Merge branch 'master' into binauthz-fixes
This commit is contained in:
apichick
GitHub
commit
ba17e10ebd
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Copyright 2022 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
'on:blueprints':
|
||||||
|
- blueprints/**/*
|
||||||
|
'on:FAST':
|
||||||
|
- fast/**/*
|
||||||
|
'on:modules':
|
||||||
|
- modules/**/*
|
||||||
|
'on:tools':
|
||||||
|
- tools/**/*
|
||||||
|
- .github/**/*
|
||||||
|
|
@ -0,0 +1,30 @@
|
||||||
|
# Copyright 2022 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
name: "Label Pull Requests"
|
||||||
|
|
||||||
|
on:
|
||||||
|
pull_request_target:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
triage:
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
pull-requests: write
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/labeler@v4
|
||||||
|
with:
|
||||||
|
repo-token: "${{ secrets.GITHUB_TOKEN }}"
|
||||||
|
sync-labels: true
|
||||||
16
CHANGELOG.md
16
CHANGELOG.md
|
|
@ -8,6 +8,8 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
### BLUEPRINTS
|
### BLUEPRINTS
|
||||||
|
|
||||||
|
- [[#1009](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1009)] Fix encryption in Data Playground blueprint ([lcaggio](https://github.com/lcaggio)) <!-- 2022-11-25 15:19:02+00:00 -->
|
||||||
|
- [[#1003](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1003)] Normalize prefix handling in blueprints ([kunzese](https://github.com/kunzese)) <!-- 2022-11-23 10:09:00+00:00 -->
|
||||||
- [[#995](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/995)] Push container images to GitHub instead of Google Container Registry ([kunzese](https://github.com/kunzese)) <!-- 2022-11-21 14:53:52+00:00 -->
|
- [[#995](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/995)] Push container images to GitHub instead of Google Container Registry ([kunzese](https://github.com/kunzese)) <!-- 2022-11-21 14:53:52+00:00 -->
|
||||||
- [[#984](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/984)] **incompatible change:** Apigee module and blueprint ([apichick](https://github.com/apichick)) <!-- 2022-11-17 16:20:27+00:00 -->
|
- [[#984](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/984)] **incompatible change:** Apigee module and blueprint ([apichick](https://github.com/apichick)) <!-- 2022-11-17 16:20:27+00:00 -->
|
||||||
- [[#980](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/980)] Have Squid log to /dev/stdout to stream logs to Cloud Logging ([kunzese](https://github.com/kunzese)) <!-- 2022-11-16 13:41:26+00:00 -->
|
- [[#980](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/980)] Have Squid log to /dev/stdout to stream logs to Cloud Logging ([kunzese](https://github.com/kunzese)) <!-- 2022-11-16 13:41:26+00:00 -->
|
||||||
|
|
@ -59,6 +61,10 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
### DOCUMENTATION
|
### DOCUMENTATION
|
||||||
|
|
||||||
|
- [[#1009](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1009)] Fix encryption in Data Playground blueprint ([lcaggio](https://github.com/lcaggio)) <!-- 2022-11-25 15:19:02+00:00 -->
|
||||||
|
- [[#1006](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1006)] Add settings for autoscaling to Bigtable module. ([iht](https://github.com/iht)) <!-- 2022-11-24 15:59:32+00:00 -->
|
||||||
|
- [[#1007](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1007)] fast README, one line fix: 00-cicd stage got moved to extras/ ([skalolazka](https://github.com/skalolazka)) <!-- 2022-11-23 15:31:01+00:00 -->
|
||||||
|
- [[#1003](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1003)] Normalize prefix handling in blueprints ([kunzese](https://github.com/kunzese)) <!-- 2022-11-23 10:09:00+00:00 -->
|
||||||
- [[#987](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/987)] Add tests to factory examples ([juliocc](https://github.com/juliocc)) <!-- 2022-11-18 17:01:41+00:00 -->
|
- [[#987](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/987)] Add tests to factory examples ([juliocc](https://github.com/juliocc)) <!-- 2022-11-18 17:01:41+00:00 -->
|
||||||
- [[#972](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/972)] Add note about TF_PLUGIN_CACHE_DIR ([wiktorn](https://github.com/wiktorn)) <!-- 2022-11-14 10:21:37+00:00 -->
|
- [[#972](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/972)] Add note about TF_PLUGIN_CACHE_DIR ([wiktorn](https://github.com/wiktorn)) <!-- 2022-11-14 10:21:37+00:00 -->
|
||||||
- [[#961](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/961)] Remove extra file from root ([ludoo](https://github.com/ludoo)) <!-- 2022-11-09 07:53:11+00:00 -->
|
- [[#961](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/961)] Remove extra file from root ([ludoo](https://github.com/ludoo)) <!-- 2022-11-09 07:53:11+00:00 -->
|
||||||
|
|
@ -72,6 +78,7 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
### FAST
|
### FAST
|
||||||
|
|
||||||
|
- [[#1007](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1007)] fast README, one line fix: 00-cicd stage got moved to extras/ ([skalolazka](https://github.com/skalolazka)) <!-- 2022-11-23 15:31:01+00:00 -->
|
||||||
- [[#976](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/976)] FAST: fixes to GitHub workflow and 02/net outputs ([ludoo](https://github.com/ludoo)) <!-- 2022-11-15 07:48:32+00:00 -->
|
- [[#976](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/976)] FAST: fixes to GitHub workflow and 02/net outputs ([ludoo](https://github.com/ludoo)) <!-- 2022-11-15 07:48:32+00:00 -->
|
||||||
- [[#966](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/966)] FAST: improve GitHub workflow, stage 01 output fixes ([ludoo](https://github.com/ludoo)) <!-- 2022-11-11 07:55:58+00:00 -->
|
- [[#966](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/966)] FAST: improve GitHub workflow, stage 01 output fixes ([ludoo](https://github.com/ludoo)) <!-- 2022-11-11 07:55:58+00:00 -->
|
||||||
- [[#963](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/963)] **incompatible change:** Refactor vps-sc module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) <!-- 2022-11-10 18:34:45+00:00 -->
|
- [[#963](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/963)] **incompatible change:** Refactor vps-sc module for Terraform 1.3 ([ludoo](https://github.com/ludoo)) <!-- 2022-11-10 18:34:45+00:00 -->
|
||||||
|
|
@ -104,6 +111,11 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
### MODULES
|
### MODULES
|
||||||
|
|
||||||
|
- [[#1016](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1016)] Fix memory/cpu typo in gke cluster module ([joeheaton](https://github.com/joeheaton)) <!-- 2022-11-27 17:29:26+00:00 -->
|
||||||
|
- [[#1012](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1012)] Fix tag outputs in organization module ([ludoo](https://github.com/ludoo)) <!-- 2022-11-25 13:06:32+00:00 -->
|
||||||
|
- [[#1006](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1006)] Add settings for autoscaling to Bigtable module. ([iht](https://github.com/iht)) <!-- 2022-11-24 15:59:32+00:00 -->
|
||||||
|
- [[#999](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/999)] Default nodepool creation fix ([astianseb](https://github.com/astianseb)) <!-- 2022-11-22 18:17:58+00:00 -->
|
||||||
|
- [[#1005](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1005)] Only set partitioned table when sink type is bigquery ([juliocc](https://github.com/juliocc)) <!-- 2022-11-22 16:13:53+00:00 -->
|
||||||
- [[#997](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/997)] Add BigQuery subcriptions to Pubsub module. ([iht](https://github.com/iht)) <!-- 2022-11-21 17:26:52+00:00 -->
|
- [[#997](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/997)] Add BigQuery subcriptions to Pubsub module. ([iht](https://github.com/iht)) <!-- 2022-11-21 17:26:52+00:00 -->
|
||||||
- [[#995](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/995)] Push container images to GitHub instead of Google Container Registry ([kunzese](https://github.com/kunzese)) <!-- 2022-11-21 14:53:52+00:00 -->
|
- [[#995](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/995)] Push container images to GitHub instead of Google Container Registry ([kunzese](https://github.com/kunzese)) <!-- 2022-11-21 14:53:52+00:00 -->
|
||||||
- [[#994](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/994)] Add schemas to Pubsub topic module. ([iht](https://github.com/iht)) <!-- 2022-11-20 16:56:03+00:00 -->
|
- [[#994](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/994)] Add schemas to Pubsub topic module. ([iht](https://github.com/iht)) <!-- 2022-11-20 16:56:03+00:00 -->
|
||||||
|
|
@ -174,6 +186,10 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
### TOOLS
|
### TOOLS
|
||||||
|
|
||||||
|
- [[#1013](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1013)] Update labeler.yml ([ludoo](https://github.com/ludoo)) <!-- 2022-11-25 13:27:47+00:00 -->
|
||||||
|
- [[#1010](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1010)] Enforce nonempty descriptions ending in a dot ([juliocc](https://github.com/juliocc)) <!-- 2022-11-25 09:15:29+00:00 -->
|
||||||
|
- [[#1004](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1004)] Use `actions/labeler` to automatically label pull requests ([kunzese](https://github.com/kunzese)) <!-- 2022-11-22 14:42:47+00:00 -->
|
||||||
|
- [[#998](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/998)] Add missing `write_package` permission ([kunzese](https://github.com/kunzese)) <!-- 2022-11-22 08:32:42+00:00 -->
|
||||||
- [[#996](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/996)] Fix `repository name must be lowercase` on docker build ([kunzese](https://github.com/kunzese)) <!-- 2022-11-21 16:04:57+00:00 -->
|
- [[#996](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/996)] Fix `repository name must be lowercase` on docker build ([kunzese](https://github.com/kunzese)) <!-- 2022-11-21 16:04:57+00:00 -->
|
||||||
- [[#993](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/993)] Fix variable and output sort check ([juliocc](https://github.com/juliocc)) <!-- 2022-11-21 13:32:56+00:00 -->
|
- [[#993](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/993)] Fix variable and output sort check ([juliocc](https://github.com/juliocc)) <!-- 2022-11-21 13:32:56+00:00 -->
|
||||||
- [[#950](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/950)] Add a pytest fixture to convert tfvars to yaml ([ludoo](https://github.com/ludoo)) <!-- 2022-11-04 17:37:24+00:00 -->
|
- [[#950](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/950)] Add a pytest fixture to convert tfvars to yaml ([ludoo](https://github.com/ludoo)) <!-- 2022-11-04 17:37:24+00:00 -->
|
||||||
|
|
|
||||||
|
|
@ -209,7 +209,7 @@ module "project" {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
iam = {
|
iam = {
|
||||||
"roles/editor" = [
|
"roles/editor" = [
|
||||||
"serviceAccount:${module.project.service_accounts.cloud_services}"
|
"serviceAccount:${module.project.service_accounts.cloud_services}"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
@ -236,7 +236,7 @@ module "project" {
|
||||||
source = "./modules/project"
|
source = "./modules/project"
|
||||||
name = "project-example"
|
name = "project-example"
|
||||||
iam = {
|
iam = {
|
||||||
"roles/editor" = [
|
"roles/editor" = [
|
||||||
"serviceAccount:${module.project.service_accounts.cloud_services}"
|
"serviceAccount:${module.project.service_accounts.cloud_services}"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
@ -543,7 +543,7 @@ locals {
|
||||||
|
|
||||||
#### The `prefix` variable
|
#### The `prefix` variable
|
||||||
|
|
||||||
If you would like to use a "prefix" variable for resource names, please keep its definition consistent across all code:
|
If you would like to use a "prefix" variable for resource names, please keep its definition consistent across all modules:
|
||||||
```hcl
|
```hcl
|
||||||
# variables.tf
|
# variables.tf
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
|
|
@ -551,8 +551,8 @@ variable "prefix" {
|
||||||
type = string
|
type = string
|
||||||
default = null
|
default = null
|
||||||
validation {
|
validation {
|
||||||
condition = var.prefix != ""
|
condition = var.prefix != ""
|
||||||
error_message = "Prefix can not be empty, please use null instead."
|
error_message = "Prefix cannot be empty, please use null instead."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -562,6 +562,18 @@ locals {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
For blueprints the prefix is mandatory:
|
||||||
|
```hcl
|
||||||
|
variable "prefix" {
|
||||||
|
description = "Prefix used for resource names."
|
||||||
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
### Interacting with checks, tests and tools
|
### Interacting with checks, tests and tools
|
||||||
|
|
||||||
Our modules are designed for composition and live in a monorepo together with several end-to-end blueprints, so it was inevitable that over time we found ways of ensuring that a change does not break consumers.
|
Our modules are designed for composition and live in a monorepo together with several end-to-end blueprints, so it was inevitable that over time we found ways of ensuring that a change does not break consumers.
|
||||||
|
|
|
||||||
|
|
@ -54,18 +54,18 @@ Once done testing, you can clean up resources by running `terraform destroy`.
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [ad_dns_domain_name](variables.tf#L15) | AD DNS domain name. | <code>string</code> | ✓ | |
|
| [ad_dns_domain_name](variables.tf#L15) | AD DNS domain name. | <code>string</code> | ✓ | |
|
||||||
| [adfs_dns_domain_name](variables.tf#L26) | ADFS DNS domain name. | <code>string</code> | ✓ | |
|
| [adfs_dns_domain_name](variables.tf#L26) | ADFS DNS domain name. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L79) | Host project ID. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L64) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
|
| [project_id](variables.tf#L82) | Host project ID. | <code>string</code> | ✓ | |
|
||||||
| [ad_ip_cidr_block](variables.tf#L20) | Managed AD IP CIDR block. | <code>string</code> | | <code>"10.0.0.0/24"</code> |
|
| [ad_ip_cidr_block](variables.tf#L20) | Managed AD IP CIDR block. | <code>string</code> | | <code>"10.0.0.0/24"</code> |
|
||||||
| [disk_size](variables.tf#L31) | Disk size. | <code>number</code> | | <code>50</code> |
|
| [disk_size](variables.tf#L31) | Disk size. | <code>number</code> | | <code>50</code> |
|
||||||
| [disk_type](variables.tf#L37) | Disk type. | <code>string</code> | | <code>"pd-ssd"</code> |
|
| [disk_type](variables.tf#L37) | Disk type. | <code>string</code> | | <code>"pd-ssd"</code> |
|
||||||
| [image](variables.tf#L43) | Image. | <code>string</code> | | <code>"projects/windows-cloud/global/images/family/windows-2022"</code> |
|
| [image](variables.tf#L43) | Image. | <code>string</code> | | <code>"projects/windows-cloud/global/images/family/windows-2022"</code> |
|
||||||
| [instance_type](variables.tf#L49) | Instance type. | <code>string</code> | | <code>"n1-standard-2"</code> |
|
| [instance_type](variables.tf#L49) | Instance type. | <code>string</code> | | <code>"n1-standard-2"</code> |
|
||||||
| [network_config](variables.tf#L55) | Network configuration | <code title="object({ network = string subnet = string })">object({…})</code> | | <code>null</code> |
|
| [network_config](variables.tf#L55) | Network configuration. | <code title="object({ network = string subnet = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [prefix](variables.tf#L64) | Prefix for the resources created. | <code>string</code> | | <code>null</code> |
|
| [project_create](variables.tf#L73) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [project_create](variables.tf#L70) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [region](variables.tf#L87) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
| [region](variables.tf#L84) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [subnet_ip_cidr_block](variables.tf#L93) | Subnet IP CIDR block. | <code>string</code> | | <code>"10.0.1.0/28"</code> |
|
||||||
| [subnet_ip_cidr_block](variables.tf#L90) | Subnet IP CIDR block. | <code>string</code> | | <code>"10.0.1.0/28"</code> |
|
| [zone](variables.tf#L99) | Zone. | <code>string</code> | | <code>"europe-west1-c"</code> |
|
||||||
| [zone](variables.tf#L96) | Zone. | <code>string</code> | | <code>"europe-west1-c"</code> |
|
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,10 +12,6 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
locals {
|
|
||||||
prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-"
|
|
||||||
}
|
|
||||||
|
|
||||||
module "project" {
|
module "project" {
|
||||||
source = "../../../modules/project"
|
source = "../../../modules/project"
|
||||||
billing_account = (
|
billing_account = (
|
||||||
|
|
@ -41,7 +37,7 @@ module "vpc" {
|
||||||
count = var.network_config == null ? 1 : 0
|
count = var.network_config == null ? 1 : 0
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}vpc"
|
name = "${var.prefix}-vpc"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.subnet_ip_cidr_block
|
ip_cidr_range = var.subnet_ip_cidr_block
|
||||||
|
|
@ -98,7 +94,7 @@ module "server" {
|
||||||
|
|
||||||
module "glb" {
|
module "glb" {
|
||||||
source = "../../../modules/net-glb"
|
source = "../../../modules/net-glb"
|
||||||
name = "${local.prefix}glb"
|
name = "${var.prefix}-glb"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
|
|
||||||
https = true
|
https = true
|
||||||
|
|
|
||||||
|
|
@ -53,7 +53,7 @@ variable "instance_type" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "network_config" {
|
variable "network_config" {
|
||||||
description = "Network configuration"
|
description = "Network configuration."
|
||||||
type = object({
|
type = object({
|
||||||
network = string
|
network = string
|
||||||
subnet = string
|
subnet = string
|
||||||
|
|
@ -62,9 +62,12 @@ variable "network_config" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix for the resources created."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
default = null
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
|
|
|
||||||
|
|
@ -63,7 +63,7 @@ Do the following to verify that everything works as expected.
|
||||||
| [instances](variables.tf#L46) | Instance. | <code title="map(object({ display_name = optional(string) description = optional(string) region = string environments = list(string) psa_ip_cidr_range = string disk_encryption_key = optional(string) consumer_accept_list = optional(list(string)) }))">map(object({…}))</code> | ✓ | |
|
| [instances](variables.tf#L46) | Instance. | <code title="map(object({ display_name = optional(string) description = optional(string) region = string environments = list(string) psa_ip_cidr_range = string disk_encryption_key = optional(string) consumer_accept_list = optional(list(string)) }))">map(object({…}))</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L92) | Project ID. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L92) | Project ID. | <code>string</code> | ✓ | |
|
||||||
| [psc_config](variables.tf#L98) | PSC configuration. | <code>map(string)</code> | ✓ | |
|
| [psc_config](variables.tf#L98) | PSC configuration. | <code>map(string)</code> | ✓ | |
|
||||||
| [datastore_name](variables.tf#L17) | Datastore | <code>string</code> | | <code>"gcs"</code> |
|
| [datastore_name](variables.tf#L17) | Datastore. | <code>string</code> | | <code>"gcs"</code> |
|
||||||
| [organization](variables.tf#L60) | Apigee organization. | <code title="object({ display_name = optional(string, "Apigee organization created by tf module") description = optional(string, "Apigee organization created by tf module") authorized_network = optional(string, "vpc") runtime_type = optional(string, "CLOUD") billing_type = optional(string) database_encryption_key = optional(string) analytics_region = optional(string, "europe-west1") })">object({…})</code> | | <code title="{ }">{…}</code> |
|
| [organization](variables.tf#L60) | Apigee organization. | <code title="object({ display_name = optional(string, "Apigee organization created by tf module") description = optional(string, "Apigee organization created by tf module") authorized_network = optional(string, "vpc") runtime_type = optional(string, "CLOUD") billing_type = optional(string) database_encryption_key = optional(string) analytics_region = optional(string, "europe-west1") })">object({…})</code> | | <code title="{ }">{…}</code> |
|
||||||
| [path](variables.tf#L76) | Bucket path. | <code>string</code> | | <code>"/analytics"</code> |
|
| [path](variables.tf#L76) | Bucket path. | <code>string</code> | | <code>"/analytics"</code> |
|
||||||
| [project_create](variables.tf#L83) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [project_create](variables.tf#L83) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
variable "datastore_name" {
|
variable "datastore_name" {
|
||||||
description = "Datastore"
|
description = "Datastore."
|
||||||
type = string
|
type = string
|
||||||
nullable = false
|
nullable = false
|
||||||
default = "gcs"
|
default = "gcs"
|
||||||
|
|
|
||||||
|
|
@ -26,11 +26,11 @@ Note that Terraform 0.13 at least is required due to the use of `for_each` with
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [billing_account_id](variables.tf#L17) | Billing account associated with the GCP Projects that will be created for each team. | <code>string</code> | ✓ | |
|
| [billing_account_id](variables.tf#L17) | Billing account associated with the GCP Projects that will be created for each team. | <code>string</code> | ✓ | |
|
||||||
| [folder_id](variables.tf#L28) | Folder ID in which DNS projects will be created. | <code>string</code> | ✓ | |
|
| [folder_id](variables.tf#L28) | Folder ID in which DNS projects will be created. | <code>string</code> | ✓ | |
|
||||||
| [shared_vpc_link](variables.tf#L48) | Shared VPC self link, used for DNS peering. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L33) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
|
| [shared_vpc_link](variables.tf#L51) | Shared VPC self link, used for DNS peering. | <code>string</code> | ✓ | |
|
||||||
| [dns_domain](variables.tf#L22) | DNS domain under which each application team DNS domain will be created. | <code>string</code> | | <code>"example.org"</code> |
|
| [dns_domain](variables.tf#L22) | DNS domain under which each application team DNS domain will be created. | <code>string</code> | | <code>"example.org"</code> |
|
||||||
| [prefix](variables.tf#L33) | Customer name to use as prefix for resources' naming. | <code>string</code> | | <code>"test-dns"</code> |
|
| [project_services](variables.tf#L42) | Service APIs enabled by default. | <code>list(string)</code> | | <code title="[ "compute.googleapis.com", "dns.googleapis.com", ]">[…]</code> |
|
||||||
| [project_services](variables.tf#L39) | Service APIs enabled by default. | <code>list(string)</code> | | <code title="[ "compute.googleapis.com", "dns.googleapis.com", ]">[…]</code> |
|
| [teams](variables.tf#L56) | List of application teams requiring their own Cloud DNS instance. | <code>list(string)</code> | | <code title="[ "team1", "team2", ]">[…]</code> |
|
||||||
| [teams](variables.tf#L53) | List of application teams requiring their own Cloud DNS instance. | <code>list(string)</code> | | <code title="[ "team1", "team2", ]">[…]</code> |
|
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -50,8 +50,12 @@ variable "billing_account" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Customer name to use as prefix for resources' naming."
|
description = "Prefix used for resource names."
