Merge branch 'master' into vanguard/peering-config
This commit is contained in:
mark1000
GitHub
commit
ef3d988da6
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
|
@ -68,7 +68,6 @@ module "nodes" {
|
|||
nat = false
|
||||
addresses = {
|
||||
internal = module.ip-addresses.internal_addresses[each.value].address
|
||||
external = null
|
||||
}
|
||||
}]
|
||||
|
||||
|
|
@ -122,7 +121,6 @@ module "witness" {
|
|||
nat = false
|
||||
addresses = {
|
||||
internal = module.ip-addresses.internal_addresses[each.value].address
|
||||
external = null
|
||||
}
|
||||
}]
|
||||
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ region: europe-west1
|
|||
description: Default subnet for dev Data Platform
|
||||
ip_cidr_range: 10.128.48.0/24
|
||||
secondary_ip_ranges:
|
||||
pods: 100.128.48.0/20
|
||||
services: 100.255.48.0/24
|
||||
pods: 100.64.48.0/20
|
||||
services: 100.64.64.0/24
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ region: europe-west1
|
|||
description: Default subnet for dev Data Platform
|
||||
ip_cidr_range: 10.128.48.0/24
|
||||
secondary_ip_ranges:
|
||||
pods: 100.128.48.0/20
|
||||
services: 100.255.48.0/24
|
||||
pods: 100.64.48.0/20
|
||||
services: 100.64.64.0/24
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ region: europe-west1
|
|||
description: Default subnet for dev Data Platform
|
||||
ip_cidr_range: 10.128.48.0/24
|
||||
secondary_ip_ranges:
|
||||
pods: 100.128.48.0/20
|
||||
services: 100.255.48.0/24
|
||||
pods: 100.64.48.0/20
|
||||
services: 100.64.64.0/24
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ region: europe-west1
|
|||
description: Default subnet for dev Data Platform
|
||||
ip_cidr_range: 10.128.48.0/24
|
||||
secondary_ip_ranges:
|
||||
pods: 100.128.48.0/20
|
||||
services: 100.255.48.0/24
|
||||
pods: 100.64.48.0/20
|
||||
services: 100.64.64.0/24
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ region: europe-west1
|
|||
description: Default subnet for dev Data Platform
|
||||
ip_cidr_range: 10.128.48.0/24
|
||||
secondary_ip_ranges:
|
||||
pods: 100.128.48.0/20
|
||||
services: 100.255.48.0/24
|
||||
pods: 100.64.48.0/20
|
||||
services: 100.64.64.0/24
|
||||
|
|
|
|||
|
|
@ -152,7 +152,6 @@ module "nva" {
|
|||
subnetwork = module.landing-untrusted-vpc.subnet_self_links["${each.value.region}/landing-untrusted-default-${each.value.shortname}"]
|
||||
nat = false
|
||||
addresses = {
|
||||
external = null
|
||||
internal = google_compute_address.nva_static_ip_untrusted[each.key].address
|
||||
}
|
||||
},
|
||||
|
|
@ -161,7 +160,6 @@ module "nva" {
|
|||
subnetwork = module.landing-trusted-vpc.subnet_self_links["${each.value.region}/landing-trusted-default-${each.value.shortname}"]
|
||||
nat = false
|
||||
addresses = {
|
||||
external = null
|
||||
internal = google_compute_address.nva_static_ip_trusted[each.key].address
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ module "vm-internal-ip" {
|
|||
network_interfaces = [{
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
addresses = { external = null, internal = "10.0.0.2" }
|
||||
addresses = { internal = "10.0.0.2" }
|
||||
}]
|
||||
}
|
||||
|
||||
|
|
@ -228,7 +228,7 @@ module "vm-external-ip" {
|
|||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
nat = true
|
||||
addresses = { external = "8.8.8.8", internal = null }
|
||||
addresses = { external = "8.8.8.8" }
|
||||
}]
|
||||
}
|
||||
# tftest modules=2 resources=2 inventory=ips.yaml
|
||||
|
|
@ -507,7 +507,7 @@ module "instance-group" {
|
|||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L182) | Instance name. | <code>string</code> | ✓ | |
|
||||
