3657 lines
166 KiB
YAML
3657 lines
166 KiB
YAML
# Copyright 2024 Google LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
values:
|
|
google_compute_address.nva_static_ip_landing["primary-b"]:
|
|
address: 10.64.0.101
|
|
address_type: INTERNAL
|
|
description: null
|
|
ip_version: null
|
|
ipv6_endpoint_type: null
|
|
labels: null
|
|
name: nva-ip-landing-ew1-b
|
|
network: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
timeouts: null
|
|
google_compute_address.nva_static_ip_landing["primary-c"]:
|
|
address: 10.64.0.102
|
|
address_type: INTERNAL
|
|
description: null
|
|
ip_version: null
|
|
ipv6_endpoint_type: null
|
|
labels: null
|
|
name: nva-ip-landing-ew1-c
|
|
network: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
timeouts: null
|
|
google_compute_address.nva_static_ip_landing["secondary-b"]:
|
|
address: 10.80.0.101
|
|
address_type: INTERNAL
|
|
description: null
|
|
ip_version: null
|
|
ipv6_endpoint_type: null
|
|
labels: null
|
|
name: nva-ip-landing-ew4-b
|
|
network: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
timeouts: null
|
|
google_compute_address.nva_static_ip_landing["secondary-c"]:
|
|
address: 10.80.0.102
|
|
address_type: INTERNAL
|
|
description: null
|
|
ip_version: null
|
|
ipv6_endpoint_type: null
|
|
labels: null
|
|
name: nva-ip-landing-ew4-c
|
|
network: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
timeouts: null
|
|
google_compute_address.nva_static_ip_dmz["primary-b"]:
|
|
address: 10.64.128.101
|
|
address_type: INTERNAL
|
|
description: null
|
|
ip_version: null
|
|
ipv6_endpoint_type: null
|
|
labels: null
|
|
name: nva-ip-dmz-ew1-b
|
|
network: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
timeouts: null
|
|
google_compute_address.nva_static_ip_dmz["primary-c"]:
|
|
address: 10.64.128.102
|
|
address_type: INTERNAL
|
|
description: null
|
|
ip_version: null
|
|
ipv6_endpoint_type: null
|
|
labels: null
|
|
name: nva-ip-dmz-ew1-c
|
|
network: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
timeouts: null
|
|
google_compute_address.nva_static_ip_dmz["secondary-b"]:
|
|
address: 10.80.128.101
|
|
address_type: INTERNAL
|
|
description: null
|
|
ip_version: null
|
|
ipv6_endpoint_type: null
|
|
labels: null
|
|
name: nva-ip-dmz-ew4-b
|
|
network: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
timeouts: null
|
|
google_compute_address.nva_static_ip_dmz["secondary-c"]:
|
|
address: 10.80.128.102
|
|
address_type: INTERNAL
|
|
description: null
|
|
ip_version: null
|
|
ipv6_endpoint_type: null
|
|
labels: null
|
|
name: nva-ip-dmz-ew4-c
|
|
network: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
timeouts: null
|
|
google_monitoring_alert_policy.vpn_tunnel_bandwidth[0]:
|
|
alert_strategy: []
|
|
combiner: OR
|
|
conditions:
|
|
- condition_absent: []
|
|
condition_matched_log: []
|
|
condition_monitoring_query_language:
|
|
- duration: 120s
|
|
evaluation_missing_data: null
|
|
query: fetch vpn_gateway| { metric vpn.googleapis.com/network/sent_bytes_count;
|
|
metric vpn.googleapis.com/network/received_bytes_count }| align rate (1m)|
|
|
group_by [metric.tunnel_name]| outer_join 0,0| value val(0) + val(1)| condition
|
|
val() > 187.5 "MBy/s"
|
|
trigger:
|
|
- count: 1
|
|
percent: null
|
|
condition_prometheus_query_language: []
|
|
condition_threshold: []
|
|
display_name: VPN Tunnel Bandwidth usage
|
|
display_name: VPN Tunnel Bandwidth usage
|
|
documentation: []
|
|
enabled: true
|
|
notification_channels: []
|
|
project: fast2-prod-net-landing-0
|
|
severity: null
|
|
timeouts: null
|
|
user_labels: null
|
|
google_monitoring_alert_policy.vpn_tunnel_established[0]:
|
|
alert_strategy: []
|
|
combiner: OR
|
|
conditions:
|
|
- condition_absent: []
|
|
condition_matched_log: []
|
|
condition_monitoring_query_language:
|
|
- duration: 120s
|
|
evaluation_missing_data: null
|
|
query: 'fetch vpn_gateway| metric vpn.googleapis.com/tunnel_established| group_by
|
|
5m, [value_tunnel_established_max: max(value.tunnel_established)]| every
|
|
5m| condition val() < 1 ''1'''
|
|
trigger:
|
|
- count: 1
|
|
percent: null
|
|
condition_prometheus_query_language: []
|
|
condition_threshold: []
|
|
display_name: VPN Tunnel Established
|
|
display_name: VPN Tunnel Established
|
|
documentation: []
|
|
enabled: true
|
|
notification_channels: []
|
|
project: fast2-prod-net-landing-0
|
|
severity: null
|
|
timeouts: null
|
|
user_labels: null
|
|
google_monitoring_dashboard.dashboard["firewall_insights.json"]:
|
|
dashboard_json: '{"displayName":"Firewall Insights Monitoring","gridLayout":{"columns":"2","widgets":[{"title":"Subnet
|
|
Firewall Hit Counts","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"minAlignmentPeriod":"60s","plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesFilter":{"aggregation":{"perSeriesAligner":"ALIGN_RATE"},"filter":"metric.type=\"firewallinsights.googleapis.com/subnet/firewall_hit_count\"
|
|
resource.type=\"gce_subnetwork\"","secondaryAggregation":{}},"unitOverride":"1"}}],"timeshiftDuration":"0s","yAxis":{"label":"y1Axis","scale":"LINEAR"}}},{"title":"VM
|
|
Firewall Hit Counts","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"minAlignmentPeriod":"60s","plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesFilter":{"aggregation":{"perSeriesAligner":"ALIGN_RATE"},"filter":"metric.type=\"firewallinsights.googleapis.com/vm/firewall_hit_count\"
|
|
resource.type=\"gce_instance\"","secondaryAggregation":{}},"unitOverride":"1"}}],"timeshiftDuration":"0s","yAxis":{"label":"y1Axis","scale":"LINEAR"}}}]}}'
|
|
project: fast2-prod-net-landing-0
|
|
timeouts: null
|
|
google_monitoring_dashboard.dashboard["vpc_and_vpc_peering_group_quotas.json"]:
|
|
dashboard_json: '{"dashboardFilters":[],"displayName":"VPC \u0026 VPC Peering
|
|
Group Quotas","labels":{},"mosaicLayout":{"columns":12,"tiles":[{"height":4,"widget":{"title":"Internal
|
|
network (L4) Load Balancers per VPC Peering Group","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"breakdowns":[],"dimensions":[],"measures":[],"plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesQueryLanguage":"fetch
|
|
compute.googleapis.com/VpcNetwork\n|{ metric\n compute.googleapis.com/quota/internal_lb_forwarding_rules_per_peering_group/usage\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.max()\n ; metric\n compute.googleapis.com/quota/internal_lb_forwarding_rules_per_peering_group/limit\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.min() }\n| ratio\n| value cast_units(val()*100, \"%\")","unitOverride":""}}],"thresholds":[],"timeshiftDuration":"0s","yAxis":{"label":"","scale":"LINEAR"}}},"width":6,"xPos":6},{"height":4,"widget":{"title":"Internal
|
|
network (L4) Load Balancers per VPC","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesQueryLanguage":"fetch
|
|
compute.googleapis.com/VpcNetwork\n|{ metric\n compute.googleapis.com/quota/internal_lb_forwarding_rules_per_vpc_network/usage\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.max()\n ; metric\n compute.googleapis.com/quota/internal_lb_forwarding_rules_per_vpc_network/limit\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.min() }\n| ratio\n| value cast_units(val()*100, \"%\")","unitOverride":""}}],"thresholds":[],"timeshiftDuration":"0s","yAxis":{"label":"","scale":"LINEAR"}}},"width":6},{"height":4,"widget":{"title":"Internal
|
|
application (L7) Load Balancers per VPC","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"breakdowns":[],"dimensions":[],"measures":[],"plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesQueryLanguage":"fetch
|
|
compute.googleapis.com/VpcNetwork\n|{ metric\n compute.googleapis.com/quota/internal_managed_forwarding_rules_per_vpc_network/usage\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.max()\n ; metric\n compute.googleapis.com/quota/internal_managed_forwarding_rules_per_vpc_network/limit\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.min() }\n| ratio\n| value cast_units(val()*100, \"%\")","unitOverride":""}}],"thresholds":[],"timeshiftDuration":"0s","yAxis":{"label":"","scale":"LINEAR"}}},"width":6,"yPos":4},{"height":4,"widget":{"title":"Internal
|
|
application (L7) Load Balancers per VPC Peering Group","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"breakdowns":[],"dimensions":[],"measures":[],"plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesQueryLanguage":"fetch
|
|
compute.googleapis.com/VpcNetwork\n|{ metric\n compute.googleapis.com/quota/internal_managed_forwarding_rules_per_peering_group/usage\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.max()\n ; metric\n compute.googleapis.com/quota/internal_managed_forwarding_rules_per_peering_group/limit\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.min() }\n| ratio\n| value cast_units(val()*100, \"%\")","unitOverride":""}}],"thresholds":[],"timeshiftDuration":"0s","yAxis":{"label":"","scale":"LINEAR"}}},"width":6,"xPos":6,"yPos":4},{"height":4,"widget":{"title":"Instances
|
|
per VPC","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesQueryLanguage":"fetch
|
|
compute.googleapis.com/VpcNetwork\n|{ metric\n compute.googleapis.com/quota/instances_per_vpc_network/usage\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.max()\n ; metric\n compute.googleapis.com/quota/instances_per_vpc_network/limit\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.min() }\n| ratio\n| value cast_units(val()*100, \"%\") ","unitOverride":""}}],"thresholds":[],"timeshiftDuration":"0s","yAxis":{"label":"","scale":"LINEAR"}}},"width":6,"yPos":8},{"height":4,"widget":{"title":"Instances
|
|
per VPC Peering Group","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesQueryLanguage":"fetch
|
|
compute.googleapis.com/VpcNetwork\n|{ metric\n compute.googleapis.com/quota/instances_per_peering_group/usage\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.max()\n ; metric\n compute.googleapis.com/quota/instances_per_peering_group/limit\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.min() }\n| ratio\n| value cast_units(val()*100, \"%\")","unitOverride":""}}],"thresholds":[],"timeshiftDuration":"0s","yAxis":{"label":"","scale":"LINEAR"}}},"width":6,"xPos":6,"yPos":8},{"height":4,"widget":{"title":"Subnet
|
|
ranges per VPC","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesQueryLanguage":"fetch
|
|
compute.googleapis.com/VpcNetwork\n|{ metric\n compute.googleapis.com/quota/subnet_ranges_per_vpc_network/usage\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.max()\n ; metric\n compute.googleapis.com/quota/subnet_ranges_per_vpc_network/limit\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.min() }\n| ratio\n| value cast_units(val()*100, \"%\")","unitOverride":""}}],"thresholds":[],"timeshiftDuration":"0s","yAxis":{"label":"","scale":"LINEAR"}}},"width":6,"yPos":12},{"height":4,"widget":{"title":"Subnet
|
|
ranges per VPC Peering Group","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesQueryLanguage":"fetch
|
|
compute.googleapis.com/VpcNetwork\n|{ metric\n compute.googleapis.com/quota/subnet_ranges_per_peering_group/usage\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.max()\n ; metric\n compute.googleapis.com/quota/subnet_ranges_per_peering_group/limit\n |
|
|
align next_older(1d)\n | group_by [resource.resource_container, metric.limit_name],
|
|
.min() }\n| ratio\n| value cast_units(val()*100, \"%\") ","unitOverride":""}}],"thresholds":[],"timeshiftDuration":"0s","yAxis":{"label":"","scale":"LINEAR"}}},"width":6,"xPos":6,"yPos":12}]}}'
|
|
project: fast2-prod-net-landing-0
|
|
timeouts: null
|
|
google_monitoring_dashboard.dashboard["vpn.json"]:
|
|
dashboard_json: '{"displayName":"VPN Monitoring","mosaicLayout":{"columns":12,"tiles":[{"height":4,"widget":{"title":"Number
|
|
of connections","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"minAlignmentPeriod":"60s","plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesFilter":{"aggregation":{"perSeriesAligner":"ALIGN_MEAN"},"filter":"metric.type=\"vpn.googleapis.com/gateway/connections\"
|
|
resource.type=\"vpn_gateway\"","secondaryAggregation":{}},"unitOverride":"1"}}],"timeshiftDuration":"0s","yAxis":{"label":"y1Axis","scale":"LINEAR"}}},"width":4},{"height":4,"widget":{"title":"Tunnel
|
|
established","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"minAlignmentPeriod":"60s","plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesFilter":{"aggregation":{"perSeriesAligner":"ALIGN_MEAN"},"filter":"metric.type=\"vpn.googleapis.com/tunnel_established\"
|
|
resource.type=\"vpn_gateway\"","secondaryAggregation":{}},"unitOverride":"1"}}],"timeshiftDuration":"0s","yAxis":{"label":"y1Axis","scale":"LINEAR"}}},"width":4,"xPos":4},{"height":4,"widget":{"title":"VPN
|
|
Tunnel Bandwidth usage","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesQueryLanguage":"fetch
|
|
vpn_gateway| { metric vpn.googleapis.com/network/sent_bytes_count; metric vpn.googleapis.com/network/received_bytes_count
|
|
}| align rate (1m)| group_by [metric.tunnel_name]| outer_join 0,0| value val(0)
|
|
+ val(1)| condition val() \u003e 187.5 \"MBy/s\""}}],"thresholds":[{"targetAxis":"Y1","value":187500000}],"timeshiftDuration":"0s","yAxis":{"scale":"LINEAR"}}},"width":4,"xPos":8},{"height":4,"widget":{"title":"Cloud
|
|
VPN Gateway - Received bytes","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"minAlignmentPeriod":"60s","plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesFilter":{"aggregation":{"perSeriesAligner":"ALIGN_RATE"},"filter":"metric.type=\"vpn.googleapis.com/network/received_bytes_count\"
|
|
resource.type=\"vpn_gateway\"","secondaryAggregation":{}},"unitOverride":"By"}}],"timeshiftDuration":"0s","yAxis":{"label":"y1Axis","scale":"LINEAR"}}},"width":6,"yPos":4},{"height":4,"widget":{"title":"Cloud
|
|
VPN Gateway - Sent bytes","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"minAlignmentPeriod":"60s","plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesFilter":{"aggregation":{"perSeriesAligner":"ALIGN_RATE"},"filter":"metric.type=\"vpn.googleapis.com/network/sent_bytes_count\"
|
|
resource.type=\"vpn_gateway\"","secondaryAggregation":{}},"unitOverride":"By"}}],"timeshiftDuration":"0s","yAxis":{"label":"y1Axis","scale":"LINEAR"}}},"width":6,"xPos":6,"yPos":4},{"height":4,"widget":{"title":"Cloud
|
|
VPN Gateway - Received packets","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"minAlignmentPeriod":"60s","plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesFilter":{"aggregation":{"perSeriesAligner":"ALIGN_RATE"},"filter":"metric.type=\"vpn.googleapis.com/network/received_packets_count\"
|
|
resource.type=\"vpn_gateway\"","secondaryAggregation":{}},"unitOverride":"{packets}"}}],"timeshiftDuration":"0s","yAxis":{"label":"y1Axis","scale":"LINEAR"}}},"width":6,"yPos":8},{"height":4,"widget":{"title":"Cloud
|
|
VPN Gateway - Sent packets","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"minAlignmentPeriod":"60s","plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesFilter":{"aggregation":{"perSeriesAligner":"ALIGN_RATE"},"filter":"metric.type=\"vpn.googleapis.com/network/sent_packets_count\"
|
|
resource.type=\"vpn_gateway\"","secondaryAggregation":{}},"unitOverride":"{packets}"}}],"timeshiftDuration":"0s","yAxis":{"label":"y1Axis","scale":"LINEAR"}}},"width":6,"xPos":6,"yPos":8},{"height":4,"widget":{"title":"Incoming
|
|
packets dropped","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"minAlignmentPeriod":"60s","plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesFilter":{"aggregation":{"perSeriesAligner":"ALIGN_RATE"},"filter":"metric.type=\"vpn.googleapis.com/network/dropped_received_packets_count\"
|
|
resource.type=\"vpn_gateway\"","secondaryAggregation":{}},"unitOverride":"1"}}],"timeshiftDuration":"0s","yAxis":{"label":"y1Axis","scale":"LINEAR"}}},"width":6,"xPos":6,"yPos":12},{"height":4,"widget":{"title":"Outgoing
|
|
packets dropped","xyChart":{"chartOptions":{"mode":"COLOR"},"dataSets":[{"minAlignmentPeriod":"60s","plotType":"LINE","targetAxis":"Y1","timeSeriesQuery":{"timeSeriesFilter":{"aggregation":{"perSeriesAligner":"ALIGN_RATE"},"filter":"metric.type=\"vpn.googleapis.com/network/dropped_sent_packets_count\"
|
|
resource.type=\"vpn_gateway\"","secondaryAggregation":{}},"unitOverride":"1"}}],"timeshiftDuration":"0s","yAxis":{"label":"y1Axis","scale":"LINEAR"}}},"width":6,"yPos":12}]}}'
|
|
project: fast2-prod-net-landing-0
|
|
timeouts: null
|
|
google_network_connectivity_hub.hub_landing:
|
|
description: Prod hub landing (trusted)
|
|
labels: null
|
|
name: prod-hub-landing
|
|
project: fast2-prod-net-landing-0
|
|
timeouts: null
|
|
google_network_connectivity_hub.hub_dmz:
|
|
description: Prod hub DMZ (untrusted)
|
|
labels: null
|
|
name: prod-hub-dmz
|
|
project: fast2-prod-net-landing-0
|
|
timeouts: null
|
|
google_storage_bucket_object.tfvars:
|
|
bucket: test
|
|
cache_control: null
|
|
content_disposition: null
|
|
content_encoding: null
|
|
content_language: null
|
|
customer_encryption: []
|
|
detect_md5hash: different hash
|
|
event_based_hold: null
|
|
metadata: null
|
|
name: tfvars/2-networking.auto.tfvars.json
|
|
retention: []
|
|
source: null
|
|
temporary_hold: null
|
|
timeouts: null
|
|
module.dev-dns-peer-landing-rev-10.google_dns_managed_zone.dns_managed_zone[0]:
|
|
cloud_logging_config:
|
|
- enable_logging: false
|
|
description: Terraform managed.
|
|
dns_name: 10.in-addr.arpa.
|
|
dnssec_config: []
|
|
force_destroy: false
|
|
forwarding_config: []
|
|
labels: null
|
|
name: dev-reverse-10-dns-peering
|
|
project: fast2-dev-net-spoke-0
|
|
reverse_lookup: false
|
|
service_directory_config: []
|
|
timeouts: null
|
|
visibility: private
|
|
module.dev-dns-peer-landing-root.google_dns_managed_zone.dns_managed_zone[0]:
|
|
cloud_logging_config:
|
|
- enable_logging: false
|
|
description: Terraform managed.
|
|
dns_name: .
|
|
dnssec_config: []
|
|
force_destroy: false
|
|
forwarding_config: []
|
|
labels: null
|
|
name: dev-root-dns-peering
|
|
project: fast2-dev-net-spoke-0
|
|
reverse_lookup: false
|
|
service_directory_config: []
|
|
timeouts: null
|
|
visibility: private
|
|
module.dev-dns-private-zone.google_dns_managed_zone.dns_managed_zone[0]:
|
|
cloud_logging_config:
|
|
- enable_logging: false
|
|
description: Terraform managed.
|
|
dns_name: dev.gcp.example.com.
|
|
dnssec_config: []
|
|
force_destroy: false
|
|
forwarding_config: []
|
|
labels: null
|
|
name: dev-gcp-example-com
|
|
peering_config: []
|
|
project: fast2-dev-net-spoke-0
|
|
service_directory_config: []
|
|
timeouts: null
|
|
visibility: private
|
|
module.dev-dns-private-zone.google_dns_record_set.dns_record_set["A localhost"]:
|
|
managed_zone: dev-gcp-example-com
|
|
name: localhost.dev.gcp.example.com.
|
|
project: fast2-dev-net-spoke-0
|
|
routing_policy: []
|
|
rrdatas:
|
|
- 127.0.0.1
|
|
ttl: 300
|
|
type: A
|
|
module.dev-spoke-firewall.google_compute_firewall.custom-rules["ingress-allow-composer-nodes"]:
|
|
allow:
|
|
- ports:
|
|
- '80'
|
|
- '443'
|
|
- '3306'
|
|
- '3307'
|
|
protocol: tcp
|
|
deny: []
|
|
description: Allow traffic to Composer nodes.