|
||||||
default = "test-dns"
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "dns_domain" {
|
variable "dns_domain" {
|
||||||
|
|
|
||||||
|
|
@ -31,9 +31,12 @@ variable "folder_id" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Customer name to use as prefix for resources' naming."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
default = "test-dns"
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_services" {
|
variable "project_services" {
|
||||||
|
|
|
||||||
|
|
@ -89,15 +89,15 @@ If you are interested in this and/or would like to contribute, please contact le
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [billing_account](variables.tf#L17) | The ID of the billing account to associate this project with | <code></code> | ✓ | |
|
| [billing_account](variables.tf#L17) | The ID of the billing account to associate this project with. | <code></code> | ✓ | |
|
||||||
| [monitored_projects_list](variables.tf#L36) | ID of the projects to be monitored (where limits and quotas data will be pulled) | <code>list(string)</code> | ✓ | |
|
| [monitored_projects_list](variables.tf#L36) | ID of the projects to be monitored (where limits and quotas data will be pulled). | <code>list(string)</code> | ✓ | |
|
||||||
| [organization_id](variables.tf#L46) | The organization id for the associated services | <code></code> | ✓ | |
|
| [organization_id](variables.tf#L46) | The organization id for the associated services. | <code></code> | ✓ | |
|
||||||
| [prefix](variables.tf#L50) | Customer name to use as prefix for monitoring project | <code></code> | ✓ | |
|
| [prefix](variables.tf#L50) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [cf_version](variables.tf#L21) | Cloud Function version 2nd Gen or 1st Gen. Possible options: 'V1' or 'V2'.Use CFv2 if your Cloud Function timeouts after 9 minutes. By default it is using CFv1. | <code></code> | | <code>V1</code> |
|
| [cf_version](variables.tf#L21) | Cloud Function version 2nd Gen or 1st Gen. Possible options: 'V1' or 'V2'.Use CFv2 if your Cloud Function timeouts after 9 minutes. By default it is using CFv1. | <code></code> | | <code>V1</code> |
|
||||||
| [monitored_folders_list](variables.tf#L30) | ID of the projects to be monitored (where limits and quotas data will be pulled) | <code>list(string)</code> | | <code>[]</code> |
|
| [monitored_folders_list](variables.tf#L30) | ID of the projects to be monitored (where limits and quotas data will be pulled). | <code>list(string)</code> | | <code>[]</code> |
|
||||||
| [monitoring_project_id](variables.tf#L41) | Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string | <code></code> | | |
|
| [monitoring_project_id](variables.tf#L41) | Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string. | <code></code> | | |
|
||||||
| [project_monitoring_services](variables.tf#L54) | Service APIs enabled in the monitoring project if it will be created. | <code></code> | | <code title="[ "artifactregistry.googleapis.com", "cloudasset.googleapis.com", "cloudbilling.googleapis.com", "cloudbuild.googleapis.com", "cloudfunctions.googleapis.com", "cloudresourcemanager.googleapis.com", "cloudscheduler.googleapis.com", "compute.googleapis.com", "iam.googleapis.com", "iamcredentials.googleapis.com", "logging.googleapis.com", "monitoring.googleapis.com", "pubsub.googleapis.com", "run.googleapis.com", "servicenetworking.googleapis.com", "serviceusage.googleapis.com", "storage-component.googleapis.com" ]">[…]</code> |
|
| [project_monitoring_services](variables.tf#L59) | Service APIs enabled in the monitoring project if it will be created. | <code></code> | | <code title="[ "artifactregistry.googleapis.com", "cloudasset.googleapis.com", "cloudbilling.googleapis.com", "cloudbuild.googleapis.com", "cloudfunctions.googleapis.com", "cloudresourcemanager.googleapis.com", "cloudscheduler.googleapis.com", "compute.googleapis.com", "iam.googleapis.com", "iamcredentials.googleapis.com", "logging.googleapis.com", "monitoring.googleapis.com", "pubsub.googleapis.com", "run.googleapis.com", "servicenetworking.googleapis.com", "serviceusage.googleapis.com", "storage-component.googleapis.com" ]">[…]</code> |
|
||||||
| [region](variables.tf#L76) | Region used to deploy the cloud functions and scheduler | <code></code> | | <code>europe-west1</code> |
|
| [region](variables.tf#L81) | Region used to deploy the cloud functions and scheduler. | <code></code> | | <code>europe-west1</code> |
|
||||||
| [schedule_cron](variables.tf#L81) | Cron format schedule to run the Cloud Function. Default is every 10 minutes. | <code></code> | | <code>*/10 * * * *</code> |
|
| [schedule_cron](variables.tf#L86) | Cron format schedule to run the Cloud Function. Default is every 10 minutes. | <code></code> | | <code>*/10 * * * *</code> |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
||||||
|
|
@ -187,7 +187,7 @@ def count_effective_limit(config, project_id, network_dict, usage_metric_name,
|
||||||
for peered_network in network_dict['peerings']:
|
for peered_network in network_dict['peerings']:
|
||||||
if 'usage' not in peered_network:
|
if 'usage' not in peered_network:
|
||||||
print(
|
print(
|
||||||
f"Can not add metrics for peered network in projects/{project_id} as no usage metrics exist due to missing permissions"
|
f"Cannot add metrics for peered network in projects/{project_id} as no usage metrics exist due to missing permissions"
|
||||||
)
|
)
|
||||||
continue
|
continue
|
||||||
peering_group_usage += peered_network['usage']
|
peering_group_usage += peered_network['usage']
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,12 @@ variable "billing_account" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Customer name to use as prefix for resources' naming"
|
description = "Prefix used for resource names."
|
||||||
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_vm_services" {
|
variable "project_vm_services" {
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
variable "billing_account" {
|
variable "billing_account" {
|
||||||
description = "The ID of the billing account to associate this project with"
|
description = "The ID of the billing account to associate this project with."
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "cf_version" {
|
variable "cf_version" {
|
||||||
|
|
@ -29,26 +29,31 @@ variable "cf_version" {
|
||||||
|
|
||||||
variable "monitored_folders_list" {
|
variable "monitored_folders_list" {
|
||||||
type = list(string)
|
type = list(string)
|
||||||
description = "ID of the projects to be monitored (where limits and quotas data will be pulled)"
|
description = "ID of the projects to be monitored (where limits and quotas data will be pulled)."
|
||||||
default = []
|
default = []
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "monitored_projects_list" {
|
variable "monitored_projects_list" {
|
||||||
type = list(string)
|
type = list(string)
|
||||||
description = "ID of the projects to be monitored (where limits and quotas data will be pulled)"
|
description = "ID of the projects to be monitored (where limits and quotas data will be pulled)."
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "monitoring_project_id" {
|
variable "monitoring_project_id" {
|
||||||
description = "Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string"
|
description = "Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string."
|
||||||
default = ""
|
default = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "organization_id" {
|
variable "organization_id" {
|
||||||
description = "The organization id for the associated services"
|
description = "The organization id for the associated services."
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Customer name to use as prefix for monitoring project"
|
description = "Prefix used for resource names."
|
||||||
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_monitoring_services" {
|
variable "project_monitoring_services" {
|
||||||
|
|
@ -74,7 +79,7 @@ variable "project_monitoring_services" {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
variable "region" {
|
variable "region" {
|
||||||
description = "Region used to deploy the cloud functions and scheduler"
|
description = "Region used to deploy the cloud functions and scheduler."
|
||||||
default = "europe-west1"
|
default = "europe-west1"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,6 @@ provider "google-beta" {
|
||||||
|
|
||||||
| name | description | sensitive |
|
| name | description | sensitive |
|
||||||
|---|---|:---:|
|
|---|---|:---:|
|
||||||
| [credentials](outputs.tf#L17) | | |
|
| [credentials](outputs.tf#L17) | Credentials in format to pass the to gcp provider. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
output "credentials" {
|
output "credentials" {
|
||||||
|
description = "Credentials in format to pass the to gcp provider."
|
||||||
value = jsonencode({
|
value = jsonencode({
|
||||||
"type" : "external_account",
|
"type" : "external_account",
|
||||||
"audience" : "${local.audience}",
|
"audience" : "${local.audience}",
|
||||||
|
|
|
||||||
|
|
@ -22,11 +22,11 @@ This sample creates several distinct groups of resources:
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [m4ce_ssh_public_key](variables.tf#L43) | Filesystem path to the public key for the SSH login | <code>string</code> | ✓ | |
|
| [m4ce_ssh_public_key](variables.tf#L43) | Filesystem path to the public key for the SSH login. | <code>string</code> | ✓ | |
|
||||||
| [vcenter_password](variables.tf#L48) | VCenter user password. | <code>string</code> | ✓ | |
|
| [vcenter_password](variables.tf#L48) | VCenter user password. | <code>string</code> | ✓ | |
|
||||||
| [vsphere_environment](variables.tf#L53) | VMVware VSphere connection parameters | <code title="object({ vcenter_ip = string vcenter_user = string data_center = string resource_pool = string host_ip = string datastore = string virtual_net = string })">object({…})</code> | ✓ | |
|
| [vsphere_environment](variables.tf#L53) | VMVware VSphere connection parameters. | <code title="object({ vcenter_ip = string vcenter_user = string data_center = string resource_pool = string host_ip = string datastore = string virtual_net = string })">object({…})</code> | ✓ | |
|
||||||
| [m4ce_appliance_properties](variables.tf#L15) | M4CE connector OVA image configuration parameters | <code title="object({ hostname = string ip0 = string netmask0 = string gateway = string DNS = string proxy = string route0 = string })">object({…})</code> | | <code title="{ "hostname" = "gcp-m4ce-connector" "ip0" = "0.0.0.0" "netmask0" = "0.0.0.0" "gateway" = "0.0.0.0" "DNS" = "" "proxy" = "" "route0" = "" }">{…}</code> |
|
| [m4ce_appliance_properties](variables.tf#L15) | M4CE connector OVA image configuration parameters. | <code title="object({ hostname = string ip0 = string netmask0 = string gateway = string DNS = string proxy = string route0 = string })">object({…})</code> | | <code title="{ "hostname" = "gcp-m4ce-connector" "ip0" = "0.0.0.0" "netmask0" = "0.0.0.0" "gateway" = "0.0.0.0" "DNS" = "" "proxy" = "" "route0" = "" }">{…}</code> |
|
||||||
| [m4ce_connector_ovf_url](variables.tf#L37) | http URL to the public M4CE connector OVA image | <code>string</code> | | <code>"https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova"</code> |
|
| [m4ce_connector_ovf_url](variables.tf#L37) | http URL to the public M4CE connector OVA image. | <code>string</code> | | <code>"https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova"</code> |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
## Manual Steps
|
## Manual Steps
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
variable "m4ce_appliance_properties" {
|
variable "m4ce_appliance_properties" {
|
||||||
description = "M4CE connector OVA image configuration parameters"
|
description = "M4CE connector OVA image configuration parameters."
|
||||||
type = object({
|
type = object({
|
||||||
hostname = string
|
hostname = string
|
||||||
ip0 = string
|
ip0 = string
|
||||||
|
|
@ -35,13 +35,13 @@ variable "m4ce_appliance_properties" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "m4ce_connector_ovf_url" {
|
variable "m4ce_connector_ovf_url" {
|
||||||
description = "http URL to the public M4CE connector OVA image"
|
description = "http URL to the public M4CE connector OVA image."
|
||||||
type = string
|
type = string
|
||||||
default = "https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova"
|
default = "https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "m4ce_ssh_public_key" {
|
variable "m4ce_ssh_public_key" {
|
||||||
description = "Filesystem path to the public key for the SSH login"
|
description = "Filesystem path to the public key for the SSH login."
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -51,7 +51,7 @@ variable "vcenter_password" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "vsphere_environment" {
|
variable "vsphere_environment" {
|
||||||
description = "VMVware VSphere connection parameters"
|
description = "VMVware VSphere connection parameters."
|
||||||
type = object({
|
type = object({
|
||||||
vcenter_ip = string
|
vcenter_ip = string
|
||||||
vcenter_user = string
|
vcenter_user = string
|
||||||
|
|
|
||||||
|
|
@ -25,16 +25,16 @@ This sample creates\updates several distinct groups of resources:
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | <code>list(string)</code> | ✓ | |
|
| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | <code>list(string)</code> | ✓ | |
|
||||||
| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations | <code>list(string)</code> | ✓ | |
|
| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations. | <code>list(string)</code> | ✓ | |
|
||||||
| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | <code>list(string)</code> | | <code>[]</code> |
|
| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
| [project_create](variables.tf#L31) | Parameters for the creation of the new project to host the M4CE backend | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [project_create](variables.tf#L31) | Parameters for the creation of the new project to host the M4CE backend. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [project_name](variables.tf#L40) | Name of an existing project or of the new project assigned as M4CE host project | <code>string</code> | | <code>"m4ce-host-project-000"</code> |
|
| [project_name](variables.tf#L40) | Name of an existing project or of the new project assigned as M4CE host project. | <code>string</code> | | <code>"m4ce-host-project-000"</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
| name | description | sensitive |
|
| name | description | sensitive |
|
||||||
|---|---|:---:|
|
|---|---|:---:|
|
||||||
| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects | |
|
| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,6 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
output "m4ce_gmanaged_service_account" {
|
output "m4ce_gmanaged_service_account" {
|
||||||
description = "Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects"
|
description = "Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects."
|
||||||
value = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
|
value = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,23 +13,23 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
variable "migration_admin_users" {
|
variable "migration_admin_users" {
|
||||||
description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format"
|
description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format."
|
||||||
type = list(string)
|
type = list(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "migration_target_projects" {
|
variable "migration_target_projects" {
|
||||||
description = "List of target projects for m4ce workload migrations"
|
description = "List of target projects for m4ce workload migrations."
|
||||||
type = list(string)
|
type = list(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "migration_viewer_users" {
|
variable "migration_viewer_users" {
|
||||||
description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format"
|
description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format."
|
||||||
type = list(string)
|
type = list(string)
|
||||||
default = []
|
default = []
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
description = "Parameters for the creation of the new project to host the M4CE backend"
|
description = "Parameters for the creation of the new project to host the M4CE backend."
|
||||||
type = object({
|
type = object({
|
||||||
billing_account_id = string
|
billing_account_id = string
|
||||||
parent = string
|
parent = string
|
||||||
|
|
@ -38,7 +38,7 @@ variable "project_create" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_name" {
|
variable "project_name" {
|
||||||
description = "Name of an existing project or of the new project assigned as M4CE host project"
|
description = "Name of an existing project or of the new project assigned as M4CE host project."
|
||||||
type = string
|
type = string
|
||||||
default = "m4ce-host-project-000"
|
default = "m4ce-host-project-000"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -26,18 +26,18 @@ This sample creates\update several distinct groups of resources:
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | <code>list(string)</code> | ✓ | |
|
| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | <code>list(string)</code> | ✓ | |
|
||||||
| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations | <code>list(string)</code> | ✓ | |
|
| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations. | <code>list(string)</code> | ✓ | |
|
||||||
| [sharedvpc_host_projects](variables.tf#L45) | List of host projects that share a VPC with the selected target projects | <code>list(string)</code> | ✓ | |
|
| [sharedvpc_host_projects](variables.tf#L45) | List of host projects that share a VPC with the selected target projects. | <code>list(string)</code> | ✓ | |
|
||||||
| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | <code>list(string)</code> | | <code>[]</code> |
|
| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
| [project_create](variables.tf#L30) | Parameters for the creation of the new project to host the M4CE backend | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [project_create](variables.tf#L30) | Parameters for the creation of the new project to host the M4CE backend. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [project_name](variables.tf#L39) | Name of an existing project or of the new project assigned as M4CE host project | <code>string</code> | | <code>"m4ce-host-project-000"</code> |
|
| [project_name](variables.tf#L39) | Name of an existing project or of the new project assigned as M4CE host project. | <code>string</code> | | <code>"m4ce-host-project-000"</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
| name | description | sensitive |
|
| name | description | sensitive |
|
||||||
|---|---|:---:|
|
|---|---|:---:|
|
||||||
| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects | |
|
| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
## Manual Steps
|
## Manual Steps
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,6 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
output "m4ce_gmanaged_service_account" {
|
output "m4ce_gmanaged_service_account" {
|
||||||
description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects"
|
description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects."
|
||||||
value = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
|
value = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,22 +13,22 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
variable "migration_admin_users" {
|
variable "migration_admin_users" {
|
||||||
description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format"
|
description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format."
|
||||||
type = list(string)
|
type = list(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "migration_target_projects" {
|
variable "migration_target_projects" {
|
||||||
description = "List of target projects for m4ce workload migrations"
|
description = "List of target projects for m4ce workload migrations."
|
||||||
type = list(string)
|
type = list(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "migration_viewer_users" {
|
variable "migration_viewer_users" {
|
||||||
description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format"
|
description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format."
|
||||||
type = list(string)
|
type = list(string)
|
||||||
default = []
|
default = []
|
||||||
}
|
}
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
description = "Parameters for the creation of the new project to host the M4CE backend"
|
description = "Parameters for the creation of the new project to host the M4CE backend."
|
||||||
type = object({
|
type = object({
|
||||||
billing_account_id = string
|
billing_account_id = string
|
||||||
parent = string
|
parent = string
|
||||||
|
|
@ -37,12 +37,12 @@ variable "project_create" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_name" {
|
variable "project_name" {
|
||||||
description = "Name of an existing project or of the new project assigned as M4CE host project"
|
description = "Name of an existing project or of the new project assigned as M4CE host project."
|
||||||
type = string
|
type = string
|
||||||
default = "m4ce-host-project-000"
|
default = "m4ce-host-project-000"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "sharedvpc_host_projects" {
|
variable "sharedvpc_host_projects" {
|
||||||
description = "List of host projects that share a VPC with the selected target projects"
|
description = "List of host projects that share a VPC with the selected target projects."
|
||||||
type = list(string)
|
type = list(string)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -26,16 +26,16 @@ This sample creates several distinct groups of resources:
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | <code>list(string)</code> | ✓ | |
|
| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | <code>list(string)</code> | ✓ | |
|
||||||
| [migration_viewer_users](variables.tf#L20) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | <code>list(string)</code> | | <code>[]</code> |
|
| [migration_viewer_users](variables.tf#L20) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
| [project_create](variables.tf#L26) | Parameters for the creation of the new project to host the M4CE backend | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [project_create](variables.tf#L26) | Parameters for the creation of the new project to host the M4CE backend. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [project_name](variables.tf#L35) | Name of an existing project or of the new project assigned as M4CE host an target project | <code>string</code> | | <code>"m4ce-host-project-000"</code> |
|
| [project_name](variables.tf#L35) | Name of an existing project or of the new project assigned as M4CE host an target project. | <code>string</code> | | <code>"m4ce-host-project-000"</code> |
|
||||||
| [vpc_config](variables.tf#L41) | Parameters to create a simple VPC on the M4CE project | <code title="object({ ip_cidr_range = string, region = string })">object({…})</code> | | <code title="{ ip_cidr_range = "10.200.0.0/20", region = "us-west2" }">{…}</code> |
|
| [vpc_config](variables.tf#L41) | Parameters to create a simple VPC on the M4CE project. | <code title="object({ ip_cidr_range = string, region = string })">object({…})</code> | | <code title="{ ip_cidr_range = "10.200.0.0/20", region = "us-west2" }">{…}</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
| name | description | sensitive |
|
| name | description | sensitive |
|
||||||
|---|---|:---:|
|
|---|---|:---:|
|
||||||
| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects | |
|
| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,6 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
output "m4ce_gmanaged_service_account" {
|
output "m4ce_gmanaged_service_account" {
|
||||||
description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects"
|
description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects."
|
||||||
value = "serviceAccount:service-${module.landing-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
|
value = "serviceAccount:service-${module.landing-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,18 +13,18 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
variable "migration_admin_users" {
|
variable "migration_admin_users" {
|
||||||
description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format"
|
description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format."
|
||||||
type = list(string)
|
type = list(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "migration_viewer_users" {
|
variable "migration_viewer_users" {
|
||||||
description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format"
|
description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format."
|
||||||
type = list(string)
|
type = list(string)
|
||||||
default = []
|
default = []
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
description = "Parameters for the creation of the new project to host the M4CE backend"
|
description = "Parameters for the creation of the new project to host the M4CE backend."
|
||||||
type = object({
|
type = object({
|
||||||
billing_account_id = string
|
billing_account_id = string
|
||||||
parent = string
|
parent = string
|
||||||
|
|
@ -33,13 +33,13 @@ variable "project_create" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_name" {
|
variable "project_name" {
|
||||||
description = "Name of an existing project or of the new project assigned as M4CE host an target project"
|
description = "Name of an existing project or of the new project assigned as M4CE host an target project."
|
||||||
type = string
|
type = string
|
||||||
default = "m4ce-host-project-000"
|
default = "m4ce-host-project-000"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "vpc_config" {
|
variable "vpc_config" {
|
||||||
description = "Parameters to create a simple VPC on the M4CE project"
|
description = "Parameters to create a simple VPC on the M4CE project."
|
||||||
type = object({
|
type = object({
|
||||||
ip_cidr_range = string,
|
ip_cidr_range = string,
|
||||||
region = string
|
region = string
|
||||||
|
|
|
||||||
|
|
@ -143,15 +143,15 @@ The above command will delete the associated resources so there will be no billa
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [postgres_user_password](variables.tf#L40) | `postgres` user password. | <code>string</code> | ✓ | |
|
| [postgres_user_password](variables.tf#L40) | `postgres` user password. | <code>string</code> | ✓ | |
|
||||||
| [prefix](variables.tf#L45) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L45) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L59) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L63) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
|
||||||
| [data_eng_principals](variables.tf#L17) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | <code>list(string)</code> | | <code>[]</code> |
|
| [data_eng_principals](variables.tf#L17) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
| [network_config](variables.tf#L23) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object({ host_project = string network_self_link = string subnet_self_link = string cloudsql_psa_range = string })">object({…})</code> | | <code>null</code> |
|
| [network_config](variables.tf#L23) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object({ host_project = string network_self_link = string subnet_self_link = string cloudsql_psa_range = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [postgres_database](variables.tf#L34) | `postgres` database. | <code>string</code> | | <code>"guestbook"</code> |
|
| [postgres_database](variables.tf#L34) | `postgres` database. | <code>string</code> | | <code>"guestbook"</code> |
|
||||||
| [project_create](variables.tf#L50) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [project_create](variables.tf#L54) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [regions](variables.tf#L64) | Map of instance_name => location where instances will be deployed. | <code>map(string)</code> | | <code title="{ primary = "europe-west1" replica = "europe-west3" }">{…}</code> |
|
| [regions](variables.tf#L68) | Map of instance_name => location where instances will be deployed. | <code>map(string)</code> | | <code title="{ primary = "europe-west1" replica = "europe-west3" }">{…}</code> |
|
||||||
| [service_encryption_keys](variables.tf#L77) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | <code>map(string)</code> | | <code>null</code> |
|
| [service_encryption_keys](variables.tf#L81) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | <code>map(string)</code> | | <code>null</code> |
|
||||||
| [sql_configuration](variables.tf#L83) | Cloud SQL configuration | <code title="object({ availability_type = string database_version = string psa_range = string tier = string })">object({…})</code> | | <code title="{ availability_type = "REGIONAL" database_version = "POSTGRES_13" psa_range = "10.60.0.0/16" tier = "db-g1-small" }">{…}</code> |
|
| [sql_configuration](variables.tf#L87) | Cloud SQL configuration. | <code title="object({ availability_type = string database_version = string psa_range = string tier = string })">object({…})</code> | | <code title="{ availability_type = "REGIONAL" database_version = "POSTGRES_13" psa_range = "10.60.0.0/16" tier = "db-g1-small" }">{…}</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -43,8 +43,12 @@ variable "postgres_user_password" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
|
|
@ -81,7 +85,7 @@ variable "service_encryption_keys" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "sql_configuration" {
|
variable "sql_configuration" {
|
||||||
description = "Cloud SQL configuration"
|
description = "Cloud SQL configuration."
|
||||||
type = object({
|
type = object({
|
||||||
availability_type = string
|
availability_type = string
|
||||||
database_version = string
|
database_version = string
|
||||||
|
|
|
||||||
|
|
@ -96,14 +96,14 @@ service_encryption_keys = {
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [prefix](variables.tf#L78) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L78) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L92) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L96) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
|
||||||
| [composer_config](variables.tf#L17) | Composer environment configuration. It accepts only following attributes: `environment_size`, `software_config` and `workloads_config`. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables. | <code title="object({ environment_size = string software_config = any workloads_config = object({ scheduler = object( { cpu = number memory_gb = number storage_gb = number count = number } ) web_server = object( { cpu = number memory_gb = number storage_gb = number } ) worker = object( { cpu = number memory_gb = number storage_gb = number min_count = number max_count = number } ) }) })">object({…})</code> | | <code title="{ environment_size = "ENVIRONMENT_SIZE_SMALL" software_config = { image_version = "composer-2-airflow-2" } workloads_config = null }">{…}</code> |
|
| [composer_config](variables.tf#L17) | Composer environment configuration. It accepts only following attributes: `environment_size`, `software_config` and `workloads_config`. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables. | <code title="object({ environment_size = string software_config = any workloads_config = object({ scheduler = object( { cpu = number memory_gb = number storage_gb = number count = number } ) web_server = object( { cpu = number memory_gb = number storage_gb = number } ) worker = object( { cpu = number memory_gb = number storage_gb = number min_count = number max_count = number } ) }) })">object({…})</code> | | <code title="{ environment_size = "ENVIRONMENT_SIZE_SMALL" software_config = { image_version = "composer-2-airflow-2" } workloads_config = null }">{…}</code> |
|
||||||
| [iam_groups_map](variables.tf#L58) | Map of Role => groups to be added on the project. Example: { \"roles/composer.admin\" = [\"group:gcp-data-engineers@example.com\"]}. | <code>map(list(string))</code> | | <code>null</code> |
|
| [iam_groups_map](variables.tf#L58) | Map of Role => groups to be added on the project. Example: { \"roles/composer.admin\" = [\"group:gcp-data-engineers@example.com\"]}. | <code>map(list(string))</code> | | <code>null</code> |
|
||||||
| [network_config](variables.tf#L64) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object({ host_project = string network_self_link = string subnet_self_link = string composer_secondary_ranges = object({ pods = string services = string }) })">object({…})</code> | | <code>null</code> |
|
| [network_config](variables.tf#L64) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object({ host_project = string network_self_link = string subnet_self_link = string composer_secondary_ranges = object({ pods = string services = string }) })">object({…})</code> | | <code>null</code> |
|
||||||
| [project_create](variables.tf#L83) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [project_create](variables.tf#L87) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [region](variables.tf#L97) | Reagion where instances will be deployed. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [region](variables.tf#L101) | Reagion where instances will be deployed. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
| [service_encryption_keys](variables.tf#L103) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion in use. | <code>map(string)</code> | | <code>null</code> |
|
| [service_encryption_keys](variables.tf#L107) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion in use. | <code>map(string)</code> | | <code>null</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,6 @@ locals {
|
||||||
},
|
},
|
||||||
var.iam_groups_map
|
var.iam_groups_map
|
||||||
)
|
)
|
||||||
|
|
||||||
# Adding Roles on Service Identities Service account as per documentation: https://cloud.google.com/composer/docs/composer-2/configure-shared-vpc#edit_permissions_for_the_google_apis_service_account
|
# Adding Roles on Service Identities Service account as per documentation: https://cloud.google.com/composer/docs/composer-2/configure-shared-vpc#edit_permissions_for_the_google_apis_service_account
|
||||||
_shared_vpc_bindings = {
|
_shared_vpc_bindings = {
|
||||||
"roles/compute.networkUser" = [
|
"roles/compute.networkUser" = [
|
||||||
|
|
|
||||||
|
|
@ -76,8 +76,12 @@ variable "network_config" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
|
|
|
||||||
|
|
@ -249,17 +249,17 @@ You can find examples in the `[demo](./demo)` folder.
