Merge branch 'master' into vanguard/peering-config
This commit is contained in:
commit
ef3d988da6
|
@ -1,4 +1,4 @@
|
||||||
# Copyright 2022 Google LLC
|
# Copyright 2023 Google LLC
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
|
@ -68,7 +68,6 @@ module "nodes" {
|
||||||
nat = false
|
nat = false
|
||||||
addresses = {
|
addresses = {
|
||||||
internal = module.ip-addresses.internal_addresses[each.value].address
|
internal = module.ip-addresses.internal_addresses[each.value].address
|
||||||
external = null
|
|
||||||
}
|
}
|
||||||
}]
|
}]
|
||||||
|
|
||||||
|
@ -122,7 +121,6 @@ module "witness" {
|
||||||
nat = false
|
nat = false
|
||||||
addresses = {
|
addresses = {
|
||||||
internal = module.ip-addresses.internal_addresses[each.value].address
|
internal = module.ip-addresses.internal_addresses[each.value].address
|
||||||
external = null
|
|
||||||
}
|
}
|
||||||
}]
|
}]
|
||||||
|
|
||||||
|
|
|
@ -4,5 +4,5 @@ region: europe-west1
|
||||||
description: Default subnet for dev Data Platform
|
description: Default subnet for dev Data Platform
|
||||||
ip_cidr_range: 10.128.48.0/24
|
ip_cidr_range: 10.128.48.0/24
|
||||||
secondary_ip_ranges:
|
secondary_ip_ranges:
|
||||||
pods: 100.128.48.0/20
|
pods: 100.64.48.0/20
|
||||||
services: 100.255.48.0/24
|
services: 100.64.64.0/24
|
||||||
|
|
|
@ -4,5 +4,5 @@ region: europe-west1
|
||||||
description: Default subnet for dev Data Platform
|
description: Default subnet for dev Data Platform
|
||||||
ip_cidr_range: 10.128.48.0/24
|
ip_cidr_range: 10.128.48.0/24
|
||||||
secondary_ip_ranges:
|
secondary_ip_ranges:
|
||||||
pods: 100.128.48.0/20
|
pods: 100.64.48.0/20
|
||||||
services: 100.255.48.0/24
|
services: 100.64.64.0/24
|
||||||
|
|
|
@ -4,5 +4,5 @@ region: europe-west1
|
||||||
description: Default subnet for dev Data Platform
|
description: Default subnet for dev Data Platform
|
||||||
ip_cidr_range: 10.128.48.0/24
|
ip_cidr_range: 10.128.48.0/24
|
||||||
secondary_ip_ranges:
|
secondary_ip_ranges:
|
||||||
pods: 100.128.48.0/20
|
pods: 100.64.48.0/20
|
||||||
services: 100.255.48.0/24
|
services: 100.64.64.0/24
|
||||||
|
|
|
@ -4,5 +4,5 @@ region: europe-west1
|
||||||
description: Default subnet for dev Data Platform
|
description: Default subnet for dev Data Platform
|
||||||
ip_cidr_range: 10.128.48.0/24
|
ip_cidr_range: 10.128.48.0/24
|
||||||
secondary_ip_ranges:
|
secondary_ip_ranges:
|
||||||
pods: 100.128.48.0/20
|
pods: 100.64.48.0/20
|
||||||
services: 100.255.48.0/24
|
services: 100.64.64.0/24
|
||||||
|
|
|
@ -4,5 +4,5 @@ region: europe-west1
|
||||||
description: Default subnet for dev Data Platform
|
description: Default subnet for dev Data Platform
|
||||||
ip_cidr_range: 10.128.48.0/24
|
ip_cidr_range: 10.128.48.0/24
|
||||||
secondary_ip_ranges:
|
secondary_ip_ranges:
|
||||||
pods: 100.128.48.0/20
|
pods: 100.64.48.0/20
|
||||||
services: 100.255.48.0/24
|
services: 100.64.64.0/24
|
||||||
|
|
|
@ -152,7 +152,6 @@ module "nva" {
|
||||||
subnetwork = module.landing-untrusted-vpc.subnet_self_links["${each.value.region}/landing-untrusted-default-${each.value.shortname}"]
|
subnetwork = module.landing-untrusted-vpc.subnet_self_links["${each.value.region}/landing-untrusted-default-${each.value.shortname}"]
|
||||||
nat = false
|
nat = false
|
||||||
addresses = {
|
addresses = {
|
||||||
external = null
|
|
||||||
internal = google_compute_address.nva_static_ip_untrusted[each.key].address
|
internal = google_compute_address.nva_static_ip_untrusted[each.key].address
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -161,7 +160,6 @@ module "nva" {
