Sort variables and outputs
This commit is contained in:
Julio Castillo
parent
2e700db8a7
commit
826ff14ef9
|
|
@ -52,20 +52,20 @@ Once done testing, you can clean up resources by running `terraform destroy`.
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [ad_dns_domain_name](variables.tf#L44) | AD DNS domain name. | <code>string</code> | ✓ | |
|
||||
| [adfs_dns_domain_name](variables.tf#L49) | ADFS DNS domain name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L24) | Host project ID. | <code>string</code> | ✓ | |
|
||||
| [ad_ip_cidr_block](variables.tf#L90) | Managed AD IP CIDR block. | <code>string</code> | | <code>"10.0.0.0/24"</code> |
|
||||
| [disk_size](variables.tf#L54) | Disk size. | <code>number</code> | | <code>50</code> |
|
||||
| [disk_type](variables.tf#L60) | Disk type. | <code>string</code> | | <code>"pd-ssd"</code> |
|
||||
| [image](variables.tf#L66) | Image. | <code>string</code> | | <code>"projects/windows-cloud/global/images/family/windows-2022"</code> |
|
||||
| [instance_type](variables.tf#L72) | Instance type. | <code>string</code> | | <code>"n1-standard-2"</code> |
|
||||
| [network_config](variables.tf#L35) | Network configuration | <code title="object({ network = string subnet = string })">object({…})</code> | | <code>null</code> |
|
||||
| [prefix](variables.tf#L29) | Prefix for the resources created. | <code>string</code> | | <code>null</code> |
|
||||
| [project_create](variables.tf#L15) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L78) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [subnet_ip_cidr_block](variables.tf#L96) | Subnet IP CIDR block. | <code>string</code> | | <code>"10.0.1.0/28"</code> |
|
||||
| [zone](variables.tf#L84) | Zone. | <code>string</code> | | <code>"europe-west1-c"</code> |
|
||||
| [ad_dns_domain_name](variables.tf#L15) | AD DNS domain name. | <code>string</code> | ✓ | |
|
||||
| [adfs_dns_domain_name](variables.tf#L26) | ADFS DNS domain name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L79) | Host project ID. | <code>string</code> | ✓ | |
|
||||
| [ad_ip_cidr_block](variables.tf#L20) | Managed AD IP CIDR block. | <code>string</code> | | <code>"10.0.0.0/24"</code> |
|
||||
| [disk_size](variables.tf#L31) | Disk size. | <code>number</code> | | <code>50</code> |
|
||||
| [disk_type](variables.tf#L37) | Disk type. | <code>string</code> | | <code>"pd-ssd"</code> |
|
||||
| [image](variables.tf#L43) | Image. | <code>string</code> | | <code>"projects/windows-cloud/global/images/family/windows-2022"</code> |
|
||||
| [instance_type](variables.tf#L49) | Instance type. | <code>string</code> | | <code>"n1-standard-2"</code> |
|
||||
| [network_config](variables.tf#L55) | Network configuration | <code title="object({ network = string subnet = string })">object({…})</code> | | <code>null</code> |
|
||||
| [prefix](variables.tf#L64) | Prefix for the resources created. | <code>string</code> | | <code>null</code> |
|
||||
| [project_create](variables.tf#L70) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L84) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [subnet_ip_cidr_block](variables.tf#L90) | Subnet IP CIDR block. | <code>string</code> | | <code>"10.0.1.0/28"</code> |
|
||||
| [zone](variables.tf#L96) | Zone. | <code>string</code> | | <code>"europe-west1-c"</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -12,40 +12,17 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
variable "project_create" {
|
||||
description = "Parameters for the creation of the new project."
|
||||
type = object({
|
||||
billing_account_id = string
|
||||
parent = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Host project ID."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix for the resources created."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "network_config" {
|
||||
description = "Network configuration"
|
||||
type = object({
|
||||
network = string
|
||||
subnet = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "ad_dns_domain_name" {
|
||||
description = "AD DNS domain name."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ad_ip_cidr_block" {
|
||||
description = "Managed AD IP CIDR block."
|
||||
type = string
|
||||
default = "10.0.0.0/24"
|
||||
}
|
||||
|
||||
variable "adfs_dns_domain_name" {
|
||||
description = "ADFS DNS domain name."
|
||||
type = string
|
||||
|
|
@ -75,26 +52,49 @@ variable "instance_type" {
|
|||
default = "n1-standard-2"
|
||||
}
|
||||
|
||||
variable "network_config" {
|
||||
description = "Network configuration"
|
||||
type = object({
|
||||
network = string
|
||||
subnet = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix for the resources created."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_create" {
|
||||
description = "Parameters for the creation of the new project."
|
||||
type = object({
|
||||
billing_account_id = string
|
||||
parent = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Host project ID."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region."
|
||||
type = string
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
||||
variable "subnet_ip_cidr_block" {
|
||||
description = "Subnet IP CIDR block."
|
||||
type = string
|
||||
default = "10.0.1.0/28"
|
||||
}
|
||||
|
||||
variable "zone" {
|
||||
description = "Zone."
|
||||
type = string
|
||||
default = "europe-west1-c"
|
||||
}
|
||||
|
||||
variable "ad_ip_cidr_block" {
|
||||
description = "Managed AD IP CIDR block."
|
||||
type = string
|
||||
default = "10.0.0.0/24"
|
||||
}
|
||||
|
||||
variable "subnet_ip_cidr_block" {
|
||||
description = "Subnet IP CIDR block."
|
||||
type = string
|
||||
default = "10.0.1.0/28"
|
||||
}
|
||||
|
|
@ -58,16 +58,16 @@ Do the following to verify that everything works as expected.
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [envgroups](variables.tf#L54) | Environment groups (NAME => [HOSTNAMES]). | <code>map(list(string))</code> | ✓ | |
|
||||
| [environments](variables.tf#L60) | Environments. | <code title="map(object({ display_name = optional(string) description = optional(string) node_config = optional(object({ min_node_count = optional(number) max_node_count = optional(number) current_aggregate_node_count = number })) iam = optional(map(list(string))) envgroups = list(string) }))">map(object({…}))</code> | ✓ | |
|
||||
| [instances](variables.tf#L76) | Instance. | <code title="map(object({ display_name = optional(string) description = optional(string) region = string environments = list(string) psa_ip_cidr_range = string disk_encryption_key = optional(string) consumer_accept_list = optional(list(string)) }))">map(object({…}))</code> | ✓ | |
|
||||
| [project_id](variables.tf#L32) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [psc_config](variables.tf#L104) | PSC configuration. | <code>map(string)</code> | ✓ | |
|
||||
| [datastore_name](variables.tf#L97) | Datastore | <code>string</code> | | <code>"gcs"</code> |
|
||||
| [organization](variables.tf#L38) | Apigee organization. | <code title="object({ display_name = optional(string, "Apigee organization created by tf module") description = optional(string, "Apigee organization created by tf module") authorized_network = optional(string, "vpc") runtime_type = optional(string, "CLOUD") billing_type = optional(string) database_encryption_key = optional(string) analytics_region = optional(string, "europe-west1") })">object({…})</code> | | <code title="{ }">{…}</code> |
|
||||
| [path](variables.tf#L90) | Bucket path. | <code>string</code> | | <code>"/analytics"</code> |
|
||||
| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [vpc_create](variables.tf#L26) | Boolean flag indicating whether the VPC should be created or not. | <code>bool</code> | | <code>true</code> |
|
||||
| [envgroups](variables.tf#L24) | Environment groups (NAME => [HOSTNAMES]). | <code>map(list(string))</code> | ✓ | |
|
||||
| [environments](variables.tf#L30) | Environments. | <code title="map(object({ display_name = optional(string) description = optional(string) node_config = optional(object({ min_node_count = optional(number) max_node_count = optional(number) current_aggregate_node_count = number })) iam = optional(map(list(string))) envgroups = list(string) }))">map(object({…}))</code> | ✓ | |
|
||||
| [instances](variables.tf#L46) | Instance. | <code title="map(object({ display_name = optional(string) description = optional(string) region = string environments = list(string) psa_ip_cidr_range = string disk_encryption_key = optional(string) consumer_accept_list = optional(list(string)) }))">map(object({…}))</code> | ✓ | |
|
||||
| [project_id](variables.tf#L92) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [psc_config](variables.tf#L98) | PSC configuration. | <code>map(string)</code> | ✓ | |
|
||||
| [datastore_name](variables.tf#L17) | Datastore | <code>string</code> | | <code>"gcs"</code> |
|
||||
| [organization](variables.tf#L60) | Apigee organization. | <code title="object({ display_name = optional(string, "Apigee organization created by tf module") description = optional(string, "Apigee organization created by tf module") authorized_network = optional(string, "vpc") runtime_type = optional(string, "CLOUD") billing_type = optional(string) database_encryption_key = optional(string) analytics_region = optional(string, "europe-west1") })">object({…})</code> | | <code title="{ }">{…}</code> |
|
||||
| [path](variables.tf#L76) | Bucket path. | <code>string</code> | | <code>"/analytics"</code> |
|
||||
| [project_create](variables.tf#L83) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [vpc_create](variables.tf#L104) | Boolean flag indicating whether the VPC should be created or not. | <code>bool</code> | | <code>true</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -14,41 +14,11 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "project_create" {
|
||||
description = "Parameters for the creation of the new project."
|
||||
type = object({
|
||||
billing_account_id = string
|
||||
parent = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpc_create" {
|
||||
description = "Boolean flag indicating whether the VPC should be created or not."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project ID."
|
||||
variable "datastore_name" {
|
||||
description = "Datastore"
|
||||
type = string
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
description = "Apigee organization."
|
||||
type = object({
|
||||
display_name = optional(string, "Apigee organization created by tf module")
|
||||
description = optional(string, "Apigee organization created by tf module")
|
||||
authorized_network = optional(string, "vpc")
|
||||
runtime_type = optional(string, "CLOUD")
|
||||
billing_type = optional(string)
|
||||
database_encryption_key = optional(string)
|
||||
analytics_region = optional(string, "europe-west1")
|
||||
})
|
||||
nullable = false
|
||||
default = {
|
||||
}
|
||||
default = "gcs"
|
||||
}
|
||||
|
||||
variable "envgroups" {
|
||||
|
|
@ -87,6 +57,22 @@ variable "instances" {
|
|||
nullable = false
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
description = "Apigee organization."
|
||||
type = object({
|
||||
display_name = optional(string, "Apigee organization created by tf module")
|
||||
description = optional(string, "Apigee organization created by tf module")
|
||||
authorized_network = optional(string, "vpc")
|
||||
runtime_type = optional(string, "CLOUD")
|
||||
billing_type = optional(string)
|
||||
database_encryption_key = optional(string)
|
||||
analytics_region = optional(string, "europe-west1")
|
||||
})
|
||||
nullable = false
|
||||
default = {
|
||||
}
|
||||
}
|
||||
|
||||
variable "path" {
|
||||
description = "Bucket path."
|
||||
type = string
|
||||
|
|
@ -94,11 +80,19 @@ variable "path" {
|
|||
nullable = false
|
||||
}
|
||||
|
||||
variable "datastore_name" {
|
||||
description = "Datastore"
|
||||
variable "project_create" {
|
||||
description = "Parameters for the creation of the new project."
|
||||
type = object({
|
||||
billing_account_id = string
|
||||
parent = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project ID."
|
||||
type = string
|
||||
nullable = false
|
||||
default = "gcs"
|
||||
}
|
||||
|
||||
variable "psc_config" {
|
||||
|
|
@ -106,3 +100,9 @@ variable "psc_config" {
|
|||
type = map(string)
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "vpc_create" {
|
||||
description = "Boolean flag indicating whether the VPC should be created or not."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@ The codebase provisions the following list of resources:
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [impersonate_service_account_email](variables.tf#L21) | Service account to be impersonated by workload identity. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L16) | GCP project ID. | <code>string</code> | ✓ | |
|
||||
| [impersonate_service_account_email](variables.tf#L16) | Service account to be impersonated by workload identity. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L21) | GCP project ID. | <code>string</code> | ✓ | |
|
||||
| [workload_identity_pool_provider_id](variables.tf#L26) | GCP workload identity pool provider ID. | <code>string</code> | ✓ | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -27,9 +27,9 @@ provider "google-beta" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [impersonate_service_account_email](variables.tf#L22) | Service account to be impersonated by workload identity federation. | <code>string</code> | ✓ | |
|
||||
| [workload_identity_pool_provider_id](variables.tf#L17) | GCP workload identity pool provider ID. | <code>string</code> | ✓ | |
|
||||
| [tmp_oidc_token_path](variables.tf#L27) | Name of the temporary file where TFC OIDC token will be stored to authentificate terraform provider google. | <code>string</code> | | <code>".oidc_token"</code> |
|
||||
| [impersonate_service_account_email](variables.tf#L17) | Service account to be impersonated by workload identity federation. | <code>string</code> | ✓ | |
|
||||
| [workload_identity_pool_provider_id](variables.tf#L28) | GCP workload identity pool provider ID. | <code>string</code> | ✓ | |
|
||||
| [tmp_oidc_token_path](variables.tf#L22) | Name of the temporary file where TFC OIDC token will be stored to authentificate terraform provider google. | <code>string</code> | | <code>".oidc_token"</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -14,11 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "workload_identity_pool_provider_id" {
|
||||
description = "GCP workload identity pool provider ID."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "impersonate_service_account_email" {
|
||||
description = "Service account to be impersonated by workload identity federation."
|
||||
type = string
|
||||
|
|
@ -29,3 +24,8 @@ variable "tmp_oidc_token_path" {
|
|||
type = string
|
||||
default = ".oidc_token"
|
||||
}
|
||||
|
||||
variable "workload_identity_pool_provider_id" {
|
||||
description = "GCP workload identity pool provider ID."
|
||||
type = string
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,13 +13,13 @@
|
|||
# limitations under the License.
|
||||
|
||||
|
||||
variable "project_id" {
|
||||
description = "GCP project ID."
|
||||
variable "impersonate_service_account_email" {
|
||||
description = "Service account to be impersonated by workload identity."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "impersonate_service_account_email" {
|
||||
description = "Service account to be impersonated by workload identity."
|
||||
variable "project_id" {
|
||||
description = "GCP project ID."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -99,13 +99,13 @@ gcloud compute ssh --zone europe-west1-b nginx-test -- 'uptime'
|
|||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [billing_account](variables.tf#L16) | Billing account id used as default for new projects. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L33) | Project id to create a project when `project_create` is `true`, or to be used when `false`. | <code>string</code> | ✓ | |
|
||||
| [grace_period](variables.tf#L56) | Grace period for an instance startup. | <code>string</code> | | <code>"180s"</code> |
|
||||
| [location](variables.tf#L21) | App Engine location used in the example (required for CloudFunctions). | <code>string</code> | | <code>"europe-west"</code> |
|
||||
| [project_create](variables.tf#L27) | Create project instead of using an existing one. | <code>bool</code> | | <code>false</code> |
|
||||
| [region](variables.tf#L38) | Compute region used in the example. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [root_node](variables.tf#L44) | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | <code>string</code> | | <code>null</code> |
|
||||
| [schedule](variables.tf#L50) | Cron schedule for executing compute instances healthcheck. | <code>string</code> | | <code>"*/5 * * * *" # every five minutes"</code> |
|
||||
| [project_id](variables.tf#L39) | Project id to create a project when `project_create` is `true`, or to be used when `false`. | <code>string</code> | ✓ | |
|
||||
| [grace_period](variables.tf#L21) | Grace period for an instance startup. | <code>string</code> | | <code>"180s"</code> |
|
||||
| [location](variables.tf#L27) | App Engine location used in the example (required for CloudFunctions). | <code>string</code> | | <code>"europe-west"</code> |
|
||||
| [project_create](variables.tf#L33) | Create project instead of using an existing one. | <code>bool</code> | | <code>false</code> |
|
||||
| [region](variables.tf#L44) | Compute region used in the example. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [root_node](variables.tf#L50) | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | <code>string</code> | | <code>null</code> |
|
||||
| [schedule](variables.tf#L56) | Cron schedule for executing compute instances healthcheck. | <code>string</code> | | <code>"*/5 * * * *" # every five minutes"</code> |
|
||||
| [tcp_port](variables.tf#L62) | TCP port to run healthcheck against. | <code>string</code> | | <code>"80" #http"</code> |
|
||||
| [timeout](variables.tf#L68) | TCP probe timeout. | <code>string</code> | | <code>"1000ms"</code> |
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,12 @@ variable "billing_account" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "grace_period" {
|
||||
description = "Grace period for an instance startup."