|
||||||
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | |
|
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | |
|
||||||
| [folder_id](variables.tf#L53) | Folder to be used for the networking resources in folders/nnnn format. | <code>string</code> | ✓ | |
|
| [folder_id](variables.tf#L53) | Folder to be used for the networking resources in folders/nnnn format. | <code>string</code> | ✓ | |
|
||||||
| [organization_domain](variables.tf#L98) | Organization domain. | <code>string</code> | ✓ | |
|
| [organization_domain](variables.tf#L98) | Organization domain. | <code>string</code> | ✓ | |
|
||||||
| [prefix](variables.tf#L103) | Unique prefix used for resource names. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L103) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [composer_config](variables.tf#L22) | Cloud Composer config. | <code title="object({ node_count = number airflow_version = string env_variables = map(string) })">object({…})</code> | | <code title="{ node_count = 3 airflow_version = "composer-1-airflow-2" env_variables = {} }">{…}</code> |
|
| [composer_config](variables.tf#L22) | Cloud Composer config. | <code title="object({ node_count = number airflow_version = string env_variables = map(string) })">object({…})</code> | | <code title="{ node_count = 3 airflow_version = "composer-1-airflow-2" env_variables = {} }">{…}</code> |
|
||||||
| [data_catalog_tags](variables.tf#L36) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code title="{ "3_Confidential" = null "2_Private" = null "1_Sensitive" = null }">{…}</code> |
|
| [data_catalog_tags](variables.tf#L36) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code title="{ "3_Confidential" = null "2_Private" = null "1_Sensitive" = null }">{…}</code> |
|
||||||
| [data_force_destroy](variables.tf#L47) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | <code>bool</code> | | <code>false</code> |
|
| [data_force_destroy](variables.tf#L47) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | <code>bool</code> | | <code>false</code> |
|
||||||
| [groups](variables.tf#L58) | User groups. | <code>map(string)</code> | | <code title="{ data-analysts = "gcp-data-analysts" data-engineers = "gcp-data-engineers" data-security = "gcp-data-security" }">{…}</code> |
|
| [groups](variables.tf#L58) | User groups. | <code>map(string)</code> | | <code title="{ data-analysts = "gcp-data-analysts" data-engineers = "gcp-data-engineers" data-security = "gcp-data-security" }">{…}</code> |
|
||||||
| [location](variables.tf#L68) | Location used for multi-regional resources. | <code>string</code> | | <code>"eu"</code> |
|
| [location](variables.tf#L68) | Location used for multi-regional resources. | <code>string</code> | | <code>"eu"</code> |
|
||||||
| [network_config](variables.tf#L74) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object({ host_project = string network_self_link = string subnet_self_links = object({ load = string transformation = string orchestration = string }) composer_ip_ranges = object({ cloudsql = string gke_master = string web_server = string }) composer_secondary_ranges = object({ pods = string services = string }) })">object({…})</code> | | <code>null</code> |
|
| [network_config](variables.tf#L74) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object({ host_project = string network_self_link = string subnet_self_links = object({ load = string transformation = string orchestration = string }) composer_ip_ranges = object({ cloudsql = string gke_master = string web_server = string }) composer_secondary_ranges = object({ pods = string services = string }) })">object({…})</code> | | <code>null</code> |
|
||||||
| [project_services](variables.tf#L108) | List of core services enabled on all projects. | <code>list(string)</code> | | <code title="[ "cloudresourcemanager.googleapis.com", "iam.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com" ]">[…]</code> |
|
| [project_services](variables.tf#L112) | List of core services enabled on all projects. | <code>list(string)</code> | | <code title="[ "cloudresourcemanager.googleapis.com", "iam.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com" ]">[…]</code> |
|
||||||
| [project_suffix](variables.tf#L119) | Suffix used only for project ids. | <code>string</code> | | <code>null</code> |
|
| [project_suffix](variables.tf#L123) | Suffix used only for project ids. | <code>string</code> | | <code>null</code> |
|
||||||
| [region](variables.tf#L125) | Region used for regional resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [region](variables.tf#L129) | Region used for regional resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
| [service_encryption_keys](variables.tf#L131) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object({ bq = string composer = string dataflow = string storage = string pubsub = string })">object({…})</code> | | <code>null</code> |
|
| [service_encryption_keys](variables.tf#L135) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object({ bq = string composer = string dataflow = string storage = string pubsub = string })">object({…})</code> | | <code>null</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -101,8 +101,12 @@ variable "organization_domain" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Unique prefix used for resource names."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_services" {
|
variable "project_services" {
|
||||||
|
|
|
||||||
|
|
@ -47,12 +47,12 @@ You can now connect to the Vertex AI notbook to perform your data analysy.
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [prefix](variables.tf#L22) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L22) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L36) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L40) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
|
||||||
| [location](variables.tf#L16) | The location where resources will be deployed. | <code>string</code> | | <code>"EU"</code> |
|
| [location](variables.tf#L16) | The location where resources will be deployed. | <code>string</code> | | <code>"EU"</code> |
|
||||||
| [project_create](variables.tf#L27) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [project_create](variables.tf#L31) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [region](variables.tf#L41) | The region where resources will be deployed. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [region](variables.tf#L45) | The region where resources will be deployed. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
| [vpc_config](variables.tf#L57) | Parameters to create a VPC. | <code title="object({ ip_cidr_range = string })">object({…})</code> | | <code title="{ ip_cidr_range = "10.0.0.0/20" }">{…}</code> |
|
| [vpc_config](variables.tf#L61) | Parameters to create a VPC. | <code title="object({ ip_cidr_range = string })">object({…})</code> | | <code title="{ ip_cidr_range = "10.0.0.0/20" }">{…}</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
@ -61,7 +61,7 @@ You can now connect to the Vertex AI notbook to perform your data analysy.
|
||||||
| [bucket](outputs.tf#L15) | GCS Bucket URL. | |
|
| [bucket](outputs.tf#L15) | GCS Bucket URL. | |
|
||||||
| [dataset](outputs.tf#L20) | GCS Bucket URL. | |
|
| [dataset](outputs.tf#L20) | GCS Bucket URL. | |
|
||||||
| [notebook](outputs.tf#L25) | Vertex AI notebook details. | |
|
| [notebook](outputs.tf#L25) | Vertex AI notebook details. | |
|
||||||
| [project](outputs.tf#L33) | Project id | |
|
| [project](outputs.tf#L33) | Project id. | |
|
||||||
| [vpc](outputs.tf#L38) | VPC Network | |
|
| [vpc](outputs.tf#L38) | VPC Network. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@ module "project" {
|
||||||
"bigqueryreservation.googleapis.com",
|
"bigqueryreservation.googleapis.com",
|
||||||
"composer.googleapis.com",
|
"composer.googleapis.com",
|
||||||
"compute.googleapis.com",
|
"compute.googleapis.com",
|
||||||
|
"dialogflow.googleapis.com",
|
||||||
"dataflow.googleapis.com",
|
"dataflow.googleapis.com",
|
||||||
"ml.googleapis.com",
|
"ml.googleapis.com",
|
||||||
"notebooks.googleapis.com",
|
"notebooks.googleapis.com",
|
||||||
|
|
@ -113,7 +114,7 @@ module "bucket" {
|
||||||
module "dataset" {
|
module "dataset" {
|
||||||
source = "../../../modules/bigquery-dataset"
|
source = "../../../modules/bigquery-dataset"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
id = "${var.prefix}_data"
|
id = "${replace(var.prefix, "-", "_")}_data"
|
||||||
encryption_key = try(local.service_encryption_keys.bq, null) # Example assignment of an encryption key
|
encryption_key = try(local.service_encryption_keys.bq, null) # Example assignment of an encryption key
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -133,6 +134,7 @@ module "service-account-notebook" {
|
||||||
"roles/bigquery.jobUser",
|
"roles/bigquery.jobUser",
|
||||||
"roles/bigquery.dataEditor",
|
"roles/bigquery.dataEditor",
|
||||||
"roles/bigquery.user",
|
"roles/bigquery.user",
|
||||||
|
"roles/dialogflow.client",
|
||||||
"roles/storage.admin",
|
"roles/storage.admin",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
@ -152,7 +154,7 @@ resource "google_notebooks_instance" "playground" {
|
||||||
install_gpu_driver = true
|
install_gpu_driver = true
|
||||||
boot_disk_type = "PD_SSD"
|
boot_disk_type = "PD_SSD"
|
||||||
boot_disk_size_gb = 110
|
boot_disk_size_gb = 110
|
||||||
disk_encryption = try(local.service_encryption_keys.compute != null, false) ? "CMEK" : "GMEK"
|
disk_encryption = try(local.service_encryption_keys.compute != null, false) ? "CMEK" : null
|
||||||
kms_key = try(local.service_encryption_keys.compute, null)
|
kms_key = try(local.service_encryption_keys.compute, null)
|
||||||
|
|
||||||
no_public_ip = true
|
no_public_ip = true
|
||||||
|
|
|
||||||
|
|
@ -31,11 +31,11 @@ output "notebook" {
|
||||||
}
|
}
|
||||||
|
|
||||||
output "project" {
|
output "project" {
|
||||||
description = "Project id"
|
description = "Project id."
|
||||||
value = module.project.project_id
|
value = module.project.project_id
|
||||||
}
|
}
|
||||||
|
|
||||||
output "vpc" {
|
output "vpc" {
|
||||||
description = "VPC Network"
|
description = "VPC Network."
|
||||||
value = module.vpc.name
|
value = module.vpc.name
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -20,12 +20,16 @@ variable "location" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
description = "Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id"
|
description = "Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id."
|
||||||
type = object({
|
type = object({
|
||||||
billing_account_id = string
|
billing_account_id = string
|
||||||
parent = string
|
parent = string
|
||||||
|
|
|
||||||
|
|
@ -193,14 +193,14 @@ The above command will delete the associated resources so there will be no billa
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [prefix](variables.tf#L36) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L36) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L50) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L54) | Project id, references existing project if `project_create` is null. | <code>string</code> | ✓ | |
|
||||||
| [cmek_encryption](variables.tf#L15) | Flag to enable CMEK on GCP resources created. | <code>bool</code> | | <code>false</code> |
|
| [cmek_encryption](variables.tf#L15) | Flag to enable CMEK on GCP resources created. | <code>bool</code> | | <code>false</code> |
|
||||||
| [data_eng_principals](variables.tf#L21) | Groups with Service Account Token creator role on service accounts in IAM format, eg 'group:group@domain.com'. | <code>list(string)</code> | | <code>[]</code> |
|
| [data_eng_principals](variables.tf#L21) | Groups with Service Account Token creator role on service accounts in IAM format, eg 'group:group@domain.com'. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
| [network_config](variables.tf#L27) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object({ host_project = string subnet_self_link = string })">object({…})</code> | | <code>null</code> |
|
| [network_config](variables.tf#L27) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | <code title="object({ host_project = string subnet_self_link = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [project_create](variables.tf#L41) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [project_create](variables.tf#L45) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [region](variables.tf#L55) | The region where resources will be deployed. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [region](variables.tf#L59) | The region where resources will be deployed. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
| [vpc_subnet_range](variables.tf#L61) | Ip range used for the VPC subnet created for the example. | <code>string</code> | | <code>"10.0.0.0/20"</code> |
|
| [vpc_subnet_range](variables.tf#L65) | Ip range used for the VPC subnet created for the example. | <code>string</code> | | <code>"10.0.0.0/20"</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -34,8 +34,12 @@ variable "network_config" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Unique prefix used for resource names. Not used for project if 'project_create' is null."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
|
|
|
||||||
|
|
@ -35,37 +35,37 @@ and to `C:\GcpSetupLog.txt` file.
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN) | <code>string</code> | ✓ | |
|
| [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN). | <code>string</code> | ✓ | |
|
||||||
| [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS) | <code>string</code> | ✓ | |
|
| [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS). | <code>string</code> | ✓ | |
|
||||||
| [network](variables.tf#L90) | Network to use in the project | <code>string</code> | ✓ | |
|
| [network](variables.tf#L90) | Network to use in the project. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L128) | Google Cloud project ID | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L113) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [sql_admin_password](variables.tf#L145) | Password for the SQL admin user to be created | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L131) | Google Cloud project ID. | <code>string</code> | ✓ | |
|
||||||
| [subnetwork](variables.tf#L160) | Subnetwork to use in the project | <code>string</code> | ✓ | |
|
| [sql_admin_password](variables.tf#L148) | Password for the SQL admin user to be created. | <code>string</code> | ✓ | |
|
||||||
| [always_on_groups](variables.tf#L33) | List of Always On Groups | <code>list(string)</code> | | <code>["bookshelf"]</code> |
|
| [subnetwork](variables.tf#L163) | Subnetwork to use in the project. | <code>string</code> | ✓ | |
|
||||||
| [boot_disk_size](variables.tf#L39) | Boot disk size in GB | <code>number</code> | | <code>50</code> |
|
| [always_on_groups](variables.tf#L33) | List of Always On Groups. | <code>list(string)</code> | | <code>["bookshelf"]</code> |
|
||||||
| [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix) | <code>string</code> | | <code>"cluster"</code> |
|
| [boot_disk_size](variables.tf#L39) | Boot disk size in GB. | <code>number</code> | | <code>50</code> |
|
||||||
| [data_disk_size](variables.tf#L51) | Database disk size in GB | <code>number</code> | | <code>200</code> |
|
| [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix). | <code>string</code> | | <code>"cluster"</code> |
|
||||||
| [health_check_config](variables.tf#L57) | Health check configuration | <code title="object({ check_interval_sec = number, healthy_threshold = number, unhealthy_threshold = number, timeout_sec = number, })">…</code> | | <code title="{ check_interval_sec = 2 healthy_threshold = 1 unhealthy_threshold = 2 timeout_sec = 1 }">{…}</code> |
|
| [data_disk_size](variables.tf#L51) | Database disk size in GB. | <code>number</code> | | <code>200</code> |
|
||||||
| [health_check_port](variables.tf#L72) | Health check port | <code>number</code> | | <code>59997</code> |
|
| [health_check_config](variables.tf#L57) | Health check configuration. | <code title="object({ check_interval_sec = number, healthy_threshold = number, unhealthy_threshold = number, timeout_sec = number, })">…</code> | | <code title="{ check_interval_sec = 2 healthy_threshold = 1 unhealthy_threshold = 2 timeout_sec = 1 }">{…}</code> |
|
||||||
| [health_check_ranges](variables.tf#L78) | Health check ranges | <code>list(string)</code> | | <code>["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]</code> |
|
| [health_check_port](variables.tf#L72) | Health check port. | <code>number</code> | | <code>59997</code> |
|
||||||
| [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com) | <code>string</code> | | <code>""</code> |
|
| [health_check_ranges](variables.tf#L78) | Health check ranges. | <code>list(string)</code> | | <code>["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]</code> |
|
||||||
| [node_image](variables.tf#L95) | SQL Server node machine image | <code>string</code> | | <code>"projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"</code> |
|
| [managed_ad_dn](variables.tf#L84) | Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com). | <code>string</code> | | <code>""</code> |
|
||||||
| [node_instance_type](variables.tf#L101) | SQL Server database node instance type | <code>string</code> | | <code>"n2-standard-8"</code> |
|
| [node_image](variables.tf#L95) | SQL Server node machine image. | <code>string</code> | | <code>"projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"</code> |
|
||||||
| [node_name](variables.tf#L107) | Node base name | <code>string</code> | | <code>"node"</code> |
|
| [node_instance_type](variables.tf#L101) | SQL Server database node instance type. | <code>string</code> | | <code>"n2-standard-8"</code> |
|
||||||
| [prefix](variables.tf#L113) | Prefix used for resources (for multiple clusters in a project) | <code>string</code> | | <code>"aog"</code> |
|
| [node_name](variables.tf#L107) | Node base name. | <code>string</code> | | <code>"node"</code> |
|
||||||
| [project_create](variables.tf#L119) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [project_create](variables.tf#L122) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [region](variables.tf#L133) | Region for resources | <code>string</code> | | <code>"europe-west4"</code> |
|
| [region](variables.tf#L136) | Region for resources. | <code>string</code> | | <code>"europe-west4"</code> |
|
||||||
| [shared_vpc_project_id](variables.tf#L139) | Shared VPC project ID for firewall rules | <code>string</code> | | <code>null</code> |
|
| [shared_vpc_project_id](variables.tf#L142) | Shared VPC project ID for firewall rules. | <code>string</code> | | <code>null</code> |
|
||||||
| [sql_client_cidrs](variables.tf#L154) | CIDR ranges that are allowed to connect to SQL Server | <code>list(string)</code> | | <code>["0.0.0.0/0"]</code> |
|
| [sql_client_cidrs](variables.tf#L157) | CIDR ranges that are allowed to connect to SQL Server. | <code>list(string)</code> | | <code>["0.0.0.0/0"]</code> |
|
||||||
| [vpc_ip_cidr_range](variables.tf#L165) | Ip range used in the subnet deployef in the Service Project. | <code>string</code> | | <code>"10.0.0.0/20"</code> |
|
| [vpc_ip_cidr_range](variables.tf#L168) | Ip range used in the subnet deployef in the Service Project. | <code>string</code> | | <code>"10.0.0.0/20"</code> |
|
||||||
| [witness_image](variables.tf#L171) | SQL Server witness machine image | <code>string</code> | | <code>"projects/windows-cloud/global/images/family/windows-2019"</code> |
|
| [witness_image](variables.tf#L174) | SQL Server witness machine image. | <code>string</code> | | <code>"projects/windows-cloud/global/images/family/windows-2019"</code> |
|
||||||
| [witness_instance_type](variables.tf#L177) | SQL Server witness node instance type | <code>string</code> | | <code>"n2-standard-2"</code> |
|
| [witness_instance_type](variables.tf#L180) | SQL Server witness node instance type. | <code>string</code> | | <code>"n2-standard-2"</code> |
|
||||||
| [witness_name](variables.tf#L183) | Witness base name | <code>string</code> | | <code>"witness"</code> |
|
| [witness_name](variables.tf#L186) | Witness base name. | <code>string</code> | | <code>"witness"</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
| name | description | sensitive |
|
| name | description | sensitive |
|
||||||
|---|---|:---:|
|
|---|---|:---:|
|
||||||
| [instructions](outputs.tf#L19) | | |
|
| [instructions](outputs.tf#L19) | List of steps to follow after applying. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
||||||
|
|
@ -30,8 +30,8 @@ locals {
|
||||||
managed_ad_dn_path = var.managed_ad_dn != "" ? "-Path \"${var.managed_ad_dn}\"" : ""
|
managed_ad_dn_path = var.managed_ad_dn != "" ? "-Path \"${var.managed_ad_dn}\"" : ""
|
||||||
health_check_port = var.health_check_port
|
health_check_port = var.health_check_port
|
||||||
sql_admin_password_secret = local._secret_parts[length(local._secret_parts) - 1]
|
sql_admin_password_secret = local._secret_parts[length(local._secret_parts) - 1]
|
||||||
cluster_ip = module.ip-addresses.internal_addresses["${local.prefix}cluster"].address
|
cluster_ip = module.ip-addresses.internal_addresses["${var.prefix}-cluster"].address
|
||||||
loadbalancer_ips = jsonencode({ for aog in var.always_on_groups : aog => module.ip-addresses.internal_addresses["${local.prefix}lb-${aog}"].address })
|
loadbalancer_ips = jsonencode({ for aog in var.always_on_groups : aog => module.ip-addresses.internal_addresses["${var.prefix}-lb-${aog}"].address })
|
||||||
sql_cluster_name = local.cluster_netbios_name
|
sql_cluster_name = local.cluster_netbios_name
|
||||||
sql_cluster_full = local.cluster_full_name
|
sql_cluster_full = local.cluster_full_name
|
||||||
node_netbios_1 = local.node_netbios_names[0]
|
node_netbios_1 = local.node_netbios_names[0]
|
||||||
|
|
@ -43,7 +43,7 @@ locals {
|
||||||
_template_vars = merge(local._template_vars0, {
|
_template_vars = merge(local._template_vars0, {
|
||||||
functions = local._functions
|
functions = local._functions
|
||||||
})
|
})
|
||||||
_user_name = "${local.prefix}sqlserver"
|
_user_name = "${var.prefix}-sqlserver"
|
||||||
scripts = {
|
scripts = {
|
||||||
for script in local._scripts :
|
for script in local._scripts :
|
||||||
script => templatefile("${path.module}/scripts/${script}.ps1", local._template_vars)
|
script => templatefile("${path.module}/scripts/${script}.ps1", local._template_vars)
|
||||||
|
|
|
||||||
|
|
@ -14,14 +14,14 @@
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
ad_user_password_secret = "${local.cluster_full_name}-password"
|
ad_user_password_secret = "${local.cluster_full_name}-password"
|
||||||
cluster_full_name = "${local.prefix}${var.cluster_name}"
|
cluster_full_name = "${var.prefix}-${var.cluster_name}"
|
||||||
cluster_netbios_name = (
|
cluster_netbios_name = (
|
||||||
length(local.cluster_full_name) > 15
|
length(local.cluster_full_name) > 15
|
||||||
? substr(local.cluster_full_name, 0, 15)
|
? substr(local.cluster_full_name, 0, 15)
|
||||||
: local.cluster_full_name
|
: local.cluster_full_name
|
||||||
)
|
)
|
||||||
network = module.vpc.self_link
|
network = module.vpc.self_link
|
||||||
node_base = "${local.prefix}${var.node_name}"
|
node_base = "${var.prefix}-${var.node_name}"
|
||||||
node_prefix = (
|
node_prefix = (
|
||||||
length(local.node_base) > 12
|
length(local.node_base) > 12
|
||||||
? substr(local.node_base, 0, 12)
|
? substr(local.node_base, 0, 12)
|
||||||
|
|
@ -39,7 +39,6 @@ locals {
|
||||||
(local.witness_netbios_name) = local.zones[length(local.zones) - 1]
|
(local.witness_netbios_name) = local.zones[length(local.zones) - 1]
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
prefix = var.prefix != "" ? "${var.prefix}-" : ""
|
|
||||||
subnetwork = (
|
subnetwork = (
|
||||||
var.project_create != null
|
var.project_create != null
|
||||||
? module.vpc.subnet_self_links["${var.region}/${var.subnetwork}"]
|
? module.vpc.subnet_self_links["${var.region}/${var.subnetwork}"]
|
||||||
|
|
@ -50,7 +49,7 @@ locals {
|
||||||
? var.shared_vpc_project_id
|
? var.shared_vpc_project_id
|
||||||
: module.project.project_id
|
: module.project.project_id
|
||||||
)
|
)
|
||||||
witness_name = "${local.prefix}${var.witness_name}"
|
witness_name = "${var.prefix}-${var.witness_name}"
|
||||||
witness_netbios_name = (
|
witness_netbios_name = (
|
||||||
length(local.witness_name) > 15
|
length(local.witness_name) > 15
|
||||||
? substr(local.witness_name, 0, 15)
|
? substr(local.witness_name, 0, 15)
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,8 @@ locals {
|
||||||
}
|
}
|
||||||
|
|
||||||
output "instructions" {
|
output "instructions" {
|
||||||
value = <<EOF
|
description = "List of steps to follow after applying."
