zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sort variables and outputs

This commit is contained in:
Julio Castillo 2022-11-19 12:38:37 +01:00
parent 2e700db8a7
commit 826ff14ef9
76 changed files with 840 additions and 848 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
blueprints/cloud-operations/adfs/README.md
View File

@ -52,20 +52,20 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [ad_dns_domain_name](variables.tf#L44) | AD DNS domain name. | <code>string</code> | ✓ | | | [ad_dns_domain_name](variables.tf#L15) | AD DNS domain name. | <code>string</code> | ✓ | |
| [adfs_dns_domain_name](variables.tf#L49) | ADFS DNS domain name. | <code>string</code> | ✓ | | | [adfs_dns_domain_name](variables.tf#L26) | ADFS DNS domain name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L24) | Host project ID. | <code>string</code> | ✓ | | | [project_id](variables.tf#L79) | Host project ID. | <code>string</code> | ✓ | |
| [ad_ip_cidr_block](variables.tf#L90) | Managed AD IP CIDR block. | <code>string</code> | | <code>&#34;10.0.0.0&#47;24&#34;</code> | | [ad_ip_cidr_block](variables.tf#L20) | Managed AD IP CIDR block. | <code>string</code> | | <code>&#34;10.0.0.0&#47;24&#34;</code> |
| [disk_size](variables.tf#L54) | Disk size. | <code>number</code> | | <code>50</code> | | [disk_size](variables.tf#L31) | Disk size. | <code>number</code> | | <code>50</code> |
| [disk_type](variables.tf#L60) | Disk type. | <code>string</code> | | <code>&#34;pd-ssd&#34;</code> | | [disk_type](variables.tf#L37) | Disk type. | <code>string</code> | | <code>&#34;pd-ssd&#34;</code> |
| [image](variables.tf#L66) | Image. | <code>string</code> | | <code>&#34;projects&#47;windows-cloud&#47;global&#47;images&#47;family&#47;windows-2022&#34;</code> | | [image](variables.tf#L43) | Image. | <code>string</code> | | <code>&#34;projects&#47;windows-cloud&#47;global&#47;images&#47;family&#47;windows-2022&#34;</code> |
| [instance_type](variables.tf#L72) | Instance type. | <code>string</code> | | <code>&#34;n1-standard-2&#34;</code> | | [instance_type](variables.tf#L49) | Instance type. | <code>string</code> | | <code>&#34;n1-standard-2&#34;</code> |
| [network_config](variables.tf#L35) | Network configuration | <code title="object&#40;&#123;&#10; network &#61; string&#10; subnet &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [network_config](variables.tf#L55) | Network configuration | <code title="object&#40;&#123;&#10; network &#61; string&#10; subnet &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [prefix](variables.tf#L29) | Prefix for the resources created. | <code>string</code> | | <code>null</code> | | [prefix](variables.tf#L64) | Prefix for the resources created. | <code>string</code> | | <code>null</code> |
| [project_create](variables.tf#L15) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L70) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [region](variables.tf#L78) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L84) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [subnet_ip_cidr_block](variables.tf#L96) | Subnet IP CIDR block. | <code>string</code> | | <code>&#34;10.0.1.0&#47;28&#34;</code> | | [subnet_ip_cidr_block](variables.tf#L90) | Subnet IP CIDR block. | <code>string</code> | | <code>&#34;10.0.1.0&#47;28&#34;</code> |
| [zone](variables.tf#L84) | Zone. | <code>string</code> | | <code>&#34;europe-west1-c&#34;</code> | | [zone](variables.tf#L96) | Zone. | <code>string</code> | | <code>&#34;europe-west1-c&#34;</code> |
## Outputs ## Outputs

82
blueprints/cloud-operations/adfs/variables.tf
View File

@ -12,40 +12,17 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
variable "project_create" {
description = "Parameters for the creation of the new project."
type = object({
billing_account_id = string
parent = string
})
default = null
}
variable "project_id" {
description = "Host project ID."
type = string
}
variable "prefix" {
description = "Prefix for the resources created."
type = string
default = null
}
variable "network_config" {
description = "Network configuration"
type = object({
network = string
subnet = string
})
default = null
}
variable "ad_dns_domain_name" { variable "ad_dns_domain_name" {
description = "AD DNS domain name." description = "AD DNS domain name."
type = string type = string
} }
variable "ad_ip_cidr_block" {
description = "Managed AD IP CIDR block."
type = string
default = "10.0.0.0/24"
}
variable "adfs_dns_domain_name" { variable "adfs_dns_domain_name" {
description = "ADFS DNS domain name." description = "ADFS DNS domain name."
type = string type = string
@ -75,26 +52,49 @@ variable "instance_type" {
default = "n1-standard-2" default = "n1-standard-2"
} }
variable "network_config" {
description = "Network configuration"
type = object({
network = string
subnet = string
})
default = null
}
variable "prefix" {
description = "Prefix for the resources created."
type = string
default = null
}
variable "project_create" {
description = "Parameters for the creation of the new project."
type = object({
billing_account_id = string
parent = string
})
default = null
}
variable "project_id" {
description = "Host project ID."
type = string
}
variable "region" { variable "region" {
description = "Region." description = "Region."
type = string type = string
default = "europe-west1" default = "europe-west1"
} }
variable "subnet_ip_cidr_block" {
description = "Subnet IP CIDR block."
type = string
default = "10.0.1.0/28"
}
variable "zone" { variable "zone" {
description = "Zone." description = "Zone."
type = string type = string
default = "europe-west1-c" default = "europe-west1-c"
} }
variable "ad_ip_cidr_block" {
description = "Managed AD IP CIDR block."
type = string
default = "10.0.0.0/24"
}
variable "subnet_ip_cidr_block" {
description = "Subnet IP CIDR block."
type = string
default = "10.0.1.0/28"
}

20
blueprints/cloud-operations/apigee/README.md
View File

@ -58,16 +58,16 @@ Do the following to verify that everything works as expected.
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [envgroups](variables.tf#L54) | Environment groups (NAME => [HOSTNAMES]). | <code>map&#40;list&#40;string&#41;&#41;</code> | ✓ | | | [envgroups](variables.tf#L24) | Environment groups (NAME => [HOSTNAMES]). | <code>map&#40;list&#40;string&#41;&#41;</code> | ✓ | |
| [environments](variables.tf#L60) | Environments. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10; node_config &#61; optional&#40;object&#40;&#123;&#10; min_node_count &#61; optional&#40;number&#41;&#10; max_node_count &#61; optional&#40;number&#41;&#10; current_aggregate_node_count &#61; number&#10; &#125;&#41;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10; envgroups &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | | | [environments](variables.tf#L30) | Environments. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10; node_config &#61; optional&#40;object&#40;&#123;&#10; min_node_count &#61; optional&#40;number&#41;&#10; max_node_count &#61; optional&#40;number&#41;&#10; current_aggregate_node_count &#61; number&#10; &#125;&#41;&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;&#41;&#10; envgroups &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [instances](variables.tf#L76) | Instance. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10; region &#61; string&#10; environments &#61; list&#40;string&#41;&#10; psa_ip_cidr_range &#61; string&#10; disk_encryption_key &#61; optional&#40;string&#41;&#10; consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | | | [instances](variables.tf#L46) | Instance. | <code title="map&#40;object&#40;&#123;&#10; display_name &#61; optional&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10; region &#61; string&#10; environments &#61; list&#40;string&#41;&#10; psa_ip_cidr_range &#61; string&#10; disk_encryption_key &#61; optional&#40;string&#41;&#10; consumer_accept_list &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [project_id](variables.tf#L32) | Project ID. | <code>string</code> | ✓ | | | [project_id](variables.tf#L92) | Project ID. | <code>string</code> | ✓ | |
| [psc_config](variables.tf#L104) | PSC configuration. | <code>map&#40;string&#41;</code> | ✓ | | | [psc_config](variables.tf#L98) | PSC configuration. | <code>map&#40;string&#41;</code> | ✓ | |
| [datastore_name](variables.tf#L97) | Datastore | <code>string</code> | | <code>&#34;gcs&#34;</code> | | [datastore_name](variables.tf#L17) | Datastore | <code>string</code> | | <code>&#34;gcs&#34;</code> |
| [organization](variables.tf#L38) | Apigee organization. | <code title="object&#40;&#123;&#10; display_name &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10; description &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10; authorized_network &#61; optional&#40;string, &#34;vpc&#34;&#41;&#10; runtime_type &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10; billing_type &#61; optional&#40;string&#41;&#10; database_encryption_key &#61; optional&#40;string&#41;&#10; analytics_region &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10;&#125;">&#123;&#8230;&#125;</code> | | [organization](variables.tf#L60) | Apigee organization. | <code title="object&#40;&#123;&#10; display_name &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10; description &#61; optional&#40;string, &#34;Apigee organization created by tf module&#34;&#41;&#10; authorized_network &#61; optional&#40;string, &#34;vpc&#34;&#41;&#10; runtime_type &#61; optional&#40;string, &#34;CLOUD&#34;&#41;&#10; billing_type &#61; optional&#40;string&#41;&#10; database_encryption_key &#61; optional&#40;string&#41;&#10; analytics_region &#61; optional&#40;string, &#34;europe-west1&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [path](variables.tf#L90) | Bucket path. | <code>string</code> | | <code>&#34;&#47;analytics&#34;</code> | | [path](variables.tf#L76) | Bucket path. | <code>string</code> | | <code>&#34;&#47;analytics&#34;</code> |
| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L83) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [vpc_create](variables.tf#L26) | Boolean flag indicating whether the VPC should be created or not. | <code>bool</code> | | <code>true</code> | | [vpc_create](variables.tf#L104) | Boolean flag indicating whether the VPC should be created or not. | <code>bool</code> | | <code>true</code> |
## Outputs ## Outputs

72
blueprints/cloud-operations/apigee/variables.tf
View File

@ -14,41 +14,11 @@
* limitations under the License. * limitations under the License.
*/ */
variable "project_create" { variable "datastore_name" {
description = "Parameters for the creation of the new project." description = "Datastore"
type = object({
billing_account_id = string
parent = string
})
default = null
}
variable "vpc_create" {
description = "Boolean flag indicating whether the VPC should be created or not."
type = bool
default = true
}
variable "project_id" {
description = "Project ID."
type = string type = string
nullable = false nullable = false
} default = "gcs"
variable "organization" {
description = "Apigee organization."
type = object({
display_name = optional(string, "Apigee organization created by tf module")
description = optional(string, "Apigee organization created by tf module")
authorized_network = optional(string, "vpc")
runtime_type = optional(string, "CLOUD")
billing_type = optional(string)
database_encryption_key = optional(string)
analytics_region = optional(string, "europe-west1")
})
nullable = false
default = {
}
} }
variable "envgroups" { variable "envgroups" {
@ -87,6 +57,22 @@ variable "instances" {
nullable = false nullable = false
} }
variable "organization" {
description = "Apigee organization."
type = object({
display_name = optional(string, "Apigee organization created by tf module")
description = optional(string, "Apigee organization created by tf module")
authorized_network = optional(string, "vpc")
runtime_type = optional(string, "CLOUD")
billing_type = optional(string)
database_encryption_key = optional(string)
analytics_region = optional(string, "europe-west1")
})
nullable = false
default = {
}
}
variable "path" { variable "path" {
description = "Bucket path." description = "Bucket path."
type = string type = string
@ -94,11 +80,19 @@ variable "path" {
nullable = false nullable = false
} }
variable "datastore_name" { variable "project_create" {
description = "Datastore" description = "Parameters for the creation of the new project."
type = object({
billing_account_id = string
parent = string
})
default = null
}
variable "project_id" {
description = "Project ID."
type = string type = string
nullable = false nullable = false
default = "gcs"
} }
variable "psc_config" { variable "psc_config" {
@ -106,3 +100,9 @@ variable "psc_config" {
type = map(string) type = map(string)
nullable = false nullable = false
} }
variable "vpc_create" {
description = "Boolean flag indicating whether the VPC should be created or not."
type = bool
default = true
}

4
blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/README.md
View File

@ -11,8 +11,8 @@ The codebase provisions the following list of resources:
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [impersonate_service_account_email](variables.tf#L21) | Service account to be impersonated by workload identity. | <code>string</code> | ✓ | | | [impersonate_service_account_email](variables.tf#L16) | Service account to be impersonated by workload identity. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L16) | GCP project ID. | <code>string</code> | ✓ | | | [project_id](variables.tf#L21) | GCP project ID. | <code>string</code> | ✓ | |
| [workload_identity_pool_provider_id](variables.tf#L26) | GCP workload identity pool provider ID. | <code>string</code> | ✓ | | | [workload_identity_pool_provider_id](variables.tf#L26) | GCP workload identity pool provider ID. | <code>string</code> | ✓ | |
<!-- END TFDOC --> <!-- END TFDOC -->

6
blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md
View File

@ -27,9 +27,9 @@ provider "google-beta" {
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [impersonate_service_account_email](variables.tf#L22) | Service account to be impersonated by workload identity federation. | <code>string</code> | ✓ | | | [impersonate_service_account_email](variables.tf#L17) | Service account to be impersonated by workload identity federation. | <code>string</code> | ✓ | |
| [workload_identity_pool_provider_id](variables.tf#L17) | GCP workload identity pool provider ID. | <code>string</code> | ✓ | | | [workload_identity_pool_provider_id](variables.tf#L28) | GCP workload identity pool provider ID. | <code>string</code> | ✓ | |
| [tmp_oidc_token_path](variables.tf#L27) | Name of the temporary file where TFC OIDC token will be stored to authentificate terraform provider google. | <code>string</code> | | <code>&#34;.oidc_token&#34;</code> | | [tmp_oidc_token_path](variables.tf#L22) | Name of the temporary file where TFC OIDC token will be stored to authentificate terraform provider google. | <code>string</code> | | <code>&#34;.oidc_token&#34;</code> |
## Outputs ## Outputs

10
blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/variables.tf
View File

@ -14,11 +14,6 @@
* limitations under the License. * limitations under the License.
*/ */
variable "workload_identity_pool_provider_id" {
description = "GCP workload identity pool provider ID."
type = string
}
variable "impersonate_service_account_email" { variable "impersonate_service_account_email" {
description = "Service account to be impersonated by workload identity federation." description = "Service account to be impersonated by workload identity federation."
type = string type = string
@ -29,3 +24,8 @@ variable "tmp_oidc_token_path" {
type = string type = string
default = ".oidc_token" default = ".oidc_token"
} }
variable "workload_identity_pool_provider_id" {
description = "GCP workload identity pool provider ID."
type = string
}

8
blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/variables.tf
View File

@ -13,13 +13,13 @@
# limitations under the License. # limitations under the License.
variable "project_id" { variable "impersonate_service_account_email" {
description = "GCP project ID." description = "Service account to be impersonated by workload identity."
type = string type = string
} }
variable "impersonate_service_account_email" { variable "project_id" {
description = "Service account to be impersonated by workload identity." description = "GCP project ID."
type = string type = string
} }

14
blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md
View File

@ -99,13 +99,13 @@ gcloud compute ssh --zone europe-west1-b nginx-test -- 'uptime'
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [billing_account](variables.tf#L16) | Billing account id used as default for new projects. | <code>string</code> | ✓ | | | [billing_account](variables.tf#L16) | Billing account id used as default for new projects. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L33) | Project id to create a project when `project_create` is `true`, or to be used when `false`. | <code>string</code> | ✓ | | | [project_id](variables.tf#L39) | Project id to create a project when `project_create` is `true`, or to be used when `false`. | <code>string</code> | ✓ | |
| [grace_period](variables.tf#L56) | Grace period for an instance startup. | <code>string</code> | | <code>&#34;180s&#34;</code> | | [grace_period](variables.tf#L21) | Grace period for an instance startup. | <code>string</code> | | <code>&#34;180s&#34;</code> |
| [location](variables.tf#L21) | App Engine location used in the example (required for CloudFunctions). | <code>string</code> | | <code>&#34;europe-west&#34;</code> | | [location](variables.tf#L27) | App Engine location used in the example (required for CloudFunctions). | <code>string</code> | | <code>&#34;europe-west&#34;</code> |
| [project_create](variables.tf#L27) | Create project instead of using an existing one. | <code>bool</code> | | <code>false</code> | | [project_create](variables.tf#L33) | Create project instead of using an existing one. | <code>bool</code> | | <code>false</code> |
| [region](variables.tf#L38) | Compute region used in the example. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L44) | Compute region used in the example. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [root_node](variables.tf#L44) | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | <code>string</code> | | <code>null</code> | | [root_node](variables.tf#L50) | The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. | <code>string</code> | | <code>null</code> |
| [schedule](variables.tf#L50) | Cron schedule for executing compute instances healthcheck. | <code>string</code> | | <code>&#34;&#42;&#47;5 &#42; &#42; &#42; &#42;&#34; &#35; every five minutes&#34;</code> | | [schedule](variables.tf#L56) | Cron schedule for executing compute instances healthcheck. | <code>string</code> | | <code>&#34;&#42;&#47;5 &#42; &#42; &#42; &#42;&#34; &#35; every five minutes&#34;</code> |
| [tcp_port](variables.tf#L62) | TCP port to run healthcheck against. | <code>string</code> | | <code>&#34;80&#34; &#35;http&#34;</code> | | [tcp_port](variables.tf#L62) | TCP port to run healthcheck against. | <code>string</code> | | <code>&#34;80&#34; &#35;http&#34;</code> |
| [timeout](variables.tf#L68) | TCP probe timeout. | <code>string</code> | | <code>&#34;1000ms&#34;</code> | | [timeout](variables.tf#L68) | TCP probe timeout. | <code>string</code> | | <code>&#34;1000ms&#34;</code> |

12
blueprints/cloud-operations/unmanaged-instances-healthcheck/variables.tf
View File

@ -18,6 +18,12 @@ variable "billing_account" {
type = string type = string
} }
variable "grace_period" {
description = "Grace period for an instance startup."
type = string
default = "180s"
}
variable "location" { variable "location" {
description = "App Engine location used in the example (required for CloudFunctions)." description = "App Engine location used in the example (required for CloudFunctions)."
type = string type = string
@ -53,12 +59,6 @@ variable "schedule" {
default = "*/5 * * * *" # every five minutes default = "*/5 * * * *" # every five minutes
} }
variable "grace_period" {
description = "Grace period for an instance startup."
type = string
default = "180s"
}
variable "tcp_port" { variable "tcp_port" {
description = "TCP port to run healthcheck against." description = "TCP port to run healthcheck against."
type = string type = string