|
|
direction: INGRESS
|
|
disabled: false
|
|
log_config: []
|
|
name: ingress-allow-composer-nodes
|
|
priority: 1000
|
|
project: fast2-dev-net-spoke-0
|
|
source_ranges: null
|
|
source_service_accounts: null
|
|
source_tags:
|
|
- composer-worker
|
|
target_service_accounts: null
|
|
target_tags:
|
|
- composer-worker
|
|
timeouts: null
|
|
module.dev-spoke-firewall.google_compute_firewall.custom-rules["ingress-allow-dataflow-load"]:
|
|
allow:
|
|
- ports:
|
|
- '12345'
|
|
- '12346'
|
|
protocol: tcp
|
|
deny: []
|
|
description: Allow traffic to Dataflow nodes.
|
|
direction: INGRESS
|
|
disabled: false
|
|
log_config: []
|
|
name: ingress-allow-dataflow-load
|
|
priority: 1000
|
|
project: fast2-dev-net-spoke-0
|
|
source_ranges: null
|
|
source_service_accounts: null
|
|
source_tags:
|
|
- dataflow
|
|
target_service_accounts: null
|
|
target_tags:
|
|
- dataflow
|
|
timeouts: null
|
|
module.dev-spoke-firewall.google_compute_firewall.custom-rules["ingress-default-deny"]:
|
|
allow: []
|
|
deny:
|
|
- ports: []
|
|
protocol: all
|
|
description: Deny and log any unmatched ingress traffic.
|
|
direction: INGRESS
|
|
disabled: false
|
|
log_config:
|
|
- metadata: EXCLUDE_ALL_METADATA
|
|
name: ingress-default-deny
|
|
priority: 65535
|
|
project: fast2-dev-net-spoke-0
|
|
source_ranges:
|
|
- 0.0.0.0/0
|
|
source_service_accounts: null
|
|
source_tags: null
|
|
target_service_accounts: null
|
|
target_tags: null
|
|
timeouts: null
|
|
module.dev-spoke-project.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
|
|
project: fast2-dev-net-spoke-0
|
|
timeouts: null
|
|
module.dev-spoke-project.google_monitoring_monitored_project.primary["fast2-prod-net-landing-0"]:
|
|
metrics_scope: fast2-prod-net-landing-0
|
|
name: fast2-dev-net-spoke-0
|
|
timeouts: null
|
|
module.dev-spoke-project.google_project.project[0]:
|
|
auto_create_network: false
|
|
billing_account: 000000-111111-222222
|
|
folder_id: null
|
|
labels: null
|
|
name: fast2-dev-net-spoke-0
|
|
org_id: null
|
|
project_id: fast2-dev-net-spoke-0
|
|
skip_delete: false
|
|
timeouts: null
|
|
module.dev-spoke-project.google_project_iam_binding.authoritative["roles/dns.admin"]:
|
|
condition: []
|
|
members:
|
|
- serviceAccount:string
|
|
project: fast2-dev-net-spoke-0
|
|
role: roles/dns.admin
|
|
module.dev-spoke-project.google_project_iam_binding.bindings["sa_delegated_grants"]:
|
|
condition:
|
|
- description: Development host project delegated grants.
|
|
expression: api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly(['roles/composer.sharedVpcAgent','roles/compute.networkUser','roles/compute.networkViewer','roles/container.hostServiceAgentUser','roles/multiclusterservicediscovery.serviceAgent','roles/vpcaccess.user'])
|
|
title: dev_stage3_sa_delegated_grants
|
|
members:
|
|
- serviceAccount:string
|
|
project: fast2-dev-net-spoke-0
|
|
role: roles/resourcemanager.projectIamAdmin
|
|
module.dev-spoke-project.google_project_iam_member.servicenetworking[0]:
|
|
condition: []
|
|
project: fast2-dev-net-spoke-0
|
|
role: roles/servicenetworking.serviceAgent
|
|
module.dev-spoke-project.google_project_service.project_services["compute.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-dev-net-spoke-0
|
|
service: compute.googleapis.com
|
|
timeouts: null
|
|
module.dev-spoke-project.google_project_service.project_services["dns.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-dev-net-spoke-0
|
|
service: dns.googleapis.com
|
|
timeouts: null
|
|
module.dev-spoke-project.google_project_service.project_services["iap.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-dev-net-spoke-0
|
|
service: iap.googleapis.com
|
|
timeouts: null
|
|
module.dev-spoke-project.google_project_service.project_services["networkmanagement.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-dev-net-spoke-0
|
|
service: networkmanagement.googleapis.com
|
|
timeouts: null
|
|
module.dev-spoke-project.google_project_service.project_services["servicenetworking.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-dev-net-spoke-0
|
|
service: servicenetworking.googleapis.com
|
|
timeouts: null
|
|
module.dev-spoke-project.google_project_service.project_services["stackdriver.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-dev-net-spoke-0
|
|
service: stackdriver.googleapis.com
|
|
timeouts: null
|
|
module.dev-spoke-project.google_project_service.project_services["vpcaccess.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-dev-net-spoke-0
|
|
service: vpcaccess.googleapis.com
|
|
timeouts: null
|
|
module.dev-spoke-project.google_project_service_identity.jit_si["iap.googleapis.com"]:
|
|
project: fast2-dev-net-spoke-0
|
|
service: iap.googleapis.com
|
|
timeouts: null
|
|
module.dev-spoke-project.google_project_service_identity.servicenetworking[0]:
|
|
project: fast2-dev-net-spoke-0
|
|
service: servicenetworking.googleapis.com
|
|
timeouts: null
|
|
module.dev-spoke-vpc.google_compute_network.network[0]:
|
|
auto_create_subnetworks: false
|
|
delete_default_routes_on_create: true
|
|
description: Terraform-managed.
|
|
enable_ula_internal_ipv6: null
|
|
mtu: 1500
|
|
name: dev-spoke-0
|
|
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
|
|
project: fast2-dev-net-spoke-0
|
|
routing_mode: GLOBAL
|
|
timeouts: null
|
|
module.dev-spoke-vpc.google_compute_route.gateway["private-googleapis"]:
|
|
description: Terraform-managed.
|
|
dest_range: 199.36.153.8/30
|
|
name: dev-spoke-0-private-googleapis
|
|
next_hop_gateway: default-internet-gateway
|
|
next_hop_ilb: null
|
|
next_hop_instance: null
|
|
next_hop_vpn_tunnel: null
|
|
priority: 1000
|
|
project: fast2-dev-net-spoke-0
|
|
tags: null
|
|
timeouts: null
|
|
module.dev-spoke-vpc.google_compute_route.gateway["restricted-googleapis"]:
|
|
description: Terraform-managed.
|
|
dest_range: 199.36.153.4/30
|
|
name: dev-spoke-0-restricted-googleapis
|
|
next_hop_gateway: default-internet-gateway
|
|
next_hop_ilb: null
|
|
next_hop_instance: null
|
|
next_hop_vpn_tunnel: null
|
|
priority: 1000
|
|
project: fast2-dev-net-spoke-0
|
|
tags: null
|
|
timeouts: null
|
|
module.dev-spoke-vpc.google_compute_subnetwork.subnetwork["europe-west1/dev-dataplatform"]:
|
|
description: Default subnet for dev Data Platform
|
|
ip_cidr_range: 10.68.2.0/24
|
|
ipv6_access_type: null
|
|
log_config: []
|
|
name: dev-dataplatform
|
|
private_ip_google_access: true
|
|
project: fast2-dev-net-spoke-0
|
|
region: europe-west1
|
|
role: null
|
|
secondary_ip_range:
|
|
- ip_cidr_range: 100.69.0.0/16
|
|
range_name: pods
|
|
- ip_cidr_range: 100.71.2.0/24
|
|
range_name: services
|
|
timeouts: null
|
|
module.dev-spoke-vpc.google_compute_subnetwork.subnetwork["europe-west1/dev-default"]:
|
|
description: Default europe-west1 subnet for dev
|
|
ip_cidr_range: 10.68.0.0/24
|
|
ipv6_access_type: null
|
|
log_config: []
|
|
name: dev-default
|
|
private_ip_google_access: true
|
|
project: fast2-dev-net-spoke-0
|
|
region: europe-west1
|
|
role: null
|
|
secondary_ip_range: []
|
|
timeouts: null
|
|
module.dev-spoke-vpc.google_compute_subnetwork.subnetwork["europe-west1/dev-gke-nodes"]:
|
|
description: Default subnet for prod gke nodes
|
|
ip_cidr_range: 10.68.1.0/24
|
|
ipv6_access_type: null
|
|
log_config: []
|
|
name: dev-gke-nodes
|
|
private_ip_google_access: true
|
|
project: fast2-dev-net-spoke-0
|
|
region: europe-west1
|
|
role: null
|
|
secondary_ip_range:
|
|
- ip_cidr_range: 100.68.0.0/16
|
|
range_name: pods
|
|
- ip_cidr_range: 100.71.1.0/24
|
|
range_name: services
|
|
timeouts: null
|
|
module.dev-spoke-vpc.google_compute_subnetwork.subnetwork["europe-west4/dev-default"]:
|
|
description: Default europe-west4 subnet for dev
|
|
ip_cidr_range: 10.84.0.0/24
|
|
ipv6_access_type: null
|
|
log_config: []
|
|
name: dev-default
|
|
private_ip_google_access: true
|
|
project: fast2-dev-net-spoke-0
|
|
region: europe-west4
|
|
role: null
|
|
secondary_ip_range: []
|
|
timeouts: null
|
|
module.dev-spoke-vpc.google_dns_policy.default[0]:
|
|
alternative_name_server_config: []
|
|
description: Managed by Terraform
|
|
enable_inbound_forwarding: null
|
|
enable_logging: true
|
|
name: dev-spoke-0
|
|
networks:
|
|
- {}
|
|
project: fast2-dev-net-spoke-0
|
|
timeouts: null
|
|
module.firewall-policy-default.google_compute_firewall_policy.hierarchical[0]:
|
|
description: null
|
|
short_name: net-default
|
|
timeouts: null
|
|
module.firewall-policy-default.google_compute_firewall_policy_rule.hierarchical["ingress/allow-healthchecks"]:
|
|
action: allow
|
|
description: Enable HTTP and HTTPS healthchecks
|
|
direction: INGRESS
|
|
disabled: false
|
|
enable_logging: null
|
|
match:
|
|
- dest_address_groups: null
|
|
dest_fqdns: null
|
|
dest_ip_ranges: null
|
|
dest_region_codes: null
|
|
dest_threat_intelligences: null
|
|
layer4_configs:
|
|
- ip_protocol: tcp
|
|
ports:
|
|
- '80'
|
|
- '443'
|
|
src_address_groups: null
|
|
src_fqdns: null
|
|
src_ip_ranges:
|
|
- 35.191.0.0/16
|
|
- 130.211.0.0/22
|
|
- 209.85.152.0/22
|
|
- 209.85.204.0/22
|
|
src_region_codes: null
|
|
src_threat_intelligences: null
|
|
priority: 1001
|
|
target_resources: null
|
|
target_service_accounts: null
|
|
timeouts: null
|
|
module.firewall-policy-default.google_compute_firewall_policy_rule.hierarchical["ingress/allow-icmp"]:
|
|
action: allow
|
|
description: Enable ICMP
|
|
direction: INGRESS
|
|
disabled: false
|
|
enable_logging: null
|
|
match:
|
|
- dest_address_groups: null
|
|
dest_fqdns: null
|
|
dest_ip_ranges: null
|
|
dest_region_codes: null
|
|
dest_threat_intelligences: null
|
|
layer4_configs:
|
|
- ip_protocol: icmp
|
|
ports: []
|
|
src_address_groups: null
|
|
src_fqdns: null
|
|
src_ip_ranges:
|
|
- 0.0.0.0/0
|
|
src_region_codes: null
|
|
src_threat_intelligences: null
|
|
priority: 1003
|
|
target_resources: null
|
|
target_service_accounts: null
|
|
timeouts: null
|
|
module.firewall-policy-default.google_compute_firewall_policy_rule.hierarchical["ingress/allow-nat-ranges"]:
|
|
action: allow
|
|
description: Enable NAT ranges for VPC serverless connector
|
|
direction: INGRESS
|
|
disabled: false
|
|
enable_logging: null
|
|
match:
|
|
- dest_address_groups: null
|
|
dest_fqdns: null
|
|
dest_ip_ranges: null
|
|
dest_region_codes: null
|
|
dest_threat_intelligences: null
|
|
layer4_configs:
|
|
- ip_protocol: all
|
|
ports: null
|
|
src_address_groups: null
|
|
src_fqdns: null
|
|
src_ip_ranges:
|
|
- 107.178.230.64/26
|
|
- 35.199.224.0/19
|
|
src_region_codes: null
|
|
src_threat_intelligences: null
|
|
priority: 1004
|
|
target_resources: null
|
|
target_service_accounts: null
|
|
timeouts: null
|
|
module.firewall-policy-default.google_compute_firewall_policy_rule.hierarchical["ingress/allow-ssh-from-iap"]:
|
|
action: allow
|
|
description: Enable SSH from IAP
|
|
direction: INGRESS
|
|
disabled: false
|
|
enable_logging: true
|
|
match:
|
|
- dest_address_groups: null
|
|
dest_fqdns: null
|
|
dest_ip_ranges: null
|
|
dest_region_codes: null
|
|
dest_threat_intelligences: null
|
|
layer4_configs:
|
|
- ip_protocol: tcp
|
|
ports:
|
|
- '22'
|
|
src_address_groups: null
|
|
src_fqdns: null
|
|
src_ip_ranges:
|
|
- 35.235.240.0/20
|
|
src_region_codes: null
|
|
src_threat_intelligences: null
|
|
priority: 1002
|
|
target_resources: null
|
|
target_service_accounts: null
|
|
timeouts: null
|
|
module.folder.google_compute_firewall_policy_association.default[0]:
|
|
name: default
|
|
timeouts: null
|
|
module.folder.google_essential_contacts_contact.contact["gcp-network-admins@fast.example.com"]:
|
|
email: gcp-network-admins@fast.example.com
|
|
language_tag: en
|
|
notification_category_subscriptions:
|
|
- ALL
|
|
timeouts: null
|
|
module.folder.google_folder.folder[0]:
|
|
display_name: Networking
|
|
parent: organizations/123456789012
|
|
timeouts: null
|
|
module.landing-dns-fwd-onprem-example[0].google_dns_managed_zone.dns_managed_zone[0]:
|
|
cloud_logging_config:
|
|
- enable_logging: false
|
|
description: Terraform managed.
|
|
dns_name: onprem.example.com.
|
|
dnssec_config: []
|
|
force_destroy: false
|
|
forwarding_config:
|
|
- target_name_servers:
|
|
- forwarding_path: ''
|
|
ipv4_address: 10.10.10.10
|
|
labels: null
|
|
name: example-com
|
|
peering_config: []
|
|
project: fast2-prod-net-landing-0
|
|
reverse_lookup: false
|
|
service_directory_config: []
|
|
timeouts: null
|
|
visibility: private
|
|
module.landing-dns-fwd-onprem-rev-10[0].google_dns_managed_zone.dns_managed_zone[0]:
|
|
cloud_logging_config:
|
|
- enable_logging: false
|
|
description: Terraform managed.
|
|
dns_name: 10.in-addr.arpa.
|
|
dnssec_config: []
|
|
force_destroy: false
|
|
forwarding_config:
|
|
- target_name_servers:
|
|
- forwarding_path: ''
|
|
ipv4_address: 10.10.10.10
|
|
labels: null
|
|
name: root-reverse-10
|
|
peering_config: []
|
|
project: fast2-prod-net-landing-0
|
|
reverse_lookup: false
|
|
service_directory_config: []
|
|
timeouts: null
|
|
visibility: private
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy.default[0]:
|
|
description: Managed by Terraform
|
|
gke_clusters: []
|
|
networks:
|
|
- {}
|
|
- {}
|
|
project: fast2-prod-net-landing-0
|
|
response_policy_name: googleapis
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["accounts"]:
|
|
behavior: null
|
|
dns_name: accounts.google.com.
|
|
local_data:
|
|
- local_datas:
|
|
- name: accounts.google.com.
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: accounts
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["backupdr-cloud"]:
|
|
behavior: null
|
|
dns_name: backupdr.cloud.google.com.
|
|
local_data:
|
|
- local_datas:
|
|
- name: backupdr.cloud.google.com.
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: backupdr-cloud
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["backupdr-cloud-all"]:
|
|
behavior: null
|
|
dns_name: '*.backupdr.cloud.google.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.backupdr.cloud.google.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: backupdr-cloud-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["backupdr-gu"]:
|
|
behavior: null
|
|
dns_name: backupdr.googleusercontent.google.com.
|
|
local_data:
|
|
- local_datas:
|
|
- name: backupdr.googleusercontent.google.com.
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: backupdr-gu
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["backupdr-gu-all"]:
|
|
behavior: null
|
|
dns_name: '*.backupdr.googleusercontent.google.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.backupdr.googleusercontent.google.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: backupdr-gu-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["cloudfunctions"]:
|
|
behavior: null
|
|
dns_name: '*.cloudfunctions.net.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.cloudfunctions.net.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: cloudfunctions
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["cloudproxy"]:
|
|
behavior: null
|
|
dns_name: '*.cloudproxy.app.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.cloudproxy.app.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: cloudproxy
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["composer-cloud-all"]:
|
|
behavior: null
|
|
dns_name: '*.composer.cloud.google.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.composer.cloud.google.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: composer-cloud-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["composer-gu-all"]:
|
|
behavior: null
|
|
dns_name: '*.composer.googleusercontent.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.composer.googleusercontent.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: composer-gu-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["datafusion-all"]:
|
|
behavior: null
|
|
dns_name: '*.datafusion.cloud.google.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.datafusion.cloud.google.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: datafusion-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["datafusion-gu-all"]:
|
|
behavior: null
|
|
dns_name: '*.datafusion.googleusercontent.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.datafusion.googleusercontent.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: datafusion-gu-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["dataproc"]:
|
|
behavior: null
|
|
dns_name: dataproc.cloud.google.com.
|
|
local_data:
|
|
- local_datas:
|
|
- name: dataproc.cloud.google.com.
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: dataproc
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["dataproc-all"]:
|
|
behavior: null
|
|
dns_name: '*.dataproc.cloud.google.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.dataproc.cloud.google.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: dataproc-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["dataproc-gu"]:
|
|
behavior: null
|
|
dns_name: dataproc.googleusercontent.com.
|
|
local_data:
|
|
- local_datas:
|
|
- name: dataproc.googleusercontent.com.
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: dataproc-gu
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["dataproc-gu-all"]:
|
|
behavior: null
|
|
dns_name: '*.dataproc.googleusercontent.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.dataproc.googleusercontent.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: dataproc-gu-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["dl"]:
|
|
behavior: null
|
|
dns_name: dl.google.com.
|
|
local_data:
|
|
- local_datas:
|
|
- name: dl.google.com.
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: dl
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["gcr"]:
|
|
behavior: null
|
|
dns_name: gcr.io.
|
|
local_data:
|
|
- local_datas:
|
|
- name: gcr.io.
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: gcr
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["gcr-all"]:
|
|
behavior: null
|
|
dns_name: '*.gcr.io.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.gcr.io.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: gcr-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["googleapis-all"]:
|
|
behavior: null
|
|
dns_name: '*.googleapis.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.googleapis.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: googleapis-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["googleapis-private"]:
|
|
behavior: null
|
|
dns_name: private.googleapis.com.
|
|
local_data:
|
|
- local_datas:
|
|
- name: private.googleapis.com.
|
|
rrdatas:
|
|
- 199.36.153.8
|
|
- 199.36.153.9
|
|
- 199.36.153.10
|
|
- 199.36.153.11
|
|
ttl: null
|
|
type: A
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: googleapis-private
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["googleapis-restricted"]:
|
|
behavior: null
|
|
dns_name: restricted.googleapis.com.
|
|
local_data:
|
|
- local_datas:
|
|
- name: restricted.googleapis.com.
|
|
rrdatas:
|
|
- 199.36.153.4
|
|
- 199.36.153.5
|
|
- 199.36.153.6
|
|
- 199.36.153.7
|
|
ttl: null
|
|
type: A
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: googleapis-restricted
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["gstatic-all"]:
|
|
behavior: null
|
|
dns_name: '*.gstatic.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.gstatic.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: gstatic-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["kernels-gu"]:
|
|
behavior: null
|
|
dns_name: kernels.googleusercontent.com.
|
|
local_data:
|
|
- local_datas:
|
|
- name: kernels.googleusercontent.com.
