.vpc-hub.name
|
||||
name = "${local.prefix}hub-to-onprem"
|
||||
name = "${var.name}-hub-to-onprem"
|
||||
router_asn = 65002
|
||||
peer_gcp_gateway = module.vpn-onprem.self_link
|
||||
router_advertise_config = {
|
||||
|
@ -193,34 +173,23 @@ module "vpn-hub" {
|
|||
|
||||
module "test-vm" {
|
||||
source = "../../modules/compute-vm"
|
||||
project_id = module.project-onprem.project_id
|
||||
project_id = module.project.project_id
|
||||
region = var.region
|
||||
zones = ["${var.zone}"]
|
||||
name = "${local.prefix}test-vm"
|
||||
name = "${var.name}-test"
|
||||
instance_type = "e2-micro"
|
||||
instance_count = 1
|
||||
boot_disk = { image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2104", type = "pd-standard", size = 10 }
|
||||
can_ip_forward = true
|
||||
network_interfaces = [
|
||||
{
|
||||
network = module.vpc-onprem.self_link,
|
||||
subnetwork = module.vpc-onprem.subnet_self_links["${var.region}/${local.prefix}onprem"],
|
||||
nat = false,
|
||||
addresses = {
|
||||
internal = []
|
||||
external = []
|
||||
},
|
||||
boot_disk = {
|
||||
image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2104"
|
||||
type = "pd-balanced"
|
||||
size = 10
|
||||
}
|
||||
network_interfaces = [{
|
||||
addresses = null
|
||||
alias_ips = null
|
||||
}
|
||||
]
|
||||
options = {
|
||||
allow_stopping_for_update = true
|
||||
deletion_protection = false
|
||||
preemptible = false
|
||||
}
|
||||
metadata = {}
|
||||
service_account = null
|
||||
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
|
||||
nat = false
|
||||
network = module.vpc-onprem.self_link
|
||||
subnetwork = module.vpc-onprem.subnet_self_links["${var.region}/${var.name}-onprem"]
|
||||
}]
|
||||
single_name = true
|
||||
tags = ["ssh"]
|
||||
}
|
||||
|
||||
|
@ -230,9 +199,9 @@ module "test-vm" {
|
|||
|
||||
module "function-hello" {
|
||||
source = "../../modules/cloud-function"
|
||||
project_id = module.project-hub.project_id
|
||||
name = "${local.prefix}my-hello-function"
|
||||
bucket_name = var.cloud_function_gcs_bucket
|
||||
project_id = module.project.project_id
|
||||
name = var.name
|
||||
bucket_name = "${var.name}-tf-cf-deploy"
|
||||
ingress_settings = "ALLOW_INTERNAL_ONLY"
|
||||
bundle_config = {
|
||||
source_dir = "${path.module}/assets"
|
||||
|
@ -253,16 +222,16 @@ module "function-hello" {
|
|||
|
||||
module "private-dns-onprem" {
|
||||
source = "../../modules/dns"
|
||||
project_id = module.project-onprem.project_id
|
||||
project_id = module.project.project_id
|
||||
type = "private"
|
||||
name = "${local.prefix}private-cloud-function"
|
||||
domain = "${var.region}-${local.prefix}${var.projects_id.function}.cloudfunctions.net."
|
||||
name = var.name
|
||||
domain = "${var.region}-${module.project.project_id}.cloudfunctions.net."