28
blueprints/data-solutions/cloudsql-multiregion/README.md
View File

@ -143,25 +143,25 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [postgres_user_password](variables.tf#L40) | `postgres` user password. | <code>string</code> | ✓ | | | [postgres_user_password](variables.tf#L40) | `postgres` user password. | <code>string</code> | ✓ | |
| [prefix](variables.tf#L51) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | | | [prefix](variables.tf#L45) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L65) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | | | [project_id](variables.tf#L59) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
| [data_eng_principals](variables.tf#L23) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [data_eng_principals](variables.tf#L17) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [network_config](variables.tf#L29) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; network_self_link &#61; string&#10; subnet_self_link &#61; string&#10; cloudsql_psa_range &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [network_config](variables.tf#L23) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; network_self_link &#61; string&#10; subnet_self_link &#61; string&#10; cloudsql_psa_range &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [postgres_database](variables.tf#L45) | `postgres` database. | <code>string</code> | | <code>&#34;guestbook&#34;</code> | | [postgres_database](variables.tf#L34) | `postgres` database. | <code>string</code> | | <code>&#34;guestbook&#34;</code> |
| [project_create](variables.tf#L56) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L50) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [regions](variables.tf#L70) | Map of instance_name => location where instances will be deployed. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; primary &#61; &#34;europe-west1&#34;&#10; replica &#61; &#34;europe-west3&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [regions](variables.tf#L64) | Map of instance_name => location where instances will be deployed. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; primary &#61; &#34;europe-west1&#34;&#10; replica &#61; &#34;europe-west3&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [service_encryption_keys](variables.tf#L17) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | <code>map&#40;string&#41;</code> | | <code>null</code> | | [service_encryption_keys](variables.tf#L77) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | <code>map&#40;string&#41;</code> | | <code>null</code> |
| [sql_configuration](variables.tf#L84) | Cloud SQL configuration | <code title="object&#40;&#123;&#10; availability_type &#61; string&#10; database_version &#61; string&#10; psa_range &#61; string&#10; tier &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; availability_type &#61; &#34;REGIONAL&#34;&#10; database_version &#61; &#34;POSTGRES_13&#34;&#10; psa_range &#61; &#34;10.60.0.0&#47;16&#34;&#10; tier &#61; &#34;db-g1-small&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [sql_configuration](variables.tf#L83) | Cloud SQL configuration | <code title="object&#40;&#123;&#10; availability_type &#61; string&#10; database_version &#61; string&#10; psa_range &#61; string&#10; tier &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; availability_type &#61; &#34;REGIONAL&#34;&#10; database_version &#61; &#34;POSTGRES_13&#34;&#10; psa_range &#61; &#34;10.60.0.0&#47;16&#34;&#10; tier &#61; &#34;db-g1-small&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
## Outputs ## Outputs
| name | description | sensitive | | name | description | sensitive |
|---|---|:---:| |---|---|:---:|
| [bucket](outputs.tf#L22) | Cloud storage bucket to import/export data from Cloud SQL. | | | [bucket](outputs.tf#L17) | Cloud storage bucket to import/export data from Cloud SQL. | |
| [connection_names](outputs.tf#L17) | Connection name of each instance. | | | [connection_names](outputs.tf#L22) | Connection name of each instance. | |
| [demo_commands](outputs.tf#L37) | Demo commands. | | | [demo_commands](outputs.tf#L27) | Demo commands. | |
| [ips](outputs.tf#L27) | IP address of each instance. | | | [ips](outputs.tf#L36) | IP address of each instance. | |
| [project_id](outputs.tf#L32) | ID of the project containing all the instances. | | | [project_id](outputs.tf#L41) | ID of the project containing all the instances. | |
| [service_accounts](outputs.tf#L46) | Service Accounts. | | | [service_accounts](outputs.tf#L46) | Service Accounts. | |
<!-- END TFDOC --> <!-- END TFDOC -->

24
blueprints/data-solutions/cloudsql-multiregion/outputs.tf
View File

@ -14,14 +14,23 @@
* limitations under the License. * limitations under the License.
*/ */
output "bucket" {
description = "Cloud storage bucket to import/export data from Cloud SQL."
value = module.gcs.name
}
output "connection_names" { output "connection_names" {
description = "Connection name of each instance." description = "Connection name of each instance."
value = module.db.connection_names value = module.db.connection_names
} }
output "bucket" { output "demo_commands" {
description = "Cloud storage bucket to import/export data from Cloud SQL." description = "Demo commands."
value = module.gcs.name value = {
"01_ssh" = "gcloud compute ssh ${module.test-vm.instance.name} --project ${module.project.name} --zone ${var.regions.primary}-b"
"02_cloud_sql_proxy" = "cloud_sql_proxy -enable_iam_login -instances=${module.db.connection_name}=tcp:5432 &"
"03_psql" = "psql 'host=127.0.0.1 port=5432 sslmode=disable dbname=${var.postgres_database} user=postgres password=PASSWORD'"
}
} }
output "ips" { output "ips" {
@ -34,15 +43,6 @@ output "project_id" {
value = module.project.project_id value = module.project.project_id
} }
output "demo_commands" {
description = "Demo commands."
value = {
"01_ssh" = "gcloud compute ssh ${module.test-vm.instance.name} --project ${module.project.name} --zone ${var.regions.primary}-b"
"02_cloud_sql_proxy" = "cloud_sql_proxy -enable_iam_login -instances=${module.db.connection_name}=tcp:5432 &"
"03_psql" = "psql 'host=127.0.0.1 port=5432 sslmode=disable dbname=${var.postgres_database} user=postgres password=PASSWORD'"
}
}
output "service_accounts" { output "service_accounts" {
description = "Service Accounts." description = "Service Accounts."
value = { value = {

21
blueprints/data-solutions/cloudsql-multiregion/variables.tf
View File

@ -14,12 +14,6 @@
* limitations under the License. * limitations under the License.
*/ */
variable "service_encryption_keys" {
description = "Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured."
type = map(string)
default = null
}
variable "data_eng_principals" { variable "data_eng_principals" {
description = "Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'." description = "Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'."
type = list(string) type = list(string)
@ -37,17 +31,17 @@ variable "network_config" {
default = null default = null
} }
variable "postgres_user_password" {
description = "`postgres` user password."
type = string
}
variable "postgres_database" { variable "postgres_database" {
description = "`postgres` database." description = "`postgres` database."
type = string type = string
default = "guestbook" default = "guestbook"
} }
variable "postgres_user_password" {
description = "`postgres` user password."
type = string
}
variable "prefix" { variable "prefix" {
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
type = string type = string
@ -80,6 +74,11 @@ variable "regions" {
} }
} }
variable "service_encryption_keys" {
description = "Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured."
type = map(string)
default = null
}
variable "sql_configuration" { variable "sql_configuration" {
description = "Cloud SQL configuration" description = "Cloud SQL configuration"

12
blueprints/data-solutions/data-platform-foundations/README.md
View File

@ -266,12 +266,12 @@ You can find examples in the `[demo](./demo)` folder.
| name | description | sensitive | | name | description | sensitive |
|---|---|:---:| |---|---|:---:|
| [bigquery-datasets](outputs.tf#L17) | BigQuery datasets. | | | [bigquery-datasets](outputs.tf#L17) | BigQuery datasets. | |
| [demo_commands](outputs.tf#L93) | Demo commands. | | | [demo_commands](outputs.tf#L28) | Demo commands. | |
| [gcs-buckets](outputs.tf#L28) | GCS buckets. | | | [gcs-buckets](outputs.tf#L41) | GCS buckets. | |
| [kms_keys](outputs.tf#L42) | Cloud MKS keys. | | | [kms_keys](outputs.tf#L55) | Cloud MKS keys. | |
| [projects](outputs.tf#L47) | GCP Projects informations. | | | [projects](outputs.tf#L60) | GCP Projects informations. | |
| [vpc_network](outputs.tf#L75) | VPC network. | | | [vpc_network](outputs.tf#L88) | VPC network. | |
| [vpc_subnet](outputs.tf#L84) | VPC subnetworks. | | | [vpc_subnet](outputs.tf#L97) | VPC subnetworks. | |
<!-- END TFDOC --> <!-- END TFDOC -->
## TODOs ## TODOs

26
blueprints/data-solutions/data-platform-foundations/outputs.tf
View File

@ -25,6 +25,19 @@ output "bigquery-datasets" {
} }
} }
output "demo_commands" {
description = "Demo commands."
value = {
01 = "gsutil -i ${module.drop-sa-cs-0.email} cp demo/data/*.csv gs://${module.drop-cs-0.name}"
02 = "gsutil -i ${module.orch-sa-cmp-0.email} cp demo/data/*.j* gs://${module.orch-cs-0.name}"
03 = "gsutil -i ${module.orch-sa-cmp-0.email} cp demo/*.py ${google_composer_environment.orch-cmp-0.config[0].dag_gcs_prefix}/"
04 = "Open ${google_composer_environment.orch-cmp-0.config.0.airflow_uri} and run uploaded DAG."
05 = <<EOT
bq query --project_id=${module.dwh-conf-project.project_id} --use_legacy_sql=false 'SELECT * EXCEPT (name, surname) FROM `${module.dwh-conf-project.project_id}.${module.dwh-conf-bq-0.dataset_id}.customer_purchase` LIMIT 1000'"
EOT
}
}
output "gcs-buckets" { output "gcs-buckets" {
description = "GCS buckets." description = "GCS buckets."
value = { value = {
@ -89,16 +102,3 @@ output "vpc_subnet" {
transformation = local.transf_subnet transformation = local.transf_subnet
} }
} }
output "demo_commands" {
description = "Demo commands."
value = {
01 = "gsutil -i ${module.drop-sa-cs-0.email} cp demo/data/*.csv gs://${module.drop-cs-0.name}"
02 = "gsutil -i ${module.orch-sa-cmp-0.email} cp demo/data/*.j* gs://${module.orch-cs-0.name}"
03 = "gsutil -i ${module.orch-sa-cmp-0.email} cp demo/*.py ${google_composer_environment.orch-cmp-0.config[0].dag_gcs_prefix}/"
04 = "Open ${google_composer_environment.orch-cmp-0.config.0.airflow_uri} and run uploaded DAG."
05 = <<EOT
bq query --project_id=${module.dwh-conf-project.project_id} --use_legacy_sql=false 'SELECT * EXCEPT (name, surname) FROM `${module.dwh-conf-project.project_id}.${module.dwh-conf-bq-0.dataset_id}.customer_purchase` LIMIT 1000'"
EOT
}
}

4
blueprints/data-solutions/data-playground/README.md
View File

@ -47,8 +47,8 @@ You can now connect to the Vertex AI notbook to perform your data analysy.
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [prefix](variables.tf#L36) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | | | [prefix](variables.tf#L22) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L22) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | | | [project_id](variables.tf#L36) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
| [location](variables.tf#L16) | The location where resources will be deployed. | <code>string</code> | | <code>&#34;EU&#34;</code> | | [location](variables.tf#L16) | The location where resources will be deployed. | <code>string</code> | | <code>&#34;EU&#34;</code> |
| [project_create](variables.tf#L27) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L27) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [region](variables.tf#L41) | The region where resources will be deployed. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L41) | The region where resources will be deployed. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |

8
blueprints/data-solutions/data-playground/variables.tf
View File

@ -19,8 +19,8 @@ variable "location" {
default = "EU" default = "EU"
} }
variable "project_id" { variable "prefix" {
description = "Project id, references existing project if `project_create` is null." description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
type = string type = string
} }
@ -33,8 +33,8 @@ variable "project_create" {
default = null default = null
} }
variable "prefix" { variable "project_id" {
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." description = "Project id, references existing project if `project_create` is null."
type = string type = string
} }

10
blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md
View File

@ -208,10 +208,10 @@ The above command will delete the associated resources so there will be no billa
|---|---|:---:| |---|---|:---:|
| [bq_tables](outputs.tf#L15) | Bigquery Tables. | | | [bq_tables](outputs.tf#L15) | Bigquery Tables. | |
| [buckets](outputs.tf#L20) | GCS bucket Cloud KMS crypto keys. | | | [buckets](outputs.tf#L20) | GCS bucket Cloud KMS crypto keys. | |
| [command_01_gcs](outputs.tf#L43) | gcloud command to copy data into the created bucket impersonating the service account. | | | [command_01_gcs](outputs.tf#L28) | gcloud command to copy data into the created bucket impersonating the service account. | |
| [command_02_dataflow](outputs.tf#L48) | Command to run Dataflow template impersonating the service account. | | | [command_02_dataflow](outputs.tf#L33) | Command to run Dataflow template impersonating the service account. | |
| [command_03_bq](outputs.tf#L69) | BigQuery command to query imported data. | | | [command_03_bq](outputs.tf#L54) | BigQuery command to query imported data. | |
| [project_id](outputs.tf#L28) | Project id. | | | [project_id](outputs.tf#L64) | Project id. | |
| [service_accounts](outputs.tf#L33) | Service account. | | | [service_accounts](outputs.tf#L69) | Service account. | |
<!-- END TFDOC --> <!-- END TFDOC -->

30
blueprints/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf
View File

@ -25,21 +25,6 @@ output "buckets" {
} }
} }
output "project_id" {
description = "Project id."
value = module.project.project_id
}
output "service_accounts" {
description = "Service account."
value = {
bq = module.service-account-bq.email
df = module.service-account-df.email
orch = module.service-account-orch.email
landing = module.service-account-landing.email
}
}
output "command_01_gcs" { output "command_01_gcs" {
description = "gcloud command to copy data into the created bucket impersonating the service account." description = "gcloud command to copy data into the created bucket impersonating the service account."
value = "gsutil -i ${module.service-account-landing.email} cp data-demo/* ${module.gcs-data.url}" value = "gsutil -i ${module.service-account-landing.email} cp data-demo/* ${module.gcs-data.url}"
@ -75,3 +60,18 @@ output "command_03_bq" {
sql_limit = 1000 sql_limit = 1000
}) })
} }
output "project_id" {
description = "Project id."
value = module.project.project_id
}
output "service_accounts" {
description = "Service account."
value = {
bq = module.service-account-bq.email
df = module.service-account-df.email
orch = module.service-account-orch.email
landing = module.service-account-landing.email
}
}

52
blueprints/data-solutions/sqlserver-alwayson/README.md
View File

@ -35,32 +35,32 @@ and to `C:\GcpSetupLog.txt` file.
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [ad_domain_fqdn](variables.tf#L111) | Active Directory domain (FQDN) | <code>string</code> | ✓ | | | [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN) | <code>string</code> | ✓ | |
| [ad_domain_netbios](variables.tf#L120) | Active Directory domain (NetBIOS) | <code>string</code> | ✓ | | | [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS) | <code>string</code> | ✓ | |
| [network](variables.tf#L38) | Network to use in the project | <code>string</code> | ✓ | | | [network](variables.tf#L90) | Network to use in the project | <code>string</code> | ✓ | |
| [project_id](variables.tf#L27) | Google Cloud project ID | <code>string</code> | ✓ | | | [project_id](variables.tf#L128) | Google Cloud project ID | <code>string</code> | ✓ | |
| [sql_admin_password](variables.tf#L102) | Password for the SQL admin user to be created | <code>string</code> | ✓ | | | [sql_admin_password](variables.tf#L145) | Password for the SQL admin user to be created | <code>string</code> | ✓ | |
| [subnetwork](variables.tf#L43) | Subnetwork to use in the project | <code>string</code> | ✓ | | | [subnetwork](variables.tf#L160) | Subnetwork to use in the project | <code>string</code> | ✓ | |
| [always_on_groups](variables.tf#L135) | List of Always On Groups | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;bookshelf&#34;&#93;</code> | | [always_on_groups](variables.tf#L33) | List of Always On Groups | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;bookshelf&#34;&#93;</code> |
| [boot_disk_size](variables.tf#L90) | Boot disk size in GB | <code>number</code> | | <code>50</code> | | [boot_disk_size](variables.tf#L39) | Boot disk size in GB | <code>number</code> | | <code>50</code> |
| [cluster_name](variables.tf#L48) | Cluster name (prepended with prefix) | <code>string</code> | | <code>&#34;cluster&#34;</code> | | [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix) | <code>string</code> | | <code>&#34;cluster&#34;</code> |
| [data_disk_size](variables.tf#L96) | Database disk size in GB | <code>number</code> | | <code>200</code> | | [data_disk_size](variables.tf#L51) | Database disk size in GB | <code>number</code> | | <code>200</code> |
| [health_check_config](variables.tf#L147) | Health check configuration | <code title="object&#40;&#123; check_interval_sec &#61; number,&#10; healthy_threshold &#61; number,&#10; unhealthy_threshold &#61; number,&#10; timeout_sec &#61; number,&#10;&#125;&#41;">&#8230;</code> | | <code title="&#123;&#10; check_interval_sec &#61; 2&#10; healthy_threshold &#61; 1&#10; unhealthy_threshold &#61; 2&#10; timeout_sec &#61; 1&#10;&#125;">&#123;&#8230;&#125;</code> | | [health_check_config](variables.tf#L57) | Health check configuration | <code title="object&#40;&#123; check_interval_sec &#61; number,&#10; healthy_threshold &#61; number,&#10; unhealthy_threshold &#61; number,&#10; timeout_sec &#61; number,&#10;&#125;&#41;">&#8230;</code> | | <code title="&#123;&#10; check_interval_sec &#61; 2&#10; healthy_threshold &#61; 1&#10; unhealthy_threshold &#61; 2&#10; timeout_sec &#61; 1&#10;&#125;">&#123;&#8230;&#125;</code> |
| [health_check_port](variables.tf#L141) | Health check port | <code>number</code> | | <code>59997</code> | | [health_check_port](variables.tf#L72) | Health check port | <code>number</code> | | <code>59997</code> |
| [health_check_ranges](variables.tf#L60) | Health check ranges | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;35.191.0.0&#47;16&#34;, &#34;209.85.152.0&#47;22&#34;, &#34;209.85.204.0&#47;22&#34;&#93;</code> | | [health_check_ranges](variables.tf#L78) | Health check ranges | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;35.191.0.0&#47;16&#34;, &#34;209.85.152.0&#47;22&#34;, &#34;209.85.204.0&#47;22&#34;&#93;</code> |
| [managed_ad_dn](variables.tf#L129) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com) | <code>string</code> | | <code>&#34;&#34;</code> | | [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com) | <code>string</code> | | <code>&#34;&#34;</code> |
| [node_image](variables.tf#L78) | SQL Server node machine image | <code>string</code> | | <code>&#34;projects&#47;windows-sql-cloud&#47;global&#47;images&#47;family&#47;sql-ent-2019-win-2019&#34;</code> | | [node_image](variables.tf#L95) | SQL Server node machine image | <code>string</code> | | <code>&#34;projects&#47;windows-sql-cloud&#47;global&#47;images&#47;family&#47;sql-ent-2019-win-2019&#34;</code> |
| [node_instance_type](variables.tf#L66) | SQL Server database node instance type | <code>string</code> | | <code>&#34;n2-standard-8&#34;</code> | | [node_instance_type](variables.tf#L101) | SQL Server database node instance type | <code>string</code> | | <code>&#34;n2-standard-8&#34;</code> |
| [node_name](variables.tf#L162) | Node base name | <code>string</code> | | <code>&#34;node&#34;</code> | | [node_name](variables.tf#L107) | Node base name | <code>string</code> | | <code>&#34;node&#34;</code> |
| [prefix](variables.tf#L15) | Prefix used for resources (for multiple clusters in a project) | <code>string</code> | | <code>&#34;aog&#34;</code> | | [prefix](variables.tf#L113) | Prefix used for resources (for multiple clusters in a project) | <code>string</code> | | <code>&#34;aog&#34;</code> |
| [project_create](variables.tf#L174) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L119) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [region](variables.tf#L21) | Region for resources | <code>string</code> | | <code>&#34;europe-west4&#34;</code> | | [region](variables.tf#L133) | Region for resources | <code>string</code> | | <code>&#34;europe-west4&#34;</code> |
| [shared_vpc_project_id](variables.tf#L32) | Shared VPC project ID for firewall rules | <code>string</code> | | <code>null</code> | | [shared_vpc_project_id](variables.tf#L139) | Shared VPC project ID for firewall rules | <code>string</code> | | <code>null</code> |
| [sql_client_cidrs](variables.tf#L54) | CIDR ranges that are allowed to connect to SQL Server | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;0.0.0.0&#47;0&#34;&#93;</code> | | [sql_client_cidrs](variables.tf#L154) | CIDR ranges that are allowed to connect to SQL Server | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;0.0.0.0&#47;0&#34;&#93;</code> |
| [vpc_ip_cidr_range](variables.tf#L183) | Ip range used in the subnet deployef in the Service Project. | <code>string</code> | | <code>&#34;10.0.0.0&#47;20&#34;</code> | | [vpc_ip_cidr_range](variables.tf#L165) | Ip range used in the subnet deployef in the Service Project. | <code>string</code> | | <code>&#34;10.0.0.0&#47;20&#34;</code> |
| [witness_image](variables.tf#L84) | SQL Server witness machine image | <code>string</code> | | <code>&#34;projects&#47;windows-cloud&#47;global&#47;images&#47;family&#47;windows-2019&#34;</code> | | [witness_image](variables.tf#L171) | SQL Server witness machine image | <code>string</code> | | <code>&#34;projects&#47;windows-cloud&#47;global&#47;images&#47;family&#47;windows-2019&#34;</code> |
| [witness_instance_type](variables.tf#L72) | SQL Server witness node instance type | <code>string</code> | | <code>&#34;n2-standard-2&#34;</code> | | [witness_instance_type](variables.tf#L177) | SQL Server witness node instance type | <code>string</code> | | <code>&#34;n2-standard-2&#34;</code> |
| [witness_name](variables.tf#L168) | Witness base name | <code>string</code> | | <code>&#34;witness&#34;</code> | | [witness_name](variables.tf#L183) | Witness base name | <code>string</code> | | <code>&#34;witness&#34;</code> |
## Outputs ## Outputs