|
||||
type = string
|
||||
default = "180s"
|
||||
}
|
||||
|
||||
variable "location" {
|
||||
description = "App Engine location used in the example (required for CloudFunctions)."
|
||||
type = string
|
||||
|
|
@ -53,12 +59,6 @@ variable "schedule" {
|
|||
default = "*/5 * * * *" # every five minutes
|
||||
}
|
||||
|
||||
variable "grace_period" {
|
||||
description = "Grace period for an instance startup."
|
||||
type = string
|
||||
default = "180s"
|
||||
}
|
||||
|
||||
variable "tcp_port" {
|
||||
description = "TCP port to run healthcheck against."
|
||||
type = string
|
||||
|
|
|
|||
|
|
@ -143,25 +143,25 @@ The above command will delete the associated resources so there will be no billa
|
|||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [postgres_user_password](variables.tf#L40) | `postgres` user password. | <code>string</code> | ✓ | |
|
||||
| [prefix](variables.tf#L51) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L65) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
|
||||
| [data_eng_principals](variables.tf#L23) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [network_config](variables.tf#L29) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object({ host_project = string network_self_link = string subnet_self_link = string cloudsql_psa_range = string })">object({…})</code> | | <code>null</code> |
|
||||
| [postgres_database](variables.tf#L45) | `postgres` database. | <code>string</code> | | <code>"guestbook"</code> |
|
||||
| [project_create](variables.tf#L56) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [regions](variables.tf#L70) | Map of instance_name => location where instances will be deployed. | <code>map(string)</code> | | <code title="{ primary = "europe-west1" replica = "europe-west3" }">{…}</code> |
|
||||
| [service_encryption_keys](variables.tf#L17) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | <code>map(string)</code> | | <code>null</code> |
|
||||
| [sql_configuration](variables.tf#L84) | Cloud SQL configuration | <code title="object({ availability_type = string database_version = string psa_range = string tier = string })">object({…})</code> | | <code title="{ availability_type = "REGIONAL" database_version = "POSTGRES_13" psa_range = "10.60.0.0/16" tier = "db-g1-small" }">{…}</code> |
|
||||
| [prefix](variables.tf#L45) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L59) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
|
||||
| [data_eng_principals](variables.tf#L17) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [network_config](variables.tf#L23) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object({ host_project = string network_self_link = string subnet_self_link = string cloudsql_psa_range = string })">object({…})</code> | | <code>null</code> |
|
||||
| [postgres_database](variables.tf#L34) | `postgres` database. | <code>string</code> | | <code>"guestbook"</code> |
|
||||
| [project_create](variables.tf#L50) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [regions](variables.tf#L64) | Map of instance_name => location where instances will be deployed. | <code>map(string)</code> | | <code title="{ primary = "europe-west1" replica = "europe-west3" }">{…}</code> |
|
||||
| [service_encryption_keys](variables.tf#L77) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | <code>map(string)</code> | | <code>null</code> |
|
||||
| [sql_configuration](variables.tf#L83) | Cloud SQL configuration | <code title="object({ availability_type = string database_version = string psa_range = string tier = string })">object({…})</code> | | <code title="{ availability_type = "REGIONAL" database_version = "POSTGRES_13" psa_range = "10.60.0.0/16" tier = "db-g1-small" }">{…}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| [bucket](outputs.tf#L22) | Cloud storage bucket to import/export data from Cloud SQL. | |
|
||||
| [connection_names](outputs.tf#L17) | Connection name of each instance. | |
|
||||
| [demo_commands](outputs.tf#L37) | Demo commands. | |
|
||||
| [ips](outputs.tf#L27) | IP address of each instance. | |
|
||||
| [project_id](outputs.tf#L32) | ID of the project containing all the instances. | |
|
||||
| [bucket](outputs.tf#L17) | Cloud storage bucket to import/export data from Cloud SQL. | |
|
||||
| [connection_names](outputs.tf#L22) | Connection name of each instance. | |
|
||||
| [demo_commands](outputs.tf#L27) | Demo commands. | |
|
||||
| [ips](outputs.tf#L36) | IP address of each instance. | |
|
||||
| [project_id](outputs.tf#L41) | ID of the project containing all the instances. | |
|
||||
| [service_accounts](outputs.tf#L46) | Service Accounts. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -14,14 +14,23 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "bucket" {
|
||||
description = "Cloud storage bucket to import/export data from Cloud SQL."
|
||||
value = module.gcs.name
|
||||
}
|
||||
|
||||
output "connection_names" {
|
||||
description = "Connection name of each instance."
|
||||
value = module.db.connection_names
|
||||
}
|
||||
|
||||
output "bucket" {
|
||||
description = "Cloud storage bucket to import/export data from Cloud SQL."
|
||||
value = module.gcs.name
|
||||
output "demo_commands" {
|
||||
description = "Demo commands."
|
||||
value = {
|
||||
"01_ssh" = "gcloud compute ssh ${module.test-vm.instance.name} --project ${module.project.name} --zone ${var.regions.primary}-b"
|
||||
"02_cloud_sql_proxy" = "cloud_sql_proxy -enable_iam_login -instances=${module.db.connection_name}=tcp:5432 &"
|
||||
"03_psql" = "psql 'host=127.0.0.1 port=5432 sslmode=disable dbname=${var.postgres_database} user=postgres password=PASSWORD'"
|
||||
}
|
||||
}
|
||||
|
||||
output "ips" {
|
||||
|
|
@ -34,15 +43,6 @@ output "project_id" {
|
|||
value = module.project.project_id
|
||||
}
|
||||
|
||||
output "demo_commands" {
|
||||
description = "Demo commands."
|
||||
value = {
|
||||
"01_ssh" = "gcloud compute ssh ${module.test-vm.instance.name} --project ${module.project.name} --zone ${var.regions.primary}-b"
|
||||
"02_cloud_sql_proxy" = "cloud_sql_proxy -enable_iam_login -instances=${module.db.connection_name}=tcp:5432 &"
|
||||
"03_psql" = "psql 'host=127.0.0.1 port=5432 sslmode=disable dbname=${var.postgres_database} user=postgres password=PASSWORD'"
|
||||
}
|
||||
}
|
||||
|
||||
output "service_accounts" {
|
||||
description = "Service Accounts."
|
||||
value = {
|
||||
|
|
|
|||
|
|
@ -14,12 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "service_encryption_keys" {
|
||||
description = "Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured."
|
||||
type = map(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "data_eng_principals" {
|
||||
description = "Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'."
|
||||
type = list(string)
|
||||
|
|
@ -37,17 +31,17 @@ variable "network_config" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "postgres_user_password" {
|
||||
description = "`postgres` user password."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "postgres_database" {
|
||||
description = "`postgres` database."
|
||||
type = string
|
||||
default = "guestbook"
|
||||
}
|
||||
|
||||
variable "postgres_user_password" {
|
||||
description = "`postgres` user password."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
|
||||
type = string
|
||||
|
|
@ -80,6 +74,11 @@ variable "regions" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "service_encryption_keys" {
|
||||
description = "Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured."
|
||||
type = map(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "sql_configuration" {
|
||||
description = "Cloud SQL configuration"
|
||||
|
|
|
|||
|
|
@ -266,12 +266,12 @@ You can find examples in the `[demo](./demo)` folder.
|
|||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| [bigquery-datasets](outputs.tf#L17) | BigQuery datasets. | |
|
||||
| [demo_commands](outputs.tf#L93) | Demo commands. | |
|
||||
| [gcs-buckets](outputs.tf#L28) | GCS buckets. | |
|
||||
| [kms_keys](outputs.tf#L42) | Cloud MKS keys. | |
|
||||
| [projects](outputs.tf#L47) | GCP Projects informations. | |
|
||||
| [vpc_network](outputs.tf#L75) | VPC network. | |
|
||||
| [vpc_subnet](outputs.tf#L84) | VPC subnetworks. | |
|
||||
| [demo_commands](outputs.tf#L28) | Demo commands. | |
|
||||
| [gcs-buckets](outputs.tf#L41) | GCS buckets. | |
|
||||
| [kms_keys](outputs.tf#L55) | Cloud MKS keys. | |
|
||||
| [projects](outputs.tf#L60) | GCP Projects informations. | |
|
||||
| [vpc_network](outputs.tf#L88) | VPC network. | |
|
||||
| [vpc_subnet](outputs.tf#L97) | VPC subnetworks. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
## TODOs
|
||||
|
|
|
|||
|
|
@ -25,6 +25,19 @@ output "bigquery-datasets" {
|
|||
}
|
||||
}
|
||||
|
||||
output "demo_commands" {
|
||||
description = "Demo commands."
|
||||
value = {
|
||||
01 = "gsutil -i ${module.drop-sa-cs-0.email} cp demo/data/*.csv gs://${module.drop-cs-0.name}"
|
||||
02 = "gsutil -i ${module.orch-sa-cmp-0.email} cp demo/data/*.j* gs://${module.orch-cs-0.name}"
|
||||
03 = "gsutil -i ${module.orch-sa-cmp-0.email} cp demo/*.py ${google_composer_environment.orch-cmp-0.config[0].dag_gcs_prefix}/"
|
||||
04 = "Open ${google_composer_environment.orch-cmp-0.config.0.airflow_uri} and run uploaded DAG."
|
||||
05 = <<EOT
|
||||
bq query --project_id=${module.dwh-conf-project.project_id} --use_legacy_sql=false 'SELECT * EXCEPT (name, surname) FROM `${module.dwh-conf-project.project_id}.${module.dwh-conf-bq-0.dataset_id}.customer_purchase` LIMIT 1000'"
|
||||
EOT
|
||||
}
|
||||
}
|
||||
|
||||
output "gcs-buckets" {
|
||||
description = "GCS buckets."
|
||||
value = {
|
||||
|
|
@ -89,16 +102,3 @@ output "vpc_subnet" {
|
|||
transformation = local.transf_subnet
|
||||
}
|
||||
}
|
||||
|
||||
output "demo_commands" {
|
||||
description = "Demo commands."
|
||||
value = {
|
||||
01 = "gsutil -i ${module.drop-sa-cs-0.email} cp demo/data/*.csv gs://${module.drop-cs-0.name}"
|
||||
02 = "gsutil -i ${module.orch-sa-cmp-0.email} cp demo/data/*.j* gs://${module.orch-cs-0.name}"
|
||||
03 = "gsutil -i ${module.orch-sa-cmp-0.email} cp demo/*.py ${google_composer_environment.orch-cmp-0.config[0].dag_gcs_prefix}/"
|
||||
04 = "Open ${google_composer_environment.orch-cmp-0.config.0.airflow_uri} and run uploaded DAG."
|
||||
05 = <<EOT
|
||||
bq query --project_id=${module.dwh-conf-project.project_id} --use_legacy_sql=false 'SELECT * EXCEPT (name, surname) FROM `${module.dwh-conf-project.project_id}.${module.dwh-conf-bq-0.dataset_id}.customer_purchase` LIMIT 1000'"
|
||||
EOT
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,8 +47,8 @@ You can now connect to the Vertex AI notbook to perform your data analysy.
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [prefix](variables.tf#L36) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L22) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
|
||||
| [prefix](variables.tf#L22) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L36) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
|
||||
| [location](variables.tf#L16) | The location where resources will be deployed. | <code>string</code> | | <code>"EU"</code> |
|
||||
| [project_create](variables.tf#L27) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L41) | The region where resources will be deployed. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
|
|
|
|||
|
|
@ -19,8 +19,8 @@ variable "location" {
|
|||
default = "EU"
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project id, references existing project if `project_create` is null."
|
||||
variable "prefix" {
|
||||
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
|
@ -33,8 +33,8 @@ variable "project_create" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
|
||||
variable "project_id" {
|
||||
description = "Project id, references existing project if `project_create` is null."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -208,10 +208,10 @@ The above command will delete the associated resources so there will be no billa
|
|||
|---|---|:---:|
|
||||
| [bq_tables](outputs.tf#L15) | Bigquery Tables. | |
|
||||
| [buckets](outputs.tf#L20) | GCS bucket Cloud KMS crypto keys. | |
|
||||
| [command_01_gcs](outputs.tf#L43) | gcloud command to copy data into the created bucket impersonating the service account. | |
|
||||
| [command_02_dataflow](outputs.tf#L48) | Command to run Dataflow template impersonating the service account. | |
|
||||
| [command_03_bq](outputs.tf#L69) | BigQuery command to query imported data. | |
|
||||
| [project_id](outputs.tf#L28) | Project id. | |
|
||||
| [service_accounts](outputs.tf#L33) | Service account. | |
|
||||
| [command_01_gcs](outputs.tf#L28) | gcloud command to copy data into the created bucket impersonating the service account. | |
|
||||
| [command_02_dataflow](outputs.tf#L33) | Command to run Dataflow template impersonating the service account. | |
|
||||
| [command_03_bq](outputs.tf#L54) | BigQuery command to query imported data. | |
|
||||
| [project_id](outputs.tf#L64) | Project id. | |
|
||||
| [service_accounts](outputs.tf#L69) | Service account. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -25,21 +25,6 @@ output "buckets" {
|
|||
}
|
||||
}
|
||||
|
||||
output "project_id" {
|
||||
description = "Project id."
|
||||
value = module.project.project_id
|
||||
}
|
||||
|
||||
output "service_accounts" {
|
||||
description = "Service account."
|
||||
value = {
|
||||
bq = module.service-account-bq.email
|
||||
df = module.service-account-df.email
|
||||
orch = module.service-account-orch.email
|
||||
landing = module.service-account-landing.email
|
||||
}
|
||||
}
|
||||
|
||||
output "command_01_gcs" {
|
||||
description = "gcloud command to copy data into the created bucket impersonating the service account."
|
||||
value = "gsutil -i ${module.service-account-landing.email} cp data-demo/* ${module.gcs-data.url}"
|
||||
|
|
@ -75,3 +60,18 @@ output "command_03_bq" {
|
|||
sql_limit = 1000
|
||||
})
|
||||
}
|
||||
|
||||
output "project_id" {
|
||||
description = "Project id."
|
||||
value = module.project.project_id
|
||||
}
|
||||
|
||||
output "service_accounts" {
|
||||
description = "Service account."
|
||||
value = {
|
||||
bq = module.service-account-bq.email
|
||||
df = module.service-account-df.email
|
||||
orch = module.service-account-orch.email
|
||||
landing = module.service-account-landing.email
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,32 +35,32 @@ and to `C:\GcpSetupLog.txt` file.