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: kernels-gu
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["kernels-gu-all"]:
|
|
behavior: null
|
|
dns_name: '*.kernels.googleusercontent.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.kernels.googleusercontent.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: kernels-gu-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["notebooks-all"]:
|
|
behavior: null
|
|
dns_name: '*.notebooks.cloud.google.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.notebooks.cloud.google.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: notebooks-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["notebooks-gu-all"]:
|
|
behavior: null
|
|
dns_name: '*.notebooks.googleusercontent.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.notebooks.googleusercontent.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: notebooks-gu-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["packages-cloud"]:
|
|
behavior: null
|
|
dns_name: packages.cloud.google.com.
|
|
local_data:
|
|
- local_datas:
|
|
- name: packages.cloud.google.com.
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: packages-cloud
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["packages-cloud-all"]:
|
|
behavior: null
|
|
dns_name: '*.packages.cloud.google.com.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.packages.cloud.google.com.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: packages-cloud-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["pkgdev"]:
|
|
behavior: null
|
|
dns_name: pkg.dev.
|
|
local_data:
|
|
- local_datas:
|
|
- name: pkg.dev.
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: pkgdev
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["pkgdev-all"]:
|
|
behavior: null
|
|
dns_name: '*.pkg.dev.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.pkg.dev.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: pkgdev-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["pkigoog"]:
|
|
behavior: null
|
|
dns_name: pki.goog.
|
|
local_data:
|
|
- local_datas:
|
|
- name: pki.goog.
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: pkigoog
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["pkigoog-all"]:
|
|
behavior: null
|
|
dns_name: '*.pki.goog.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.pki.goog.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: pkigoog-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["run-all"]:
|
|
behavior: null
|
|
dns_name: '*.run.app.'
|
|
local_data:
|
|
- local_datas:
|
|
- name: '*.run.app.'
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: run-all
|
|
timeouts: null
|
|
module.landing-dns-policy-googleapis.google_dns_response_policy_rule.default["source"]:
|
|
behavior: null
|
|
dns_name: source.developers.google.com.
|
|
local_data:
|
|
- local_datas:
|
|
- name: source.developers.google.com.
|
|
rrdatas:
|
|
- private.googleapis.com.
|
|
ttl: null
|
|
type: CNAME
|
|
project: fast2-prod-net-landing-0
|
|
response_policy: googleapis
|
|
rule_name: source
|
|
timeouts: null
|
|
module.landing-dns-priv-gcp.google_dns_managed_zone.dns_managed_zone[0]:
|
|
cloud_logging_config:
|
|
- enable_logging: false
|
|
description: Terraform managed.
|
|
dns_name: gcp.example.com.
|
|
dnssec_config: []
|
|
force_destroy: false
|
|
forwarding_config: []
|
|
labels: null
|
|
name: gcp-example-com
|
|
peering_config: []
|
|
project: fast2-prod-net-landing-0
|
|
service_directory_config: []
|
|
timeouts: null
|
|
visibility: private
|
|
module.landing-dns-priv-gcp.google_dns_record_set.dns_record_set["A localhost"]:
|
|
managed_zone: gcp-example-com
|
|
name: localhost.gcp.example.com.
|
|
project: fast2-prod-net-landing-0
|
|
routing_policy: []
|
|
rrdatas:
|
|
- 127.0.0.1
|
|
ttl: 300
|
|
type: A
|
|
module.landing-nat-primary[0].google_compute_router.router[0]:
|
|
bgp: []
|
|
description: null
|
|
encrypted_interconnect_router: null
|
|
name: prod-nat-ew1
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
timeouts: null
|
|
module.landing-nat-primary[0].google_compute_router_nat.nat:
|
|
drain_nat_ips: null
|
|
enable_dynamic_port_allocation: false
|
|
enable_endpoint_independent_mapping: true
|
|
icmp_idle_timeout_sec: 30
|
|
log_config:
|
|
- enable: false
|
|
filter: ALL
|
|
max_ports_per_vm: 65536
|
|
min_ports_per_vm: 64
|
|
name: ew1
|
|
nat_ip_allocate_option: AUTO_ONLY
|
|
nat_ips: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: prod-nat-ew1
|
|
rules: []
|
|
source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES
|
|
subnetwork: []
|
|
tcp_established_idle_timeout_sec: 1200
|
|
tcp_time_wait_timeout_sec: 120
|
|
tcp_transitory_idle_timeout_sec: 30
|
|
timeouts: null
|
|
udp_idle_timeout_sec: 30
|
|
module.landing-nat-secondary[0].google_compute_router.router[0]:
|
|
bgp: []
|
|
description: null
|
|
encrypted_interconnect_router: null
|
|
name: prod-nat-ew4
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
timeouts: null
|
|
module.landing-nat-secondary[0].google_compute_router_nat.nat:
|
|
drain_nat_ips: null
|
|
enable_dynamic_port_allocation: false
|
|
enable_endpoint_independent_mapping: true
|
|
icmp_idle_timeout_sec: 30
|
|
log_config:
|
|
- enable: false
|
|
filter: ALL
|
|
max_ports_per_vm: 65536
|
|
min_ports_per_vm: 64
|
|
name: ew4
|
|
nat_ip_allocate_option: AUTO_ONLY
|
|
nat_ips: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: prod-nat-ew4
|
|
rules: []
|
|
source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES
|
|
subnetwork: []
|
|
tcp_established_idle_timeout_sec: 1200
|
|
tcp_time_wait_timeout_sec: 120
|
|
tcp_transitory_idle_timeout_sec: 30
|
|
timeouts: null
|
|
udp_idle_timeout_sec: 30
|
|
module.landing-project.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
|
|
project: fast2-prod-net-landing-0
|
|
timeouts: null
|
|
module.landing-project.google_project.project[0]:
|
|
auto_create_network: false
|
|
billing_account: 000000-111111-222222
|
|
folder_id: null
|
|
labels: null
|
|
name: fast2-prod-net-landing-0
|
|
org_id: null
|
|
project_id: fast2-prod-net-landing-0
|
|
skip_delete: false
|
|
timeouts: null
|
|
module.landing-project.google_project_iam_binding.authoritative["organizations/123456789012/roles/foo"]:
|
|
condition: []
|
|
members:
|
|
- serviceAccount:string
|
|
project: fast2-prod-net-landing-0
|
|
role: organizations/123456789012/roles/foo
|
|
module.landing-project.google_project_iam_binding.authoritative["roles/dns.admin"]:
|
|
condition: []
|
|
members:
|
|
- serviceAccount:string
|
|
project: fast2-prod-net-landing-0
|
|
role: roles/dns.admin
|
|
module.landing-project.google_project_service.project_services["compute.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-landing-0
|
|
service: compute.googleapis.com
|
|
timeouts: null
|
|
module.landing-project.google_project_service.project_services["dns.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-landing-0
|
|
service: dns.googleapis.com
|
|
timeouts: null
|
|
module.landing-project.google_project_service.project_services["iap.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-landing-0
|
|
service: iap.googleapis.com
|
|
timeouts: null
|
|
module.landing-project.google_project_service.project_services["networkconnectivity.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-landing-0
|
|
service: networkconnectivity.googleapis.com
|
|
timeouts: null
|
|
module.landing-project.google_project_service.project_services["networkmanagement.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-landing-0
|
|
service: networkmanagement.googleapis.com
|
|
timeouts: null
|
|
module.landing-project.google_project_service.project_services["stackdriver.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-landing-0
|
|
service: stackdriver.googleapis.com
|
|
timeouts: null
|
|
module.landing-project.google_project_service_identity.jit_si["iap.googleapis.com"]:
|
|
project: fast2-prod-net-landing-0
|
|
service: iap.googleapis.com
|
|
timeouts: null
|
|
module.landing-to-onprem-primary-vpn[0].google_compute_external_vpn_gateway.external_gateway["default"]:
|
|
description: Terraform managed external VPN gateway
|
|
interface:
|
|
- id: 0
|
|
ip_address: 8.8.8.8
|
|
labels: null
|
|
name: vpn-to-onprem-ew1-default
|
|
project: fast2-prod-net-landing-0
|
|
redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
|
|
timeouts: null
|
|
module.landing-to-onprem-primary-vpn[0].google_compute_ha_vpn_gateway.ha_gateway[0]:
|
|
description: Terraform managed external VPN gateway
|
|
name: vpn-to-onprem-ew1
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
stack_type: IPV4_ONLY
|
|
timeouts: null
|
|
module.landing-to-onprem-primary-vpn[0].google_compute_router.router[0]:
|
|
bgp:
|
|
- advertise_mode: CUSTOM
|
|
advertised_groups: []
|
|
advertised_ip_ranges:
|
|
- description: gcp
|
|
range: 10.1.0.0/16
|
|
- description: gcp-restricted
|
|
range: 199.36.153.4/30
|
|
- description: gcp-dns
|
|
range: 35.199.192.0/19
|
|
asn: 65501
|
|
keepalive_interval: 20
|
|
description: null
|
|
encrypted_interconnect_router: null
|
|
name: vpn-vpn-to-onprem-ew1
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
timeouts: null
|
|
module.landing-to-onprem-primary-vpn[0].google_compute_router_interface.router_interface["0"]:
|
|
interconnect_attachment: null
|
|
ip_range: 169.254.1.2/30
|
|
name: vpn-to-onprem-ew1-0
|
|
private_ip_address: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: vpn-vpn-to-onprem-ew1
|
|
subnetwork: null
|
|
timeouts: null
|
|
vpn_tunnel: vpn-to-onprem-ew1-0
|
|
module.landing-to-onprem-primary-vpn[0].google_compute_router_interface.router_interface["1"]:
|
|
interconnect_attachment: null
|
|
ip_range: 169.254.2.2/30
|
|
name: vpn-to-onprem-ew1-1
|
|
private_ip_address: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: vpn-vpn-to-onprem-ew1
|
|
subnetwork: null
|
|
timeouts: null
|
|
vpn_tunnel: vpn-to-onprem-ew1-1
|
|
module.landing-to-onprem-primary-vpn[0].google_compute_router_peer.bgp_peer["0"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: []
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 1000
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: vpn-to-onprem-ew1-0
|
|
md5_authentication_key: []
|
|
name: vpn-to-onprem-ew1-0
|
|
peer_asn: 65500
|
|
peer_ip_address: 169.254.1.1
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: vpn-vpn-to-onprem-ew1
|
|
router_appliance_instance: null
|
|
timeouts: null
|
|
module.landing-to-onprem-primary-vpn[0].google_compute_router_peer.bgp_peer["1"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: []
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 1000
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: vpn-to-onprem-ew1-1
|
|
md5_authentication_key: []
|
|
name: vpn-to-onprem-ew1-1
|
|
peer_asn: 64513
|
|
peer_ip_address: 169.254.2.1
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: vpn-vpn-to-onprem-ew1
|
|
router_appliance_instance: null
|
|
timeouts: null
|
|
module.landing-to-onprem-primary-vpn[0].google_compute_vpn_tunnel.tunnels["0"]:
|
|
description: null
|
|
ike_version: 2
|
|
labels: null
|
|
name: vpn-to-onprem-ew1-0
|
|
peer_external_gateway_interface: null
|
|
peer_gcp_gateway: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: vpn-vpn-to-onprem-ew1
|
|
shared_secret: foo
|
|
target_vpn_gateway: null
|
|
timeouts: null
|
|
vpn_gateway_interface: 0
|
|
module.landing-to-onprem-primary-vpn[0].google_compute_vpn_tunnel.tunnels["1"]:
|
|
description: null
|
|
ike_version: 2
|
|
labels: null
|
|
name: vpn-to-onprem-ew1-1
|
|
peer_external_gateway_interface: null
|
|
peer_gcp_gateway: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: vpn-vpn-to-onprem-ew1
|
|
shared_secret: foo
|
|
target_vpn_gateway: null
|
|
timeouts: null
|
|
vpn_gateway_interface: 1
|
|
module.landing-to-onprem-primary-vpn[0].random_id.secret:
|
|
byte_length: 8
|
|
keepers: null
|
|
prefix: null
|
|
module.landing-to-onprem-secondary-vpn[0].google_compute_external_vpn_gateway.external_gateway["default"]:
|
|
description: Terraform managed external VPN gateway
|
|
interface:
|
|
- id: 0
|
|
ip_address: 8.8.4.4
|
|
labels: null
|
|
name: vpn-to-onprem-ew4-default
|
|
project: fast2-prod-net-landing-0
|
|
redundancy_type: SINGLE_IP_INTERNALLY_REDUNDANT
|
|
timeouts: null
|
|
module.landing-to-onprem-secondary-vpn[0].google_compute_ha_vpn_gateway.ha_gateway[0]:
|
|
description: Terraform managed external VPN gateway
|
|
name: vpn-to-onprem-ew4
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
stack_type: IPV4_ONLY
|
|
timeouts: null
|
|
module.landing-to-onprem-secondary-vpn[0].google_compute_router.router[0]:
|
|
bgp:
|
|
- advertise_mode: CUSTOM
|
|
advertised_groups: []
|
|
advertised_ip_ranges:
|
|
- description: gcp
|
|
range: 10.1.0.0/16
|
|
- description: gcp-restricted
|
|
range: 199.36.153.4/30
|
|
- description: gcp-dns
|
|
range: 35.199.192.0/19
|
|
asn: 65501
|
|
keepalive_interval: 20
|
|
description: null
|
|
encrypted_interconnect_router: null
|
|
name: vpn-vpn-to-onprem-ew4
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
timeouts: null
|
|
module.landing-to-onprem-secondary-vpn[0].google_compute_router_interface.router_interface["0"]:
|
|
interconnect_attachment: null
|
|
ip_range: 169.254.3.2/30
|
|
name: vpn-to-onprem-ew4-0
|
|
private_ip_address: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: vpn-vpn-to-onprem-ew4
|
|
subnetwork: null
|
|
timeouts: null
|
|
vpn_tunnel: vpn-to-onprem-ew4-0
|
|
module.landing-to-onprem-secondary-vpn[0].google_compute_router_interface.router_interface["1"]:
|
|
interconnect_attachment: null
|
|
ip_range: 169.254.4.2/30
|
|
name: vpn-to-onprem-ew4-1
|
|
private_ip_address: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: vpn-vpn-to-onprem-ew4
|
|
subnetwork: null
|
|
timeouts: null
|
|
vpn_tunnel: vpn-to-onprem-ew4-1
|
|
module.landing-to-onprem-secondary-vpn[0].google_compute_router_peer.bgp_peer["0"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: []
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 1000
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: vpn-to-onprem-ew4-0
|
|
md5_authentication_key: []
|
|
name: vpn-to-onprem-ew4-0
|
|
peer_asn: 65500
|
|
peer_ip_address: 169.254.1.1
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: vpn-vpn-to-onprem-ew4
|
|
router_appliance_instance: null
|
|
timeouts: null
|
|
module.landing-to-onprem-secondary-vpn[0].google_compute_router_peer.bgp_peer["1"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: []
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 1000
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: vpn-to-onprem-ew4-1
|
|
md5_authentication_key: []
|
|
name: vpn-to-onprem-ew4-1
|
|
peer_asn: 64513
|
|
peer_ip_address: 169.254.2.1
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: vpn-vpn-to-onprem-ew4
|
|
router_appliance_instance: null
|
|
timeouts: null
|
|
module.landing-to-onprem-secondary-vpn[0].google_compute_vpn_tunnel.tunnels["0"]:
|
|
description: null
|
|
ike_version: 2
|
|
labels: null
|
|
name: vpn-to-onprem-ew4-0
|
|
peer_external_gateway_interface: null
|
|
peer_gcp_gateway: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: vpn-vpn-to-onprem-ew4
|
|
shared_secret: foo
|
|
target_vpn_gateway: null
|
|
timeouts: null
|
|
vpn_gateway_interface: 0
|
|
module.landing-to-onprem-secondary-vpn[0].google_compute_vpn_tunnel.tunnels["1"]:
|
|
description: null
|
|
ike_version: 2
|
|
labels: null
|
|
name: vpn-to-onprem-ew4-1
|
|
peer_external_gateway_interface: null
|
|
peer_gcp_gateway: null
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: vpn-vpn-to-onprem-ew4
|
|
shared_secret: foo
|
|
target_vpn_gateway: null
|
|
timeouts: null
|
|
vpn_gateway_interface: 1
|
|
module.landing-to-onprem-secondary-vpn[0].random_id.secret:
|
|
byte_length: 8
|
|
keepers: null
|
|
prefix: null
|
|
module.landing-firewall.google_compute_firewall.custom-rules["allow-hc-nva-ssh-landing"]:
|
|
allow:
|
|
- ports:
|
|
- '22'
|
|
protocol: tcp
|
|
deny: []
|
|
description: Allow traffic from Google healthchecks to NVA appliances
|
|
direction: INGRESS
|
|
disabled: false
|
|
log_config: []
|
|
name: allow-hc-nva-ssh-landing
|
|
priority: 1000
|
|
project: fast2-prod-net-landing-0
|
|
source_ranges:
|
|
- 130.211.0.0/22
|
|
- 209.85.152.0/22
|
|
- 209.85.204.0/22
|
|
- 35.191.0.0/16
|
|
source_service_accounts: null
|
|
source_tags: null
|
|
target_service_accounts: null
|
|
target_tags: null
|
|
timeouts: null
|
|
module.landing-firewall.google_compute_firewall.custom-rules["allow-ncc-nva-bgp-landing"]:
|
|
allow:
|
|
- ports:
|
|
- '179'
|
|
protocol: tcp
|
|
deny: []
|
|
description: Allow BGP traffic from NCC Cloud Routers to NVAs
|
|
direction: INGRESS
|
|
disabled: false
|
|
log_config: []
|
|
name: allow-ncc-nva-bgp-landing
|
|
priority: 1000
|
|
project: fast2-prod-net-landing-0
|
|
source_ranges:
|
|
- 10.128.64.201/32
|
|
- 10.128.64.202/32
|
|
- 10.128.96.201/32
|
|
- 10.128.96.202/32
|
|
source_service_accounts: null
|
|
source_tags: null
|
|
target_service_accounts: null
|
|
target_tags:
|
|
- nva
|
|
timeouts: null
|
|
module.landing-firewall.google_compute_firewall.custom-rules["allow-onprem-probes-landing-example"]:
|
|
allow:
|
|
- ports:
|
|
- '12345'
|
|
protocol: tcp
|
|
deny: []
|
|
description: Allow traffic from onprem probes
|
|
direction: INGRESS
|
|
disabled: false
|
|
log_config: []
|
|
name: allow-onprem-probes-landing-example
|
|
priority: 1000
|
|
project: fast2-prod-net-landing-0
|
|
source_ranges:
|
|
- 10.255.255.254/32
|
|
source_service_accounts: null
|
|
source_tags: null
|
|
target_service_accounts: null
|
|
target_tags: null
|
|
timeouts: null
|
|
module.landing-firewall.google_compute_firewall.custom-rules["landing-ingress-default-deny"]:
|
|
allow: []
|
|
deny:
|
|
- ports: []
|
|
protocol: all
|
|
description: Deny and log any unmatched ingress traffic.
|
|
direction: INGRESS
|
|
disabled: false
|
|
log_config:
|
|
- metadata: EXCLUDE_ALL_METADATA
|
|
name: landing-ingress-default-deny
|
|
priority: 65535
|
|
project: fast2-prod-net-landing-0
|
|
source_ranges:
|
|
- 0.0.0.0/0
|
|
source_service_accounts: null
|
|
source_tags: null
|
|
target_service_accounts: null
|
|
target_tags: null
|
|
timeouts: null
|
|
module.landing-vpc.google_compute_network.network[0]:
|
|
auto_create_subnetworks: false
|
|
delete_default_routes_on_create: true
|
|
description: Terraform-managed.
|
|
enable_ula_internal_ipv6: null
|
|
mtu: 1500
|
|
name: prod-landing-0
|
|
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
|
|
project: fast2-prod-net-landing-0
|
|
routing_mode: GLOBAL
|
|
timeouts: null
|
|
module.landing-vpc.google_compute_route.gateway["private-googleapis"]:
|
|
description: Terraform-managed.
|
|
dest_range: 199.36.153.8/30
|
|
name: prod-landing-0-private-googleapis
|
|
next_hop_gateway: default-internet-gateway
|
|
next_hop_ilb: null
|
|
next_hop_instance: null
|
|
next_hop_vpn_tunnel: null
|
|
priority: 1000
|
|
project: fast2-prod-net-landing-0
|
|
tags: null
|
|
timeouts: null
|
|
module.landing-vpc.google_compute_route.gateway["restricted-googleapis"]:
|
|
description: Terraform-managed.
