diff --git a/cloud-operations/asset-inventory-feed-remediation/main.tf b/cloud-operations/asset-inventory-feed-remediation/main.tf
index 64480f2b..88d3bfdb 100644
--- a/cloud-operations/asset-inventory-feed-remediation/main.tf
+++ b/cloud-operations/asset-inventory-feed-remediation/main.tf
@@ -110,7 +110,6 @@ module "simple-vm-example" {
subnetwork = try(module.vpc.subnet_self_links["${var.region}/${var.name}-default"], "")
nat = false
addresses = null
- alias_ips = null
}]
tags = ["${var.project_id}-test-feed", "shared-test-feed"]
}
diff --git a/cloud-operations/dns-fine-grained-iam/main.tf b/cloud-operations/dns-fine-grained-iam/main.tf
index c17375b2..6876a2aa 100644
--- a/cloud-operations/dns-fine-grained-iam/main.tf
+++ b/cloud-operations/dns-fine-grained-iam/main.tf
@@ -111,7 +111,6 @@ module "vm-ns-editor" {
subnetwork = module.vpc.subnet_self_links["${var.region}/${var.name}-default"]
nat = false
addresses = null
- alias_ips = null
}]
metadata = { startup-script = local.startup-script }
service_account_create = true
@@ -128,7 +127,6 @@ module "vm-svc-editor" {
subnetwork = module.vpc.subnet_self_links["${var.region}/${var.name}-default"]
nat = false
addresses = null
- alias_ips = null
}]
metadata = { startup-script = local.startup-script }
service_account_create = true
diff --git a/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/test.example b/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/test.example
index f186a6e3..b00d2bb0 100644
--- a/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/test.example
+++ b/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/test.example
@@ -27,7 +27,6 @@ module "vm1" {
subnetwork = module.shared-vpc.subnet_self_links["${var.region}/subnet-01"]
nat = false
addresses = null
- alias_ips = null
}]
tags = ["test-dns"]
}
@@ -42,7 +41,6 @@ module "vm2" {
subnetwork = module.shared-vpc.subnet_self_links["${var.region}/subnet-01"]
nat = false
addresses = null
- alias_ips = null
}]
tags = ["test-dns"]
}
diff --git a/data-solutions/cmek-via-centralized-kms/main.tf b/data-solutions/cmek-via-centralized-kms/main.tf
index 50e020ae..66372b2c 100644
--- a/data-solutions/cmek-via-centralized-kms/main.tf
+++ b/data-solutions/cmek-via-centralized-kms/main.tf
@@ -106,7 +106,6 @@ module "vm_example" {
subnetwork = module.vpc.subnet_self_links["${var.region}/subnet"],
nat = false,
addresses = null
- alias_ips = null
}]
attached_disks = [
{
diff --git a/data-solutions/gcs-to-bq-with-dataflow/main.tf b/data-solutions/gcs-to-bq-with-dataflow/main.tf
index bff5019f..d64789a6 100644
--- a/data-solutions/gcs-to-bq-with-dataflow/main.tf
+++ b/data-solutions/gcs-to-bq-with-dataflow/main.tf
@@ -206,7 +206,6 @@ module "vm_example" {
subnetwork = module.vpc.subnet_self_links["${var.region}/${var.vpc_subnet_name}"],
nat = false,
addresses = null
- alias_ips = null
}]
attached_disks = [
{
diff --git a/modules/compute-mig/README.md b/modules/compute-mig/README.md
index 46f11e87..4293604e 100644
--- a/modules/compute-mig/README.md
+++ b/modules/compute-mig/README.md
@@ -24,7 +24,6 @@ module "nginx-template" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -71,7 +70,6 @@ module "nginx-template" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -125,7 +123,6 @@ module "nginx-template" {
subnetwork = var.subnet.self_link,
nat = false,
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -182,7 +179,6 @@ module "nginx-template" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -235,7 +231,6 @@ module "nginx-template" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
diff --git a/modules/compute-vm/README.md b/modules/compute-vm/README.md
index e0212328..c85ca71f 100644
--- a/modules/compute-vm/README.md
+++ b/modules/compute-vm/README.md
@@ -24,7 +24,6 @@ module "simple-vm-example" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
service_account_create = true
}
@@ -54,7 +53,6 @@ module "simple-vm-example" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
attached_disks = [{
name = "repd-1"
@@ -85,7 +83,6 @@ module "simple-vm-example" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
attached_disks = [{
name = "repd"
@@ -119,7 +116,6 @@ module "kms-vm-example" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
attached_disks = [
{
@@ -147,23 +143,80 @@ module "kms-vm-example" {
### Using Alias IPs
-This example shows how add additional [Alias IPs](https://cloud.google.com/vpc/docs/alias-ip) to your VM.