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [ad_domain_fqdn](variables.tf#L111) | Active Directory domain (FQDN) | <code>string</code> | ✓ | |
|
||||
| [ad_domain_netbios](variables.tf#L120) | Active Directory domain (NetBIOS) | <code>string</code> | ✓ | |
|
||||
| [network](variables.tf#L38) | Network to use in the project | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L27) | Google Cloud project ID | <code>string</code> | ✓ | |
|
||||
| [sql_admin_password](variables.tf#L102) | Password for the SQL admin user to be created | <code>string</code> | ✓ | |
|
||||
| [subnetwork](variables.tf#L43) | Subnetwork to use in the project | <code>string</code> | ✓ | |
|
||||
| [always_on_groups](variables.tf#L135) | List of Always On Groups | <code>list(string)</code> | | <code>["bookshelf"]</code> |
|
||||
| [boot_disk_size](variables.tf#L90) | Boot disk size in GB | <code>number</code> | | <code>50</code> |
|
||||
| [cluster_name](variables.tf#L48) | Cluster name (prepended with prefix) | <code>string</code> | | <code>"cluster"</code> |
|
||||
| [data_disk_size](variables.tf#L96) | Database disk size in GB | <code>number</code> | | <code>200</code> |
|
||||
| [health_check_config](variables.tf#L147) | Health check configuration | <code title="object({ check_interval_sec = number, healthy_threshold = number, unhealthy_threshold = number, timeout_sec = number, })">…</code> | | <code title="{ check_interval_sec = 2 healthy_threshold = 1 unhealthy_threshold = 2 timeout_sec = 1 }">{…}</code> |
|
||||
| [health_check_port](variables.tf#L141) | Health check port | <code>number</code> | | <code>59997</code> |
|
||||
| [health_check_ranges](variables.tf#L60) | Health check ranges | <code>list(string)</code> | | <code>["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]</code> |
|
||||
| [managed_ad_dn](variables.tf#L129) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com) | <code>string</code> | | <code>""</code> |
|
||||
| [node_image](variables.tf#L78) | SQL Server node machine image | <code>string</code> | | <code>"projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"</code> |
|
||||
| [node_instance_type](variables.tf#L66) | SQL Server database node instance type | <code>string</code> | | <code>"n2-standard-8"</code> |
|
||||
| [node_name](variables.tf#L162) | Node base name | <code>string</code> | | <code>"node"</code> |
|
||||
| [prefix](variables.tf#L15) | Prefix used for resources (for multiple clusters in a project) | <code>string</code> | | <code>"aog"</code> |
|
||||
| [project_create](variables.tf#L174) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L21) | Region for resources | <code>string</code> | | <code>"europe-west4"</code> |
|
||||
| [shared_vpc_project_id](variables.tf#L32) | Shared VPC project ID for firewall rules | <code>string</code> | | <code>null</code> |
|
||||
| [sql_client_cidrs](variables.tf#L54) | CIDR ranges that are allowed to connect to SQL Server | <code>list(string)</code> | | <code>["0.0.0.0/0"]</code> |
|
||||
| [vpc_ip_cidr_range](variables.tf#L183) | Ip range used in the subnet deployef in the Service Project. | <code>string</code> | | <code>"10.0.0.0/20"</code> |
|
||||
| [witness_image](variables.tf#L84) | SQL Server witness machine image | <code>string</code> | | <code>"projects/windows-cloud/global/images/family/windows-2019"</code> |
|
||||
| [witness_instance_type](variables.tf#L72) | SQL Server witness node instance type | <code>string</code> | | <code>"n2-standard-2"</code> |
|
||||
| [witness_name](variables.tf#L168) | Witness base name | <code>string</code> | | <code>"witness"</code> |
|
||||
| [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN) | <code>string</code> | ✓ | |
|
||||
| [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS) | <code>string</code> | ✓ | |
|
||||
| [network](variables.tf#L90) | Network to use in the project | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L128) | Google Cloud project ID | <code>string</code> | ✓ | |
|
||||
| [sql_admin_password](variables.tf#L145) | Password for the SQL admin user to be created | <code>string</code> | ✓ | |
|
||||
| [subnetwork](variables.tf#L160) | Subnetwork to use in the project | <code>string</code> | ✓ | |
|
||||
| [always_on_groups](variables.tf#L33) | List of Always On Groups | <code>list(string)</code> | | <code>["bookshelf"]</code> |
|
||||
| [boot_disk_size](variables.tf#L39) | Boot disk size in GB | <code>number</code> | | <code>50</code> |
|
||||
| [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix) | <code>string</code> | | <code>"cluster"</code> |
|
||||
| [data_disk_size](variables.tf#L51) | Database disk size in GB | <code>number</code> | | <code>200</code> |
|
||||
| [health_check_config](variables.tf#L57) | Health check configuration | <code title="object({ check_interval_sec = number, healthy_threshold = number, unhealthy_threshold = number, timeout_sec = number, })">…</code> | | <code title="{ check_interval_sec = 2 healthy_threshold = 1 unhealthy_threshold = 2 timeout_sec = 1 }">{…}</code> |
|
||||
| [health_check_port](variables.tf#L72) | Health check port | <code>number</code> | | <code>59997</code> |
|
||||
| [health_check_ranges](variables.tf#L78) | Health check ranges | <code>list(string)</code> | | <code>["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]</code> |
|
||||
| [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com) | <code>string</code> | | <code>""</code> |
|
||||
| [node_image](variables.tf#L95) | SQL Server node machine image | <code>string</code> | | <code>"projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"</code> |
|
||||
| [node_instance_type](variables.tf#L101) | SQL Server database node instance type | <code>string</code> | | <code>"n2-standard-8"</code> |
|
||||
| [node_name](variables.tf#L107) | Node base name | <code>string</code> | | <code>"node"</code> |
|
||||
| [prefix](variables.tf#L113) | Prefix used for resources (for multiple clusters in a project) | <code>string</code> | | <code>"aog"</code> |
|
||||
| [project_create](variables.tf#L119) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L133) | Region for resources | <code>string</code> | | <code>"europe-west4"</code> |
|
||||
| [shared_vpc_project_id](variables.tf#L139) | Shared VPC project ID for firewall rules | <code>string</code> | | <code>null</code> |
|
||||
| [sql_client_cidrs](variables.tf#L154) | CIDR ranges that are allowed to connect to SQL Server | <code>list(string)</code> | | <code>["0.0.0.0/0"]</code> |
|
||||
| [vpc_ip_cidr_range](variables.tf#L165) | Ip range used in the subnet deployef in the Service Project. | <code>string</code> | | <code>"10.0.0.0/20"</code> |
|
||||
| [witness_image](variables.tf#L171) | SQL Server witness machine image | <code>string</code> | | <code>"projects/windows-cloud/global/images/family/windows-2019"</code> |
|
||||
| [witness_instance_type](variables.tf#L177) | SQL Server witness node instance type | <code>string</code> | | <code>"n2-standard-2"</code> |
|
||||
| [witness_name](variables.tf#L183) | Witness base name | <code>string</code> | | <code>"witness"</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -12,102 +12,6 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix used for resources (for multiple clusters in a project)"
|
||||
type = string
|
||||
default = "aog"
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region for resources"
|
||||
type = string
|
||||
default = "europe-west4"
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Google Cloud project ID"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "shared_vpc_project_id" {
|
||||
description = "Shared VPC project ID for firewall rules"
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "network" {
|
||||
description = "Network to use in the project"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "subnetwork" {
|
||||
description = "Subnetwork to use in the project"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "cluster_name" {
|
||||
description = "Cluster name (prepended with prefix)"
|
||||
type = string
|
||||
default = "cluster"
|
||||
}
|
||||
|
||||
variable "sql_client_cidrs" {
|
||||
description = "CIDR ranges that are allowed to connect to SQL Server"
|
||||
type = list(string)
|
||||
default = ["0.0.0.0/0"]
|
||||
}
|
||||
|
||||
variable "health_check_ranges" {
|
||||
description = "Health check ranges"
|
||||
type = list(string)
|
||||
default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]
|
||||
}
|
||||
|
||||
variable "node_instance_type" {
|
||||
description = "SQL Server database node instance type"
|
||||
type = string
|
||||
default = "n2-standard-8"
|
||||
}
|
||||
|
||||
variable "witness_instance_type" {
|
||||
description = "SQL Server witness node instance type"
|
||||
type = string
|
||||
default = "n2-standard-2"
|
||||
}
|
||||
|
||||
variable "node_image" {
|
||||
description = "SQL Server node machine image"
|
||||
type = string
|
||||
default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"
|
||||
}
|
||||
|
||||
variable "witness_image" {
|
||||
description = "SQL Server witness machine image"
|
||||
type = string
|
||||
default = "projects/windows-cloud/global/images/family/windows-2019"
|
||||
}
|
||||
|
||||
variable "boot_disk_size" {
|
||||
description = "Boot disk size in GB"
|
||||
type = number
|
||||
default = 50
|
||||
}
|
||||
|
||||
variable "data_disk_size" {
|
||||
description = "Database disk size in GB"
|
||||
type = number
|
||||
default = 200
|
||||
}
|
||||
|
||||
variable "sql_admin_password" {
|
||||
description = "Password for the SQL admin user to be created"
|
||||
type = string
|
||||
validation {
|
||||
condition = length(var.sql_admin_password) > 0
|
||||
error_message = "SQL administrator password needs to be specified."
|
||||
}
|
||||
}
|
||||
|
||||
variable "ad_domain_fqdn" {
|
||||
description = "Active Directory domain (FQDN)"
|
||||
type = string
|
||||
|
|
@ -126,22 +30,28 @@ variable "ad_domain_netbios" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "managed_ad_dn" {
|
||||
description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)"
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "always_on_groups" {
|
||||
description = "List of Always On Groups"
|
||||
type = list(string)
|
||||
default = ["bookshelf"]
|
||||
}
|
||||
|
||||
variable "health_check_port" {
|
||||
description = "Health check port"
|
||||
variable "boot_disk_size" {
|
||||
description = "Boot disk size in GB"
|
||||
type = number
|
||||
default = 59997
|
||||
default = 50
|
||||
}
|
||||
|
||||
variable "cluster_name" {
|
||||
description = "Cluster name (prepended with prefix)"
|
||||
type = string
|
||||
default = "cluster"
|
||||
}
|
||||
|
||||
variable "data_disk_size" {
|
||||
description = "Database disk size in GB"
|
||||
type = number
|
||||
default = 200
|
||||
}
|
||||
|
||||
variable "health_check_config" {
|
||||
|
|
@ -159,16 +69,51 @@ variable "health_check_config" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "health_check_port" {
|
||||
description = "Health check port"
|
||||
type = number
|
||||
default = 59997
|
||||
}
|
||||
|
||||
variable "health_check_ranges" {
|
||||
description = "Health check ranges"
|
||||
type = list(string)
|
||||
default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]
|
||||
}
|
||||
|
||||
variable "managed_ad_dn" {
|
||||
description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)"
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "network" {
|
||||
description = "Network to use in the project"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "node_image" {
|
||||
description = "SQL Server node machine image"
|
||||
type = string
|
||||
default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"
|
||||
}
|
||||
|
||||
variable "node_instance_type" {
|
||||
description = "SQL Server database node instance type"
|
||||
type = string
|
||||
default = "n2-standard-8"
|
||||
}
|
||||
|
||||
variable "node_name" {
|
||||
description = "Node base name"
|
||||
type = string
|
||||
default = "node"
|
||||
}
|
||||
|
||||
variable "witness_name" {
|
||||
description = "Witness base name"
|
||||
variable "prefix" {
|
||||
description = "Prefix used for resources (for multiple clusters in a project)"
|
||||
type = string
|
||||
default = "witness"
|
||||
default = "aog"
|
||||
}
|
||||
|
||||
variable "project_create" {
|
||||
|
|
@ -180,8 +125,63 @@ variable "project_create" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Google Cloud project ID"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region for resources"
|
||||
type = string
|
||||
default = "europe-west4"
|
||||
}
|
||||
|
||||
variable "shared_vpc_project_id" {
|
||||
description = "Shared VPC project ID for firewall rules"
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "sql_admin_password" {
|
||||
description = "Password for the SQL admin user to be created"
|
||||
type = string
|
||||
validation {
|
||||
condition = length(var.sql_admin_password) > 0
|
||||
error_message = "SQL administrator password needs to be specified."
|
||||
}
|
||||
}
|
||||
|
||||
variable "sql_client_cidrs" {
|
||||
description = "CIDR ranges that are allowed to connect to SQL Server"
|
||||
type = list(string)
|
||||
default = ["0.0.0.0/0"]
|
||||
}
|
||||
|
||||
variable "subnetwork" {
|
||||
description = "Subnetwork to use in the project"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "vpc_ip_cidr_range" {
|
||||
description = "Ip range used in the subnet deployef in the Service Project."
|
||||
type = string
|
||||
default = "10.0.0.0/20"
|
||||
}
|
||||
|
||||
variable "witness_image" {
|
||||
description = "SQL Server witness machine image"
|
||||
type = string
|
||||
default = "projects/windows-cloud/global/images/family/windows-2019"
|
||||
}
|
||||
|
||||
variable "witness_instance_type" {
|
||||
description = "SQL Server witness node instance type"
|
||||
type = string
|
||||
default = "n2-standard-2"
|
||||
}
|
||||
|
||||
variable "witness_name" {
|
||||
description = "Witness base name"
|
||||
type = string
|
||||
default = "witness"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -67,20 +67,17 @@ labels: # not required, defaults to {}, Example: {"a":"thisislabela","b":"thisis
|
|||
use_legacy_sql: bool # not required, defaults to false
|
||||
deletion_protection: bool # not required, defaults to false
|
||||
```
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L27) | Project ID | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L17) | Project ID | <code>string</code> | ✓ | |
|
||||
| [tables_dir](variables.tf#L22) | Relative path for the folder storing table data. | <code>string</code> | ✓ | |
|
||||
| [views_dir](variables.tf#L17) | Relative path for the folder storing view data. | <code>string</code> | ✓ | |
|
||||
| [views_dir](variables.tf#L27) | Relative path for the folder storing view data. | <code>string</code> | ✓ | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
||||
|
||||
## TODO
|
||||
|
||||
- [ ] add external table support
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "views_dir" {
|
||||
description = "Relative path for the folder storing view data."
|
||||
variable "project_id" {
|
||||
description = "Project ID"
|
||||
type = string
|
||||
}
|
||||
|
||||
|
|
@ -24,8 +24,7 @@ variable "tables_dir" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project ID"
|
||||
variable "views_dir" {
|
||||
description = "Relative path for the folder storing view data."
|
||||
type = string
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -239,9 +239,9 @@ vpc:
|
|||
| [service_accounts_additive](variables.tf#L168) | Service accounts to be created, and roles assigned them on the project additively. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [service_accounts_iam](variables.tf#L174) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [service_accounts_iam_additive](variables.tf#L181) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [service_identities_iam](variables.tf#L195) | Custom IAM settings for service identities in service => [role] format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [service_identities_iam_additive](variables.tf#L202) | Custom additive IAM settings for service identities in service => [role] format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [services](variables.tf#L188) | Services to be enabled for the project. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [service_identities_iam](variables.tf#L188) | Custom IAM settings for service identities in service => [role] format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [service_identities_iam_additive](variables.tf#L195) | Custom additive IAM settings for service identities in service => [role] format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [services](variables.tf#L202) | Services to be enabled for the project. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [vpc](variables.tf#L209) | VPC configuration for the project. | <code title="object({ host_project = string gke_setup = object({ enable_security_admin = bool enable_host_service_agent = bool }) subnets_iam = map(list(string)) })">object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
|
|
|||
|
|
@ -185,13 +185,6 @@ variable "service_accounts_iam_additive" {
|
|||
nullable = false
|
||||
}
|
||||
|
||||
variable "services" {
|
||||
description = "Services to be enabled for the project."
|
||||
type = list(string)
|
||||
default = []
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "service_identities_iam" {
|
||||
description = "Custom IAM settings for service identities in service => [role] format."
|
||||
type = map(list(string))
|
||||
|
|
@ -206,6 +199,13 @@ variable "service_identities_iam_additive" {
|
|||
nullable = false
|
||||
}
|
||||
|
||||
variable "services" {
|
||||
description = "Services to be enabled for the project."
|
||||
type = list(string)
|
||||
default = []
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "vpc" {
|
||||
description = "VPC configuration for the project."
|
||||
type = object({
|
||||
|
|
|
|||
|
|
@ -107,21 +107,21 @@ Once done testing, you can clean up resources by running `terraform destroy`.
