Merge pull request #1400 from GoogleCloudPlatform/jccb/default-vpc-routes
Add default googleapi route creation to net-vpc
This commit is contained in:
commit
b1ea36b069
|
@ -106,5 +106,5 @@ module "test" {
|
|||
europe-west1 = "10.0.0.0/28"
|
||||
}
|
||||
}
|
||||
# tftest modules=10 resources=62
|
||||
# tftest modules=10 resources=64
|
||||
```
|
||||
|
|
|
@ -80,5 +80,5 @@ module "test" {
|
|||
project_id = "my-project"
|
||||
hostname = "test.myorg.org"
|
||||
}
|
||||
# tftest modules=18 resources=59
|
||||
# tftest modules=18 resources=61
|
||||
```
|
||||
|
|
|
@ -79,5 +79,5 @@ module "test" {
|
|||
onprem_project_id = "my-onprem-project"
|
||||
hostname = "test.myorg.org"
|
||||
}
|
||||
# tftest modules=14 resources=73
|
||||
# tftest modules=14 resources=77
|
||||
```
|
||||
|
|
|
@ -89,5 +89,5 @@ module "test" {
|
|||
ad_dns_domain_name = "example.com"
|
||||
adfs_dns_domain_name = "adfs.example.com"
|
||||
}
|
||||
# tftest modules=5 resources=18
|
||||
# tftest modules=5 resources=20
|
||||
```
|
||||
|
|
|
@ -82,5 +82,5 @@ module "test" {
|
|||
project_id = "project-1"
|
||||
}
|
||||
|
||||
# tftest modules=7 resources=21
|
||||
# tftest modules=7 resources=23
|
||||
```
|
||||
|
|
|
@ -128,5 +128,5 @@ module "test1" {
|
|||
project_create = true
|
||||
project_id = "test"
|
||||
}
|
||||
# tftest modules=9 resources=25
|
||||
# tftest modules=9 resources=27
|
||||
```
|
||||
|
|
|
@ -51,5 +51,5 @@ module "test" {
|
|||
shared_vpc_link = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default"
|
||||
teams = ["team1", "team2"]
|
||||
}
|
||||
# tftest modules=9 resources=12
|
||||
# tftest modules=9 resources=16
|
||||
```
|
||||
|
|
|
@ -115,5 +115,5 @@ module "test" {
|
|||
packer_account_users = ["user:john@example.com"]
|
||||
create_packer_vars = true
|
||||
}
|
||||
# tftest modules=7 resources=17 files=pkrvars
|
||||
# tftest modules=7 resources=19 files=pkrvars
|
||||
```
|
||||
|
|
|
@ -128,5 +128,5 @@ module "test" {
|
|||
billing_account = "123456-123456-123456"
|
||||
project_create = true
|
||||
}
|
||||
# tftest modules=11 resources=35
|
||||
# tftest modules=11 resources=37
|
||||
```
|
||||
|
|
|
@ -52,5 +52,5 @@ module "test" {
|
|||
migration_admin_users = ["user:admin@example.com"]
|
||||
migration_viewer_users = ["user:viewer@example.com"]
|
||||
}
|
||||
# tftest modules=5 resources=20
|
||||
# tftest modules=5 resources=22
|
||||
```
|
||||
|
|
|
@ -98,5 +98,5 @@ module "test" {
|
|||
prefix = "prefix"
|
||||
}
|
||||
|
||||
# tftest modules=9 resources=48
|
||||
# tftest modules=9 resources=50
|
||||
```
|
||||
|
|
|
@ -180,5 +180,5 @@ module "test" {
|
|||
}
|
||||
prefix = "prefix"
|
||||
}
|
||||
# tftest modules=10 resources=50
|
||||
# tftest modules=10 resources=52
|
||||
```
|
||||
|
|
|
@ -66,5 +66,5 @@ module "test" {
|
|||
}
|
||||
prefix = "prefix"
|
||||
}
|
||||
# tftest modules=8 resources=27
|
||||
# tftest modules=8 resources=29
|
||||
```
|
||||
|
|
|
@ -125,5 +125,5 @@ module "test" {
|
|||
}
|
||||
prefix = "prefix"
|
||||
}
|
||||
# tftest modules=5 resources=26
|
||||
# tftest modules=5 resources=28
|
||||
```
|
||||
|
|
|
@ -226,7 +226,7 @@ module "data-platform" {
|
|||
prefix = "myprefix"
|
||||
}
|
||||
|
||||
# tftest modules=43 resources=279
|
||||
# tftest modules=43 resources=285
|
||||
```
|
||||
|
||||
## Customizations
|
||||
|
@ -307,5 +307,5 @@ module "test" {
|
|||
}
|
||||
prefix = "prefix"
|
||||
}
|
||||
# tftest modules=43 resources=279
|
||||
# tftest modules=43 resources=285
|
||||
```
|
||||
|
|
|
@ -203,7 +203,7 @@ module "data-platform" {
|
|||
prefix = "myprefix"
|
||||
}
|
||||
|
||||
# tftest modules=21 resources=110
|
||||
# tftest modules=21 resources=112
|
||||
```
|
||||
|
||||
## Customizations
|
||||
|
|
|