+This example shows how to add additional [Alias IPs](https://cloud.google.com/vpc/docs/alias-ip) to your VM.
```hcl
module "vm-with-alias-ips" {
source = "./modules/compute-vm"
project_id = "my-project"
- zone = "europe-west1-b"
+ zone = "europe-west1-b"
name = "test"
network_interfaces = [{
network = var.vpc.self_link
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = {
- alias1 = "10.16.0.10/32"
- }
}]
+ network_interface_options = {
+ 0 = {
+ alias_ips = {
+ alias1 = "10.16.0.10/32"
+ }
+ nic_type = null
+ }
+ }
+ service_account_create = true
+}
+# tftest:modules=1:resources=2
+```
+
+### Using gVNIC
+
+This example shows how to enable [gVNIC](https://cloud.google.com/compute/docs/networking/using-gvnic) on your VM by customizing a `cos` image. Given that gVNIC needs to be enabled as an instance configuration and as a guest os configuration, you'll need to supply a bootable disk with `guest_os_features=GVNIC`. `SEV_CAPABLE`, `UEFI_COMPATIBLE` and `VIRTIO_SCSI_MULTIQUEUE` are enabled implicitly in the `cos`, `rhel`, `centos` and other images.
+
+```hcl
+
+resource "google_compute_image" "cos-gvnic" {
+ project = "my-project"
+ name = "my-image"
+ source_image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-89-16108-534-18"
+
+ guest_os_features {
+ type = "GVNIC"
+ }
+ guest_os_features {
+ type = "SEV_CAPABLE"
+ }
+ guest_os_features {
+ type = "UEFI_COMPATIBLE"
+ }
+ guest_os_features {
+ type = "VIRTIO_SCSI_MULTIQUEUE"
+ }
+}
+
+module "vm-with-gvnic" {
+ source = "./modules/compute-vm"
+ project_id = "my-project"
+ zone = "europe-west1-b"
+ name = "test"
+ boot_disk = {
+ image = google_compute_image.cos-gvnic.self_link
+ type = "pd-ssd"
+ size = 10
+ }
+ network_interfaces = [{
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ nat = false
+ addresses = null
+ }]
+ network_interface_options = {
+ 0 = {
+ alias_ips = null
+ nic_type = "GVNIC"
+ }
+ }
service_account_create = true
}
# tftest:modules=1:resources=2
@@ -184,7 +237,6 @@ module "cos-test" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -225,7 +277,6 @@ module "instance-group" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -248,7 +299,7 @@ module "instance-group" {
| name | description | type | required | default |
|---|---|:---: |:---:|:---:|
| name | Instance name. | string | ✓ | |
-| network_interfaces | Network interfaces configuration. Use self links for Shared VPC, set addresses and alias_ips to null if not needed. | list(object({...})) | ✓ | |
+| network_interfaces | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | list(object({...})) | ✓ | |
| project_id | Project id. | string | ✓ | |
| zone | Compute zone. | string | ✓ | |
| *attached_disk_defaults* | Defaults for attached disks options. | object({...}) | | ... |
@@ -268,6 +319,7 @@ module "instance-group" {
| *labels* | Instance labels. | map(string) | | {} |
| *metadata* | Instance metadata. | map(string) | | {} |
| *min_cpu_platform* | Minimum CPU platform. | string | | null |
+| *network_interface_options* | Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them. | map(object({...})) | | {} |
| *options* | Instance options. | object({...}) | | ... |
| *scratch_disks* | Scratch disks configuration. | object({...}) | | ... |
| *service_account* | Service account email. Unused if service account is auto-created. | string | | null |
diff --git a/modules/compute-vm/main.tf b/modules/compute-vm/main.tf