|
|
dest_range: 199.36.153.4/30
|
|
name: prod-landing-0-restricted-googleapis
|
|
next_hop_gateway: default-internet-gateway
|
|
next_hop_ilb: null
|
|
next_hop_instance: null
|
|
next_hop_vpn_tunnel: null
|
|
priority: 1000
|
|
project: fast2-prod-net-landing-0
|
|
tags: null
|
|
timeouts: null
|
|
module.landing-vpc.google_compute_subnetwork.subnetwork["europe-west1/landing-default"]:
|
|
description: Default europe-west1 subnet for landing
|
|
ip_cidr_range: 10.64.0.0/24
|
|
ipv6_access_type: null
|
|
log_config: []
|
|
name: landing-default
|
|
private_ip_google_access: true
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
role: null
|
|
secondary_ip_range: []
|
|
timeouts: null
|
|
module.landing-vpc.google_compute_subnetwork.subnetwork["europe-west4/landing-default"]:
|
|
description: Default europe-west4 subnet for landing
|
|
ip_cidr_range: 10.80.0.0/24
|
|
ipv6_access_type: null
|
|
log_config: []
|
|
name: landing-default
|
|
private_ip_google_access: true
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
role: null
|
|
secondary_ip_range: []
|
|
timeouts: null
|
|
module.landing-vpc.google_dns_policy.default[0]:
|
|
alternative_name_server_config: []
|
|
description: Managed by Terraform
|
|
enable_inbound_forwarding: true
|
|
enable_logging: null
|
|
name: prod-landing-0
|
|
networks:
|
|
- {}
|
|
project: fast2-prod-net-landing-0
|
|
timeouts: null
|
|
module.dmz-firewall.google_compute_firewall.custom-rules["allow-hc-nva-ssh-dmz"]:
|
|
allow:
|
|
- ports:
|
|
- '22'
|
|
protocol: tcp
|
|
deny: []
|
|
description: Allow traffic from Google healthchecks to NVA appliances
|
|
direction: INGRESS
|
|
disabled: false
|
|
log_config: []
|
|
name: allow-hc-nva-ssh-dmz
|
|
priority: 1000
|
|
project: fast2-prod-net-landing-0
|
|
source_ranges:
|
|
- 130.211.0.0/22
|
|
- 209.85.152.0/22
|
|
- 209.85.204.0/22
|
|
- 35.191.0.0/16
|
|
source_service_accounts: null
|
|
source_tags: null
|
|
target_service_accounts: null
|
|
target_tags: null
|
|
timeouts: null
|
|
module.dmz-firewall.google_compute_firewall.custom-rules["allow-ncc-nva-bgp-dmz"]:
|
|
allow:
|
|
- ports:
|
|
- '179'
|
|
protocol: tcp
|
|
deny: []
|
|
description: Allow BGP traffic from NCC Cloud Routers to NVAs
|
|
direction: INGRESS
|
|
disabled: false
|
|
log_config: []
|
|
name: allow-ncc-nva-bgp-dmz
|
|
priority: 1000
|
|
project: fast2-prod-net-landing-0
|
|
source_ranges:
|
|
- 10.128.0.201/32
|
|
- 10.128.0.202/32
|
|
- 10.128.32.201/32
|
|
- 10.128.32.202/32
|
|
source_service_accounts: null
|
|
source_tags: null
|
|
target_service_accounts: null
|
|
target_tags:
|
|
- nva
|
|
timeouts: null
|
|
module.dmz-firewall.google_compute_firewall.custom-rules["allow-nva-nva-bgp-dmz"]:
|
|
allow:
|
|
- ports:
|
|
- '179'
|
|
protocol: tcp
|
|
deny: []
|
|
description: Allow BGP traffic from cross-regional NVAs
|
|
direction: INGRESS
|
|
disabled: false
|
|
log_config: []
|
|
name: allow-nva-nva-bgp-dmz
|
|
priority: 1000
|
|
project: fast2-prod-net-landing-0
|
|
source_ranges: null
|
|
source_service_accounts: null
|
|
source_tags:
|
|
- nva
|
|
target_service_accounts: null
|
|
target_tags:
|
|
- nva
|
|
timeouts: null
|
|
module.dmz-firewall.google_compute_firewall.custom-rules["dmz-ingress-default-deny"]:
|
|
allow: []
|
|
deny:
|
|
- ports: []
|
|
protocol: all
|
|
description: Deny and log any unmatched ingress traffic.
|
|
direction: INGRESS
|
|
disabled: false
|
|
log_config:
|
|
- metadata: EXCLUDE_ALL_METADATA
|
|
name: dmz-ingress-default-deny
|
|
priority: 65535
|
|
project: fast2-prod-net-landing-0
|
|
source_ranges:
|
|
- 0.0.0.0/0
|
|
source_service_accounts: null
|
|
source_tags: null
|
|
target_service_accounts: null
|
|
target_tags: null
|
|
timeouts: null
|
|
module.dmz-vpc.google_compute_network.network[0]:
|
|
auto_create_subnetworks: false
|
|
delete_default_routes_on_create: false
|
|
description: Terraform-managed.
|
|
enable_ula_internal_ipv6: null
|
|
mtu: 1500
|
|
name: prod-dmz-0
|
|
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
|
|
project: fast2-prod-net-landing-0
|
|
routing_mode: GLOBAL
|
|
timeouts: null
|
|
module.dmz-vpc.google_compute_subnetwork.subnetwork["europe-west1/dmz-default"]:
|
|
description: Default europe-west1 subnet for DMZ
|
|
ip_cidr_range: 10.64.128.0/24
|
|
ipv6_access_type: null
|
|
log_config: []
|
|
name: dmz-default
|
|
private_ip_google_access: true
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
role: null
|
|
secondary_ip_range: []
|
|
timeouts: null
|
|
module.dmz-vpc.google_compute_subnetwork.subnetwork["europe-west4/dmz-default"]:
|
|
description: Default europe-west4 subnet for DMZ
|
|
ip_cidr_range: 10.80.128.0/24
|
|
ipv6_access_type: null
|
|
log_config: []
|
|
name: dmz-default
|
|
private_ip_google_access: true
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
role: null
|
|
secondary_ip_range: []
|
|
timeouts: null
|
|
module.dmz-vpc.google_dns_policy.default[0]:
|
|
alternative_name_server_config: []
|
|
description: Managed by Terraform
|
|
enable_inbound_forwarding: true
|
|
enable_logging: true
|
|
name: prod-dmz-0
|
|
networks:
|
|
- {}
|
|
project: fast2-prod-net-landing-0
|
|
timeouts: null
|
|
module.nva["primary-b"].google_compute_instance.default[0]:
|
|
advanced_machine_features: []
|
|
allow_stopping_for_update: true
|
|
attached_disk: []
|
|
boot_disk:
|
|
- auto_delete: true
|
|
disk_encryption_key_raw: null
|
|
initialize_params:
|
|
- enable_confidential_compute: null
|
|
image: projects/cos-cloud/global/images/family/cos-stable
|
|
resource_manager_tags: null
|
|
size: 10
|
|
type: pd-balanced
|
|
mode: READ_WRITE
|
|
can_ip_forward: true
|
|
deletion_protection: false
|
|
description: Managed by the compute-vm Terraform module.
|
|
desired_status: null
|
|
enable_display: false
|
|
hostname: null
|
|
labels: null
|
|
machine_type: e2-standard-2
|
|
metadata:
|
|
user-data: "#cloud-config\n\n# Copyright 2023 Google LLC\n#\n# Licensed under\
|
|
\ the Apache License, Version 2.0 (the \"License\");\n# you may not use this\
|
|
\ file except in compliance with the License.\n# You may obtain a copy of\
|
|
\ the License at\n#\n# https://www.apache.org/licenses/LICENSE-2.0\n#\n\
|
|
# Unless required by applicable law or agreed to in writing, software\n# distributed\
|
|
\ under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES\
|
|
\ OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License\
|
|
\ for the specific language governing permissions and\n# limitations under\
|
|
\ the License.\n\nwrite_files:\n\n - path: /etc/frr/daemons\n owner: root\n\
|
|
\ permissions: 0744\n content: |\n # Copyright 2023 Google LLC\n\
|
|
\ #\n # Licensed under the Apache License, Version 2.0 (the \"License\"\
|
|
);\n # you may not use this file except in compliance with the License.\n\
|
|
\ # You may obtain a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n\
|
|
\ #\n # Unless required by applicable law or agreed to in writing,\
|
|
\ software\n # distributed under the License is distributed on an \"\
|
|
AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\
|
|
\ express or implied.\n # See the License for the specific language governing\
|
|
\ permissions and\n # limitations under the License.\n \n zebra=no\n\
|
|
\ bgpd=yes\n ospfd=no\n ospf6d=no\n ripd=no\n ripngd=no\n\
|
|
\ isisd=no\n pimd=no\n ldpd=no\n nhrpd=no\n eigrpd=no\n\
|
|
\ babeld=no\n sharpd=no\n staticd=no\n pbrd=no\n \
|
|
\ bfdd=no\n fabricd=no\n \n # If this option is set the /etc/init.d/frr\
|
|
\ script automatically loads\n # the config via \"vtysh -b\" when the\
|
|
\ servers are started.\n # Check /etc/pam.d/frr if you intend to use\
|
|
\ \"vtysh\"!\n \n vtysh_enable=yes\n zebra_options=\" -A 127.0.0.1\
|
|
\ -s 90000000\"\n bgpd_options=\" -A 127.0.0.1\"\n ospfd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n ospf6d_options=\" --daemon -A ::1\"\n \
|
|
\ ripd_options=\" --daemon -A 127.0.0.1\"\n ripngd_options=\" --daemon\
|
|
\ -A ::1\"\n isisd_options=\" --daemon -A 127.0.0.1\"\n pimd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n ldpd_options=\" --daemon -A 127.0.0.1\"\
|
|
\n nhrpd_options=\" --daemon -A 127.0.0.1\"\n eigrpd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n babeld_options=\" --daemon -A 127.0.0.1\"\
|
|
\n sharpd_options=\" --daemon -A 127.0.0.1\"\n staticd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n pbrd_options=\" --daemon -A 127.0.0.1\"\
|
|
\n bfdd_options=\" --daemon -A 127.0.0.1\"\n fabricd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n \n #MAX_FDS=1024\n # The list\
|
|
\ of daemons to watch is automatically generated by the init script.\n \
|
|
\ #watchfrr_options=\"\"\n \n # for debugging purposes, you can\
|
|
\ specify a \"wrap\" command to start instead\n # of starting the daemon\
|
|
\ directly, e.g. to use valgrind on ospfd:\n # ospfd_wrap=\"/usr/bin/valgrind\"\
|
|
\n # or you can use \"all_wrap\" for all daemons, e.g. to use perf record:\n\
|
|
\ # all_wrap=\"/usr/bin/perf record --call-graph -\"\n # the normal\
|
|
\ daemon command is added to this at the end.\n \n\n - path: /etc/frr/frr.conf\n\
|
|
\ owner: root\n permissions: 0744\n content: |\n # NVAs configuration\
|
|
\ template\n \n log syslog informational\n no ipv6 forwarding\n\
|
|
\ service integrated-vtysh-config\n \n interface lo\n \
|
|
\ ip address 10.64.128.101/32\n \n ip prefix-list DEFAULT seq 10\
|
|
\ permit 0.0.0.0/0\n !\n ip prefix-list PRIMARY seq 10 permit 10.64.0.0/17\n\
|
|
\ ip prefix-list PRIMARY seq 20 permit 10.68.0.0/16\n ip prefix-list\
|
|
\ PRIMARY seq 30 permit 10.72.0.0/16\n !\n ip prefix-list SECONDARY\
|
|
\ seq 10 permit 10.80.0.0/17\n ip prefix-list SECONDARY seq 20 permit\
|
|
\ 10.84.0.0/16\n ip prefix-list SECONDARY seq 30 permit 10.88.0.0/16\n\
|
|
\ \n route-map TO-DMZ permit 10\n match ip address\
|
|
\ prefix-list PRIMARY\n set metric 100\n !\n route-map TO-DMZ\
|
|
\ permit 20\n match ip address prefix-list SECONDARY\n set metric\
|
|
\ 10100\n !\n route-map TO-LANDING permit 10\n match ip address\
|
|
\ prefix-list DEFAULT\n set metric 100\n !\n route-map TO-NVA\
|
|
\ permit 10\n match ip address prefix-list PRIMARY\n set metric\
|
|
\ 50\n \n router bgp 64513\n bgp router-id 10.64.128.101\n\
|
|
\ bgp bestpath as-path ignore\n bgp disable-ebgp-connected-route-check\n\
|
|
\ bgp timers 20 60\n !\n no bgp ebgp-requires-policy\n \
|
|
\ no bgp network import-check\n !\n neighbor 10.64.128.201\
|
|
\ remote-as 64512\n neighbor 10.64.128.202 remote-as 64512\n !\n\
|
|
\ neighbor 10.64.0.201 remote-as 64515\n neighbor 10.64.0.201\
|
|
\ update-source 10.64.0.101\n neighbor 10.64.0.202 remote-as 64515\n\
|
|
\ neighbor 10.64.0.202 update-source 10.64.0.101\n !\n neighbor\
|
|
\ 10.80.128.101 remote-as 64514\n neighbor 10.80.128.101 ebgp-multihop\
|
|
\ 2\n neighbor 10.80.128.102 remote-as 64514\n neighbor 10.80.128.102\
|
|
\ ebgp-multihop 2\n !\n address-family ipv4 unicast\n neighbor\
|
|
\ 10.64.128.201 route-map TO-DMZ out\n neighbor 10.64.128.201\
|
|
\ soft-reconfiguration inbound\n !\n neighbor 10.64.128.202 route-map\
|
|
\ TO-DMZ out\n neighbor 10.64.128.202 soft-reconfiguration inbound\n\
|
|
\ !\n neighbor 10.64.0.201 route-map TO-LANDING out\n neighbor\
|
|
\ 10.64.0.201 soft-reconfiguration inbound\n !\n neighbor 10.64.0.202\
|
|
\ route-map TO-LANDING out\n neighbor 10.64.0.202 soft-reconfiguration\
|
|
\ inbound\n !\n neighbor 10.80.128.101 route-map TO-NVA out\n\
|
|
\ neighbor 10.80.128.101 soft-reconfiguration inbound\n !\n \
|
|
\ neighbor 10.80.128.102 route-map TO-NVA out\n neighbor 10.80.128.102\
|
|
\ soft-reconfiguration inbound\n exit-address-family\n \n\n -\
|
|
\ path: /etc/frr/vtysh.conf\n owner: root\n permissions: 0644\n content:\
|
|
\ |\n # Copyright 2023 Google LLC\n #\n # Licensed under the\
|
|
\ Apache License, Version 2.0 (the \"License\");\n # you may not use\
|
|
\ this file except in compliance with the License.\n # You may obtain\
|
|
\ a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n\
|
|
\ #\n # Unless required by applicable law or agreed to in writing,\
|
|
\ software\n # distributed under the License is distributed on an \"\
|
|
AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\
|
|
\ express or implied.\n # See the License for the specific language governing\
|
|
\ permissions and\n # limitations under the License.\n \n #\
|
|
\ This is a sample file used to remove warnings\n # when users open the\
|
|
\ vtysh console.\n \n\n - path: /etc/profile.d/00-aliases.sh\n owner:\
|
|
\ root\n permissions: 0644\n content: |\n alias vtysh='sudo docker\
|
|
\ exec -it frr sh -c vtysh'\n\n - path: /etc/systemd/system/frr.service\n\
|
|
\ owner: root\n permissions: 0644\n content: |\n # Copyright\
|
|
\ 2023 Google LLC\n #\n # Licensed under the Apache License, Version\
|
|
\ 2.0 (the \"License\");\n # you may not use this file except in compliance\
|
|
\ with the License.\n # You may obtain a copy of the License at\n \
|
|
\ #\n # http://www.apache.org/licenses/LICENSE-2.0\n #\n\
|
|
\ # Unless required by applicable law or agreed to in writing, software\n\
|
|
\ # distributed under the License is distributed on an \"AS IS\" BASIS,\n\
|
|
\ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\
|
|
\ # See the License for the specific language governing permissions and\n\
|
|
\ # limitations under the License.\n \n [Unit]\n Description=Start\
|
|
\ FRR container\n After=gcr-online.target docker.socket\n Wants=gcr-online.target\
|
|
\ docker.socket docker-events-collector.service\n [Service]\n Environment=\"\
|
|
HOME=/home/frr\"\n ExecStart=/usr/bin/docker run --rm --name=frr \\\n\
|
|
\ --privileged \\\n --network host \\\n -v /etc/frr:/etc/frr\
|
|
\ \\\n frrouting/frr\n ExecStop=/usr/bin/docker stop frr\n \
|
|
\ ExecStopPost=/usr/bin/docker rm frr\n \n\n - path: /var/lib/docker/daemon.json\n\
|
|
\ owner: root\n permissions: 0644\n content: |\n {\n\
|
|
\ \"live-restore\": true,\n \"storage-driver\"\
|
|
: \"overlay2\",\n \"log-opts\": {\n \"max-size\"\
|
|
: \"1024m\"\n }\n }\n \n\n - path: /var/run/nva/ipprefix_by_netmask.sh\n\
|
|
\ owner: root\n permissions: 0744\n content: |\n #!/bin/bash\n\
|
|
\ \n # Copyright 2023 Google LLC\n #\n # Licensed under\
|
|
\ the Apache License, Version 2.0 (the \"License\");\n # you may not\
|
|
\ use this file except in compliance with the License.\n # You may obtain\
|
|
\ a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n\
|
|
\ #\n # Unless required by applicable law or agreed to in writing,\
|
|
\ software\n # distributed under the License is distributed on an \"\
|
|
AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\
|
|
\ express or implied.\n # See the License for the specific language governing\
|
|
\ permissions and\n # limitations under the License.\n \n #\
|
|
\ https://stackoverflow.com/questions/50413579/bash-convert-netmask-in-cidr-notation\n\
|
|
\ c=0 x=0$(printf '%o' ${1//./ })\n while [ $x -gt 0 ]; do\n \
|
|
\ let c+=$((x % 2)) 'x>>=1'\n done\n echo $c\n \n\n -\
|
|
\ path: /var/run/nva/policy_based_routing.sh\n owner: root\n permissions:\
|
|
\ 0744\n content: |\n #!/bin/bash\n \n # Copyright 2023\
|
|
\ Google LLC\n #\n # Licensed under the Apache License, Version\
|
|
\ 2.0 (the \"License\");\n # you may not use this file except in compliance\
|
|
\ with the License.\n # You may obtain a copy of the License at\n \
|
|
\ #\n # http://www.apache.org/licenses/LICENSE-2.0\n #\n\
|
|
\ # Unless required by applicable law or agreed to in writing, software\n\
|
|
\ # distributed under the License is distributed on an \"AS IS\" BASIS,\n\
|
|
\ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\
|
|
\ # See the License for the specific language governing permissions and\n\
|
|
\ # limitations under the License.\n \n IF_NAME=$1\n IF_NUMBER=$(echo\
|
|
\ $IF_NAME | sed -e s/eth//)\n IF_GW=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$IF_NUMBER/gateway\
|
|
\ -H \"Metadata-Flavor: Google\")\n IF_IP=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$IF_NUMBER/ip\
|
|
\ -H \"Metadata-Flavor: Google\")\n IF_NETMASK=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$IF_NUMBER/subnetmask\
|
|
\ -H \"Metadata-Flavor: Google\")\n IF_IP_PREFIX=$(/var/run/nva/ipprefix_by_netmask.sh\
|
|
\ $IF_NETMASK)\n \n # Sleep while there's no load balancer IP route\
|
|
\ for this IF\n while true\n do\n IPS_LB_STR=$(ip r show\
|
|
\ table local | grep \"$IF_NAME proto 66\" | cut -f 2 -d \" \" | tr -s '\\\
|
|
n' ' ')\n IPS_LB=($IPS_LB_STR)\n for IP in \"${IPS_LB[@]}\"\n\
|
|
\ do\n # Configure hc routing table if not available for this\
|
|
\ network interface\n grep -qxF \"$((200 + $IF_NUMBER)) hc-$IF_NAME\"\
|
|
\ /etc/iproute2/rt_tables || {\n echo \"$((200 + $IF_NUMBER)) hc-$IF_NAME\"\
|
|
\ >>/etc/iproute2/rt_tables\n ip route add $IF_GW src $IF_IP dev\
|
|
\ $IF_NAME table hc-$IF_NAME\n ip route add default via $IF_GW\
|
|
\ dev $IF_NAME table hc-$IF_NAME\n }\n \n # configure\
|
|
\ PBR route for LB\n ip rule list | grep -qF \"$IP\" || ip rule add\
|
|
\ from $IP/32 table hc-$IF_NAME\n done\n \n # remove previously\
|
|
\ configure PBR for old LB removed from network interface\n # first\
|
|
\ get list of PBR on this network interface and retrieve LB IP addresses\n\
|
|
\ PBR_LB_IPS_STR=$(ip rule list | grep \"hc-$IF_NAME\" | cut -f 2 -d\
|
|
\ \" \" | tr -s '\\n' ' ')\n PBR_LB_IPS=($PBR_LB_IPS_STR)\n \n\
|
|
\ # iterate over PBR LB IP addresses\n for PBR_IP in \"${PBR_LB_IPS[@]}\"\
|
|
\n do\n # check if the PBR LB IP belongs to the current array\
|
|
\ of LB IPs attached to the\n # network interface, if not delete\
|
|
\ the corresponding PBR rule\n if [ -z \"$IPS_LB\" ] || ! echo ${IPS_LB[@]}\
|
|
\ | grep --quiet \"$PBR_IP\" ; then\n ip rule del from $PBR_IP\n\
|
|
\ fi\n done\n sleep 2\n done\n \n\n\n -\
|
|
\ path: /etc/systemd/system/routing.service\n permissions: 0644\n owner:\
|
|
\ root\n content: |\n [Install]\n WantedBy=multi-user.target\n\
|
|
\ [Unit]\n Description=Start routing\n After=network-online.target\n\
|
|
\ Wants=network-online.target\n [Service]\n RemainAfterExit=true\n\
|
|
\ ExecStart=/bin/sh -c \"/var/run/nva/start-routing.sh\"\n - path: /var/run/nva/start-routing.sh\n\
|
|
\ permissions: 0744\n owner: root\n content: |\n iptables --policy\
|
|
\ FORWARD ACCEPT\n /var/run/nva/policy_based_routing.sh eth0 &>/dev/null\
|
|
\ &\n iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n ip\
|
|
\ route add 10.64.127.0/17 via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth0\n ip route add 10.80.127.0/17\
|
|
\ via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth0\n /var/run/nva/policy_based_routing.sh\
|
|
\ eth1 &>/dev/null &\n ip route add 10.64.0.0/17 via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/1/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth1\n ip route add 10.80.0.0/17\
|
|
\ via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/1/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth1\n iptables -A INPUT -p tcp\
|
|
\ --dport 179 -j ACCEPT\n\nbootcmd:\n - systemctl start node-problem-detector\n\
|
|
\nruncmd:\n - systemctl daemon-reload\n - systemctl enable routing\n -\
|
|
\ systemctl start routing\n - systemctl start frr\n"
|
|
metadata_startup_script: null
|
|
name: nva-ew1-b
|
|
network_interface:
|
|
- access_config: []
|
|
alias_ip_range: []
|
|
ipv6_access_config: []
|
|
network_ip: 10.64.128.101
|
|
nic_type: null
|
|
queue_count: null
|
|
security_policy: null
|
|
- access_config: []
|
|
alias_ip_range: []
|
|
ipv6_access_config: []
|
|
network_ip: 10.64.0.101
|
|
nic_type: null
|
|
queue_count: null
|
|
security_policy: null
|
|
network_performance_config: []
|
|
params: []
|
|
project: fast2-prod-net-landing-0
|
|
resource_policies: null
|
|
scheduling:
|
|
- automatic_restart: true
|
|
instance_termination_action: null
|
|
local_ssd_recovery_timeout: []
|
|
maintenance_interval: null
|
|
max_run_duration: []
|
|
min_node_cpus: null
|
|
node_affinities: []
|
|
on_host_maintenance: MIGRATE
|
|
preemptible: false
|
|
provisioning_model: STANDARD
|
|
scratch_disk: []
|
|
service_account:
|
|
- scopes:
|
|
- https://www.googleapis.com/auth/devstorage.read_only
|
|
- https://www.googleapis.com/auth/logging.write
|
|
- https://www.googleapis.com/auth/monitoring.write
|
|
shielded_instance_config: []
|
|
tags:
|
|
- nva
|
|
timeouts: null
|
|
zone: europe-west1-b
|
|
module.nva["primary-c"].google_compute_instance.default[0]:
|
|
advanced_machine_features: []
|
|
allow_stopping_for_update: true
|
|
attached_disk: []
|
|
boot_disk:
|
|
- auto_delete: true
|
|
disk_encryption_key_raw: null
|
|
initialize_params:
|
|
- enable_confidential_compute: null
|
|
image: projects/cos-cloud/global/images/family/cos-stable
|
|
resource_manager_tags: null
|
|
size: 10
|
|
type: pd-balanced
|
|
mode: READ_WRITE
|
|
can_ip_forward: true
|
|
deletion_protection: false
|
|
description: Managed by the compute-vm Terraform module.