|
||||||
|
value = <<EOF
|
||||||
Log-in to all 3 instances with Administrator credentials and run the following PowerShell command:
|
Log-in to all 3 instances with Administrator credentials and run the following PowerShell command:
|
||||||
|
|
||||||
Add-Computer -Domain ${var.ad_domain_fqdn} -Restart
|
Add-Computer -Domain ${var.ad_domain_fqdn} -Restart
|
||||||
|
|
@ -28,4 +29,4 @@ output "instructions" {
|
||||||
Follow the instructions from here: https://cloud.google.com/compute/docs/instances/sql-server/configure-availability#creating_an_availability_group
|
Follow the instructions from here: https://cloud.google.com/compute/docs/instances/sql-server/configure-availability#creating_an_availability_group
|
||||||
Use the following listener IP addresses for: ${join(", ", local.loadbalancer_outputs)}
|
Use the following listener IP addresses for: ${join(", ", local.loadbalancer_outputs)}
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@
|
||||||
module "compute-service-account" {
|
module "compute-service-account" {
|
||||||
source = "../../../modules/iam-service-account"
|
source = "../../../modules/iam-service-account"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
name = format("%swsfc", local.prefix)
|
name = "${var.prefix}-wsfc"
|
||||||
|
|
||||||
iam_project_roles = {
|
iam_project_roles = {
|
||||||
(var.project_id) = [
|
(var.project_id) = [
|
||||||
|
|
@ -35,7 +35,7 @@ module "compute-service-account" {
|
||||||
module "witness-service-account" {
|
module "witness-service-account" {
|
||||||
source = "../../../modules/iam-service-account"
|
source = "../../../modules/iam-service-account"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
name = format("%swsfc-witness", local.prefix)
|
name = "${var.prefix}-wsfc-witness"
|
||||||
|
|
||||||
iam_project_roles = {
|
iam_project_roles = {
|
||||||
(var.project_id) = [
|
(var.project_id) = [
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
variable "ad_domain_fqdn" {
|
variable "ad_domain_fqdn" {
|
||||||
description = "Active Directory domain (FQDN)"
|
description = "Active Directory domain (FQDN)."
|
||||||
type = string
|
type = string
|
||||||
validation {
|
validation {
|
||||||
condition = length(var.ad_domain_fqdn) > 0
|
condition = length(var.ad_domain_fqdn) > 0
|
||||||
|
|
@ -22,7 +22,7 @@ variable "ad_domain_fqdn" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "ad_domain_netbios" {
|
variable "ad_domain_netbios" {
|
||||||
description = "Active Directory domain (NetBIOS)"
|
description = "Active Directory domain (NetBIOS)."
|
||||||
type = string
|
type = string
|
||||||
validation {
|
validation {
|
||||||
condition = length(var.ad_domain_netbios) > 0
|
condition = length(var.ad_domain_netbios) > 0
|
||||||
|
|
@ -31,31 +31,31 @@ variable "ad_domain_netbios" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "always_on_groups" {
|
variable "always_on_groups" {
|
||||||
description = "List of Always On Groups"
|
description = "List of Always On Groups."
|
||||||
type = list(string)
|
type = list(string)
|
||||||
default = ["bookshelf"]
|
default = ["bookshelf"]
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "boot_disk_size" {
|
variable "boot_disk_size" {
|
||||||
description = "Boot disk size in GB"
|
description = "Boot disk size in GB."
|
||||||
type = number
|
type = number
|
||||||
default = 50
|
default = 50
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "cluster_name" {
|
variable "cluster_name" {
|
||||||
description = "Cluster name (prepended with prefix)"
|
description = "Cluster name (prepended with prefix)."
|
||||||
type = string
|
type = string
|
||||||
default = "cluster"
|
default = "cluster"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "data_disk_size" {
|
variable "data_disk_size" {
|
||||||
description = "Database disk size in GB"
|
description = "Database disk size in GB."
|
||||||
type = number
|
type = number
|
||||||
default = 200
|
default = 200
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "health_check_config" {
|
variable "health_check_config" {
|
||||||
description = "Health check configuration"
|
description = "Health check configuration."
|
||||||
type = object({ check_interval_sec = number,
|
type = object({ check_interval_sec = number,
|
||||||
healthy_threshold = number,
|
healthy_threshold = number,
|
||||||
unhealthy_threshold = number,
|
unhealthy_threshold = number,
|
||||||
|
|
@ -70,50 +70,53 @@ variable "health_check_config" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "health_check_port" {
|
variable "health_check_port" {
|
||||||
description = "Health check port"
|
description = "Health check port."
|
||||||
type = number
|
type = number
|
||||||
default = 59997
|
default = 59997
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "health_check_ranges" {
|
variable "health_check_ranges" {
|
||||||
description = "Health check ranges"
|
description = "Health check ranges."
|
||||||
type = list(string)
|
type = list(string)
|
||||||
default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]
|
default = ["35.191.0.0/16", "209.85.152.0/22", "209.85.204.0/22"]
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "managed_ad_dn" {
|
variable "managed_ad_dn" {
|
||||||
description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)"
|
description = "Managed Active Directory domain (eg. OU=Cloud,DC=example,DC=com)."
|
||||||
type = string
|
type = string
|
||||||
default = ""
|
default = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "network" {
|
variable "network" {
|
||||||
description = "Network to use in the project"
|
description = "Network to use in the project."
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "node_image" {
|
variable "node_image" {
|
||||||
description = "SQL Server node machine image"
|
description = "SQL Server node machine image."
|
||||||
type = string
|
type = string
|
||||||
default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"
|
default = "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "node_instance_type" {
|
variable "node_instance_type" {
|
||||||
description = "SQL Server database node instance type"
|
description = "SQL Server database node instance type."
|
||||||
type = string
|
type = string
|
||||||
default = "n2-standard-8"
|
default = "n2-standard-8"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "node_name" {
|
variable "node_name" {
|
||||||
description = "Node base name"
|
description = "Node base name."
|
||||||
type = string
|
type = string
|
||||||
default = "node"
|
default = "node"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix used for resources (for multiple clusters in a project)"
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
default = "aog"
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
|
|
@ -126,24 +129,24 @@ variable "project_create" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_id" {
|
variable "project_id" {
|
||||||
description = "Google Cloud project ID"
|
description = "Google Cloud project ID."
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "region" {
|
variable "region" {
|
||||||
description = "Region for resources"
|
description = "Region for resources."
|
||||||
type = string
|
type = string
|
||||||
default = "europe-west4"
|
default = "europe-west4"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "shared_vpc_project_id" {
|
variable "shared_vpc_project_id" {
|
||||||
description = "Shared VPC project ID for firewall rules"
|
description = "Shared VPC project ID for firewall rules."
|
||||||
type = string
|
type = string
|
||||||
default = null
|
default = null
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "sql_admin_password" {
|
variable "sql_admin_password" {
|
||||||
description = "Password for the SQL admin user to be created"
|
description = "Password for the SQL admin user to be created."
|
||||||
type = string
|
type = string
|
||||||
validation {
|
validation {
|
||||||
condition = length(var.sql_admin_password) > 0
|
condition = length(var.sql_admin_password) > 0
|
||||||
|
|
@ -152,13 +155,13 @@ variable "sql_admin_password" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "sql_client_cidrs" {
|
variable "sql_client_cidrs" {
|
||||||
description = "CIDR ranges that are allowed to connect to SQL Server"
|
description = "CIDR ranges that are allowed to connect to SQL Server."
|
||||||
type = list(string)
|
type = list(string)
|
||||||
default = ["0.0.0.0/0"]
|
default = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "subnetwork" {
|
variable "subnetwork" {
|
||||||
description = "Subnetwork to use in the project"
|
description = "Subnetwork to use in the project."
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -169,19 +172,19 @@ variable "vpc_ip_cidr_range" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "witness_image" {
|
variable "witness_image" {
|
||||||
description = "SQL Server witness machine image"
|
description = "SQL Server witness machine image."
|
||||||
type = string
|
type = string
|
||||||
default = "projects/windows-cloud/global/images/family/windows-2019"
|
default = "projects/windows-cloud/global/images/family/windows-2019"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "witness_instance_type" {
|
variable "witness_instance_type" {
|
||||||
description = "SQL Server witness node instance type"
|
description = "SQL Server witness node instance type."
|
||||||
type = string
|
type = string
|
||||||
default = "n2-standard-2"
|
default = "n2-standard-2"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "witness_name" {
|
variable "witness_name" {
|
||||||
description = "Witness base name"
|
description = "Witness base name."
|
||||||
type = string
|
type = string
|
||||||
default = "witness"
|
default = "witness"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ locals {
|
||||||
local.listeners,
|
local.listeners,
|
||||||
local.node_ips,
|
local.node_ips,
|
||||||
{
|
{
|
||||||
"${local.prefix}cluster" = {
|
"${var.prefix}-cluster" = {
|
||||||
region = var.region
|
region = var.region
|
||||||
subnetwork = local.subnetwork
|
subnetwork = local.subnetwork
|
||||||
}
|
}
|
||||||
|
|
@ -34,7 +34,7 @@ locals {
|
||||||
k => v.address
|
k => v.address
|
||||||
}
|
}
|
||||||
listeners = {
|
listeners = {
|
||||||
for aog in var.always_on_groups : "${local.prefix}lb-${aog}" => {
|
for aog in var.always_on_groups : "${var.prefix}-lb-${aog}" => {
|
||||||
region = var.region
|
region = var.region
|
||||||
subnetwork = local.subnetwork
|
subnetwork = local.subnetwork
|
||||||
}
|
}
|
||||||
|
|
@ -83,7 +83,7 @@ module "firewall" {
|
||||||
disabled = true
|
disabled = true
|
||||||
}
|
}
|
||||||
ingress_rules = {
|
ingress_rules = {
|
||||||
"${local.prefix}allow-all-between-wsfc-nodes" = {
|
"${var.prefix}-allow-all-between-wsfc-nodes" = {
|
||||||
description = "Allow all between WSFC nodes"
|
description = "Allow all between WSFC nodes"
|
||||||
sources = [module.compute-service-account.email]
|
sources = [module.compute-service-account.email]
|
||||||
targets = [module.compute-service-account.email]
|
targets = [module.compute-service-account.email]
|
||||||
|
|
@ -94,7 +94,7 @@ module "firewall" {
|
||||||
{ protocol = "icmp" }
|
{ protocol = "icmp" }
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
"${local.prefix}allow-all-between-wsfc-witness" = {
|
"${var.prefix}-allow-all-between-wsfc-witness" = {
|
||||||
description = "Allow all between WSFC witness nodes"
|
description = "Allow all between WSFC witness nodes"
|
||||||
sources = [module.compute-service-account.email]
|
sources = [module.compute-service-account.email]
|
||||||
targets = [module.witness-service-account.email]
|
targets = [module.witness-service-account.email]
|
||||||
|
|
@ -105,7 +105,7 @@ module "firewall" {
|
||||||
{ protocol = "icmp" }
|
{ protocol = "icmp" }
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
"${local.prefix}allow-sql-to-wsfc-nodes" = {
|
"${var.prefix}-allow-sql-to-wsfc-nodes" = {
|
||||||
description = "Allow SQL connections to WSFC nodes"
|
description = "Allow SQL connections to WSFC nodes"
|
||||||
targets = [module.compute-service-account.email]
|
targets = [module.compute-service-account.email]
|
||||||
ranges = var.sql_client_cidrs
|
ranges = var.sql_client_cidrs
|
||||||
|
|
@ -114,7 +114,7 @@ module "firewall" {
|
||||||
{ protocol = "tcp", ports = [1433] },
|
{ protocol = "tcp", ports = [1433] },
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
"${local.prefix}allow-health-check-to-wsfc-nodes" = {
|
"${var.prefix}-allow-health-check-to-wsfc-nodes" = {
|
||||||
description = "Allow health checks to WSFC nodes"
|
description = "Allow health checks to WSFC nodes"
|
||||||
targets = [module.compute-service-account.email]
|
targets = [module.compute-service-account.email]
|
||||||
ranges = var.health_check_ranges
|
ranges = var.health_check_ranges
|
||||||
|
|
@ -139,7 +139,7 @@ module "listener-ilb" {
|
||||||
region = var.region
|
region = var.region
|
||||||
name = "${var.prefix}-${each.value}-ilb"
|
name = "${var.prefix}-${each.value}-ilb"
|
||||||
service_label = "${var.prefix}-${each.value}-ilb"
|
service_label = "${var.prefix}-${each.value}-ilb"
|
||||||
address = local.internal_address_ips["${local.prefix}lb-${each.value}"]
|
address = local.internal_address_ips["${var.prefix}-lb-${each.value}"]
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
network = local.network
|
network = local.network
|
||||||
subnetwork = local.subnetwork
|
subnetwork = local.subnetwork
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,7 @@ deletion_protection: bool # not required, defaults to false
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [project_id](variables.tf#L17) | Project ID | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L17) | Project ID. | <code>string</code> | ✓ | |
|
||||||
| [tables_dir](variables.tf#L22) | Relative path for the folder storing table data. | <code>string</code> | ✓ | |
|
| [tables_dir](variables.tf#L22) | Relative path for the folder storing table data. | <code>string</code> | ✓ | |
|
||||||
| [views_dir](variables.tf#L27) | Relative path for the folder storing view data. | <code>string</code> | ✓ | |
|
| [views_dir](variables.tf#L27) | Relative path for the folder storing view data. | <code>string</code> | ✓ | |
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
variable "project_id" {
|
variable "project_id" {
|
||||||
description = "Project ID"
|
description = "Project ID."
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
# Google Cloud VPC Firewall Factory
|
# Google Cloud VPC Firewall Factory
|
||||||
|
|
||||||
This module allows creation and management of different types of firewall rules by defining them in well formatted `yaml` files.
|
This module allows creation and management of different types of firewall rules by defining them in well formatted `yaml` files.
|
||||||
|
|
||||||
Yaml abstraction for FW rules can simplify users onboarding and also makes rules definition simpler and clearer comparing to HCL.
|
Yaml abstraction for FW rules can simplify users onboarding and also makes rules definition simpler and clearer comparing to HCL.
|
||||||
|
|
||||||
|
|
@ -79,10 +79,10 @@ rule-name: # descriptive name, naming convention is adjusted by the module
|
||||||
destination_ranges: # list of destination ranges, should be specified only for `EGRESS` rule
|
destination_ranges: # list of destination ranges, should be specified only for `EGRESS` rule
|
||||||
- 0.0.0.0/0
|
- 0.0.0.0/0
|
||||||
source_tags: ['some-tag'] # list of source tags, should be specified only for `INGRESS` rule
|
source_tags: ['some-tag'] # list of source tags, should be specified only for `INGRESS` rule
|
||||||
source_service_accounts: # list of source service accounts, should be specified only for `INGRESS` rule, can not be specified together with `source_tags` or `target_tags`
|
source_service_accounts: # list of source service accounts, should be specified only for `INGRESS` rule, cannot be specified together with `source_tags` or `target_tags`
|
||||||
- myapp@myproject-id.iam.gserviceaccount.com
|
- myapp@myproject-id.iam.gserviceaccount.com
|
||||||
target_tags: ['some-tag'] # list of target tags
|
target_tags: ['some-tag'] # list of target tags
|
||||||
target_service_accounts: # list of target service accounts, , can not be specified together with `source_tags` or `target_tags`
|
target_service_accounts: # list of target service accounts, , cannot be specified together with `source_tags` or `target_tags`
|
||||||
- myapp@myproject-id.iam.gserviceaccount.com
|
- myapp@myproject-id.iam.gserviceaccount.com
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -69,6 +69,7 @@ module "projects" {
|
||||||
kms_service_agents = try(each.value.kms, {})
|
kms_service_agents = try(each.value.kms, {})
|
||||||
labels = try(each.value.labels, {})
|
labels = try(each.value.labels, {})
|
||||||
org_policies = try(each.value.org_policies, {})
|
org_policies = try(each.value.org_policies, {})
|
||||||
|
prefix = each.value.prefix
|
||||||
service_accounts = try(each.value.service_accounts, {})
|
service_accounts = try(each.value.service_accounts, {})
|
||||||
services = try(each.value.services, [])
|
services = try(each.value.services, [])
|
||||||
service_identities_iam = try(each.value.service_identities_iam, {})
|
service_identities_iam = try(each.value.service_identities_iam, {})
|
||||||
|
|
@ -109,9 +110,9 @@ vpc_host_project: project-example-host-project
|
||||||
|
|
||||||
# [opt] Billing account id - overrides default if set
|
# [opt] Billing account id - overrides default if set
|
||||||
billing_account_id: 012345-67890A-BCDEF0
|
billing_account_id: 012345-67890A-BCDEF0
|
||||||
|
|
||||||
# [opt] Billing alerts config - overrides default if set
|
# [opt] Billing alerts config - overrides default if set
|
||||||
billing_alert:
|
billing_alert:
|
||||||
amount: 10
|
amount: 10
|
||||||
thresholds:
|
thresholds:
|
||||||
current:
|
current:
|
||||||
|
|
@ -119,42 +120,42 @@ billing_alert:
|
||||||
- 0.8
|
- 0.8
|
||||||
forecasted: []
|
forecasted: []
|
||||||
|
|
||||||
# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults
|
# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults
|
||||||
dns_zones:
|
dns_zones:
|
||||||
- lorem
|
- lorem
|
||||||
- ipsum
|
- ipsum
|
||||||
|
|
||||||
# [opt] Contacts for billing alerts and important notifications
|
# [opt] Contacts for billing alerts and important notifications
|
||||||
essential_contacts:
|
essential_contacts:
|
||||||
- team-a-contacts@example.com
|
- team-a-contacts@example.com
|
||||||
|
|
||||||
# Folder the project will be created as children of
|
# Folder the project will be created as children of
|
||||||
folder_id: folders/012345678901
|
folder_id: folders/012345678901
|
||||||
|
|
||||||
# [opt] Authoritative IAM bindings in group => [roles] format
|
# [opt] Authoritative IAM bindings in group => [roles] format
|
||||||
group_iam:
|
group_iam:
|
||||||
test-team-foobar@fast-lab-0.gcp-pso-italy.net:
|
test-team-foobar@fast-lab-0.gcp-pso-italy.net:
|
||||||
- roles/compute.admin
|
- roles/compute.admin
|
||||||
|
|
||||||
# [opt] Authoritative IAM bindings in role => [principals] format
|
# [opt] Authoritative IAM bindings in role => [principals] format
|
||||||
# Generally used to grant roles to service accounts external to the project
|
# Generally used to grant roles to service accounts external to the project
|
||||||
iam:
|
iam:
|
||||||
roles/compute.admin:
|
roles/compute.admin:
|
||||||
- serviceAccount:service-account
|
- serviceAccount:service-account
|
||||||
|
|
||||||
# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter
|
# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter
|
||||||
# in service => [keys] format
|
# in service => [keys] format
|
||||||
kms_service_agents:
|
kms_service_agents:
|
||||||
compute: [key1, key2]
|
compute: [key1, key2]
|
||||||
storage: [key1, key2]
|
storage: [key1, key2]
|
||||||
|
|
||||||
# [opt] Labels for the project - merged with the ones defined in defaults
|
# [opt] Labels for the project - merged with the ones defined in defaults
|
||||||
labels:
|
labels:
|
||||||
environment: prod
|
environment: prod
|
||||||
|
|
||||||
# [opt] Org policy overrides defined at project level
|
# [opt] Org policy overrides defined at project level
|
||||||
org_policies:
|
org_policies:
|
||||||
constraints/compute.disableGuestAttributesAccess:
|
constraints/compute.disableGuestAttributesAccess:
|
||||||
enforce: true
|
enforce: true
|
||||||
constraints/compute.trustedImageProjects:
|
constraints/compute.trustedImageProjects:
|
||||||
allow:
|
allow:
|
||||||
|
|
@ -166,7 +167,7 @@ org_policies:
|
||||||
|
|
||||||
# [opt] Service account to create for the project and their roles on the project
|
# [opt] Service account to create for the project and their roles on the project
|
||||||
# in name => [roles] format
|
# in name => [roles] format
|
||||||
service_accounts:
|
service_accounts:
|
||||||
another-service-account:
|
another-service-account:
|
||||||
- roles/compute.admin
|
- roles/compute.admin
|
||||||
my-service-account:
|
my-service-account:
|
||||||
|
|
@ -179,37 +180,37 @@ service_accounts_iam:
|
||||||
- roles/iam.serviceAccountTokenCreator:
|
- roles/iam.serviceAccountTokenCreator:
|
||||||
- group: app-team-1@example.com
|
- group: app-team-1@example.com
|
||||||
|
|
||||||
# [opt] APIs to enable on the project.
|
# [opt] APIs to enable on the project.
|
||||||
services:
|
services:
|
||||||
- storage.googleapis.com
|
- storage.googleapis.com
|
||||||
- stackdriver.googleapis.com
|
- stackdriver.googleapis.com
|
||||||
- compute.googleapis.com
|
- compute.googleapis.com
|
||||||
|
|
||||||
# [opt] Roles to assign to the robots service accounts in robot => [roles] format
|
# [opt] Roles to assign to the robots service accounts in robot => [roles] format
|
||||||
services_iam:
|
services_iam:
|
||||||
compute:
|
compute:
|
||||||
- roles/storage.objectViewer
|
- roles/storage.objectViewer
|
||||||
|
|
||||||
# [opt] VPC setup.
|
# [opt] VPC setup.
|
||||||
# If set enables the `compute.googleapis.com` service and configures
|
# If set enables the `compute.googleapis.com` service and configures
|
||||||
# service project attachment
|
# service project attachment
|
||||||
vpc:
|
vpc:
|
||||||
|
|
||||||
# [opt] If set, enables the container API
|
# [opt] If set, enables the container API
|
||||||
gke_setup:
|
gke_setup:
|
||||||
|
|
||||||
# Grants "roles/container.hostServiceAgentUser" to the container robot if set
|
# Grants "roles/container.hostServiceAgentUser" to the container robot if set
|
||||||
enable_host_service_agent: false
|
enable_host_service_agent: false
|
||||||
|
|
||||||
# Grants "roles/compute.securityAdmin" to the container robot if set
|
# Grants "roles/compute.securityAdmin" to the container robot if set
|
||||||
enable_security_admin: true
|
enable_security_admin: true
|
||||||
|
|
||||||
# Host project the project will be service project of
|
# Host project the project will be service project of
|
||||||
host_project: fast-prod-net-spoke-0
|
host_project: fast-prod-net-spoke-0
|
||||||
|
|
||||||
# [opt] Subnets in the host project where principals will be granted networkUser
|
# [opt] Subnets in the host project where principals will be granted networkUser
|
||||||
# in region/subnet-name => [principals]
|
# in region/subnet-name => [principals]
|
||||||
subnets_iam:
|
subnets_iam:
|
||||||
europe-west1/prod-default-ew1:
|
europe-west1/prod-default-ew1:
|
||||||
- user:foobar@example.com
|
- user:foobar@example.com
|
||||||
- serviceAccount:service-account1@my-project.iam.gserviceaccount.com
|
- serviceAccount:service-account1@my-project.iam.gserviceaccount.com
|
||||||
|
|
@ -221,7 +222,8 @@ vpc:
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | |
|
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L157) | Project id. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L151) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
|
| [project_id](variables.tf#L160) | Project id. | <code>string</code> | ✓ | |
|
||||||
| [billing_alert](variables.tf#L22) | Billing alert configuration. | <code title="object({ amount = number thresholds = object({ current = list(number) forecasted = list(number) }) credit_treatment = string })">object({…})</code> | | <code>null</code> |
|
| [billing_alert](variables.tf#L22) | Billing alert configuration. | <code title="object({ amount = number thresholds = object({ current = list(number) forecasted = list(number) }) credit_treatment = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [defaults](variables.tf#L35) | Project factory default values. | <code title="object({ billing_account_id = string billing_alert = object({ amount = number thresholds = object({ current = list(number) forecasted = list(number) }) credit_treatment = string }) environment_dns_zone = string essential_contacts = list(string) labels = map(string) notification_channels = list(string) shared_vpc_self_link = string vpc_host_project = string })">object({…})</code> | | <code>null</code> |
|
| [defaults](variables.tf#L35) | Project factory default values. | <code title="object({ billing_account_id = string billing_alert = object({ amount = number thresholds = object({ current = list(number) forecasted = list(number) }) credit_treatment = string }) environment_dns_zone = string essential_contacts = list(string) labels = map(string) notification_channels = list(string) shared_vpc_self_link = string vpc_host_project = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [dns_zones](variables.tf#L57) | DNS private zones to create as child of var.defaults.environment_dns_zone. | <code>list(string)</code> | | <code>[]</code> |
|
| [dns_zones](variables.tf#L57) | DNS private zones to create as child of var.defaults.environment_dns_zone. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
|
|
@ -234,21 +236,20 @@ vpc:
|
||||||
| [kms_service_agents](variables.tf#L99) | KMS IAM configuration in as service => [key]. | <code>map(list(string))</code> | | <code>{}</code> |
|
| [kms_service_agents](variables.tf#L99) | KMS IAM configuration in as service => [key]. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||||
| [labels](variables.tf#L105) | Labels to be assigned at project level. | <code>map(string)</code> | | <code>{}</code> |
|
| [labels](variables.tf#L105) | Labels to be assigned at project level. | <code>map(string)</code> | | <code>{}</code> |
|
||||||
| [org_policies](variables.tf#L111) | Org-policy overrides at project level. | <code title="map(object({ inherit_from_parent = optional(bool) # for list policies only. reset = optional(bool) allow = optional(object({ all = optional(bool) values = optional(list(string)) })) deny = optional(object({ all = optional(bool) values = optional(list(string)) })) enforce = optional(bool, true) # for boolean policies only. rules = optional(list(object({ allow = optional(object({ all = optional(bool) values = optional(list(string)) })) deny = optional(object({ all = optional(bool) values = optional(list(string)) })) enforce = optional(bool, true) # for boolean policies only. condition = object({ description = optional(string) expression = optional(string) location = optional(string) title = optional(string) }) })), []) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [org_policies](variables.tf#L111) | Org-policy overrides at project level. | <code title="map(object({ inherit_from_parent = optional(bool) # for list policies only. reset = optional(bool) allow = optional(object({ all = optional(bool) values = optional(list(string)) })) deny = optional(object({ all = optional(bool) values = optional(list(string)) })) enforce = optional(bool, true) # for boolean policies only. rules = optional(list(object({ allow = optional(object({ all = optional(bool) values = optional(list(string)) })) deny = optional(object({ all = optional(bool) values = optional(list(string)) })) enforce = optional(bool, true) # for boolean policies only. condition = object({ description = optional(string) expression = optional(string) location = optional(string) title = optional(string) }) })), []) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [prefix](variables.tf#L151) | Prefix used for the project id. | <code>string</code> | | <code>null</code> |
|
| [service_accounts](variables.tf#L165) | Service accounts to be created, and roles assigned them on the project. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||||
| [service_accounts](variables.tf#L162) | Service accounts to be created, and roles assigned them on the project. | <code>map(list(string))</code> | | <code>{}</code> |
|
| [service_accounts_additive](variables.tf#L171) | Service accounts to be created, and roles assigned them on the project additively. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||||
| [service_accounts_additive](variables.tf#L168) | Service accounts to be created, and roles assigned them on the project additively. | <code>map(list(string))</code> | | <code>{}</code> |
|
| [service_accounts_iam](variables.tf#L177) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||||
| [service_accounts_iam](variables.tf#L174) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
| [service_accounts_iam_additive](variables.tf#L184) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||||
| [service_accounts_iam_additive](variables.tf#L181) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
| [service_identities_iam](variables.tf#L191) | Custom IAM settings for service identities in service => [role] format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||||
| [service_identities_iam](variables.tf#L188) | Custom IAM settings for service identities in service => [role] format. | <code>map(list(string))</code> | | <code>{}</code> |
|
| [service_identities_iam_additive](variables.tf#L198) | Custom additive IAM settings for service identities in service => [role] format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||||
| [service_identities_iam_additive](variables.tf#L195) | Custom additive IAM settings for service identities in service => [role] format. | <code>map(list(string))</code> | | <code>{}</code> |
|
| [services](variables.tf#L205) | Services to be enabled for the project. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
| [services](variables.tf#L202) | Services to be enabled for the project. | <code>list(string)</code> | | <code>[]</code> |
|
| [vpc](variables.tf#L212) | VPC configuration for the project. | <code title="object({ host_project = string gke_setup = object({ enable_security_admin = bool enable_host_service_agent = bool }) subnets_iam = map(list(string)) })">object({…})</code> | | <code>null</code> |
|
||||||
| [vpc](variables.tf#L209) | VPC configuration for the project. | <code title="object({ host_project = string gke_setup = object({ enable_security_admin = bool enable_host_service_agent = bool }) subnets_iam = map(list(string)) })">object({…})</code> | | <code>null</code> |
|
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
| name | description | sensitive |
|
| name | description | sensitive |
|
||||||
|---|---|:---:|
|
|---|---|:---:|
|
||||||
| [project](outputs.tf#L19) | The project resource as return by the `project` module | |
|
| [project](outputs.tf#L19) | The project resource as return by the `project` module. | |
|
||||||
| [project_id](outputs.tf#L29) | Project ID. | |
|
| [project_id](outputs.tf#L29) | Project ID. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
||||||
|
|
@ -29,11 +29,7 @@ locals {
|
||||||
}
|
}
|
||||||
_group_iam_bindings = distinct(flatten(values(var.group_iam)))
|
_group_iam_bindings = distinct(flatten(values(var.group_iam)))
|
||||||
_group_iam_additive_bindings = distinct(flatten(values(var.group_iam_additive)))
|
_group_iam_additive_bindings = distinct(flatten(values(var.group_iam_additive)))
|
||||||
_project_id = (
|
|
||||||
var.prefix == null || var.prefix == ""
|
|
||||||
? var.project_id
|
|
||||||
: "${var.prefix}-${var.project_id}"
|
|
||||||
)
|
|
||||||
_service_accounts_iam = {
|
_service_accounts_iam = {
|
||||||
for r in local._service_accounts_iam_bindings : r => [
|
for r in local._service_accounts_iam_bindings : r => [
|
||||||
for k, v in var.service_accounts :
|
for k, v in var.service_accounts :
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
||||||
# TODO(): proper outputs
|
# TODO(): proper outputs
|
||||||
|
|
||||||
output "project" {
|
output "project" {
|
||||||
description = "The project resource as return by the `project` module"
|
description = "The project resource as return by the `project` module."
|
||||||
value = module.project
|
value = module.project
|
||||||
|
|
||||||
depends_on = [
|
depends_on = [
|
||||||
|
|
|
||||||
|
|
@ -25,4 +25,5 @@ labels:
|
||||||
# [opt] Additional notification channels for billing
|
# [opt] Additional notification channels for billing
|
||||||
notification_channels: []
|
notification_channels: []
|
||||||
shared_vpc_self_link: projects/foo/networks/bar
|
shared_vpc_self_link: projects/foo/networks/bar
|
||||||
|
prefix: test
|
||||||
vpc_host_project:
|
vpc_host_project:
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,9 @@ org_policies:
|
||||||
deny:
|
deny:
|
||||||
all: true
|
all: true
|
||||||
|
|
||||||
|
# [opt] Prefix - overrides default if set
|
||||||
|
prefix: test1
|
||||||
|
|
||||||
# [opt] Service account to create for the project and their roles on the project
|
# [opt] Service account to create for the project and their roles on the project
|
||||||
# in name => [roles] format
|
# in name => [roles] format
|
||||||
service_accounts:
|
service_accounts:
|
||||||
|
|
|
||||||
|
|
@ -149,9 +149,12 @@ variable "org_policies" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix used for the project id."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
default = null
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_id" {
|
variable "project_id" {
|
||||||
|
|
@ -172,14 +175,14 @@ variable "service_accounts_additive" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "service_accounts_iam" {
|
variable "service_accounts_iam" {
|
||||||
description = "IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}"
|
description = "IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}."
|
||||||
type = map(map(list(string)))
|
type = map(map(list(string)))
|
||||||
default = {}
|
default = {}
|
||||||
nullable = false
|
nullable = false
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "service_accounts_iam_additive" {
|
variable "service_accounts_iam_additive" {
|
||||||
description = "IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}"
|
description = "IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}."
|
||||||
type = map(map(list(string)))
|
type = map(map(list(string)))
|
||||||
default = {}
|
default = {}
|
||||||
nullable = false
|
nullable = false
|
||||||
|
|
|
||||||
|
|
@ -107,15 +107,15 @@ Once done testing, you can clean up resources by running `terraform destroy`.
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [project_id](variables.tf#L44) | Project ID. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L29) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
|
| [project_id](variables.tf#L47) | Project ID. | <code>string</code> | ✓ | |
|
||||||
| [master_cidr_block](variables.tf#L17) | Master CIDR block. | <code>string</code> | | <code>"10.0.0.0/28"</code> |
|
| [master_cidr_block](variables.tf#L17) | Master CIDR block. | <code>string</code> | | <code>"10.0.0.0/28"</code> |
|
||||||
| [pods_cidr_block](variables.tf#L23) | Pods CIDR block. | <code>string</code> | | <code>"172.16.0.0/20"</code> |
|
| [pods_cidr_block](variables.tf#L23) | Pods CIDR block. | <code>string</code> | | <code>"172.16.0.0/20"</code> |
|
||||||
| [prefix](variables.tf#L29) | Prefix for resources created. | <code>string</code> | | <code>null</code> |
|
| [project_create](variables.tf#L38) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [project_create](variables.tf#L35) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [region](variables.tf#L52) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
| [region](variables.tf#L49) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [services_cidr_block](variables.tf#L58) | Services CIDR block. | <code>string</code> | | <code>"192.168.0.0/24"</code> |
|
||||||
| [services_cidr_block](variables.tf#L55) | Services CIDR block. | <code>string</code> | | <code>"192.168.0.0/24"</code> |
|
| [subnet_cidr_block](variables.tf#L64) | Subnet CIDR block. | <code>string</code> | | <code>"10.0.1.0/24"</code> |
|
||||||
| [subnet_cidr_block](variables.tf#L61) | Subnet CIDR block. | <code>string</code> | | <code>"10.0.1.0/24"</code> |
|
| [zone](variables.tf#L70) | Zone. | <code>string</code> | | <code>"europe-west1-c"</code> |
|
||||||
| [zone](variables.tf#L67) | Zone. | <code>string</code> | | <code>"europe-west1-c"</code> |
|
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,6 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-"
|
|
||||||
k8s_ns = "apis"
|
k8s_ns = "apis"
|
||||||
k8s_sa = "storage-api-sa"
|
k8s_sa = "storage-api-sa"
|
||||||
image = (
|
image = (
|
||||||
|
|
@ -61,7 +60,7 @@ module "project" {
|
||||||
module "vpc" {
|
module "vpc" {
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}vpc"
|
name = "${var.prefix}-vpc"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.subnet_cidr_block
|
ip_cidr_range = var.subnet_cidr_block
|
||||||
|
|
@ -79,14 +78,14 @@ module "nat" {
|
||||||
source = "../../../modules/net-cloudnat"
|
source = "../../../modules/net-cloudnat"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
name = "${local.prefix}nat"
|
name = "${var.prefix}-nat"
|
||||||
router_network = module.vpc.name
|
router_network = module.vpc.name
|
||||||
}
|
}
|
||||||
|
|
||||||
module "cluster" {
|
module "cluster" {
|
||||||
source = "../../../modules/gke-cluster"
|
source = "../../../modules/gke-cluster"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}cluster"
|
name = "${var.prefix}-cluster"
|
||||||
location = var.zone
|
location = var.zone
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
master_ipv4_cidr_block = var.master_cidr_block
|
master_ipv4_cidr_block = var.master_cidr_block
|
||||||
|
|
@ -174,7 +173,7 @@ module "docker_artifact_registry" {
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
location = var.region
|
location = var.region
|
||||||
format = "DOCKER"
|
format = "DOCKER"
|
||||||
id = "${local.prefix}registry"
|
id = "${var.prefix}-registry"
|
||||||
iam = {
|
iam = {
|
||||||
"roles/artifactregistry.writer" = [module.image_cb_sa.iam_email]
|
"roles/artifactregistry.writer" = [module.image_cb_sa.iam_email]
|
||||||
"roles/artifactregistry.reader" = [module.cluster_nodepool.service_account_iam_email]
|
"roles/artifactregistry.reader" = [module.cluster_nodepool.service_account_iam_email]
|
||||||
|
|
@ -190,7 +189,7 @@ module "image_cb_sa" {
|
||||||
module "image_repo" {
|
module "image_repo" {
|
||||||
source = "../../../modules/source-repository"
|
source = "../../../modules/source-repository"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}image"
|
name = "${var.prefix}-image"
|
||||||
triggers = {
|
triggers = {
|
||||||
image-trigger = {
|
image-trigger = {
|
||||||
filename = "cloudbuild.yaml"
|
filename = "cloudbuild.yaml"
|
||||||
|
|
@ -222,7 +221,7 @@ module "app_cb_sa" {
|
||||||
module "app_repo" {
|
module "app_repo" {
|
||||||
source = "../../../modules/source-repository"
|
source = "../../../modules/source-repository"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}app"
|
name = "${var.prefix}-app"
|
||||||
triggers = {
|
triggers = {
|
||||||
app-trigger = {
|
app-trigger = {
|
||||||
filename = "cloudbuild.yaml"
|
filename = "cloudbuild.yaml"
|
||||||
|
|
|
||||||
|
|
@ -27,9 +27,12 @@ variable "pods_cidr_block" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix for resources created."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
default = null
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
|
|
|
||||||
|
|
@ -69,8 +69,8 @@ Once done testing, you can clean up resources by running `terraform destroy`.
|
||||||
| [mgmt_project_id](variables.tf#L63) | Management Project ID. | <code>string</code> | ✓ | |
|
| [mgmt_project_id](variables.tf#L63) | Management Project ID. | <code>string</code> | ✓ | |
|
||||||
| [parent](variables.tf#L94) | Parent. | <code>string</code> | ✓ | |
|
| [parent](variables.tf#L94) | Parent. | <code>string</code> | ✓ | |
|
||||||
| [clusters_config](variables.tf#L22) | Clusters configuration. | <code title="map(object({ subnet_cidr_block = string master_cidr_block = string services_cidr_block = string pods_cidr_block = string }))">map(object({…}))</code> | | <code title="{ cluster-a = { subnet_cidr_block = "10.0.1.0/24" master_cidr_block = "10.16.0.0/28" services_cidr_block = "192.168.1.0/24" pods_cidr_block = "172.16.0.0/20" } cluster-b = { subnet_cidr_block = "10.0.2.0/24" master_cidr_block = "10.16.0.16/28" services_cidr_block = "192.168.2.0/24" pods_cidr_block = "172.16.16.0/20" } }">{…}</code> |
|
| [clusters_config](variables.tf#L22) | Clusters configuration. | <code title="map(object({ subnet_cidr_block = string master_cidr_block = string services_cidr_block = string pods_cidr_block = string }))">map(object({…}))</code> | | <code title="{ cluster-a = { subnet_cidr_block = "10.0.1.0/24" master_cidr_block = "10.16.0.0/28" services_cidr_block = "192.168.1.0/24" pods_cidr_block = "172.16.0.0/20" } cluster-b = { subnet_cidr_block = "10.0.2.0/24" master_cidr_block = "10.16.0.16/28" services_cidr_block = "192.168.2.0/24" pods_cidr_block = "172.16.16.0/20" } }">{…}</code> |
|
||||||
| [istio_version](variables.tf#L57) | ASM version | <code>string</code> | | <code>"1.14.1-asm.3"</code> |
|
| [istio_version](variables.tf#L57) | ASM version. | <code>string</code> | | <code>"1.14.1-asm.3"</code> |
|
||||||
| [mgmt_server_config](variables.tf#L68) | Mgmt server configuration | <code title="object({ disk_size = number disk_type = string image = string instance_type = string region = string zone = string })">object({…})</code> | | <code title="{ disk_size = 50 disk_type = "pd-ssd" image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2204-lts" instance_type = "n1-standard-2" region = "europe-west1" zone = "europe-west1-c" }">{…}</code> |
|
| [mgmt_server_config](variables.tf#L68) | Mgmt server configuration. | <code title="object({ disk_size = number disk_type = string image = string instance_type = string region = string zone = string })">object({…})</code> | | <code title="{ disk_size = 50 disk_type = "pd-ssd" image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2204-lts" instance_type = "n1-standard-2" region = "europe-west1" zone = "europe-west1-c" }">{…}</code> |
|
||||||
| [mgmt_subnet_cidr_block](variables.tf#L88) | Management subnet CIDR block. | <code>string</code> | | <code>"10.0.0.0/28"</code> |
|
| [mgmt_subnet_cidr_block](variables.tf#L88) | Management subnet CIDR block. | <code>string</code> | | <code>"10.0.0.0/28"</code> |
|
||||||
| [region](variables.tf#L99) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [region](variables.tf#L99) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -55,7 +55,7 @@ variable "host_project_id" {
|
||||||
|
|
||||||
|
|
||||||
variable "istio_version" {
|
variable "istio_version" {
|
||||||
description = "ASM version"
|
description = "ASM version."
|
||||||
type = string
|
type = string
|
||||||
default = "1.14.1-asm.3"
|
default = "1.14.1-asm.3"
|
||||||
}
|
}
|
||||||
|
|
@ -66,7 +66,7 @@ variable "mgmt_project_id" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "mgmt_server_config" {
|
variable "mgmt_server_config" {
|
||||||
description = "Mgmt server configuration"
|
description = "Mgmt server configuration."