@ -86,5 +86,5 @@ module "test" {
|
|||
parent = "folders/467898377"
|
||||
}
|
||||
}
|
||||
# tftest modules=8 resources=41
|
||||
# tftest modules=8 resources=43
|
||||
```
|
||||
|
|
|
@ -228,5 +228,5 @@ module "test" {
|
|||
project_id = "project-1"
|
||||
prefix = "prefix"
|
||||
}
|
||||
# tftest modules=12 resources=47
|
||||
# tftest modules=12 resources=49
|
||||
```
|
||||
|
|
|
@ -87,5 +87,5 @@ module "test" {
|
|||
ad_domain_fqdn = "ad.example.com"
|
||||
ad_domain_netbios = "ad"
|
||||
}
|
||||
# tftest modules=12 resources=38
|
||||
# tftest modules=12 resources=40
|
||||
```
|
||||
|
|
|
@ -72,7 +72,7 @@ module "test" {
|
|||
project_id = "test-dev"
|
||||
}
|
||||
}
|
||||
# tftest modules=11 resources=60
|
||||
# tftest modules=11 resources=62
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
@ -127,5 +127,5 @@ module "test" {
|
|||
project_id = "test-dev"
|
||||
}
|
||||
}
|
||||
# tftest modules=13 resources=65
|
||||
# tftest modules=13 resources=67
|
||||
```
|
||||
|
|
|
@ -91,5 +91,5 @@ module "test" {
|
|||
}
|
||||
project_id = "my-project"
|
||||
}
|
||||
# tftest modules=11 resources=34
|
||||
```
|
||||
# tftest modules=11 resources=36
|
||||
```
|
||||
|
|
|
@ -138,5 +138,5 @@ module "test" {
|
|||
}
|
||||
project_id = "my-project"
|
||||
}
|
||||
# tftest modules=14 resources=47
|
||||
# tftest modules=14 resources=49
|
||||
```
|
||||
|
|
|
@ -103,5 +103,5 @@ module "test" {
|
|||
mgmt_subnet_cidr_block = "10.0.0.0/24"
|
||||
istio_version = "1.14.1-asm.3"
|
||||
}
|
||||
# tftest modules=13 resources=57
|
||||
# tftest modules=13 resources=59
|
||||
```
|
||||
|
|
|
@ -51,5 +51,5 @@ module "test" {
|
|||
root_node = "organizations/0123456789"
|
||||
}
|
||||
|
||||
# tftest modules=9 resources=50
|
||||
# tftest modules=9 resources=54
|
||||
```
|
||||
|
|
|
@ -40,5 +40,5 @@ module "test" {
|
|||
}
|
||||
project_id = "test-project"
|
||||
}
|
||||
# tftest modules=13 resources=37
|
||||
# tftest modules=13 resources=41
|
||||
```
|
||||
|
|
|
@ -47,7 +47,7 @@ module "test1" {
|
|||
prefix = "fabric"
|
||||
root_node = "folders/123456789"
|
||||
}
|
||||
# tftest modules=14 resources=36
|
||||
# tftest modules=14 resources=38
|
||||
```
|
||||
|
||||
```hcl
|
||||
|
@ -58,5 +58,5 @@ module "test2" {
|
|||
prefix = "fabric"
|
||||
root_node = "folders/123456789"
|
||||
}
|
||||
# tftest modules=12 resources=30
|
||||
# tftest modules=12 resources=32
|
||||
```
|
||||
|
|
|
@ -151,5 +151,5 @@ module "test" {
|
|||
project_id = "project-1"
|
||||
enforce_security_policy = true
|
||||
}
|
||||
# tftest modules=12 resources=26
|
||||
# tftest modules=12 resources=28
|
||||
```
|
||||
|
|
|
@ -96,5 +96,5 @@ module "test" {
|
|||
}
|
||||
}
|
||||
|
||||
# tftest modules=21 resources=64
|
||||
# tftest modules=21 resources=70
|
||||
```
|
||||
|
|
|
@ -115,5 +115,5 @@ module "test" {
|
|||
project_id = "project-1"
|
||||
}
|
||||
|
||||
# tftest modules=22 resources=61
|
||||
# tftest modules=22 resources=67
|
||||
```
|
||||
|
|
|
@ -114,5 +114,5 @@ module "test" {
|
|||
project_id = "project-1"
|
||||
}
|
||||
|
||||
# tftest modules=20 resources=73
|
||||
# tftest modules=20 resources=79
|
||||
```
|
||||
|
|
|
@ -96,5 +96,5 @@ module "test" {
|
|||
project_create = true
|
||||
project_id = "project-1"
|
||||
}
|
||||
# tftest modules=18 resources=42
|
||||
# tftest modules=18 resources=46
|
||||
```
|
||||
|
|
|
@ -45,5 +45,5 @@ module "test" {
|
|||
}
|
||||
project_id = "test-project"
|
||||
}
|
||||
# tftest modules=11 resources=40
|
||||
# tftest modules=11 resources=44
|
||||
```
|
||||
|
|
|
@ -80,5 +80,5 @@ module "test" {
|
|||
prefix = "test"
|
||||
root_node = "organizations/0123456789"
|
||||
}
|
||||
# tftest modules=11 resources=43
|
||||
# tftest modules=11 resources=45
|
||||
