Merge branch 'global_managed_proxy_support' of https://github.com/dgulli/cloud-foundation-fabric into global_managed_proxy_support
This commit is contained in:
commit
83221c16a5
|
@ -389,7 +389,6 @@ module "nginx-mig" {
|
|||
# tftest modules=2 resources=3 inventory=stateful.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|
@ -400,7 +399,7 @@ module "nginx-mig" {
|
|||
| [project_id](variables.tf#L198) | Project id. | <code>string</code> | ✓ | |
|
||||
| [all_instances_config](variables.tf#L17) | Metadata and labels set to all instances in the group. | <code title="object({ labels = optional(map(string)) metadata = optional(map(string)) })">object({…})</code> | | <code>null</code> |
|
||||
| [auto_healing_policies](variables.tf#L26) | Auto-healing policies for this group. | <code title="object({ health_check = optional(string) initial_delay_sec = number })">object({…})</code> | | <code>null</code> |
|
||||
| [autoscaler_config](variables.tf#L35) | Optional autoscaler configuration. | <code title="object({ max_replicas = number min_replicas = number cooldown_period = optional(number) mode = optional(string) # OFF, ONLY_UP, ON scaling_control = optional(object({ down = optional(object({ max_replicas_fixed = optional(number) max_replicas_percent = optional(number) time_window_sec = optional(number) })) in = optional(object({ max_replicas_fixed = optional(number) max_replicas_percent = optional(number) time_window_sec = optional(number) })) }), {}) scaling_signals = optional(object({ cpu_utilization = optional(object({ target = number optimize_availability = optional(bool) })) load_balancing_utilization = optional(object({ target = number })) metrics = optional(list(object({ name = string type = string # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE target_value = number single_instance_assignment = optional(number) time_series_filter = optional(string) }))) schedules = optional(list(object({ duration_sec = number name = string min_required_replicas = number cron_schedule = string description = optional(bool) timezone = optional(string) disabled = optional(bool) }))) }), {}) })">object({…})</code> | | <code>null</code> |
|
||||
| [autoscaler_config](variables.tf#L35) | Optional autoscaler configuration. | <code title="object({ max_replicas = number min_replicas = number cooldown_period = optional(number) mode = optional(string) # OFF, ONLY_UP, ON scaling_control = optional(object({ down = optional(object({ max_replicas_fixed = optional(number) max_replicas_percent = optional(number) time_window_sec = optional(number) })) in = optional(object({ max_replicas_fixed = optional(number) max_replicas_percent = optional(number) time_window_sec = optional(number) })) }), {}) scaling_signals = optional(object({ cpu_utilization = optional(object({ target = number optimize_availability = optional(bool) })) load_balancing_utilization = optional(object({ target = number })) metrics = optional(list(object({ name = string type = optional(string) # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE target_value = optional(number) single_instance_assignment = optional(number) time_series_filter = optional(string) }))) schedules = optional(list(object({ duration_sec = number name = string min_required_replicas = number cron_schedule = string description = optional(bool) timezone = optional(string) disabled = optional(bool) }))) }), {}) })">object({…})</code> | | <code>null</code> |
|
||||
| [default_version_name](variables.tf#L83) | Name used for the default version. | <code>string</code> | | <code>"default"</code> |
|
||||
| [description](variables.tf#L89) | Optional description used for all resources managed by this module. | <code>string</code> | | <code>"Terraform managed."</code> |
|
||||
| [distribution_policy](variables.tf#L95) | DIstribution policy for regional MIG. | <code title="object({ target_shape = optional(string) zones = optional(list(string)) })">object({…})</code> | | <code>null</code> |
|
||||
|
@ -422,5 +421,4 @@ module "nginx-mig" {
|
|||
| [group_manager](outputs.tf#L26) | Instance group resource. | |
|
||||
| [health_check](outputs.tf#L35) | Auto-created health-check resource. | |
|
||||