index 1f5866ec..94f8d0a1 100644
--- a/modules/compute-vm/main.tf
+++ b/modules/compute-vm/main.tf
@@ -60,6 +60,13 @@ locals {
]
)
)
+
+ network_interface_options = {
+ for i, v in var.network_interfaces : i => lookup(var.network_interface_options, i, {
+ alias_ips = null,
+ nic_type = null
+ })
+ }
}
resource "google_compute_disk" "disks" {
@@ -193,13 +200,14 @@ resource "google_compute_instance" "default" {
}
}
dynamic "alias_ip_range" {
- for_each = config.value.alias_ips != null ? config.value.alias_ips : {}
+ for_each = local.network_interface_options[config.key].alias_ips != null ? local.network_interface_options[config.key].alias_ips : {}
iterator = config_alias
content {
subnetwork_range_name = config_alias.key
ip_cidr_range = config_alias.value
}
}
+ nic_type = local.network_interface_options[config.key].nic_type
}
}
@@ -318,13 +326,14 @@ resource "google_compute_instance_template" "default" {
}
}
dynamic "alias_ip_range" {
- for_each = config.value.alias_ips != null ? config.value.alias_ips : {}
+ for_each = local.network_interface_options[config.key].alias_ips != null ? local.network_interface_options[config.key].alias_ips : {}
iterator = config_alias
content {
subnetwork_range_name = config_alias.key
ip_cidr_range = config_alias.value
}
}
+ nic_type = local.network_interface_options[config.key].nic_type
}
}
diff --git a/modules/compute-vm/variables.tf b/modules/compute-vm/variables.tf
index 00b59c06..9a27cd98 100644
--- a/modules/compute-vm/variables.tf
+++ b/modules/compute-vm/variables.tf
@@ -162,8 +162,17 @@ variable "name" {
type = string
}
+variable "network_interface_options" {
+ description = "Network interfaces extended options. The key is the index of the inteface to configure. The value is an object with alias_ips and nic_type. Set alias_ips or nic_type to null if you need only one of them."
+ type = map(object({
+ alias_ips = map(string)
+ nic_type = string
+ }))
+ default = {}
+}
+
variable "network_interfaces" {
- description = "Network interfaces configuration. Use self links for Shared VPC, set addresses and alias_ips to null if not needed."
+ description = "Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed."
type = list(object({
nat = bool
network = string
@@ -172,7 +181,6 @@ variable "network_interfaces" {
internal = string
external = string
})
- alias_ips = map(string)
}))
}
diff --git a/modules/net-ilb/README.md b/modules/net-ilb/README.md
index 8504d013..95ef9254 100644
--- a/modules/net-ilb/README.md
+++ b/modules/net-ilb/README.md
@@ -72,7 +72,6 @@ module "instance-group" {
subnetwork = var.subnet.self_link
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
diff --git a/networking/filtering-proxy/main.tf b/networking/filtering-proxy/main.tf
index c01aa4d4..1abcd369 100644
--- a/networking/filtering-proxy/main.tf
+++ b/networking/filtering-proxy/main.tf
@@ -158,7 +158,6 @@ module "squid-vm" {
subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "cos-cloud/cos-stable"
@@ -270,7 +269,6 @@ module "test-vm" {
subnetwork = module.vpc.subnet_self_links["${var.region}/apps"]
nat = false
addresses = null
- alias_ips = null
}]
boot_disk = {
image = "debian-cloud/debian-10"
diff --git a/networking/hub-and-spoke-peering/main.tf b/networking/hub-and-spoke-peering/main.tf
index 6a6b3bfa..e6f436ca 100644
--- a/networking/hub-and-spoke-peering/main.tf