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L26) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [master_cidr_block](variables.tf#L49) | Master CIDR block. | <code>string</code> | | <code>"10.0.0.0/28"</code> |
|
||||
| [pods_cidr_block](variables.tf#L37) | Pods CIDR block. | <code>string</code> | | <code>"172.16.0.0/20"</code> |
|
||||
| [prefix](variables.tf#L31) | Prefix for resources created. | <code>string</code> | | <code>null</code> |
|
||||
| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L61) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [services_cidr_block](variables.tf#L43) | Services CIDR block. | <code>string</code> | | <code>"192.168.0.0/24"</code> |
|
||||
| [subnet_cidr_block](variables.tf#L55) | Subnet CIDR block. | <code>string</code> | | <code>"10.0.1.0/24"</code> |
|
||||
| [project_id](variables.tf#L44) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [master_cidr_block](variables.tf#L17) | Master CIDR block. | <code>string</code> | | <code>"10.0.0.0/28"</code> |
|
||||
| [pods_cidr_block](variables.tf#L23) | Pods CIDR block. | <code>string</code> | | <code>"172.16.0.0/20"</code> |
|
||||
| [prefix](variables.tf#L29) | Prefix for resources created. | <code>string</code> | | <code>null</code> |
|
||||
| [project_create](variables.tf#L35) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L49) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [services_cidr_block](variables.tf#L55) | Services CIDR block. | <code>string</code> | | <code>"192.168.0.0/24"</code> |
|
||||
| [subnet_cidr_block](variables.tf#L61) | Subnet CIDR block. | <code>string</code> | | <code>"10.0.1.0/24"</code> |
|
||||
| [zone](variables.tf#L67) | Zone. | <code>string</code> | | <code>"europe-west1-c"</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| [app_repo_url](outputs.tf#L22) | App source repository url. | |
|
||||
| [image_repo_url](outputs.tf#L17) | Image source repository url. | |
|
||||
| [app_repo_url](outputs.tf#L17) | App source repository url. | |
|
||||
| [image_repo_url](outputs.tf#L22) | Image source repository url. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -14,12 +14,12 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "image_repo_url" {
|
||||
description = "Image source repository url."
|
||||
value = "ssh://<USER>@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.image_repo.name}"
|
||||
}
|
||||
|
||||
output "app_repo_url" {
|
||||
description = "App source repository url."
|
||||
value = "ssh://<USER>@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.app_repo.name}"
|
||||
}
|
||||
|
||||
output "image_repo_url" {
|
||||
description = "Image source repository url."
|
||||
value = "ssh://<USER>@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.image_repo.name}"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,6 +14,24 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "master_cidr_block" {
|
||||
description = "Master CIDR block."
|
||||
type = string
|
||||
default = "10.0.0.0/28"
|
||||
}
|
||||
|
||||
variable "pods_cidr_block" {
|
||||
description = "Pods CIDR block."
|
||||
type = string
|
||||
default = "172.16.0.0/20"
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix for resources created."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_create" {
|
||||
description = "Parameters for the creation of the new project."
|
||||
type = object({
|
||||
|
|
@ -28,16 +46,10 @@ variable "project_id" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix for resources created."
|
||||
variable "region" {
|
||||
description = "Region."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "pods_cidr_block" {
|
||||
description = "Pods CIDR block."
|
||||
type = string
|
||||
default = "172.16.0.0/20"
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
||||
variable "services_cidr_block" {
|
||||
|
|
@ -46,24 +58,12 @@ variable "services_cidr_block" {
|
|||
default = "192.168.0.0/24"
|
||||
}
|
||||
|
||||
variable "master_cidr_block" {
|
||||
description = "Master CIDR block."
|
||||
type = string
|
||||
default = "10.0.0.0/28"
|
||||
}
|
||||
|
||||
variable "subnet_cidr_block" {
|
||||
description = "Subnet CIDR block."
|
||||
type = string
|
||||
default = "10.0.1.0/24"
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region."
|
||||
type = string
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
||||
variable "zone" {
|
||||
description = "Zone."
|
||||
type = string
|
||||
|
|
|
|||
|
|
@ -64,14 +64,14 @@ Once done testing, you can clean up resources by running `terraform destroy`.
|
|||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | |
|
||||
| [fleet_project_id](variables.tf#L32) | Management Project ID. | <code>string</code> | ✓ | |
|
||||
| [host_project_id](variables.tf#L27) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [mgmt_project_id](variables.tf#L37) | Management Project ID. | <code>string</code> | ✓ | |
|
||||
| [parent](variables.tf#L22) | Parent. | <code>string</code> | ✓ | |
|
||||
| [clusters_config](variables.tf#L54) | Clusters configuration. | <code title="map(object({ subnet_cidr_block = string master_cidr_block = string services_cidr_block = string pods_cidr_block = string }))">map(object({…}))</code> | | <code title="{ cluster-a = { subnet_cidr_block = "10.0.1.0/24" master_cidr_block = "10.16.0.0/28" services_cidr_block = "192.168.1.0/24" pods_cidr_block = "172.16.0.0/20" } cluster-b = { subnet_cidr_block = "10.0.2.0/24" master_cidr_block = "10.16.0.16/28" services_cidr_block = "192.168.2.0/24" pods_cidr_block = "172.16.16.0/20" } }">{…}</code> |
|
||||
| [istio_version](variables.tf#L98) | ASM version | <code>string</code> | | <code>"1.14.1-asm.3"</code> |
|
||||
| [mgmt_server_config](variables.tf#L78) | Mgmt server configuration | <code title="object({ disk_size = number disk_type = string image = string instance_type = string region = string zone = string })">object({…})</code> | | <code title="{ disk_size = 50 disk_type = "pd-ssd" image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2204-lts" instance_type = "n1-standard-2" region = "europe-west1" zone = "europe-west1-c" }">{…}</code> |
|
||||
| [mgmt_subnet_cidr_block](variables.tf#L42) | Management subnet CIDR block. | <code>string</code> | | <code>"10.0.0.0/28"</code> |
|
||||
| [region](variables.tf#L48) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [fleet_project_id](variables.tf#L46) | Management Project ID. | <code>string</code> | ✓ | |
|
||||
| [host_project_id](variables.tf#L51) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [mgmt_project_id](variables.tf#L63) | Management Project ID. | <code>string</code> | ✓ | |
|
||||
| [parent](variables.tf#L94) | Parent. | <code>string</code> | ✓ | |
|
||||
| [clusters_config](variables.tf#L22) | Clusters configuration. | <code title="map(object({ subnet_cidr_block = string master_cidr_block = string services_cidr_block = string pods_cidr_block = string }))">map(object({…}))</code> | | <code title="{ cluster-a = { subnet_cidr_block = "10.0.1.0/24" master_cidr_block = "10.16.0.0/28" services_cidr_block = "192.168.1.0/24" pods_cidr_block = "172.16.0.0/20" } cluster-b = { subnet_cidr_block = "10.0.2.0/24" master_cidr_block = "10.16.0.16/28" services_cidr_block = "192.168.2.0/24" pods_cidr_block = "172.16.16.0/20" } }">{…}</code> |
|
||||
| [istio_version](variables.tf#L57) | ASM version | <code>string</code> | | <code>"1.14.1-asm.3"</code> |
|
||||
| [mgmt_server_config](variables.tf#L68) | Mgmt server configuration | <code title="object({ disk_size = number disk_type = string image = string instance_type = string region = string zone = string })">object({…})</code> | | <code title="{ disk_size = 50 disk_type = "pd-ssd" image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2204-lts" instance_type = "n1-standard-2" region = "europe-west1" zone = "europe-west1-c" }">{…}</code> |
|
||||
| [mgmt_subnet_cidr_block](variables.tf#L88) | Management subnet CIDR block. | <code>string</code> | | <code>"10.0.0.0/28"</code> |
|
||||
| [region](variables.tf#L99) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -19,38 +19,6 @@ variable "billing_account_id" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "parent" {
|
||||
description = "Parent."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "host_project_id" {
|
||||
description = "Project ID."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "fleet_project_id" {
|
||||
description = "Management Project ID."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "mgmt_project_id" {
|
||||
description = "Management Project ID."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "mgmt_subnet_cidr_block" {
|
||||
description = "Management subnet CIDR block."
|
||||
type = string
|
||||
default = "10.0.0.0/28"
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region."
|
||||
type = string
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
||||
variable "clusters_config" {
|
||||
description = "Clusters configuration."
|
||||
type = map(object({
|
||||
|
|
@ -75,6 +43,28 @@ variable "clusters_config" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "fleet_project_id" {
|
||||
description = "Management Project ID."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "host_project_id" {
|
||||
description = "Project ID."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
||||
variable "istio_version" {
|
||||
description = "ASM version"
|
||||
type = string
|
||||
default = "1.14.1-asm.3"
|
||||
}
|
||||
|
||||
variable "mgmt_project_id" {
|
||||
description = "Management Project ID."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "mgmt_server_config" {
|
||||
description = "Mgmt server configuration"
|
||||
type = object({
|
||||
|
|
@ -95,8 +85,19 @@ variable "mgmt_server_config" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "istio_version" {
|
||||
description = "ASM version"
|
||||
variable "mgmt_subnet_cidr_block" {
|
||||
description = "Management subnet CIDR block."
|
||||
type = string
|
||||
default = "1.14.1-asm.3"
|
||||
default = "10.0.0.0/28"
|
||||
}
|
||||
|
||||
variable "parent" {
|
||||
description = "Parent."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region."
|
||||
type = string
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -265,8 +265,8 @@ module "gke" {
|
|||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| [cluster_ids](outputs.tf#L22) | Cluster ids. | |
|
||||
| [clusters](outputs.tf#L17) | Cluster resources. | |
|
||||
| [cluster_ids](outputs.tf#L17) | Cluster ids. | |
|
||||
| [clusters](outputs.tf#L24) | Cluster resources. | |
|
||||
| [project_id](outputs.tf#L29) | GKE project id. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -14,11 +14,6 @@
|
|||
|
||||
# tfdoc:file:description Output variables.
|
||||
|
||||
output "clusters" {
|
||||
description = "Cluster resources."
|
||||
value = module.gke-cluster
|
||||
}
|
||||
|
||||
output "cluster_ids" {
|
||||
description = "Cluster ids."
|
||||
value = {
|
||||
|
|
@ -26,6 +21,11 @@ output "cluster_ids" {
|
|||
}
|
||||
}
|
||||
|
||||
output "clusters" {
|
||||
description = "Cluster resources."
|
||||
value = module.gke-cluster
|
||||
}
|
||||
|
||||
output "project_id" {
|
||||
description = "GKE project id."
|
||||
value = module.gke-project-0.project_id
|
||||
|
|
|
|||
|
|
@ -118,17 +118,16 @@ The easiest way to remove all the deployed resources is to run the following com
|
|||
terraform destroy
|
||||
|
||||
The above command will delete the associated resources so there will be no billable charges made afterwards.
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L26) | Identifier of the project. | <code>string</code> | ✓ | |
|
||||
| [enforce_security_policy](variables.tf#L31) | Enforce security policy. | <code>bool</code> | | <code>true</code> |
|
||||
| [prefix](variables.tf#L37) | Prefix used for created resources. | <code>string</code> | | <code>null</code> |
|
||||
| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [project_id](variables.tf#L38) | Identifier of the project. | <code>string</code> | ✓ | |
|
||||
| [enforce_security_policy](variables.tf#L17) | Enforce security policy. | <code>bool</code> | | <code>true</code> |
|
||||
| [prefix](variables.tf#L23) | Prefix used for created resources. | <code>string</code> | | <code>null</code> |
|
||||
| [project_create](variables.tf#L29) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -14,6 +14,18 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "enforce_security_policy" {
|
||||
description = "Enforce security policy."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix used for created resources."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_create" {
|
||||
description = "Parameters for the creation of the new project."
|
||||
type = object({
|
||||
|
|
@ -27,15 +39,3 @@ variable "project_id" {
|
|||
description = "Identifier of the project."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "enforce_security_policy" {
|
||||
description = "Enforce security policy."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix used for created resources."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,16 +40,16 @@ Before applying this Terraform
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [dest_ip_address](variables.tf#L37) | On-prem service destination IP address. | <code>string</code> | ✓ | |
|
||||
| [prefix](variables.tf#L17) | Prefix to use for resource names. | <code>string</code> | ✓ | |
|
||||
| [producer](variables.tf#L88) | Producer configuration. | <code title="object({ subnet_main = string # CIDR subnet_proxy = string # CIDR subnet_psc = string # CIDR accepted_limits = map(number) # Accepted project ids => PSC endpoint limit })">object({…})</code> | ✓ | |
|
||||
| [project_id](variables.tf#L22) | When referncing existing projects, the id of the project where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L27) | Region where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [subnet_consumer](variables.tf#L98) | Consumer subnet CIDR. | <code>string # CIDR</code> | ✓ | |
|
||||
| [zone](variables.tf#L32) | Zone where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [dest_port](variables.tf#L42) | On-prem service destination port. | <code>string</code> | | <code>"80"</code> |
|
||||
| [project_create](variables.tf#L48) | Whether to automatically create a project. | <code>bool</code> | | <code>false</code> |
|
||||
| [vpc_config](variables.tf#L60) | VPC and subnet ids, in case existing VPCs are used. | <code title="object({ producer = object({ id = string subnet_main_id = string subnet_proxy_id = string subnet_psc_id = string }) consumer = object({ id = string subnet_main_id = string }) })">object({…})</code> | | <code title="{ producer = { id = "xxx" subnet_main_id = "xxx" subnet_proxy_id = "xxx" subnet_psc_id = "xxx" } consumer = { id = "xxx" subnet_main_id = "xxx" } }">{…}</code> |
|
||||
| [vpc_create](variables.tf#L54) | Whether to automatically create VPCs. | <code>bool</code> | | <code>true</code> |
|
||||
| [dest_ip_address](variables.tf#L17) | On-prem service destination IP address. | <code>string</code> | ✓ | |
|
||||
| [prefix](variables.tf#L28) | Prefix to use for resource names. | <code>string</code> | ✓ | |
|
||||
| [producer](variables.tf#L33) | Producer configuration. | <code title="object({ subnet_main = string # CIDR subnet_proxy = string # CIDR subnet_psc = string # CIDR accepted_limits = map(number) # Accepted project ids => PSC endpoint limit })">object({…})</code> | ✓ | |
|
||||
| [project_id](variables.tf#L49) | When referncing existing projects, the id of the project where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L54) | Region where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [subnet_consumer](variables.tf#L59) | Consumer subnet CIDR. | <code>string # CIDR</code> | ✓ | |
|
||||
| [zone](variables.tf#L98) | Zone where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [dest_port](variables.tf#L22) | On-prem service destination port. | <code>string</code> | | <code>"80"</code> |
|
||||
| [project_create](variables.tf#L43) | Whether to automatically create a project. | <code>bool</code> | | <code>false</code> |
|
||||
| [vpc_config](variables.tf#L64) | VPC and subnet ids, in case existing VPCs are used. | <code title="object({ producer = object({ id = string subnet_main_id = string subnet_proxy_id = string subnet_psc_id = string }) consumer = object({ id = string subnet_main_id = string }) })">object({…})</code> | | <code title="{ producer = { id = "xxx" subnet_main_id = "xxx" subnet_proxy_id = "xxx" subnet_psc_id = "xxx" } consumer = { id = "xxx" subnet_main_id = "xxx" } }">{…}</code> |
|
||||
| [vpc_create](variables.tf#L92) | Whether to automatically create VPCs. | <code>bool</code> | | <code>true</code> |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -1,18 +1,17 @@
|
|||
# PSC Consumer
|
||||
|
||||
The module creates a consumer VPC and a Private Service Connect (PSC) endpoint, pointing to the PSC Service Attachment (SA) specified.