216
blueprints/data-solutions/sqlserver-alwayson/variables.tf
View File

@ -12,102 +12,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
variable "prefix" {
description = "Prefix used for resources (for multiple clusters in a project)"
type = string
default = "aog"
}
variable "region" {
description = "Region for resources"
type = string
default = "europe-west4"
}
variable "project_id" {
description = "Google Cloud project ID"
type = string
}
variable "shared_vpc_project_id" {
description = "Shared VPC project ID for firewall rules"
type = string
default = null
}
variable "network" {
description = "Network to use in the project"
type = string
}
variable "subnetwork" {
description = "Subnetwork to use in the project"
type = string
}
variable "cluster_name" {
description = "Cluster name (prepended with prefix)"
type = string
default = "cluster"
}
variable "sql_client_cidrs" {
description = "CIDR ranges that are allowed to connect to SQL Server"
type = list(string)
default = ["0.0.0.0/0"]
}
variable "health_check_ranges" {
description = "Health check ranges"
type = list(string)
default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]
}
variable "node_instance_type" {
description = "SQL Server database node instance type"
type = string
default = "n2-standard-8"
}
variable "witness_instance_type" {
description = "SQL Server witness node instance type"
type = string
default = "n2-standard-2"
}
variable "node_image" {
description = "SQL Server node machine image"
type = string
default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"
}
variable "witness_image" {
description = "SQL Server witness machine image"
type = string
default = "projects/windows-cloud/global/images/family/windows-2019"
}
variable "boot_disk_size" {
description = "Boot disk size in GB"
type = number
default = 50
}
variable "data_disk_size" {
description = "Database disk size in GB"
type = number
default = 200
}
variable "sql_admin_password" {
description = "Password for the SQL admin user to be created"
type = string
validation {
condition = length(var.sql_admin_password) > 0
error_message = "SQL administrator password needs to be specified."
}
}
variable "ad_domain_fqdn" { variable "ad_domain_fqdn" {
description = "Active Directory domain (FQDN)" description = "Active Directory domain (FQDN)"
type = string type = string
@ -126,22 +30,28 @@ variable "ad_domain_netbios" {
} }
} }
variable "managed_ad_dn" {
description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)"
type = string
default = ""
}
variable "always_on_groups" { variable "always_on_groups" {
description = "List of Always On Groups" description = "List of Always On Groups"
type = list(string) type = list(string)
default = ["bookshelf"] default = ["bookshelf"]
} }
variable "health_check_port" { variable "boot_disk_size" {
description = "Health check port" description = "Boot disk size in GB"
type = number type = number
default = 59997 default = 50
}
variable "cluster_name" {
description = "Cluster name (prepended with prefix)"
type = string
default = "cluster"
}
variable "data_disk_size" {
description = "Database disk size in GB"
type = number
default = 200
} }
variable "health_check_config" { variable "health_check_config" {
@ -159,16 +69,51 @@ variable "health_check_config" {
} }
} }
variable "health_check_port" {
description = "Health check port"
type = number
default = 59997
}
variable "health_check_ranges" {
description = "Health check ranges"
type = list(string)
default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]
}
variable "managed_ad_dn" {
description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)"
type = string
default = ""
}
variable "network" {
description = "Network to use in the project"
type = string
}
variable "node_image" {
description = "SQL Server node machine image"
type = string
default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"
}
variable "node_instance_type" {
description = "SQL Server database node instance type"
type = string
default = "n2-standard-8"
}
variable "node_name" { variable "node_name" {
description = "Node base name" description = "Node base name"
type = string type = string
default = "node" default = "node"
} }
variable "witness_name" { variable "prefix" {
description = "Witness base name" description = "Prefix used for resources (for multiple clusters in a project)"
type = string type = string
default = "witness" default = "aog"
} }
variable "project_create" { variable "project_create" {
@ -180,8 +125,63 @@ variable "project_create" {
default = null default = null
} }
variable "project_id" {
description = "Google Cloud project ID"
type = string
}
variable "region" {
description = "Region for resources"
type = string
default = "europe-west4"
}
variable "shared_vpc_project_id" {
description = "Shared VPC project ID for firewall rules"
type = string
default = null
}
variable "sql_admin_password" {
description = "Password for the SQL admin user to be created"
type = string
validation {
condition = length(var.sql_admin_password) > 0
error_message = "SQL administrator password needs to be specified."
}
}
variable "sql_client_cidrs" {
description = "CIDR ranges that are allowed to connect to SQL Server"
type = list(string)
default = ["0.0.0.0/0"]
}
variable "subnetwork" {
description = "Subnetwork to use in the project"
type = string
}
variable "vpc_ip_cidr_range" { variable "vpc_ip_cidr_range" {
description = "Ip range used in the subnet deployef in the Service Project." description = "Ip range used in the subnet deployef in the Service Project."
type = string type = string
default = "10.0.0.0/20" default = "10.0.0.0/20"
} }
variable "witness_image" {
description = "SQL Server witness machine image"
type = string
default = "projects/windows-cloud/global/images/family/windows-2019"
}
variable "witness_instance_type" {
description = "SQL Server witness node instance type"
type = string
default = "n2-standard-2"
}
variable "witness_name" {
description = "Witness base name"
type = string
default = "witness"
}

