diff --git a/modules/compute-mig/README.md b/modules/compute-mig/README.md
index b281c2e3..5e3dbd8e 100644
--- a/modules/compute-mig/README.md
+++ b/modules/compute-mig/README.md
@@ -389,7 +389,6 @@ module "nginx-mig" {
# tftest modules=2 resources=3 inventory=stateful.yaml
```
-
## Variables
| name | description | type | required | default |
@@ -400,7 +399,7 @@ module "nginx-mig" {
| [project_id](variables.tf#L198) | Project id. | string
| ✓ | |
| [all_instances_config](variables.tf#L17) | Metadata and labels set to all instances in the group. | object({…})
| | null
|
| [auto_healing_policies](variables.tf#L26) | Auto-healing policies for this group. | object({…})
| | null
|
-| [autoscaler_config](variables.tf#L35) | Optional autoscaler configuration. | object({…})
| | null
|
+| [autoscaler_config](variables.tf#L35) | Optional autoscaler configuration. | object({…})
| | null
|
| [default_version_name](variables.tf#L83) | Name used for the default version. | string
| | "default"
|
| [description](variables.tf#L89) | Optional description used for all resources managed by this module. | string
| | "Terraform managed."
|
| [distribution_policy](variables.tf#L95) | DIstribution policy for regional MIG. | object({…})
| | null
|
@@ -422,5 +421,4 @@ module "nginx-mig" {
| [group_manager](outputs.tf#L26) | Instance group resource. | |
| [health_check](outputs.tf#L35) | Auto-created health-check resource. | |
| [id](outputs.tf#L44) | Fully qualified group manager id. | |
-
diff --git a/modules/compute-mig/variables.tf b/modules/compute-mig/variables.tf
index 30f2ce96..20864d18 100644
--- a/modules/compute-mig/variables.tf
+++ b/modules/compute-mig/variables.tf
@@ -61,8 +61,8 @@ variable "autoscaler_config" {
}))
metrics = optional(list(object({
name = string
- type = string # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE
- target_value = number
+ type = optional(string) # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE
+ target_value = optional(number)
single_instance_assignment = optional(number)
time_series_filter = optional(string)
})))
diff --git a/modules/net-vlan-attachment/README.md b/modules/net-vlan-attachment/README.md
index b013fe08..a1711709 100644
--- a/modules/net-vlan-attachment/README.md
+++ b/modules/net-vlan-attachment/README.md
@@ -81,7 +81,7 @@ module "example-va" {
name = google_compute_router.interconnect-router.name
}
}
-# tftest modules=1 resources=3
+# tftest modules=1 resources=2
```
### Dedicated Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
@@ -201,7 +201,7 @@ module "example-va-b" {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
}
-# tftest modules=2 resources=5
+# tftest modules=2 resources=3
```
### Dedicated Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
@@ -431,10 +431,10 @@ module "example-va-b-ew12" {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
}
-# tftest modules=4 resources=10
+# tftest modules=4 resources=6
```
-### IPSec over Interconnect enabled setup
+### IPSec for Dedicated Interconnect
Refer to the [HA VPN over Interconnect Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/) for an all-encompassing example.
@@ -494,6 +494,47 @@ module "example-va-b" {
}
# tftest modules=2 resources=9
```
+
+### IPSec for Partner Interconnect
+
+```hcl
+module "example-va-a" {
+ source = "./fabric/modules/net-vlan-attachment"
+ project_id = "myproject"
+ network = "mynet"
+ region = "europe-west8"
+ name = "encrypted-vlan-attachment-a"
+ description = "example-va-a vlan attachment"
+ peer_asn = "65001"
+ router_config = {
+ create = true
+ }
+ partner_interconnect_config = {
+ edge_availability_domain = "AVAILABILITY_DOMAIN_1"
+ }
+ vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
+}
+
+module "example-va-b" {
+ source = "./fabric/modules/net-vlan-attachment"
+ project_id = "myproject"
+ network = "mynet"
+ region = "europe-west8"
+ name = "encrypted-vlan-attachment-b"
+ description = "example-va-b vlan attachment"
+ peer_asn = "65001"
+ router_config = {
+ create = true
+ }
+ partner_interconnect_config = {
+ edge_availability_domain = "AVAILABILITY_DOMAIN_2"
+ }
+ vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
+}
+# tftest modules=2 resources=6
+```
+
+
## Variables
diff --git a/modules/net-vlan-attachment/main.tf b/modules/net-vlan-attachment/main.tf
index 877ec4a7..5cf5c328 100644
--- a/modules/net-vlan-attachment/main.tf
+++ b/modules/net-vlan-attachment/main.tf
@@ -61,7 +61,15 @@ resource "google_compute_router" "encrypted" {
region = var.region
encrypted_interconnect_router = true
bgp {
- asn = var.router_config.asn
+ asn = var.router_config.asn
+ advertise_mode = var.dedicated_interconnect_config == null ? "DEFAULT" : "CUSTOM"
+ dynamic "advertised_ip_ranges" {
+ for_each = var.dedicated_interconnect_config == null ? var.ipsec_gateway_ip_ranges : {}
+ content {
+ description = advertised_ip_ranges.key
+ range = advertised_ip_ranges.value
+ }
+ }
}
}
@@ -106,13 +114,14 @@ resource "google_compute_router_interface" "default" {
}
resource "google_compute_router_peer" "default" {
+ count = var.dedicated_interconnect_config != null ? 1 : 0
name = "${var.name}-peer"
project = var.project_id
router = local.router
region = var.region
peer_ip_address = split("/", google_compute_interconnect_attachment.default.customer_router_ip_address)[0]
peer_asn = var.peer_asn
- interface = "${var.name}-intf"
+ interface = google_compute_router_interface.default[0].name
advertised_route_priority = 100
advertise_mode = "CUSTOM"