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L22) | Name of the resources created. | <code>string</code> | ✓ | |
|
||||
| [network](variables.tf#L32) | Consumer network id. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L17) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L27) | Region where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [sa_id](variables.tf#L42) | PSC producer service attachment id. | <code>string</code> | ✓ | |
|
||||
| [subnet](variables.tf#L37) | Subnetwork id where resources will be associated. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L17) | Name of the resources created. | <code>string</code> | ✓ | |
|
||||
| [network](variables.tf#L22) | Consumer network id. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L27) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L32) | Region where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [sa_id](variables.tf#L37) | PSC producer service attachment id. | <code>string</code> | ✓ | |
|
||||
| [subnet](variables.tf#L42) | Subnetwork id where resources will be associated. | <code>string</code> | ✓ | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -14,28 +14,23 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "project_id" {
|
||||
description = "The ID of the project where this VPC will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "Name of the resources created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region where resources will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "network" {
|
||||
description = "Consumer network id."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "subnet" {
|
||||
description = "Subnetwork id where resources will be associated."
|
||||
variable "project_id" {
|
||||
description = "The ID of the project where this VPC will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region where resources will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
|
@ -43,3 +38,8 @@ variable "sa_id" {
|
|||
description = "PSC producer service attachment id."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "subnet" {
|
||||
description = "Subnetwork id where resources will be associated."
|
||||
type = string
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,24 +5,23 @@ The module creates:
|
|||
- a producer VPC
|
||||
- an internal regional TCP proxy load balancer with a hybrid Network Endpoint Group (NEG) backend, pointing to an on-prem service (IP + port)
|
||||
- a Private Service Connect Service Attachment (PSC SA) exposing the service to [PSC consumers](../psc-consumer/README.md)
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [accepted_limits](variables.tf#L68) | Incoming accepted projects with endpoints limit. | <code>map(number)</code> | ✓ | |
|
||||
| [dest_ip_address](variables.tf#L57) | On-prem service destination IP address. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L22) | Name of the resources created. | <code>string</code> | ✓ | |
|
||||
| [network](variables.tf#L37) | Producer network id. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L17) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L27) | Region where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [subnet](variables.tf#L42) | Subnetwork id where resources will be associated. | <code>string</code> | ✓ | |
|
||||
| [subnet_proxy](variables.tf#L47) | L7 Regional load balancing subnet id. | <code>string</code> | ✓ | |
|
||||
| [subnets_psc](variables.tf#L52) | PSC NAT subnets. | <code>list(string)</code> | ✓ | |
|
||||
| [zone](variables.tf#L32) | Zone where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [dest_port](variables.tf#L62) | On-prem service destination port. | <code>string</code> | | <code>"80"</code> |
|
||||
| [accepted_limits](variables.tf#L17) | Incoming accepted projects with endpoints limit. | <code>map(number)</code> | ✓ | |
|
||||
| [dest_ip_address](variables.tf#L22) | On-prem service destination IP address. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L33) | Name of the resources created. | <code>string</code> | ✓ | |
|
||||
| [network](variables.tf#L38) | Producer network id. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L43) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L48) | Region where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [subnet](variables.tf#L53) | Subnetwork id where resources will be associated. | <code>string</code> | ✓ | |
|
||||
| [subnet_proxy](variables.tf#L58) | L7 Regional load balancing subnet id. | <code>string</code> | ✓ | |
|
||||
| [subnets_psc](variables.tf#L63) | PSC NAT subnets. | <code>list(string)</code> | ✓ | |
|
||||
| [zone](variables.tf#L68) | Zone where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [dest_port](variables.tf#L27) | On-prem service destination port. | <code>string</code> | | <code>"80"</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -14,31 +14,42 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "project_id" {
|
||||
description = "The ID of the project where this VPC will be created."
|
||||
variable "accepted_limits" {
|
||||
description = "Incoming accepted projects with endpoints limit."
|
||||
type = map(number)
|
||||
}
|
||||
|
||||
variable "dest_ip_address" {
|
||||
description = "On-prem service destination IP address."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "dest_port" {
|
||||
description = "On-prem service destination port."
|
||||
type = string
|
||||
default = "80"
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "Name of the resources created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region where resources will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "zone" {
|
||||
description = "Zone where resources will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "network" {
|
||||
description = "Producer network id."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "The ID of the project where this VPC will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region where resources will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "subnet" {
|
||||
description = "Subnetwork id where resources will be associated."
|
||||
type = string
|
||||
|
|
@ -54,18 +65,7 @@ variable "subnets_psc" {
|
|||
type = list(string)
|
||||
}
|
||||
|
||||
variable "dest_ip_address" {
|
||||
description = "On-prem service destination IP address."
|
||||
variable "zone" {
|
||||
description = "Zone where resources will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "dest_port" {
|
||||
description = "On-prem service destination port."
|
||||
type = string
|
||||
default = "80"
|
||||
}
|
||||
|
||||
variable "accepted_limits" {
|
||||
description = "Incoming accepted projects with endpoints limit."
|
||||
type = map(number)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,11 +14,38 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "dest_ip_address" {
|
||||
description = "On-prem service destination IP address."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "dest_port" {
|
||||
description = "On-prem service destination port."
|
||||
type = string
|
||||
default = "80"
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
description = "Prefix to use for resource names."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "producer" {
|
||||
description = "Producer configuration."
|
||||
type = object({
|
||||
subnet_main = string # CIDR
|
||||
subnet_proxy = string # CIDR
|
||||
subnet_psc = string # CIDR
|
||||
accepted_limits = map(number) # Accepted project ids => PSC endpoint limit
|
||||
})
|
||||
}
|
||||
|
||||
variable "project_create" {
|
||||
description = "Whether to automatically create a project."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "When referncing existing projects, the id of the project where resources will be created."
|
||||
type = string
|
||||
|
|
@ -29,32 +56,9 @@ variable "region" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "zone" {
|
||||
description = "Zone where resources will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "dest_ip_address" {
|
||||
description = "On-prem service destination IP address."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "dest_port" {
|
||||
description = "On-prem service destination port."
|
||||
type = string
|
||||
default = "80"
|
||||
}
|
||||
|
||||
variable "project_create" {
|
||||
description = "Whether to automatically create a project."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "vpc_create" {
|
||||
description = "Whether to automatically create VPCs."
|
||||
type = bool
|
||||
default = true
|
||||
variable "subnet_consumer" {
|
||||
description = "Consumer subnet CIDR."
|
||||
type = string # CIDR
|
||||
}
|
||||
|
||||
variable "vpc_config" {
|
||||
|
|
@ -85,17 +89,13 @@ variable "vpc_config" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "producer" {
|
||||
description = "Producer configuration."
|
||||
type = object({
|
||||
subnet_main = string # CIDR
|
||||
subnet_proxy = string # CIDR
|
||||
subnet_psc = string # CIDR
|
||||
accepted_limits = map(number) # Accepted project ids => PSC endpoint limit
|
||||
})
|
||||
variable "vpc_create" {
|
||||
description = "Whether to automatically create VPCs."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "subnet_consumer" {
|
||||
description = "Consumer subnet CIDR."
|
||||
type = string # CIDR
|
||||
variable "zone" {
|
||||
description = "Zone where resources will be created."
|
||||
type = string
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,18 +8,18 @@ This example is a companion setup to the Python script in the parent folder, and
|
|||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [cluster_name](variables.tf#L23) | Name used for the cluster and DNS zone. | <code>string</code> | ✓ | |
|
||||
| [domain](variables.tf#L28) | Domain name used to derive the DNS zone. | <code>string</code> | ✓ | |
|
||||
| [fs_paths](variables.tf#L87) | Filesystem paths for commands and data, supports home path expansion. | <code title="object({ credentials = string config_dir = string openshift_install = string pull_secret = string ssh_key = string })">object({…})</code> | ✓ | |
|
||||
| [host_project](variables.tf#L44) | Shared VPC project and network configuration. | <code title="object({ default_subnet_name = string masters_subnet_name = string project_id = string vpc_name = string workers_subnet_name = string })">object({…})</code> | ✓ | |
|
||||
| [service_project](variables.tf#L124) | Service project configuration. | <code title="object({ project_id = string })">object({…})</code> | ✓ | |
|
||||
| [domain](variables.tf#L39) | Domain name used to derive the DNS zone. | <code>string</code> | ✓ | |
|
||||
| [fs_paths](variables.tf#L44) | Filesystem paths for commands and data, supports home path expansion. | <code title="object({ credentials = string config_dir = string openshift_install = string pull_secret = string ssh_key = string })">object({…})</code> | ✓ | |
|
||||
| [host_project](variables.tf#L55) | Shared VPC project and network configuration. | <code title="object({ default_subnet_name = string masters_subnet_name = string project_id = string vpc_name = string workers_subnet_name = string })">object({…})</code> | ✓ | |
|
||||
| [service_project](variables.tf#L125) | Service project configuration. | <code title="object({ project_id = string })">object({…})</code> | ✓ | |
|
||||
| [allowed_ranges](variables.tf#L17) | Ranges that can SSH to the boostrap VM and API endpoint. | <code>list(any)</code> | | <code>["10.0.0.0/8"]</code> |
|
||||
| [disk_encryption_key](variables.tf#L33) | Optional CMEK for disk encryption. | <code title="object({ keyring = string location = string name = string project_id = string })">object({…})</code> | | <code>null</code> |
|
||||
| [install_config_params](variables.tf#L57) | OpenShift cluster configuration. | <code title="object({ disk_size = number labels = map(string) network = object({ cluster = string host_prefix = number machine = string service = string }) proxy = object({ http = string https = string noproxy = string }) })">object({…})</code> | | <code title="{ disk_size = 16 labels = {} network = { cluster = "10.128.0.0/14" host_prefix = 23 machine = "10.0.0.0/16" service = "172.30.0.0/16" } proxy = null }">{…}</code> |
|
||||
| [post_bootstrap_config](variables.tf#L102) | Name of the service account for the machine operator. Removes bootstrap resources when set. | <code title="object({ machine_op_sa_prefix = string })">object({…})</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L110) | Region where resources will be created. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [rhcos_gcp_image](variables.tf#L116) | RHCOS image used. | <code>string</code> | | <code>"projects/rhcos-cloud/global/images/rhcos-47-83-202102090044-0-gcp-x86-64"</code> |
|
||||
| [tags](variables.tf#L131) | Additional tags for instances. | <code>list(string)</code> | | <code>["ssh"]</code> |
|
||||
| [zones](variables.tf#L137) | Zones used for instances. | <code>list(string)</code> | | <code>["b", "c", "d"]</code> |
|
||||
| [disk_encryption_key](variables.tf#L28) | Optional CMEK for disk encryption. | <code title="object({ keyring = string location = string name = string project_id = string })">object({…})</code> | | <code>null</code> |
|
||||
| [install_config_params](variables.tf#L68) | OpenShift cluster configuration. | <code title="object({ disk_size = number labels = map(string) network = object({ cluster = string host_prefix = number machine = string service = string }) proxy = object({ http = string https = string noproxy = string }) })">object({…})</code> | | <code title="{ disk_size = 16 labels = {} network = { cluster = "10.128.0.0/14" host_prefix = 23 machine = "10.0.0.0/16" service = "172.30.0.0/16" } proxy = null }">{…}</code> |
|
||||
| [post_bootstrap_config](variables.tf#L103) | Name of the service account for the machine operator. Removes bootstrap resources when set. | <code title="object({ machine_op_sa_prefix = string })">object({…})</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L111) | Region where resources will be created. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [rhcos_gcp_image](variables.tf#L117) | RHCOS image used. | <code>string</code> | | <code>"projects/rhcos-cloud/global/images/rhcos-47-83-202102090044-0-gcp-x86-64"</code> |
|
||||
| [tags](variables.tf#L132) | Additional tags for instances. | <code>list(string)</code> | | <code>["ssh"]</code> |
|
||||
| [zones](variables.tf#L138) | Zones used for instances. | <code>list(string)</code> | | <code>["b", "c", "d"]</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -23,13 +23,8 @@ variable "allowed_ranges" {
|
|||
variable "cluster_name" {
|
||||
description = "Name used for the cluster and DNS zone."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "domain" {
|
||||
description = "Domain name used to derive the DNS zone."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "disk_encryption_key" {
|
||||
description = "Optional CMEK for disk encryption."
|
||||
type = object({
|
||||
|
|
@ -41,6 +36,22 @@ variable "disk_encryption_key" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "domain" {
|
||||
description = "Domain name used to derive the DNS zone."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "fs_paths" {
|
||||
description = "Filesystem paths for commands and data, supports home path expansion."
|
||||
type = object({
|
||||
credentials = string
|
||||
config_dir = string
|
||||
openshift_install = string
|
||||
pull_secret = string
|
||||
ssh_key = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "host_project" {
|
||||
description = "Shared VPC project and network configuration."
|
||||
type = object({
|
||||
|
|
@ -84,16 +95,6 @@ variable "install_config_params" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "fs_paths" {
|
||||
description = "Filesystem paths for commands and data, supports home path expansion."
|
||||
type = object({
|
||||
credentials = string
|
||||
config_dir = string
|
||||
openshift_install = string
|
||||
pull_secret = string
|
||||
ssh_key = string
|
||||
})
|
||||
}
|
||||
|
||||
# oc -n openshift-cloud-credential-operator get CredentialsRequest \
|
||||
# openshift-machine-api-gcp \
|
||||
|
|
|
|||
|
|
@ -491,8 +491,8 @@ The remaining configuration is manual, as it regards the repositories themselves
|
|||
| [federated_identity](outputs.tf#L116) | Workload Identity Federation pool and providers. | | |
|
||||
| [outputs_bucket](outputs.tf#L126) | GCS bucket where generated output files are stored. | | |
|
||||
| [project_ids](outputs.tf#L131) | Projects created by this stage. | | |
|
||||
| [providers](outputs.tf#L151) | Terraform provider files for this stage and dependent stages. | ✓ | <code>stage-01</code> |
|
||||
| [service_accounts](outputs.tf#L140) | Automation service accounts created by this stage. | | |
|
||||
| [tfvars](outputs.tf#L160) | Terraform variable files for the following stages. | ✓ | |
|
||||
| [providers](outputs.tf#L141) | Terraform provider files for this stage and dependent stages. | ✓ | <code>stage-01</code> |
|
||||
| [service_accounts](outputs.tf#L148) | Automation service accounts created by this stage. | | |
|
||||
| [tfvars](outputs.tf#L158) | Terraform variable files for the following stages. | ✓ | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -137,6 +137,14 @@ output "project_ids" {
|
|||
}
|
||||
}
|
||||
|
||||
# ready to use provider configurations for subsequent stages when not using files
|
||||
output "providers" {
|
||||
# tfdoc:output:consumers stage-01
|
||||
description = "Terraform provider files for this stage and dependent stages."