|
||||||
type = object({
|
type = object({
|
||||||
disk_size = number
|
disk_size = number
|
||||||
disk_type = string
|
disk_type = string
|
||||||
|
|
|
||||||
|
|
@ -247,9 +247,9 @@ module "gke" {
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | |
|
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | |
|
||||||
| [folder_id](variables.tf#L132) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | <code>string</code> | ✓ | |
|
| [folder_id](variables.tf#L132) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | <code>string</code> | ✓ | |
|
||||||
| [prefix](variables.tf#L179) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L179) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L184) | ID of the project that will contain all the clusters. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L188) | ID of the project that will contain all the clusters. | <code>string</code> | ✓ | |
|
||||||
| [vpc_config](variables.tf#L196) | Shared VPC project and VPC details. | <code title="object({ host_project_id = string vpc_self_link = string })">object({…})</code> | ✓ | |
|
| [vpc_config](variables.tf#L200) | Shared VPC project and VPC details. | <code title="object({ host_project_id = string vpc_self_link = string })">object({…})</code> | ✓ | |
|
||||||
| [clusters](variables.tf#L22) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map(object({ cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { workload_identity = true }) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(list(string), ["SYSTEM_COMPONENTS"]) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_components = optional(list(string), ["SYSTEM_COMPONENTS"]) managed_prometheus = optional(bool) })) node_locations = optional(list(string)) private_cluster_config = optional(any) release_channel = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) master_ipv4_cidr_block = optional(string) }) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [clusters](variables.tf#L22) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map(object({ cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { workload_identity = true }) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(list(string), ["SYSTEM_COMPONENTS"]) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_components = optional(list(string), ["SYSTEM_COMPONENTS"]) managed_prometheus = optional(bool) })) node_locations = optional(list(string)) private_cluster_config = optional(any) release_channel = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) master_ipv4_cidr_block = optional(string) }) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [fleet_configmanagement_clusters](variables.tf#L70) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map(list(string))</code> | | <code>{}</code> |
|
| [fleet_configmanagement_clusters](variables.tf#L70) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||||
| [fleet_configmanagement_templates](variables.tf#L77) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map(object({ binauthz = bool config_sync = object({ git = object({ gcp_service_account_email = string https_proxy = string policy_dir = string secret_type = string sync_branch = string sync_repo = string sync_rev = string sync_wait_secs = number }) prevent_drift = string source_format = string }) hierarchy_controller = object({ enable_hierarchical_resource_quota = bool enable_pod_tree_labels = bool }) policy_controller = object({ audit_interval_seconds = number exemptable_namespaces = list(string) log_denies_enabled = bool referential_rules_enabled = bool template_library_installed = bool }) version = string }))">map(object({…}))</code> | | <code>{}</code> |
|
| [fleet_configmanagement_templates](variables.tf#L77) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map(object({ binauthz = bool config_sync = object({ git = object({ gcp_service_account_email = string https_proxy = string policy_dir = string secret_type = string sync_branch = string sync_repo = string sync_rev = string sync_wait_secs = number }) prevent_drift = string source_format = string }) hierarchy_controller = object({ enable_hierarchical_resource_quota = bool enable_pod_tree_labels = bool }) policy_controller = object({ audit_interval_seconds = number exemptable_namespaces = list(string) log_denies_enabled = bool referential_rules_enabled = bool template_library_installed = bool }) version = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
|
|
@ -259,7 +259,7 @@ module "gke" {
|
||||||
| [iam](variables.tf#L144) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
| [iam](variables.tf#L144) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||||
| [labels](variables.tf#L151) | Project-level labels. | <code>map(string)</code> | | <code>{}</code> |
|
| [labels](variables.tf#L151) | Project-level labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||||
| [nodepools](variables.tf#L157) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map(map(object({ gke_version = optional(string) labels = optional(map(string), {}) max_pods_per_node = optional(number) name = optional(string) node_config = optional(any, { disk_type = "pd-balanced" }) node_count = optional(map(number), { initial = 1 }) node_locations = optional(list(string)) nodepool_config = optional(any) pod_range = optional(any) reservation_affinity = optional(any) service_account = optional(any) sole_tenant_nodegroup = optional(string) tags = optional(list(string)) taints = optional(list(any)) })))">map(map(object({…})))</code> | | <code>{}</code> |
|
| [nodepools](variables.tf#L157) | Nodepools configuration. Refer to the gke-nodepool module for type details. | <code title="map(map(object({ gke_version = optional(string) labels = optional(map(string), {}) max_pods_per_node = optional(number) name = optional(string) node_config = optional(any, { disk_type = "pd-balanced" }) node_count = optional(map(number), { initial = 1 }) node_locations = optional(list(string)) nodepool_config = optional(any) pod_range = optional(any) reservation_affinity = optional(any) service_account = optional(any) sole_tenant_nodegroup = optional(string) tags = optional(list(string)) taints = optional(list(any)) })))">map(map(object({…})))</code> | | <code>{}</code> |
|
||||||
| [project_services](variables.tf#L189) | Additional project services to enable. | <code>list(string)</code> | | <code>[]</code> |
|
| [project_services](variables.tf#L193) | Additional project services to enable. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -177,8 +177,12 @@ variable "nodepools" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix used for resources that need unique names."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_id" {
|
variable "project_id" {
|
||||||
|
|
|
||||||
|
|
@ -26,11 +26,11 @@ in the [`validator/`](validator/) subdirectory, which can be integrated as part
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | <code>string</code> | ✓ | |
|
| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | <code>string</code> | ✓ | |
|
||||||
| [prefix](variables.tf#L29) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L29) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [root_node](variables.tf#L50) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | <code>string</code> | ✓ | |
|
| [root_node](variables.tf#L54) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | <code>string</code> | ✓ | |
|
||||||
| [ip_ranges](variables.tf#L20) | Subnet IP CIDR ranges. | <code>map(string)</code> | | <code title="{ prod = "10.0.16.0/24" dev = "10.0.32.0/24" }">{…}</code> |
|
| [ip_ranges](variables.tf#L20) | Subnet IP CIDR ranges. | <code>map(string)</code> | | <code title="{ prod = "10.0.16.0/24" dev = "10.0.32.0/24" }">{…}</code> |
|
||||||
| [project_services](variables.tf#L34) | Service APIs enabled by default in new projects. | <code>list(string)</code> | | <code title="[ "container.googleapis.com", "dns.googleapis.com", "stackdriver.googleapis.com", ]">[…]</code> |
|
| [project_services](variables.tf#L38) | Service APIs enabled by default in new projects. | <code>list(string)</code> | | <code title="[ "container.googleapis.com", "dns.googleapis.com", "stackdriver.googleapis.com", ]">[…]</code> |
|
||||||
| [region](variables.tf#L44) | Region used. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [region](variables.tf#L48) | Region used. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -27,8 +27,12 @@ variable "ip_ranges" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix used for resources that need unique names."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_services" {
|
variable "project_services" {
|
||||||
|
|
|
||||||
|
|
@ -17,12 +17,12 @@ To simplify the usage of the proxy, a Cloud DNS private zone is created in each
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [prefix](variables.tf#L44) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L44) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L66) | Project id used for all resources. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L70) | Project id used for all resources. | <code>string</code> | ✓ | |
|
||||||
| [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | <code>list(string)</code> | | <code title="[ ".google.com", ".github.com", ".fastlydns.net", ".debian.org" ]">[…]</code> |
|
| [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | <code>list(string)</code> | | <code title="[ ".google.com", ".github.com", ".fastlydns.net", ".debian.org" ]">[…]</code> |
|
||||||
| [cidrs](variables.tf#L28) | CIDR ranges for subnets. | <code>map(string)</code> | | <code title="{ app = "10.0.0.0/24" proxy = "10.0.2.0/28" psc = "10.0.3.0/28" }">{…}</code> |
|
| [cidrs](variables.tf#L28) | CIDR ranges for subnets. | <code>map(string)</code> | | <code title="{ app = "10.0.0.0/24" proxy = "10.0.2.0/28" psc = "10.0.3.0/28" }">{…}</code> |
|
||||||
| [nat_logging](variables.tf#L38) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | <code>string</code> | | <code>"ERRORS_ONLY"</code> |
|
| [nat_logging](variables.tf#L38) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | <code>string</code> | | <code>"ERRORS_ONLY"</code> |
|
||||||
| [project_create](variables.tf#L49) | Set to non null if project needs to be created. | <code title="object({ billing_account = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [project_create](variables.tf#L53) | Set to non null if project needs to be created. | <code title="object({ billing_account = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [region](variables.tf#L71) | Default region for resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [region](variables.tf#L75) | Default region for resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
||||||
|
|
@ -42,8 +42,12 @@ variable "nat_logging" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix used for resources that need unique names."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
|
|
|
||||||
|
|
@ -21,13 +21,13 @@ You can optionally deploy the Squid server as [Managed Instance Group](https://c
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [billing_account](variables.tf#L26) | Billing account id used as default for new projects. | <code>string</code> | ✓ | |
|
| [billing_account](variables.tf#L26) | Billing account id used as default for new projects. | <code>string</code> | ✓ | |
|
||||||
| [prefix](variables.tf#L52) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L52) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [root_node](variables.tf#L63) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | <code>string</code> | ✓ | |
|
| [root_node](variables.tf#L67) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | <code>string</code> | ✓ | |
|
||||||
| [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | <code>list(string)</code> | | <code title="[ ".google.com", ".github.com" ]">[…]</code> |
|
| [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | <code>list(string)</code> | | <code title="[ ".google.com", ".github.com" ]">[…]</code> |
|
||||||
| [cidrs](variables.tf#L31) | CIDR ranges for subnets. | <code>map(string)</code> | | <code title="{ apps = "10.0.0.0/24" proxy = "10.0.1.0/28" }">{…}</code> |
|
| [cidrs](variables.tf#L31) | CIDR ranges for subnets. | <code>map(string)</code> | | <code title="{ apps = "10.0.0.0/24" proxy = "10.0.1.0/28" }">{…}</code> |
|
||||||
| [mig](variables.tf#L40) | Enables the creation of an autoscaling managed instance group of squid instances. | <code>bool</code> | | <code>false</code> |
|
| [mig](variables.tf#L40) | Enables the creation of an autoscaling managed instance group of squid instances. | <code>bool</code> | | <code>false</code> |
|
||||||
| [nat_logging](variables.tf#L46) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | <code>string</code> | | <code>"ERRORS_ONLY"</code> |
|
| [nat_logging](variables.tf#L46) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | <code>string</code> | | <code>"ERRORS_ONLY"</code> |
|
||||||
| [region](variables.tf#L57) | Default region for resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [region](variables.tf#L61) | Default region for resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -50,8 +50,12 @@ variable "nat_logging" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix used for resources that need unique names."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "region" {
|
variable "region" {
|
||||||
|
|
|
||||||
|
|
@ -124,10 +124,10 @@ The above command will delete the associated resources so there will be no billa
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [project_id](variables.tf#L38) | Identifier of the project. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L23) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
|
| [project_id](variables.tf#L41) | Identifier of the project. | <code>string</code> | ✓ | |
|
||||||
| [enforce_security_policy](variables.tf#L17) | Enforce security policy. | <code>bool</code> | | <code>true</code> |
|
| [enforce_security_policy](variables.tf#L17) | Enforce security policy. | <code>bool</code> | | <code>true</code> |
|
||||||
| [prefix](variables.tf#L23) | Prefix used for created resources. | <code>string</code> | | <code>null</code> |
|
| [project_create](variables.tf#L32) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [project_create](variables.tf#L29) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-"
|
prefix = var.prefix == null ? "" : "${var.prefix}-"
|
||||||
}
|
}
|
||||||
|
|
||||||
module "project" {
|
module "project" {
|
||||||
|
|
@ -40,7 +40,7 @@ module "project" {
|
||||||
module "vpc" {
|
module "vpc" {
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}vpc"
|
name = "${var.prefix}-vpc"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = "10.0.1.0/24"
|
ip_cidr_range = "10.0.1.0/24"
|
||||||
|
|
@ -70,7 +70,7 @@ module "nat_ew1" {
|
||||||
source = "../../../modules/net-cloudnat"
|
source = "../../../modules/net-cloudnat"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = "europe-west1"
|
region = "europe-west1"
|
||||||
name = "${local.prefix}nat-eu1"
|
name = "${var.prefix}-nat-eu1"
|
||||||
router_network = module.vpc.name
|
router_network = module.vpc.name
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -78,7 +78,7 @@ module "nat_ue1" {
|
||||||
source = "../../../modules/net-cloudnat"
|
source = "../../../modules/net-cloudnat"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = "us-east1"
|
region = "us-east1"
|
||||||
name = "${local.prefix}nat-ue1"
|
name = "${var.prefix}-nat-ue1"
|
||||||
router_network = module.vpc.name
|
router_network = module.vpc.name
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -86,7 +86,7 @@ module "instance_template_ew1" {
|
||||||
source = "../../../modules/compute-vm"
|
source = "../../../modules/compute-vm"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
zone = "europe-west1-b"
|
zone = "europe-west1-b"
|
||||||
name = "${local.prefix}europe-west1-template"
|
name = "${var.prefix}-europe-west1-template"
|
||||||
instance_type = "n1-standard-2"
|
instance_type = "n1-standard-2"
|
||||||
network_interfaces = [{
|
network_interfaces = [{
|
||||||
network = module.vpc.self_link
|
network = module.vpc.self_link
|
||||||
|
|
@ -108,7 +108,7 @@ module "instance_template_ue1" {
|
||||||
source = "../../../modules/compute-vm"
|
source = "../../../modules/compute-vm"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
zone = "us-east1-b"
|
zone = "us-east1-b"
|
||||||
name = "${local.prefix}us-east1-template"
|
name = "${var.prefix}-us-east1-template"
|
||||||
network_interfaces = [{
|
network_interfaces = [{
|
||||||
network = module.vpc.self_link
|
network = module.vpc.self_link
|
||||||
subnetwork = module.vpc.subnet_self_links["us-east1/subnet-ue1"]
|
subnetwork = module.vpc.subnet_self_links["us-east1/subnet-ue1"]
|
||||||
|
|
@ -156,7 +156,7 @@ module "mig_ew1" {
|
||||||
source = "../../../modules/compute-mig"
|
source = "../../../modules/compute-mig"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
location = "europe-west1"
|
location = "europe-west1"
|
||||||
name = "${local.prefix}europe-west1-mig"
|
name = "${var.prefix}-europe-west1-mig"
|
||||||
instance_template = module.instance_template_ew1.template.self_link
|
instance_template = module.instance_template_ew1.template.self_link
|
||||||
autoscaler_config = {
|
autoscaler_config = {
|
||||||
max_replicas = 5
|
max_replicas = 5
|
||||||
|
|
@ -180,7 +180,7 @@ module "mig_ue1" {
|
||||||
source = "../../../modules/compute-mig"
|
source = "../../../modules/compute-mig"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
location = "us-east1"
|
location = "us-east1"
|
||||||
name = "${local.prefix}us-east1-mig"
|
name = "${var.prefix}-us-east1-mig"
|
||||||
instance_template = module.instance_template_ue1.template.self_link
|
instance_template = module.instance_template_ue1.template.self_link
|
||||||
autoscaler_config = {
|
autoscaler_config = {
|
||||||
max_replicas = 5
|
max_replicas = 5
|
||||||
|
|
@ -202,7 +202,7 @@ module "mig_ue1" {
|
||||||
|
|
||||||
module "glb" {
|
module "glb" {
|
||||||
source = "../../../modules/net-glb"
|
source = "../../../modules/net-glb"
|
||||||
name = "${local.prefix}http-lb"
|
name = "${var.prefix}-http-lb"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
backend_services_config = {
|
backend_services_config = {
|
||||||
http-backend = {
|
http-backend = {
|
||||||
|
|
@ -259,7 +259,7 @@ module "glb" {
|
||||||
|
|
||||||
resource "google_compute_security_policy" "policy" {
|
resource "google_compute_security_policy" "policy" {
|
||||||
count = var.enforce_security_policy ? 1 : 0
|
count = var.enforce_security_policy ? 1 : 0
|
||||||
name = "${local.prefix}denylist-siege"
|
name = "${var.prefix}-denylist-siege"
|
||||||
project = module.project.project_id
|
project = module.project.project_id
|
||||||
rule {
|
rule {
|
||||||
action = "deny(403)"
|
action = "deny(403)"
|
||||||
|
|
|
||||||
|
|
@ -21,9 +21,12 @@ variable "enforce_security_policy" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix used for created resources."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
default = null
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
|
|
|
||||||
|
|
@ -84,13 +84,13 @@ The VPN used to connect the GKE masters VPC does not account for HA, upgrading t
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [project_id](variables.tf#L66) | Project id used for all resources. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L34) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
|
| [project_id](variables.tf#L69) | Project id used for all resources. | <code>string</code> | ✓ | |
|
||||||
| [ip_ranges](variables.tf#L15) | IP CIDR ranges. | <code>map(string)</code> | | <code title="{ hub = "10.0.0.0/24" spoke-1 = "10.0.16.0/24" spoke-2 = "10.0.32.0/24" }">{…}</code> |
|
| [ip_ranges](variables.tf#L15) | IP CIDR ranges. | <code>map(string)</code> | | <code title="{ hub = "10.0.0.0/24" spoke-1 = "10.0.16.0/24" spoke-2 = "10.0.32.0/24" }">{…}</code> |
|
||||||
| [ip_secondary_ranges](variables.tf#L25) | Secondary IP CIDR ranges. | <code>map(string)</code> | | <code title="{ spoke-2-pods = "10.128.0.0/18" spoke-2-services = "172.16.0.0/24" }">{…}</code> |
|
| [ip_secondary_ranges](variables.tf#L25) | Secondary IP CIDR ranges. | <code>map(string)</code> | | <code title="{ spoke-2-pods = "10.128.0.0/18" spoke-2-services = "172.16.0.0/24" }">{…}</code> |
|
||||||
| [prefix](variables.tf#L34) | Arbitrary string used to prefix resource names. | <code>string</code> | | <code>null</code> |
|
| [private_service_ranges](variables.tf#L43) | Private service IP CIDR ranges. | <code>map(string)</code> | | <code title="{ spoke-2-cluster-1 = "192.168.0.0/28" }">{…}</code> |
|
||||||
| [private_service_ranges](variables.tf#L40) | Private service IP CIDR ranges. | <code>map(string)</code> | | <code title="{ spoke-2-cluster-1 = "192.168.0.0/28" }">{…}</code> |
|
| [project_create](variables.tf#L51) | Set to non null if project needs to be created. | <code title="object({ billing_account = string oslogin = bool parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [project_create](variables.tf#L48) | Set to non null if project needs to be created. | <code title="object({ billing_account = string oslogin = bool parent = string })">object({…})</code> | | <code>null</code> |
|
| [region](variables.tf#L74) | VPC region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
| [region](variables.tf#L71) | VPC region. | <code>string</code> | | <code>"europe-west1"</code> |
|
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,6 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
prefix = var.prefix != null && var.prefix != "" ? "${var.prefix}-" : ""
|
|
||||||
vm-instances = [
|
vm-instances = [
|
||||||
module.vm-hub.instance,
|
module.vm-hub.instance,
|
||||||
module.vm-spoke-1.instance,
|
module.vm-spoke-1.instance,
|
||||||
|
|
@ -49,11 +48,11 @@ module "project" {
|
||||||
module "vpc-hub" {
|
module "vpc-hub" {
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}hub"
|
name = "${var.prefix}-hub"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.ip_ranges.hub
|
ip_cidr_range = var.ip_ranges.hub
|
||||||
name = "${local.prefix}hub-1"
|
name = "${var.prefix}-hub-1"
|
||||||
region = var.region
|
region = var.region
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
@ -63,8 +62,8 @@ module "nat-hub" {
|
||||||
source = "../../../modules/net-cloudnat"
|
source = "../../../modules/net-cloudnat"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
name = "${local.prefix}hub"
|
name = "${var.prefix}-hub"
|
||||||
router_name = "${local.prefix}hub"
|
router_name = "${var.prefix}-hub"
|
||||||
router_network = module.vpc-hub.self_link
|
router_network = module.vpc-hub.self_link
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -84,11 +83,11 @@ module "vpc-hub-firewall" {
|
||||||
module "vpc-spoke-1" {
|
module "vpc-spoke-1" {
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}spoke-1"
|
name = "${var.prefix}-spoke-1"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.ip_ranges.spoke-1
|
ip_cidr_range = var.ip_ranges.spoke-1
|
||||||
name = "${local.prefix}spoke-1-1"
|
name = "${var.prefix}-spoke-1-1"
|
||||||
region = var.region
|
region = var.region
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
@ -107,8 +106,8 @@ module "nat-spoke-1" {
|
||||||
source = "../../../modules/net-cloudnat"
|
source = "../../../modules/net-cloudnat"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
name = "${local.prefix}spoke-1"
|
name = "${var.prefix}-spoke-1"
|
||||||
router_name = "${local.prefix}spoke-1"
|
router_name = "${var.prefix}-spoke-1"
|
||||||
router_network = module.vpc-spoke-1.self_link
|
router_network = module.vpc-spoke-1.self_link
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -127,11 +126,11 @@ module "hub-to-spoke-1-peering" {
|
||||||
module "vpc-spoke-2" {
|
module "vpc-spoke-2" {
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}spoke-2"
|
name = "${var.prefix}-spoke-2"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.ip_ranges.spoke-2
|
ip_cidr_range = var.ip_ranges.spoke-2
|
||||||
name = "${local.prefix}spoke-2-1"
|
name = "${var.prefix}-spoke-2-1"
|
||||||
region = var.region
|
region = var.region
|
||||||
secondary_ip_ranges = {
|
secondary_ip_ranges = {
|
||||||
pods = var.ip_secondary_ranges.spoke-2-pods
|
pods = var.ip_secondary_ranges.spoke-2-pods
|
||||||
|
|
@ -154,8 +153,8 @@ module "nat-spoke-2" {
|
||||||
source = "../../../modules/net-cloudnat"
|
source = "../../../modules/net-cloudnat"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
name = "${local.prefix}spoke-2"
|
name = "${var.prefix}-spoke-2"
|
||||||
router_name = "${local.prefix}spoke-2"
|
router_name = "${var.prefix}-spoke-2"
|
||||||
router_network = module.vpc-spoke-2.self_link
|
router_network = module.vpc-spoke-2.self_link
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -176,10 +175,10 @@ module "vm-hub" {
|
||||||
source = "../../../modules/compute-vm"
|
source = "../../../modules/compute-vm"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
zone = "${var.region}-b"
|
zone = "${var.region}-b"
|
||||||
name = "${local.prefix}hub"
|
name = "${var.prefix}-hub"
|
||||||
network_interfaces = [{
|
network_interfaces = [{
|
||||||
network = module.vpc-hub.self_link
|
network = module.vpc-hub.self_link
|
||||||
subnetwork = module.vpc-hub.subnet_self_links["${var.region}/${local.prefix}hub-1"]
|
subnetwork = module.vpc-hub.subnet_self_links["${var.region}/${var.prefix}-hub-1"]
|
||||||
nat = false
|
nat = false
|
||||||
addresses = null
|
addresses = null
|
||||||
}]
|
}]
|
||||||
|
|
@ -193,10 +192,10 @@ module "vm-spoke-1" {
|
||||||
source = "../../../modules/compute-vm"
|
source = "../../../modules/compute-vm"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
zone = "${var.region}-b"
|
zone = "${var.region}-b"
|
||||||
name = "${local.prefix}spoke-1"
|
name = "${var.prefix}-spoke-1"
|
||||||
network_interfaces = [{
|
network_interfaces = [{
|
||||||
network = module.vpc-spoke-1.self_link
|
network = module.vpc-spoke-1.self_link
|
||||||
subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/${local.prefix}spoke-1-1"]
|
subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/${var.prefix}-spoke-1-1"]
|
||||||
nat = false
|
nat = false
|
||||||
addresses = null
|
addresses = null
|
||||||
}]
|
}]
|
||||||
|
|
@ -210,10 +209,10 @@ module "vm-spoke-2" {
|
||||||
source = "../../../modules/compute-vm"
|
source = "../../../modules/compute-vm"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
zone = "${var.region}-b"
|
zone = "${var.region}-b"
|
||||||
name = "${local.prefix}spoke-2"
|
name = "${var.prefix}-spoke-2"
|
||||||
network_interfaces = [{
|
network_interfaces = [{
|
||||||
network = module.vpc-spoke-2.self_link
|
network = module.vpc-spoke-2.self_link
|
||||||
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${local.prefix}spoke-2-1"]
|
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${var.prefix}-spoke-2-1"]
|
||||||
nat = false
|
nat = false
|
||||||
addresses = null
|
addresses = null
|
||||||
}]
|
}]
|
||||||
|
|
@ -226,7 +225,7 @@ module "vm-spoke-2" {
|
||||||
module "service-account-gce" {
|
module "service-account-gce" {
|
||||||
source = "../../../modules/iam-service-account"
|
source = "../../../modules/iam-service-account"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}gce-test"
|
name = "${var.prefix}-gce-test"
|
||||||
iam_project_roles = {
|
iam_project_roles = {
|
||||||
(var.project_id) = [
|
(var.project_id) = [
|
||||||
"roles/container.developer",
|
"roles/container.developer",
|
||||||
|
|
@ -242,12 +241,12 @@ module "service-account-gce" {
|
||||||
|
|
||||||
module "cluster-1" {
|
module "cluster-1" {
|
||||||
source = "../../../modules/gke-cluster"
|
source = "../../../modules/gke-cluster"
|
||||||
name = "${local.prefix}cluster-1"
|
name = "${var.prefix}-cluster-1"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
location = "${var.region}-b"
|
location = "${var.region}-b"
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
network = module.vpc-spoke-2.self_link
|
network = module.vpc-spoke-2.self_link
|
||||||
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${local.prefix}spoke-2-1"]
|
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${var.prefix}-spoke-2-1"]
|
||||||
master_authorized_ranges = {
|
master_authorized_ranges = {
|
||||||
for name, range in var.ip_ranges : name => range
|
for name, range in var.ip_ranges : name => range
|
||||||
}
|
}
|
||||||
|
|
@ -269,7 +268,7 @@ module "cluster-1" {
|
||||||
|
|
||||||
module "cluster-1-nodepool-1" {
|
module "cluster-1-nodepool-1" {
|
||||||
source = "../../../modules/gke-nodepool"
|
source = "../../../modules/gke-nodepool"
|
||||||
name = "${local.prefix}nodepool-1"
|
name = "${var.prefix}-nodepool-1"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
location = module.cluster-1.location
|
location = module.cluster-1.location
|
||||||
cluster_name = module.cluster-1.name
|
cluster_name = module.cluster-1.name
|
||||||
|
|
@ -284,7 +283,7 @@ module "cluster-1-nodepool-1" {
|
||||||
module "service-account-gke-node" {
|
module "service-account-gke-node" {
|
||||||
source = "../../../modules/iam-service-account"
|
source = "../../../modules/iam-service-account"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}gke-node"
|
name = "${var.prefix}-gke-node"
|
||||||
iam_project_roles = {
|
iam_project_roles = {
|
||||||
(var.project_id) = [
|
(var.project_id) = [
|
||||||
"roles/logging.logWriter", "roles/monitoring.metricWriter",
|
"roles/logging.logWriter", "roles/monitoring.metricWriter",
|
||||||
|
|
@ -301,7 +300,7 @@ module "vpn-hub" {
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
network = module.vpc-hub.name
|
network = module.vpc-hub.name
|
||||||
name = "${local.prefix}hub"
|
name = "${var.prefix}-hub"
|
||||||
remote_ranges = values(var.private_service_ranges)
|
remote_ranges = values(var.private_service_ranges)
|
||||||
tunnels = {
|
tunnels = {
|
||||||
spoke-2 = {
|
spoke-2 = {
|
||||||
|
|
@ -318,7 +317,7 @@ module "vpn-spoke-2" {
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
network = module.vpc-spoke-2.name
|
network = module.vpc-spoke-2.name
|
||||||
name = "${local.prefix}spoke-2"
|
name = "${var.prefix}-spoke-2"
|
||||||
# use an aggregate of the remote ranges, so as to be less specific than the
|
# use an aggregate of the remote ranges, so as to be less specific than the
|
||||||
# routes exchanged via peering
|
# routes exchanged via peering
|
||||||
remote_ranges = ["10.0.0.0/8"]
|
remote_ranges = ["10.0.0.0/8"]
|
||||||
|
|
|
||||||
|
|
@ -32,9 +32,12 @@ variable "ip_secondary_ranges" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Arbitrary string used to prefix resource names."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
default = null
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "private_service_ranges" {
|
variable "private_service_ranges" {
|
||||||
|
|
|
||||||
|
|
@ -85,13 +85,13 @@ ping test-r2.dev.example.com
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [project_id](variables.tf#L49) | Project id for all resources. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L34) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
|
| [project_id](variables.tf#L52) | Project id for all resources. | <code>string</code> | ✓ | |
|
||||||
| [ip_ranges](variables.tf#L15) | Subnet IP CIDR ranges. | <code>map(string)</code> | | <code title="{ land-0-r1 = "10.0.0.0/24" land-0-r2 = "10.0.8.0/24" dev-0-r1 = "10.0.16.0/24" dev-0-r2 = "10.0.24.0/24" prod-0-r1 = "10.0.32.0/24" prod-0-r2 = "10.0.40.0/24" }">{…}</code> |
|
| [ip_ranges](variables.tf#L15) | Subnet IP CIDR ranges. | <code>map(string)</code> | | <code title="{ land-0-r1 = "10.0.0.0/24" land-0-r2 = "10.0.8.0/24" dev-0-r1 = "10.0.16.0/24" dev-0-r2 = "10.0.24.0/24" prod-0-r1 = "10.0.32.0/24" prod-0-r2 = "10.0.40.0/24" }">{…}</code> |
|
||||||
| [ip_secondary_ranges](variables.tf#L28) | Subnet secondary ranges. | <code>map(map(string))</code> | | <code>{}</code> |
|
| [ip_secondary_ranges](variables.tf#L28) | Subnet secondary ranges. | <code>map(map(string))</code> | | <code>{}</code> |
|
||||||
| [prefix](variables.tf#L34) | Prefix used in resource names. | <code>string</code> | | <code>null</code> |
|
| [project_create_config](variables.tf#L43) | Populate with billing account id to trigger project creation. | <code title="object({ billing_account_id = string parent_id = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [project_create_config](variables.tf#L40) | Populate with billing account id to trigger project creation. | <code title="object({ billing_account_id = string parent_id = string })">object({…})</code> | | <code>null</code> |
|
| [regions](variables.tf#L57) | VPC regions. | <code>map(string)</code> | | <code title="{ r1 = "europe-west1" r2 = "europe-west4" }">{…}</code> |
|
||||||
| [regions](variables.tf#L54) | VPC regions. | <code>map(string)</code> | | <code title="{ r1 = "europe-west1" r2 = "europe-west4" }">{…}</code> |
|
| [vpn_configs](variables.tf#L66) | VPN configurations. | <code title="map(object({ asn = number custom_ranges = map(string) }))">map(object({…}))</code> | | <code title="{ land-r1 = { asn = 64513 custom_ranges = { "10.0.0.0/8" = "internal default" } } dev-r1 = { asn = 64514 custom_ranges = null } prod-r1 = { asn = 64515 custom_ranges = null } }">{…}</code> |
|
||||||
| [vpn_configs](variables.tf#L63) | VPN configurations. | <code title="map(object({ asn = number custom_ranges = map(string) }))">map(object({…}))</code> | | <code title="{ land-r1 = { asn = 64513 custom_ranges = { "10.0.0.0/8" = "internal default" } } dev-r1 = { asn = 64514 custom_ranges = null } prod-r1 = { asn = 64515 custom_ranges = null } }">{…}</code> |
|
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,10 +12,6 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
locals {
|
|
||||||
prefix = var.prefix == null ? "" : "${var.prefix}-"
|
|
||||||
}
|
|
||||||
|
|
||||||
# enable services in the project used
|
# enable services in the project used
|
||||||
|
|
||||||
module "project" {
|
module "project" {
|
||||||
|
|
@ -35,11 +31,11 @@ module "project" {
|
||||||
module "landing-r1-vm" {
|
module "landing-r1-vm" {
|
||||||
source = "../../../modules/compute-vm"
|
source = "../../../modules/compute-vm"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
name = "${local.prefix}lnd-test-r1"
|
name = "${var.prefix}-lnd-test-r1"
|
||||||
zone = "${var.regions.r1}-b"
|
zone = "${var.regions.r1}-b"
|
||||||
network_interfaces = [{
|
network_interfaces = [{
|
||||||
network = module.landing-vpc.self_link
|
network = module.landing-vpc.self_link
|
||||||
subnetwork = module.landing-vpc.subnet_self_links["${var.regions.r1}/${local.prefix}lnd-0"]
|
subnetwork = module.landing-vpc.subnet_self_links["${var.regions.r1}/${var.prefix}-lnd-0"]
|
||||||
nat = false
|
nat = false
|
||||||
addresses = null
|
addresses = null
|
||||||
}]
|
}]
|
||||||
|
|
@ -51,11 +47,11 @@ module "landing-r1-vm" {
|
||||||
module "prod-r1-vm" {
|
module "prod-r1-vm" {
|
||||||
source = "../../../modules/compute-vm"
|
source = "../../../modules/compute-vm"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
name = "${local.prefix}prd-test-r1"
|
name = "${var.prefix}-prd-test-r1"
|
||||||
zone = "${var.regions.r1}-b"
|
zone = "${var.regions.r1}-b"
|
||||||
network_interfaces = [{
|
network_interfaces = [{
|
||||||
network = module.prod-vpc.self_link
|
network = module.prod-vpc.self_link
|
||||||
subnetwork = module.prod-vpc.subnet_self_links["${var.regions.r1}/${local.prefix}prd-0"]
|
subnetwork = module.prod-vpc.subnet_self_links["${var.regions.r1}/${var.prefix}-prd-0"]
|
||||||
nat = false
|
nat = false
|
||||||
addresses = null
|
addresses = null
|
||||||
}]
|
}]
|
||||||
|
|
@ -67,11 +63,11 @@ module "prod-r1-vm" {
|
||||||
module "dev-r2-vm" {
|
module "dev-r2-vm" {
|
||||||
source = "../../../modules/compute-vm"
|
source = "../../../modules/compute-vm"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
name = "${local.prefix}dev-test-r2"
|
name = "${var.prefix}-dev-test-r2"
|
||||||
zone = "${var.regions.r2}-b"
|
zone = "${var.regions.r2}-b"
|
||||||
network_interfaces = [{
|
network_interfaces = [{
|
||||||
network = module.dev-vpc.self_link
|
network = module.dev-vpc.self_link
|
||||||
subnetwork = module.dev-vpc.subnet_self_links["${var.regions.r2}/${local.prefix}dev-0"]
|
subnetwork = module.dev-vpc.subnet_self_links["${var.regions.r2}/${var.prefix}-dev-0"]
|
||||||
nat = false
|
nat = false
|
||||||
addresses = null
|
addresses = null
|
||||||
}]
|
}]
|
||||||
|
|
|
||||||
|
|
@ -17,11 +17,11 @@
|
||||||
module "dev-vpc" {
|
module "dev-vpc" {
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
name = "${local.prefix}dev"
|
name = "${var.prefix}-dev"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.ip_ranges.dev-0-r1
|
ip_cidr_range = var.ip_ranges.dev-0-r1
|
||||||
name = "${local.prefix}dev-0"
|
name = "${var.prefix}-dev-0"
|
||||||
region = var.regions.r1
|
region = var.regions.r1
|
||||||
secondary_ip_ranges = try(
|
secondary_ip_ranges = try(
|
||||||
var.ip_secondary_ranges.dev-0-r1, {}
|
var.ip_secondary_ranges.dev-0-r1, {}
|
||||||
|
|
@ -29,7 +29,7 @@ module "dev-vpc" {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.ip_ranges.dev-0-r2
|
ip_cidr_range = var.ip_ranges.dev-0-r2
|
||||||
name = "${local.prefix}dev-0"
|
name = "${var.prefix}-dev-0"
|
||||||
region = var.regions.r2
|
region = var.regions.r2
|
||||||
secondary_ip_ranges = try(
|
secondary_ip_ranges = try(
|
||||||
var.ip_secondary_ranges.dev-0-r2, {}
|
var.ip_secondary_ranges.dev-0-r2, {}
|
||||||
|
|
@ -51,7 +51,7 @@ module "dev-dns-peering" {
|
||||||
source = "../../../modules/dns"
|
source = "../../../modules/dns"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
type = "peering"
|
type = "peering"
|
||||||
name = "${local.prefix}example-com-dev-peering"
|
name = "${var.prefix}-example-com-dev-peering"
|
||||||
domain = "example.com."