```
|
||||
|
|
|
@ -238,7 +238,7 @@ module "test" {
|
|||
prj_onprem_id = "onprem-project-id"
|
||||
}
|
||||
|
||||
# tftest modules=15 resources=46
|
||||
# tftest modules=15 resources=50
|
||||
```
|
||||
|
||||
```hcl
|
||||
|
@ -262,7 +262,7 @@ module "test" {
|
|||
tf_identity = "user@example.org"
|
||||
}
|
||||
|
||||
# tftest modules=15 resources=32
|
||||
# tftest modules=15 resources=36
|
||||
```
|
||||
|
||||
```hcl
|
||||
|
@ -281,5 +281,5 @@ module "test" {
|
|||
custom_domain = "cloud-run-corporate.example.org"
|
||||
}
|
||||
|
||||
# tftest modules=14 resources=43
|
||||
# tftest modules=14 resources=45
|
||||
```
|
||||
|
|
|
@ -38,6 +38,13 @@ module "dev-spoke-vpc-serverless" {
|
|||
ip_cidr_range = var.serverless_connector_config.dev-primary.ip_cidr_range
|
||||
region = var.regions.primary
|
||||
}]
|
||||
# these should be create from the main VPC
|
||||
create_googleapis_routes = {
|
||||
private = false
|
||||
private-6 = false
|
||||
restricted = false
|
||||
restricted-6 = false
|
||||
}
|
||||
}
|
||||
|
||||
module "prod-spoke-vpc-serverless" {
|
||||
|
@ -51,6 +58,13 @@ module "prod-spoke-vpc-serverless" {
|
|||
ip_cidr_range = var.serverless_connector_config.prod-primary.ip_cidr_range
|
||||
region = var.regions.primary
|
||||
}]
|
||||
# these should be create from the main VPC
|
||||
create_googleapis_routes = {
|
||||
private = false
|
||||
private-6 = false
|
||||
restricted = false
|
||||
restricted-6 = false
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_vpc_access_connector" "dev-primary" {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -51,17 +51,9 @@ module "landing-vpc" {
|
|||
inbound = true
|
||||
}
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
data_folder = "${var.factories_config.data_dir}/subnets/landing"
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -53,17 +53,9 @@ module "dev-spoke-vpc" {
|
|||
data_folder = "${var.factories_config.data_dir}/subnets/dev"
|
||||
psa_config = try(var.psa_ranges.dev, null)
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -52,17 +52,9 @@ module "prod-spoke-vpc" {
|
|||
data_folder = "${var.factories_config.data_dir}/subnets/prod"
|
||||
psa_config = try(var.psa_ranges.prod, null)
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -51,17 +51,9 @@ module "landing-vpc" {
|
|||
inbound = true
|
||||
}
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
data_folder = "${var.factories_config.data_dir}/subnets/landing"
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -53,17 +53,9 @@ module "dev-spoke-vpc" {
|
|||
data_folder = "${var.factories_config.data_dir}/subnets/dev"
|
||||
psa_config = try(var.psa_ranges.dev, null)
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -52,17 +52,9 @@ module "prod-spoke-vpc" {
|
|||
data_folder = "${var.factories_config.data_dir}/subnets/prod"
|
||||
psa_config = try(var.psa_ranges.prod, null)
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -53,6 +53,10 @@ module "landing-untrusted-vpc" {
|
|||
inbound = false
|
||||
logging = false
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = false
|
||||
restricted = false
|
||||
}
|
||||
data_folder = "${var.factories_config.data_dir}/subnets/landing-untrusted"
|
||||
}
|
||||
|
||||
|
@ -116,17 +120,9 @@ module "landing-trusted-vpc" {
|
|||
inbound = true
|
||||
}
|
||||
# Set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -53,19 +53,11 @@ module "dev-spoke-vpc" {
|
|||
delete_default_routes_on_create = true
|
||||
psa_config = try(var.psa_ranges.dev, null)
|
||||
# Set explicit routes for googleapis; send everything else to NVAs
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
nva-primary-to-primary = {
|
||||
dest_range = "0.0.0.0/0"
|
||||
priority = 1000
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -52,19 +52,11 @@ module "prod-spoke-vpc" {