|
||||
sensitive = true
|
||||
value = local.providers
|
||||
}
|
||||
|
||||
output "service_accounts" {
|
||||
description = "Automation service accounts created by this stage."
|
||||
value = {
|
||||
|
|
@ -146,17 +154,7 @@ output "service_accounts" {
|
|||
}
|
||||
}
|
||||
|
||||
# ready to use provider configurations for subsequent stages when not using files
|
||||
|
||||
output "providers" {
|
||||
# tfdoc:output:consumers stage-01
|
||||
description = "Terraform provider files for this stage and dependent stages."
|
||||
sensitive = true
|
||||
value = local.providers
|
||||
}
|
||||
|
||||
# ready to use variable values for subsequent stages
|
||||
|
||||
output "tfvars" {
|
||||
description = "Terraform variable files for the following stages."
|
||||
sensitive = true
|
||||
|
|
|
|||
|
|
@ -201,13 +201,13 @@ Due to its simplicity, this stage lends itself easily to customizations: adding
|
|||
|---|---|:---:|---|
|
||||
| [cicd_repositories](outputs.tf#L197) | WIF configuration for CI/CD repositories. | | |
|
||||
| [dataplatform](outputs.tf#L211) | Data for the Data Platform stage. | | |
|
||||
| [gke_multitenant](outputs.tf#L283) | Data for the GKE multitenant stage. | | <code>03-gke-multitenant</code> |
|
||||
| [networking](outputs.tf#L227) | Data for the networking stage. | | |
|
||||
| [project_factories](outputs.tf#L236) | Data for the project factories stage. | | |
|
||||
| [providers](outputs.tf#L252) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>03-dataplatform</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
|
||||
| [sandbox](outputs.tf#L259) | Data for the sandbox stage. | | <code>xx-sandbox</code> |
|
||||
| [security](outputs.tf#L273) | Data for the networking stage. | | <code>02-security</code> |
|
||||
| [teams](outputs.tf#L304) | Data for the teams stage. | | |
|
||||
| [tfvars](outputs.tf#L317) | Terraform variable files for the following stages. | ✓ | |
|
||||
| [gke_multitenant](outputs.tf#L227) | Data for the GKE multitenant stage. | | <code>03-gke-multitenant</code> |
|
||||
| [networking](outputs.tf#L248) | Data for the networking stage. | | |
|
||||
| [project_factories](outputs.tf#L257) | Data for the project factories stage. | | |
|
||||
| [providers](outputs.tf#L272) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>03-dataplatform</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
|
||||
| [sandbox](outputs.tf#L279) | Data for the sandbox stage. | | <code>xx-sandbox</code> |
|
||||
| [security](outputs.tf#L293) | Data for the networking stage. | | <code>02-security</code> |
|
||||
| [teams](outputs.tf#L303) | Data for the teams stage. | | |
|
||||
| [tfvars](outputs.tf#L315) | Terraform variable files for the following stages. | ✓ | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -224,6 +224,27 @@ output "dataplatform" {
|
|||
}
|
||||
}
|
||||
|
||||
output "gke_multitenant" {
|
||||
# tfdoc:output:consumers 03-gke-multitenant
|
||||
description = "Data for the GKE multitenant stage."
|
||||
value = (
|
||||
var.fast_features.gke
|
||||
? {
|
||||
"dev" = {
|
||||
folder = module.branch-gke-dev-folder.0.id
|
||||
gcs_bucket = module.branch-gke-dev-gcs.0.name
|
||||
service_account = module.branch-gke-dev-sa.0.email
|
||||
}
|
||||
"prod" = {
|
||||
folder = module.branch-gke-prod-folder.0.id
|
||||
gcs_bucket = module.branch-gke-prod-gcs.0.name
|
||||
service_account = module.branch-gke-prod-sa.0.email
|
||||
}
|
||||
}
|
||||
: {}
|
||||
)
|
||||
}
|
||||
|
||||
output "networking" {
|
||||
description = "Data for the networking stage."
|
||||
value = {
|
||||
|
|
@ -248,7 +269,6 @@ output "project_factories" {
|
|||
}
|
||||
|
||||
# ready to use provider configurations for subsequent stages
|
||||
|
||||
output "providers" {
|
||||
# tfdoc:output:consumers 02-networking 02-security 03-dataplatform xx-sandbox xx-teams
|
||||
description = "Terraform provider files for this stage and dependent stages."
|
||||
|
|
@ -280,27 +300,6 @@ output "security" {
|
|||
}
|
||||
}
|
||||
|
||||
output "gke_multitenant" {
|
||||
# tfdoc:output:consumers 03-gke-multitenant
|
||||
description = "Data for the GKE multitenant stage."
|
||||
value = (
|
||||
var.fast_features.gke
|
||||
? {
|
||||
"dev" = {
|
||||
folder = module.branch-gke-dev-folder.0.id
|
||||
gcs_bucket = module.branch-gke-dev-gcs.0.name
|
||||
service_account = module.branch-gke-dev-sa.0.email
|
||||
}
|
||||
"prod" = {
|
||||
folder = module.branch-gke-prod-folder.0.id
|
||||
gcs_bucket = module.branch-gke-prod-gcs.0.name
|
||||
service_account = module.branch-gke-prod-sa.0.email
|
||||
}
|
||||
}
|
||||
: {}
|
||||
)
|
||||
}
|
||||
|
||||
output "teams" {
|
||||
description = "Data for the teams stage."
|
||||
value = {
|
||||
|
|
@ -313,7 +312,6 @@ output "teams" {
|
|||
}
|
||||
|
||||
# ready to use variable values for subsequent stages
|
||||
|
||||
output "tfvars" {
|
||||
description = "Terraform variable files for the following stages."
|
||||
sensitive = true
|
||||
|
|
|
|||
|
|
@ -396,7 +396,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
|
|||
| [host_project_ids](outputs.tf#L58) | Network project ids. | | |
|
||||
| [host_project_numbers](outputs.tf#L63) | Network project numbers. | | |
|
||||
| [shared_vpc_self_links](outputs.tf#L68) | Shared VPC host projects. | | |
|
||||
| [tfvars](outputs.tf#L87) | Terraform variables file for the following stages. | ✓ | |
|
||||
| [vpn_gateway_endpoints](outputs.tf#L73) | External IP Addresses for the GCP VPN gateways. | | |
|
||||
| [tfvars](outputs.tf#L73) | Terraform variables file for the following stages. | ✓ | |
|
||||
| [vpn_gateway_endpoints](outputs.tf#L79) | External IP Addresses for the GCP VPN gateways. | | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -70,6 +70,12 @@ output "shared_vpc_self_links" {
|
|||
value = local.vpc_self_links
|
||||
}
|
||||
|
||||
output "tfvars" {
|
||||
description = "Terraform variables file for the following stages."
|
||||
sensitive = true
|
||||
value = local.tfvars
|
||||
}
|
||||
|
||||
output "vpn_gateway_endpoints" {
|
||||
description = "External IP Addresses for the GCP VPN gateways."
|
||||
value = local.enable_onprem_vpn == false ? null : {
|
||||
|
|
@ -83,9 +89,3 @@ output "vpn_gateway_endpoints" {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
output "tfvars" {
|
||||
description = "Terraform variables file for the following stages."
|
||||
sensitive = true
|
||||
value = local.tfvars
|
||||
}
|
||||
|
|
|
|||
|
|
@ -321,7 +321,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
|
|||
| [host_project_ids](outputs.tf#L68) | Network project ids. | | |
|
||||
| [host_project_numbers](outputs.tf#L73) | Network project numbers. | | |
|
||||
| [shared_vpc_self_links](outputs.tf#L78) | Shared VPC host projects. | | |
|
||||
| [tfvars](outputs.tf#L93) | Terraform variables file for the following stages. | ✓ | |
|
||||
| [vpn_gateway_endpoints](outputs.tf#L83) | External IP Addresses for the GCP VPN gateways. | | |
|
||||
| [tfvars](outputs.tf#L83) | Terraform variables file for the following stages. | ✓ | |
|
||||
| [vpn_gateway_endpoints](outputs.tf#L89) | External IP Addresses for the GCP VPN gateways. | | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -80,6 +80,12 @@ output "shared_vpc_self_links" {
|
|||
value = local.vpc_self_links
|
||||
}
|
||||
|
||||
output "tfvars" {
|
||||
description = "Terraform variables file for the following stages."
|
||||
sensitive = true
|
||||
value = local.tfvars
|
||||
}
|
||||
|
||||
output "vpn_gateway_endpoints" {
|
||||
description = "External IP Addresses for the GCP VPN gateways."
|
||||
value = local.enable_onprem_vpn == false ? null : {
|
||||
|
|
@ -89,9 +95,3 @@ output "vpn_gateway_endpoints" {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
output "tfvars" {
|
||||
description = "Terraform variables file for the following stages."
|
||||
sensitive = true
|
||||
value = local.tfvars
|
||||
}
|
||||
|
|
|
|||
|
|
@ -259,11 +259,11 @@ You're now ready to run `terraform init` and `apply`.
|
|||
| name | description | sensitive | consumers |
|
||||
|---|---|:---:|---|
|
||||
| [dev_cloud_dns_inbound_policy](outputs.tf#L59) | IP Addresses for Cloud DNS inbound policy for the dev environment. | | |
|
||||
| [host_project_ids](outputs.tf#L69) | Network project ids. | | |
|
||||
| [host_project_numbers](outputs.tf#L74) | Network project numbers. | | |
|
||||
| [prod_cloud_dns_inbound_policy](outputs.tf#L64) | IP Addresses for Cloud DNS inbound policy for the prod environment. | | |
|
||||
| [host_project_ids](outputs.tf#L64) | Network project ids. | | |
|
||||
| [host_project_numbers](outputs.tf#L69) | Network project numbers. | | |
|
||||
| [prod_cloud_dns_inbound_policy](outputs.tf#L74) | IP Addresses for Cloud DNS inbound policy for the prod environment. | | |
|
||||
| [shared_vpc_self_links](outputs.tf#L79) | Shared VPC host projects. | | |
|
||||
| [tfvars](outputs.tf#L98) | Terraform variables file for the following stages. | ✓ | |
|
||||
| [vpn_gateway_endpoints](outputs.tf#L84) | External IP Addresses for the GCP VPN gateways. | | |
|
||||
| [tfvars](outputs.tf#L84) | Terraform variables file for the following stages. | ✓ | |
|
||||
| [vpn_gateway_endpoints](outputs.tf#L90) | External IP Addresses for the GCP VPN gateways. | | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -61,11 +61,6 @@ output "dev_cloud_dns_inbound_policy" {
|
|||
value = [for s in module.dev-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)]
|
||||
}
|
||||
|
||||
output "prod_cloud_dns_inbound_policy" {
|
||||
description = "IP Addresses for Cloud DNS inbound policy for the prod environment."
|
||||
value = [for s in module.prod-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)]
|
||||
}
|
||||
|
||||
output "host_project_ids" {
|
||||
description = "Network project ids."
|
||||
value = local.host_project_ids
|
||||
|
|
@ -76,11 +71,22 @@ output "host_project_numbers" {
|
|||
value = local.host_project_numbers
|
||||
}
|
||||
|
||||
output "prod_cloud_dns_inbound_policy" {
|
||||
description = "IP Addresses for Cloud DNS inbound policy for the prod environment."
|
||||
value = [for s in module.prod-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)]
|
||||
}
|
||||
|
||||
output "shared_vpc_self_links" {
|
||||
description = "Shared VPC host projects."
|
||||
value = local.vpc_self_links
|
||||
}
|
||||
|
||||
output "tfvars" {
|
||||
description = "Terraform variables file for the following stages."
|
||||
sensitive = true
|
||||
value = local.tfvars
|
||||
}
|
||||
|
||||
output "vpn_gateway_endpoints" {
|
||||
description = "External IP Addresses for the GCP VPN gateways."
|
||||
value = local.enable_onprem_vpn == false ? null : {
|
||||
|
|
@ -94,9 +100,3 @@ output "vpn_gateway_endpoints" {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
output "tfvars" {
|
||||
description = "Terraform variables file for the following stages."
|
||||
sensitive = true
|
||||
value = local.tfvars
|
||||
}
|
||||
|
|
|
|||
|
|
@ -347,7 +347,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
|
|||
| [host_project_ids](outputs.tf#L68) | Network project ids. | | |
|
||||
| [host_project_numbers](outputs.tf#L73) | Network project numbers. | | |
|
||||
| [shared_vpc_self_links](outputs.tf#L78) | Shared VPC host projects. | | |
|
||||
| [tfvars](outputs.tf#L93) | Terraform variables file for the following stages. | ✓ | |
|
||||
| [vpn_gateway_endpoints](outputs.tf#L83) | External IP Addresses for the GCP VPN gateways. | | |
|
||||
| [tfvars](outputs.tf#L83) | Terraform variables file for the following stages. | ✓ | |
|
||||
| [vpn_gateway_endpoints](outputs.tf#L89) | External IP Addresses for the GCP VPN gateways. | | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -80,6 +80,12 @@ output "shared_vpc_self_links" {
|
|||
value = local.vpc_self_links
|
||||
}
|
||||
|
||||
output "tfvars" {
|
||||
description = "Terraform variables file for the following stages."
|
||||
sensitive = true
|
||||
value = local.tfvars
|
||||
}
|
||||
|
||||
output "vpn_gateway_endpoints" {
|
||||
description = "External IP Addresses for the GCP VPN gateways."
|
||||
value = local.enable_onprem_vpn == false ? null : {
|
||||
|
|
@ -89,9 +95,3 @@ output "vpn_gateway_endpoints" {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
output "tfvars" {
|
||||
description = "Terraform variables file for the following stages."
|
||||
sensitive = true
|
||||
value = local.tfvars
|
||||
}
|
||||
|
|
|
|||
|
|
@ -265,13 +265,13 @@ Some references that might be useful in setting up this stage:
|
|||
| [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L25) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object({ id = string organization_id = number })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [folder_ids](variables.tf#L34) | Folder name => id mappings, the 'security' folder name must exist. | <code title="object({ security = string })">object({…})</code> | ✓ | | <code>01-resman</code> |
|
||||
| [organization](variables.tf#L91) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [prefix](variables.tf#L107) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [service_accounts](variables.tf#L80) | Automation service accounts that can assign the encrypt/decrypt roles on keys. | <code title="object({ data-platform-dev = string data-platform-prod = string project-factory-dev = string project-factory-prod = string })">object({…})</code> | ✓ | | <code>01-resman</code> |
|
||||
| [organization](variables.tf#L80) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [prefix](variables.tf#L96) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [service_accounts](variables.tf#L107) | Automation service accounts that can assign the encrypt/decrypt roles on keys. | <code title="object({ data-platform-dev = string data-platform-prod = string project-factory-dev = string project-factory-prod = string })">object({…})</code> | ✓ | | <code>01-resman</code> |
|
||||
| [groups](variables.tf#L42) | Group names to grant organization-level permissions. | <code>map(string)</code> | | <code title="{ gcp-billing-admins = "gcp-billing-admins", gcp-devops = "gcp-devops", gcp-network-admins = "gcp-network-admins" gcp-organization-admins = "gcp-organization-admins" gcp-security-admins = "gcp-security-admins" gcp-support = "gcp-support" }">{…}</code> | <code>00-bootstrap</code> |
|
||||
| [kms_defaults](variables.tf#L57) | Defaults used for KMS keys. | <code title="object({ locations = list(string) rotation_period = string })">object({…})</code> | | <code title="{ locations = ["europe", "europe-west1", "europe-west3", "global"] rotation_period = "7776000s" }">{…}</code> | |
|
||||
| [kms_keys](variables.tf#L69) | KMS keys to create, keyed by name. Null attributes will be interpolated with defaults. | <code title="map(object({ iam = map(list(string)) labels = map(string) locations = list(string) rotation_period = string }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [outputs_location](variables.tf#L101) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [outputs_location](variables.tf#L90) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [vpc_sc_access_levels](variables.tf#L118) | VPC SC access level definitions. | <code title="map(object({ combining_function = optional(string) conditions = optional(list(object({ device_policy = optional(object({ allowed_device_management_levels = optional(list(string)) allowed_encryption_statuses = optional(list(string)) require_admin_approval = bool require_corp_owned = bool require_screen_lock = optional(bool) os_constraints = optional(list(object({ os_type = string minimum_version = optional(string) require_verified_chrome_os = optional(bool) }))) })) ip_subnetworks = optional(list(string), []) members = optional(list(string), []) negate = optional(bool) regions = optional(list(string), []) required_access_levels = optional(list(string), []) })), []) description = optional(string) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [vpc_sc_egress_policies](variables.tf#L147) | VPC SC egress policy defnitions. | <code title="map(object({ from = object({ identity_type = optional(string, "ANY_IDENTITY") identities = optional(list(string)) }) to = object({ operations = optional(list(object({ method_selectors = optional(list(string)) service_name = string })), []) resources = optional(list(string)) resource_type_external = optional(bool, false) }) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [vpc_sc_ingress_policies](variables.tf#L167) | VPC SC ingress policy defnitions. | <code title="map(object({ from = object({ access_levels = optional(list(string), []) identity_type = optional(string) identities = optional(list(string)) resources = optional(list(string), []) }) to = object({ operations = optional(list(object({ method_selectors = optional(list(string)) service_name = string })), []) resources = optional(list(string)) }) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
|
|
|
|||
|
|
@ -77,17 +77,6 @@ variable "kms_keys" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "service_accounts" {
|
||||
# tfdoc:variable:source 01-resman
|
||||
description = "Automation service accounts that can assign the encrypt/decrypt roles on keys."