|
domain = "example.com."
|
||||||
client_networks = [module.dev-vpc.self_link]
|
client_networks = [module.dev-vpc.self_link]
|
||||||
peer_network = module.landing-vpc.self_link
|
peer_network = module.landing-vpc.self_link
|
||||||
|
|
@ -61,7 +61,7 @@ module "dev-dns-zone" {
|
||||||
source = "../../../modules/dns"
|
source = "../../../modules/dns"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
type = "private"
|
type = "private"
|
||||||
name = "${local.prefix}dev-example-com"
|
name = "${var.prefix}-dev-example-com"
|
||||||
domain = "dev.example.com."
|
domain = "dev.example.com."
|
||||||
client_networks = [module.landing-vpc.self_link]
|
client_networks = [module.landing-vpc.self_link]
|
||||||
recordsets = {
|
recordsets = {
|
||||||
|
|
|
||||||
|
|
@ -17,11 +17,11 @@
|
||||||
module "landing-vpc" {
|
module "landing-vpc" {
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
name = "${local.prefix}lnd"
|
name = "${var.prefix}-lnd"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.ip_ranges.land-0-r1
|
ip_cidr_range = var.ip_ranges.land-0-r1
|
||||||
name = "${local.prefix}lnd-0"
|
name = "${var.prefix}-lnd-0"
|
||||||
region = var.regions.r1
|
region = var.regions.r1
|
||||||
secondary_ip_ranges = try(
|
secondary_ip_ranges = try(
|
||||||
var.ip_secondary_ranges.land-0-r1, {}
|
var.ip_secondary_ranges.land-0-r1, {}
|
||||||
|
|
@ -29,7 +29,7 @@ module "landing-vpc" {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.ip_ranges.land-0-r2
|
ip_cidr_range = var.ip_ranges.land-0-r2
|
||||||
name = "${local.prefix}lnd-0"
|
name = "${var.prefix}-lnd-0"
|
||||||
region = var.regions.r2
|
region = var.regions.r2
|
||||||
secondary_ip_ranges = try(
|
secondary_ip_ranges = try(
|
||||||
var.ip_secondary_ranges.land-0-r2, {}
|
var.ip_secondary_ranges.land-0-r2, {}
|
||||||
|
|
@ -51,7 +51,7 @@ module "landing-dns-zone" {
|
||||||
source = "../../../modules/dns"
|
source = "../../../modules/dns"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
type = "private"
|
type = "private"
|
||||||
name = "${local.prefix}example-com"
|
name = "${var.prefix}-example-com"
|
||||||
domain = "example.com."
|
domain = "example.com."
|
||||||
client_networks = [module.landing-vpc.self_link]
|
client_networks = [module.landing-vpc.self_link]
|
||||||
recordsets = {
|
recordsets = {
|
||||||
|
|
|
||||||
|
|
@ -17,11 +17,11 @@
|
||||||
module "prod-vpc" {
|
module "prod-vpc" {
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
name = "${local.prefix}prd"
|
name = "${var.prefix}-prd"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.ip_ranges.prod-0-r1
|
ip_cidr_range = var.ip_ranges.prod-0-r1
|
||||||
name = "${local.prefix}prd-0"
|
name = "${var.prefix}-prd-0"
|
||||||
region = var.regions.r1
|
region = var.regions.r1
|
||||||
secondary_ip_ranges = try(
|
secondary_ip_ranges = try(
|
||||||
var.ip_secondary_ranges.prod-0-r1, {}
|
var.ip_secondary_ranges.prod-0-r1, {}
|
||||||
|
|
@ -29,7 +29,7 @@ module "prod-vpc" {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.ip_ranges.prod-0-r2
|
ip_cidr_range = var.ip_ranges.prod-0-r2
|
||||||
name = "${local.prefix}prd-0"
|
name = "${var.prefix}-prd-0"
|
||||||
region = var.regions.r2
|
region = var.regions.r2
|
||||||
secondary_ip_ranges = try(
|
secondary_ip_ranges = try(
|
||||||
var.ip_secondary_ranges.prod-0-r2, {}
|
var.ip_secondary_ranges.prod-0-r2, {}
|
||||||
|
|
@ -51,7 +51,7 @@ module "prod-dns-peering" {
|
||||||
source = "../../../modules/dns"
|
source = "../../../modules/dns"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
type = "peering"
|
type = "peering"
|
||||||
name = "${local.prefix}example-com-prd-peering"
|
name = "${var.prefix}-example-com-prd-peering"
|
||||||
domain = "example.com."
|
domain = "example.com."
|
||||||
client_networks = [module.prod-vpc.self_link]
|
client_networks = [module.prod-vpc.self_link]
|
||||||
peer_network = module.landing-vpc.self_link
|
peer_network = module.landing-vpc.self_link
|
||||||
|
|
@ -61,7 +61,7 @@ module "prod-dns-zone" {
|
||||||
source = "../../../modules/dns"
|
source = "../../../modules/dns"
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
type = "private"
|
type = "private"
|
||||||
name = "${local.prefix}prd-example-com"
|
name = "${var.prefix}-prd-example-com"
|
||||||
domain = "prd.example.com."
|
domain = "prd.example.com."
|
||||||
client_networks = [module.landing-vpc.self_link]
|
client_networks = [module.landing-vpc.self_link]
|
||||||
recordsets = {
|
recordsets = {
|
||||||
|
|
|
||||||
|
|
@ -32,9 +32,12 @@ variable "ip_secondary_ranges" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix used in resource names."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
default = null
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create_config" {
|
variable "project_create_config" {
|
||||||
|
|
|
||||||
|
|
@ -19,9 +19,9 @@ module "landing-to-dev-vpn-r1" {
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
network = module.landing-vpc.self_link
|
network = module.landing-vpc.self_link
|
||||||
region = var.regions.r1
|
region = var.regions.r1
|
||||||
name = "${local.prefix}lnd-to-dev-r1"
|
name = "${var.prefix}-lnd-to-dev-r1"
|
||||||
router_create = false
|
router_create = false
|
||||||
router_name = "${local.prefix}lnd-vpn-r1"
|
router_name = "${var.prefix}-lnd-vpn-r1"
|
||||||
# router is created and managed by the production VPN module
|
# router is created and managed by the production VPN module
|
||||||
# so we don't configure advertisements here
|
# so we don't configure advertisements here
|
||||||
peer_gcp_gateway = module.dev-to-landing-vpn-r1.self_link
|
peer_gcp_gateway = module.dev-to-landing-vpn-r1.self_link
|
||||||
|
|
@ -62,9 +62,9 @@ module "dev-to-landing-vpn-r1" {
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
network = module.dev-vpc.self_link
|
network = module.dev-vpc.self_link
|
||||||
region = var.regions.r1
|
region = var.regions.r1
|
||||||
name = "${local.prefix}dev-to-lnd-r1"
|
name = "${var.prefix}-dev-to-lnd-r1"
|
||||||
router_create = true
|
router_create = true
|
||||||
router_name = "${local.prefix}dev-vpn-r1"
|
router_name = "${var.prefix}-dev-vpn-r1"
|
||||||
router_asn = var.vpn_configs.dev-r1.asn
|
router_asn = var.vpn_configs.dev-r1.asn
|
||||||
router_advertise_config = (
|
router_advertise_config = (
|
||||||
var.vpn_configs.dev-r1.custom_ranges == null
|
var.vpn_configs.dev-r1.custom_ranges == null
|
||||||
|
|
|
||||||
|
|
@ -19,9 +19,9 @@ module "landing-to-prod-vpn-r1" {
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
network = module.landing-vpc.self_link
|
network = module.landing-vpc.self_link
|
||||||
region = var.regions.r1
|
region = var.regions.r1
|
||||||
name = "${local.prefix}lnd-to-prd-r1"
|
name = "${var.prefix}-lnd-to-prd-r1"
|
||||||
router_create = true
|
router_create = true
|
||||||
router_name = "${local.prefix}lnd-vpn-r1"
|
router_name = "${var.prefix}-lnd-vpn-r1"
|
||||||
router_asn = var.vpn_configs.land-r1.asn
|
router_asn = var.vpn_configs.land-r1.asn
|
||||||
router_advertise_config = (
|
router_advertise_config = (
|
||||||
var.vpn_configs.land-r1.custom_ranges == null
|
var.vpn_configs.land-r1.custom_ranges == null
|
||||||
|
|
@ -68,9 +68,9 @@ module "prod-to-landing-vpn-r1" {
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
network = module.prod-vpc.self_link
|
network = module.prod-vpc.self_link
|
||||||
region = var.regions.r1
|
region = var.regions.r1
|
||||||
name = "${local.prefix}prd-to-lnd-r1"
|
name = "${var.prefix}-prd-to-lnd-r1"
|
||||||
router_create = true
|
router_create = true
|
||||||
router_name = "${local.prefix}prd-vpn-r1"
|
router_name = "${var.prefix}-prd-vpn-r1"
|
||||||
router_asn = var.vpn_configs.prod-r1.asn
|
router_asn = var.vpn_configs.prod-r1.asn
|
||||||
# the router is managed here but shared with the dev VPN
|
# the router is managed here but shared with the dev VPN
|
||||||
router_advertise_config = (
|
router_advertise_config = (
|
||||||
|
|
|
||||||
|
|
@ -65,14 +65,14 @@ A sample testing session using `tmux`:
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [project_id](variables.tf#L50) | Existing project id. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L38) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
|
| [project_id](variables.tf#L53) | Existing project id. | <code>string</code> | ✓ | |
|
||||||
| [ilb_right_enable](variables.tf#L17) | Route right to left traffic through ILB. | <code>bool</code> | | <code>false</code> |
|
| [ilb_right_enable](variables.tf#L17) | Route right to left traffic through ILB. | <code>bool</code> | | <code>false</code> |
|
||||||
| [ilb_session_affinity](variables.tf#L23) | Session affinity configuration for ILBs. | <code>string</code> | | <code>"CLIENT_IP"</code> |
|
| [ilb_session_affinity](variables.tf#L23) | Session affinity configuration for ILBs. | <code>string</code> | | <code>"CLIENT_IP"</code> |
|
||||||
| [ip_ranges](variables.tf#L29) | IP CIDR ranges used for VPC subnets. | <code>map(string)</code> | | <code title="{ left = "10.0.0.0/24" right = "10.0.1.0/24" }">{…}</code> |
|
| [ip_ranges](variables.tf#L29) | IP CIDR ranges used for VPC subnets. | <code>map(string)</code> | | <code title="{ left = "10.0.0.0/24" right = "10.0.1.0/24" }">{…}</code> |
|
||||||
| [prefix](variables.tf#L38) | Prefix used for resource names. | <code>string</code> | | <code>"ilb-test"</code> |
|
| [project_create](variables.tf#L47) | Create project instead of using an existing one. | <code>bool</code> | | <code>false</code> |
|
||||||
| [project_create](variables.tf#L44) | Create project instead of using an existing one. | <code>bool</code> | | <code>false</code> |
|
| [region](variables.tf#L58) | Region used for resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
| [region](variables.tf#L55) | Region used for resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [zones](variables.tf#L64) | Zone suffixes used for instances. | <code>list(string)</code> | | <code>["b", "c"]</code> |
|
||||||
| [zones](variables.tf#L61) | Zone suffixes used for instances. | <code>list(string)</code> | | <code>["b", "c"]</code> |
|
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ module "gw" {
|
||||||
for_each = local.zones
|
for_each = local.zones
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
zone = each.value
|
zone = each.value
|
||||||
name = "${local.prefix}gw-${each.key}"
|
name = "${var.prefix}-gw-${each.key}"
|
||||||
instance_type = "f1-micro"
|
instance_type = "f1-micro"
|
||||||
|
|
||||||
boot_disk = {
|
boot_disk = {
|
||||||
|
|
@ -51,7 +51,7 @@ module "gw" {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
service_account = try(
|
service_account = try(
|
||||||
module.service-accounts.emails["${local.prefix}gce-vm"], null
|
module.service-accounts.emails["${var.prefix}-gce-vm"], null
|
||||||
)
|
)
|
||||||
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
|
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
|
||||||
group = { named_ports = null }
|
group = { named_ports = null }
|
||||||
|
|
@ -61,7 +61,7 @@ module "ilb-left" {
|
||||||
source = "../../../modules/net-ilb"
|
source = "../../../modules/net-ilb"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
name = "${local.prefix}ilb-left"
|
name = "${var.prefix}-ilb-left"
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
network = module.vpc-left.self_link
|
network = module.vpc-left.self_link
|
||||||
subnetwork = values(module.vpc-left.subnet_self_links)[0]
|
subnetwork = values(module.vpc-left.subnet_self_links)[0]
|
||||||
|
|
@ -85,7 +85,7 @@ module "ilb-right" {
|
||||||
source = "../../../modules/net-ilb"
|
source = "../../../modules/net-ilb"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
name = "${local.prefix}ilb-right"
|
name = "${var.prefix}-ilb-right"
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
network = module.vpc-right.self_link
|
network = module.vpc-right.self_link
|
||||||
subnetwork = values(module.vpc-right.subnet_self_links)[0]
|
subnetwork = values(module.vpc-right.subnet_self_links)[0]
|
||||||
|
|
|
||||||
|
|
@ -17,10 +17,9 @@
|
||||||
locals {
|
locals {
|
||||||
addresses = {
|
addresses = {
|
||||||
for k, v in module.addresses.internal_addresses :
|
for k, v in module.addresses.internal_addresses :
|
||||||
trimprefix(k, local.prefix) => v.address
|
trimprefix(k, "${var.prefix}-") => v.address
|
||||||
}
|
}
|
||||||
prefix = var.prefix == null || var.prefix == "" ? "" : "${var.prefix}-"
|
zones = { for z in var.zones : z => "${var.region}-${z}" }
|
||||||
zones = { for z in var.zones : z => "${var.region}-${z}" }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module "project" {
|
module "project" {
|
||||||
|
|
@ -36,7 +35,7 @@ module "project" {
|
||||||
module "service-accounts" {
|
module "service-accounts" {
|
||||||
source = "../../../modules/iam-service-account"
|
source = "../../../modules/iam-service-account"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}gce-vm"
|
name = "${var.prefix}-gce-vm"
|
||||||
iam_project_roles = {
|
iam_project_roles = {
|
||||||
(var.project_id) = [
|
(var.project_id) = [
|
||||||
"roles/logging.logWriter",
|
"roles/logging.logWriter",
|
||||||
|
|
@ -49,11 +48,11 @@ module "addresses" {
|
||||||
source = "../../../modules/net-address"
|
source = "../../../modules/net-address"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
internal_addresses = {
|
internal_addresses = {
|
||||||
"${local.prefix}ilb-left" = {
|
"${var.prefix}-ilb-left" = {
|
||||||
region = var.region,
|
region = var.region,
|
||||||
subnetwork = values(module.vpc-left.subnet_self_links)[0]
|
subnetwork = values(module.vpc-left.subnet_self_links)[0]
|
||||||
},
|
},
|
||||||
"${local.prefix}ilb-right" = {
|
"${var.prefix}-ilb-right" = {
|
||||||
region = var.region,
|
region = var.region,
|
||||||
subnetwork = values(module.vpc-right.subnet_self_links)[0]
|
subnetwork = values(module.vpc-right.subnet_self_links)[0]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ output "addresses" {
|
||||||
output "backend_health_left" {
|
output "backend_health_left" {
|
||||||
description = "Command-line health status for left ILB backends."
|
description = "Command-line health status for left ILB backends."
|
||||||
value = <<-EOT
|
value = <<-EOT
|
||||||
gcloud compute backend-services get-health ${local.prefix}ilb-left \
|
gcloud compute backend-services get-health ${var.prefix}-ilb-left \
|
||||||
--region ${var.region} \
|
--region ${var.region} \
|
||||||
--flatten status.healthStatus \
|
--flatten status.healthStatus \
|
||||||
--format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)"
|
--format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)"
|
||||||
|
|
@ -38,7 +38,7 @@ output "backend_health_left" {
|
||||||
output "backend_health_right" {
|
output "backend_health_right" {
|
||||||
description = "Command-line health status for right ILB backends."
|
description = "Command-line health status for right ILB backends."
