fix onprem tunnel variable (#461)
This commit is contained in:
parent
51cd70ce9a
commit
b9e8327987
|
@ -0,0 +1 @@
|
|||
ludo-*.tf
|
|
@ -321,8 +321,8 @@ DNS configurations are centralised in the `dns.tf` file. Spokes delegate DNS res
|
|||
| [project_factory_sa](variables.tf#L119) | IAM emails for project factory service accounts | <code>map(string)</code> | | <code>{}</code> | <code>01-resman</code> |
|
||||
| [psa_ranges](variables.tf#L126) | IP ranges used for Private Service Access (e.g. CloudSQL). | <code>map(map(string))</code> | | <code title="{ prod = { cloudsql-mysql = "10.136.250.0/24" cloudsql-sqlserver = "10.136.251.0/24" } dev = { cloudsql-mysql = "10.144.250.0/24" cloudsql-sqlserver = "10.144.251.0/24" } }">{…}</code> | |
|
||||
| [router_configs](variables.tf#L141) | Configurations for CRs and onprem routers. | <code title="map(object({ adv = object({ custom = list(string) default = bool }) asn = number }))">map(object({…}))</code> | | <code title="{ onprem-ew1 = { asn = "65534" adv = null } landing-ew1 = { asn = "64512", adv = null } landing-ew4 = { asn = "64512", adv = null } spoke-dev-ew1 = { asn = "64513", adv = null } spoke-dev-ew4 = { asn = "64513", adv = null } spoke-prod-ew1 = { asn = "64514", adv = null } spoke-prod-ew4 = { asn = "64514", adv = null } }">{…}</code> | |
|
||||
| [vpn_onprem_configs](variables.tf#L165) | VPN gateway configuration for onprem interconnection. | <code title="map(object({ adv = object({ default = bool custom = list(string) }) peer_external_gateway = object({ redundancy_type = string interfaces = list(object({ id = number ip_address = string })) }) tunnels = list(object({ peer_asn = number secret = string session_range = string vpn_gateway_interface = number })) }))">map(object({…}))</code> | | <code title="{ landing-ew1 = { adv = { default = false custom = [ "cloud_dns", "googleapis_private", "googleapis_restricted", "gcp_all" ] } peer_external_gateway = { redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT" interfaces = [ { id = 0, ip_address = "8.8.8.8" }, ] } tunnels = [ { peer_asn = 65534 secret = "foobar" session_range = "169.254.1.0/30" vpn_gateway_interface = 0 }, { peer_asn = 65534 secret = "foobar" session_range = "169.254.1.4/30" vpn_gateway_interface = 1 } ] } }">{…}</code> | |
|
||||
| [vpn_spoke_configs](variables.tf#L218) | VPN gateway configuration for spokes. | <code title="map(object({ adv = object({ default = bool custom = list(string) }) session_range = string }))">map(object({…}))</code> | | <code title="{ landing-ew1 = { adv = { default = false custom = ["rfc_1918_10", "rfc_1918_172", "rfc_1918_192"] } session_range = null } landing-ew4 = { adv = { default = false custom = ["rfc_1918_10", "rfc_1918_172", "rfc_1918_192"] } session_range = null } dev-ew1 = { adv = { default = false custom = ["gcp_dev"] } session_range = "169.254.0.0/27" } prod-ew1 = { adv = { default = false custom = ["gcp_prod"] } session_range = "169.254.0.64/27" } prod-ew4 = { adv = { default = false custom = ["gcp_prod"] } session_range = "169.254.0.96/27" } }">{…}</code> | |
|
||||
| [vpn_onprem_configs](variables.tf#L165) | VPN gateway configuration for onprem interconnection. | <code title="map(object({ adv = object({ default = bool custom = list(string) }) peer_external_gateway = object({ redundancy_type = string interfaces = list(object({ id = number ip_address = string })) }) tunnels = list(object({ peer_asn = number peer_external_gateway_interface = number secret = string session_range = string vpn_gateway_interface = number })) }))">map(object({…}))</code> | | <code title="{ landing-ew1 = { adv = { default = false custom = [ "cloud_dns", "googleapis_private", "googleapis_restricted", "gcp_all" ] } peer_external_gateway = { redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT" interfaces = [ { id = 0, ip_address = "8.8.8.8" }, ] } tunnels = [ { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.0/30" vpn_gateway_interface = 0 }, { peer_asn = 65534 peer_external_gateway_interface = 0 secret = "foobar" session_range = "169.254.1.4/30" vpn_gateway_interface = 1 } ] } }">{…}</code> | |
|
||||
| [vpn_spoke_configs](variables.tf#L221) | VPN gateway configuration for spokes. | <code title="map(object({ adv = object({ default = bool custom = list(string) }) session_range = string }))">map(object({…}))</code> | | <code title="{ landing-ew1 = { adv = { default = false custom = ["rfc_1918_10", "rfc_1918_172", "rfc_1918_192"] } session_range = null } landing-ew4 = { adv = { default = false custom = ["rfc_1918_10", "rfc_1918_172", "rfc_1918_192"] } session_range = null } dev-ew1 = { adv = { default = false custom = ["gcp_dev"] } session_range = "169.254.0.0/27" } prod-ew1 = { adv = { default = false custom = ["gcp_prod"] } session_range = "169.254.0.64/27" } prod-ew4 = { adv = { default = false custom = ["gcp_prod"] } session_range = "169.254.0.96/27" } }">{…}</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -177,10 +177,11 @@ variable "vpn_onprem_configs" {
|
|||
}))
|
||||
})
|
||||
tunnels = list(object({
|
||||
peer_asn = number
|
||||
secret = string
|
||||
session_range = string
|
||||
vpn_gateway_interface = number
|
||||
peer_asn = number
|
||||
peer_external_gateway_interface = number
|
||||
secret = string
|
||||
session_range = string
|
||||
vpn_gateway_interface = number
|
||||
}))
|
||||
}))
|
||||
default = {
|
||||
|
@ -199,16 +200,18 @@ variable "vpn_onprem_configs" {
|
|||
}
|
||||
tunnels = [
|
||||
{
|
||||
peer_asn = 65534
|
||||
secret = "foobar"
|
||||
session_range = "169.254.1.0/30"
|
||||
vpn_gateway_interface = 0
|
||||
peer_asn = 65534
|
||||
peer_external_gateway_interface = 0
|
||||
secret = "foobar"
|
||||
session_range = "169.254.1.0/30"
|
||||
vpn_gateway_interface = 0
|
||||
},
|
||||
{
|
||||
peer_asn = 65534
|
||||
secret = "foobar"
|
||||
session_range = "169.254.1.4/30"
|
||||
vpn_gateway_interface = 1
|
||||
peer_asn = 65534
|
||||
peer_external_gateway_interface = 0
|
||||
secret = "foobar"
|
||||
session_range = "169.254.1.4/30"
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -43,7 +43,7 @@ module "landing-to-onprem-ew1-vpn" {
|
|||
peer_external_gateway = var.vpn_onprem_configs.landing-ew1.peer_external_gateway
|
||||
tunnels = {
|
||||
for t in var.vpn_onprem_configs.landing-ew1.tunnels :
|
||||
"remote-${t.vpn_gateway_interface}" => {
|
||||
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {
|
||||
bgp_peer = {
|
||||
address = cidrhost(t.session_range, 1)
|
||||
asn = t.peer_asn
|
||||
|
@ -51,7 +51,7 @@ module "landing-to-onprem-ew1-vpn" {
|
|||
bgp_peer_options = local.bgp_peer_options_onprem.landing-ew1
|
||||
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
|
||||
ike_version = 2
|
||||
peer_external_gateway_interface = 0
|
||||
peer_external_gateway_interface = t.peer_external_gateway_interface
|
||||
router = null
|
||||
shared_secret = t.secret
|
||||
vpn_gateway_interface = t.vpn_gateway_interface
|
||||
|
|
Loading…
Reference in New Issue