|
|
desired_status: null
|
|
enable_display: false
|
|
hostname: null
|
|
labels: null
|
|
machine_type: e2-standard-2
|
|
metadata:
|
|
user-data: "#cloud-config\n\n# Copyright 2023 Google LLC\n#\n# Licensed under\
|
|
\ the Apache License, Version 2.0 (the \"License\");\n# you may not use this\
|
|
\ file except in compliance with the License.\n# You may obtain a copy of\
|
|
\ the License at\n#\n# https://www.apache.org/licenses/LICENSE-2.0\n#\n\
|
|
# Unless required by applicable law or agreed to in writing, software\n# distributed\
|
|
\ under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES\
|
|
\ OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License\
|
|
\ for the specific language governing permissions and\n# limitations under\
|
|
\ the License.\n\nwrite_files:\n\n - path: /etc/frr/daemons\n owner: root\n\
|
|
\ permissions: 0744\n content: |\n # Copyright 2023 Google LLC\n\
|
|
\ #\n # Licensed under the Apache License, Version 2.0 (the \"License\"\
|
|
);\n # you may not use this file except in compliance with the License.\n\
|
|
\ # You may obtain a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n\
|
|
\ #\n # Unless required by applicable law or agreed to in writing,\
|
|
\ software\n # distributed under the License is distributed on an \"\
|
|
AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\
|
|
\ express or implied.\n # See the License for the specific language governing\
|
|
\ permissions and\n # limitations under the License.\n \n zebra=no\n\
|
|
\ bgpd=yes\n ospfd=no\n ospf6d=no\n ripd=no\n ripngd=no\n\
|
|
\ isisd=no\n pimd=no\n ldpd=no\n nhrpd=no\n eigrpd=no\n\
|
|
\ babeld=no\n sharpd=no\n staticd=no\n pbrd=no\n \
|
|
\ bfdd=no\n fabricd=no\n \n # If this option is set the /etc/init.d/frr\
|
|
\ script automatically loads\n # the config via \"vtysh -b\" when the\
|
|
\ servers are started.\n # Check /etc/pam.d/frr if you intend to use\
|
|
\ \"vtysh\"!\n \n vtysh_enable=yes\n zebra_options=\" -A 127.0.0.1\
|
|
\ -s 90000000\"\n bgpd_options=\" -A 127.0.0.1\"\n ospfd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n ospf6d_options=\" --daemon -A ::1\"\n \
|
|
\ ripd_options=\" --daemon -A 127.0.0.1\"\n ripngd_options=\" --daemon\
|
|
\ -A ::1\"\n isisd_options=\" --daemon -A 127.0.0.1\"\n pimd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n ldpd_options=\" --daemon -A 127.0.0.1\"\
|
|
\n nhrpd_options=\" --daemon -A 127.0.0.1\"\n eigrpd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n babeld_options=\" --daemon -A 127.0.0.1\"\
|
|
\n sharpd_options=\" --daemon -A 127.0.0.1\"\n staticd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n pbrd_options=\" --daemon -A 127.0.0.1\"\
|
|
\n bfdd_options=\" --daemon -A 127.0.0.1\"\n fabricd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n \n #MAX_FDS=1024\n # The list\
|
|
\ of daemons to watch is automatically generated by the init script.\n \
|
|
\ #watchfrr_options=\"\"\n \n # for debugging purposes, you can\
|
|
\ specify a \"wrap\" command to start instead\n # of starting the daemon\
|
|
\ directly, e.g. to use valgrind on ospfd:\n # ospfd_wrap=\"/usr/bin/valgrind\"\
|
|
\n # or you can use \"all_wrap\" for all daemons, e.g. to use perf record:\n\
|
|
\ # all_wrap=\"/usr/bin/perf record --call-graph -\"\n # the normal\
|
|
\ daemon command is added to this at the end.\n \n\n - path: /etc/frr/frr.conf\n\
|
|
\ owner: root\n permissions: 0744\n content: |\n # NVAs configuration\
|
|
\ template\n \n log syslog informational\n no ipv6 forwarding\n\
|
|
\ service integrated-vtysh-config\n \n interface lo\n \
|
|
\ ip address 10.64.128.102/32\n \n ip prefix-list DEFAULT seq 10\
|
|
\ permit 0.0.0.0/0\n !\n ip prefix-list PRIMARY seq 10 permit 10.64.0.0/17\n\
|
|
\ ip prefix-list PRIMARY seq 20 permit 10.68.0.0/16\n ip prefix-list\
|
|
\ PRIMARY seq 30 permit 10.72.0.0/16\n !\n ip prefix-list SECONDARY\
|
|
\ seq 10 permit 10.80.0.0/17\n ip prefix-list SECONDARY seq 20 permit\
|
|
\ 10.84.0.0/16\n ip prefix-list SECONDARY seq 30 permit 10.88.0.0/16\n\
|
|
\ \n route-map TO-DMZ permit 10\n match ip address\
|
|
\ prefix-list PRIMARY\n set metric 100\n !\n route-map TO-DMZ\
|
|
\ permit 20\n match ip address prefix-list SECONDARY\n set metric\
|
|
\ 10100\n !\n route-map TO-LANDING permit 10\n match ip address\
|
|
\ prefix-list DEFAULT\n set metric 100\n !\n route-map TO-NVA\
|
|
\ permit 10\n match ip address prefix-list PRIMARY\n set metric\
|
|
\ 50\n \n router bgp 64513\n bgp router-id 10.64.128.102\n\
|
|
\ bgp bestpath as-path ignore\n bgp disable-ebgp-connected-route-check\n\
|
|
\ bgp timers 20 60\n !\n no bgp ebgp-requires-policy\n \
|
|
\ no bgp network import-check\n !\n neighbor 10.64.128.201\
|
|
\ remote-as 64512\n neighbor 10.64.128.202 remote-as 64512\n !\n\
|
|
\ neighbor 10.64.0.201 remote-as 64515\n neighbor 10.64.0.201\
|
|
\ update-source 10.64.0.102\n neighbor 10.64.0.202 remote-as 64515\n\
|
|
\ neighbor 10.64.0.202 update-source 10.64.0.102\n !\n neighbor\
|
|
\ 10.80.128.101 remote-as 64514\n neighbor 10.80.128.101 ebgp-multihop\
|
|
\ 2\n neighbor 10.80.128.102 remote-as 64514\n neighbor 10.80.128.102\
|
|
\ ebgp-multihop 2\n !\n address-family ipv4 unicast\n neighbor\
|
|
\ 10.64.128.201 route-map TO-DMZ out\n neighbor 10.64.128.201\
|
|
\ soft-reconfiguration inbound\n !\n neighbor 10.64.128.202 route-map\
|
|
\ TO-DMZ out\n neighbor 10.64.128.202 soft-reconfiguration inbound\n\
|
|
\ !\n neighbor 10.64.0.201 route-map TO-LANDING out\n neighbor\
|
|
\ 10.64.0.201 soft-reconfiguration inbound\n !\n neighbor 10.64.0.202\
|
|
\ route-map TO-LANDING out\n neighbor 10.64.0.202 soft-reconfiguration\
|
|
\ inbound\n !\n neighbor 10.80.128.101 route-map TO-NVA out\n\
|
|
\ neighbor 10.80.128.101 soft-reconfiguration inbound\n !\n \
|
|
\ neighbor 10.80.128.102 route-map TO-NVA out\n neighbor 10.80.128.102\
|
|
\ soft-reconfiguration inbound\n exit-address-family\n \n\n -\
|
|
\ path: /etc/frr/vtysh.conf\n owner: root\n permissions: 0644\n content:\
|
|
\ |\n # Copyright 2023 Google LLC\n #\n # Licensed under the\
|
|
\ Apache License, Version 2.0 (the \"License\");\n # you may not use\
|
|
\ this file except in compliance with the License.\n # You may obtain\
|
|
\ a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n\
|
|
\ #\n # Unless required by applicable law or agreed to in writing,\
|
|
\ software\n # distributed under the License is distributed on an \"\
|
|
AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\
|
|
\ express or implied.\n # See the License for the specific language governing\
|
|
\ permissions and\n # limitations under the License.\n \n #\
|
|
\ This is a sample file used to remove warnings\n # when users open the\
|
|
\ vtysh console.\n \n\n - path: /etc/profile.d/00-aliases.sh\n owner:\
|
|
\ root\n permissions: 0644\n content: |\n alias vtysh='sudo docker\
|
|
\ exec -it frr sh -c vtysh'\n\n - path: /etc/systemd/system/frr.service\n\
|
|
\ owner: root\n permissions: 0644\n content: |\n # Copyright\
|
|
\ 2023 Google LLC\n #\n # Licensed under the Apache License, Version\
|
|
\ 2.0 (the \"License\");\n # you may not use this file except in compliance\
|
|
\ with the License.\n # You may obtain a copy of the License at\n \
|
|
\ #\n # http://www.apache.org/licenses/LICENSE-2.0\n #\n\
|
|
\ # Unless required by applicable law or agreed to in writing, software\n\
|
|
\ # distributed under the License is distributed on an \"AS IS\" BASIS,\n\
|
|
\ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\
|
|
\ # See the License for the specific language governing permissions and\n\
|
|
\ # limitations under the License.\n \n [Unit]\n Description=Start\
|
|
\ FRR container\n After=gcr-online.target docker.socket\n Wants=gcr-online.target\
|
|
\ docker.socket docker-events-collector.service\n [Service]\n Environment=\"\
|
|
HOME=/home/frr\"\n ExecStart=/usr/bin/docker run --rm --name=frr \\\n\
|
|
\ --privileged \\\n --network host \\\n -v /etc/frr:/etc/frr\
|
|
\ \\\n frrouting/frr\n ExecStop=/usr/bin/docker stop frr\n \
|
|
\ ExecStopPost=/usr/bin/docker rm frr\n \n\n - path: /var/lib/docker/daemon.json\n\
|
|
\ owner: root\n permissions: 0644\n content: |\n {\n\
|
|
\ \"live-restore\": true,\n \"storage-driver\"\
|
|
: \"overlay2\",\n \"log-opts\": {\n \"max-size\"\
|
|
: \"1024m\"\n }\n }\n \n\n - path: /var/run/nva/ipprefix_by_netmask.sh\n\
|
|
\ owner: root\n permissions: 0744\n content: |\n #!/bin/bash\n\
|
|
\ \n # Copyright 2023 Google LLC\n #\n # Licensed under\
|
|
\ the Apache License, Version 2.0 (the \"License\");\n # you may not\
|
|
\ use this file except in compliance with the License.\n # You may obtain\
|
|
\ a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n\
|
|
\ #\n # Unless required by applicable law or agreed to in writing,\
|
|
\ software\n # distributed under the License is distributed on an \"\
|
|
AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\
|
|
\ express or implied.\n # See the License for the specific language governing\
|
|
\ permissions and\n # limitations under the License.\n \n #\
|
|
\ https://stackoverflow.com/questions/50413579/bash-convert-netmask-in-cidr-notation\n\
|
|
\ c=0 x=0$(printf '%o' ${1//./ })\n while [ $x -gt 0 ]; do\n \
|
|
\ let c+=$((x % 2)) 'x>>=1'\n done\n echo $c\n \n\n -\
|
|
\ path: /var/run/nva/policy_based_routing.sh\n owner: root\n permissions:\
|
|
\ 0744\n content: |\n #!/bin/bash\n \n # Copyright 2023\
|
|
\ Google LLC\n #\n # Licensed under the Apache License, Version\
|
|
\ 2.0 (the \"License\");\n # you may not use this file except in compliance\
|
|
\ with the License.\n # You may obtain a copy of the License at\n \
|
|
\ #\n # http://www.apache.org/licenses/LICENSE-2.0\n #\n\
|
|
\ # Unless required by applicable law or agreed to in writing, software\n\
|
|
\ # distributed under the License is distributed on an \"AS IS\" BASIS,\n\
|
|
\ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\
|
|
\ # See the License for the specific language governing permissions and\n\
|
|
\ # limitations under the License.\n \n IF_NAME=$1\n IF_NUMBER=$(echo\
|
|
\ $IF_NAME | sed -e s/eth//)\n IF_GW=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$IF_NUMBER/gateway\
|
|
\ -H \"Metadata-Flavor: Google\")\n IF_IP=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$IF_NUMBER/ip\
|
|
\ -H \"Metadata-Flavor: Google\")\n IF_NETMASK=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$IF_NUMBER/subnetmask\
|
|
\ -H \"Metadata-Flavor: Google\")\n IF_IP_PREFIX=$(/var/run/nva/ipprefix_by_netmask.sh\
|
|
\ $IF_NETMASK)\n \n # Sleep while there's no load balancer IP route\
|
|
\ for this IF\n while true\n do\n IPS_LB_STR=$(ip r show\
|
|
\ table local | grep \"$IF_NAME proto 66\" | cut -f 2 -d \" \" | tr -s '\\\
|
|
n' ' ')\n IPS_LB=($IPS_LB_STR)\n for IP in \"${IPS_LB[@]}\"\n\
|
|
\ do\n # Configure hc routing table if not available for this\
|
|
\ network interface\n grep -qxF \"$((200 + $IF_NUMBER)) hc-$IF_NAME\"\
|
|
\ /etc/iproute2/rt_tables || {\n echo \"$((200 + $IF_NUMBER)) hc-$IF_NAME\"\
|
|
\ >>/etc/iproute2/rt_tables\n ip route add $IF_GW src $IF_IP dev\
|
|
\ $IF_NAME table hc-$IF_NAME\n ip route add default via $IF_GW\
|
|
\ dev $IF_NAME table hc-$IF_NAME\n }\n \n # configure\
|
|
\ PBR route for LB\n ip rule list | grep -qF \"$IP\" || ip rule add\
|
|
\ from $IP/32 table hc-$IF_NAME\n done\n \n # remove previously\
|
|
\ configure PBR for old LB removed from network interface\n # first\
|
|
\ get list of PBR on this network interface and retrieve LB IP addresses\n\
|
|
\ PBR_LB_IPS_STR=$(ip rule list | grep \"hc-$IF_NAME\" | cut -f 2 -d\
|
|
\ \" \" | tr -s '\\n' ' ')\n PBR_LB_IPS=($PBR_LB_IPS_STR)\n \n\
|
|
\ # iterate over PBR LB IP addresses\n for PBR_IP in \"${PBR_LB_IPS[@]}\"\
|
|
\n do\n # check if the PBR LB IP belongs to the current array\
|
|
\ of LB IPs attached to the\n # network interface, if not delete\
|
|
\ the corresponding PBR rule\n if [ -z \"$IPS_LB\" ] || ! echo ${IPS_LB[@]}\
|
|
\ | grep --quiet \"$PBR_IP\" ; then\n ip rule del from $PBR_IP\n\
|
|
\ fi\n done\n sleep 2\n done\n \n\n\n -\
|
|
\ path: /etc/systemd/system/routing.service\n permissions: 0644\n owner:\
|
|
\ root\n content: |\n [Install]\n WantedBy=multi-user.target\n\
|
|
\ [Unit]\n Description=Start routing\n After=network-online.target\n\
|
|
\ Wants=network-online.target\n [Service]\n RemainAfterExit=true\n\
|
|
\ ExecStart=/bin/sh -c \"/var/run/nva/start-routing.sh\"\n - path: /var/run/nva/start-routing.sh\n\
|
|
\ permissions: 0744\n owner: root\n content: |\n iptables --policy\
|
|
\ FORWARD ACCEPT\n /var/run/nva/policy_based_routing.sh eth0 &>/dev/null\
|
|
\ &\n iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n ip\
|
|
\ route add 10.64.127.0/17 via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth0\n ip route add 10.80.127.0/17\
|
|
\ via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth0\n /var/run/nva/policy_based_routing.sh\
|
|
\ eth1 &>/dev/null &\n ip route add 10.64.0.0/17 via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/1/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth1\n ip route add 10.80.0.0/17\
|
|
\ via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/1/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth1\n iptables -A INPUT -p tcp\
|
|
\ --dport 179 -j ACCEPT\n\nbootcmd:\n - systemctl start node-problem-detector\n\
|
|
\nruncmd:\n - systemctl daemon-reload\n - systemctl enable routing\n -\
|
|
\ systemctl start routing\n - systemctl start frr\n"
|
|
metadata_startup_script: null
|
|
name: nva-ew1-c
|
|
network_interface:
|
|
- access_config: []
|
|
alias_ip_range: []
|
|
ipv6_access_config: []
|
|
network_ip: 10.64.128.102
|
|
nic_type: null
|
|
queue_count: null
|
|
security_policy: null
|
|
- access_config: []
|
|
alias_ip_range: []
|
|
ipv6_access_config: []
|
|
network_ip: 10.64.0.102
|
|
nic_type: null
|
|
queue_count: null
|
|
security_policy: null
|
|
network_performance_config: []
|
|
params: []
|
|
project: fast2-prod-net-landing-0
|
|
resource_policies: null
|
|
scheduling:
|
|
- automatic_restart: true
|
|
instance_termination_action: null
|
|
local_ssd_recovery_timeout: []
|
|
maintenance_interval: null
|
|
max_run_duration: []
|
|
min_node_cpus: null
|
|
node_affinities: []
|
|
on_host_maintenance: MIGRATE
|
|
preemptible: false
|
|
provisioning_model: STANDARD
|
|
scratch_disk: []
|
|
service_account:
|
|
- scopes:
|
|
- https://www.googleapis.com/auth/devstorage.read_only
|
|
- https://www.googleapis.com/auth/logging.write
|
|
- https://www.googleapis.com/auth/monitoring.write
|
|
shielded_instance_config: []
|
|
tags:
|
|
- nva
|
|
timeouts: null
|
|
zone: europe-west1-c
|
|
module.nva["secondary-b"].google_compute_instance.default[0]:
|
|
advanced_machine_features: []
|
|
allow_stopping_for_update: true
|
|
attached_disk: []
|
|
boot_disk:
|
|
- auto_delete: true
|
|
disk_encryption_key_raw: null
|
|
initialize_params:
|
|
- enable_confidential_compute: null
|
|
image: projects/cos-cloud/global/images/family/cos-stable
|
|
resource_manager_tags: null
|
|
size: 10
|
|
type: pd-balanced
|
|
mode: READ_WRITE
|
|
can_ip_forward: true
|
|
deletion_protection: false
|
|
description: Managed by the compute-vm Terraform module.