|
||||
type = object({
|
||||
data-platform-dev = string
|
||||
data-platform-prod = string
|
||||
project-factory-dev = string
|
||||
project-factory-prod = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
# tfdoc:variable:source 00-bootstrap
|
||||
description = "Organization details."
|
||||
|
|
@ -115,6 +104,17 @@ variable "prefix" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "service_accounts" {
|
||||
# tfdoc:variable:source 01-resman
|
||||
description = "Automation service accounts that can assign the encrypt/decrypt roles on keys."
|
||||
type = object({
|
||||
data-platform-dev = string
|
||||
data-platform-prod = string
|
||||
project-factory-dev = string
|
||||
project-factory-prod = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "vpc_sc_access_levels" {
|
||||
description = "VPC SC access level definitions."
|
||||
type = map(object({
|
||||
|
|
|
|||
|
|
@ -190,11 +190,11 @@ You can find examples in the `[demo](../../../../blueprints/data-solutions/data-
|
|||
| name | description | sensitive | consumers |
|
||||
|---|---|:---:|---|
|
||||
| [bigquery_datasets](outputs.tf#L42) | BigQuery datasets. | | |
|
||||
| [demo_commands](outputs.tf#L72) | Demo commands. | | |
|
||||
| [gcs_buckets](outputs.tf#L47) | GCS buckets. | | |
|
||||
| [kms_keys](outputs.tf#L52) | Cloud MKS keys. | | |
|
||||
| [projects](outputs.tf#L57) | GCP Projects informations. | | |
|
||||
| [vpc_network](outputs.tf#L62) | VPC network. | | |
|
||||
| [vpc_subnet](outputs.tf#L67) | VPC subnetworks. | | |
|
||||
| [demo_commands](outputs.tf#L47) | Demo commands. | | |
|
||||
| [gcs_buckets](outputs.tf#L52) | GCS buckets. | | |
|
||||
| [kms_keys](outputs.tf#L57) | Cloud MKS keys. | | |
|
||||
| [projects](outputs.tf#L62) | GCP Projects informations. | | |
|
||||
| [vpc_network](outputs.tf#L67) | VPC network. | | |
|
||||
| [vpc_subnet](outputs.tf#L72) | VPC subnetworks. | | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -44,6 +44,11 @@ output "bigquery_datasets" {
|
|||
value = module.data-platform.bigquery-datasets
|
||||
}
|
||||
|
||||
output "demo_commands" {
|
||||
description = "Demo commands."
|
||||
value = module.data-platform.demo_commands
|
||||
}
|
||||
|
||||
output "gcs_buckets" {
|
||||
description = "GCS buckets."
|
||||
value = module.data-platform.gcs-buckets
|
||||
|
|
@ -68,8 +73,3 @@ output "vpc_subnet" {
|
|||
description = "VPC subnetworks."
|
||||
value = module.data-platform.vpc_subnet
|
||||
}
|
||||
|
||||
output "demo_commands" {
|
||||
description = "Demo commands."
|
||||
value = module.data-platform.demo_commands
|
||||
}
|
||||
|
|
|
|||
|
|
@ -143,7 +143,7 @@ terraform apply
|
|||
| [automation](variables.tf#L21) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L29) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object({ id = string organization_id = number })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [folder_ids](variables.tf#L149) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object({ gke-dev = string })">object({…})</code> | ✓ | | <code>01-resman</code> |
|
||||
| [host_project_ids](variables.tf#L171) | Host project for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>02-networking</code> |
|
||||
| [host_project_ids](variables.tf#L164) | Host project for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>02-networking</code> |
|
||||
| [prefix](variables.tf#L213) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | |
|
||||
| [vpc_self_links](variables.tf#L225) | Self link for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>02-networking</code> |
|
||||
| [clusters](variables.tf#L38) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map(object({ cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { workload_identity = true }) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(list(string), ["SYSTEM_COMPONENTS"]) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_components = optional(list(string), ["SYSTEM_COMPONENTS"]) managed_prometheus = optional(bool) })) node_locations = optional(list(string)) private_cluster_config = optional(any) release_channel = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) master_ipv4_cidr_block = optional(string) }) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
|
|
@ -152,7 +152,7 @@ terraform apply
|
|||
| [fleet_features](variables.tf#L129) | Enable and configue fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | <code title="object({ appdevexperience = bool configmanagement = bool identityservice = bool multiclusteringress = string multiclusterservicediscovery = bool servicemesh = bool })">object({…})</code> | | <code>null</code> | |
|
||||
| [fleet_workload_identity](variables.tf#L142) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | <code>bool</code> | | <code>false</code> | |
|
||||
| [group_iam](variables.tf#L157) | Project-level authoritative IAM bindings for groups in {GROUP_EMAIL => [ROLES]} format. Use group emails as keys, list of roles as values. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam](variables.tf#L164) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam](variables.tf#L172) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [labels](variables.tf#L179) | Project-level labels. | <code>map(string)</code> | | <code>{}</code> | |
|
||||
| [nodepools](variables.tf#L185) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map(map(object({ gke_version = optional(string) labels = optional(map(string), {}) max_pods_per_node = optional(number) name = optional(string) node_config = optional(any, { disk_type = "pd-balanced" }) node_count = optional(map(number), { initial = 1 }) node_locations = optional(list(string)) nodepool_config = optional(any) pod_range = optional(any) reservation_affinity = optional(any) service_account = optional(any) sole_tenant_nodegroup = optional(string) tags = optional(list(string)) taints = optional(list(any)) })))">map(map(object({…})))</code> | | <code>{}</code> | |
|
||||
| [outputs_location](variables.tf#L207) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
|
|
@ -162,8 +162,8 @@ terraform apply
|
|||
|
||||
| name | description | sensitive | consumers |
|
||||
|---|---|:---:|---|
|
||||
| [cluster_ids](outputs.tf#L63) | Cluster ids. | | |
|
||||
| [clusters](outputs.tf#L57) | Cluster resources. | ✓ | |
|
||||
| [cluster_ids](outputs.tf#L57) | Cluster ids. | | |
|
||||
| [clusters](outputs.tf#L62) | Cluster resources. | ✓ | |
|
||||
| [project_id](outputs.tf#L68) | GKE project id. | | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -54,17 +54,17 @@ resource "google_storage_bucket_object" "tfvars" {
|
|||
|
||||
# outputs
|
||||
|
||||
output "cluster_ids" {
|
||||
description = "Cluster ids."
|
||||
value = module.gke-multitenant.cluster_ids
|
||||
}
|
||||
|
||||
output "clusters" {
|
||||
description = "Cluster resources."
|
||||
value = module.gke-multitenant.clusters
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
output "cluster_ids" {
|
||||
description = "Cluster ids."
|
||||
value = module.gke-multitenant.cluster_ids
|
||||
}
|
||||
|
||||
output "project_id" {
|
||||
description = "GKE project id."
|
||||
value = module.gke-multitenant.project_id
|
||||
|
|
|
|||
|
|
@ -161,13 +161,6 @@ variable "group_iam" {
|
|||
nullable = false
|
||||
}
|
||||
|
||||
variable "iam" {
|
||||
description = "Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "host_project_ids" {
|
||||
# tfdoc:variable:source 02-networking
|
||||
description = "Host project for the shared VPC."
|
||||
|
|
@ -176,6 +169,13 @@ variable "host_project_ids" {
|
|||
})
|
||||
}
|
||||
|
||||
variable "iam" {
|
||||
description = "Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
description = "Project-level labels."
|
||||
type = map(string)
|
||||
|
|
|
|||
|
|
@ -109,12 +109,12 @@ terraform apply
|
|||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [billing_account](variables.tf#L19) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object({ id = string organization_id = number })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [prefix](variables.tf#L47) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [prefix](variables.tf#L56) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [data_dir](variables.tf#L28) | Relative path for the folder storing configuration data. | <code>string</code> | | <code>"data/projects"</code> | |
|
||||
| [defaults_file](variables.tf#L41) | Relative path for the file storing the project factory configuration. | <code>string</code> | | <code>"data/defaults.yaml"</code> | |
|
||||
| [environment_dns_zone](variables.tf#L34) | DNS zone suffix for environment. | <code>string</code> | | <code>null</code> | <code>02-networking</code> |
|
||||
| [host_project_ids](variables.tf#L67) | Host project for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | | <code>null</code> | <code>02-networking</code> |
|
||||
| [vpc_self_links](variables.tf#L58) | Self link for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | | <code>null</code> | <code>02-networking</code> |
|
||||
| [defaults_file](variables.tf#L34) | Relative path for the file storing the project factory configuration. | <code>string</code> | | <code>"data/defaults.yaml"</code> | |
|
||||
| [environment_dns_zone](variables.tf#L40) | DNS zone suffix for environment. | <code>string</code> | | <code>null</code> | <code>02-networking</code> |
|
||||
| [host_project_ids](variables.tf#L47) | Host project for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | | <code>null</code> | <code>02-networking</code> |
|
||||
| [vpc_self_links](variables.tf#L67) | Self link for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | | <code>null</code> | <code>02-networking</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -31,6 +31,12 @@ variable "data_dir" {
|
|||
default = "data/projects"
|
||||
}
|
||||
|
||||
variable "defaults_file" {
|
||||
description = "Relative path for the file storing the project factory configuration."
|
||||
type = string
|
||||
default = "data/defaults.yaml"
|
||||
}
|
||||
|
||||
variable "environment_dns_zone" {
|
||||
# tfdoc:variable:source 02-networking
|
||||
description = "DNS zone suffix for environment."
|
||||
|
|
@ -38,10 +44,13 @@ variable "environment_dns_zone" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "defaults_file" {
|
||||
description = "Relative path for the file storing the project factory configuration."
|
||||
type = string
|
||||
default = "data/defaults.yaml"
|
||||
variable "host_project_ids" {
|
||||
# tfdoc:variable:source 02-networking
|
||||
description = "Host project for the shared VPC."
|
||||
type = object({
|
||||
dev-spoke-0 = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
|
|
@ -63,12 +72,3 @@ variable "vpc_self_links" {
|
|||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "host_project_ids" {
|
||||
# tfdoc:variable:source 02-networking
|
||||
description = "Host project for the shared VPC."
|
||||
type = object({
|
||||
dev-spoke-0 = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
|
|
|||
|
|
@ -61,20 +61,20 @@ module "cos-envoy" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [container_image](variables.tf#L42) | Container image. | <code>string</code> | ✓ | |
|
||||
| [authenticate_gcr](variables.tf#L112) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | <code>bool</code> | | <code>false</code> |
|
||||
| [boot_commands](variables.tf#L17) | List of cloud-init `bootcmd`s. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [cloud_config](variables.tf#L23) | Cloud config template path. If provided, takes precedence over all other arguments. | <code>string</code> | | <code>null</code> |
|
||||
| [config_variables](variables.tf#L29) | Additional variables used to render the template passed via `cloud_config`. | <code>map(any)</code> | | <code>{}</code> |
|
||||
| [container_args](variables.tf#L35) | Arguments for container. | <code>string</code> | | <code>""</code> |
|
||||
| [container_name](variables.tf#L47) | Name of the container to be run. | <code>string</code> | | <code>"container"</code> |
|
||||
| [container_volumes](variables.tf#L53) | List of volumes. | <code title="list(object({ host = string, container = string }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [docker_args](variables.tf#L62) | Extra arguments to be passed for docker. | <code>string</code> | | <code>null</code> |
|
||||
| [file_defaults](variables.tf#L68) | Default owner and permissions for files. | <code title="object({ owner = string permissions = string })">object({…})</code> | | <code title="{ owner = "root" permissions = "0644" }">{…}</code> |
|
||||
| [files](variables.tf#L80) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map(object({ content = string owner = string permissions = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [run_as_first_user](variables.tf#L106) | Run as the first user if users are specified. | <code>bool</code> | | <code>true</code> |
|
||||
| [run_commands](variables.tf#L90) | List of cloud-init `runcmd`s. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [users](variables.tf#L96) | List of usernames to be created. If provided, first user will be used to run the container. | <code title="list(object({ username = string, uid = number, }))">list(object({…}))</code> | | <code title="[ ]">[…]</code> |
|
||||
| [container_image](variables.tf#L47) | Container image. | <code>string</code> | ✓ | |
|
||||
| [authenticate_gcr](variables.tf#L17) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | <code>bool</code> | | <code>false</code> |
|
||||
| [boot_commands](variables.tf#L23) | List of cloud-init `bootcmd`s. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [cloud_config](variables.tf#L29) | Cloud config template path. If provided, takes precedence over all other arguments. | <code>string</code> | | <code>null</code> |
|
||||
| [config_variables](variables.tf#L35) | Additional variables used to render the template passed via `cloud_config`. | <code>map(any)</code> | | <code>{}</code> |
|
||||
| [container_args](variables.tf#L41) | Arguments for container. | <code>string</code> | | <code>""</code> |
|
||||
| [container_name](variables.tf#L52) | Name of the container to be run. | <code>string</code> | | <code>"container"</code> |
|
||||
| [container_volumes](variables.tf#L58) | List of volumes. | <code title="list(object({ host = string, container = string }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [docker_args](variables.tf#L67) | Extra arguments to be passed for docker. | <code>string</code> | | <code>null</code> |
|
||||
| [file_defaults](variables.tf#L73) | Default owner and permissions for files. | <code title="object({ owner = string permissions = string })">object({…})</code> | | <code title="{ owner = "root" permissions = "0644" }">{…}</code> |
|
||||
| [files](variables.tf#L85) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map(object({ content = string owner = string permissions = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [run_as_first_user](variables.tf#L95) | Run as the first user if users are specified. | <code>bool</code> | | <code>true</code> |
|
||||
| [run_commands](variables.tf#L101) | List of cloud-init `runcmd`s. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [users](variables.tf#L107) | List of usernames to be created. If provided, first user will be used to run the container. | <code title="list(object({ username = string, uid = number, }))">list(object({…}))</code> | | <code title="[ ]">[…]</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -14,6 +14,12 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "authenticate_gcr" {
|
||||
description = "Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "boot_commands" {
|
||||
description = "List of cloud-init `bootcmd`s."