7
blueprints/factories/bigquery-factory/README.md
View File

@ -67,20 +67,17 @@ labels: # not required, defaults to {}, Example: {"a":"thisislabela","b":"thisis
use_legacy_sql: bool # not required, defaults to false use_legacy_sql: bool # not required, defaults to false
deletion_protection: bool # not required, defaults to false deletion_protection: bool # not required, defaults to false
``` ```
<!-- BEGIN TFDOC --> <!-- BEGIN TFDOC -->
## Variables ## Variables
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L27) | Project ID | <code>string</code> | ✓ | | | [project_id](variables.tf#L17) | Project ID | <code>string</code> | ✓ | |
| [tables_dir](variables.tf#L22) | Relative path for the folder storing table data. | <code>string</code> | ✓ | | | [tables_dir](variables.tf#L22) | Relative path for the folder storing table data. | <code>string</code> | ✓ | |
| [views_dir](variables.tf#L17) | Relative path for the folder storing view data. | <code>string</code> | ✓ | | | [views_dir](variables.tf#L27) | Relative path for the folder storing view data. | <code>string</code> | ✓ | |
<!-- END TFDOC --> <!-- END TFDOC -->
## TODO ## TODO
- [ ] add external table support - [ ] add external table support

9
blueprints/factories/bigquery-factory/variables.tf
View File

@ -14,8 +14,8 @@
* limitations under the License. * limitations under the License.
*/ */
variable "views_dir" { variable "project_id" {
description = "Relative path for the folder storing view data." description = "Project ID"
type = string type = string
} }
@ -24,8 +24,7 @@ variable "tables_dir" {
type = string type = string
} }
variable "project_id" { variable "views_dir" {
description = "Project ID" description = "Relative path for the folder storing view data."
type = string type = string
} }

6
blueprints/factories/project-factory/README.md
View File

@ -239,9 +239,9 @@ vpc:
| [service_accounts_additive](variables.tf#L168) | Service accounts to be created, and roles assigned them on the project additively. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [service_accounts_additive](variables.tf#L168) | Service accounts to be created, and roles assigned them on the project additively. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_accounts_iam](variables.tf#L174) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [service_accounts_iam](variables.tf#L174) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_accounts_iam_additive](variables.tf#L181) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [service_accounts_iam_additive](variables.tf#L181) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | <code>map&#40;map&#40;list&#40;string&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_identities_iam](variables.tf#L195) | Custom IAM settings for service identities in service => [role] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [service_identities_iam](variables.tf#L188) | Custom IAM settings for service identities in service => [role] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_identities_iam_additive](variables.tf#L202) | Custom additive IAM settings for service identities in service => [role] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [service_identities_iam_additive](variables.tf#L195) | Custom additive IAM settings for service identities in service => [role] format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [services](variables.tf#L188) | Services to be enabled for the project. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [services](variables.tf#L202) | Services to be enabled for the project. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [vpc](variables.tf#L209) | VPC configuration for the project. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; gke_setup &#61; object&#40;&#123;&#10; enable_security_admin &#61; bool&#10; enable_host_service_agent &#61; bool&#10; &#125;&#41;&#10; subnets_iam &#61; map&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [vpc](variables.tf#L209) | VPC configuration for the project. | <code title="object&#40;&#123;&#10; host_project &#61; string&#10; gke_setup &#61; object&#40;&#123;&#10; enable_security_admin &#61; bool&#10; enable_host_service_agent &#61; bool&#10; &#125;&#41;&#10; subnets_iam &#61; map&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs ## Outputs

14
blueprints/factories/project-factory/variables.tf
View File

@ -185,13 +185,6 @@ variable "service_accounts_iam_additive" {
nullable = false nullable = false
} }
variable "services" {
description = "Services to be enabled for the project."
type = list(string)
default = []
nullable = false
}
variable "service_identities_iam" { variable "service_identities_iam" {
description = "Custom IAM settings for service identities in service => [role] format." description = "Custom IAM settings for service identities in service => [role] format."
type = map(list(string)) type = map(list(string))
@ -206,6 +199,13 @@ variable "service_identities_iam_additive" {
nullable = false nullable = false
} }
variable "services" {
description = "Services to be enabled for the project."
type = list(string)
default = []
nullable = false
}
variable "vpc" { variable "vpc" {
description = "VPC configuration for the project." description = "VPC configuration for the project."
type = object({ type = object({

20
blueprints/gke/binauthz/README.md
View File

@ -107,21 +107,21 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L26) | Project ID. | <code>string</code> | ✓ | | | [project_id](variables.tf#L44) | Project ID. | <code>string</code> | ✓ | |
| [master_cidr_block](variables.tf#L49) | Master CIDR block. | <code>string</code> | | <code>&#34;10.0.0.0&#47;28&#34;</code> | | [master_cidr_block](variables.tf#L17) | Master CIDR block. | <code>string</code> | | <code>&#34;10.0.0.0&#47;28&#34;</code> |
| [pods_cidr_block](variables.tf#L37) | Pods CIDR block. | <code>string</code> | | <code>&#34;172.16.0.0&#47;20&#34;</code> | | [pods_cidr_block](variables.tf#L23) | Pods CIDR block. | <code>string</code> | | <code>&#34;172.16.0.0&#47;20&#34;</code> |
| [prefix](variables.tf#L31) | Prefix for resources created. | <code>string</code> | | <code>null</code> | | [prefix](variables.tf#L29) | Prefix for resources created. | <code>string</code> | | <code>null</code> |
| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L35) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [region](variables.tf#L61) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L49) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [services_cidr_block](variables.tf#L43) | Services CIDR block. | <code>string</code> | | <code>&#34;192.168.0.0&#47;24&#34;</code> | | [services_cidr_block](variables.tf#L55) | Services CIDR block. | <code>string</code> | | <code>&#34;192.168.0.0&#47;24&#34;</code> |
| [subnet_cidr_block](variables.tf#L55) | Subnet CIDR block. | <code>string</code> | | <code>&#34;10.0.1.0&#47;24&#34;</code> | | [subnet_cidr_block](variables.tf#L61) | Subnet CIDR block. | <code>string</code> | | <code>&#34;10.0.1.0&#47;24&#34;</code> |
| [zone](variables.tf#L67) | Zone. | <code>string</code> | | <code>&#34;europe-west1-c&#34;</code> | | [zone](variables.tf#L67) | Zone. | <code>string</code> | | <code>&#34;europe-west1-c&#34;</code> |
## Outputs ## Outputs
| name | description | sensitive | | name | description | sensitive |
|---|---|:---:| |---|---|:---:|
| [app_repo_url](outputs.tf#L22) | App source repository url. | | | [app_repo_url](outputs.tf#L17) | App source repository url. | |
| [image_repo_url](outputs.tf#L17) | Image source repository url. | | | [image_repo_url](outputs.tf#L22) | Image source repository url. | |
<!-- END TFDOC --> <!-- END TFDOC -->

10
blueprints/gke/binauthz/outputs.tf
View File

@ -14,12 +14,12 @@
* limitations under the License. * limitations under the License.
*/ */
output "image_repo_url" {
description = "Image source repository url."
value = "ssh://<USER>@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.image_repo.name}"
}
output "app_repo_url" { output "app_repo_url" {
description = "App source repository url." description = "App source repository url."
value = "ssh://<USER>@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.app_repo.name}" value = "ssh://<USER>@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.app_repo.name}"
} }
output "image_repo_url" {
description = "Image source repository url."
value = "ssh://<USER>@source.developers.google.com:2022/p/${module.project.project_id}/r/${module.image_repo.name}"
}

42
blueprints/gke/binauthz/variables.tf
View File

@ -14,6 +14,24 @@
* limitations under the License. * limitations under the License.
*/ */
variable "master_cidr_block" {
description = "Master CIDR block."
type = string
default = "10.0.0.0/28"
}
variable "pods_cidr_block" {
description = "Pods CIDR block."
type = string
default = "172.16.0.0/20"
}
variable "prefix" {
description = "Prefix for resources created."
type = string
default = null
}
variable "project_create" { variable "project_create" {
description = "Parameters for the creation of the new project." description = "Parameters for the creation of the new project."
type = object({ type = object({
@ -28,16 +46,10 @@ variable "project_id" {
type = string type = string
} }
variable "prefix" { variable "region" {
description = "Prefix for resources created." description = "Region."
type = string type = string
default = null default = "europe-west1"
}
variable "pods_cidr_block" {
description = "Pods CIDR block."
type = string
default = "172.16.0.0/20"
} }
variable "services_cidr_block" { variable "services_cidr_block" {
@ -46,24 +58,12 @@ variable "services_cidr_block" {
default = "192.168.0.0/24" default = "192.168.0.0/24"
} }
variable "master_cidr_block" {
description = "Master CIDR block."
type = string
default = "10.0.0.0/28"
}
variable "subnet_cidr_block" { variable "subnet_cidr_block" {
description = "Subnet CIDR block." description = "Subnet CIDR block."
type = string type = string
default = "10.0.1.0/24" default = "10.0.1.0/24"
} }
variable "region" {
description = "Region."
type = string
default = "europe-west1"
}
variable "zone" { variable "zone" {
description = "Zone." description = "Zone."
type = string type = string

18
blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md
View File

@ -64,14 +64,14 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | | | [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | |
| [fleet_project_id](variables.tf#L32) | Management Project ID. | <code>string</code> | ✓ | | | [fleet_project_id](variables.tf#L46) | Management Project ID. | <code>string</code> | ✓ | |
| [host_project_id](variables.tf#L27) | Project ID. | <code>string</code> | ✓ | | | [host_project_id](variables.tf#L51) | Project ID. | <code>string</code> | ✓ | |
| [mgmt_project_id](variables.tf#L37) | Management Project ID. | <code>string</code> | ✓ | | | [mgmt_project_id](variables.tf#L63) | Management Project ID. | <code>string</code> | ✓ | |
| [parent](variables.tf#L22) | Parent. | <code>string</code> | ✓ | | | [parent](variables.tf#L94) | Parent. | <code>string</code> | ✓ | |
| [clusters_config](variables.tf#L54) | Clusters configuration. | <code title="map&#40;object&#40;&#123;&#10; subnet_cidr_block &#61; string&#10; master_cidr_block &#61; string&#10; services_cidr_block &#61; string&#10; pods_cidr_block &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#123;&#10; cluster-a &#61; &#123;&#10; subnet_cidr_block &#61; &#34;10.0.1.0&#47;24&#34;&#10; master_cidr_block &#61; &#34;10.16.0.0&#47;28&#34;&#10; services_cidr_block &#61; &#34;192.168.1.0&#47;24&#34;&#10; pods_cidr_block &#61; &#34;172.16.0.0&#47;20&#34;&#10; &#125;&#10; cluster-b &#61; &#123;&#10; subnet_cidr_block &#61; &#34;10.0.2.0&#47;24&#34;&#10; master_cidr_block &#61; &#34;10.16.0.16&#47;28&#34;&#10; services_cidr_block &#61; &#34;192.168.2.0&#47;24&#34;&#10; pods_cidr_block &#61; &#34;172.16.16.0&#47;20&#34;&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> | | [clusters_config](variables.tf#L22) | Clusters configuration. | <code title="map&#40;object&#40;&#123;&#10; subnet_cidr_block &#61; string&#10; master_cidr_block &#61; string&#10; services_cidr_block &#61; string&#10; pods_cidr_block &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#123;&#10; cluster-a &#61; &#123;&#10; subnet_cidr_block &#61; &#34;10.0.1.0&#47;24&#34;&#10; master_cidr_block &#61; &#34;10.16.0.0&#47;28&#34;&#10; services_cidr_block &#61; &#34;192.168.1.0&#47;24&#34;&#10; pods_cidr_block &#61; &#34;172.16.0.0&#47;20&#34;&#10; &#125;&#10; cluster-b &#61; &#123;&#10; subnet_cidr_block &#61; &#34;10.0.2.0&#47;24&#34;&#10; master_cidr_block &#61; &#34;10.16.0.16&#47;28&#34;&#10; services_cidr_block &#61; &#34;192.168.2.0&#47;24&#34;&#10; pods_cidr_block &#61; &#34;172.16.16.0&#47;20&#34;&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [istio_version](variables.tf#L98) | ASM version | <code>string</code> | | <code>&#34;1.14.1-asm.3&#34;</code> | | [istio_version](variables.tf#L57) | ASM version | <code>string</code> | | <code>&#34;1.14.1-asm.3&#34;</code> |
| [mgmt_server_config](variables.tf#L78) | Mgmt server configuration | <code title="object&#40;&#123;&#10; disk_size &#61; number&#10; disk_type &#61; string&#10; image &#61; string&#10; instance_type &#61; string&#10; region &#61; string&#10; zone &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; disk_size &#61; 50&#10; disk_type &#61; &#34;pd-ssd&#34;&#10; image &#61; &#34;projects&#47;ubuntu-os-cloud&#47;global&#47;images&#47;family&#47;ubuntu-2204-lts&#34;&#10; instance_type &#61; &#34;n1-standard-2&#34;&#10; region &#61; &#34;europe-west1&#34;&#10; zone &#61; &#34;europe-west1-c&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [mgmt_server_config](variables.tf#L68) | Mgmt server configuration | <code title="object&#40;&#123;&#10; disk_size &#61; number&#10; disk_type &#61; string&#10; image &#61; string&#10; instance_type &#61; string&#10; region &#61; string&#10; zone &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; disk_size &#61; 50&#10; disk_type &#61; &#34;pd-ssd&#34;&#10; image &#61; &#34;projects&#47;ubuntu-os-cloud&#47;global&#47;images&#47;family&#47;ubuntu-2204-lts&#34;&#10; instance_type &#61; &#34;n1-standard-2&#34;&#10; region &#61; &#34;europe-west1&#34;&#10; zone &#61; &#34;europe-west1-c&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [mgmt_subnet_cidr_block](variables.tf#L42) | Management subnet CIDR block. | <code>string</code> | | <code>&#34;10.0.0.0&#47;28&#34;</code> | | [mgmt_subnet_cidr_block](variables.tf#L88) | Management subnet CIDR block. | <code>string</code> | | <code>&#34;10.0.0.0&#47;28&#34;</code> |
| [region](variables.tf#L48) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L99) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
<!-- END TFDOC --> <!-- END TFDOC -->

71
blueprints/gke/multi-cluster-mesh-gke-fleet-api/variables.tf
View File

@ -19,38 +19,6 @@ variable "billing_account_id" {
type = string type = string
} }
variable "parent" {
description = "Parent."
type = string
}
variable "host_project_id" {
description = "Project ID."
type = string
}
variable "fleet_project_id" {
description = "Management Project ID."
type = string
}
variable "mgmt_project_id" {
description = "Management Project ID."
type = string
}
variable "mgmt_subnet_cidr_block" {
description = "Management subnet CIDR block."
type = string
default = "10.0.0.0/28"
}
variable "region" {
description = "Region."
type = string
default = "europe-west1"
}
variable "clusters_config" { variable "clusters_config" {
description = "Clusters configuration." description = "Clusters configuration."
type = map(object({ type = map(object({
@ -75,6 +43,28 @@ variable "clusters_config" {
} }
} }
variable "fleet_project_id" {
description = "Management Project ID."
type = string
}
variable "host_project_id" {
description = "Project ID."
type = string
}
variable "istio_version" {
description = "ASM version"
type = string
default = "1.14.1-asm.3"
}
variable "mgmt_project_id" {
description = "Management Project ID."
type = string
}
variable "mgmt_server_config" { variable "mgmt_server_config" {
description = "Mgmt server configuration" description = "Mgmt server configuration"
type = object({ type = object({
@ -95,8 +85,19 @@ variable "mgmt_server_config" {
} }
} }
variable "istio_version" { variable "mgmt_subnet_cidr_block" {
description = "ASM version" description = "Management subnet CIDR block."
type = string type = string
default = "1.14.1-asm.3" default = "10.0.0.0/28"
}
variable "parent" {
description = "Parent."
type = string
}
variable "region" {
description = "Region."
type = string
default = "europe-west1"
} }

4
blueprints/gke/multitenant-fleet/README.md
View File

@ -265,8 +265,8 @@ module "gke" {
| name | description | sensitive | | name | description | sensitive |
|---|---|:---:| |---|---|:---:|
| [cluster_ids](outputs.tf#L22) | Cluster ids. | | | [cluster_ids](outputs.tf#L17) | Cluster ids. | |
| [clusters](outputs.tf#L17) | Cluster resources. | | | [clusters](outputs.tf#L24) | Cluster resources. | |
| [project_id](outputs.tf#L29) | GKE project id. | | | [project_id](outputs.tf#L29) | GKE project id. | |
<!-- END TFDOC --> <!-- END TFDOC -->

10
blueprints/gke/multitenant-fleet/outputs.tf
View File

@ -14,11 +14,6 @@
# tfdoc:file:description Output variables. # tfdoc:file:description Output variables.
output "clusters" {
description = "Cluster resources."
value = module.gke-cluster
}
output "cluster_ids" { output "cluster_ids" {
description = "Cluster ids." description = "Cluster ids."
value = { value = {
@ -26,6 +21,11 @@ output "cluster_ids" {
} }
} }
output "clusters" {
description = "Cluster resources."
value = module.gke-cluster
}
output "project_id" { output "project_id" {
description = "GKE project id." description = "GKE project id."
value = module.gke-project-0.project_id value = module.gke-project-0.project_id

9
blueprints/networking/glb-and-armor/README.md
View File

@ -118,17 +118,16 @@ The easiest way to remove all the deployed resources is to run the following com
terraform destroy terraform destroy
The above command will delete the associated resources so there will be no billable charges made afterwards. The above command will delete the associated resources so there will be no billable charges made afterwards.
<!-- BEGIN TFDOC --> <!-- BEGIN TFDOC -->
## Variables ## Variables
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [project_id](variables.tf#L26) | Identifier of the project. | <code>string</code> | ✓ | | | [project_id](variables.tf#L38) | Identifier of the project. | <code>string</code> | ✓ | |
| [enforce_security_policy](variables.tf#L31) | Enforce security policy. | <code>bool</code> | | <code>true</code> | | [enforce_security_policy](variables.tf#L17) | Enforce security policy. | <code>bool</code> | | <code>true</code> |
| [prefix](variables.tf#L37) | Prefix used for created resources. | <code>string</code> | | <code>null</code> | | [prefix](variables.tf#L23) | Prefix used for created resources. | <code>string</code> | | <code>null</code> |
| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [project_create](variables.tf#L29) | Parameters for the creation of the new project. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs ## Outputs

24
blueprints/networking/glb-and-armor/variables.tf
View File

@ -14,6 +14,18 @@
* limitations under the License. * limitations under the License.
*/ */
variable "enforce_security_policy" {
description = "Enforce security policy."
type = bool
default = true
}
variable "prefix" {
description = "Prefix used for created resources."
type = string
default = null
}
variable "project_create" { variable "project_create" {
description = "Parameters for the creation of the new project." description = "Parameters for the creation of the new project."
type = object({ type = object({
@ -27,15 +39,3 @@ variable "project_id" {
description = "Identifier of the project." description = "Identifier of the project."
type = string type = string
} }
variable "enforce_security_policy" {
description = "Enforce security policy."
type = bool
default = true
}
variable "prefix" {
description = "Prefix used for created resources."
type = string
default = null
}

22
blueprints/networking/psc-hybrid/README.md
View File

@ -40,16 +40,16 @@ Before applying this Terraform
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [dest_ip_address](variables.tf#L37) | On-prem service destination IP address. | <code>string</code> | ✓ | | | [dest_ip_address](variables.tf#L17) | On-prem service destination IP address. | <code>string</code> | ✓ | |
| [prefix](variables.tf#L17) | Prefix to use for resource names. | <code>string</code> | ✓ | | | [prefix](variables.tf#L28) | Prefix to use for resource names. | <code>string</code> | ✓ | |
| [producer](variables.tf#L88) | Producer configuration. | <code title="object&#40;&#123;&#10; subnet_main &#61; string &#35; CIDR&#10; subnet_proxy &#61; string &#35; CIDR&#10; subnet_psc &#61; string &#35; CIDR&#10; accepted_limits &#61; map&#40;number&#41; &#35; Accepted project ids &#61;&#62; PSC endpoint limit&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | | [producer](variables.tf#L33) | Producer configuration. | <code title="object&#40;&#123;&#10; subnet_main &#61; string &#35; CIDR&#10; subnet_proxy &#61; string &#35; CIDR&#10; subnet_psc &#61; string &#35; CIDR&#10; accepted_limits &#61; map&#40;number&#41; &#35; Accepted project ids &#61;&#62; PSC endpoint limit&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [project_id](variables.tf#L22) | When referncing existing projects, the id of the project where resources will be created. | <code>string</code> | ✓ | | | [project_id](variables.tf#L49) | When referncing existing projects, the id of the project where resources will be created. | <code>string</code> | ✓ | |
| [region](variables.tf#L27) | Region where resources will be created. | <code>string</code> | ✓ | | | [region](variables.tf#L54) | Region where resources will be created. | <code>string</code> | ✓ | |
| [subnet_consumer](variables.tf#L98) | Consumer subnet CIDR. | <code>string &#35; CIDR</code> | ✓ | | | [subnet_consumer](variables.tf#L59) | Consumer subnet CIDR. | <code>string &#35; CIDR</code> | ✓ | |
| [zone](variables.tf#L32) | Zone where resources will be created. | <code>string</code> | ✓ | | | [zone](variables.tf#L98) | Zone where resources will be created. | <code>string</code> | ✓ | |
| [dest_port](variables.tf#L42) | On-prem service destination port. | <code>string</code> | | <code>&#34;80&#34;</code> | | [dest_port](variables.tf#L22) | On-prem service destination port. | <code>string</code> | | <code>&#34;80&#34;</code> |
| [project_create](variables.tf#L48) | Whether to automatically create a project. | <code>bool</code> | | <code>false</code> | | [project_create](variables.tf#L43) | Whether to automatically create a project. | <code>bool</code> | | <code>false</code> |
| [vpc_config](variables.tf#L60) | VPC and subnet ids, in case existing VPCs are used. | <code title="object&#40;&#123;&#10; producer &#61; object&#40;&#123;&#10; id &#61; string&#10; subnet_main_id &#61; string&#10; subnet_proxy_id &#61; string&#10; subnet_psc_id &#61; string&#10; &#125;&#41;&#10; consumer &#61; object&#40;&#123;&#10; id &#61; string&#10; subnet_main_id &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; producer &#61; &#123;&#10; id &#61; &#34;xxx&#34;&#10; subnet_main_id &#61; &#34;xxx&#34;&#10; subnet_proxy_id &#61; &#34;xxx&#34;&#10; subnet_psc_id &#61; &#34;xxx&#34;&#10; &#125;&#10; consumer &#61; &#123;&#10; id &#61; &#34;xxx&#34;&#10; subnet_main_id &#61; &#34;xxx&#34;&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> | | [vpc_config](variables.tf#L64) | VPC and subnet ids, in case existing VPCs are used. | <code title="object&#40;&#123;&#10; producer &#61; object&#40;&#123;&#10; id &#61; string&#10; subnet_main_id &#61; string&#10; subnet_proxy_id &#61; string&#10; subnet_psc_id &#61; string&#10; &#125;&#41;&#10; consumer &#61; object&#40;&#123;&#10; id &#61; string&#10; subnet_main_id &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; producer &#61; &#123;&#10; id &#61; &#34;xxx&#34;&#10; subnet_main_id &#61; &#34;xxx&#34;&#10; subnet_proxy_id &#61; &#34;xxx&#34;&#10; subnet_psc_id &#61; &#34;xxx&#34;&#10; &#125;&#10; consumer &#61; &#123;&#10; id &#61; &#34;xxx&#34;&#10; subnet_main_id &#61; &#34;xxx&#34;&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [vpc_create](variables.tf#L54) | Whether to automatically create VPCs. | <code>bool</code> | | <code>true</code> | | [vpc_create](variables.tf#L92) | Whether to automatically create VPCs. | <code>bool</code> | | <code>true</code> |