|
||||||
value = <<-EOT
|
value = <<-EOT
|
||||||
gcloud compute backend-services get-health ${local.prefix}ilb-right \
|
gcloud compute backend-services get-health ${var.prefix}-ilb-right \
|
||||||
--region ${var.region} \
|
--region ${var.region} \
|
||||||
--flatten status.healthStatus \
|
--flatten status.healthStatus \
|
||||||
--format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)"
|
--format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)"
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,10 @@ variable "ip_ranges" {
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix used for resource names."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
default = "ilb-test"
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@ module "vm-left" {
|
||||||
for_each = local.zones
|
for_each = local.zones
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
zone = each.value
|
zone = each.value
|
||||||
name = "${local.prefix}vm-left-${each.key}"
|
name = "${var.prefix}-vm-left-${each.key}"
|
||||||
instance_type = "f1-micro"
|
instance_type = "f1-micro"
|
||||||
network_interfaces = [
|
network_interfaces = [
|
||||||
{
|
{
|
||||||
|
|
@ -50,7 +50,7 @@ module "vm-right" {
|
||||||
for_each = local.zones
|
for_each = local.zones
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
zone = each.value
|
zone = each.value
|
||||||
name = "${local.prefix}vm-right-${each.key}"
|
name = "${var.prefix}-vm-right-${each.key}"
|
||||||
instance_type = "f1-micro"
|
instance_type = "f1-micro"
|
||||||
network_interfaces = [
|
network_interfaces = [
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -17,11 +17,11 @@
|
||||||
module "vpc-left" {
|
module "vpc-left" {
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}left"
|
name = "${var.prefix}-left"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.ip_ranges.left
|
ip_cidr_range = var.ip_ranges.left
|
||||||
name = "${local.prefix}left"
|
name = "${var.prefix}-left"
|
||||||
region = var.region
|
region = var.region
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
@ -48,6 +48,6 @@ module "nat-left" {
|
||||||
source = "../../../modules/net-cloudnat"
|
source = "../../../modules/net-cloudnat"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
name = "${local.prefix}left"
|
name = "${var.prefix}-left"
|
||||||
router_network = module.vpc-left.name
|
router_network = module.vpc-left.name
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,11 +17,11 @@
|
||||||
module "vpc-right" {
|
module "vpc-right" {
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = "${local.prefix}right"
|
name = "${var.prefix}-right"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.ip_ranges.right
|
ip_cidr_range = var.ip_ranges.right
|
||||||
name = "${local.prefix}right"
|
name = "${var.prefix}-right"
|
||||||
region = var.region
|
region = var.region
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
@ -59,6 +59,6 @@ module "nat-right" {
|
||||||
source = "../../../modules/net-cloudnat"
|
source = "../../../modules/net-cloudnat"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
name = "${local.prefix}right"
|
name = "${var.prefix}-right"
|
||||||
router_network = module.vpc-right.name
|
router_network = module.vpc-right.name
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,27 +11,26 @@ The example is for Nginx, but it could be easily adapted to any other reverse pr
|
||||||
## Ops Agent image
|
## Ops Agent image
|
||||||
|
|
||||||
There is a simple [`Dockerfile`](Dockerfile) available for building Ops Agent to be run inside the ContainerOS instance. Build the container, push it to your Container/Artifact Repository and set the `ops_agent_image` to point to the image you built.
|
There is a simple [`Dockerfile`](Dockerfile) available for building Ops Agent to be run inside the ContainerOS instance. Build the container, push it to your Container/Artifact Repository and set the `ops_agent_image` to point to the image you built.
|
||||||
|
|
||||||
<!-- BEGIN TFDOC -->
|
<!-- BEGIN TFDOC -->
|
||||||
|
|
||||||
## Variables
|
## Variables
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [autoscaling_metric](variables.tf#L31) | | <code title="object({ name = string single_instance_assignment = number target = number type = string # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE filter = string }) default = { name = "workload.googleapis.com/nginx.connections_current" single_instance_assignment = null target = 10 # Target 10 connections per instance, just for demonstration purposes type = "GAUGE" filter = null }">object({…}</code> | ✓ | |
|
| [autoscaling_metric](variables.tf#L31) | Definition of metric to use for scaling. | <code title="object({ name = string single_instance_assignment = number target = number type = string # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE filter = string }) default = { name = "workload.googleapis.com/nginx.connections_current" single_instance_assignment = null target = 10 # Target 10 connections per instance, just for demonstration purposes type = "GAUGE" filter = null }">object({…}</code> | ✓ | |
|
||||||
| [project_name](variables.tf#L108) | Name of an existing project or of the new project | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L94) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
|
| [project_name](variables.tf#L112) | Name of an existing project or of the new project. | <code>string</code> | ✓ | |
|
||||||
| [autoscaling](variables.tf#L17) | Autoscaling configuration for the instance group. | <code title="object({ min_replicas = number max_replicas = number cooldown_period = number })">object({…})</code> | | <code title="{ min_replicas = 1 max_replicas = 10 cooldown_period = 30 }">{…}</code> |
|
| [autoscaling](variables.tf#L17) | Autoscaling configuration for the instance group. | <code title="object({ min_replicas = number max_replicas = number cooldown_period = number })">object({…})</code> | | <code title="{ min_replicas = 1 max_replicas = 10 cooldown_period = 30 }">{…}</code> |
|
||||||
| [backends](variables.tf#L49) | Nginx locations configurations to proxy traffic to. | <code>string</code> | | <code title=""<<-EOT location / { proxy_pass http://10.0.16.58:80; proxy_http_version 1.1; proxy_set_header Connection ""; } EOT"">"<<-EOT…EOT"</code> |
|
| [backends](variables.tf#L50) | Nginx locations configurations to proxy traffic to. | <code>string</code> | | <code title=""<<-EOT location / { proxy_pass http://10.0.16.58:80; proxy_http_version 1.1; proxy_set_header Connection ""; } EOT"">"<<-EOT…EOT"</code> |
|
||||||
| [cidrs](variables.tf#L61) | Subnet IP CIDR ranges. | <code>map(string)</code> | | <code title="{ gce = "10.0.16.0/24" }">{…}</code> |
|
| [cidrs](variables.tf#L62) | Subnet IP CIDR ranges. | <code>map(string)</code> | | <code title="{ gce = "10.0.16.0/24" }">{…}</code> |
|
||||||
| [network](variables.tf#L69) | Network name. | <code>string</code> | | <code>"reverse-proxy-vpc"</code> |
|
| [network](variables.tf#L70) | Network name. | <code>string</code> | | <code>"reverse-proxy-vpc"</code> |
|
||||||
| [network_create](variables.tf#L75) | Create network or use existing one. | <code>bool</code> | | <code>true</code> |
|
| [network_create](variables.tf#L76) | Create network or use existing one. | <code>bool</code> | | <code>true</code> |
|
||||||
| [nginx_image](variables.tf#L81) | Nginx container image to use. | <code>string</code> | | <code>"gcr.io/cloud-marketplace/google/nginx1:latest"</code> |
|
| [nginx_image](variables.tf#L82) | Nginx container image to use. | <code>string</code> | | <code>"gcr.io/cloud-marketplace/google/nginx1:latest"</code> |
|
||||||
| [ops_agent_image](variables.tf#L87) | Google Cloud Ops Agent container image to use. | <code>string</code> | | <code>"gcr.io/sfans-hub-project-d647/ops-agent:latest"</code> |
|
| [ops_agent_image](variables.tf#L88) | Google Cloud Ops Agent container image to use. | <code>string</code> | | <code>"gcr.io/sfans-hub-project-d647/ops-agent:latest"</code> |
|
||||||
| [prefix](variables.tf#L93) | Prefix used for resources that need unique names. | <code>string</code> | | <code>""</code> |
|
| [project_create](variables.tf#L103) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [project_create](variables.tf#L99) | Parameters for the creation of the new project | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
| [region](variables.tf#L117) | Default region for resources. | <code>string</code> | | <code>"europe-west4"</code> |
|
||||||
| [region](variables.tf#L113) | Default region for resources. | <code>string</code> | | <code>"europe-west4"</code> |
|
| [subnetwork](variables.tf#L123) | Subnetwork name. | <code>string</code> | | <code>"gce"</code> |
|
||||||
| [subnetwork](variables.tf#L119) | Subnetwork name. | <code>string</code> | | <code>"gce"</code> |
|
| [tls](variables.tf#L129) | Also offer reverse proxying with TLS (self-signed certificate). | <code>bool</code> | | <code>false</code> |
|
||||||
| [tls](variables.tf#L125) | Also offer reverse proxying with TLS (self-signed certificate). | <code>bool</code> | | <code>false</code> |
|
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -161,7 +161,7 @@ module "firewall" {
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
network = module.vpc.name
|
network = module.vpc.name
|
||||||
ingress_rules = {
|
ingress_rules = {
|
||||||
format("%sallow-http-to-proxy-cluster", var.prefix) = {
|
"${var.prefix}-allow-http-to-proxy-cluster" = {
|
||||||
description = "Allow Nginx HTTP(S) ingress traffic"
|
description = "Allow Nginx HTTP(S) ingress traffic"
|
||||||
source_ranges = [
|
source_ranges = [
|
||||||
var.cidrs[var.subnetwork], "35.191.0.0/16", "130.211.0.0/22"
|
var.cidrs[var.subnetwork], "35.191.0.0/16", "130.211.0.0/22"
|
||||||
|
|
@ -170,7 +170,7 @@ module "firewall" {
|
||||||
use_service_accounts = true
|
use_service_accounts = true
|
||||||
rules = [{ protocol = "tcp", ports = [80, 443] }]
|
rules = [{ protocol = "tcp", ports = [80, 443] }]
|
||||||
}
|
}
|
||||||
format("%sallow-iap-ssh", var.prefix) = {
|
"${var.prefix}-allow-iap-ssh" = {
|
||||||
description = "Allow Nginx SSH traffic from IAP"
|
description = "Allow Nginx SSH traffic from IAP"
|
||||||
source_ranges = ["35.235.240.0/20"]
|
source_ranges = ["35.235.240.0/20"]
|
||||||
targets = [module.service-account-proxy.email]
|
targets = [module.service-account-proxy.email]
|
||||||
|
|
@ -184,7 +184,7 @@ module "nat" {
|
||||||
source = "../../../modules/net-cloudnat"
|
source = "../../../modules/net-cloudnat"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
name = format("%snat", var.prefix)
|
name = "${var.prefix}-nat"
|
||||||
router_network = module.vpc.name
|
router_network = module.vpc.name
|
||||||
config_source_subnets = "LIST_OF_SUBNETWORKS"
|
config_source_subnets = "LIST_OF_SUBNETWORKS"
|
||||||
|
|
||||||
|
|
@ -207,7 +207,7 @@ module "nat" {
|
||||||
module "service-account-proxy" {
|
module "service-account-proxy" {
|
||||||
source = "../../../modules/iam-service-account"
|
source = "../../../modules/iam-service-account"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
name = format("%sreverse-proxy", var.prefix)
|
name = "${var.prefix}-reverse-proxy"
|
||||||
iam_project_roles = {
|
iam_project_roles = {
|
||||||
(module.project.project_id) = [
|
(module.project.project_id) = [
|
||||||
"roles/logging.logWriter",
|
"roles/logging.logWriter",
|
||||||
|
|
@ -241,7 +241,7 @@ module "mig-proxy" {
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
location = var.region
|
location = var.region
|
||||||
regional = true
|
regional = true
|
||||||
name = format("%sproxy-cluster", var.prefix)
|
name = "${var.prefix}-proxy-cluster"
|
||||||
named_ports = {
|
named_ports = {
|
||||||
http = "80"
|
http = "80"
|
||||||
https = "443"
|
https = "443"
|
||||||
|
|
@ -313,11 +313,11 @@ module "proxy-vm" {
|
||||||
|
|
||||||
module "xlb" {
|
module "xlb" {
|
||||||
source = "../../../modules/net-glb"
|
source = "../../../modules/net-glb"
|
||||||
name = format("%sreverse-proxy-xlb", var.prefix)
|
name = "${var.prefix}-reverse-proxy-xlb"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
reserve_ip_address = true
|
reserve_ip_address = true
|
||||||
health_checks_config = {
|
health_checks_config = {
|
||||||
format("%sreverse-proxy-hc", var.prefix) = {
|
"${var.prefix}-reverse-proxy-hc" = {
|
||||||
type = "http"
|
type = "http"
|
||||||
logging = false
|
logging = false
|
||||||
options = {
|
options = {
|
||||||
|
|
@ -334,7 +334,7 @@ module "xlb" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
backend_services_config = {
|
backend_services_config = {
|
||||||
format("%sreverse-proxy-backend", var.prefix) = {
|
"${var.prefix}-reverse-proxy-backend" = {
|
||||||
bucket_config = null
|
bucket_config = null
|
||||||
enable_cdn = false
|
enable_cdn = false
|
||||||
cdn_config = null
|
cdn_config = null
|
||||||
|
|
@ -345,7 +345,7 @@ module "xlb" {
|
||||||
options = null
|
options = null
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
health_checks = [format("%sreverse-proxy-hc", var.prefix)]
|
health_checks = ["${var.prefix}-reverse-proxy-hc"]
|
||||||
log_config = null
|
log_config = null
|
||||||
options = {
|
options = {
|
||||||
affinity_cookie_ttl_sec = null
|
affinity_cookie_ttl_sec = null
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,7 @@ variable "autoscaling" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "autoscaling_metric" {
|
variable "autoscaling_metric" {
|
||||||
|
description = "Definition of metric to use for scaling."
|
||||||
type = object({
|
type = object({
|
||||||
name = string
|
name = string
|
||||||
single_instance_assignment = number
|
single_instance_assignment = number
|
||||||
|
|
@ -91,13 +92,16 @@ variable "ops_agent_image" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix used for resources that need unique names."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
default = ""
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_create" {
|
variable "project_create" {
|
||||||
description = "Parameters for the creation of the new project"
|
description = "Parameters for the creation of the new project."
|
||||||
type = object({
|
type = object({
|
||||||
billing_account_id = string
|
billing_account_id = string
|
||||||
parent = string
|
parent = string
|
||||||
|
|
@ -106,7 +110,7 @@ variable "project_create" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "project_name" {
|
variable "project_name" {
|
||||||
description = "Name of an existing project or of the new project"
|
description = "Name of an existing project or of the new project."
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -127,4 +131,3 @@ variable "tls" {
|
||||||
type = bool
|
type = bool
|
||||||
default = false
|
default = false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -41,15 +41,15 @@ Before applying this Terraform
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [dest_ip_address](variables.tf#L17) | On-prem service destination IP address. | <code>string</code> | ✓ | |
|
| [dest_ip_address](variables.tf#L17) | On-prem service destination IP address. | <code>string</code> | ✓ | |
|
||||||
| [prefix](variables.tf#L28) | Prefix to use for resource names. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L28) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [producer](variables.tf#L33) | Producer configuration. | <code title="object({ subnet_main = string # CIDR subnet_proxy = string # CIDR subnet_psc = string # CIDR accepted_limits = map(number) # Accepted project ids => PSC endpoint limit })">object({…})</code> | ✓ | |
|
| [producer](variables.tf#L37) | Producer configuration. | <code title="object({ subnet_main = string # CIDR subnet_proxy = string # CIDR subnet_psc = string # CIDR accepted_limits = map(number) # Accepted project ids => PSC endpoint limit })">object({…})</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L49) | When referncing existing projects, the id of the project where resources will be created. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L53) | When referncing existing projects, the id of the project where resources will be created. | <code>string</code> | ✓ | |
|
||||||
| [region](variables.tf#L54) | Region where resources will be created. | <code>string</code> | ✓ | |
|
| [region](variables.tf#L58) | Region where resources will be created. | <code>string</code> | ✓ | |
|
||||||
| [subnet_consumer](variables.tf#L59) | Consumer subnet CIDR. | <code>string # CIDR</code> | ✓ | |
|
| [subnet_consumer](variables.tf#L63) | Consumer subnet CIDR. | <code>string # CIDR</code> | ✓ | |
|
||||||
| [zone](variables.tf#L98) | Zone where resources will be created. | <code>string</code> | ✓ | |
|
| [zone](variables.tf#L102) | Zone where resources will be created. | <code>string</code> | ✓ | |
|
||||||
| [dest_port](variables.tf#L22) | On-prem service destination port. | <code>string</code> | | <code>"80"</code> |
|
| [dest_port](variables.tf#L22) | On-prem service destination port. | <code>string</code> | | <code>"80"</code> |
|
||||||
| [project_create](variables.tf#L43) | Whether to automatically create a project. | <code>bool</code> | | <code>false</code> |
|
| [project_create](variables.tf#L47) | Whether to automatically create a project. | <code>bool</code> | | <code>false</code> |
|
||||||
| [vpc_config](variables.tf#L64) | VPC and subnet ids, in case existing VPCs are used. | <code title="object({ producer = object({ id = string subnet_main_id = string subnet_proxy_id = string subnet_psc_id = string }) consumer = object({ id = string subnet_main_id = string }) })">object({…})</code> | | <code title="{ producer = { id = "xxx" subnet_main_id = "xxx" subnet_proxy_id = "xxx" subnet_psc_id = "xxx" } consumer = { id = "xxx" subnet_main_id = "xxx" } }">{…}</code> |
|
| [vpc_config](variables.tf#L68) | VPC and subnet ids, in case existing VPCs are used. | <code title="object({ producer = object({ id = string subnet_main_id = string subnet_proxy_id = string subnet_psc_id = string }) consumer = object({ id = string subnet_main_id = string }) })">object({…})</code> | | <code title="{ producer = { id = "xxx" subnet_main_id = "xxx" subnet_proxy_id = "xxx" subnet_psc_id = "xxx" } consumer = { id = "xxx" subnet_main_id = "xxx" } }">{…}</code> |
|
||||||
| [vpc_create](variables.tf#L92) | Whether to automatically create VPCs. | <code>bool</code> | | <code>true</code> |
|
| [vpc_create](variables.tf#L96) | Whether to automatically create VPCs. | <code>bool</code> | | <code>true</code> |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,6 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
prefix = coalesce(var.prefix, "") == "" ? "" : "${var.prefix}-"
|
|
||||||
project_id = (
|
project_id = (
|
||||||
var.project_create
|
var.project_create
|
||||||
? module.project.project_id
|
? module.project.project_id
|
||||||
|
|
@ -66,7 +65,7 @@ module "project" {
|
||||||
module "vpc_producer" {
|
module "vpc_producer" {
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = local.project_id
|
project_id = local.project_id
|
||||||
name = "${local.prefix}producer"
|
name = "${var.prefix}-producer"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.producer["subnet_main"]
|
ip_cidr_range = var.producer["subnet_main"]
|
||||||
|
|
@ -78,7 +77,7 @@ module "vpc_producer" {
|
||||||
subnets_proxy_only = [
|
subnets_proxy_only = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.producer["subnet_proxy"]
|
ip_cidr_range = var.producer["subnet_proxy"]
|
||||||
name = "${local.prefix}proxy"
|
name = "${var.prefix}-proxy"
|
||||||
region = var.region
|
region = var.region
|
||||||
active = true
|
active = true
|
||||||
}
|
}
|
||||||
|
|
@ -86,7 +85,7 @@ module "vpc_producer" {
|
||||||
subnets_psc = [
|
subnets_psc = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.producer["subnet_psc"]
|
ip_cidr_range = var.producer["subnet_psc"]
|
||||||
name = "${local.prefix}psc"
|
name = "${var.prefix}-psc"
|
||||||
region = var.region
|
region = var.region
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
@ -95,7 +94,7 @@ module "vpc_producer" {
|
||||||
module "psc_producer" {
|
module "psc_producer" {
|
||||||
source = "./psc-producer"
|
source = "./psc-producer"
|
||||||
project_id = local.project_id
|
project_id = local.project_id
|
||||||
name = var.prefix
|
name = "${var.prefix}-producer"
|
||||||
dest_ip_address = var.dest_ip_address
|
dest_ip_address = var.dest_ip_address
|
||||||
dest_port = var.dest_port
|
dest_port = var.dest_port
|
||||||
network = local.vpc_producer_id
|
network = local.vpc_producer_id
|
||||||
|
|
@ -114,11 +113,11 @@ module "psc_producer" {
|
||||||
module "vpc_consumer" {
|
module "vpc_consumer" {
|
||||||
source = "../../../modules/net-vpc"
|
source = "../../../modules/net-vpc"
|
||||||
project_id = local.project_id
|
project_id = local.project_id
|
||||||
name = "${local.prefix}consumer"
|
name = "${var.prefix}-consumer"
|
||||||
subnets = [
|
subnets = [
|
||||||
{
|
{
|
||||||
ip_cidr_range = var.subnet_consumer
|
ip_cidr_range = var.subnet_consumer
|
||||||
name = "${local.prefix}consumer"
|
name = "${var.prefix}-consumer"
|
||||||
region = var.region
|
region = var.region
|
||||||
secondary_ip_range = {}
|
secondary_ip_range = {}
|
||||||
}
|
}
|
||||||
|
|
@ -128,7 +127,7 @@ module "vpc_consumer" {
|
||||||
module "psc_consumer" {
|
module "psc_consumer" {
|
||||||
source = "./psc-consumer"
|
source = "./psc-consumer"
|
||||||
project_id = local.project_id
|
project_id = local.project_id
|
||||||
name = "${local.prefix}consumer"
|
name = "${var.prefix}-consumer"
|
||||||
region = var.region
|
region = var.region
|
||||||
network = local.vpc_consumer_id
|
network = local.vpc_consumer_id
|
||||||
subnet = local.vpc_consumer_main
|
subnet = local.vpc_consumer_main
|
||||||
|
|
|
||||||
|
|
@ -26,8 +26,12 @@ variable "dest_port" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix to use for resource names."
|
description = "Prefix used for resource names."
|
||||||
type = string
|
type = string
|
||||||
|
validation {
|
||||||
|
condition = var.prefix != ""
|
||||||
|
error_message = "Prefix cannot be empty."
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "producer" {
|
variable "producer" {
|
||||||
|
|
|
||||||
|
|
@ -48,17 +48,17 @@ There's a minor glitch that can surface running `terraform destroy`, where the s
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | <code>string</code> | ✓ | |
|
| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | <code>string</code> | ✓ | |
|
||||||
| [prefix](variables.tf#L62) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | |
|
| [prefix](variables.tf#L62) | Prefix used for resource names. | <code>string</code> | ✓ | |
|
||||||
| [root_node](variables.tf#L90) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | <code>string</code> | ✓ | |
|
| [root_node](variables.tf#L94) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | <code>string</code> | ✓ | |
|
||||||
| [cluster_create](variables.tf#L20) | Create GKE cluster and nodepool. | <code>bool</code> | | <code>true</code> |
|
| [cluster_create](variables.tf#L20) | Create GKE cluster and nodepool. | <code>bool</code> | | <code>true</code> |
|
||||||
| [ip_ranges](variables.tf#L26) | Subnet IP CIDR ranges. | <code>map(string)</code> | | <code title="{ gce = "10.0.16.0/24" gke = "10.0.32.0/24" }">{…}</code> |
|
| [ip_ranges](variables.tf#L26) | Subnet IP CIDR ranges. | <code>map(string)</code> | | <code title="{ gce = "10.0.16.0/24" gke = "10.0.32.0/24" }">{…}</code> |
|
||||||
| [ip_secondary_ranges](variables.tf#L35) | Secondary IP CIDR ranges. | <code>map(string)</code> | | <code title="{ gke-pods = "10.128.0.0/18" gke-services = "172.16.0.0/24" }">{…}</code> |
|
| [ip_secondary_ranges](variables.tf#L35) | Secondary IP CIDR ranges. | <code>map(string)</code> | | <code title="{ gke-pods = "10.128.0.0/18" gke-services = "172.16.0.0/24" }">{…}</code> |
|
||||||
| [owners_gce](variables.tf#L44) | GCE project owners, in IAM format. | <code>list(string)</code> | | <code>[]</code> |
|
| [owners_gce](variables.tf#L44) | GCE project owners, in IAM format. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
| [owners_gke](variables.tf#L50) | GKE project owners, in IAM format. | <code>list(string)</code> | | <code>[]</code> |
|
| [owners_gke](variables.tf#L50) | GKE project owners, in IAM format. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
| [owners_host](variables.tf#L56) | Host project owners, in IAM format. | <code>list(string)</code> | | <code>[]</code> |
|
| [owners_host](variables.tf#L56) | Host project owners, in IAM format. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
| [private_service_ranges](variables.tf#L67) | Private service IP CIDR ranges. | <code>map(string)</code> | | <code title="{ cluster-1 = "192.168.0.0/28" }">{…}</code> |
|
| [private_service_ranges](variables.tf#L71) | Private service IP CIDR ranges. | <code>map(string)</code> | | <code title="{ cluster-1 = "192.168.0.0/28" }">{…}</code> |
|
||||||
| [project_services](variables.tf#L75) | Service APIs enabled by default in new projects. | <code>list(string)</code> | | <code title="[ "container.googleapis.com", "stackdriver.googleapis.com", ]">[…]</code> |
|
| [project_services](variables.tf#L79) | Service APIs enabled by default in new projects. | <code>list(string)</code> | | <code title="[ "container.googleapis.com", "stackdriver.googleapis.com", ]">[…]</code> |
|
||||||
| [region](variables.tf#L84) | Region used. | <code>string</code> | | <code>"europe-west1"</code> |
|
| [region](variables.tf#L88) | Region used. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue