zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'global_managed_proxy_support' of https://github.com/dgulli/cloud-foundation-fabric into global_managed_proxy_support

This commit is contained in:
Dave Gulli 2023-09-13 14:11:11 +10:00
parent 3d39a3ecf1 f5b9f08183
commit 83221c16a5
4 changed files with 59 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/compute-mig/README.md
View File

@ -389,7 +389,6 @@ module "nginx-mig" {
# tftest modules=2 resources=3 inventory=stateful.yaml
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
@ -400,7 +399,7 @@ module "nginx-mig" {
| [project_id](variables.tf#L198) | Project id. | <code>string</code> | ✓ | |
| [all_instances_config](variables.tf#L17) | Metadata and labels set to all instances in the group. | <code title="object&#40;&#123;&#10; labels &#61; optional&#40;map&#40;string&#41;&#41;&#10; metadata &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [auto_healing_policies](variables.tf#L26) | Auto-healing policies for this group. | <code title="object&#40;&#123;&#10; health_check &#61; optional&#40;string&#41;&#10; initial_delay_sec &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [autoscaler_config](variables.tf#L35) | Optional autoscaler configuration. | <code title="object&#40;&#123;&#10; max_replicas &#61; number&#10; min_replicas &#61; number&#10; cooldown_period &#61; optional&#40;number&#41;&#10; mode &#61; optional&#40;string&#41; &#35; OFF, ONLY_UP, ON&#10; scaling_control &#61; optional&#40;object&#40;&#123;&#10; down &#61; optional&#40;object&#40;&#123;&#10; max_replicas_fixed &#61; optional&#40;number&#41;&#10; max_replicas_percent &#61; optional&#40;number&#41;&#10; time_window_sec &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; in &#61; optional&#40;object&#40;&#123;&#10; max_replicas_fixed &#61; optional&#40;number&#41;&#10; max_replicas_percent &#61; optional&#40;number&#41;&#10; time_window_sec &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; scaling_signals &#61; optional&#40;object&#40;&#123;&#10; cpu_utilization &#61; optional&#40;object&#40;&#123;&#10; target &#61; number&#10; optimize_availability &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; load_balancing_utilization &#61; optional&#40;object&#40;&#123;&#10; target &#61; number&#10; &#125;&#41;&#41;&#10; metrics &#61; optional&#40;list&#40;object&#40;&#123;&#10; name &#61; string&#10; type &#61; string &#35; GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE&#10; target_value &#61; number&#10; single_instance_assignment &#61; optional&#40;number&#41;&#10; time_series_filter &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10; schedules &#61; optional&#40;list&#40;object&#40;&#123;&#10; duration_sec &#61; number&#10; name &#61; string&#10; min_required_replicas &#61; number&#10; cron_schedule &#61; string&#10; description &#61; optional&#40;bool&#41;&#10; timezone &#61; optional&#40;string&#41;&#10; disabled &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [autoscaler_config](variables.tf#L35) | Optional autoscaler configuration. | <code title="object&#40;&#123;&#10; max_replicas &#61; number&#10; min_replicas &#61; number&#10; cooldown_period &#61; optional&#40;number&#41;&#10; mode &#61; optional&#40;string&#41; &#35; OFF, ONLY_UP, ON&#10; scaling_control &#61; optional&#40;object&#40;&#123;&#10; down &#61; optional&#40;object&#40;&#123;&#10; max_replicas_fixed &#61; optional&#40;number&#41;&#10; max_replicas_percent &#61; optional&#40;number&#41;&#10; time_window_sec &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; in &#61; optional&#40;object&#40;&#123;&#10; max_replicas_fixed &#61; optional&#40;number&#41;&#10; max_replicas_percent &#61; optional&#40;number&#41;&#10; time_window_sec &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; scaling_signals &#61; optional&#40;object&#40;&#123;&#10; cpu_utilization &#61; optional&#40;object&#40;&#123;&#10; target &#61; number&#10; optimize_availability &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; load_balancing_utilization &#61; optional&#40;object&#40;&#123;&#10; target &#61; number&#10; &#125;&#41;&#41;&#10; metrics &#61; optional&#40;list&#40;object&#40;&#123;&#10; name &#61; string&#10; type &#61; optional&#40;string&#41; &#35; GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE&#10; target_value &#61; optional&#40;number&#41;&#10; single_instance_assignment &#61; optional&#40;number&#41;&#10; time_series_filter &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10; schedules &#61; optional&#40;list&#40;object&#40;&#123;&#10; duration_sec &#61; number&#10; name &#61; string&#10; min_required_replicas &#61; number&#10; cron_schedule &#61; string&#10; description &#61; optional&#40;bool&#41;&#10; timezone &#61; optional&#40;string&#41;&#10; disabled &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [default_version_name](variables.tf#L83) | Name used for the default version. | <code>string</code> | | <code>&#34;default&#34;</code> |
| [description](variables.tf#L89) | Optional description used for all resources managed by this module. | <code>string</code> | | <code>&#34;Terraform managed.&#34;</code> |
| [distribution_policy](variables.tf#L95) | DIstribution policy for regional MIG. | <code title="object&#40;&#123;&#10; target_shape &#61; optional&#40;string&#41;&#10; zones &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
@ -422,5 +421,4 @@ module "nginx-mig" {
| [group_manager](outputs.tf#L26) | Instance group resource. | |
| [health_check](outputs.tf#L35) | Auto-created health-check resource. | |
| [id](outputs.tf#L44) | Fully qualified group manager id. | |
<!-- END TFDOC -->

