zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/blueprints/cloud-operations/dns-shared-vpc
History
Simone Ruffilli 6d89b88149
versions.tf maintenance + copyright notice bump (#1782) 
* Bump copyright notice to 2023

* Delete versions.tf on blueprints

* Pin provider to major version 5

* Remove comment

* Fix lint

* fix bq-ml blueprint readme

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
 		2023-10-20 18:17:47 +02:00
..
examples/shared-vpc-example Normalize prefix handling in blueprints (#1003) 2022-11-23 11:09:00 +01:00
README.md Fix dnssec keys lookup (#1728) 2023-10-03 21:37:21 +02:00
diagram.png Rename examples folder to blueprints 2022-09-09 16:38:43 +02:00
main.tf Refactoring of dns module 2023-07-19 12:57:44 +02:00
outputs.tf Rename examples folder to blueprints 2022-09-09 16:38:43 +02:00
variables.tf Normalize prefix handling in blueprints (#1003) 2022-11-23 11:09:00 +01:00

README.md

Cloud DNS & Shared VPC design

Usage

This blueprint shows how to create reusable and modular Cloud DNS architectures when using Shared VPC.

The goal is to provision dedicated Cloud DNS instances for application teams that want to manage their own DNS records, and configure DNS peering to ensure name resolution works in a common Shared VPC.

The blueprint will:

  • Create a GCP project per application team based on the teams input variable
  • Create a VPC and Cloud DNS instance per application team
  • Create a Cloud DNS private zone per application team in the form of [teamname].[dns_domain], with teamname and dns_domain based on input variables
  • Configure DNS peering for each private zone from the Shared VPC to the DNS VPC of each application team

The resources created in this blueprint are shown in the high level diagram below:

Note that Terraform 0.13 at least is required due to the use of for_each with modules.

Variables

name description type required default
billing_account_id Billing account associated with the GCP Projects that will be created for each team. string
folder_id Folder ID in which DNS projects will be created. string
prefix Prefix used for resource names. string
shared_vpc_link Shared VPC self link, used for DNS peering. string
dns_domain DNS domain under which each application team DNS domain will be created. string "example.org"
project_services Service APIs enabled by default. list(string) […]
teams List of application teams requiring their own Cloud DNS instance. list(string) […]

Outputs

name description sensitive
teams Team resources.

Test

module "test" {
  source             = "./fabric/blueprints/cloud-operations/dns-shared-vpc"
  billing_account_id = "111111-222222-333333"
  folder_id          = "folders/1234567890"
  prefix             = "test"
  shared_vpc_link    = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default"
  teams              = ["team1", "team2"]
}
# tftest modules=9 resources=16