|
|||
delete_default_routes_on_create = true
|
||||
psa_config = try(var.psa_ranges.prod, null)
|
||||
# Set explicit routes for googleapis; send everything else to NVAs
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
nva-primary-to-primary = {
|
||||
dest_range = "0.0.0.0/0"
|
||||
priority = 1000
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -53,17 +53,9 @@ module "dev-spoke-vpc" {
|
|||
data_folder = "${var.factories_config.data_dir}/subnets/dev"
|
||||
psa_config = try(var.psa_ranges.dev, null)
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -52,17 +52,9 @@ module "prod-spoke-vpc" {
|
|||
data_folder = "${var.factories_config.data_dir}/subnets/prod"
|
||||
psa_config = try(var.psa_ranges.prod, null)
|
||||
# set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -54,6 +54,10 @@ module "landing-untrusted-vpc" {
|
|||
inbound = false
|
||||
logging = false
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = false
|
||||
restricted = false
|
||||
}
|
||||
data_folder = "${var.factories_config.data_dir}/subnets/landing-untrusted"
|
||||
}
|
||||
|
||||
|
@ -117,17 +121,9 @@ module "landing-trusted-vpc" {
|
|||
inbound = true
|
||||
}
|
||||
# Set explicit routes for googleapis in case the default route is deleted
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -53,19 +53,9 @@ module "dev-spoke-vpc" {
|
|||
delete_default_routes_on_create = true
|
||||
psa_config = try(var.psa_ranges.dev, null)
|
||||
# Set explicit routes for googleapis; send everything else to NVAs
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -52,19 +52,9 @@ module "prod-spoke-vpc" {
|
|||
delete_default_routes_on_create = true
|
||||
psa_config = try(var.psa_ranges.prod, null)
|
||||
# Set explicit routes for googleapis; send everything else to NVAs
|
||||
routes = {
|
||||
private-googleapis = {
|
||||
dest_range = "199.36.153.8/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
restricted-googleapis = {
|
||||
dest_range = "199.36.153.4/30"
|
||||
priority = 999
|
||||
next_hop_type = "gateway"
|
||||
next_hop = "default-internet-gateway"
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
private = true
|
||||
restricted = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ module "db" {
|
|||
database_version = "POSTGRES_13"
|
||||
tier = "db-g1-small"
|
||||
}
|
||||
# tftest modules=3 resources=9 inventory=simple.yaml
|
||||
# tftest modules=3 resources=11 inventory=simple.yaml
|
||||
```
|
||||
|
||||
## Cross-regional read replica
|
||||
|
|
|
@ -119,7 +119,7 @@ module "hub" {
|
|||
}
|
||||
}
|
||||
|
||||
# tftest modules=4 resources=16 inventory=full.yaml
|
||||
# tftest modules=4 resources=18 inventory=full.yaml
|
||||
```
|
||||
|
||||
## Multi-cluster mesh on GKE
|
||||
|
@ -314,7 +314,7 @@ module "hub" {
|
|||
]
|
||||
}
|
||||
|
||||
# tftest modules=8 resources=32
|
||||
# tftest modules=8 resources=34
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -59,7 +59,7 @@ module "firewall-policy" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=7
|
||||
# tftest modules=2 resources=9
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -17,6 +17,7 @@ This module allows creation and management of VPC networks including subnetworks
|
|||
- [DNS Policies](#dns-policies)
|
||||
- [Subnet Factory](#subnet-factory)
|
||||
- [Custom Routes](#custom-routes)
|
||||
- [Private Google Access routes](#private-google-access-routes)
|
||||
- [Allow Firewall Policy to be evaluated before Firewall Rules](#allow-firewall-policy-to-be-evaluated-before-firewall-rules)
|
||||
- [Variables](#variables)
|
||||
- [Outputs](#outputs)
|
||||
|
@ -45,7 +46,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=3 inventory=simple.yaml
|
||||