|
||||
type = list(string)
|
||||
|
|
@ -38,7 +44,6 @@ variable "container_args" {
|
|||
default = ""
|
||||
}
|
||||
|
||||
|
||||
variable "container_image" {
|
||||
description = "Container image."
|
||||
type = string
|
||||
|
|
@ -87,6 +92,12 @@ variable "files" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "run_as_first_user" {
|
||||
description = "Run as the first user if users are specified."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "run_commands" {
|
||||
description = "List of cloud-init `runcmd`s."
|
||||
type = list(string)
|
||||
|
|
@ -102,15 +113,3 @@ variable "users" {
|
|||
default = [
|
||||
]
|
||||
}
|
||||
|
||||
variable "run_as_first_user" {
|
||||
description = "Run as the first user if users are specified."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "authenticate_gcr" {
|
||||
description = "Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
|
|
|||
|
|
@ -50,10 +50,10 @@ module "vm-nginx-tls" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [files](variables.tf#L35) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map(object({ content = string owner = string permissions = string }))">map(object({…}))</code> | | <code>null</code> |
|
||||
| [nginx_image](variables.tf#L17) | Nginx container image to use. | <code>string</code> | | <code>"nginx:1.23.1"</code> |
|
||||
| [runcmd_post](variables.tf#L29) | Extra commands to run after starting nginx. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [runcmd_pre](variables.tf#L23) | Extra commands to run before starting nginx. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [files](variables.tf#L17) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map(object({ content = string owner = string permissions = string }))">map(object({…}))</code> | | <code>null</code> |
|
||||
| [nginx_image](variables.tf#L27) | Nginx container image to use. | <code>string</code> | | <code>"nginx:1.23.1"</code> |
|
||||
| [runcmd_post](variables.tf#L33) | Extra commands to run after starting nginx. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [runcmd_pre](variables.tf#L39) | Extra commands to run before starting nginx. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [users](variables.tf#L45) | Additional list of usernames to be created. | <code title="list(object({ username = string, uid = number, }))">list(object({…}))</code> | | <code title="[ ]">[…]</code> |
|
||||
|
||||
## Outputs
|
||||
|
|
|
|||
|
|
@ -14,24 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "nginx_image" {
|
||||
description = "Nginx container image to use."
|
||||
type = string
|
||||
default = "nginx:1.23.1"
|
||||
}
|
||||
|
||||
variable "runcmd_pre" {
|
||||
description = "Extra commands to run before starting nginx."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "runcmd_post" {
|
||||
description = "Extra commands to run after starting nginx."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "files" {
|
||||
description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null."
|
||||
type = map(object({
|
||||
|
|
@ -42,6 +24,24 @@ variable "files" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "nginx_image" {
|
||||
description = "Nginx container image to use."
|
||||
type = string
|
||||
default = "nginx:1.23.1"
|
||||
}
|
||||
|
||||
variable "runcmd_post" {
|
||||
description = "Extra commands to run after starting nginx."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "runcmd_pre" {
|
||||
description = "Extra commands to run before starting nginx."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "users" {
|
||||
description = "Additional list of usernames to be created."
|
||||
type = list(object({
|
||||
|
|
|
|||
|
|
@ -62,12 +62,12 @@ module "cos-nginx" {
|
|||
|---|---|:---:|:---:|:---:|
|
||||
| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | <code>string</code> | | <code>null</code> |
|
||||
| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Nginx templates. | <code>map(any)</code> | | <code>{}</code> |
|
||||
| [file_defaults](variables.tf#L41) | Default owner and permissions for files. | <code title="object({ owner = string permissions = string })">object({…})</code> | | <code title="{ owner = "root" permissions = "0644" }">{…}</code> |
|
||||
| [files](variables.tf#L53) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map(object({ content = string owner = string permissions = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [image](variables.tf#L29) | Nginx container image. | <code>string</code> | | <code>"nginxdemos/hello:plain-text"</code> |
|
||||
| [nginx_config](variables.tf#L35) | Nginx configuration path, if null container default will be used. | <code>string</code> | | <code>null</code> |
|
||||
| [runcmd_post](variables.tf#L69) | Extra commands to run after starting nginx. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [runcmd_pre](variables.tf#L63) | Extra commands to run before starting nginx. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [file_defaults](variables.tf#L29) | Default owner and permissions for files. | <code title="object({ owner = string permissions = string })">object({…})</code> | | <code title="{ owner = "root" permissions = "0644" }">{…}</code> |
|
||||
| [files](variables.tf#L41) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map(object({ content = string owner = string permissions = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [image](variables.tf#L51) | Nginx container image. | <code>string</code> | | <code>"nginxdemos/hello:plain-text"</code> |
|
||||
| [nginx_config](variables.tf#L57) | Nginx configuration path, if null container default will be used. | <code>string</code> | | <code>null</code> |
|
||||
| [runcmd_post](variables.tf#L63) | Extra commands to run after starting nginx. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [runcmd_pre](variables.tf#L69) | Extra commands to run before starting nginx. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | <code title="object({ project_id = string zone = string name = string type = string network = string subnetwork = string })">object({…})</code> | | <code>null</code> |
|
||||
| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | <code title="object({ disks = map(object({ read_only = bool size = number })) image = string metadata = map(string) nat = bool service_account_roles = list(string) tags = list(string) })">object({…})</code> | | <code title="{ disks = {} image = null metadata = {} nat = false service_account_roles = [ "roles/logging.logWriter", "roles/monitoring.metricWriter" ] tags = ["ssh"] }">{…}</code> |
|
||||
| [users](variables.tf#L75) | List of additional usernames to be created. | <code title="list(object({ username = string, uid = number, }))">list(object({…}))</code> | | <code title="[ ]">[…]</code> |
|
||||
|
|
|
|||
|
|
@ -26,18 +26,6 @@ variable "config_variables" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "image" {
|
||||
description = "Nginx container image."
|
||||
type = string
|
||||
default = "nginxdemos/hello:plain-text"
|
||||
}
|
||||
|
||||
variable "nginx_config" {
|
||||
description = "Nginx configuration path, if null container default will be used."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "file_defaults" {
|
||||
description = "Default owner and permissions for files."
|
||||
type = object({
|
||||
|
|
@ -60,10 +48,16 @@ variable "files" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "runcmd_pre" {
|
||||
description = "Extra commands to run before starting nginx."
|
||||
type = list(string)
|
||||
default = []
|
||||
variable "image" {
|
||||
description = "Nginx container image."
|
||||
type = string
|
||||
default = "nginxdemos/hello:plain-text"
|
||||
}
|
||||
|
||||
variable "nginx_config" {
|
||||
description = "Nginx configuration path, if null container default will be used."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "runcmd_post" {
|
||||
|
|
@ -72,6 +66,12 @@ variable "runcmd_post" {
|
|||
default = []
|
||||
}
|
||||
|
||||
variable "runcmd_pre" {
|
||||
description = "Extra commands to run before starting nginx."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "users" {
|
||||
description = "List of additional usernames to be created."
|
||||
type = list(object({
|
||||
|
|
|
|||
|
|
@ -72,8 +72,8 @@ module "nva" {
|
|||
|---|---|:---:|:---:|:---:|
|
||||
| [network_interfaces](variables.tf#L39) | Network interfaces configuration. | <code title="list(object({ routes = optional(list(string)) }))">list(object({…}))</code> | ✓ | |
|
||||
| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | <code>string</code> | | <code>null</code> |
|
||||
| [enable_health_checks](variables.tf#L33) | Configures routing to enable responses to health check probes. | <code>bool</code> | | <code>false</code> |
|
||||
| [files](variables.tf#L23) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map(object({ content = string owner = string permissions = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [enable_health_checks](variables.tf#L23) | Configures routing to enable responses to health check probes. | <code>bool</code> | | <code>false</code> |
|
||||
| [files](variables.tf#L29) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map(object({ content = string owner = string permissions = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | <code title="object({ project_id = string zone = string name = string type = string network = string subnetwork = string })">object({…})</code> | | <code>null</code> |
|
||||
| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | <code title="object({ disks = map(object({ read_only = bool size = number })) image = string metadata = map(string) nat = bool service_account_roles = list(string) tags = list(string) })">object({…})</code> | | <code title="{ disks = {} image = null metadata = {} nat = false service_account_roles = [ "roles/logging.logWriter", "roles/monitoring.metricWriter" ] tags = ["ssh"] }">{…}</code> |
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,12 @@ variable "cloud_config" {
|
|||
default = null
|
||||
}
|
||||
|
||||
variable "enable_health_checks" {
|
||||
description = "Configures routing to enable responses to health check probes."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "files" {
|
||||
description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null."
|
||||
type = map(object({
|
||||
|
|
@ -30,12 +36,6 @@ variable "files" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "enable_health_checks" {
|
||||
description = "Configures routing to enable responses to health check probes."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "network_interfaces" {
|
||||
description = "Network interfaces configuration."
|
||||
type = list(object({
|
||||
|
|
|
|||
|
|
@ -64,15 +64,15 @@ module "cos-squid" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [allow](variables.tf#L57) | List of domains Squid will allow connections to. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [clients](variables.tf#L69) | List of CIDR ranges from which Squid will allow connections. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | <code>string</code> | | <code>null</code> |
|
||||
| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Squid templates. | <code>map(any)</code> | | <code>{}</code> |
|
||||
| [default_action](variables.tf#L75) | Default action for domains not matching neither the allow or deny lists. | <code>string</code> | | <code>"deny"</code> |
|
||||
| [deny](variables.tf#L63) | List of domains Squid will deny connections to. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [file_defaults](variables.tf#L35) | Default owner and permissions for files. | <code title="object({ owner = string permissions = string })">object({…})</code> | | <code title="{ owner = "root" permissions = "0644" }">{…}</code> |
|
||||
| [files](variables.tf#L47) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map(object({ content = string owner = string permissions = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [squid_config](variables.tf#L29) | Squid configuration path, if null default will be used. | <code>string</code> | | <code>null</code> |
|
||||
| [allow](variables.tf#L18) | List of domains Squid will allow connections to. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [clients](variables.tf#L24) | List of CIDR ranges from which Squid will allow connections. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [cloud_config](variables.tf#L30) | Cloud config template path. If null default will be used. | <code>string</code> | | <code>null</code> |
|
||||
| [config_variables](variables.tf#L36) | Additional variables used to render the cloud-config and Squid templates. | <code>map(any)</code> | | <code>{}</code> |
|
||||
| [default_action](variables.tf#L42) | Default action for domains not matching neither the allow or deny lists. | <code>string</code> | | <code>"deny"</code> |
|
||||
| [deny](variables.tf#L52) | List of domains Squid will deny connections to. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [file_defaults](variables.tf#L58) | Default owner and permissions for files. | <code title="object({ owner = string permissions = string })">object({…})</code> | | <code title="{ owner = "root" permissions = "0644" }">{…}</code> |
|
||||
| [files](variables.tf#L70) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map(object({ content = string owner = string permissions = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [squid_config](variables.tf#L80) | Squid configuration path, if null default will be used. | <code>string</code> | | <code>null</code> |
|
||||
| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | <code title="object({ project_id = string zone = string name = string type = string network = string subnetwork = string })">object({…})</code> | | <code>null</code> |
|
||||
| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | <code title="object({ disks = map(object({ read_only = bool size = number })) image = string metadata = map(string) nat = bool service_account_roles = list(string) tags = list(string) })">object({…})</code> | | <code title="{ disks = {} image = null metadata = {} nat = false service_account_roles = [ "roles/logging.logWriter", "roles/monitoring.metricWriter" ] tags = ["ssh"] }">{…}</code> |
|
||||
|
||||
|
|
|
|||
|
|
@ -55,16 +55,6 @@ variable "deny" {
|
|||
default = []
|
||||
}
|
||||
|
||||
variable "files" {
|
||||
description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null."
|
||||
type = map(object({
|
||||
content = string
|
||||
owner = string
|
||||
permissions = string
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "file_defaults" {
|
||||
description = "Default owner and permissions for files."
|
||||
type = object({
|
||||
|
|
@ -77,6 +67,16 @@ variable "file_defaults" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "files" {
|
||||
description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null."
|
||||
type = map(object({
|
||||
content = string
|
||||
owner = string
|
||||
permissions = string
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "squid_config" {
|
||||
description = "Squid configuration path, if null default will be used."
|
||||
type = string
|
||||
|
|
|
|||
|
|
@ -591,7 +591,7 @@ output </code> |
|
|||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L54) | Load balancer name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L126) | Project id. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L132) | Project id. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L150) | The region where to allocate the ILB resources. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L177) | VPC-level configuration. | <code title="object({ network = string subnetwork = string })">object({…})</code> | ✓ | |
|
||||
| [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | <code>string</code> | | <code>null</code> |
|
||||
|
|
@ -603,7 +603,7 @@ output </code> |
|
|||
| [labels](variables.tf#L48) | Labels set on resources. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [neg_configs](variables.tf#L59) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | <code title="map(object({ project_id = optional(string) cloudrun = optional(object({ region = string target_service = optional(object({ name = string tag = optional(string) })) target_urlmask = optional(string) })) gce = optional(object({ zone = string network = optional(string) subnetwork = optional(string) endpoints = optional(list(object({ instance = string ip_address = string port = number }))) })) hybrid = optional(object({ zone = string network = optional(string) endpoints = optional(list(object({ ip_address = string port = number }))) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [network_tier_premium](variables.tf#L119) | Use premium network tier. Defaults to true. | <code>bool</code> | | <code>true</code> |
|
||||
| [ports](variables.tf#L131) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | <code>list(string)</code> | | <code>null</code> |
|
||||
| [ports](variables.tf#L126) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | <code>list(string)</code> | | <code>null</code> |
|
||||
| [protocol](variables.tf#L137) | Protocol supported by this load balancer. | <code>string</code> | | <code>"HTTP"</code> |
|
||||
| [service_directory_registration](variables.tf#L155) | Service directory namespace and service used to register this load balancer. | <code title="object({ namespace = string service = string })">object({…})</code> | | <code>null</code> |
|
||||
| [ssl_certificates](variables.tf#L164) | SSL target proxy certificates (only if protocol is HTTPS). | <code title="object({ certificate_ids = optional(list(string), []) create_configs = optional(map(object({ certificate = string private_key = string })), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
|
|
|
|||
|
|
@ -123,17 +123,17 @@ variable "network_tier_premium" {
|
|||
nullable = false
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project id."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ports" {
|
||||
description = "Optional ports for HTTP load balancer, valid ports are 80 and 8080."
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project id."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "protocol" {
|
||||
description = "Protocol supported by this load balancer."
|
||||
type = string
|
||||
|
|
|
|||
|
|
@ -52,7 +52,10 @@ def _check_dir(dir_name, exclude_files=None, files=False, show_extra=False):
|
|||
try:
|
||||
new_doc = tfdoc.create_doc(readme_path.parent, files, show_extra,
|
||||
exclude_files, readme)
|
||||
variables = [v.name for v in new_doc.variables]
|
||||
# TODO: support variables in multiple files
|
||||
variables = [
|
||||
v.name for v in new_doc.variables if v.file == "variables.tf"
|
||||
]
|
||||
outputs = [v.name for v in new_doc.outputs]
|
||||
except SystemExit:
|
||||
state = state.SKIP
|
||||
|
|
|
|||
Loading…
Reference in New Issue