<!-- END TFDOC --> <!-- END TFDOC -->

13
blueprints/networking/psc-hybrid/psc-consumer/README.md
View File

@ -1,18 +1,17 @@
# PSC Consumer # PSC Consumer
The module creates a consumer VPC and a Private Service Connect (PSC) endpoint, pointing to the PSC Service Attachment (SA) specified. The module creates a consumer VPC and a Private Service Connect (PSC) endpoint, pointing to the PSC Service Attachment (SA) specified.
<!-- BEGIN TFDOC --> <!-- BEGIN TFDOC -->
## Variables ## Variables
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [name](variables.tf#L22) | Name of the resources created. | <code>string</code> | ✓ | | | [name](variables.tf#L17) | Name of the resources created. | <code>string</code> | ✓ | |
| [network](variables.tf#L32) | Consumer network id. | <code>string</code> | ✓ | | | [network](variables.tf#L22) | Consumer network id. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L17) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | | | [project_id](variables.tf#L27) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | |
| [region](variables.tf#L27) | Region where resources will be created. | <code>string</code> | ✓ | | | [region](variables.tf#L32) | Region where resources will be created. | <code>string</code> | ✓ | |
| [sa_id](variables.tf#L42) | PSC producer service attachment id. | <code>string</code> | ✓ | | | [sa_id](variables.tf#L37) | PSC producer service attachment id. | <code>string</code> | ✓ | |
| [subnet](variables.tf#L37) | Subnetwork id where resources will be associated. | <code>string</code> | ✓ | | | [subnet](variables.tf#L42) | Subnetwork id where resources will be associated. | <code>string</code> | ✓ | |
<!-- END TFDOC --> <!-- END TFDOC -->

24
blueprints/networking/psc-hybrid/psc-consumer/variables.tf
View File

@ -14,28 +14,23 @@
* limitations under the License. * limitations under the License.
*/ */
variable "project_id" {
description = "The ID of the project where this VPC will be created."
type = string
}
variable "name" { variable "name" {
description = "Name of the resources created." description = "Name of the resources created."
type = string type = string
} }
variable "region" {
description = "Region where resources will be created."
type = string
}
variable "network" { variable "network" {
description = "Consumer network id." description = "Consumer network id."
type = string type = string
} }
variable "subnet" { variable "project_id" {
description = "Subnetwork id where resources will be associated." description = "The ID of the project where this VPC will be created."
type = string
}
variable "region" {
description = "Region where resources will be created."
type = string type = string
} }
@ -43,3 +38,8 @@ variable "sa_id" {
description = "PSC producer service attachment id." description = "PSC producer service attachment id."
type = string type = string
} }
variable "subnet" {
description = "Subnetwork id where resources will be associated."
type = string
}

23
blueprints/networking/psc-hybrid/psc-producer/README.md
View File

@ -5,24 +5,23 @@ The module creates:
- a producer VPC - a producer VPC
- an internal regional TCP proxy load balancer with a hybrid Network Endpoint Group (NEG) backend, pointing to an on-prem service (IP + port) - an internal regional TCP proxy load balancer with a hybrid Network Endpoint Group (NEG) backend, pointing to an on-prem service (IP + port)
- a Private Service Connect Service Attachment (PSC SA) exposing the service to [PSC consumers](../psc-consumer/README.md) - a Private Service Connect Service Attachment (PSC SA) exposing the service to [PSC consumers](../psc-consumer/README.md)
<!-- BEGIN TFDOC --> <!-- BEGIN TFDOC -->
## Variables ## Variables
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [accepted_limits](variables.tf#L68) | Incoming accepted projects with endpoints limit. | <code>map&#40;number&#41;</code> | ✓ | | | [accepted_limits](variables.tf#L17) | Incoming accepted projects with endpoints limit. | <code>map&#40;number&#41;</code> | ✓ | |
| [dest_ip_address](variables.tf#L57) | On-prem service destination IP address. | <code>string</code> | ✓ | | | [dest_ip_address](variables.tf#L22) | On-prem service destination IP address. | <code>string</code> | ✓ | |
| [name](variables.tf#L22) | Name of the resources created. | <code>string</code> | ✓ | | | [name](variables.tf#L33) | Name of the resources created. | <code>string</code> | ✓ | |
| [network](variables.tf#L37) | Producer network id. | <code>string</code> | ✓ | | | [network](variables.tf#L38) | Producer network id. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L17) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | | | [project_id](variables.tf#L43) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | |
| [region](variables.tf#L27) | Region where resources will be created. | <code>string</code> | ✓ | | | [region](variables.tf#L48) | Region where resources will be created. | <code>string</code> | ✓ | |
| [subnet](variables.tf#L42) | Subnetwork id where resources will be associated. | <code>string</code> | ✓ | | | [subnet](variables.tf#L53) | Subnetwork id where resources will be associated. | <code>string</code> | ✓ | |
| [subnet_proxy](variables.tf#L47) | L7 Regional load balancing subnet id. | <code>string</code> | ✓ | | | [subnet_proxy](variables.tf#L58) | L7 Regional load balancing subnet id. | <code>string</code> | ✓ | |
| [subnets_psc](variables.tf#L52) | PSC NAT subnets. | <code>list&#40;string&#41;</code> | ✓ | | | [subnets_psc](variables.tf#L63) | PSC NAT subnets. | <code>list&#40;string&#41;</code> | ✓ | |
| [zone](variables.tf#L32) | Zone where resources will be created. | <code>string</code> | ✓ | | | [zone](variables.tf#L68) | Zone where resources will be created. | <code>string</code> | ✓ | |
| [dest_port](variables.tf#L62) | On-prem service destination port. | <code>string</code> | | <code>&#34;80&#34;</code> | | [dest_port](variables.tf#L27) | On-prem service destination port. | <code>string</code> | | <code>&#34;80&#34;</code> |
## Outputs ## Outputs

50
blueprints/networking/psc-hybrid/psc-producer/variables.tf
View File

@ -14,31 +14,42 @@
* limitations under the License. * limitations under the License.
*/ */
variable "project_id" { variable "accepted_limits" {
description = "The ID of the project where this VPC will be created." description = "Incoming accepted projects with endpoints limit."
type = map(number)
}
variable "dest_ip_address" {
description = "On-prem service destination IP address."
type = string type = string
} }
variable "dest_port" {
description = "On-prem service destination port."
type = string
default = "80"
}
variable "name" { variable "name" {
description = "Name of the resources created." description = "Name of the resources created."
type = string type = string
} }
variable "region" {
description = "Region where resources will be created."
type = string
}
variable "zone" {
description = "Zone where resources will be created."
type = string
}
variable "network" { variable "network" {
description = "Producer network id." description = "Producer network id."
type = string type = string
} }
variable "project_id" {
description = "The ID of the project where this VPC will be created."
type = string
}
variable "region" {
description = "Region where resources will be created."
type = string
}
variable "subnet" { variable "subnet" {
description = "Subnetwork id where resources will be associated." description = "Subnetwork id where resources will be associated."
type = string type = string
@ -54,18 +65,7 @@ variable "subnets_psc" {
type = list(string) type = list(string)
} }
variable "dest_ip_address" { variable "zone" {
description = "On-prem service destination IP address." description = "Zone where resources will be created."
type = string type = string
} }
variable "dest_port" {
description = "On-prem service destination port."
type = string
default = "80"
}
variable "accepted_limits" {
description = "Incoming accepted projects with endpoints limit."
type = map(number)
}

74
blueprints/networking/psc-hybrid/variables.tf
View File

@ -14,11 +14,38 @@
* limitations under the License. * limitations under the License.
*/ */
variable "dest_ip_address" {
description = "On-prem service destination IP address."
type = string
}
variable "dest_port" {
description = "On-prem service destination port."
type = string
default = "80"
}
variable "prefix" { variable "prefix" {
description = "Prefix to use for resource names." description = "Prefix to use for resource names."
type = string type = string
} }
variable "producer" {
description = "Producer configuration."
type = object({
subnet_main = string # CIDR
subnet_proxy = string # CIDR
subnet_psc = string # CIDR
accepted_limits = map(number) # Accepted project ids => PSC endpoint limit
})
}
variable "project_create" {
description = "Whether to automatically create a project."
type = bool
default = false
}
variable "project_id" { variable "project_id" {
description = "When referncing existing projects, the id of the project where resources will be created." description = "When referncing existing projects, the id of the project where resources will be created."
type = string type = string
@ -29,32 +56,9 @@ variable "region" {
type = string type = string
} }
variable "zone" { variable "subnet_consumer" {
description = "Zone where resources will be created." description = "Consumer subnet CIDR."
type = string type = string # CIDR
}
variable "dest_ip_address" {
description = "On-prem service destination IP address."
type = string
}
variable "dest_port" {
description = "On-prem service destination port."
type = string
default = "80"
}
variable "project_create" {
description = "Whether to automatically create a project."
type = bool
default = false
}
variable "vpc_create" {
description = "Whether to automatically create VPCs."
type = bool
default = true
} }
variable "vpc_config" { variable "vpc_config" {
@ -85,17 +89,13 @@ variable "vpc_config" {
} }
} }
variable "producer" { variable "vpc_create" {
description = "Producer configuration." description = "Whether to automatically create VPCs."
type = object({ type = bool
subnet_main = string # CIDR default = true
subnet_proxy = string # CIDR
subnet_psc = string # CIDR
accepted_limits = map(number) # Accepted project ids => PSC endpoint limit
})
} }
variable "subnet_consumer" { variable "zone" {
description = "Consumer subnet CIDR." description = "Zone where resources will be created."
type = string # CIDR type = string
} }

22
blueprints/third-party-solutions/openshift/tf/README.md
View File

@ -8,18 +8,18 @@ This example is a companion setup to the Python script in the parent folder, and
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [cluster_name](variables.tf#L23) | Name used for the cluster and DNS zone. | <code>string</code> | ✓ | | | [cluster_name](variables.tf#L23) | Name used for the cluster and DNS zone. | <code>string</code> | ✓ | |
| [domain](variables.tf#L28) | Domain name used to derive the DNS zone. | <code>string</code> | ✓ | | | [domain](variables.tf#L39) | Domain name used to derive the DNS zone. | <code>string</code> | ✓ | |
| [fs_paths](variables.tf#L87) | Filesystem paths for commands and data, supports home path expansion. | <code title="object&#40;&#123;&#10; credentials &#61; string&#10; config_dir &#61; string&#10; openshift_install &#61; string&#10; pull_secret &#61; string&#10; ssh_key &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | | [fs_paths](variables.tf#L44) | Filesystem paths for commands and data, supports home path expansion. | <code title="object&#40;&#123;&#10; credentials &#61; string&#10; config_dir &#61; string&#10; openshift_install &#61; string&#10; pull_secret &#61; string&#10; ssh_key &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [host_project](variables.tf#L44) | Shared VPC project and network configuration. | <code title="object&#40;&#123;&#10; default_subnet_name &#61; string&#10; masters_subnet_name &#61; string&#10; project_id &#61; string&#10; vpc_name &#61; string&#10; workers_subnet_name &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | | [host_project](variables.tf#L55) | Shared VPC project and network configuration. | <code title="object&#40;&#123;&#10; default_subnet_name &#61; string&#10; masters_subnet_name &#61; string&#10; project_id &#61; string&#10; vpc_name &#61; string&#10; workers_subnet_name &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [service_project](variables.tf#L124) | Service project configuration. | <code title="object&#40;&#123;&#10; project_id &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | | [service_project](variables.tf#L125) | Service project configuration. | <code title="object&#40;&#123;&#10; project_id &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [allowed_ranges](variables.tf#L17) | Ranges that can SSH to the boostrap VM and API endpoint. | <code>list&#40;any&#41;</code> | | <code>&#91;&#34;10.0.0.0&#47;8&#34;&#93;</code> | | [allowed_ranges](variables.tf#L17) | Ranges that can SSH to the boostrap VM and API endpoint. | <code>list&#40;any&#41;</code> | | <code>&#91;&#34;10.0.0.0&#47;8&#34;&#93;</code> |
| [disk_encryption_key](variables.tf#L33) | Optional CMEK for disk encryption. | <code title="object&#40;&#123;&#10; keyring &#61; string&#10; location &#61; string&#10; name &#61; string&#10; project_id &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [disk_encryption_key](variables.tf#L28) | Optional CMEK for disk encryption. | <code title="object&#40;&#123;&#10; keyring &#61; string&#10; location &#61; string&#10; name &#61; string&#10; project_id &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [install_config_params](variables.tf#L57) | OpenShift cluster configuration. | <code title="object&#40;&#123;&#10; disk_size &#61; number&#10; labels &#61; map&#40;string&#41;&#10; network &#61; object&#40;&#123;&#10; cluster &#61; string&#10; host_prefix &#61; number&#10; machine &#61; string&#10; service &#61; string&#10; &#125;&#41;&#10; proxy &#61; object&#40;&#123;&#10; http &#61; string&#10; https &#61; string&#10; noproxy &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; disk_size &#61; 16&#10; labels &#61; &#123;&#125;&#10; network &#61; &#123;&#10; cluster &#61; &#34;10.128.0.0&#47;14&#34;&#10; host_prefix &#61; 23&#10; machine &#61; &#34;10.0.0.0&#47;16&#34;&#10; service &#61; &#34;172.30.0.0&#47;16&#34;&#10; &#125;&#10; proxy &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> | | [install_config_params](variables.tf#L68) | OpenShift cluster configuration. | <code title="object&#40;&#123;&#10; disk_size &#61; number&#10; labels &#61; map&#40;string&#41;&#10; network &#61; object&#40;&#123;&#10; cluster &#61; string&#10; host_prefix &#61; number&#10; machine &#61; string&#10; service &#61; string&#10; &#125;&#41;&#10; proxy &#61; object&#40;&#123;&#10; http &#61; string&#10; https &#61; string&#10; noproxy &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; disk_size &#61; 16&#10; labels &#61; &#123;&#125;&#10; network &#61; &#123;&#10; cluster &#61; &#34;10.128.0.0&#47;14&#34;&#10; host_prefix &#61; 23&#10; machine &#61; &#34;10.0.0.0&#47;16&#34;&#10; service &#61; &#34;172.30.0.0&#47;16&#34;&#10; &#125;&#10; proxy &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> |
| [post_bootstrap_config](variables.tf#L102) | Name of the service account for the machine operator. Removes bootstrap resources when set. | <code title="object&#40;&#123;&#10; machine_op_sa_prefix &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [post_bootstrap_config](variables.tf#L103) | Name of the service account for the machine operator. Removes bootstrap resources when set. | <code title="object&#40;&#123;&#10; machine_op_sa_prefix &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [region](variables.tf#L110) | Region where resources will be created. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> | | [region](variables.tf#L111) | Region where resources will be created. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
| [rhcos_gcp_image](variables.tf#L116) | RHCOS image used. | <code>string</code> | | <code>&#34;projects&#47;rhcos-cloud&#47;global&#47;images&#47;rhcos-47-83-202102090044-0-gcp-x86-64&#34;</code> | | [rhcos_gcp_image](variables.tf#L117) | RHCOS image used. | <code>string</code> | | <code>&#34;projects&#47;rhcos-cloud&#47;global&#47;images&#47;rhcos-47-83-202102090044-0-gcp-x86-64&#34;</code> |
| [tags](variables.tf#L131) | Additional tags for instances. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;ssh&#34;&#93;</code> | | [tags](variables.tf#L132) | Additional tags for instances. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;ssh&#34;&#93;</code> |
| [zones](variables.tf#L137) | Zones used for instances. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;b&#34;, &#34;c&#34;, &#34;d&#34;&#93;</code> | | [zones](variables.tf#L138) | Zones used for instances. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;b&#34;, &#34;c&#34;, &#34;d&#34;&#93;</code> |
## Outputs ## Outputs

31
blueprints/third-party-solutions/openshift/tf/variables.tf
View File

@ -23,13 +23,8 @@ variable "allowed_ranges" {
variable "cluster_name" { variable "cluster_name" {
description = "Name used for the cluster and DNS zone." description = "Name used for the cluster and DNS zone."
type = string type = string
}
variable "domain" {
description = "Domain name used to derive the DNS zone."
type = string
} }
variable "disk_encryption_key" { variable "disk_encryption_key" {
description = "Optional CMEK for disk encryption." description = "Optional CMEK for disk encryption."
type = object({ type = object({
@ -41,6 +36,22 @@ variable "disk_encryption_key" {
default = null default = null
} }
variable "domain" {
description = "Domain name used to derive the DNS zone."
type = string
}
variable "fs_paths" {
description = "Filesystem paths for commands and data, supports home path expansion."
type = object({
credentials = string
config_dir = string
openshift_install = string
pull_secret = string
ssh_key = string
})
}
variable "host_project" { variable "host_project" {
description = "Shared VPC project and network configuration." description = "Shared VPC project and network configuration."
type = object({ type = object({
@ -84,16 +95,6 @@ variable "install_config_params" {
} }
} }
variable "fs_paths" {
description = "Filesystem paths for commands and data, supports home path expansion."
type = object({
credentials = string
config_dir = string
openshift_install = string
pull_secret = string
ssh_key = string
})
}
# oc -n openshift-cloud-credential-operator get CredentialsRequest \ # oc -n openshift-cloud-credential-operator get CredentialsRequest \
# openshift-machine-api-gcp \ # openshift-machine-api-gcp \

6
fast/stages/00-bootstrap/README.md
View File

@ -491,8 +491,8 @@ The remaining configuration is manual, as it regards the repositories themselves
| [federated_identity](outputs.tf#L116) | Workload Identity Federation pool and providers. | | | | [federated_identity](outputs.tf#L116) | Workload Identity Federation pool and providers. | | |
| [outputs_bucket](outputs.tf#L126) | GCS bucket where generated output files are stored. | | | | [outputs_bucket](outputs.tf#L126) | GCS bucket where generated output files are stored. | | |
| [project_ids](outputs.tf#L131) | Projects created by this stage. | | | | [project_ids](outputs.tf#L131) | Projects created by this stage. | | |
| [providers](outputs.tf#L151) | Terraform provider files for this stage and dependent stages. | ✓ | <code>stage-01</code> | | [providers](outputs.tf#L141) | Terraform provider files for this stage and dependent stages. | ✓ | <code>stage-01</code> |
| [service_accounts](outputs.tf#L140) | Automation service accounts created by this stage. | | | | [service_accounts](outputs.tf#L148) | Automation service accounts created by this stage. | | |
| [tfvars](outputs.tf#L160) | Terraform variable files for the following stages. | ✓ | | | [tfvars](outputs.tf#L158) | Terraform variable files for the following stages. | ✓ | |
<!-- END TFDOC --> <!-- END TFDOC -->

18
fast/stages/00-bootstrap/outputs.tf
View File

@ -137,6 +137,14 @@ output "project_ids" {
} }
} }
# ready to use provider configurations for subsequent stages when not using files
output "providers" {
# tfdoc:output:consumers stage-01
description = "Terraform provider files for this stage and dependent stages."
sensitive = true
value = local.providers
}
output "service_accounts" { output "service_accounts" {
description = "Automation service accounts created by this stage." description = "Automation service accounts created by this stage."
value = { value = {
@ -146,17 +154,7 @@ output "service_accounts" {
} }
} }
# ready to use provider configurations for subsequent stages when not using files
output "providers" {
# tfdoc:output:consumers stage-01
description = "Terraform provider files for this stage and dependent stages."
sensitive = true
value = local.providers
}
# ready to use variable values for subsequent stages # ready to use variable values for subsequent stages
output "tfvars" { output "tfvars" {
description = "Terraform variable files for the following stages." description = "Terraform variable files for the following stages."
sensitive = true sensitive = true

16
fast/stages/01-resman/README.md
View File

@ -201,13 +201,13 @@ Due to its simplicity, this stage lends itself easily to customizations: adding
|---|---|:---:|---| |---|---|:---:|---|
| [cicd_repositories](outputs.tf#L197) | WIF configuration for CI/CD repositories. | | | | [cicd_repositories](outputs.tf#L197) | WIF configuration for CI/CD repositories. | | |
| [dataplatform](outputs.tf#L211) | Data for the Data Platform stage. | | | | [dataplatform](outputs.tf#L211) | Data for the Data Platform stage. | | |
| [gke_multitenant](outputs.tf#L283) | Data for the GKE multitenant stage. | | <code>03-gke-multitenant</code> | | [gke_multitenant](outputs.tf#L227) | Data for the GKE multitenant stage. | | <code>03-gke-multitenant</code> |
| [networking](outputs.tf#L227) | Data for the networking stage. | | | | [networking](outputs.tf#L248) | Data for the networking stage. | | |
| [project_factories](outputs.tf#L236) | Data for the project factories stage. | | | | [project_factories](outputs.tf#L257) | Data for the project factories stage. | | |
| [providers](outputs.tf#L252) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>03-dataplatform</code> · <code>xx-sandbox</code> · <code>xx-teams</code> | | [providers](outputs.tf#L272) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>03-dataplatform</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
| [sandbox](outputs.tf#L259) | Data for the sandbox stage. | | <code>xx-sandbox</code> | | [sandbox](outputs.tf#L279) | Data for the sandbox stage. | | <code>xx-sandbox</code> |
| [security](outputs.tf#L273) | Data for the networking stage. | | <code>02-security</code> | | [security](outputs.tf#L293) | Data for the networking stage. | | <code>02-security</code> |
| [teams](outputs.tf#L304) | Data for the teams stage. | | | | [teams](outputs.tf#L303) | Data for the teams stage. | | |
| [tfvars](outputs.tf#L317) | Terraform variable files for the following stages. | ✓ | | | [tfvars](outputs.tf#L315) | Terraform variable files for the following stages. | ✓ | |
<!-- END TFDOC --> <!-- END TFDOC -->

44
fast/stages/01-resman/outputs.tf
View File

@ -224,6 +224,27 @@ output "dataplatform" {
} }
} }
output "gke_multitenant" {
# tfdoc:output:consumers 03-gke-multitenant
description = "Data for the GKE multitenant stage."
value = (
var.fast_features.gke
? {
"dev" = {
folder = module.branch-gke-dev-folder.0.id
gcs_bucket = module.branch-gke-dev-gcs.0.name
service_account = module.branch-gke-dev-sa.0.email
}
"prod" = {
folder = module.branch-gke-prod-folder.0.id
gcs_bucket = module.branch-gke-prod-gcs.0.name
service_account = module.branch-gke-prod-sa.0.email
}
}
: {}
)
}
output "networking" { output "networking" {
description = "Data for the networking stage." description = "Data for the networking stage."
value = { value = {
@ -248,7 +269,6 @@ output "project_factories" {
} }
# ready to use provider configurations for subsequent stages # ready to use provider configurations for subsequent stages
output "providers" { output "providers" {
# tfdoc:output:consumers 02-networking 02-security 03-dataplatform xx-sandbox xx-teams # tfdoc:output:consumers 02-networking 02-security 03-dataplatform xx-sandbox xx-teams
description = "Terraform provider files for this stage and dependent stages." description = "Terraform provider files for this stage and dependent stages."