# tftest modules=1 resources=5 inventory=simple.yaml
|
||||
```
|
||||
|
||||
### Subnet Options
|
||||
|
@ -92,7 +93,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=5 inventory=subnet-options.yaml
|
||||
# tftest modules=1 resources=7 inventory=subnet-options.yaml
|
||||
```
|
||||
|
||||
### Subnet IAM
|
||||
|
@ -129,7 +130,7 @@ module "vpc" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=6 inventory=subnet-iam.yaml
|
||||
# tftest modules=1 resources=8 inventory=subnet-iam.yaml
|
||||
```
|
||||
|
||||
### Peering
|
||||
|
@ -164,7 +165,7 @@ module "vpc-spoke-1" {
|
|||
import_routes = true
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=6 inventory=peering.yaml
|
||||
# tftest modules=2 resources=10 inventory=peering.yaml
|
||||
```
|
||||
|
||||
### Shared VPC
|
||||
|
@ -215,7 +216,7 @@ module "vpc-host" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=7 inventory=shared-vpc.yaml
|
||||
# tftest modules=1 resources=9 inventory=shared-vpc.yaml
|
||||
```
|
||||
|
||||
### Private Service Networking
|
||||
|
@ -236,7 +237,7 @@ module "vpc" {
|
|||
ranges = { myrange = "10.0.1.0/24" }
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=5 inventory=psc.yaml
|
||||
# tftest modules=1 resources=7 inventory=psc.yaml
|
||||
```
|
||||
|
||||
### Private Service Networking with peering routes
|
||||
|
@ -261,7 +262,7 @@ module "vpc" {
|
|||
import_routes = true
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=5 inventory=psc-routes.yaml
|
||||
# tftest modules=1 resources=7 inventory=psc-routes.yaml
|
||||
```
|
||||
|
||||
### Subnets for Private Service Connect, Proxy-only subnets
|
||||
|
@ -293,7 +294,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=3 inventory=proxy-only-subnets.yaml
|
||||
# tftest modules=1 resources=5 inventory=proxy-only-subnets.yaml
|
||||
```
|
||||
|
||||
### DNS Policies
|
||||
|
@ -318,7 +319,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=3 inventory=dns-policies.yaml
|
||||
# tftest modules=1 resources=5 inventory=dns-policies.yaml
|
||||
```
|
||||
|
||||
### Subnet Factory
|
||||
|
@ -332,7 +333,7 @@ module "vpc" {
|
|||
name = "my-network"
|
||||
data_folder = "config/subnets"
|
||||
}
|
||||
# tftest modules=1 resources=9 files=subnet-simple,subnet-simple-2,subnet-detailed,subnet-proxy,subnet-psc inventory=factory.yaml
|
||||
# tftest modules=1 resources=11 files=subnet-simple,subnet-simple-2,subnet-detailed,subnet-proxy,subnet-psc inventory=factory.yaml
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
@ -400,6 +401,7 @@ locals {
|
|||
vpn_tunnel = "regions/europe-west1/vpnTunnels/foo"
|
||||
}
|
||||
}
|
||||
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
for_each = local.route_types
|
||||
|
@ -420,10 +422,36 @@ module "vpc" {
|
|||
next_hop = "global/gateways/default-internet-gateway"
|
||||
}
|
||||
}
|
||||
create_googleapis_routes = {
|
||||
restricted = false
|
||||
restricted-6 = false
|
||||
private = false
|
||||
private-6 = false
|
||||
}
|
||||
}
|
||||
# tftest modules=5 resources=15 inventory=routes.yaml
|
||||
```
|
||||
|
||||
### Private Google Access routes
|
||||
|
||||
By default the VPC module creates IPv4 routes for the [Private Google Access ranges](https://cloud.google.com/vpc/docs/configure-private-google-access#config-routing). This behavior can be controlled through the `create_googleapis_routes` variable:
|
||||
|
||||
```hcl
|
||||
module "vpc" {
|
||||
source = "./fabric/modules/net-vpc"
|
||||
project_id = "my-project"
|
||||
name = "my-vpc"
|
||||
create_googleapis_routes = {
|
||||
restricted = false
|
||||
restricted-6 = true
|
||||
private = false
|
||||
private-6 = true
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3 inventory=googleapis.yaml
|
||||
```
|
||||
|
||||
|
||||
### Allow Firewall Policy to be evaluated before Firewall Rules
|
||||
|
||||
```hcl
|
||||
|
@ -449,7 +477,7 @@ module "vpc" {
|
|||
}
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=3 inventory=firewall_policy_enforcement_order.yaml
|
||||
# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
@ -457,27 +485,28 @@ module "vpc" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L72) | The name of the network being created. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L88) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L84) | The name of the network being created. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L100) | The ID of the project where this VPC will be created. | <code>string</code> | ✓ | |
|
||||
| [auto_create_subnetworks](variables.tf#L17) | Set to true to create an auto mode subnet, defaults to custom mode. | <code>bool</code> | | <code>false</code> |
|
||||
| [data_folder](variables.tf#L23) | An optional folder containing the subnet configurations in YaML format. | <code>string</code> | | <code>null</code> |
|
||||
| [delete_default_routes_on_create](variables.tf#L29) | Set to true to delete the default routes at creation time. | <code>bool</code> | | <code>false</code> |
|
||||
| [description](variables.tf#L35) | An optional description of this resource (triggers recreation on change). | <code>string</code> | | <code>"Terraform-managed."</code> |
|
||||
| [dns_policy](variables.tf#L41) | DNS policy setup for the VPC. | <code title="object({ inbound = optional(bool) logging = optional(bool) outbound = optional(object({ private_ns = list(string) public_ns = list(string) })) })">object({…})</code> | | <code>null</code> |
|
||||
| [firewall_policy_enforcement_order](variables.tf#L54) | Order that Firewall Rules and Firewall Policies are evaluated. Can be either 'BEFORE_CLASSIC_FIREWALL' or 'AFTER_CLASSIC_FIREWALL'. | <code>string</code> | | <code>"AFTER_CLASSIC_FIREWALL"</code> |
|
||||
| [mtu](variables.tf#L66) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | <code>number</code> | | <code>null</code> |
|
||||
| [peering_config](variables.tf#L77) | VPC peering configuration. | <code title="object({ peer_vpc_self_link = string create_remote_peer = optional(bool, true) export_routes = optional(bool) import_routes = optional(bool) })">object({…})</code> | | <code>null</code> |
|
||||
| [psa_config](variables.tf#L93) | The Private Service Access configuration for Service Networking. | <code title="object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) })">object({…})</code> | | <code>null</code> |
|
||||
| [routes](variables.tf#L103) | Network routes, keyed by name. | <code title="map(object({ dest_range = string next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb next_hop = string priority = optional(number) tags = optional(list(string)) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [routing_mode](variables.tf#L123) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>"GLOBAL"</code> |
|
||||
| [shared_vpc_host](variables.tf#L133) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
|
||||
| [shared_vpc_service_projects](variables.tf#L139) | Shared VPC service projects to register with this host. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [subnet_iam](variables.tf#L145) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [subnet_iam_additive](variables.tf#L151) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [subnets](variables.tf#L158) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) enable_private_access = optional(bool, true) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string) enable_private_access = optional(bool, true) })) secondary_ip_ranges = optional(map(string)) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_proxy_only](variables.tf#L183) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = bool }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_psc](variables.tf#L195) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [vpc_create](variables.tf#L206) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