|
|
desired_status: null
|
|
enable_display: false
|
|
hostname: null
|
|
labels: null
|
|
machine_type: e2-standard-2
|
|
metadata:
|
|
user-data: "#cloud-config\n\n# Copyright 2023 Google LLC\n#\n# Licensed under\
|
|
\ the Apache License, Version 2.0 (the \"License\");\n# you may not use this\
|
|
\ file except in compliance with the License.\n# You may obtain a copy of\
|
|
\ the License at\n#\n# https://www.apache.org/licenses/LICENSE-2.0\n#\n\
|
|
# Unless required by applicable law or agreed to in writing, software\n# distributed\
|
|
\ under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES\
|
|
\ OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License\
|
|
\ for the specific language governing permissions and\n# limitations under\
|
|
\ the License.\n\nwrite_files:\n\n - path: /etc/frr/daemons\n owner: root\n\
|
|
\ permissions: 0744\n content: |\n # Copyright 2023 Google LLC\n\
|
|
\ #\n # Licensed under the Apache License, Version 2.0 (the \"License\"\
|
|
);\n # you may not use this file except in compliance with the License.\n\
|
|
\ # You may obtain a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n\
|
|
\ #\n # Unless required by applicable law or agreed to in writing,\
|
|
\ software\n # distributed under the License is distributed on an \"\
|
|
AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\
|
|
\ express or implied.\n # See the License for the specific language governing\
|
|
\ permissions and\n # limitations under the License.\n \n zebra=no\n\
|
|
\ bgpd=yes\n ospfd=no\n ospf6d=no\n ripd=no\n ripngd=no\n\
|
|
\ isisd=no\n pimd=no\n ldpd=no\n nhrpd=no\n eigrpd=no\n\
|
|
\ babeld=no\n sharpd=no\n staticd=no\n pbrd=no\n \
|
|
\ bfdd=no\n fabricd=no\n \n # If this option is set the /etc/init.d/frr\
|
|
\ script automatically loads\n # the config via \"vtysh -b\" when the\
|
|
\ servers are started.\n # Check /etc/pam.d/frr if you intend to use\
|
|
\ \"vtysh\"!\n \n vtysh_enable=yes\n zebra_options=\" -A 127.0.0.1\
|
|
\ -s 90000000\"\n bgpd_options=\" -A 127.0.0.1\"\n ospfd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n ospf6d_options=\" --daemon -A ::1\"\n \
|
|
\ ripd_options=\" --daemon -A 127.0.0.1\"\n ripngd_options=\" --daemon\
|
|
\ -A ::1\"\n isisd_options=\" --daemon -A 127.0.0.1\"\n pimd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n ldpd_options=\" --daemon -A 127.0.0.1\"\
|
|
\n nhrpd_options=\" --daemon -A 127.0.0.1\"\n eigrpd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n babeld_options=\" --daemon -A 127.0.0.1\"\
|
|
\n sharpd_options=\" --daemon -A 127.0.0.1\"\n staticd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n pbrd_options=\" --daemon -A 127.0.0.1\"\
|
|
\n bfdd_options=\" --daemon -A 127.0.0.1\"\n fabricd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n \n #MAX_FDS=1024\n # The list\
|
|
\ of daemons to watch is automatically generated by the init script.\n \
|
|
\ #watchfrr_options=\"\"\n \n # for debugging purposes, you can\
|
|
\ specify a \"wrap\" command to start instead\n # of starting the daemon\
|
|
\ directly, e.g. to use valgrind on ospfd:\n # ospfd_wrap=\"/usr/bin/valgrind\"\
|
|
\n # or you can use \"all_wrap\" for all daemons, e.g. to use perf record:\n\
|
|
\ # all_wrap=\"/usr/bin/perf record --call-graph -\"\n # the normal\
|
|
\ daemon command is added to this at the end.\n \n\n - path: /etc/frr/frr.conf\n\
|
|
\ owner: root\n permissions: 0744\n content: |\n # NVAs configuration\
|
|
\ template\n \n log syslog informational\n no ipv6 forwarding\n\
|
|
\ service integrated-vtysh-config\n \n interface lo\n \
|
|
\ ip address 10.80.128.101/32\n \n ip prefix-list DEFAULT seq 10\
|
|
\ permit 0.0.0.0/0\n !\n ip prefix-list PRIMARY seq 10 permit 10.64.0.0/17\n\
|
|
\ ip prefix-list PRIMARY seq 20 permit 10.68.0.0/16\n ip prefix-list\
|
|
\ PRIMARY seq 30 permit 10.72.0.0/16\n !\n ip prefix-list SECONDARY\
|
|
\ seq 10 permit 10.80.0.0/17\n ip prefix-list SECONDARY seq 20 permit\
|
|
\ 10.84.0.0/16\n ip prefix-list SECONDARY seq 30 permit 10.88.0.0/16\n\
|
|
\ \n route-map TO-DMZ permit 10\n match ip address\
|
|
\ prefix-list PRIMARY\n set metric 10100\n !\n route-map\
|
|
\ TO-DMZ permit 20\n match ip address prefix-list SECONDARY\n\
|
|
\ set metric 100\n !\n route-map TO-LANDING permit 10\n \
|
|
\ match ip address prefix-list DEFAULT\n set metric 100\n \
|
|
\ !\n route-map TO-NVA permit 10\n match ip address prefix-list\
|
|
\ SECONDARY\n set metric 50\n \n router bgp 64514\n \
|
|
\ bgp router-id 10.80.128.101\n bgp bestpath as-path ignore\n \
|
|
\ bgp disable-ebgp-connected-route-check\n bgp timers 20 60\n \
|
|
\ !\n no bgp ebgp-requires-policy\n no bgp network import-check\n\
|
|
\ !\n neighbor 10.80.128.201 remote-as 64512\n neighbor 10.80.128.202\
|
|
\ remote-as 64512\n !\n neighbor 10.80.0.201 remote-as 64515\n\
|
|
\ neighbor 10.80.0.201 update-source 10.80.0.101\n neighbor 10.80.0.202\
|
|
\ remote-as 64515\n neighbor 10.80.0.202 update-source 10.80.0.101\n\
|
|
\ !\n neighbor 10.64.128.101 remote-as 64513\n neighbor 10.64.128.101\
|
|
\ ebgp-multihop 2\n neighbor 10.64.128.102 remote-as 64513\n neighbor\
|
|
\ 10.64.128.102 ebgp-multihop 2\n !\n address-family ipv4 unicast\n\
|
|
\ neighbor 10.80.128.201 route-map TO-DMZ out\n neighbor\
|
|
\ 10.80.128.201 soft-reconfiguration inbound\n !\n neighbor 10.80.128.202\
|
|
\ route-map TO-DMZ out\n neighbor 10.80.128.202 soft-reconfiguration\
|
|
\ inbound\n !\n neighbor 10.80.0.201 route-map TO-LANDING out\n\
|
|
\ neighbor 10.80.0.201 soft-reconfiguration inbound\n !\n \
|
|
\ neighbor 10.80.0.202 route-map TO-LANDING out\n neighbor 10.80.0.202\
|
|
\ soft-reconfiguration inbound\n !\n neighbor 10.64.128.101 route-map\
|
|
\ TO-NVA out\n neighbor 10.64.128.101 soft-reconfiguration inbound\n\
|
|
\ !\n neighbor 10.64.128.102 route-map TO-NVA out\n neighbor\
|
|
\ 10.64.128.102 soft-reconfiguration inbound\n exit-address-family\n\
|
|
\ \n\n - path: /etc/frr/vtysh.conf\n owner: root\n permissions:\
|
|
\ 0644\n content: |\n # Copyright 2023 Google LLC\n #\n \
|
|
\ # Licensed under the Apache License, Version 2.0 (the \"License\");\n \
|
|
\ # you may not use this file except in compliance with the License.\n\
|
|
\ # You may obtain a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n\
|
|
\ #\n # Unless required by applicable law or agreed to in writing,\
|
|
\ software\n # distributed under the License is distributed on an \"\
|
|
AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\
|
|
\ express or implied.\n # See the License for the specific language governing\
|
|
\ permissions and\n # limitations under the License.\n \n #\
|
|
\ This is a sample file used to remove warnings\n # when users open the\
|
|
\ vtysh console.\n \n\n - path: /etc/profile.d/00-aliases.sh\n owner:\
|
|
\ root\n permissions: 0644\n content: |\n alias vtysh='sudo docker\
|
|
\ exec -it frr sh -c vtysh'\n\n - path: /etc/systemd/system/frr.service\n\
|
|
\ owner: root\n permissions: 0644\n content: |\n # Copyright\
|
|
\ 2023 Google LLC\n #\n # Licensed under the Apache License, Version\
|
|
\ 2.0 (the \"License\");\n # you may not use this file except in compliance\
|
|
\ with the License.\n # You may obtain a copy of the License at\n \
|
|
\ #\n # http://www.apache.org/licenses/LICENSE-2.0\n #\n\
|
|
\ # Unless required by applicable law or agreed to in writing, software\n\
|
|
\ # distributed under the License is distributed on an \"AS IS\" BASIS,\n\
|
|
\ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\
|
|
\ # See the License for the specific language governing permissions and\n\
|
|
\ # limitations under the License.\n \n [Unit]\n Description=Start\
|
|
\ FRR container\n After=gcr-online.target docker.socket\n Wants=gcr-online.target\
|
|
\ docker.socket docker-events-collector.service\n [Service]\n Environment=\"\
|
|
HOME=/home/frr\"\n ExecStart=/usr/bin/docker run --rm --name=frr \\\n\
|
|
\ --privileged \\\n --network host \\\n -v /etc/frr:/etc/frr\
|
|
\ \\\n frrouting/frr\n ExecStop=/usr/bin/docker stop frr\n \
|
|
\ ExecStopPost=/usr/bin/docker rm frr\n \n\n - path: /var/lib/docker/daemon.json\n\
|
|
\ owner: root\n permissions: 0644\n content: |\n {\n\
|
|
\ \"live-restore\": true,\n \"storage-driver\"\
|
|
: \"overlay2\",\n \"log-opts\": {\n \"max-size\"\
|
|
: \"1024m\"\n }\n }\n \n\n - path: /var/run/nva/ipprefix_by_netmask.sh\n\
|
|
\ owner: root\n permissions: 0744\n content: |\n #!/bin/bash\n\
|
|
\ \n # Copyright 2023 Google LLC\n #\n # Licensed under\
|
|
\ the Apache License, Version 2.0 (the \"License\");\n # you may not\
|
|
\ use this file except in compliance with the License.\n # You may obtain\
|
|
\ a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n\
|
|
\ #\n # Unless required by applicable law or agreed to in writing,\
|
|
\ software\n # distributed under the License is distributed on an \"\
|
|
AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\
|
|
\ express or implied.\n # See the License for the specific language governing\
|
|
\ permissions and\n # limitations under the License.\n \n #\
|
|
\ https://stackoverflow.com/questions/50413579/bash-convert-netmask-in-cidr-notation\n\
|
|
\ c=0 x=0$(printf '%o' ${1//./ })\n while [ $x -gt 0 ]; do\n \
|
|
\ let c+=$((x % 2)) 'x>>=1'\n done\n echo $c\n \n\n -\
|
|
\ path: /var/run/nva/policy_based_routing.sh\n owner: root\n permissions:\
|
|
\ 0744\n content: |\n #!/bin/bash\n \n # Copyright 2023\
|
|
\ Google LLC\n #\n # Licensed under the Apache License, Version\
|
|
\ 2.0 (the \"License\");\n # you may not use this file except in compliance\
|
|
\ with the License.\n # You may obtain a copy of the License at\n \
|
|
\ #\n # http://www.apache.org/licenses/LICENSE-2.0\n #\n\
|
|
\ # Unless required by applicable law or agreed to in writing, software\n\
|
|
\ # distributed under the License is distributed on an \"AS IS\" BASIS,\n\
|
|
\ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\
|
|
\ # See the License for the specific language governing permissions and\n\
|
|
\ # limitations under the License.\n \n IF_NAME=$1\n IF_NUMBER=$(echo\
|
|
\ $IF_NAME | sed -e s/eth//)\n IF_GW=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$IF_NUMBER/gateway\
|
|
\ -H \"Metadata-Flavor: Google\")\n IF_IP=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$IF_NUMBER/ip\
|
|
\ -H \"Metadata-Flavor: Google\")\n IF_NETMASK=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$IF_NUMBER/subnetmask\
|
|
\ -H \"Metadata-Flavor: Google\")\n IF_IP_PREFIX=$(/var/run/nva/ipprefix_by_netmask.sh\
|
|
\ $IF_NETMASK)\n \n # Sleep while there's no load balancer IP route\
|
|
\ for this IF\n while true\n do\n IPS_LB_STR=$(ip r show\
|
|
\ table local | grep \"$IF_NAME proto 66\" | cut -f 2 -d \" \" | tr -s '\\\
|
|
n' ' ')\n IPS_LB=($IPS_LB_STR)\n for IP in \"${IPS_LB[@]}\"\n\
|
|
\ do\n # Configure hc routing table if not available for this\
|
|
\ network interface\n grep -qxF \"$((200 + $IF_NUMBER)) hc-$IF_NAME\"\
|
|
\ /etc/iproute2/rt_tables || {\n echo \"$((200 + $IF_NUMBER)) hc-$IF_NAME\"\
|
|
\ >>/etc/iproute2/rt_tables\n ip route add $IF_GW src $IF_IP dev\
|
|
\ $IF_NAME table hc-$IF_NAME\n ip route add default via $IF_GW\
|
|
\ dev $IF_NAME table hc-$IF_NAME\n }\n \n # configure\
|
|
\ PBR route for LB\n ip rule list | grep -qF \"$IP\" || ip rule add\
|
|
\ from $IP/32 table hc-$IF_NAME\n done\n \n # remove previously\
|
|
\ configure PBR for old LB removed from network interface\n # first\
|
|
\ get list of PBR on this network interface and retrieve LB IP addresses\n\
|
|
\ PBR_LB_IPS_STR=$(ip rule list | grep \"hc-$IF_NAME\" | cut -f 2 -d\
|
|
\ \" \" | tr -s '\\n' ' ')\n PBR_LB_IPS=($PBR_LB_IPS_STR)\n \n\
|
|
\ # iterate over PBR LB IP addresses\n for PBR_IP in \"${PBR_LB_IPS[@]}\"\
|
|
\n do\n # check if the PBR LB IP belongs to the current array\
|
|
\ of LB IPs attached to the\n # network interface, if not delete\
|
|
\ the corresponding PBR rule\n if [ -z \"$IPS_LB\" ] || ! echo ${IPS_LB[@]}\
|
|
\ | grep --quiet \"$PBR_IP\" ; then\n ip rule del from $PBR_IP\n\
|
|
\ fi\n done\n sleep 2\n done\n \n\n\n -\
|
|
\ path: /etc/systemd/system/routing.service\n permissions: 0644\n owner:\
|
|
\ root\n content: |\n [Install]\n WantedBy=multi-user.target\n\
|
|
\ [Unit]\n Description=Start routing\n After=network-online.target\n\
|
|
\ Wants=network-online.target\n [Service]\n RemainAfterExit=true\n\
|
|
\ ExecStart=/bin/sh -c \"/var/run/nva/start-routing.sh\"\n - path: /var/run/nva/start-routing.sh\n\
|
|
\ permissions: 0744\n owner: root\n content: |\n iptables --policy\
|
|
\ FORWARD ACCEPT\n /var/run/nva/policy_based_routing.sh eth0 &>/dev/null\
|
|
\ &\n iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n ip\
|
|
\ route add 10.64.127.0/17 via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth0\n ip route add 10.80.127.0/17\
|
|
\ via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth0\n /var/run/nva/policy_based_routing.sh\
|
|
\ eth1 &>/dev/null &\n ip route add 10.64.0.0/17 via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/1/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth1\n ip route add 10.80.0.0/17\
|
|
\ via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/1/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth1\n iptables -A INPUT -p tcp\
|
|
\ --dport 179 -j ACCEPT\n\nbootcmd:\n - systemctl start node-problem-detector\n\
|
|
\nruncmd:\n - systemctl daemon-reload\n - systemctl enable routing\n -\
|
|
\ systemctl start routing\n - systemctl start frr\n"
|
|
metadata_startup_script: null
|
|
name: nva-ew4-b
|
|
network_interface:
|
|
- access_config: []
|
|
alias_ip_range: []
|
|
ipv6_access_config: []
|
|
network_ip: 10.80.128.101
|
|
nic_type: null
|
|
queue_count: null
|
|
security_policy: null
|
|
- access_config: []
|
|
alias_ip_range: []
|
|
ipv6_access_config: []
|
|
network_ip: 10.80.0.101
|
|
nic_type: null
|
|
queue_count: null
|
|
security_policy: null
|
|
network_performance_config: []
|
|
params: []
|
|
project: fast2-prod-net-landing-0
|
|
resource_policies: null
|
|
scheduling:
|
|
- automatic_restart: true
|
|
instance_termination_action: null
|
|
local_ssd_recovery_timeout: []
|
|
maintenance_interval: null
|
|
max_run_duration: []
|
|
min_node_cpus: null
|
|
node_affinities: []
|
|
on_host_maintenance: MIGRATE
|
|
preemptible: false
|
|
provisioning_model: STANDARD
|
|
scratch_disk: []
|
|
service_account:
|
|
- scopes:
|
|
- https://www.googleapis.com/auth/devstorage.read_only
|
|
- https://www.googleapis.com/auth/logging.write
|
|
- https://www.googleapis.com/auth/monitoring.write
|
|
shielded_instance_config: []
|
|
tags:
|
|
- nva
|
|
timeouts: null
|
|
zone: europe-west4-b
|
|
module.nva["secondary-c"].google_compute_instance.default[0]:
|
|
advanced_machine_features: []
|
|
allow_stopping_for_update: true
|
|
attached_disk: []
|
|
boot_disk:
|
|
- auto_delete: true
|
|
disk_encryption_key_raw: null
|
|
initialize_params:
|
|
- enable_confidential_compute: null
|
|
image: projects/cos-cloud/global/images/family/cos-stable
|
|
resource_manager_tags: null
|
|
size: 10
|
|
type: pd-balanced
|
|
mode: READ_WRITE
|
|
can_ip_forward: true
|
|
deletion_protection: false
|
|
description: Managed by the compute-vm Terraform module.