4
modules/compute-mig/variables.tf
View File

@ -61,8 +61,8 @@ variable "autoscaler_config" {
}))
metrics = optional(list(object({
name = string
type = string # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE
target_value = number
type = optional(string) # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE
target_value = optional(number)
single_instance_assignment = optional(number)
time_series_filter = optional(string)
})))

49
modules/net-vlan-attachment/README.md
View File

@ -81,7 +81,7 @@ module "example-va" {
name = google_compute_router.interconnect-router.name
}
}
# tftest modules=1 resources=3
# tftest modules=1 resources=2
```
### Dedicated Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
@ -201,7 +201,7 @@ module "example-va-b" {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
}
# tftest modules=2 resources=5
# tftest modules=2 resources=3
```
### Dedicated Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
@ -431,10 +431,10 @@ module "example-va-b-ew12" {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
}
# tftest modules=4 resources=10
# tftest modules=4 resources=6
```
### IPSec over Interconnect enabled setup
### IPSec for Dedicated Interconnect
Refer to the [HA VPN over Interconnect Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/) for an all-encompassing example.
@ -494,6 +494,47 @@ module "example-va-b" {
}
# tftest modules=2 resources=9
```
### IPSec for Partner Interconnect
```hcl
module "example-va-a" {
source = "./fabric/modules/net-vlan-attachment"
project_id = "myproject"
network = "mynet"
region = "europe-west8"
name = "encrypted-vlan-attachment-a"
description = "example-va-a vlan attachment"
peer_asn = "65001"
router_config = {
create = true
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
}
vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
}
module "example-va-b" {
source = "./fabric/modules/net-vlan-attachment"
project_id = "myproject"
network = "mynet"
region = "europe-west8"
name = "encrypted-vlan-attachment-b"
description = "example-va-b vlan attachment"
peer_asn = "65001"
router_config = {
create = true
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
}
# tftest modules=2 resources=6
```
<!-- BEGIN TFDOC -->
## Variables

13
modules/net-vlan-attachment/main.tf
View File

@ -61,7 +61,15 @@ resource "google_compute_router" "encrypted" {
region = var.region
encrypted_interconnect_router = true
bgp {
asn = var.router_config.asn
asn = var.router_config.asn
advertise_mode = var.dedicated_interconnect_config == null ? "DEFAULT" : "CUSTOM"
dynamic "advertised_ip_ranges" {
for_each = var.dedicated_interconnect_config == null ? var.ipsec_gateway_ip_ranges : {}
content {
description = advertised_ip_ranges.key
range = advertised_ip_ranges.value
}
}
}
}
@ -106,13 +114,14 @@ resource "google_compute_router_interface" "default" {
}
resource "google_compute_router_peer" "default" {
count = var.dedicated_interconnect_config != null ? 1 : 0
name = "${var.name}-peer"
project = var.project_id
router = local.router
region = var.region
peer_ip_address = split("/", google_compute_interconnect_attachment.default.customer_router_ip_address)[0]
peer_asn = var.peer_asn
interface = "${var.name}-intf"
interface = google_compute_router_interface.default[0].name
advertised_route_priority = 100
advertise_mode = "CUSTOM"