| [id](outputs.tf#L44) | Fully qualified group manager id. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
@ -61,8 +61,8 @@ variable "autoscaler_config" {
|
|||
}))
|
||||
metrics = optional(list(object({
|
||||
name = string
|
||||
type = string # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE
|
||||
target_value = number
|
||||
type = optional(string) # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE
|
||||
target_value = optional(number)
|
||||
single_instance_assignment = optional(number)
|
||||
time_series_filter = optional(string)
|
||||
})))
|
||||
|
|
|
@ -81,7 +81,7 @@ module "example-va" {
|
|||
name = google_compute_router.interconnect-router.name
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3
|
||||
# tftest modules=1 resources=2
|
||||
```
|
||||
|
||||
### Dedicated Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
|
||||
|
@ -201,7 +201,7 @@ module "example-va-b" {
|
|||
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=5
|
||||
# tftest modules=2 resources=3
|
||||
```
|
||||
|
||||
### Dedicated Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
|
||||
|
@ -431,10 +431,10 @@ module "example-va-b-ew12" {
|
|||
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
|
||||
}
|
||||
}
|
||||
# tftest modules=4 resources=10
|
||||
# tftest modules=4 resources=6
|
||||
```
|
||||
|
||||
### IPSec over Interconnect enabled setup
|
||||
### IPSec for Dedicated Interconnect
|
||||
|
||||
Refer to the [HA VPN over Interconnect Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/) for an all-encompassing example.
|
||||
|
||||
|
@ -494,6 +494,47 @@ module "example-va-b" {
|
|||
}
|
||||
# tftest modules=2 resources=9
|
||||
```
|
||||
|
||||
### IPSec for Partner Interconnect
|
||||
|
||||
```hcl
|
||||
module "example-va-a" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
project_id = "myproject"
|
||||
network = "mynet"
|
||||
region = "europe-west8"
|
||||
name = "encrypted-vlan-attachment-a"
|
||||
description = "example-va-a vlan attachment"
|
||||
peer_asn = "65001"
|
||||
router_config = {
|
||||
create = true
|
||||
}
|
||||
partner_interconnect_config = {
|
||||
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
|
||||
}
|
||||
vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
|
||||
}
|
||||
|
||||
module "example-va-b" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
project_id = "myproject"
|
||||
network = "mynet"
|
||||
region = "europe-west8"
|
||||
name = "encrypted-vlan-attachment-b"
|
||||
description = "example-va-b vlan attachment"
|
||||
peer_asn = "65001"
|
||||
router_config = {
|
||||
create = true
|
||||
}
|
||||
partner_interconnect_config = {
|
||||
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
|
||||
}
|
||||
vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
|
||||
}
|
||||
# tftest modules=2 resources=6
|
||||
```
|
||||
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
|
|
@ -61,7 +61,15 @@ resource "google_compute_router" "encrypted" {
|
|||
region = var.region
|
||||
encrypted_interconnect_router = true
|
||||
bgp {
|
||||
asn = var.router_config.asn
|
||||
asn = var.router_config.asn
|
||||
advertise_mode = var.dedicated_interconnect_config == null ? "DEFAULT" : "CUSTOM"
|
||||
dynamic "advertised_ip_ranges" {
|
||||
for_each = var.dedicated_interconnect_config == null ? var.ipsec_gateway_ip_ranges : {}
|
||||
content {
|
||||
description = advertised_ip_ranges.key
|
||||
range = advertised_ip_ranges.value
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -106,13 +114,14 @@ resource "google_compute_router_interface" "default" {
|
|||
}
|
||||
|
||||
resource "google_compute_router_peer" "default" {
|
||||
count = var.dedicated_interconnect_config != null ? 1 : 0
|
||||
name = "${var.name}-peer"
|
||||
project = var.project_id
|
||||
router = local.router
|
||||
region = var.region
|
||||
peer_ip_address = split("/", google_compute_interconnect_attachment.default.customer_router_ip_address)[0]
|
||||
peer_asn = var.peer_asn
|
||||
interface = "${var.name}-intf"
|
||||
interface = google_compute_router_interface.default[0].name
|
||||
advertised_route_priority = 100
|
||||
advertise_mode = "CUSTOM"
|
||||
|
||||
|
|
Loading…
Reference in New Issue