|
|
desired_status: null
|
|
enable_display: false
|
|
hostname: null
|
|
labels: null
|
|
machine_type: e2-standard-2
|
|
metadata:
|
|
user-data: "#cloud-config\n\n# Copyright 2023 Google LLC\n#\n# Licensed under\
|
|
\ the Apache License, Version 2.0 (the \"License\");\n# you may not use this\
|
|
\ file except in compliance with the License.\n# You may obtain a copy of\
|
|
\ the License at\n#\n# https://www.apache.org/licenses/LICENSE-2.0\n#\n\
|
|
# Unless required by applicable law or agreed to in writing, software\n# distributed\
|
|
\ under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES\
|
|
\ OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License\
|
|
\ for the specific language governing permissions and\n# limitations under\
|
|
\ the License.\n\nwrite_files:\n\n - path: /etc/frr/daemons\n owner: root\n\
|
|
\ permissions: 0744\n content: |\n # Copyright 2023 Google LLC\n\
|
|
\ #\n # Licensed under the Apache License, Version 2.0 (the \"License\"\
|
|
);\n # you may not use this file except in compliance with the License.\n\
|
|
\ # You may obtain a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n\
|
|
\ #\n # Unless required by applicable law or agreed to in writing,\
|
|
\ software\n # distributed under the License is distributed on an \"\
|
|
AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\
|
|
\ express or implied.\n # See the License for the specific language governing\
|
|
\ permissions and\n # limitations under the License.\n \n zebra=no\n\
|
|
\ bgpd=yes\n ospfd=no\n ospf6d=no\n ripd=no\n ripngd=no\n\
|
|
\ isisd=no\n pimd=no\n ldpd=no\n nhrpd=no\n eigrpd=no\n\
|
|
\ babeld=no\n sharpd=no\n staticd=no\n pbrd=no\n \
|
|
\ bfdd=no\n fabricd=no\n \n # If this option is set the /etc/init.d/frr\
|
|
\ script automatically loads\n # the config via \"vtysh -b\" when the\
|
|
\ servers are started.\n # Check /etc/pam.d/frr if you intend to use\
|
|
\ \"vtysh\"!\n \n vtysh_enable=yes\n zebra_options=\" -A 127.0.0.1\
|
|
\ -s 90000000\"\n bgpd_options=\" -A 127.0.0.1\"\n ospfd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n ospf6d_options=\" --daemon -A ::1\"\n \
|
|
\ ripd_options=\" --daemon -A 127.0.0.1\"\n ripngd_options=\" --daemon\
|
|
\ -A ::1\"\n isisd_options=\" --daemon -A 127.0.0.1\"\n pimd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n ldpd_options=\" --daemon -A 127.0.0.1\"\
|
|
\n nhrpd_options=\" --daemon -A 127.0.0.1\"\n eigrpd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n babeld_options=\" --daemon -A 127.0.0.1\"\
|
|
\n sharpd_options=\" --daemon -A 127.0.0.1\"\n staticd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n pbrd_options=\" --daemon -A 127.0.0.1\"\
|
|
\n bfdd_options=\" --daemon -A 127.0.0.1\"\n fabricd_options=\"\
|
|
\ --daemon -A 127.0.0.1\"\n \n #MAX_FDS=1024\n # The list\
|
|
\ of daemons to watch is automatically generated by the init script.\n \
|
|
\ #watchfrr_options=\"\"\n \n # for debugging purposes, you can\
|
|
\ specify a \"wrap\" command to start instead\n # of starting the daemon\
|
|
\ directly, e.g. to use valgrind on ospfd:\n # ospfd_wrap=\"/usr/bin/valgrind\"\
|
|
\n # or you can use \"all_wrap\" for all daemons, e.g. to use perf record:\n\
|
|
\ # all_wrap=\"/usr/bin/perf record --call-graph -\"\n # the normal\
|
|
\ daemon command is added to this at the end.\n \n\n - path: /etc/frr/frr.conf\n\
|
|
\ owner: root\n permissions: 0744\n content: |\n # NVAs configuration\
|
|
\ template\n \n log syslog informational\n no ipv6 forwarding\n\
|
|
\ service integrated-vtysh-config\n \n interface lo\n \
|
|
\ ip address 10.80.128.102/32\n \n ip prefix-list DEFAULT seq 10\
|
|
\ permit 0.0.0.0/0\n !\n ip prefix-list PRIMARY seq 10 permit 10.64.0.0/17\n\
|
|
\ ip prefix-list PRIMARY seq 20 permit 10.68.0.0/16\n ip prefix-list\
|
|
\ PRIMARY seq 30 permit 10.72.0.0/16\n !\n ip prefix-list SECONDARY\
|
|
\ seq 10 permit 10.80.0.0/17\n ip prefix-list SECONDARY seq 20 permit\
|
|
\ 10.84.0.0/16\n ip prefix-list SECONDARY seq 30 permit 10.88.0.0/16\n\
|
|
\ \n route-map TO-DMZ permit 10\n match ip address\
|
|
\ prefix-list PRIMARY\n set metric 10100\n !\n route-map\
|
|
\ TO-DMZ permit 20\n match ip address prefix-list SECONDARY\n\
|
|
\ set metric 100\n !\n route-map TO-LANDING permit 10\n \
|
|
\ match ip address prefix-list DEFAULT\n set metric 100\n \
|
|
\ !\n route-map TO-NVA permit 10\n match ip address prefix-list\
|
|
\ SECONDARY\n set metric 50\n \n router bgp 64514\n \
|
|
\ bgp router-id 10.80.128.102\n bgp bestpath as-path ignore\n \
|
|
\ bgp disable-ebgp-connected-route-check\n bgp timers 20 60\n \
|
|
\ !\n no bgp ebgp-requires-policy\n no bgp network import-check\n\
|
|
\ !\n neighbor 10.80.128.201 remote-as 64512\n neighbor 10.80.128.202\
|
|
\ remote-as 64512\n !\n neighbor 10.80.0.201 remote-as 64515\n\
|
|
\ neighbor 10.80.0.201 update-source 10.80.0.102\n neighbor 10.80.0.202\
|
|
\ remote-as 64515\n neighbor 10.80.0.202 update-source 10.80.0.102\n\
|
|
\ !\n neighbor 10.64.128.101 remote-as 64513\n neighbor 10.64.128.101\
|
|
\ ebgp-multihop 2\n neighbor 10.64.128.102 remote-as 64513\n neighbor\
|
|
\ 10.64.128.102 ebgp-multihop 2\n !\n address-family ipv4 unicast\n\
|
|
\ neighbor 10.80.128.201 route-map TO-DMZ out\n neighbor\
|
|
\ 10.80.128.201 soft-reconfiguration inbound\n !\n neighbor 10.80.128.202\
|
|
\ route-map TO-DMZ out\n neighbor 10.80.128.202 soft-reconfiguration\
|
|
\ inbound\n !\n neighbor 10.80.0.201 route-map TO-LANDING out\n\
|
|
\ neighbor 10.80.0.201 soft-reconfiguration inbound\n !\n \
|
|
\ neighbor 10.80.0.202 route-map TO-LANDING out\n neighbor 10.80.0.202\
|
|
\ soft-reconfiguration inbound\n !\n neighbor 10.64.128.101 route-map\
|
|
\ TO-NVA out\n neighbor 10.64.128.101 soft-reconfiguration inbound\n\
|
|
\ !\n neighbor 10.64.128.102 route-map TO-NVA out\n neighbor\
|
|
\ 10.64.128.102 soft-reconfiguration inbound\n exit-address-family\n\
|
|
\ \n\n - path: /etc/frr/vtysh.conf\n owner: root\n permissions:\
|
|
\ 0644\n content: |\n # Copyright 2023 Google LLC\n #\n \
|
|
\ # Licensed under the Apache License, Version 2.0 (the \"License\");\n \
|
|
\ # you may not use this file except in compliance with the License.\n\
|
|
\ # You may obtain a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n\
|
|
\ #\n # Unless required by applicable law or agreed to in writing,\
|
|
\ software\n # distributed under the License is distributed on an \"\
|
|
AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\
|
|
\ express or implied.\n # See the License for the specific language governing\
|
|
\ permissions and\n # limitations under the License.\n \n #\
|
|
\ This is a sample file used to remove warnings\n # when users open the\
|
|
\ vtysh console.\n \n\n - path: /etc/profile.d/00-aliases.sh\n owner:\
|
|
\ root\n permissions: 0644\n content: |\n alias vtysh='sudo docker\
|
|
\ exec -it frr sh -c vtysh'\n\n - path: /etc/systemd/system/frr.service\n\
|
|
\ owner: root\n permissions: 0644\n content: |\n # Copyright\
|
|
\ 2023 Google LLC\n #\n # Licensed under the Apache License, Version\
|
|
\ 2.0 (the \"License\");\n # you may not use this file except in compliance\
|
|
\ with the License.\n # You may obtain a copy of the License at\n \
|
|
\ #\n # http://www.apache.org/licenses/LICENSE-2.0\n #\n\
|
|
\ # Unless required by applicable law or agreed to in writing, software\n\
|
|
\ # distributed under the License is distributed on an \"AS IS\" BASIS,\n\
|
|
\ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\
|
|
\ # See the License for the specific language governing permissions and\n\
|
|
\ # limitations under the License.\n \n [Unit]\n Description=Start\
|
|
\ FRR container\n After=gcr-online.target docker.socket\n Wants=gcr-online.target\
|
|
\ docker.socket docker-events-collector.service\n [Service]\n Environment=\"\
|
|
HOME=/home/frr\"\n ExecStart=/usr/bin/docker run --rm --name=frr \\\n\
|
|
\ --privileged \\\n --network host \\\n -v /etc/frr:/etc/frr\
|
|
\ \\\n frrouting/frr\n ExecStop=/usr/bin/docker stop frr\n \
|
|
\ ExecStopPost=/usr/bin/docker rm frr\n \n\n - path: /var/lib/docker/daemon.json\n\
|
|
\ owner: root\n permissions: 0644\n content: |\n {\n\
|
|
\ \"live-restore\": true,\n \"storage-driver\"\
|
|
: \"overlay2\",\n \"log-opts\": {\n \"max-size\"\
|
|
: \"1024m\"\n }\n }\n \n\n - path: /var/run/nva/ipprefix_by_netmask.sh\n\
|
|
\ owner: root\n permissions: 0744\n content: |\n #!/bin/bash\n\
|
|
\ \n # Copyright 2023 Google LLC\n #\n # Licensed under\
|
|
\ the Apache License, Version 2.0 (the \"License\");\n # you may not\
|
|
\ use this file except in compliance with the License.\n # You may obtain\
|
|
\ a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n\
|
|
\ #\n # Unless required by applicable law or agreed to in writing,\
|
|
\ software\n # distributed under the License is distributed on an \"\
|
|
AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\
|
|
\ express or implied.\n # See the License for the specific language governing\
|
|
\ permissions and\n # limitations under the License.\n \n #\
|
|
\ https://stackoverflow.com/questions/50413579/bash-convert-netmask-in-cidr-notation\n\
|
|
\ c=0 x=0$(printf '%o' ${1//./ })\n while [ $x -gt 0 ]; do\n \
|
|
\ let c+=$((x % 2)) 'x>>=1'\n done\n echo $c\n \n\n -\
|
|
\ path: /var/run/nva/policy_based_routing.sh\n owner: root\n permissions:\
|
|
\ 0744\n content: |\n #!/bin/bash\n \n # Copyright 2023\
|
|
\ Google LLC\n #\n # Licensed under the Apache License, Version\
|
|
\ 2.0 (the \"License\");\n # you may not use this file except in compliance\
|
|
\ with the License.\n # You may obtain a copy of the License at\n \
|
|
\ #\n # http://www.apache.org/licenses/LICENSE-2.0\n #\n\
|
|
\ # Unless required by applicable law or agreed to in writing, software\n\
|
|
\ # distributed under the License is distributed on an \"AS IS\" BASIS,\n\
|
|
\ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\
|
|
\ # See the License for the specific language governing permissions and\n\
|
|
\ # limitations under the License.\n \n IF_NAME=$1\n IF_NUMBER=$(echo\
|
|
\ $IF_NAME | sed -e s/eth//)\n IF_GW=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$IF_NUMBER/gateway\
|
|
\ -H \"Metadata-Flavor: Google\")\n IF_IP=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$IF_NUMBER/ip\
|
|
\ -H \"Metadata-Flavor: Google\")\n IF_NETMASK=$(curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$IF_NUMBER/subnetmask\
|
|
\ -H \"Metadata-Flavor: Google\")\n IF_IP_PREFIX=$(/var/run/nva/ipprefix_by_netmask.sh\
|
|
\ $IF_NETMASK)\n \n # Sleep while there's no load balancer IP route\
|
|
\ for this IF\n while true\n do\n IPS_LB_STR=$(ip r show\
|
|
\ table local | grep \"$IF_NAME proto 66\" | cut -f 2 -d \" \" | tr -s '\\\
|
|
n' ' ')\n IPS_LB=($IPS_LB_STR)\n for IP in \"${IPS_LB[@]}\"\n\
|
|
\ do\n # Configure hc routing table if not available for this\
|
|
\ network interface\n grep -qxF \"$((200 + $IF_NUMBER)) hc-$IF_NAME\"\
|
|
\ /etc/iproute2/rt_tables || {\n echo \"$((200 + $IF_NUMBER)) hc-$IF_NAME\"\
|
|
\ >>/etc/iproute2/rt_tables\n ip route add $IF_GW src $IF_IP dev\
|
|
\ $IF_NAME table hc-$IF_NAME\n ip route add default via $IF_GW\
|
|
\ dev $IF_NAME table hc-$IF_NAME\n }\n \n # configure\
|
|
\ PBR route for LB\n ip rule list | grep -qF \"$IP\" || ip rule add\
|
|
\ from $IP/32 table hc-$IF_NAME\n done\n \n # remove previously\
|
|
\ configure PBR for old LB removed from network interface\n # first\
|
|
\ get list of PBR on this network interface and retrieve LB IP addresses\n\
|
|
\ PBR_LB_IPS_STR=$(ip rule list | grep \"hc-$IF_NAME\" | cut -f 2 -d\
|
|
\ \" \" | tr -s '\\n' ' ')\n PBR_LB_IPS=($PBR_LB_IPS_STR)\n \n\
|
|
\ # iterate over PBR LB IP addresses\n for PBR_IP in \"${PBR_LB_IPS[@]}\"\
|
|
\n do\n # check if the PBR LB IP belongs to the current array\
|
|
\ of LB IPs attached to the\n # network interface, if not delete\
|
|
\ the corresponding PBR rule\n if [ -z \"$IPS_LB\" ] || ! echo ${IPS_LB[@]}\
|
|
\ | grep --quiet \"$PBR_IP\" ; then\n ip rule del from $PBR_IP\n\
|
|
\ fi\n done\n sleep 2\n done\n \n\n\n -\
|
|
\ path: /etc/systemd/system/routing.service\n permissions: 0644\n owner:\
|
|
\ root\n content: |\n [Install]\n WantedBy=multi-user.target\n\
|
|
\ [Unit]\n Description=Start routing\n After=network-online.target\n\
|
|
\ Wants=network-online.target\n [Service]\n RemainAfterExit=true\n\
|
|
\ ExecStart=/bin/sh -c \"/var/run/nva/start-routing.sh\"\n - path: /var/run/nva/start-routing.sh\n\
|
|
\ permissions: 0744\n owner: root\n content: |\n iptables --policy\
|
|
\ FORWARD ACCEPT\n /var/run/nva/policy_based_routing.sh eth0 &>/dev/null\
|
|
\ &\n iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n ip\
|
|
\ route add 10.64.127.0/17 via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth0\n ip route add 10.80.127.0/17\
|
|
\ via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth0\n /var/run/nva/policy_based_routing.sh\
|
|
\ eth1 &>/dev/null &\n ip route add 10.64.0.0/17 via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/1/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth1\n ip route add 10.80.0.0/17\
|
|
\ via `curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/1/gateway\
|
|
\ -H \"Metadata-Flavor:Google\"` dev eth1\n iptables -A INPUT -p tcp\
|
|
\ --dport 179 -j ACCEPT\n\nbootcmd:\n - systemctl start node-problem-detector\n\
|
|
\nruncmd:\n - systemctl daemon-reload\n - systemctl enable routing\n -\
|
|
\ systemctl start routing\n - systemctl start frr\n"
|
|
metadata_startup_script: null
|
|
name: nva-ew4-c
|
|
network_interface:
|
|
- access_config: []
|
|
alias_ip_range: []
|
|
ipv6_access_config: []
|
|
network_ip: 10.80.128.102
|
|
nic_type: null
|
|
queue_count: null
|
|
security_policy: null
|
|
- access_config: []
|
|
alias_ip_range: []
|
|
ipv6_access_config: []
|
|
network_ip: 10.80.0.102
|
|
nic_type: null
|
|
queue_count: null
|
|
security_policy: null
|
|
network_performance_config: []
|
|
params: []
|
|
project: fast2-prod-net-landing-0
|
|
resource_policies: null
|
|
scheduling:
|
|
- automatic_restart: true
|
|
instance_termination_action: null
|
|
local_ssd_recovery_timeout: []
|
|
maintenance_interval: null
|
|
max_run_duration: []
|
|
min_node_cpus: null
|
|
node_affinities: []
|
|
on_host_maintenance: MIGRATE
|
|
preemptible: false
|
|
provisioning_model: STANDARD
|
|
scratch_disk: []
|
|
service_account:
|
|
- scopes:
|
|
- https://www.googleapis.com/auth/devstorage.read_only
|
|
- https://www.googleapis.com/auth/logging.write
|
|
- https://www.googleapis.com/auth/monitoring.write
|
|
shielded_instance_config: []
|
|
tags:
|
|
- nva
|
|
timeouts: null
|
|
zone: europe-west4-c
|
|
module.peering-dev.google_compute_network_peering.local_network_peering:
|
|
export_custom_routes: true
|
|
export_subnet_routes_with_public_ip: true
|
|
import_custom_routes: true
|
|
import_subnet_routes_with_public_ip: null
|
|
stack_type: IPV4_ONLY
|
|
timeouts: null
|
|
module.peering-dev.google_compute_network_peering.peer_network_peering[0]:
|
|
export_custom_routes: true
|
|
export_subnet_routes_with_public_ip: true
|
|
import_custom_routes: true
|
|
import_subnet_routes_with_public_ip: null
|
|
stack_type: IPV4_ONLY
|
|
timeouts: null
|
|
module.peering-prod.google_compute_network_peering.local_network_peering:
|
|
export_custom_routes: true
|
|
export_subnet_routes_with_public_ip: true
|
|
import_custom_routes: true
|
|
import_subnet_routes_with_public_ip: null
|
|
stack_type: IPV4_ONLY
|
|
timeouts: null
|
|
module.peering-prod.google_compute_network_peering.peer_network_peering[0]:
|
|
export_custom_routes: true
|
|
export_subnet_routes_with_public_ip: true
|
|
import_custom_routes: true
|
|
import_subnet_routes_with_public_ip: null
|
|
stack_type: IPV4_ONLY
|
|
timeouts: null
|
|
module.prod-dns-peer-landing-rev-10.google_dns_managed_zone.dns_managed_zone[0]:
|
|
cloud_logging_config:
|
|
- enable_logging: false
|
|
description: Terraform managed.
|
|
dns_name: 10.in-addr.arpa.
|
|
dnssec_config: []
|
|
force_destroy: false
|
|
forwarding_config: []
|
|
labels: null
|
|
name: prod-reverse-10-dns-peering
|
|
project: fast2-prod-net-spoke-0
|
|
reverse_lookup: false
|
|
service_directory_config: []
|
|
timeouts: null
|
|
visibility: private
|
|
module.prod-dns-peer-landing-root.google_dns_managed_zone.dns_managed_zone[0]:
|
|
cloud_logging_config:
|
|
- enable_logging: false
|
|
description: Terraform managed.
|
|
dns_name: .
|
|
dnssec_config: []
|
|
force_destroy: false
|
|
forwarding_config: []
|
|
labels: null
|
|
name: prod-root-dns-peering
|
|
project: fast2-prod-net-spoke-0
|
|
reverse_lookup: false
|
|
service_directory_config: []
|
|
timeouts: null
|
|
visibility: private
|
|
module.prod-dns-private-zone.google_dns_managed_zone.dns_managed_zone[0]:
|
|
cloud_logging_config:
|
|
- enable_logging: false
|
|
description: Terraform managed.
|
|
dns_name: prod.gcp.example.com.
|
|
dnssec_config: []
|
|
force_destroy: false
|
|
forwarding_config: []
|
|
labels: null
|
|
name: prod-gcp-example-com
|
|
peering_config: []
|
|
project: fast2-prod-net-spoke-0
|
|
service_directory_config: []
|
|
timeouts: null
|
|
visibility: private
|
|
module.prod-dns-private-zone.google_dns_record_set.dns_record_set["A localhost"]:
|
|
managed_zone: prod-gcp-example-com
|
|
name: localhost.prod.gcp.example.com.
|
|
project: fast2-prod-net-spoke-0
|
|
routing_policy: []
|
|
rrdatas:
|
|
- 127.0.0.1
|
|
ttl: 300
|
|
type: A
|
|
module.prod-spoke-firewall.google_compute_firewall.custom-rules["ingress-default-deny"]:
|
|
allow: []
|
|
deny:
|
|
- ports: []
|
|
protocol: all
|
|
description: Deny and log any unmatched ingress traffic.