|
||||
client_networks = [module.vpc-onprem.self_link]
|
||||
recordsets = [{
|
||||
name = "",
|
||||
type = "A",
|
||||
ttl = 300,
|
||||
records = [var.psc_endpoint]
|
||||
records = [module.addresses.psc_addresses[local.psc_name].address]
|
||||
}]
|
||||
}
|
||||
|
||||
|
@ -270,22 +239,23 @@ module "private-dns-onprem" {
|
|||
# PSCs #
|
||||
###############################################################################
|
||||
|
||||
resource "google_compute_global_address" "psc-address" {
|
||||
provider = google
|
||||
project = module.project-hub.project_id
|
||||
name = "pscaddress"
|
||||
purpose = "PRIVATE_SERVICE_CONNECT"
|
||||
address_type = "INTERNAL"
|
||||
module "addresses" {
|
||||
source = "../../modules/net-address"
|
||||
project_id = module.project.project_id
|
||||
psc_addresses = {
|
||||
(local.psc_name) = {
|
||||
address = var.psc_endpoint
|
||||
network = module.vpc-hub.self_link
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_global_forwarding_rule" "psc-endpoint" {
|
||||
provider = google-beta
|
||||
project = module.project-hub.project_id
|
||||
name = "pscendpoint"
|
||||
project = module.project.project_id
|
||||
name = local.psc_name
|
||||
network = module.vpc-hub.self_link
|
||||
ip_address = google_compute_global_address.psc-address.id
|
||||
ip_address = module.addresses.psc_addresses[local.psc_name].self_link
|
||||
target = "vpc-sc"
|
||||
load_balancing_scheme = ""
|
||||
}
|
||||
|
|
|
@ -14,53 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "region" {
|
||||
description = "Region where the resources will be created."
|
||||
type = string
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
||||
variable "zone" {
|
||||
description = "Zone where the test VM will be created."
|
||||
type = string
|
||||
default = "europe-west1-b"
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix used for resources that need unique names."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "billing_account_id" {
|
||||
description = "Billing account id used as default for new projects."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "projects_id" {
|
||||
description = "ID of the projects used in this solution."
|
||||
type = object({
|
||||
onprem = string
|
||||
function = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "create_projects" {
|
||||
description = "Whether need to create the projects."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "root_node" {
|
||||
description = "Root folder or organization under which the projects will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "cloud_function_gcs_bucket" {
|
||||
description = "Google Storage Bucket used as staging location for the Cloud Function source code."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ip_ranges" {
|
||||
description = "IP ranges used for the VPCs."
|
||||
type = object({
|
||||
|
@ -73,8 +26,34 @@ variable "ip_ranges" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "Name used for new resources."
|
||||
type = string
|
||||
default = "psc-onprem"
|
||||
}
|
||||
|
||||
variable "project_create" {
|
||||
description = "If non null, creates project instead of using an existing one."
|
||||
type = object({
|
||||
billing_account_id = string
|
||||
parent = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project id."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "psc_endpoint" {
|
||||
description = "IP used for the Private Service Connect endpoint, it must not overlap with the hub_ip_range."
|
||||
type = string
|
||||
default = "10.100.100.100"
|
||||
default = "172.16.32.1"
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region where the resources will be created."
|
||||
type = string
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
|
|
@ -16,8 +16,9 @@
|
|||
|
||||
module "test" {
|
||||
source = "../../../../networking/private-cloud-function-from-onprem"
|
||||
billing_account_id = var.billing_account_id
|
||||
projects_id = var.projects_id
|
||||
root_node = var.root_node
|
||||
cloud_function_gcs_bucket = var.cloud_function_gcs_bucket
|
||||
project_create = {
|
||||
billing_account_id = "123456-ABCDEF-123456"
|
||||
parent = "folders/1234567890"
|
||||
}
|
||||
project_id = "test-project"
|
||||
}
|
||||
|
|
|
@ -1,39 +0,0 @@
|
|||
# Copyright 2021 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
variable "billing_account_id" {
|
||||
type = string
|
||||
default = "ABCDE-12345-ABCDE"
|
||||
}
|
||||
|
||||
variable "projects_id" {
|
||||
type = object({
|
||||
onprem = string
|
||||
function = string
|
||||
})
|
||||
default = {
|
||||
onprem = "onprem-project-id"
|
||||
function = "function-project-id"
|
||||
}
|
||||
}
|
||||
|
||||
variable "root_node" {
|
||||
type = string
|
||||
default = "organizations/0123456789"
|
||||
}
|
||||
|
||||
variable cloud_function_gcs_bucket {
|
||||
type = string
|
||||
default = "stanging-gcs-bucket"
|
||||
}
|
|
@ -24,4 +24,4 @@ def test_resources(e2e_plan_runner):
|
|||
"Test that plan works and the numbers of resources is as expected."
|
||||
modules, resources = e2e_plan_runner(FIXTURES_DIR)
|
||||
assert len(modules) == 10
|
||||
assert len(resources) == 40
|
||||
assert len(resources) == 38
|
||||
|
|
Loading…
Reference in New Issue