+++ b/networking/hub-and-spoke-peering/main.tf
@@ -182,7 +182,6 @@ module "vm-hub" {
subnetwork = module.vpc-hub.subnet_self_links["${var.region}/${local.prefix}hub-1"]
nat = false
addresses = null
- alias_ips = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
@@ -200,7 +199,6 @@ module "vm-spoke-1" {
subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/${local.prefix}spoke-1-1"]
nat = false
addresses = null
- alias_ips = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
@@ -218,7 +216,6 @@ module "vm-spoke-2" {
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${local.prefix}spoke-2-1"]
nat = false
addresses = null
- alias_ips = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
diff --git a/networking/hub-and-spoke-vpn/main.tf b/networking/hub-and-spoke-vpn/main.tf
index e1886e5e..c0a09300 100644
--- a/networking/hub-and-spoke-vpn/main.tf
+++ b/networking/hub-and-spoke-vpn/main.tf
@@ -250,7 +250,6 @@ module "vm-spoke-1" {
subnetwork = module.vpc-spoke-1.subnet_self_links["${var.regions.b}/spoke-1-b"]
nat = false
addresses = null
- alias_ips = null
}]
tags = ["ssh"]
metadata = { startup-script = local.vm-startup-script }
@@ -266,7 +265,6 @@ module "vm-spoke-2" {
subnetwork = module.vpc-spoke-2.subnet_self_links["${var.regions.b}/spoke-2-b"]
nat = false
addresses = null
- alias_ips = null
}]
tags = ["ssh"]
metadata = { startup-script = local.vm-startup-script }
diff --git a/networking/ilb-next-hop/gateways.tf b/networking/ilb-next-hop/gateways.tf
index 162c22ca..55b4c1cd 100644
--- a/networking/ilb-next-hop/gateways.tf
+++ b/networking/ilb-next-hop/gateways.tf
@@ -33,15 +33,13 @@ module "gw" {
network = module.vpc-left.self_link
subnetwork = values(module.vpc-left.subnet_self_links)[0],
nat = false,
- addresses = null,
- alias_ips = null
+ addresses = null
},
{
network = module.vpc-right.self_link
subnetwork = values(module.vpc-right.subnet_self_links)[0],
nat = false,
- addresses = null,
- alias_ips = null
+ addresses = null
}
]
tags = ["ssh"]
diff --git a/networking/ilb-next-hop/vms.tf b/networking/ilb-next-hop/vms.tf
index c1df0f89..3a00b346 100644
--- a/networking/ilb-next-hop/vms.tf
+++ b/networking/ilb-next-hop/vms.tf
@@ -35,7 +35,6 @@ module "vm-left" {
subnetwork = values(module.vpc-left.subnet_self_links)[0]
nat = false
addresses = null
- alias_ips = null
}
]
tags = ["ssh"]
@@ -61,7 +60,6 @@ module "vm-right" {
subnetwork = values(module.vpc-right.subnet_self_links)[0]
nat = false
addresses = null
- alias_ips = null
}
]
tags = ["ssh"]
diff --git a/networking/onprem-google-access-dns/main.tf b/networking/onprem-google-access-dns/main.tf
index 5782bda5..6c651a57 100644
--- a/networking/onprem-google-access-dns/main.tf
+++ b/networking/onprem-google-access-dns/main.tf
@@ -239,7 +239,6 @@ module "vm-test1" {
subnetwork = module.vpc.subnet_self_links["${var.region.gcp1}/subnet1"]
nat = false
addresses = null
- alias_ips = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
@@ -257,7 +256,6 @@ module "vm-test2" {
subnetwork = module.vpc.subnet_self_links["${var.region.gcp2}/subnet2"]
nat = false
addresses = null
- alias_ips = null
}]
metadata = { startup-script = local.vm-startup-script }
service_account = module.service-account-gce.email
@@ -325,7 +323,6 @@ module "vm-onprem" {
subnetwork = module.vpc.subnet_self_links["${var.region.gcp1}/subnet1"]
nat = true
addresses = null
- alias_ips = null
}]