|
|
direction: INGRESS
|
|
disabled: false
|
|
log_config:
|
|
- metadata: EXCLUDE_ALL_METADATA
|
|
name: ingress-default-deny
|
|
priority: 65535
|
|
project: fast2-prod-net-spoke-0
|
|
source_ranges:
|
|
- 0.0.0.0/0
|
|
source_service_accounts: null
|
|
source_tags: null
|
|
target_service_accounts: null
|
|
target_tags: null
|
|
timeouts: null
|
|
module.prod-spoke-project.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
|
|
project: fast2-prod-net-spoke-0
|
|
timeouts: null
|
|
module.prod-spoke-project.google_monitoring_monitored_project.primary["fast2-prod-net-landing-0"]:
|
|
metrics_scope: fast2-prod-net-landing-0
|
|
name: fast2-prod-net-spoke-0
|
|
timeouts: null
|
|
module.prod-spoke-project.google_project.project[0]:
|
|
auto_create_network: false
|
|
billing_account: 000000-111111-222222
|
|
folder_id: null
|
|
labels: null
|
|
name: fast2-prod-net-spoke-0
|
|
org_id: null
|
|
project_id: fast2-prod-net-spoke-0
|
|
skip_delete: false
|
|
timeouts: null
|
|
module.prod-spoke-project.google_project_iam_binding.authoritative["roles/dns.admin"]:
|
|
condition: []
|
|
members:
|
|
- serviceAccount:string
|
|
project: fast2-prod-net-spoke-0
|
|
role: roles/dns.admin
|
|
module.prod-spoke-project.google_project_iam_binding.bindings["sa_delegated_grants"]:
|
|
condition:
|
|
- description: Production host project delegated grants.
|
|
expression: api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly(['roles/composer.sharedVpcAgent','roles/compute.networkUser','roles/compute.networkViewer','roles/container.hostServiceAgentUser','roles/multiclusterservicediscovery.serviceAgent','roles/vpcaccess.user'])
|
|
title: prod_stage3_sa_delegated_grants
|
|
members:
|
|
- serviceAccount:string
|
|
project: fast2-prod-net-spoke-0
|
|
role: roles/resourcemanager.projectIamAdmin
|
|
module.prod-spoke-project.google_project_iam_member.servicenetworking[0]:
|
|
condition: []
|
|
project: fast2-prod-net-spoke-0
|
|
role: roles/servicenetworking.serviceAgent
|
|
module.prod-spoke-project.google_project_service.project_services["compute.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-spoke-0
|
|
service: compute.googleapis.com
|
|
timeouts: null
|
|
module.prod-spoke-project.google_project_service.project_services["dns.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-spoke-0
|
|
service: dns.googleapis.com
|
|
timeouts: null
|
|
module.prod-spoke-project.google_project_service.project_services["iap.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-spoke-0
|
|
service: iap.googleapis.com
|
|
timeouts: null
|
|
module.prod-spoke-project.google_project_service.project_services["networkmanagement.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-spoke-0
|
|
service: networkmanagement.googleapis.com
|
|
timeouts: null
|
|
module.prod-spoke-project.google_project_service.project_services["servicenetworking.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-spoke-0
|
|
service: servicenetworking.googleapis.com
|
|
timeouts: null
|
|
module.prod-spoke-project.google_project_service.project_services["stackdriver.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-spoke-0
|
|
service: stackdriver.googleapis.com
|
|
timeouts: null
|
|
module.prod-spoke-project.google_project_service.project_services["vpcaccess.googleapis.com"]:
|
|
disable_dependent_services: false
|
|
disable_on_destroy: false
|
|
project: fast2-prod-net-spoke-0
|
|
service: vpcaccess.googleapis.com
|
|
timeouts: null
|
|
module.prod-spoke-project.google_project_service_identity.jit_si["iap.googleapis.com"]:
|
|
project: fast2-prod-net-spoke-0
|
|
service: iap.googleapis.com
|
|
timeouts: null
|
|
module.prod-spoke-project.google_project_service_identity.servicenetworking[0]:
|
|
project: fast2-prod-net-spoke-0
|
|
service: servicenetworking.googleapis.com
|
|
timeouts: null
|
|
module.prod-spoke-vpc.google_compute_network.network[0]:
|
|
auto_create_subnetworks: false
|
|
delete_default_routes_on_create: true
|
|
description: Terraform-managed.
|
|
enable_ula_internal_ipv6: null
|
|
mtu: 1500
|
|
name: prod-spoke-0
|
|
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
|
|
project: fast2-prod-net-spoke-0
|
|
routing_mode: GLOBAL
|
|
timeouts: null
|
|
module.prod-spoke-vpc.google_compute_route.gateway["private-googleapis"]:
|
|
description: Terraform-managed.
|
|
dest_range: 199.36.153.8/30
|
|
name: prod-spoke-0-private-googleapis
|
|
next_hop_gateway: default-internet-gateway
|
|
next_hop_ilb: null
|
|
next_hop_instance: null
|
|
next_hop_vpn_tunnel: null
|
|
priority: 1000
|
|
project: fast2-prod-net-spoke-0
|
|
tags: null
|
|
timeouts: null
|
|
module.prod-spoke-vpc.google_compute_route.gateway["restricted-googleapis"]:
|
|
description: Terraform-managed.
|
|
dest_range: 199.36.153.4/30
|
|
name: prod-spoke-0-restricted-googleapis
|
|
next_hop_gateway: default-internet-gateway
|
|
next_hop_ilb: null
|
|
next_hop_instance: null
|
|
next_hop_vpn_tunnel: null
|
|
priority: 1000
|
|
project: fast2-prod-net-spoke-0
|
|
tags: null
|
|
timeouts: null
|
|
module.prod-spoke-vpc.google_compute_subnetwork.subnetwork["europe-west1/prod-default"]:
|
|
description: Default europe-west1 subnet for prod
|
|
ip_cidr_range: 10.72.0.0/24
|
|
ipv6_access_type: null
|
|
log_config: []
|
|
name: prod-default
|
|
private_ip_google_access: true
|
|
project: fast2-prod-net-spoke-0
|
|
region: europe-west1
|
|
role: null
|
|
secondary_ip_range: []
|
|
timeouts: null
|
|
module.prod-spoke-vpc.google_compute_subnetwork.subnetwork["europe-west4/prod-default"]:
|
|
description: Default europe-west4 subnet for prod
|
|
ip_cidr_range: 10.88.0.0/24
|
|
ipv6_access_type: null
|
|
log_config: []
|
|
name: prod-default
|
|
private_ip_google_access: true
|
|
project: fast2-prod-net-spoke-0
|
|
region: europe-west4
|
|
role: null
|
|
secondary_ip_range: []
|
|
timeouts: null
|
|
module.prod-spoke-vpc.google_dns_policy.default[0]:
|
|
alternative_name_server_config: []
|
|
description: Managed by Terraform
|
|
enable_inbound_forwarding: null
|
|
enable_logging: true
|
|
name: prod-spoke-0
|
|
networks:
|
|
- {}
|
|
project: fast2-prod-net-spoke-0
|
|
timeouts: null
|
|
module.spokes-landing["primary"].google_compute_router.cr:
|
|
bgp:
|
|
- advertise_mode: CUSTOM
|
|
advertised_groups: []
|
|
advertised_ip_ranges:
|
|
- description: GCP landing primary.
|
|
range: 10.64.0.0/17
|
|
- description: GCP dev primary.
|
|
range: 10.68.0.0/16
|
|
- description: GCP prod primary.
|
|
range: 10.72.0.0/16
|
|
- description: GCP landing secondary.
|
|
range: 10.80.0.0/17
|
|
- description: GCP dev secondary.
|
|
range: 10.84.0.0/16
|
|
- description: GCP prod secondary.
|
|
range: 10.88.0.0/16
|
|
asn: 64515
|
|
keepalive_interval: 20
|
|
description: null
|
|
encrypted_interconnect_router: null
|
|
name: prod-spoke-landing-ew1-cr
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
timeouts: null
|
|
module.spokes-landing["primary"].google_compute_router_interface.intf_0:
|
|
interconnect_attachment: null
|
|
name: prod-spoke-landing-ew1-cr-intf0
|
|
private_ip_address: 10.64.0.201
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: prod-spoke-landing-ew1-cr
|
|
timeouts: null
|
|
vpn_tunnel: null
|
|
module.spokes-landing["primary"].google_compute_router_interface.intf_1:
|
|
interconnect_attachment: null
|
|
name: prod-spoke-landing-ew1-cr-intf1
|
|
private_ip_address: 10.64.0.202
|
|
project: fast2-prod-net-landing-0
|
|
redundant_interface: prod-spoke-landing-ew1-cr-intf0
|
|
region: europe-west1
|
|
router: prod-spoke-landing-ew1-cr
|
|
timeouts: null
|
|
vpn_tunnel: null
|
|
module.spokes-landing["primary"].google_compute_router_peer.peer_0["0"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-landing-ew1-cr-intf0
|
|
md5_authentication_key: []
|
|
peer_asn: 64513
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: prod-spoke-landing-ew1-cr
|
|
timeouts: null
|
|
module.spokes-landing["primary"].google_compute_router_peer.peer_0["1"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-landing-ew1-cr-intf0
|
|
md5_authentication_key: []
|
|
peer_asn: 64513
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: prod-spoke-landing-ew1-cr
|
|
timeouts: null
|
|
module.spokes-landing["primary"].google_compute_router_peer.peer_1["0"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-landing-ew1-cr-intf1
|
|
md5_authentication_key: []
|
|
peer_asn: 64513
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: prod-spoke-landing-ew1-cr
|
|
timeouts: null
|
|
module.spokes-landing["primary"].google_compute_router_peer.peer_1["1"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-landing-ew1-cr-intf1
|
|
md5_authentication_key: []
|
|
peer_asn: 64513
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: prod-spoke-landing-ew1-cr
|
|
timeouts: null
|
|
module.spokes-landing["primary"].google_network_connectivity_spoke.spoke-ra:
|
|
description: null
|
|
labels: null
|
|
linked_interconnect_attachments: []
|
|
linked_router_appliance_instances:
|
|
- instances:
|
|
- {}
|
|
- {}
|
|
site_to_site_data_transfer: false
|
|
linked_vpc_network: []
|
|
linked_vpn_tunnels: []
|
|
location: europe-west1
|
|
name: prod-spoke-landing-ew1
|
|
project: fast2-prod-net-landing-0
|
|
timeouts: null
|
|
module.spokes-landing["secondary"].google_compute_router.cr:
|
|
bgp:
|
|
- advertise_mode: CUSTOM
|
|
advertised_groups: []
|
|
advertised_ip_ranges:
|
|
- description: GCP landing primary.
|
|
range: 10.64.0.0/17
|
|
- description: GCP dev primary.
|
|
range: 10.68.0.0/16
|
|
- description: GCP prod primary.
|
|
range: 10.72.0.0/16
|
|
- description: GCP landing secondary.
|
|
range: 10.80.0.0/17
|
|
- description: GCP dev secondary.
|
|
range: 10.84.0.0/16
|
|
- description: GCP prod secondary.
|
|
range: 10.88.0.0/16
|
|
asn: 64515
|
|
keepalive_interval: 20
|
|
description: null
|
|
encrypted_interconnect_router: null
|
|
name: prod-spoke-landing-ew4-cr
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
timeouts: null
|
|
module.spokes-landing["secondary"].google_compute_router_interface.intf_0:
|
|
interconnect_attachment: null
|
|
name: prod-spoke-landing-ew4-cr-intf0
|
|
private_ip_address: 10.80.0.201
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: prod-spoke-landing-ew4-cr
|
|
timeouts: null
|
|
vpn_tunnel: null
|
|
module.spokes-landing["secondary"].google_compute_router_interface.intf_1:
|
|
interconnect_attachment: null
|
|
name: prod-spoke-landing-ew4-cr-intf1
|
|
private_ip_address: 10.80.0.202
|
|
project: fast2-prod-net-landing-0
|
|
redundant_interface: prod-spoke-landing-ew4-cr-intf0
|
|
region: europe-west4
|
|
router: prod-spoke-landing-ew4-cr
|
|
timeouts: null
|
|
vpn_tunnel: null
|
|
module.spokes-landing["secondary"].google_compute_router_peer.peer_0["0"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-landing-ew4-cr-intf0
|
|
md5_authentication_key: []
|
|
peer_asn: 64514
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: prod-spoke-landing-ew4-cr
|
|
timeouts: null
|
|
module.spokes-landing["secondary"].google_compute_router_peer.peer_0["1"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-landing-ew4-cr-intf0
|
|
md5_authentication_key: []
|
|
peer_asn: 64514
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: prod-spoke-landing-ew4-cr
|
|
timeouts: null
|
|
module.spokes-landing["secondary"].google_compute_router_peer.peer_1["0"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-landing-ew4-cr-intf1
|
|
md5_authentication_key: []
|
|
peer_asn: 64514
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: prod-spoke-landing-ew4-cr
|
|
timeouts: null
|
|
module.spokes-landing["secondary"].google_compute_router_peer.peer_1["1"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-landing-ew4-cr-intf1
|
|
md5_authentication_key: []
|
|
peer_asn: 64514
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: prod-spoke-landing-ew4-cr
|
|
timeouts: null
|
|
module.spokes-landing["secondary"].google_network_connectivity_spoke.spoke-ra:
|
|
description: null
|
|
labels: null
|
|
linked_interconnect_attachments: []
|
|
linked_router_appliance_instances:
|
|
- instances:
|
|
- {}
|
|
- {}
|
|
site_to_site_data_transfer: false
|
|
linked_vpc_network: []
|
|
linked_vpn_tunnels: []
|
|
location: europe-west4
|
|
name: prod-spoke-landing-ew4
|
|
project: fast2-prod-net-landing-0
|
|
timeouts: null
|
|
module.spokes-dmz["primary"].google_compute_router.cr:
|
|
bgp:
|
|
- advertise_mode: CUSTOM
|
|
advertised_groups: []
|
|
advertised_ip_ranges:
|
|
- description: Default route.
|
|
range: 0.0.0.0/0
|
|
asn: 64512
|
|
keepalive_interval: 20
|
|
description: null
|
|
encrypted_interconnect_router: null
|
|
name: prod-spoke-dmz-ew1-cr
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
timeouts: null
|
|
module.spokes-dmz["primary"].google_compute_router_interface.intf_0:
|
|
interconnect_attachment: null
|
|
name: prod-spoke-dmz-ew1-cr-intf0
|
|
private_ip_address: 10.64.128.201
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: prod-spoke-dmz-ew1-cr
|
|
timeouts: null
|
|
vpn_tunnel: null
|
|
module.spokes-dmz["primary"].google_compute_router_interface.intf_1:
|
|
interconnect_attachment: null
|
|
name: prod-spoke-dmz-ew1-cr-intf1
|
|
private_ip_address: 10.64.128.202
|
|
project: fast2-prod-net-landing-0
|
|
redundant_interface: prod-spoke-dmz-ew1-cr-intf0
|
|
region: europe-west1
|
|
router: prod-spoke-dmz-ew1-cr
|
|
timeouts: null
|
|
vpn_tunnel: null
|
|
module.spokes-dmz["primary"].google_compute_router_peer.peer_0["0"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-dmz-ew1-cr-intf0
|
|
md5_authentication_key: []
|
|
peer_asn: 64513
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: prod-spoke-dmz-ew1-cr
|
|
timeouts: null
|
|
module.spokes-dmz["primary"].google_compute_router_peer.peer_0["1"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-dmz-ew1-cr-intf0
|
|
md5_authentication_key: []
|
|
peer_asn: 64513
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: prod-spoke-dmz-ew1-cr
|
|
timeouts: null
|
|
module.spokes-dmz["primary"].google_compute_router_peer.peer_1["0"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-dmz-ew1-cr-intf1
|
|
md5_authentication_key: []
|
|
peer_asn: 64513
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: prod-spoke-dmz-ew1-cr
|
|
timeouts: null
|
|
module.spokes-dmz["primary"].google_compute_router_peer.peer_1["1"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-dmz-ew1-cr-intf1
|
|
md5_authentication_key: []
|
|
peer_asn: 64513
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west1
|
|
router: prod-spoke-dmz-ew1-cr
|
|
timeouts: null
|
|
module.spokes-dmz["primary"].google_network_connectivity_spoke.spoke-ra:
|
|
description: null
|
|
labels: null
|
|
linked_interconnect_attachments: []
|
|
linked_router_appliance_instances:
|
|
- instances:
|
|
- {}
|
|
- {}
|
|
site_to_site_data_transfer: false
|
|
linked_vpc_network: []
|
|
linked_vpn_tunnels: []
|
|
location: europe-west1
|
|
name: prod-spoke-dmz-ew1
|
|
project: fast2-prod-net-landing-0
|
|
timeouts: null
|
|
module.spokes-dmz["secondary"].google_compute_router.cr:
|
|
bgp:
|
|
- advertise_mode: CUSTOM
|
|
advertised_groups: []
|
|
advertised_ip_ranges:
|
|
- description: Default route.
|
|
range: 0.0.0.0/0
|
|
asn: 64512
|
|
keepalive_interval: 20
|
|
description: null
|
|
encrypted_interconnect_router: null
|
|
name: prod-spoke-dmz-ew4-cr
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
timeouts: null
|
|
module.spokes-dmz["secondary"].google_compute_router_interface.intf_0:
|
|
interconnect_attachment: null
|
|
name: prod-spoke-dmz-ew4-cr-intf0
|
|
private_ip_address: 10.80.128.201
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: prod-spoke-dmz-ew4-cr
|
|
timeouts: null
|
|
vpn_tunnel: null
|
|
module.spokes-dmz["secondary"].google_compute_router_interface.intf_1:
|
|
interconnect_attachment: null
|
|
name: prod-spoke-dmz-ew4-cr-intf1
|
|
private_ip_address: 10.80.128.202
|
|
project: fast2-prod-net-landing-0
|
|
redundant_interface: prod-spoke-dmz-ew4-cr-intf0
|
|
region: europe-west4
|
|
router: prod-spoke-dmz-ew4-cr
|
|
timeouts: null
|
|
vpn_tunnel: null
|
|
module.spokes-dmz["secondary"].google_compute_router_peer.peer_0["0"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-dmz-ew4-cr-intf0
|
|
md5_authentication_key: []
|
|
peer_asn: 64514
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: prod-spoke-dmz-ew4-cr
|
|
timeouts: null
|
|
module.spokes-dmz["secondary"].google_compute_router_peer.peer_0["1"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-dmz-ew4-cr-intf0
|
|
md5_authentication_key: []
|
|
peer_asn: 64514
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: prod-spoke-dmz-ew4-cr
|
|
timeouts: null
|
|
module.spokes-dmz["secondary"].google_compute_router_peer.peer_1["0"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-dmz-ew4-cr-intf1
|
|
md5_authentication_key: []
|
|
peer_asn: 64514
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: prod-spoke-dmz-ew4-cr
|
|
timeouts: null
|
|
module.spokes-dmz["secondary"].google_compute_router_peer.peer_1["1"]:
|
|
advertise_mode: DEFAULT
|
|
advertised_groups: null
|
|
advertised_ip_ranges: []
|
|
advertised_route_priority: 100
|
|
enable: true
|
|
enable_ipv6: false
|
|
interface: prod-spoke-dmz-ew4-cr-intf1
|
|
md5_authentication_key: []
|
|
peer_asn: 64514
|
|
project: fast2-prod-net-landing-0
|
|
region: europe-west4
|
|
router: prod-spoke-dmz-ew4-cr
|
|
timeouts: null
|
|
module.spokes-dmz["secondary"].google_network_connectivity_spoke.spoke-ra:
|
|
description: null
|
|
labels: null
|
|
linked_interconnect_attachments: []
|
|
linked_router_appliance_instances:
|
|
- instances:
|
|
- {}
|
|
- {}
|
|
site_to_site_data_transfer: false
|
|
linked_vpc_network: []
|
|
linked_vpn_tunnels: []
|
|
location: europe-west4
|
|
name: prod-spoke-dmz-ew4
|
|
project: fast2-prod-net-landing-0
|
|
timeouts: null
|
|
|
|
counts:
|
|
google_compute_address: 8
|
|
google_compute_external_vpn_gateway: 2
|
|
google_compute_firewall: 12
|
|
google_compute_firewall_policy: 1
|
|
google_compute_firewall_policy_association: 1
|
|
google_compute_firewall_policy_rule: 4
|
|
google_compute_ha_vpn_gateway: 2
|
|
google_compute_instance: 4
|
|
google_compute_network: 4
|
|
google_compute_network_peering: 4
|
|
google_compute_route: 6
|
|
google_compute_router: 8
|
|
google_compute_router_interface: 12
|
|
google_compute_router_nat: 2
|
|
google_compute_router_peer: 20
|
|
google_compute_shared_vpc_host_project: 3
|
|
google_compute_subnetwork: 10
|
|
google_compute_vpn_tunnel: 4
|
|
google_dns_managed_zone: 9
|
|
google_dns_policy: 4
|
|
google_dns_record_set: 3
|
|
google_dns_response_policy: 1
|
|
google_dns_response_policy_rule: 34
|
|
google_essential_contacts_contact: 1
|
|
google_folder: 1
|
|
google_monitoring_alert_policy: 2
|
|
google_monitoring_dashboard: 3
|
|
google_monitoring_monitored_project: 2
|
|
google_network_connectivity_hub: 2
|
|
google_network_connectivity_spoke: 4
|
|
google_project: 3
|
|
google_project_iam_binding: 6
|
|
google_project_iam_member: 2
|
|
google_project_service: 20
|
|
google_project_service_identity: 5
|
|
google_storage_bucket_object: 1
|
|
modules: 37
|
|
random_id: 2
|
|
resources: 212
|