@ -280,27 +300,6 @@ output "security" {
} }
} }
output "gke_multitenant" {
# tfdoc:output:consumers 03-gke-multitenant
description = "Data for the GKE multitenant stage."
value = (
var.fast_features.gke
? {
"dev" = {
folder = module.branch-gke-dev-folder.0.id
gcs_bucket = module.branch-gke-dev-gcs.0.name
service_account = module.branch-gke-dev-sa.0.email
}
"prod" = {
folder = module.branch-gke-prod-folder.0.id
gcs_bucket = module.branch-gke-prod-gcs.0.name
service_account = module.branch-gke-prod-sa.0.email
}
}
: {}
)
}
output "teams" { output "teams" {
description = "Data for the teams stage." description = "Data for the teams stage."
value = { value = {
@ -313,7 +312,6 @@ output "teams" {
} }
# ready to use variable values for subsequent stages # ready to use variable values for subsequent stages
output "tfvars" { output "tfvars" {
description = "Terraform variable files for the following stages." description = "Terraform variable files for the following stages."
sensitive = true sensitive = true

4
fast/stages/02-networking-nva/README.md
View File

@ -396,7 +396,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [host_project_ids](outputs.tf#L58) | Network project ids. | | | | [host_project_ids](outputs.tf#L58) | Network project ids. | | |
| [host_project_numbers](outputs.tf#L63) | Network project numbers. | | | | [host_project_numbers](outputs.tf#L63) | Network project numbers. | | |
| [shared_vpc_self_links](outputs.tf#L68) | Shared VPC host projects. | | | | [shared_vpc_self_links](outputs.tf#L68) | Shared VPC host projects. | | |
| [tfvars](outputs.tf#L87) | Terraform variables file for the following stages. | ✓ | | | [tfvars](outputs.tf#L73) | Terraform variables file for the following stages. | ✓ | |
| [vpn_gateway_endpoints](outputs.tf#L73) | External IP Addresses for the GCP VPN gateways. | | | | [vpn_gateway_endpoints](outputs.tf#L79) | External IP Addresses for the GCP VPN gateways. | | |
<!-- END TFDOC --> <!-- END TFDOC -->

12
fast/stages/02-networking-nva/outputs.tf
View File

@ -70,6 +70,12 @@ output "shared_vpc_self_links" {
value = local.vpc_self_links value = local.vpc_self_links
} }
output "tfvars" {
description = "Terraform variables file for the following stages."
sensitive = true
value = local.tfvars
}
output "vpn_gateway_endpoints" { output "vpn_gateway_endpoints" {
description = "External IP Addresses for the GCP VPN gateways." description = "External IP Addresses for the GCP VPN gateways."
value = local.enable_onprem_vpn == false ? null : { value = local.enable_onprem_vpn == false ? null : {
@ -83,9 +89,3 @@ output "vpn_gateway_endpoints" {
} }
} }
} }
output "tfvars" {
description = "Terraform variables file for the following stages."
sensitive = true
value = local.tfvars
}

4
fast/stages/02-networking-peering/README.md
View File

@ -321,7 +321,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [host_project_ids](outputs.tf#L68) | Network project ids. | | | | [host_project_ids](outputs.tf#L68) | Network project ids. | | |
| [host_project_numbers](outputs.tf#L73) | Network project numbers. | | | | [host_project_numbers](outputs.tf#L73) | Network project numbers. | | |
| [shared_vpc_self_links](outputs.tf#L78) | Shared VPC host projects. | | | | [shared_vpc_self_links](outputs.tf#L78) | Shared VPC host projects. | | |
| [tfvars](outputs.tf#L93) | Terraform variables file for the following stages. | ✓ | | | [tfvars](outputs.tf#L83) | Terraform variables file for the following stages. | ✓ | |
| [vpn_gateway_endpoints](outputs.tf#L83) | External IP Addresses for the GCP VPN gateways. | | | | [vpn_gateway_endpoints](outputs.tf#L89) | External IP Addresses for the GCP VPN gateways. | | |
<!-- END TFDOC --> <!-- END TFDOC -->

12
fast/stages/02-networking-peering/outputs.tf
View File

@ -80,6 +80,12 @@ output "shared_vpc_self_links" {
value = local.vpc_self_links value = local.vpc_self_links
} }
output "tfvars" {
description = "Terraform variables file for the following stages."
sensitive = true
value = local.tfvars
}
output "vpn_gateway_endpoints" { output "vpn_gateway_endpoints" {
description = "External IP Addresses for the GCP VPN gateways." description = "External IP Addresses for the GCP VPN gateways."
value = local.enable_onprem_vpn == false ? null : { value = local.enable_onprem_vpn == false ? null : {
@ -89,9 +95,3 @@ output "vpn_gateway_endpoints" {
} }
} }
} }
output "tfvars" {
description = "Terraform variables file for the following stages."
sensitive = true
value = local.tfvars
}

10
fast/stages/02-networking-separate-envs/README.md
View File

@ -259,11 +259,11 @@ You're now ready to run `terraform init` and `apply`.
| name | description | sensitive | consumers | | name | description | sensitive | consumers |
|---|---|:---:|---| |---|---|:---:|---|
| [dev_cloud_dns_inbound_policy](outputs.tf#L59) | IP Addresses for Cloud DNS inbound policy for the dev environment. | | | | [dev_cloud_dns_inbound_policy](outputs.tf#L59) | IP Addresses for Cloud DNS inbound policy for the dev environment. | | |
| [host_project_ids](outputs.tf#L69) | Network project ids. | | | | [host_project_ids](outputs.tf#L64) | Network project ids. | | |
| [host_project_numbers](outputs.tf#L74) | Network project numbers. | | | | [host_project_numbers](outputs.tf#L69) | Network project numbers. | | |
| [prod_cloud_dns_inbound_policy](outputs.tf#L64) | IP Addresses for Cloud DNS inbound policy for the prod environment. | | | | [prod_cloud_dns_inbound_policy](outputs.tf#L74) | IP Addresses for Cloud DNS inbound policy for the prod environment. | | |
| [shared_vpc_self_links](outputs.tf#L79) | Shared VPC host projects. | | | | [shared_vpc_self_links](outputs.tf#L79) | Shared VPC host projects. | | |
| [tfvars](outputs.tf#L98) | Terraform variables file for the following stages. | ✓ | | | [tfvars](outputs.tf#L84) | Terraform variables file for the following stages. | ✓ | |
| [vpn_gateway_endpoints](outputs.tf#L84) | External IP Addresses for the GCP VPN gateways. | | | | [vpn_gateway_endpoints](outputs.tf#L90) | External IP Addresses for the GCP VPN gateways. | | |
<!-- END TFDOC --> <!-- END TFDOC -->

22
fast/stages/02-networking-separate-envs/outputs.tf
View File

@ -61,11 +61,6 @@ output "dev_cloud_dns_inbound_policy" {
value = [for s in module.dev-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)] value = [for s in module.dev-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)]
} }
output "prod_cloud_dns_inbound_policy" {
description = "IP Addresses for Cloud DNS inbound policy for the prod environment."
value = [for s in module.prod-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)]
}
output "host_project_ids" { output "host_project_ids" {
description = "Network project ids." description = "Network project ids."
value = local.host_project_ids value = local.host_project_ids
@ -76,11 +71,22 @@ output "host_project_numbers" {
value = local.host_project_numbers value = local.host_project_numbers
} }
output "prod_cloud_dns_inbound_policy" {
description = "IP Addresses for Cloud DNS inbound policy for the prod environment."
value = [for s in module.prod-spoke-vpc.subnets : cidrhost(s.ip_cidr_range, 2)]
}
output "shared_vpc_self_links" { output "shared_vpc_self_links" {
description = "Shared VPC host projects." description = "Shared VPC host projects."
value = local.vpc_self_links value = local.vpc_self_links
} }
output "tfvars" {
description = "Terraform variables file for the following stages."
sensitive = true
value = local.tfvars
}
output "vpn_gateway_endpoints" { output "vpn_gateway_endpoints" {
description = "External IP Addresses for the GCP VPN gateways." description = "External IP Addresses for the GCP VPN gateways."
value = local.enable_onprem_vpn == false ? null : { value = local.enable_onprem_vpn == false ? null : {
@ -94,9 +100,3 @@ output "vpn_gateway_endpoints" {
} }
} }
} }
output "tfvars" {
description = "Terraform variables file for the following stages."
sensitive = true
value = local.tfvars
}

4
fast/stages/02-networking-vpn/README.md
View File

@ -347,7 +347,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [host_project_ids](outputs.tf#L68) | Network project ids. | | | | [host_project_ids](outputs.tf#L68) | Network project ids. | | |
| [host_project_numbers](outputs.tf#L73) | Network project numbers. | | | | [host_project_numbers](outputs.tf#L73) | Network project numbers. | | |
| [shared_vpc_self_links](outputs.tf#L78) | Shared VPC host projects. | | | | [shared_vpc_self_links](outputs.tf#L78) | Shared VPC host projects. | | |
| [tfvars](outputs.tf#L93) | Terraform variables file for the following stages. | ✓ | | | [tfvars](outputs.tf#L83) | Terraform variables file for the following stages. | ✓ | |
| [vpn_gateway_endpoints](outputs.tf#L83) | External IP Addresses for the GCP VPN gateways. | | | | [vpn_gateway_endpoints](outputs.tf#L89) | External IP Addresses for the GCP VPN gateways. | | |
<!-- END TFDOC --> <!-- END TFDOC -->

12
fast/stages/02-networking-vpn/outputs.tf
View File

@ -80,6 +80,12 @@ output "shared_vpc_self_links" {
value = local.vpc_self_links value = local.vpc_self_links
} }
output "tfvars" {
description = "Terraform variables file for the following stages."
sensitive = true
value = local.tfvars
}
output "vpn_gateway_endpoints" { output "vpn_gateway_endpoints" {
description = "External IP Addresses for the GCP VPN gateways." description = "External IP Addresses for the GCP VPN gateways."
value = local.enable_onprem_vpn == false ? null : { value = local.enable_onprem_vpn == false ? null : {
@ -89,9 +95,3 @@ output "vpn_gateway_endpoints" {
} }
} }
} }
output "tfvars" {
description = "Terraform variables file for the following stages."
sensitive = true
value = local.tfvars
}

8
fast/stages/02-security/README.md
View File

@ -265,13 +265,13 @@ Some references that might be useful in setting up this stage:
| [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object&#40;&#123;&#10; outputs_bucket &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>00-bootstrap</code> | | [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object&#40;&#123;&#10; outputs_bucket &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>00-bootstrap</code> |
| [billing_account](variables.tf#L25) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object&#40;&#123;&#10; id &#61; string&#10; organization_id &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>00-bootstrap</code> | | [billing_account](variables.tf#L25) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object&#40;&#123;&#10; id &#61; string&#10; organization_id &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>00-bootstrap</code> |
| [folder_ids](variables.tf#L34) | Folder name => id mappings, the 'security' folder name must exist. | <code title="object&#40;&#123;&#10; security &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>01-resman</code> | | [folder_ids](variables.tf#L34) | Folder name => id mappings, the 'security' folder name must exist. | <code title="object&#40;&#123;&#10; security &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>01-resman</code> |
| [organization](variables.tf#L91) | Organization details. | <code title="object&#40;&#123;&#10; domain &#61; string&#10; id &#61; number&#10; customer_id &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>00-bootstrap</code> | | [organization](variables.tf#L80) | Organization details. | <code title="object&#40;&#123;&#10; domain &#61; string&#10; id &#61; number&#10; customer_id &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>00-bootstrap</code> |
| [prefix](variables.tf#L107) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> | | [prefix](variables.tf#L96) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
| [service_accounts](variables.tf#L80) | Automation service accounts that can assign the encrypt/decrypt roles on keys. | <code title="object&#40;&#123;&#10; data-platform-dev &#61; string&#10; data-platform-prod &#61; string&#10; project-factory-dev &#61; string&#10; project-factory-prod &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>01-resman</code> | | [service_accounts](variables.tf#L107) | Automation service accounts that can assign the encrypt/decrypt roles on keys. | <code title="object&#40;&#123;&#10; data-platform-dev &#61; string&#10; data-platform-prod &#61; string&#10; project-factory-dev &#61; string&#10; project-factory-prod &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>01-resman</code> |
| [groups](variables.tf#L42) | Group names to grant organization-level permissions. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; gcp-billing-admins &#61; &#34;gcp-billing-admins&#34;,&#10; gcp-devops &#61; &#34;gcp-devops&#34;,&#10; gcp-network-admins &#61; &#34;gcp-network-admins&#34;&#10; gcp-organization-admins &#61; &#34;gcp-organization-admins&#34;&#10; gcp-security-admins &#61; &#34;gcp-security-admins&#34;&#10; gcp-support &#61; &#34;gcp-support&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | <code>00-bootstrap</code> | | [groups](variables.tf#L42) | Group names to grant organization-level permissions. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; gcp-billing-admins &#61; &#34;gcp-billing-admins&#34;,&#10; gcp-devops &#61; &#34;gcp-devops&#34;,&#10; gcp-network-admins &#61; &#34;gcp-network-admins&#34;&#10; gcp-organization-admins &#61; &#34;gcp-organization-admins&#34;&#10; gcp-security-admins &#61; &#34;gcp-security-admins&#34;&#10; gcp-support &#61; &#34;gcp-support&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | <code>00-bootstrap</code> |
| [kms_defaults](variables.tf#L57) | Defaults used for KMS keys. | <code title="object&#40;&#123;&#10; locations &#61; list&#40;string&#41;&#10; rotation_period &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; locations &#61; &#91;&#34;europe&#34;, &#34;europe-west1&#34;, &#34;europe-west3&#34;, &#34;global&#34;&#93;&#10; rotation_period &#61; &#34;7776000s&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | | [kms_defaults](variables.tf#L57) | Defaults used for KMS keys. | <code title="object&#40;&#123;&#10; locations &#61; list&#40;string&#41;&#10; rotation_period &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; locations &#61; &#91;&#34;europe&#34;, &#34;europe-west1&#34;, &#34;europe-west3&#34;, &#34;global&#34;&#93;&#10; rotation_period &#61; &#34;7776000s&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | |
| [kms_keys](variables.tf#L69) | KMS keys to create, keyed by name. Null attributes will be interpolated with defaults. | <code title="map&#40;object&#40;&#123;&#10; iam &#61; map&#40;list&#40;string&#41;&#41;&#10; labels &#61; map&#40;string&#41;&#10; locations &#61; list&#40;string&#41;&#10; rotation_period &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | | [kms_keys](variables.tf#L69) | KMS keys to create, keyed by name. Null attributes will be interpolated with defaults. | <code title="map&#40;object&#40;&#123;&#10; iam &#61; map&#40;list&#40;string&#41;&#41;&#10; labels &#61; map&#40;string&#41;&#10; locations &#61; list&#40;string&#41;&#10; rotation_period &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | |
| [outputs_location](variables.tf#L101) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | | | [outputs_location](variables.tf#L90) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
| [vpc_sc_access_levels](variables.tf#L118) | VPC SC access level definitions. | <code title="map&#40;object&#40;&#123;&#10; combining_function &#61; optional&#40;string&#41;&#10; conditions &#61; optional&#40;list&#40;object&#40;&#123;&#10; device_policy &#61; optional&#40;object&#40;&#123;&#10; allowed_device_management_levels &#61; optional&#40;list&#40;string&#41;&#41;&#10; allowed_encryption_statuses &#61; optional&#40;list&#40;string&#41;&#41;&#10; require_admin_approval &#61; bool&#10; require_corp_owned &#61; bool&#10; require_screen_lock &#61; optional&#40;bool&#41;&#10; os_constraints &#61; optional&#40;list&#40;object&#40;&#123;&#10; os_type &#61; string&#10; minimum_version &#61; optional&#40;string&#41;&#10; require_verified_chrome_os &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10; ip_subnetworks &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; members &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; negate &#61; optional&#40;bool&#41;&#10; regions &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; required_access_levels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | | [vpc_sc_access_levels](variables.tf#L118) | VPC SC access level definitions. | <code title="map&#40;object&#40;&#123;&#10; combining_function &#61; optional&#40;string&#41;&#10; conditions &#61; optional&#40;list&#40;object&#40;&#123;&#10; device_policy &#61; optional&#40;object&#40;&#123;&#10; allowed_device_management_levels &#61; optional&#40;list&#40;string&#41;&#41;&#10; allowed_encryption_statuses &#61; optional&#40;list&#40;string&#41;&#41;&#10; require_admin_approval &#61; bool&#10; require_corp_owned &#61; bool&#10; require_screen_lock &#61; optional&#40;bool&#41;&#10; os_constraints &#61; optional&#40;list&#40;object&#40;&#123;&#10; os_type &#61; string&#10; minimum_version &#61; optional&#40;string&#41;&#10; require_verified_chrome_os &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10; ip_subnetworks &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; members &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; negate &#61; optional&#40;bool&#41;&#10; regions &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; required_access_levels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | |
| [vpc_sc_egress_policies](variables.tf#L147) | VPC SC egress policy defnitions. | <code title="map&#40;object&#40;&#123;&#10; from &#61; object&#40;&#123;&#10; identity_type &#61; optional&#40;string, &#34;ANY_IDENTITY&#34;&#41;&#10; identities &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#10; to &#61; object&#40;&#123;&#10; operations &#61; optional&#40;list&#40;object&#40;&#123;&#10; method_selectors &#61; optional&#40;list&#40;string&#41;&#41;&#10; service_name &#61; string&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; resources &#61; optional&#40;list&#40;string&#41;&#41;&#10; resource_type_external &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | | [vpc_sc_egress_policies](variables.tf#L147) | VPC SC egress policy defnitions. | <code title="map&#40;object&#40;&#123;&#10; from &#61; object&#40;&#123;&#10; identity_type &#61; optional&#40;string, &#34;ANY_IDENTITY&#34;&#41;&#10; identities &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#10; to &#61; object&#40;&#123;&#10; operations &#61; optional&#40;list&#40;object&#40;&#123;&#10; method_selectors &#61; optional&#40;list&#40;string&#41;&#41;&#10; service_name &#61; string&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; resources &#61; optional&#40;list&#40;string&#41;&#41;&#10; resource_type_external &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | |
| [vpc_sc_ingress_policies](variables.tf#L167) | VPC SC ingress policy defnitions. | <code title="map&#40;object&#40;&#123;&#10; from &#61; object&#40;&#123;&#10; access_levels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; identity_type &#61; optional&#40;string&#41;&#10; identities &#61; optional&#40;list&#40;string&#41;&#41;&#10; resources &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#10; to &#61; object&#40;&#123;&#10; operations &#61; optional&#40;list&#40;object&#40;&#123;&#10; method_selectors &#61; optional&#40;list&#40;string&#41;&#41;&#10; service_name &#61; string&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; resources &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | | [vpc_sc_ingress_policies](variables.tf#L167) | VPC SC ingress policy defnitions. | <code title="map&#40;object&#40;&#123;&#10; from &#61; object&#40;&#123;&#10; access_levels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; identity_type &#61; optional&#40;string&#41;&#10; identities &#61; optional&#40;list&#40;string&#41;&#41;&#10; resources &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#10; to &#61; object&#40;&#123;&#10; operations &#61; optional&#40;list&#40;object&#40;&#123;&#10; method_selectors &#61; optional&#40;list&#40;string&#41;&#41;&#10; service_name &#61; string&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; resources &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | |

22
fast/stages/02-security/variables.tf
View File

@ -77,17 +77,6 @@ variable "kms_keys" {
default = {} default = {}
} }
variable "service_accounts" {
# tfdoc:variable:source 01-resman
description = "Automation service accounts that can assign the encrypt/decrypt roles on keys."
type = object({
data-platform-dev = string
data-platform-prod = string
project-factory-dev = string
project-factory-prod = string
})
}
variable "organization" { variable "organization" {
# tfdoc:variable:source 00-bootstrap # tfdoc:variable:source 00-bootstrap
description = "Organization details." description = "Organization details."
@ -115,6 +104,17 @@ variable "prefix" {
} }
} }
variable "service_accounts" {
# tfdoc:variable:source 01-resman
description = "Automation service accounts that can assign the encrypt/decrypt roles on keys."
type = object({
data-platform-dev = string
data-platform-prod = string
project-factory-dev = string
project-factory-prod = string
})
}
variable "vpc_sc_access_levels" { variable "vpc_sc_access_levels" {
description = "VPC SC access level definitions." description = "VPC SC access level definitions."
type = map(object({ type = map(object({

12
fast/stages/03-data-platform/dev/README.md
View File

@ -190,11 +190,11 @@ You can find examples in the `[demo](../../../../blueprints/data-solutions/data-
| name | description | sensitive | consumers | | name | description | sensitive | consumers |
|---|---|:---:|---| |---|---|:---:|---|
| [bigquery_datasets](outputs.tf#L42) | BigQuery datasets. | | | | [bigquery_datasets](outputs.tf#L42) | BigQuery datasets. | | |
| [demo_commands](outputs.tf#L72) | Demo commands. | | | | [demo_commands](outputs.tf#L47) | Demo commands. | | |
| [gcs_buckets](outputs.tf#L47) | GCS buckets. | | | | [gcs_buckets](outputs.tf#L52) | GCS buckets. | | |
| [kms_keys](outputs.tf#L52) | Cloud MKS keys. | | | | [kms_keys](outputs.tf#L57) | Cloud MKS keys. | | |
| [projects](outputs.tf#L57) | GCP Projects informations. | | | | [projects](outputs.tf#L62) | GCP Projects informations. | | |
| [vpc_network](outputs.tf#L62) | VPC network. | | | | [vpc_network](outputs.tf#L67) | VPC network. | | |
| [vpc_subnet](outputs.tf#L67) | VPC subnetworks. | | | | [vpc_subnet](outputs.tf#L72) | VPC subnetworks. | | |
<!-- END TFDOC --> <!-- END TFDOC -->

10
fast/stages/03-data-platform/dev/outputs.tf
View File

@ -44,6 +44,11 @@ output "bigquery_datasets" {
value = module.data-platform.bigquery-datasets value = module.data-platform.bigquery-datasets
} }
output "demo_commands" {
description = "Demo commands."
value = module.data-platform.demo_commands
}
output "gcs_buckets" { output "gcs_buckets" {
description = "GCS buckets." description = "GCS buckets."
value = module.data-platform.gcs-buckets value = module.data-platform.gcs-buckets
@ -68,8 +73,3 @@ output "vpc_subnet" {
description = "VPC subnetworks." description = "VPC subnetworks."
value = module.data-platform.vpc_subnet value = module.data-platform.vpc_subnet
} }
output "demo_commands" {
description = "Demo commands."
value = module.data-platform.demo_commands
}

8
fast/stages/03-gke-multitenant/dev/README.md
View File

@ -143,7 +143,7 @@ terraform apply
| [automation](variables.tf#L21) | Automation resources created by the bootstrap stage. | <code title="object&#40;&#123;&#10; outputs_bucket &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>00-bootstrap</code> | | [automation](variables.tf#L21) | Automation resources created by the bootstrap stage. | <code title="object&#40;&#123;&#10; outputs_bucket &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>00-bootstrap</code> |
| [billing_account](variables.tf#L29) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object&#40;&#123;&#10; id &#61; string&#10; organization_id &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>00-bootstrap</code> | | [billing_account](variables.tf#L29) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object&#40;&#123;&#10; id &#61; string&#10; organization_id &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>00-bootstrap</code> |