|
||||||
subnetwork = module.landing-trusted-vpc.subnet_self_links["${each.value.region}/landing-trusted-default-${each.value.shortname}"]
|
subnetwork = module.landing-trusted-vpc.subnet_self_links["${each.value.region}/landing-trusted-default-${each.value.shortname}"]
|
||||||
nat = false
|
nat = false
|
||||||
addresses = {
|
addresses = {
|
||||||
external = null
|
|
||||||
internal = google_compute_address.nva_static_ip_trusted[each.key].address
|
internal = google_compute_address.nva_static_ip_trusted[each.key].address
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -215,7 +215,7 @@ module "vm-internal-ip" {
|
||||||
network_interfaces = [{
|
network_interfaces = [{
|
||||||
network = var.vpc.self_link
|
network = var.vpc.self_link
|
||||||
subnetwork = var.subnet.self_link
|
subnetwork = var.subnet.self_link
|
||||||
addresses = { external = null, internal = "10.0.0.2" }
|
addresses = { internal = "10.0.0.2" }
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -228,7 +228,7 @@ module "vm-external-ip" {
|
||||||
network = var.vpc.self_link
|
network = var.vpc.self_link
|
||||||
subnetwork = var.subnet.self_link
|
subnetwork = var.subnet.self_link
|
||||||
nat = true
|
nat = true
|
||||||
addresses = { external = "8.8.8.8", internal = null }
|
addresses = { external = "8.8.8.8" }
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
# tftest modules=2 resources=2 inventory=ips.yaml
|
# tftest modules=2 resources=2 inventory=ips.yaml
|
||||||
|
@ -507,7 +507,7 @@ module "instance-group" {
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [name](variables.tf#L182) | Instance name. | <code>string</code> | ✓ | |
|
| [name](variables.tf#L182) | Instance name. | <code>string</code> | ✓ | |
|
||||||
| [network_interfaces](variables.tf#L187) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list(object({ nat = optional(bool, false) network = string subnetwork = string addresses = optional(object({ internal = string external = string }), null) alias_ips = optional(map(string), {}) nic_type = optional(string) }))">list(object({…}))</code> | ✓ | |
|
| [network_interfaces](variables.tf#L187) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list(object({ nat = optional(bool, false) network = string subnetwork = string addresses = optional(object({ internal = optional(string) external = optional(string) }), null) alias_ips = optional(map(string), {}) nic_type = optional(string) }))">list(object({…}))</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L224) | Project id. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L224) | Project id. | <code>string</code> | ✓ | |
|
||||||
| [zone](variables.tf#L283) | Compute zone. | <code>string</code> | ✓ | |
|
| [zone](variables.tf#L283) | Compute zone. | <code>string</code> | ✓ | |
|
||||||
| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | <code title="object({ auto_delete = optional(bool, false) mode = string replica_zone = string type = string })">object({…})</code> | | <code title="{ auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" }">{…}</code> |
|
| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | <code title="object({ auto_delete = optional(bool, false) mode = string replica_zone = string type = string })">object({…})</code> | | <code title="{ auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" }">{…}</code> |
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/**
|
/**
|
||||||
* Copyright 2022 Google LLC
|
* Copyright 2023 Google LLC
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -191,8 +191,8 @@ variable "network_interfaces" {
