From a978000e3163b6fb19c64699a8ce889210348e81 Mon Sep 17 00:00:00 2001 From: Simone Ruffilli Date: Fri, 11 Feb 2022 10:23:57 +0100 Subject: [PATCH] Renamed vpc-(.*) files to (#538) --- fast/stages/02-networking-nva/README.md | 22 +++++++++---------- .../{vpc-landing.tf => landing.tf} | 0 .../{vpc-spoke-dev.tf => spoke-dev.tf} | 0 .../{vpc-spoke-prod.tf => spoke-prod.tf} | 0 fast/stages/02-networking-vpn/README.md | 12 +++++----- .../{vpc-landing.tf => landing.tf} | 0 .../{vpc-spoke-dev.tf => spoke-dev.tf} | 0 .../{vpc-spoke-prod.tf => spoke-prod.tf} | 0 8 files changed, 17 insertions(+), 17 deletions(-) rename fast/stages/02-networking-nva/{vpc-landing.tf => landing.tf} (100%) rename fast/stages/02-networking-nva/{vpc-spoke-dev.tf => spoke-dev.tf} (100%) rename fast/stages/02-networking-nva/{vpc-spoke-prod.tf => spoke-prod.tf} (100%) rename fast/stages/02-networking-vpn/{vpc-landing.tf => landing.tf} (100%) rename fast/stages/02-networking-vpn/{vpc-spoke-dev.tf => spoke-dev.tf} (100%) rename fast/stages/02-networking-vpn/{vpc-spoke-prod.tf => spoke-prod.tf} (100%) diff --git a/fast/stages/02-networking-nva/README.md b/fast/stages/02-networking-nva/README.md index b97d0fe4..2ff9056f 100644 --- a/fast/stages/02-networking-nva/README.md +++ b/fast/stages/02-networking-nva/README.md @@ -93,14 +93,13 @@ Spoke VPCs also define and reserve three "special" CIDR ranges, derived from the - [PSA (Private Service Access)](https://cloud.google.com/vpc/docs/private-services-access): - + The second-last /24 range is used for PSA (CloudSQL, Postrgres) + - The second-last /24 range is used for PSA (CloudSQL, Postrgres) - + The third-last /24 range is used for PSA (CloudSQL, MySQL) + - The third-last /24 range is used for PSA (CloudSQL, MySQL) - [Internal HTTPs Load Balancers (L7ILB)](https://cloud.google.com/load-balancing/docs/l7-internal): - + The last /24 range - + - The last /24 range This is a summary of the subnets allocated by default in this setup: @@ -229,6 +228,7 @@ If you have set a valid value for `outputs_location` in the bootstrap and in the ln -s ../../configs/example/02-networking/terraform-bootstrap.auto.tfvars.json ln -s ../../configs/example/02-networking/terraform-resman.auto.tfvars.json ``` + If you want to continue to rely on `outputs_location` logic, create a `terraform.tfvars` file and configure it as described [here](../00-bootstrap/#output-files-and-cross-stage-variables). Please, refer to the [variables](#variables) table below for a map of the variable origins, and use the sections below to understand how to adapt this stage to your networking configuration. @@ -284,7 +284,7 @@ DNS queries sent to the on-premise infrastructure come from the `35.199.192.0/19 #### On-premises to cloud -The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in the *trusted landing VPC module* ([`vpc-landing.tf`](./vpc-landing.tf)) automatically reserves the first available IP address on each subnet (typically the third one in a CIDR) to expose the Cloud DNS service, so that it can be consumed from outside of GCP. +The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in the *trusted landing VPC module* ([`landing.tf`](./landing.tf)) automatically reserves the first available IP address on each subnet (typically the third one in a CIDR) to expose the Cloud DNS service, so that it can be consumed from outside of GCP. ### Private Google Access @@ -296,7 +296,7 @@ For PGA to work: Subnets created using the `net-vpc` module are PGA-enabled by default. - 199.36.153.4/30 (`restricted.googleapis.com`) and 199.36.153.8/30 (`private.googleapis.com`) should be routed from on-premises to the trusted landing VPC, and from there to the `default-internet-gateway`. \ -The `vpn_onprem_configs` variable contains the ranges advertised from GCP to on-premises. Furthermore, the trusted landing VPC (e.g. see `landing-trusted-vpc` in [`vpc-landing.tf`](./vpc-landing.tf)) has explicit routes to send traffic destined to restricted and private - googleapis.com to the Internet gateway (which works for Google APIs only, and not for the whole Internet, since