zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/blueprints/networking/psc-hybrid
History
Alejandro Leal 87cd83f5c0 Several updates 
Several updates
 		2023-05-13 23:51:46 -04:00
..
psc-consumer Sort variables and outputs 2022-11-21 13:17:55 +01:00
psc-producer Sort variables and outputs 2022-11-21 13:17:55 +01:00
README.md Several updates 2023-05-13 23:51:46 -04:00
diagram.png Add PSC hybrid blueprint 2022-10-16 10:18:40 +02:00
main.tf Normalize prefix handling in blueprints (#1003) 2022-11-23 11:09:00 +01:00
variables.tf Several updates 2023-05-13 23:51:46 -04:00

README.md

Hybrid connectivity to on-premise services through PSC

The sample allows to connect to an on-prem service leveraging Private Service Connect (PSC).

It creates:

  • A producer: a VPC exposing a PSC Service Attachment (SA), connecting to an internal regional TCP proxy load balancer, using a hybrid NEG backend that connects to an on-premises service (IP address + port)

  • A consumer: a VPC with a PSC endpoint pointing to the PSC SA exposed by the producer. The endpoint is accessible by clients through a local IP address on the consumer VPC.

High-level diagram

Sample modules

The blueprint makes use of the modules psc-producer and psc-consumer contained in this folder. This is done so you can build on top of these building blocks, in order to support more complex scenarios.

Prerequisites

Before applying this Terraform

  • On-premises
    • Allow ingress from 35.191.0.0/16 and 130.211.0.0/22 CIDRs (for HCs)
    • Allow ingress from the proxy-only subnet CIDR
  • GCP
    • Advertise from GCP to on-prem 35.191.0.0/16 and 130.211.0.0/22 CIDRs
    • Advertise from GCP to on-prem the proxy-only subnet CIDRs

Relevant Links

Variables

name description type required default
dest_ip_address On-prem service destination IP address. string
prefix Prefix used for resource names. string
producer Producer configuration. object({…})
project_id When referencing existing projects, the id of the project where resources will be created. string
region Region where resources will be created. string
subnet_consumer Consumer subnet CIDR. string # CIDR
zone Zone where resources will be created. string
dest_port On-prem service destination port. string "80"
project_create Whether to automatically create a project. bool false
vpc_config VPC and subnet ids, in case existing VPCs are used. object({…}) {…}
vpc_create Whether to automatically create VPCs. bool true