| [network_interfaces](variables.tf#L187) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list(object({ nat = optional(bool, false) network = string subnetwork = string addresses = optional(object({ internal = string external = string }), null) alias_ips = optional(map(string), {}) nic_type = optional(string) }))">list(object({…}))</code> | ✓ | |
|
||||
| [network_interfaces](variables.tf#L187) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list(object({ nat = optional(bool, false) network = string subnetwork = string addresses = optional(object({ internal = optional(string) external = optional(string) }), null) alias_ips = optional(map(string), {}) nic_type = optional(string) }))">list(object({…}))</code> | ✓ | |
|
||||
| [project_id](variables.tf#L224) | Project id. | <code>string</code> | ✓ | |
|
||||
| [zone](variables.tf#L283) | Compute zone. | <code>string</code> | ✓ | |
|
||||
| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | <code title="object({ auto_delete = optional(bool, false) mode = string replica_zone = string type = string })">object({…})</code> | | <code title="{ auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" }">{…}</code> |
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -191,8 +191,8 @@ variable "network_interfaces" {
|
|||
network = string
|
||||
subnetwork = string
|
||||
addresses = optional(object({
|
||||
internal = string
|
||||
external = string
|
||||
internal = optional(string)
|
||||
external = optional(string)
|
||||
}), null)
|
||||
alias_ips = optional(map(string), {})
|
||||
nic_type = optional(string)
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -26,6 +26,9 @@ locals {
|
|||
},
|
||||
{
|
||||
for k, v in google_compute_region_network_endpoint_group.default : k => v.id
|
||||
},
|
||||
{
|
||||
for k, v in google_compute_region_network_endpoint_group.psc : k => v.id
|
||||
}
|
||||
)
|
||||
hc_ids = {
|
||||
|
|
|
|||
|
|
@ -49,6 +49,10 @@ locals {
|
|||
zone = v.gce != null ? v.gce.zone : v.hybrid.zone
|
||||
} if v.gce != null || v.hybrid != null
|
||||
}
|
||||
neg_regional_psc = {
|
||||
for k, v in var.neg_configs :
|
||||
k => v if v.psc != null
|
||||
}
|
||||
proxy_ssl_certificates = concat(
|
||||
coalesce(var.ssl_certificates.certificate_ids, []),
|
||||
[for k, v in google_compute_region_ssl_certificate.default : v.id]
|
||||
|
|
@ -187,3 +191,15 @@ resource "google_compute_region_network_endpoint_group" "default" {
|
|||
url_mask = each.value.target_urlmask
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_region_network_endpoint_group" "psc" {
|
||||
for_each = local.neg_regional_psc
|
||||
project = var.project_id
|
||||
region = each.value.psc.region
|
||||
name = "${var.name}-${each.key}"
|
||||
//description = coalesce(each.value.description, var.description)
|
||||
network_endpoint_type = "PRIVATE_SERVICE_CONNECT"
|
||||
psc_target_service = each.value.psc.target_service
|
||||
network = each.value.psc.network
|
||||
subnetwork = each.value.psc.subnetwork
|
||||
}
|
||||
|
|
|
|||
|
|
@ -90,7 +90,12 @@ variable "neg_configs" {
|
|||
port = number
|
||||
})))
|
||||
}))
|
||||
# psc = optional(object({}))
|
||||
psc = optional(object({
|
||||
region = string
|
||||
target_service = string
|
||||
network = optional(string)
|
||||
subnetwork = optional(string)
|
||||
}))
|
||||
}))
|
||||
default = {}
|
||||
nullable = false
|
||||
|
|
@ -99,7 +104,8 @@ variable "neg_configs" {
|
|||
for k, v in var.neg_configs : (
|
||||
(try(v.cloudrun, null) == null ? 0 : 1) +
|
||||
(try(v.gce, null) == null ? 0 : 1) +
|
||||
(try(v.hybrid, null) == null ? 0 : 1) == 1
|
||||
(try(v.hybrid, null) == null ? 0 : 1) +
|
||||
(try(v.psc, null) == null ? 0 : 1) == 1
|
||||
)
|
||||
])
|
||||
error_message = "Only one type of neg can be configured at a time."
|
||||
|
|
|
|||
Loading…
Reference in New Issue