Cloud NAT is not configured in the trusted landing VPC). +The `vpn_onprem_configs` variable contains the ranges advertised from GCP to on-premises. Furthermore, the trusted landing VPC (e.g. see `landing-trusted-vpc` in [`landing.tf`](./landing.tf)) has explicit routes to send traffic destined to restricted and private - googleapis.com to the Internet gateway (which works for Google APIs only, and not for the whole Internet, since Cloud NAT is not configured in the trusted landing VPC). - On-premises, a private DNS zone for `googleapis.com` should be created and configured per [this article](https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config-domain). Its configuration can be copied from the module `googleapis-private-zone` in [`dns.tf`](./dns.tf) @@ -320,9 +320,9 @@ You're now ready to run `terraform init` and `terraform apply`. To create a new environment (e.g. `staging`), a few changes are required: -Create a `vpc-spoke-staging.tf` file by copying `vpc-spoke-prod.tf` file. +Create a `spoke-staging.tf` file by copying `spoke-prod.tf` file. Adapt the new file by replacing the value "prod" with the value "staging". -Running `diff vpc-spoke-dev.tf vpc-spoke-prod.tf` can help to see how environment files differ. +Running `diff spoke-dev.tf spoke-prod.tf` can help to see how environment files differ. The new VPC requires a set of dedicated CIDRs, one per region, added to variable `custom_adv` (for example as `spoke_staging_ew1` and `spoke_staging_ew4`). >`custom_adv` is a map that "resolves" CIDR names to the actual addresses, and will be used later to configure routing. @@ -348,15 +348,15 @@ Don't forget to add a peering zone in the landing project and point it to the ne | [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | | | [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns | | | [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | | +| [landing.tf](./landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | | | [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder | | | [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard | | [nva.tf](./nva.tf) | None | compute-mig · compute-vm · net-ilb | | | [outputs.tf](./outputs.tf) | Module outputs. | | local_file | +| [spoke-dev.tf](./spoke-dev.tf) | Dev spoke VPC and related resources. | net-address · net-vpc · net-vpc-firewall · net-vpc-peering · project | | +| [spoke-prod.tf](./spoke-prod.tf) | Production spoke VPC and related resources. | net-address · net-vpc · net-vpc-firewall · net-vpc-peering · project | | | [test-resources.tf](./test-resources.tf) | temporary instances for testing | compute-vm | | | [variables.tf](./variables.tf) | Module variables. | | | -| [vpc-landing.tf](./vpc-landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | | -| [vpc-spoke-dev.tf](./vpc-spoke-dev.tf) | Dev spoke VPC and related resources. | net-address · net-vpc · net-vpc-firewall · net-vpc-peering · project | | -| [vpc-spoke-prod.tf](./vpc-spoke-prod.tf) | Production spoke VPC and related resources. | net-address · net-vpc · net-vpc-firewall · net-vpc-peering · project | | | [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | | ## Variables diff --git a/fast/stages/02-networking-nva/vpc-landing.tf b/fast/stages/02-networking-nva/landing.tf similarity index 100% rename from fast/stages/02-networking-nva/vpc-landing.tf rename to fast/stages/02-networking-nva/landing.tf diff --git a/fast/stages/02-networking-nva/vpc-spoke-dev.tf b/fast/stages/02-networking-nva/spoke-dev.tf similarity index 100% rename from fast/stages/02-networking-nva/vpc-spoke-dev.tf rename to fast/stages/02-networking-nva/spoke-dev.tf diff --git a/fast/stages/02-networking-nva/vpc-spoke-prod.tf b/fast/stages/02-networking-nva/spoke-prod.tf similarity index 100% rename from fast/stages/02-networking-nva/vpc-spoke-prod.tf rename to fast/stages/02-networking-nva/spoke-prod.tf diff --git a/fast/stages/02-networking-vpn/README.md b/fast/stages/02-networking-vpn/README.md index e6cb4fe4..afab994a 100644 --- a/fast/stages/02-networking-vpn/README.md +++ b/fast/stages/02-networking-vpn/README.md @@ -226,7 +226,7 @@ DNS queries sent to the on-premises infrastructure come from the `35.199.192.0/1 #### On-prem to cloud -The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in module `landing-vpc` ([`landing.tf`](./vpc-landing.tf)) automatically reserves the first available IP address on each created subnet (typically the third one in a CIDR) to expose the Cloud DNS service so that it can be consumed from outside of GCP. +The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in module `landing-vpc` ([`landing.tf`](./landing.tf)) automatically reserves the first available IP address on each created subnet (typically the third one in a CIDR) to expose the Cloud DNS service so that it can be consumed from outside of GCP. ### Private Google Access @@ -262,9 +262,9 @@ You're now ready to run `terraform init` and `apply`. To create a new environment (e.g. `staging`), a few changes are required. -Create a `vpc-spoke-staging.tf` file by copying `vpc-spoke-prod.tf` file, +Create a `spoke-staging.tf` file by copying `spoke-prod.tf` file, and adapt the new file by replacing the value "prod" with the value "staging". -Running `diff vpc-spoke-dev.tf vpc-spoke-prod.tf` can help to see how environment files differ. +Running `diff spoke-dev.tf spoke-prod.tf` can help to see how environment files differ. The new VPC requires a set of dedicated CIDRs, one per region, added to variable `custom_adv` (for example as `spoke_staging_ew1` and `spoke_staging_ew4`). >`custom_adv` is a map that "resolves" CIDR names to actual addresses, and will be used later to configure routing. @@ -292,14 +292,14 @@ DNS configurations are centralised in the `dns.tf` file. Spokes delegate DNS res | [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | | | [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns | | | [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | | +| [landing.tf](./landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | | | [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder | | | [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard | | [outputs.tf](./outputs.tf) | Module outputs. | | local_file | +| [spoke-dev.tf](./spoke-dev.tf) | Dev spoke VPC and related resources. | net-address · net-cloudnat · net-vpc · net-vpc-firewall · project | google_project_iam_binding | +| [spoke-prod.tf](./spoke-prod.tf) | Production spoke VPC and related resources. | net-address · net-cloudnat · net-vpc · net-vpc-firewall · project | google_project_iam_binding | | [test-resources.tf](./test-resources.tf) | temporary instances for testing | compute-vm | | | [variables.tf](./variables.tf) | Module variables. | | | -| [vpc-landing.tf](./vpc-landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | | -| [vpc-spoke-dev.tf](./vpc-spoke-dev.tf) | Dev spoke VPC and related resources. | net-address · net-cloudnat · net-vpc · net-vpc-firewall · project | google_project_iam_binding | -| [vpc-spoke-prod.tf](./vpc-spoke-prod.tf) | Production spoke VPC and related resources. | net-address · net-cloudnat · net-vpc · net-vpc-firewall · project | google_project_iam_binding | | [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | | | [vpn-spoke-dev.tf](./vpn-spoke-dev.tf) | VPN between landing and development spoke. | net-vpn-ha | | | [vpn-spoke-prod.tf](./vpn-spoke-prod.tf) | VPN between landing and production spoke. | net-vpn-ha | | diff --git a/fast/stages/02-networking-vpn/vpc-landing.tf b/fast/stages/02-networking-vpn/landing.tf similarity index 100% rename from fast/stages/02-networking-vpn/vpc-landing.tf rename to fast/stages/02-networking-vpn/landing.tf diff --git a/fast/stages/02-networking-vpn/vpc-spoke-dev.tf b/fast/stages/02-networking-vpn/spoke-dev.tf similarity index 100% rename from fast/stages/02-networking-vpn/vpc-spoke-dev.tf rename to fast/stages/02-networking-vpn/spoke-dev.tf diff --git a/fast/stages/02-networking-vpn/vpc-spoke-prod.tf b/fast/stages/02-networking-vpn/spoke-prod.tf similarity index 100% rename from fast/stages/02-networking-vpn/vpc-spoke-prod.tf rename to fast/stages/02-networking-vpn/spoke-prod.tf