zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/blueprints/networking/glb-hybrid-neg-internal/main.tf

123 lines
3.4 KiB
HCL
Raw Blame History

/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
zones = {
primary = "${var.regions.primary}-b"
secondary = "${var.regions.secondary}-b"
}
}
module "project_landing" {
source = "../../../modules/project"
billing_account = (var.projects_create != null
? var.projects_create.billing_account_id
: null
)
name = var.project_names.landing
parent = (var.projects_create != null
? var.projects_create.parent
: null
)
prefix = var.prefix
project_create = var.projects_create != null
services = [
"compute.googleapis.com",
"networkmanagement.googleapis.com",
# Logging and Monitoring
"logging.googleapis.com",
"monitoring.googleapis.com"
]
}
module "vpc_landing_untrusted" {
source = "../../../modules/net-vpc"
project_id = module.project_landing.project_id
name = "landing-untrusted"
routes = {
spoke1-primary = {
dest_range = var.ip_config.spoke_primary
next_hop_type = "ilb"
next_hop = module.nva_untrusted_ilbs["primary"].forwarding_rule_self_links[""]
}
spoke1-secondary = {
dest_range = var.ip_config.spoke_secondary
next_hop_type = "ilb"
next_hop = module.nva_untrusted_ilbs["secondary"].forwarding_rule_self_links[""]
}
}
subnets = [
{
ip_cidr_range = var.ip_config.untrusted_primary
name = "untrusted-${var.regions.primary}"
region = var.regions.primary
},
{
ip_cidr_range = var.ip_config.untrusted_secondary
name = "untrusted-${var.regions.secondary}"
region = var.regions.secondary
}
]
}
module "vpc_landing_trusted" {
source = "../../../modules/net-vpc"
project_id = module.project_landing.project_id
name = "landing-trusted"
subnets = [
{
ip_cidr_range = var.ip_config.trusted_primary
name = "trusted-${var.regions.primary}"
region = var.regions.primary
},
{
ip_cidr_range = var.ip_config.trusted_secondary
name = "trusted-${var.regions.secondary}"
region = var.regions.secondary
}
]
}
module "firewall_landing_untrusted" {
source = "../../../modules/net-vpc-firewall"
project_id = module.project_landing.project_id
network = module.vpc_landing_untrusted.name
ingress_rules = {
allow-ssh-from-hcs = {
description = "Allow health checks to NVAs coming on port 22."
targets = ["ssh"]
source_ranges = [
"130.211.0.0/22",
"35.191.0.0/16"
]
rules = [{ protocol = "tcp", ports = [22] }]
}
}
}
module "nats_landing" {
for_each = var.regions
source = "../../../modules/net-cloudnat"
project_id = module.project_landing.project_id
region = each.value
name = "nat-${each.value}"
router_network = module.vpc_landing_untrusted.self_link
}
Reference in New Issue View Git Blame Copy Permalink