||||
| [create_googleapis_routes](variables.tf#L23) | Toggle creation of googleapis private/restricted routes. | <code title="object({ private = optional(bool, true) private-6 = optional(bool, false) restricted = optional(bool, true) restricted-6 = optional(bool, false) })">object({…})</code> | | <code>{}</code> |
|
||||
| [data_folder](variables.tf#L35) | An optional folder containing the subnet configurations in YaML format. | <code>string</code> | | <code>null</code> |
|
||||
| [delete_default_routes_on_create](variables.tf#L41) | Set to true to delete the default routes at creation time. | <code>bool</code> | | <code>false</code> |
|
||||
| [description](variables.tf#L47) | An optional description of this resource (triggers recreation on change). | <code>string</code> | | <code>"Terraform-managed."</code> |
|
||||
| [dns_policy](variables.tf#L53) | DNS policy setup for the VPC. | <code title="object({ inbound = optional(bool) logging = optional(bool) outbound = optional(object({ private_ns = list(string) public_ns = list(string) })) })">object({…})</code> | | <code>null</code> |
|
||||
| [firewall_policy_enforcement_order](variables.tf#L66) | Order that Firewall Rules and Firewall Policies are evaluated. Can be either 'BEFORE_CLASSIC_FIREWALL' or 'AFTER_CLASSIC_FIREWALL'. | <code>string</code> | | <code>"AFTER_CLASSIC_FIREWALL"</code> |
|
||||
| [mtu](variables.tf#L78) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | <code>number</code> | | <code>null</code> |
|
||||
| [peering_config](variables.tf#L89) | VPC peering configuration. | <code title="object({ peer_vpc_self_link = string create_remote_peer = optional(bool, true) export_routes = optional(bool) import_routes = optional(bool) })">object({…})</code> | | <code>null</code> |
|
||||
| [psa_config](variables.tf#L105) | The Private Service Access configuration for Service Networking. | <code title="object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) })">object({…})</code> | | <code>null</code> |
|
||||
| [routes](variables.tf#L115) | Network routes, keyed by name. | <code title="map(object({ dest_range = string next_hop_type = string # gateway, instance, ip, vpn_tunnel, ilb next_hop = string priority = optional(number) tags = optional(list(string)) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [routing_mode](variables.tf#L135) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>"GLOBAL"</code> |
|
||||
| [shared_vpc_host](variables.tf#L145) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> |
|
||||
| [shared_vpc_service_projects](variables.tf#L151) | Shared VPC service projects to register with this host. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [subnet_iam](variables.tf#L157) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [subnet_iam_additive](variables.tf#L163) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [subnets](variables.tf#L170) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) enable_private_access = optional(bool, true) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string) enable_private_access = optional(bool, true) })) secondary_ip_ranges = optional(map(string)) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_proxy_only](variables.tf#L195) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = bool }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [subnets_psc](variables.tf#L207) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [vpc_create](variables.tf#L218) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -17,7 +17,23 @@