service_account = module.service-account-onprem.email
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
diff --git a/networking/private-cloud-function-from-onprem/main.tf b/networking/private-cloud-function-from-onprem/main.tf
index 60e3d8ea..2cb858d6 100644
--- a/networking/private-cloud-function-from-onprem/main.tf
+++ b/networking/private-cloud-function-from-onprem/main.tf
@@ -187,7 +187,6 @@ module "test-vm" {
}
network_interfaces = [{
addresses = null
- alias_ips = null
nat = false
network = module.vpc-onprem.self_link
subnetwork = module.vpc-onprem.subnet_self_links["${var.region}/${var.name}-onprem"]
diff --git a/networking/shared-vpc-gke/main.tf b/networking/shared-vpc-gke/main.tf
index 69879a2e..e60478f6 100644
--- a/networking/shared-vpc-gke/main.tf
+++ b/networking/shared-vpc-gke/main.tf
@@ -176,7 +176,6 @@ module "vm-bastion" {
subnetwork = lookup(module.vpc-shared.subnet_self_links, "${var.region}/gce", null)
nat = false
addresses = null
- alias_ips = null
}]
tags = ["ssh"]
metadata = {
diff --git a/tests/modules/compute_vm/fixture/variables.tf b/tests/modules/compute_vm/fixture/variables.tf
index 0e6c090b..cd9cdb47 100644
--- a/tests/modules/compute_vm/fixture/variables.tf
+++ b/tests/modules/compute_vm/fixture/variables.tf
@@ -78,17 +78,23 @@ variable "network_interfaces" {
internal = string
external = string
})
- alias_ips = map(string)
}))
default = [{
network = "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default",
subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default",
nat = false,
addresses = null
- alias_ips = null
}]
}
+variable "network_interface_options" {
+ type = map(object({
+ alias_ips = map(string)
+ nic_type = string
+ }))
+ default = {}
+}
+
variable "service_account_create" {
type = bool
default = false
diff --git a/tests/modules/compute_vm/test_plan_interfaces.py b/tests/modules/compute_vm/test_plan_interfaces.py
index 0f1d4934..9efdeafe 100644
--- a/tests/modules/compute_vm/test_plan_interfaces.py
+++ b/tests/modules/compute_vm/test_plan_interfaces.py
@@ -26,7 +26,6 @@ def test_address(plan_runner):
subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default",
nat = false,
addresses = {external=null, internal="10.0.0.2"}
- alias_ips = null
}]
'''
_, resources = plan_runner(FIXTURES_DIR, network_interfaces=nics)
@@ -42,7 +41,6 @@ def test_nat_address(plan_runner):
subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default",
nat = true,
addresses = {external="8.8.8.8", internal=null}
- alias_ips = null
}]
'''
_, resources = plan_runner(FIXTURES_DIR, network_interfaces=nics)
diff --git a/third-party-solutions/openshift/prepare.py b/third-party-solutions/openshift/prepare.py
index 10325994..73fcf70e 100755
--- a/third-party-solutions/openshift/prepare.py
+++ b/third-party-solutions/openshift/prepare.py
@@ -145,7 +145,7 @@ def ignition_configs(ctx=None):
'create', 'ignition-configs',
'--dir', str(ctx.obj['paths']['config_dir'])
]
- env = {'GOOGLE_CREDENTIALS': ctx.obj['paths']['credentials']}
+ env = {'GOOGLE_APPLICATION_CREDENTIALS': ctx.obj['paths']['credentials']}
_run_installer(cmdline, env)
@@ -221,7 +221,7 @@ def manifests(ctx=None):
'create', 'manifests',
'--dir', str(ctx.obj['paths']['config_dir'])
]
- env = {'GOOGLE_CREDENTIALS': ctx.obj['paths']['credentials']}
+ env = {'GOOGLE_APPLICATION_CREDENTIALS': ctx.obj['paths']['credentials']}
_run_installer(cmdline, env)