123 lines
3.4 KiB
HCL
123 lines
3.4 KiB
HCL
/**
|
|
* Copyright 2023 Google LLC
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
locals {
|
|
zones = {
|
|
primary = "${var.regions.primary}-b"
|
|
secondary = "${var.regions.secondary}-b"
|
|
}
|
|
}
|
|
|
|
module "project_landing" {
|
|
source = "../../../modules/project"
|
|
billing_account = (var.projects_create != null
|
|
? var.projects_create.billing_account_id
|
|
: null
|
|
)
|
|
name = var.project_names.landing
|
|
parent = (var.projects_create != null
|
|
? var.projects_create.parent
|
|
: null
|
|
)
|
|
prefix = var.prefix
|
|
project_create = var.projects_create != null
|
|
|
|
services = [
|
|
"compute.googleapis.com",
|
|
"networkmanagement.googleapis.com",
|
|
# Logging and Monitoring
|
|
"logging.googleapis.com",
|
|
"monitoring.googleapis.com"
|
|
]
|
|
}
|
|
|
|
module "vpc_landing_untrusted" {
|
|
source = "../../../modules/net-vpc"
|
|
project_id = module.project_landing.project_id
|
|
name = "landing-untrusted"
|
|
|
|
routes = {
|
|
spoke1-primary = {
|
|
dest_range = var.ip_config.spoke_primary
|
|
next_hop_type = "ilb"
|
|
next_hop = module.nva_untrusted_ilbs["primary"].forwarding_rule_self_link
|
|
}
|
|
spoke1-secondary = {
|
|
dest_range = var.ip_config.spoke_secondary
|
|
next_hop_type = "ilb"
|
|
next_hop = module.nva_untrusted_ilbs["secondary"].forwarding_rule_self_link
|
|
}
|
|
}
|
|
|
|
subnets = [
|
|
{
|
|
ip_cidr_range = var.ip_config.untrusted_primary
|
|
name = "untrusted-${var.regions.primary}"
|
|
region = var.regions.primary
|
|
},
|
|
{
|
|
ip_cidr_range = var.ip_config.untrusted_secondary
|
|
name = "untrusted-${var.regions.secondary}"
|
|
region = var.regions.secondary
|
|
}
|
|
]
|
|
}
|
|
|
|
module "vpc_landing_trusted" {
|
|
source = "../../../modules/net-vpc"
|
|
project_id = module.project_landing.project_id
|
|
name = "landing-trusted"
|
|
subnets = [
|
|
{
|
|
ip_cidr_range = var.ip_config.trusted_primary
|
|
name = "trusted-${var.regions.primary}"
|
|
region = var.regions.primary
|
|
},
|
|
{
|
|
ip_cidr_range = var.ip_config.trusted_secondary
|
|
name = "trusted-${var.regions.secondary}"
|
|
region = var.regions.secondary
|
|
}
|
|
]
|
|
}
|
|
|
|
module "firewall_landing_untrusted" {
|
|
source = "../../../modules/net-vpc-firewall"
|
|
project_id = module.project_landing.project_id
|
|
network = module.vpc_landing_untrusted.name
|
|
|
|
ingress_rules = {
|
|
allow-ssh-from-hcs = {
|
|
description = "Allow health checks to NVAs coming on port 22."
|
|
targets = ["ssh"]
|
|
source_ranges = [
|
|
"130.211.0.0/22",
|
|
"35.191.0.0/16"
|
|
]
|
|
rules = [{ protocol = "tcp", ports = [22] }]
|
|
}
|
|
}
|
|
}
|
|
|
|
module "nats_landing" {
|
|
for_each = var.regions
|
|
source = "../../../modules/net-cloudnat"
|
|
project_id = module.project_landing.project_id
|
|
region = each.value
|
|
name = "nat-${each.value}"
|
|
router_network = module.vpc_landing_untrusted.self_link
|
|
}
|