ab646f38ed
* bump provider versions to >= 4.17.0, terraform to >= 1.1.0 * bump teraform version in lint check, edit CHANGELOG |
||
|---|---|---|
| .. | ||
| docker-images | ||
| Corefile | ||
| README.md | ||
| cloud-config.yaml | ||
| instance.tf | ||
| main.tf | ||
| outputs-instance.tf | ||
| outputs.tf | ||
| static-vpn-gw-cloud-init.yaml | ||
| variables-instance.tf | ||
| variables.tf | ||
| versions.tf | ||
README.md
Containerized on-premises infrastructure
This module manages a cloud-config configuration that starts an emulated on-premises infrastructure running in Docker Compose on a single instance, and connects it via static or dynamic VPN to a Google Cloud VPN gateway.
The emulated on-premises infrastructure is composed of:
- a Strongswan container managing the VPN tunnel to GCP
- an optional Bird container managing the BGP session
- a CoreDNS container servng local DNS and forwarding to GCP
- an Nginx container serving a simple static web page
- a generic Linux container used as a jump host inside the on-premises network
A complete scenario using this module is available in the networking examples.
The module renders the generated cloud config in the cloud_config output, to be used in instances or instance templates via the user-data metadata.
For convenience during development or for simple use cases, the module can optionally manage a single instance via the test_instance variable. If the instance is not needed the instance*tf files can be safely removed. Refer to the top-level README for more details on the included instance.
Examples
Static VPN
The test instance is optional, as described above.
module "cloud-vpn" {
source = "./modules/net-vpn-static"
project_id = "my-project"
region = "europe-west1"
network = "my-vpc"
name = "to-on-prem"
remote_ranges = ["192.168.192.0/24"]
tunnels = {
remote-0 = {
ike_version = 2
peer_ip = module.on-prem.external_address
shared_secret = ""
traffic_selectors = { local = ["0.0.0.0/0"], remote = null }
}
}
}
module "on-prem" {
source = "./modules/cos-container/on-prem"
name = "onprem"
vpn_config = {
type = "static"
peer_ip = module.cloud-vpn.address
shared_secret = module.cloud-vpn.random_secret
}
test_instance = {
project_id = "my-project"
zone = "europe-west1-b"
name = "cos-coredns"
type = "f1-micro"
network = "default"
subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/my-subnet"
}
}
Variables
| name | description | type | required | default |
|---|---|---|---|---|
| vpn_config | VPN configuration, type must be one of 'dynamic' or 'static'. | object({…}) |
✓ | |
| config_variables | Additional variables used to render the cloud-config and CoreDNS templates. | map(any) |
{} |
|
| coredns_config | CoreDNS configuration path, if null default will be used. | string |
null |
|
| local_ip_cidr_range | IP CIDR range used for the Docker onprem network. | string |
"192.168.192.0/24" |
|
| test_instance | Test/development instance attributes, leave null to skip creation. | object({…}) |
null |
|
| test_instance_defaults | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) |
{…} |
|
| vpn_dynamic_config | BGP configuration for dynamic VPN, ignored if VPN type is 'static'. | object({…}) |
{…} |
|
| vpn_static_ranges | Remote CIDR ranges for static VPN, ignored if VPN type is 'dynamic'. | list(string) |
["10.0.0.0/8"] |
Outputs
| name | description | sensitive |
|---|---|---|
| cloud_config | Rendered cloud-config file to be passed as user-data instance metadata. | |
| test_instance | Optional test instance name and address. |