|
|||
# tfdoc:file:description Route resources.
|
||||
|
||||
locals {
|
||||
_routes = var.routes == null ? {} : var.routes
|
||||
_googleapis_ranges = {
|
||||
private = "199.36.153.8/30"
|
||||
private-6 = "2600:2d00:0002:2000::/64"
|
||||
restricted = "199.36.153.4/30"
|
||||
restricted-6 = "2600:2d00:0002:1000::/64"
|
||||
}
|
||||
_googleapis_routes = {
|
||||
for k, v in local._googleapis_ranges : "${k}-googleapis" => {
|
||||
dest_range = v
|
||||
next_hop = "default-internet-gateway"
|
||||
next_hop_type = "gateway"
|
||||
priority = 1000
|
||||
tags = null
|
||||
}
|
||||
if var.create_googleapis_routes[k]
|
||||
}
|
||||
_routes = merge(local._googleapis_routes, coalesce(var.routes, {}))
|
||||
routes = {
|
||||
gateway = { for k, v in local._routes : k => v if v.next_hop_type == "gateway" }
|
||||
ilb = { for k, v in local._routes : k => v if v.next_hop_type == "ilb" }
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -20,6 +20,18 @@ variable "auto_create_subnetworks" {
|
|||
default = false
|
||||
}
|
||||
|
||||
variable "create_googleapis_routes" {
|
||||
description = "Toggle creation of googleapis private/restricted routes."
|
||||
type = object({
|
||||
private = optional(bool, true)
|
||||
private-6 = optional(bool, false)
|
||||
restricted = optional(bool, true)
|
||||
restricted-6 = optional(bool, false)
|
||||
})
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "data_folder" {
|
||||
description = "An optional folder containing the subnet configurations in YaML format."
|
||||
type = string
|
||||
|
|
|
@ -36,7 +36,3 @@ counts:
|
|||
google_compute_network: 1
|
||||
google_compute_subnetwork: 1
|
||||
google_dns_policy: 1
|
||||
modules: 1
|
||||
resources: 3
|
||||
|
||||
outputs: {}
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.vpc.google_compute_route.gateway["private-6-googleapis"]:
|
||||
dest_range: 2600:2d00:0002:2000::/64
|
||||
name: my-vpc-private-6-googleapis
|
||||
next_hop_gateway: default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
tags: null
|
||||
module.vpc.google_compute_route.gateway["restricted-6-googleapis"]:
|
||||
dest_range: 2600:2d00:0002:1000::/64
|
||||
name: my-vpc-restricted-6-googleapis
|
||||
next_hop_gateway: default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
tags: null
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_route: 2
|
|
@ -44,7 +44,31 @@ values:
|
|||
region: europe-west2
|
||||
role: null
|
||||
secondary_ip_range: []
|
||||
module.vpc.google_compute_route.gateway["private-googleapis"]:
|
||||
dest_range: 199.36.153.8/30
|
||||
name: my-network-private-googleapis
|
||||
next_hop_gateway: default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
tags: null
|
||||
timeouts: null
|
||||
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
|
||||
description: Terraform-managed.
|
||||
dest_range: 199.36.153.4/30
|
||||
name: my-network-restricted-googleapis
|
||||
next_hop_gateway: default-internet-gateway
|
||||
next_hop_ilb: null
|
||||
next_hop_instance: null
|
||||
next_hop_vpn_tunnel: null
|
||||
priority: 1000
|
||||
project: my-project
|
||||
tags: null
|
||||
timeouts: null
|
||||
|
||||
counts:
|
||||
google_compute_network: 1
|
||||
google_compute_subnetwork: 2
|
||||
google_compute_route: 2
|
||||
|
|
|
@ -54,5 +54,4 @@ counts:
|
|||
google_compute_subnetwork: 2
|
||||
google_compute_subnetwork_iam_binding: 1
|
||||
google_compute_subnetwork_iam_member: 2
|
||||
|
||||
outputs: {}
|
||||
google_compute_route: 2
|
||||
|
|
Loading…
Reference in New Issue