6941313c7d
* factories refactor doc * Adds file schema and filesystem organization * Update 20231106-factories.md * move factories out of blueprints and create new factories README * align factory in billing-account module * align factory in dataplex-datascan module * align factory in billing-account module * align factory in net-firewall-policy module * align factory in dns-response-policy module * align factory in net-vpc-firewall module * align factory in net-vpc module * align factory variable names in FAST * remove decentralized firewall blueprint * bump terraform version * bump module versions * update top-level READMEs * move project factory to modules * fix variable names and tests * tfdoc * remove changelog link * add project factory to top-level README * fix cludrun eventarc diff * fix README * fix cludrun eventarc diff --------- Co-authored-by: Simone Ruffilli <sruffilli@google.com> |
||
|---|---|---|
| .. | ||
| README.md | ||
| main.tf | ||
| outputs.tf | ||
| variables.tf | ||
| versions.tf | ||
README.md
Google Network Peering
This module allows creation of a VPC Network Peering between two networks.
The resources created/managed by this module are:
- one network peering from
local networktopeer network - one network peering from
peer networktolocal network
Examples
Basic Usage
Basic usage of this module is as follows:
module "peering" {
source = "./fabric/modules/net-vpc-peering"
prefix = "name-prefix"
local_network = "projects/project-1/global/networks/vpc-1"
peer_network = "projects/project-1/global/networks/vpc-2"
}
# tftest modules=1 resources=2
Multiple Peerings
If you need to create more than one peering for the same VPC Network (A -> B, A -> C) you use a depends_on for second one to keep order of peering creation (It is not currently possible to create more than one peering connection for a VPC Network at the same time).
module "peering-a-b" {
source = "./fabric/modules/net-vpc-peering"
prefix = "name-prefix"
local_network = "projects/project-a/global/networks/vpc-a"
peer_network = "projects/project-b/global/networks/vpc-b"
}
module "peering-a-c" {
source = "./fabric/modules/net-vpc-peering"
prefix = "name-prefix"
local_network = "projects/project-a/global/networks/vpc-a"
peer_network = "projects/project-c/global/networks/vpc-c"
depends_on = [module.peering-a-b]
}
# tftest modules=2 resources=4
Route Configuration
You can control export/import of routes in both the local and peer via the routes_config variable. Defaults are to import and export from both sides, when the peer side only configured if the peering is managed by the module via peer_create_peering.
module "peering" {
source = "./fabric/modules/net-vpc-peering"
prefix = "name-prefix"
local_network = "projects/project-1/global/networks/vpc-1"
peer_network = "projects/project-1/global/networks/vpc-2"
routes_config = {
local = {
import = false
}
}
}
# tftest modules=1 resources=2 inventory=route-config.yaml
Variables
| name | description | type | required | default |
|---|---|---|---|---|
| local_network | Resource link of the network to add a peering to. | string |
✓ | |
| peer_network | Resource link of the peer network. | string |
✓ | |
| peer_create_peering | Create the peering on the remote side. If false, only the peering from this network to the remote network is created. | bool |
true |
|
| prefix | Optional name prefix for the network peerings. | string |
null |
|
| routes_config | Control import/export for local and remote peer. Remote configuration is only used when creating remote peering. | object({…}) |
{} |
|
| stack_type | IP version(s) of traffic and routes that are allowed to be imported or exported between peer networks. Possible values: IPV4_ONLY, IPV4_IPV6. | string |
null |
Outputs
| name | description | sensitive |
|---|---|---|
| local_network_peering | Network peering resource. | |
| peer_network_peering | Peer network peering resource. |