|
||||||
network = string
|
network = string
|
||||||
subnetwork = string
|
subnetwork = string
|
||||||
addresses = optional(object({
|
addresses = optional(object({
|
||||||
internal = string
|
internal = optional(string)
|
||||||
external = string
|
external = optional(string)
|
||||||
}), null)
|
}), null)
|
||||||
alias_ips = optional(map(string), {})
|
alias_ips = optional(map(string), {})
|
||||||
nic_type = optional(string)
|
nic_type = optional(string)
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -26,6 +26,9 @@ locals {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
for k, v in google_compute_region_network_endpoint_group.default : k => v.id
|
for k, v in google_compute_region_network_endpoint_group.default : k => v.id
|
||||||
|
},
|
||||||
|
{
|
||||||
|
for k, v in google_compute_region_network_endpoint_group.psc : k => v.id
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
hc_ids = {
|
hc_ids = {
|
||||||
|
|
|
@ -49,6 +49,10 @@ locals {
|
||||||
zone = v.gce != null ? v.gce.zone : v.hybrid.zone
|
zone = v.gce != null ? v.gce.zone : v.hybrid.zone
|
||||||
} if v.gce != null || v.hybrid != null
|
} if v.gce != null || v.hybrid != null
|
||||||
}
|
}
|
||||||
|
neg_regional_psc = {
|
||||||
|
for k, v in var.neg_configs :
|
||||||
|
k => v if v.psc != null
|
||||||
|
}
|
||||||
proxy_ssl_certificates = concat(
|
proxy_ssl_certificates = concat(
|
||||||
coalesce(var.ssl_certificates.certificate_ids, []),
|
coalesce(var.ssl_certificates.certificate_ids, []),
|
||||||
[for k, v in google_compute_region_ssl_certificate.default : v.id]
|
[for k, v in google_compute_region_ssl_certificate.default : v.id]
|
||||||
|
@ -187,3 +191,15 @@ resource "google_compute_region_network_endpoint_group" "default" {
|
||||||
url_mask = each.value.target_urlmask
|
url_mask = each.value.target_urlmask
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "google_compute_region_network_endpoint_group" "psc" {
|
||||||
|
for_each = local.neg_regional_psc
|
||||||
|
project = var.project_id
|
||||||
|
region = each.value.psc.region
|
||||||
|
name = "${var.name}-${each.key}"
|
||||||
|
//description = coalesce(each.value.description, var.description)
|
||||||
|
network_endpoint_type = "PRIVATE_SERVICE_CONNECT"
|
||||||
|
psc_target_service = each.value.psc.target_service
|
||||||
|
network = each.value.psc.network
|
||||||
|
subnetwork = each.value.psc.subnetwork
|
||||||
|
}
|
||||||
|
|
|
@ -90,7 +90,12 @@ variable "neg_configs" {
|
||||||
port = number
|
port = number
|
||||||
})))
|
})))
|
||||||
}))
|
}))
|
||||||
# psc = optional(object({}))
|
psc = optional(object({
|
||||||
|
region = string
|
||||||
|
target_service = string
|
||||||
|
network = optional(string)
|
||||||
|
subnetwork = optional(string)
|
||||||
|
}))
|
||||||
}))
|
}))
|
||||||
default = {}
|
default = {}
|
||||||
nullable = false
|
nullable = false
|
||||||
|
@ -99,7 +104,8 @@ variable "neg_configs" {
|
||||||
for k, v in var.neg_configs : (
|
for k, v in var.neg_configs : (
|
||||||
(try(v.cloudrun, null) == null ? 0 : 1) +
|
(try(v.cloudrun, null) == null ? 0 : 1) +
|
||||||
(try(v.gce, null) == null ? 0 : 1) +
|
(try(v.gce, null) == null ? 0 : 1) +
|
||||||
(try(v.hybrid, null) == null ? 0 : 1) == 1
|
(try(v.hybrid, null) == null ? 0 : 1) +
|
||||||
|
(try(v.psc, null) == null ? 0 : 1) == 1
|
||||||
)
|
)
|
||||||
])
|
])
|
||||||
error_message = "Only one type of neg can be configured at a time."
|
error_message = "Only one type of neg can be configured at a time."
|
||||||
|
|
Loading…
Reference in New Issue