| [folder_ids](variables.tf#L149) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object&#40;&#123;&#10; gke-dev &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>01-resman</code> | | [folder_ids](variables.tf#L149) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | <code title="object&#40;&#123;&#10; gke-dev &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>01-resman</code> |
| [host_project_ids](variables.tf#L171) | Host project for the shared VPC. | <code title="object&#40;&#123;&#10; dev-spoke-0 &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>02-networking</code> | | [host_project_ids](variables.tf#L164) | Host project for the shared VPC. | <code title="object&#40;&#123;&#10; dev-spoke-0 &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>02-networking</code> |
| [prefix](variables.tf#L213) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | | | [prefix](variables.tf#L213) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | |
| [vpc_self_links](variables.tf#L225) | Self link for the shared VPC. | <code title="object&#40;&#123;&#10; dev-spoke-0 &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>02-networking</code> | | [vpc_self_links](variables.tf#L225) | Self link for the shared VPC. | <code title="object&#40;&#123;&#10; dev-spoke-0 &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>02-networking</code> |
| [clusters](variables.tf#L38) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map&#40;object&#40;&#123;&#10; cluster_autoscaling &#61; optional&#40;any&#41;&#10; description &#61; optional&#40;string&#41;&#10; enable_addons &#61; optional&#40;any, &#123;&#10; horizontal_pod_autoscaling &#61; true, http_load_balancing &#61; true&#10; &#125;&#41;&#10; enable_features &#61; optional&#40;any, &#123;&#10; workload_identity &#61; true&#10; &#125;&#41;&#10; issue_client_certificate &#61; optional&#40;bool, false&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;&#41;&#10; location &#61; string&#10; logging_config &#61; optional&#40;list&#40;string&#41;, &#91;&#34;SYSTEM_COMPONENTS&#34;&#93;&#41;&#10; maintenance_config &#61; optional&#40;any, &#123;&#10; daily_window_start_time &#61; &#34;03:00&#34;&#10; recurring_window &#61; null&#10; maintenance_exclusion &#61; &#91;&#93;&#10; &#125;&#41;&#10; max_pods_per_node &#61; optional&#40;number, 110&#41;&#10; min_master_version &#61; optional&#40;string&#41;&#10; monitoring_config &#61; optional&#40;object&#40;&#123;&#10; enable_components &#61; optional&#40;list&#40;string&#41;, &#91;&#34;SYSTEM_COMPONENTS&#34;&#93;&#41;&#10; managed_prometheus &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; node_locations &#61; optional&#40;list&#40;string&#41;&#41;&#10; private_cluster_config &#61; optional&#40;any&#41;&#10; release_channel &#61; optional&#40;string&#41;&#10; vpc_config &#61; object&#40;&#123;&#10; subnetwork &#61; string&#10; network &#61; optional&#40;string&#41;&#10; secondary_range_blocks &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#41;&#10; secondary_range_names &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;, &#123; pods &#61; &#34;pods&#34;, services &#61; &#34;services&#34; &#125;&#41;&#10; master_authorized_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10; master_ipv4_cidr_block &#61; optional&#40;string&#41;&#10; &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | | [clusters](variables.tf#L38) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map&#40;object&#40;&#123;&#10; cluster_autoscaling &#61; optional&#40;any&#41;&#10; description &#61; optional&#40;string&#41;&#10; enable_addons &#61; optional&#40;any, &#123;&#10; horizontal_pod_autoscaling &#61; true, http_load_balancing &#61; true&#10; &#125;&#41;&#10; enable_features &#61; optional&#40;any, &#123;&#10; workload_identity &#61; true&#10; &#125;&#41;&#10; issue_client_certificate &#61; optional&#40;bool, false&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;&#41;&#10; location &#61; string&#10; logging_config &#61; optional&#40;list&#40;string&#41;, &#91;&#34;SYSTEM_COMPONENTS&#34;&#93;&#41;&#10; maintenance_config &#61; optional&#40;any, &#123;&#10; daily_window_start_time &#61; &#34;03:00&#34;&#10; recurring_window &#61; null&#10; maintenance_exclusion &#61; &#91;&#93;&#10; &#125;&#41;&#10; max_pods_per_node &#61; optional&#40;number, 110&#41;&#10; min_master_version &#61; optional&#40;string&#41;&#10; monitoring_config &#61; optional&#40;object&#40;&#123;&#10; enable_components &#61; optional&#40;list&#40;string&#41;, &#91;&#34;SYSTEM_COMPONENTS&#34;&#93;&#41;&#10; managed_prometheus &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; node_locations &#61; optional&#40;list&#40;string&#41;&#41;&#10; private_cluster_config &#61; optional&#40;any&#41;&#10; release_channel &#61; optional&#40;string&#41;&#10; vpc_config &#61; object&#40;&#123;&#10; subnetwork &#61; string&#10; network &#61; optional&#40;string&#41;&#10; secondary_range_blocks &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#41;&#10; secondary_range_names &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;, &#123; pods &#61; &#34;pods&#34;, services &#61; &#34;services&#34; &#125;&#41;&#10; master_authorized_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10; master_ipv4_cidr_block &#61; optional&#40;string&#41;&#10; &#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | |
@ -152,7 +152,7 @@ terraform apply
| [fleet_features](variables.tf#L129) | Enable and configue fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | <code title="object&#40;&#123;&#10; appdevexperience &#61; bool&#10; configmanagement &#61; bool&#10; identityservice &#61; bool&#10; multiclusteringress &#61; string&#10; multiclusterservicediscovery &#61; bool&#10; servicemesh &#61; bool&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | | [fleet_features](variables.tf#L129) | Enable and configue fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | <code title="object&#40;&#123;&#10; appdevexperience &#61; bool&#10; configmanagement &#61; bool&#10; identityservice &#61; bool&#10; multiclusteringress &#61; string&#10; multiclusterservicediscovery &#61; bool&#10; servicemesh &#61; bool&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | |
| [fleet_workload_identity](variables.tf#L142) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | <code>bool</code> | | <code>false</code> | | | [fleet_workload_identity](variables.tf#L142) | Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true. | <code>bool</code> | | <code>false</code> | |
| [group_iam](variables.tf#L157) | Project-level authoritative IAM bindings for groups in {GROUP_EMAIL => [ROLES]} format. Use group emails as keys, list of roles as values. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | | [group_iam](variables.tf#L157) | Project-level authoritative IAM bindings for groups in {GROUP_EMAIL => [ROLES]} format. Use group emails as keys, list of roles as values. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | |
| [iam](variables.tf#L164) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | | | [iam](variables.tf#L172) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | |
| [labels](variables.tf#L179) | Project-level labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | | | [labels](variables.tf#L179) | Project-level labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | |
| [nodepools](variables.tf#L185) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map&#40;map&#40;object&#40;&#123;&#10; gke_version &#61; optional&#40;string&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; max_pods_per_node &#61; optional&#40;number&#41;&#10; name &#61; optional&#40;string&#41;&#10; node_config &#61; optional&#40;any, &#123; disk_type &#61; &#34;pd-balanced&#34; &#125;&#41;&#10; node_count &#61; optional&#40;map&#40;number&#41;, &#123; initial &#61; 1 &#125;&#41;&#10; node_locations &#61; optional&#40;list&#40;string&#41;&#41;&#10; nodepool_config &#61; optional&#40;any&#41;&#10; pod_range &#61; optional&#40;any&#41;&#10; reservation_affinity &#61; optional&#40;any&#41;&#10; service_account &#61; optional&#40;any&#41;&#10; sole_tenant_nodegroup &#61; optional&#40;string&#41;&#10; tags &#61; optional&#40;list&#40;string&#41;&#41;&#10; taints &#61; optional&#40;list&#40;any&#41;&#41;&#10;&#125;&#41;&#41;&#41;">map&#40;map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | | [nodepools](variables.tf#L185) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map&#40;map&#40;object&#40;&#123;&#10; gke_version &#61; optional&#40;string&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; max_pods_per_node &#61; optional&#40;number&#41;&#10; name &#61; optional&#40;string&#41;&#10; node_config &#61; optional&#40;any, &#123; disk_type &#61; &#34;pd-balanced&#34; &#125;&#41;&#10; node_count &#61; optional&#40;map&#40;number&#41;, &#123; initial &#61; 1 &#125;&#41;&#10; node_locations &#61; optional&#40;list&#40;string&#41;&#41;&#10; nodepool_config &#61; optional&#40;any&#41;&#10; pod_range &#61; optional&#40;any&#41;&#10; reservation_affinity &#61; optional&#40;any&#41;&#10; service_account &#61; optional&#40;any&#41;&#10; sole_tenant_nodegroup &#61; optional&#40;string&#41;&#10; tags &#61; optional&#40;list&#40;string&#41;&#41;&#10; taints &#61; optional&#40;list&#40;any&#41;&#41;&#10;&#125;&#41;&#41;&#41;">map&#40;map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;&#41;</code> | | <code>&#123;&#125;</code> | |
| [outputs_location](variables.tf#L207) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | | | [outputs_location](variables.tf#L207) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
@ -162,8 +162,8 @@ terraform apply
| name | description | sensitive | consumers | | name | description | sensitive | consumers |
|---|---|:---:|---| |---|---|:---:|---|
| [cluster_ids](outputs.tf#L63) | Cluster ids. | | | | [cluster_ids](outputs.tf#L57) | Cluster ids. | | |
| [clusters](outputs.tf#L57) | Cluster resources. | ✓ | | | [clusters](outputs.tf#L62) | Cluster resources. | ✓ | |
| [project_id](outputs.tf#L68) | GKE project id. | | | | [project_id](outputs.tf#L68) | GKE project id. | | |
<!-- END TFDOC --> <!-- END TFDOC -->

10
fast/stages/03-gke-multitenant/dev/outputs.tf
View File

@ -54,17 +54,17 @@ resource "google_storage_bucket_object" "tfvars" {
# outputs # outputs
output "cluster_ids" {
description = "Cluster ids."
value = module.gke-multitenant.cluster_ids
}
output "clusters" { output "clusters" {
description = "Cluster resources." description = "Cluster resources."
value = module.gke-multitenant.clusters value = module.gke-multitenant.clusters
sensitive = true sensitive = true
} }
output "cluster_ids" {
description = "Cluster ids."
value = module.gke-multitenant.cluster_ids
}
output "project_id" { output "project_id" {
description = "GKE project id." description = "GKE project id."
value = module.gke-multitenant.project_id value = module.gke-multitenant.project_id

14
fast/stages/03-gke-multitenant/dev/variables.tf
View File

@ -161,13 +161,6 @@ variable "group_iam" {
nullable = false nullable = false
} }
variable "iam" {
description = "Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format."
type = map(list(string))
default = {}
nullable = false
}
variable "host_project_ids" { variable "host_project_ids" {
# tfdoc:variable:source 02-networking # tfdoc:variable:source 02-networking
description = "Host project for the shared VPC." description = "Host project for the shared VPC."
@ -176,6 +169,13 @@ variable "host_project_ids" {
}) })
} }
variable "iam" {
description = "Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format."
type = map(list(string))
default = {}
nullable = false
}
variable "labels" { variable "labels" {
description = "Project-level labels." description = "Project-level labels."
type = map(string) type = map(string)

10
fast/stages/03-project-factory/dev/README.md
View File

@ -109,12 +109,12 @@ terraform apply
| name | description | type | required | default | producer | | name | description | type | required | default | producer |
|---|---|:---:|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|:---:|
| [billing_account](variables.tf#L19) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object&#40;&#123;&#10; id &#61; string&#10; organization_id &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>00-bootstrap</code> | | [billing_account](variables.tf#L19) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object&#40;&#123;&#10; id &#61; string&#10; organization_id &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | <code>00-bootstrap</code> |
| [prefix](variables.tf#L47) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> | | [prefix](variables.tf#L56) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
| [data_dir](variables.tf#L28) | Relative path for the folder storing configuration data. | <code>string</code> | | <code>&#34;data&#47;projects&#34;</code> | | | [data_dir](variables.tf#L28) | Relative path for the folder storing configuration data. | <code>string</code> | | <code>&#34;data&#47;projects&#34;</code> | |
| [defaults_file](variables.tf#L41) | Relative path for the file storing the project factory configuration. | <code>string</code> | | <code>&#34;data&#47;defaults.yaml&#34;</code> | | | [defaults_file](variables.tf#L34) | Relative path for the file storing the project factory configuration. | <code>string</code> | | <code>&#34;data&#47;defaults.yaml&#34;</code> | |
| [environment_dns_zone](variables.tf#L34) | DNS zone suffix for environment. | <code>string</code> | | <code>null</code> | <code>02-networking</code> | | [environment_dns_zone](variables.tf#L40) | DNS zone suffix for environment. | <code>string</code> | | <code>null</code> | <code>02-networking</code> |
| [host_project_ids](variables.tf#L67) | Host project for the shared VPC. | <code title="object&#40;&#123;&#10; dev-spoke-0 &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | <code>02-networking</code> | | [host_project_ids](variables.tf#L47) | Host project for the shared VPC. | <code title="object&#40;&#123;&#10; dev-spoke-0 &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | <code>02-networking</code> |
| [vpc_self_links](variables.tf#L58) | Self link for the shared VPC. | <code title="object&#40;&#123;&#10; dev-spoke-0 &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | <code>02-networking</code> | | [vpc_self_links](variables.tf#L67) | Self link for the shared VPC. | <code title="object&#40;&#123;&#10; dev-spoke-0 &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | <code>02-networking</code> |
## Outputs ## Outputs

26
fast/stages/03-project-factory/dev/variables.tf
View File

@ -31,6 +31,12 @@ variable "data_dir" {
default = "data/projects" default = "data/projects"
} }
variable "defaults_file" {
description = "Relative path for the file storing the project factory configuration."
type = string
default = "data/defaults.yaml"
}
variable "environment_dns_zone" { variable "environment_dns_zone" {
# tfdoc:variable:source 02-networking # tfdoc:variable:source 02-networking
description = "DNS zone suffix for environment." description = "DNS zone suffix for environment."
@ -38,10 +44,13 @@ variable "environment_dns_zone" {
default = null default = null
} }
variable "defaults_file" { variable "host_project_ids" {
description = "Relative path for the file storing the project factory configuration." # tfdoc:variable:source 02-networking
type = string description = "Host project for the shared VPC."
default = "data/defaults.yaml" type = object({
dev-spoke-0 = string
})
default = null
} }
variable "prefix" { variable "prefix" {
@ -63,12 +72,3 @@ variable "vpc_self_links" {
}) })
default = null default = null
} }
variable "host_project_ids" {
# tfdoc:variable:source 02-networking
description = "Host project for the shared VPC."
type = object({
dev-spoke-0 = string
})
default = null
}

28
modules/cloud-config-container/cos-generic-metadata/README.md
View File

@ -61,20 +61,20 @@ module "cos-envoy" {
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [container_image](variables.tf#L42) | Container image. | <code>string</code> | ✓ | | | [container_image](variables.tf#L47) | Container image. | <code>string</code> | ✓ | |
| [authenticate_gcr](variables.tf#L112) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | <code>bool</code> | | <code>false</code> | | [authenticate_gcr](variables.tf#L17) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | <code>bool</code> | | <code>false</code> |
| [boot_commands](variables.tf#L17) | List of cloud-init `bootcmd`s. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [boot_commands](variables.tf#L23) | List of cloud-init `bootcmd`s. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [cloud_config](variables.tf#L23) | Cloud config template path. If provided, takes precedence over all other arguments. | <code>string</code> | | <code>null</code> | | [cloud_config](variables.tf#L29) | Cloud config template path. If provided, takes precedence over all other arguments. | <code>string</code> | | <code>null</code> |
| [config_variables](variables.tf#L29) | Additional variables used to render the template passed via `cloud_config`. | <code>map&#40;any&#41;</code> | | <code>&#123;&#125;</code> | | [config_variables](variables.tf#L35) | Additional variables used to render the template passed via `cloud_config`. | <code>map&#40;any&#41;</code> | | <code>&#123;&#125;</code> |
| [container_args](variables.tf#L35) | Arguments for container. | <code>string</code> | | <code>&#34;&#34;</code> | | [container_args](variables.tf#L41) | Arguments for container. | <code>string</code> | | <code>&#34;&#34;</code> |
| [container_name](variables.tf#L47) | Name of the container to be run. | <code>string</code> | | <code>&#34;container&#34;</code> | | [container_name](variables.tf#L52) | Name of the container to be run. | <code>string</code> | | <code>&#34;container&#34;</code> |
| [container_volumes](variables.tf#L53) | List of volumes. | <code title="list&#40;object&#40;&#123;&#10; host &#61; string,&#10; container &#61; string&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> | | [container_volumes](variables.tf#L58) | List of volumes. | <code title="list&#40;object&#40;&#123;&#10; host &#61; string,&#10; container &#61; string&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#91;&#93;</code> |
| [docker_args](variables.tf#L62) | Extra arguments to be passed for docker. | <code>string</code> | | <code>null</code> | | [docker_args](variables.tf#L67) | Extra arguments to be passed for docker. | <code>string</code> | | <code>null</code> |
| [file_defaults](variables.tf#L68) | Default owner and permissions for files. | <code title="object&#40;&#123;&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; owner &#61; &#34;root&#34;&#10; permissions &#61; &#34;0644&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [file_defaults](variables.tf#L73) | Default owner and permissions for files. | <code title="object&#40;&#123;&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; owner &#61; &#34;root&#34;&#10; permissions &#61; &#34;0644&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [files](variables.tf#L80) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map&#40;object&#40;&#123;&#10; content &#61; string&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [files](variables.tf#L85) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map&#40;object&#40;&#123;&#10; content &#61; string&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [run_as_first_user](variables.tf#L106) | Run as the first user if users are specified. | <code>bool</code> | | <code>true</code> | | [run_as_first_user](variables.tf#L95) | Run as the first user if users are specified. | <code>bool</code> | | <code>true</code> |
| [run_commands](variables.tf#L90) | List of cloud-init `runcmd`s. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [run_commands](variables.tf#L101) | List of cloud-init `runcmd`s. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [users](variables.tf#L96) | List of usernames to be created. If provided, first user will be used to run the container. | <code title="list&#40;object&#40;&#123;&#10; username &#61; string,&#10; uid &#61; number,&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#91;&#10;&#93;">&#91;&#8230;&#93;</code> | | [users](variables.tf#L107) | List of usernames to be created. If provided, first user will be used to run the container. | <code title="list&#40;object&#40;&#123;&#10; username &#61; string,&#10; uid &#61; number,&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#91;&#10;&#93;">&#91;&#8230;&#93;</code> |
## Outputs ## Outputs

25
modules/cloud-config-container/cos-generic-metadata/variables.tf
View File

@ -14,6 +14,12 @@
* limitations under the License. * limitations under the License.
*/ */
variable "authenticate_gcr" {
description = "Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined."
type = bool
default = false
}
variable "boot_commands" { variable "boot_commands" {
description = "List of cloud-init `bootcmd`s." description = "List of cloud-init `bootcmd`s."
type = list(string) type = list(string)
@ -38,7 +44,6 @@ variable "container_args" {
default = "" default = ""
} }
variable "container_image" { variable "container_image" {
description = "Container image." description = "Container image."
type = string type = string
@ -87,6 +92,12 @@ variable "files" {
default = {} default = {}
} }
variable "run_as_first_user" {
description = "Run as the first user if users are specified."
type = bool
default = true
}
variable "run_commands" { variable "run_commands" {
description = "List of cloud-init `runcmd`s." description = "List of cloud-init `runcmd`s."
type = list(string) type = list(string)
@ -102,15 +113,3 @@ variable "users" {
default = [ default = [
] ]
} }
variable "run_as_first_user" {
description = "Run as the first user if users are specified."
type = bool
default = true
}
variable "authenticate_gcr" {
description = "Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined."
type = bool
default = false
}

8
modules/cloud-config-container/nginx-tls/README.md
View File

@ -50,10 +50,10 @@ module "vm-nginx-tls" {
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [files](variables.tf#L35) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map&#40;object&#40;&#123;&#10; content &#61; string&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> | | [files](variables.tf#L17) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map&#40;object&#40;&#123;&#10; content &#61; string&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |
| [nginx_image](variables.tf#L17) | Nginx container image to use. | <code>string</code> | | <code>&#34;nginx:1.23.1&#34;</code> | | [nginx_image](variables.tf#L27) | Nginx container image to use. | <code>string</code> | | <code>&#34;nginx:1.23.1&#34;</code> |
| [runcmd_post](variables.tf#L29) | Extra commands to run after starting nginx. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [runcmd_post](variables.tf#L33) | Extra commands to run after starting nginx. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [runcmd_pre](variables.tf#L23) | Extra commands to run before starting nginx. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [runcmd_pre](variables.tf#L39) | Extra commands to run before starting nginx. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [users](variables.tf#L45) | Additional list of usernames to be created. | <code title="list&#40;object&#40;&#123;&#10; username &#61; string,&#10; uid &#61; number,&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#91;&#10;&#93;">&#91;&#8230;&#93;</code> | | [users](variables.tf#L45) | Additional list of usernames to be created. | <code title="list&#40;object&#40;&#123;&#10; username &#61; string,&#10; uid &#61; number,&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#91;&#10;&#93;">&#91;&#8230;&#93;</code> |
## Outputs ## Outputs

36
modules/cloud-config-container/nginx-tls/variables.tf
View File

@ -14,24 +14,6 @@
* limitations under the License. * limitations under the License.
*/ */
variable "nginx_image" {
description = "Nginx container image to use."
type = string
default = "nginx:1.23.1"
}
variable "runcmd_pre" {
description = "Extra commands to run before starting nginx."
type = list(string)
default = []
}
variable "runcmd_post" {
description = "Extra commands to run after starting nginx."
type = list(string)
default = []
}
variable "files" { variable "files" {
description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null." description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null."
type = map(object({ type = map(object({
@ -42,6 +24,24 @@ variable "files" {
default = null default = null
} }
variable "nginx_image" {
description = "Nginx container image to use."
type = string
default = "nginx:1.23.1"
}
variable "runcmd_post" {
description = "Extra commands to run after starting nginx."
type = list(string)
default = []
}
variable "runcmd_pre" {
description = "Extra commands to run before starting nginx."
type = list(string)
default = []
}
variable "users" { variable "users" {
description = "Additional list of usernames to be created." description = "Additional list of usernames to be created."
type = list(object({ type = list(object({

12
modules/cloud-config-container/nginx/README.md
View File

@ -62,12 +62,12 @@ module "cos-nginx" {
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | <code>string</code> | | <code>null</code> | | [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | <code>string</code> | | <code>null</code> |
| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Nginx templates. | <code>map&#40;any&#41;</code> | | <code>&#123;&#125;</code> | | [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Nginx templates. | <code>map&#40;any&#41;</code> | | <code>&#123;&#125;</code> |
| [file_defaults](variables.tf#L41) | Default owner and permissions for files. | <code title="object&#40;&#123;&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; owner &#61; &#34;root&#34;&#10; permissions &#61; &#34;0644&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [file_defaults](variables.tf#L29) | Default owner and permissions for files. | <code title="object&#40;&#123;&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; owner &#61; &#34;root&#34;&#10; permissions &#61; &#34;0644&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [files](variables.tf#L53) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map&#40;object&#40;&#123;&#10; content &#61; string&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [files](variables.tf#L41) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map&#40;object&#40;&#123;&#10; content &#61; string&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [image](variables.tf#L29) | Nginx container image. | <code>string</code> | | <code>&#34;nginxdemos&#47;hello:plain-text&#34;</code> | | [image](variables.tf#L51) | Nginx container image. | <code>string</code> | | <code>&#34;nginxdemos&#47;hello:plain-text&#34;</code> |
| [nginx_config](variables.tf#L35) | Nginx configuration path, if null container default will be used. | <code>string</code> | | <code>null</code> | | [nginx_config](variables.tf#L57) | Nginx configuration path, if null container default will be used. | <code>string</code> | | <code>null</code> |
| [runcmd_post](variables.tf#L69) | Extra commands to run after starting nginx. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [runcmd_post](variables.tf#L63) | Extra commands to run after starting nginx. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [runcmd_pre](variables.tf#L63) | Extra commands to run before starting nginx. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [runcmd_pre](variables.tf#L69) | Extra commands to run before starting nginx. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | <code title="object&#40;&#123;&#10; project_id &#61; string&#10; zone &#61; string&#10; name &#61; string&#10; type &#61; string&#10; network &#61; string&#10; subnetwork &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | <code title="object&#40;&#123;&#10; project_id &#61; string&#10; zone &#61; string&#10; name &#61; string&#10; type &#61; string&#10; network &#61; string&#10; subnetwork &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | <code title="object&#40;&#123;&#10; disks &#61; map&#40;object&#40;&#123;&#10; read_only &#61; bool&#10; size &#61; number&#10; &#125;&#41;&#41;&#10; image &#61; string&#10; metadata &#61; map&#40;string&#41;&#10; nat &#61; bool&#10; service_account_roles &#61; list&#40;string&#41;&#10; tags &#61; list&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; disks &#61; &#123;&#125;&#10; image &#61; null&#10; metadata &#61; &#123;&#125;&#10; nat &#61; false&#10; service_account_roles &#61; &#91;&#10; &#34;roles&#47;logging.logWriter&#34;,&#10; &#34;roles&#47;monitoring.metricWriter&#34;&#10; &#93;&#10; tags &#61; &#91;&#34;ssh&#34;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> | | [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | <code title="object&#40;&#123;&#10; disks &#61; map&#40;object&#40;&#123;&#10; read_only &#61; bool&#10; size &#61; number&#10; &#125;&#41;&#41;&#10; image &#61; string&#10; metadata &#61; map&#40;string&#41;&#10; nat &#61; bool&#10; service_account_roles &#61; list&#40;string&#41;&#10; tags &#61; list&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; disks &#61; &#123;&#125;&#10; image &#61; null&#10; metadata &#61; &#123;&#125;&#10; nat &#61; false&#10; service_account_roles &#61; &#91;&#10; &#34;roles&#47;logging.logWriter&#34;,&#10; &#34;roles&#47;monitoring.metricWriter&#34;&#10; &#93;&#10; tags &#61; &#91;&#34;ssh&#34;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [users](variables.tf#L75) | List of additional usernames to be created. | <code title="list&#40;object&#40;&#123;&#10; username &#61; string,&#10; uid &#61; number,&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#91;&#10;&#93;">&#91;&#8230;&#93;</code> | | [users](variables.tf#L75) | List of additional usernames to be created. | <code title="list&#40;object&#40;&#123;&#10; username &#61; string,&#10; uid &#61; number,&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#91;&#10;&#93;">&#91;&#8230;&#93;</code> |

32
modules/cloud-config-container/nginx/variables.tf
View File

@ -26,18 +26,6 @@ variable "config_variables" {
default = {} default = {}
} }
variable "image" {
description = "Nginx container image."
type = string
default = "nginxdemos/hello:plain-text"
}
variable "nginx_config" {
description = "Nginx configuration path, if null container default will be used."
type = string
default = null
}
variable "file_defaults" { variable "file_defaults" {
description = "Default owner and permissions for files." description = "Default owner and permissions for files."
type = object({ type = object({
@ -60,10 +48,16 @@ variable "files" {
default = {} default = {}
} }
variable "runcmd_pre" { variable "image" {
description = "Extra commands to run before starting nginx." description = "Nginx container image."
type = list(string) type = string
default = [] default = "nginxdemos/hello:plain-text"
}
variable "nginx_config" {
description = "Nginx configuration path, if null container default will be used."
type = string
default = null
} }
variable "runcmd_post" { variable "runcmd_post" {
@ -72,6 +66,12 @@ variable "runcmd_post" {
default = [] default = []
} }
variable "runcmd_pre" {
description = "Extra commands to run before starting nginx."
type = list(string)
default = []
}
variable "users" { variable "users" {
description = "List of additional usernames to be created." description = "List of additional usernames to be created."
type = list(object({ type = list(object({

4
modules/cloud-config-container/simple-nva/README.md
View File

@ -72,8 +72,8 @@ module "nva" {
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [network_interfaces](variables.tf#L39) | Network interfaces configuration. | <code title="list&#40;object&#40;&#123;&#10; routes &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | | | [network_interfaces](variables.tf#L39) | Network interfaces configuration. | <code title="list&#40;object&#40;&#123;&#10; routes &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | <code>string</code> | | <code>null</code> | | [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | <code>string</code> | | <code>null</code> |
| [enable_health_checks](variables.tf#L33) | Configures routing to enable responses to health check probes. | <code>bool</code> | | <code>false</code> | | [enable_health_checks](variables.tf#L23) | Configures routing to enable responses to health check probes. | <code>bool</code> | | <code>false</code> |
| [files](variables.tf#L23) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map&#40;object&#40;&#123;&#10; content &#61; string&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [files](variables.tf#L29) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map&#40;object&#40;&#123;&#10; content &#61; string&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | <code title="object&#40;&#123;&#10; project_id &#61; string&#10; zone &#61; string&#10; name &#61; string&#10; type &#61; string&#10; network &#61; string&#10; subnetwork &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | <code title="object&#40;&#123;&#10; project_id &#61; string&#10; zone &#61; string&#10; name &#61; string&#10; type &#61; string&#10; network &#61; string&#10; subnetwork &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | <code title="object&#40;&#123;&#10; disks &#61; map&#40;object&#40;&#123;&#10; read_only &#61; bool&#10; size &#61; number&#10; &#125;&#41;&#41;&#10; image &#61; string&#10; metadata &#61; map&#40;string&#41;&#10; nat &#61; bool&#10; service_account_roles &#61; list&#40;string&#41;&#10; tags &#61; list&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; disks &#61; &#123;&#125;&#10; image &#61; null&#10; metadata &#61; &#123;&#125;&#10; nat &#61; false&#10; service_account_roles &#61; &#91;&#10; &#34;roles&#47;logging.logWriter&#34;,&#10; &#34;roles&#47;monitoring.metricWriter&#34;&#10; &#93;&#10; tags &#61; &#91;&#34;ssh&#34;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> | | [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | <code title="object&#40;&#123;&#10; disks &#61; map&#40;object&#40;&#123;&#10; read_only &#61; bool&#10; size &#61; number&#10; &#125;&#41;&#41;&#10; image &#61; string&#10; metadata &#61; map&#40;string&#41;&#10; nat &#61; bool&#10; service_account_roles &#61; list&#40;string&#41;&#10; tags &#61; list&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; disks &#61; &#123;&#125;&#10; image &#61; null&#10; metadata &#61; &#123;&#125;&#10; nat &#61; false&#10; service_account_roles &#61; &#91;&#10; &#34;roles&#47;logging.logWriter&#34;,&#10; &#34;roles&#47;monitoring.metricWriter&#34;&#10; &#93;&#10; tags &#61; &#91;&#34;ssh&#34;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> |

12
modules/cloud-config-container/simple-nva/variables.tf
View File

@ -20,6 +20,12 @@ variable "cloud_config" {
default = null default = null
} }
variable "enable_health_checks" {
description = "Configures routing to enable responses to health check probes."
type = bool
default = false
}
variable "files" { variable "files" {
description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null." description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null."
type = map(object({ type = map(object({
@ -30,12 +36,6 @@ variable "files" {
default = {} default = {}
} }
variable "enable_health_checks" {
description = "Configures routing to enable responses to health check probes."
type = bool
default = false
}
variable "network_interfaces" { variable "network_interfaces" {
description = "Network interfaces configuration." description = "Network interfaces configuration."
type = list(object({ type = list(object({

18
modules/cloud-config-container/squid/README.md
View File

@ -64,15 +64,15 @@ module "cos-squid" {
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [allow](variables.tf#L57) | List of domains Squid will allow connections to. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [allow](variables.tf#L18) | List of domains Squid will allow connections to. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [clients](variables.tf#L69) | List of CIDR ranges from which Squid will allow connections. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [clients](variables.tf#L24) | List of CIDR ranges from which Squid will allow connections. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | <code>string</code> | | <code>null</code> | | [cloud_config](variables.tf#L30) | Cloud config template path. If null default will be used. | <code>string</code> | | <code>null</code> |
| [config_variables](variables.tf#L23) | Additional variables used to render the cloud-config and Squid templates. | <code>map&#40;any&#41;</code> | | <code>&#123;&#125;</code> | | [config_variables](variables.tf#L36) | Additional variables used to render the cloud-config and Squid templates. | <code>map&#40;any&#41;</code> | | <code>&#123;&#125;</code> |
| [default_action](variables.tf#L75) | Default action for domains not matching neither the allow or deny lists. | <code>string</code> | | <code>&#34;deny&#34;</code> | | [default_action](variables.tf#L42) | Default action for domains not matching neither the allow or deny lists. | <code>string</code> | | <code>&#34;deny&#34;</code> |
| [deny](variables.tf#L63) | List of domains Squid will deny connections to. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> | | [deny](variables.tf#L52) | List of domains Squid will deny connections to. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [file_defaults](variables.tf#L35) | Default owner and permissions for files. | <code title="object&#40;&#123;&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; owner &#61; &#34;root&#34;&#10; permissions &#61; &#34;0644&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | [file_defaults](variables.tf#L58) | Default owner and permissions for files. | <code title="object&#40;&#123;&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; owner &#61; &#34;root&#34;&#10; permissions &#61; &#34;0644&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [files](variables.tf#L47) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map&#40;object&#40;&#123;&#10; content &#61; string&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [files](variables.tf#L70) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | <code title="map&#40;object&#40;&#123;&#10; content &#61; string&#10; owner &#61; string&#10; permissions &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [squid_config](variables.tf#L29) | Squid configuration path, if null default will be used. | <code>string</code> | | <code>null</code> | | [squid_config](variables.tf#L80) | Squid configuration path, if null default will be used. | <code>string</code> | | <code>null</code> |
| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | <code title="object&#40;&#123;&#10; project_id &#61; string&#10; zone &#61; string&#10; name &#61; string&#10; type &#61; string&#10; network &#61; string&#10; subnetwork &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | <code title="object&#40;&#123;&#10; project_id &#61; string&#10; zone &#61; string&#10; name &#61; string&#10; type &#61; string&#10; network &#61; string&#10; subnetwork &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | <code title="object&#40;&#123;&#10; disks &#61; map&#40;object&#40;&#123;&#10; read_only &#61; bool&#10; size &#61; number&#10; &#125;&#41;&#41;&#10; image &#61; string&#10; metadata &#61; map&#40;string&#41;&#10; nat &#61; bool&#10; service_account_roles &#61; list&#40;string&#41;&#10; tags &#61; list&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; disks &#61; &#123;&#125;&#10; image &#61; null&#10; metadata &#61; &#123;&#125;&#10; nat &#61; false&#10; service_account_roles &#61; &#91;&#10; &#34;roles&#47;logging.logWriter&#34;,&#10; &#34;roles&#47;monitoring.metricWriter&#34;&#10; &#93;&#10; tags &#61; &#91;&#34;ssh&#34;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> | | [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | <code title="object&#40;&#123;&#10; disks &#61; map&#40;object&#40;&#123;&#10; read_only &#61; bool&#10; size &#61; number&#10; &#125;&#41;&#41;&#10; image &#61; string&#10; metadata &#61; map&#40;string&#41;&#10; nat &#61; bool&#10; service_account_roles &#61; list&#40;string&#41;&#10; tags &#61; list&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; disks &#61; &#123;&#125;&#10; image &#61; null&#10; metadata &#61; &#123;&#125;&#10; nat &#61; false&#10; service_account_roles &#61; &#91;&#10; &#34;roles&#47;logging.logWriter&#34;,&#10; &#34;roles&#47;monitoring.metricWriter&#34;&#10; &#93;&#10; tags &#61; &#91;&#34;ssh&#34;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> |

20
modules/cloud-config-container/squid/variables.tf
View File

@ -55,16 +55,6 @@ variable "deny" {
default = [] default = []
} }
variable "files" {
description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null."
type = map(object({
content = string
owner = string
permissions = string
}))
default = {}
}
variable "file_defaults" { variable "file_defaults" {
description = "Default owner and permissions for files." description = "Default owner and permissions for files."
type = object({ type = object({
@ -77,6 +67,16 @@ variable "file_defaults" {
} }
} }
variable "files" {
description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null."
type = map(object({
content = string
owner = string
permissions = string
}))
default = {}
}
variable "squid_config" { variable "squid_config" {
description = "Squid configuration path, if null default will be used." description = "Squid configuration path, if null default will be used."
type = string type = string

4
modules/net-ilb-l7/README.md
View File

@ -591,7 +591,7 @@ output </code> |
| name | description | type | required | default | | name | description | type | required | default |
|---|---|:---:|:---:|:---:| |---|---|:---:|:---:|:---:|
| [name](variables.tf#L54) | Load balancer name. | <code>string</code> | ✓ | | | [name](variables.tf#L54) | Load balancer name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L126) | Project id. | <code>string</code> | ✓ | | | [project_id](variables.tf#L132) | Project id. | <code>string</code> | ✓ | |
| [region](variables.tf#L150) | The region where to allocate the ILB resources. | <code>string</code> | ✓ | | | [region](variables.tf#L150) | The region where to allocate the ILB resources. | <code>string</code> | ✓ | |
| [vpc_config](variables.tf#L177) | VPC-level configuration. | <code title="object&#40;&#123;&#10; network &#61; string&#10; subnetwork &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | | | [vpc_config](variables.tf#L177) | VPC-level configuration. | <code title="object&#40;&#123;&#10; network &#61; string&#10; subnetwork &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | <code>string</code> | | <code>null</code> | | [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | <code>string</code> | | <code>null</code> |
@ -603,7 +603,7 @@ output </code> |
| [labels](variables.tf#L48) | Labels set on resources. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | | [labels](variables.tf#L48) | Labels set on resources. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [neg_configs](variables.tf#L59) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | <code title="map&#40;object&#40;&#123;&#10; project_id &#61; optional&#40;string&#41;&#10; cloudrun &#61; optional&#40;object&#40;&#123;&#10; region &#61; string&#10; target_service &#61; optional&#40;object&#40;&#123;&#10; name &#61; string&#10; tag &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; target_urlmask &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; gce &#61; optional&#40;object&#40;&#123;&#10; zone &#61; string&#10; network &#61; optional&#40;string&#41;&#10; subnetwork &#61; optional&#40;string&#41;&#10; endpoints &#61; optional&#40;list&#40;object&#40;&#123;&#10; instance &#61; string&#10; ip_address &#61; string&#10; port &#61; number&#10; &#125;&#41;&#41;&#41;&#10;&#10;&#10; &#125;&#41;&#41;&#10; hybrid &#61; optional&#40;object&#40;&#123;&#10; zone &#61; string&#10; network &#61; optional&#40;string&#41;&#10; endpoints &#61; optional&#40;list&#40;object&#40;&#123;&#10; ip_address &#61; string&#10; port &#61; number&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> | | [neg_configs](variables.tf#L59) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | <code title="map&#40;object&#40;&#123;&#10; project_id &#61; optional&#40;string&#41;&#10; cloudrun &#61; optional&#40;object&#40;&#123;&#10; region &#61; string&#10; target_service &#61; optional&#40;object&#40;&#123;&#10; name &#61; string&#10; tag &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; target_urlmask &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; gce &#61; optional&#40;object&#40;&#123;&#10; zone &#61; string&#10; network &#61; optional&#40;string&#41;&#10; subnetwork &#61; optional&#40;string&#41;&#10; endpoints &#61; optional&#40;list&#40;object&#40;&#123;&#10; instance &#61; string&#10; ip_address &#61; string&#10; port &#61; number&#10; &#125;&#41;&#41;&#41;&#10;&#10;&#10; &#125;&#41;&#41;&#10; hybrid &#61; optional&#40;object&#40;&#123;&#10; zone &#61; string&#10; network &#61; optional&#40;string&#41;&#10; endpoints &#61; optional&#40;list&#40;object&#40;&#123;&#10; ip_address &#61; string&#10; port &#61; number&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [network_tier_premium](variables.tf#L119) | Use premium network tier. Defaults to true. | <code>bool</code> | | <code>true</code> | | [network_tier_premium](variables.tf#L119) | Use premium network tier. Defaults to true. | <code>bool</code> | | <code>true</code> |
| [ports](variables.tf#L131) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | <code>list&#40;string&#41;</code> | | <code>null</code> | | [ports](variables.tf#L126) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | <code>list&#40;string&#41;</code> | | <code>null</code> |
| [protocol](variables.tf#L137) | Protocol supported by this load balancer. | <code>string</code> | | <code>&#34;HTTP&#34;</code> | | [protocol](variables.tf#L137) | Protocol supported by this load balancer. | <code>string</code> | | <code>&#34;HTTP&#34;</code> |
| [service_directory_registration](variables.tf#L155) | Service directory namespace and service used to register this load balancer. | <code title="object&#40;&#123;&#10; namespace &#61; string&#10; service &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [service_directory_registration](variables.tf#L155) | Service directory namespace and service used to register this load balancer. | <code title="object&#40;&#123;&#10; namespace &#61; string&#10; service &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [ssl_certificates](variables.tf#L164) | SSL target proxy certificates (only if protocol is HTTPS). | <code title="object&#40;&#123;&#10; certificate_ids &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; create_configs &#61; optional&#40;map&#40;object&#40;&#123;&#10; certificate &#61; string&#10; private_key &#61; string&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | [ssl_certificates](variables.tf#L164) | SSL target proxy certificates (only if protocol is HTTPS). | <code title="object&#40;&#123;&#10; certificate_ids &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; create_configs &#61; optional&#40;map&#40;object&#40;&#123;&#10; certificate &#61; string&#10; private_key &#61; string&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |

10
modules/net-ilb-l7/variables.tf
View File

@ -123,17 +123,17 @@ variable "network_tier_premium" {
nullable = false nullable = false
} }
variable "project_id" {
description = "Project id."
type = string
}
variable "ports" { variable "ports" {
description = "Optional ports for HTTP load balancer, valid ports are 80 and 8080." description = "Optional ports for HTTP load balancer, valid ports are 80 and 8080."
type = list(string) type = list(string)
default = null default = null
} }
variable "project_id" {
description = "Project id."
type = string
}
variable "protocol" { variable "protocol" {
description = "Protocol supported by this load balancer." description = "Protocol supported by this load balancer."
type = string type = string

5
tools/check_documentation.py
View File

@ -52,7 +52,10 @@ def _check_dir(dir_name, exclude_files=None, files=False, show_extra=False):
try: try:
new_doc = tfdoc.create_doc(readme_path.parent, files, show_extra, new_doc = tfdoc.create_doc(readme_path.parent, files, show_extra,
exclude_files, readme) exclude_files, readme)
variables = [v.name for v in new_doc.variables] # TODO: support variables in multiple files
variables = [
v.name for v in new_doc.variables if v.file == "variables.tf"
]
outputs = [v.name for v in new_doc.outputs] outputs = [v.name for v in new_doc.outputs]
except SystemExit: except SystemExit:
state = state.SKIP state = state.SKIP