zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/net-vpn-dynamic
History
Ludovico Magnocavallo 1ac3fe4460
New tfdoc version (#396) 
* update tfdoc

* rewrite check docs, refactor tfdoc replace, regenerate modules READMEs

* remove dead code from check docs

* do not fail on missing variable files in check docs

* fix typos
 		2021-12-21 08:51:51 +01:00
..
README.md New tfdoc version (#396) 2021-12-21 08:51:51 +01:00
main.tf Add support for per-tunnel routers to VPN dynamic and HA (#202) 2021-03-02 07:36:06 +01:00
outputs.tf Add more validations to linter 2021-10-08 18:26:04 +02:00
variables.tf Add more validations to linter 2021-10-08 18:26:04 +02:00
versions.tf Use the same versions file everywhere, pin to tf 1.0+ provider 4.0+ (#355) 2021-11-03 15:05:43 +01:00

README.md

Cloud VPN Dynamic Module

Example

This example shows how to configure a single VPN tunnel using a couple of extra features

  • custom advertisement on the tunnel's BGP session; if custom advertisement is not needed, simply set the bgp_peer_options attribute to null
  • internally generated shared secret, which can be fetched from the module's random_secret output for reuse; a predefined secret can be used instead by assigning it to the shared_secret attribute
module "vpn-dynamic" {
  source          = "./modules/net-vpn-dynamic"
  project_id      = "my-project"
  region          = "europe-west1"
  network         = "my-vpc"
  name            = "gateway-1"
  tunnels = {
    remote-1 = {
      bgp_peer = {
        address = "169.254.139.134"
        asn     = 64513
      }
      bgp_session_range = "169.254.139.133/30"
      ike_version       = 2
      peer_ip           = "1.1.1.1"
      router            = null
      shared_secret     = null
      bgp_peer_options = {
        advertise_groups = ["ALL_SUBNETS"]
        advertise_ip_ranges = {
          "192.168.0.0/24" = "Advertised range description"
        }
        advertise_mode = "CUSTOM"
        route_priority = 1000
      }
    }
  }
}
# tftest:modules=1:resources=10

Variables

name description type required default
name VPN gateway name, and prefix used for dependent resources. string
network VPC used for the gateway and routes. string
project_id Project where resources will be created. string
region Region used for resources. string
gateway_address Optional address assigned to the VPN gateway. Ignored unless gateway_address_create is set to false. string ""
gateway_address_create Create external address assigned to the VPN gateway. Needs to be explicitly set to false to use address in gateway_address variable. bool true
route_priority Route priority, defaults to 1000. number 1000
router_advertise_config Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions. object({…}) null
router_asn Router ASN used for auto-created router. number 64514
router_create Create router. bool true
router_name Router name used for auto created router, or to specify existing router to use. Leave blank to use VPN name for auto created router. string ""
tunnels VPN tunnel configurations, bgp_peer_options is usually null. map(object({…})) {}

Outputs

name description sensitive
address VPN gateway address.
gateway VPN gateway resource.
name VPN gateway name.
random_secret Generated secret.
router Router resource (only if auto-created).
router_name Router name.
self_link VPN gateway self link.
tunnel_names VPN tunnel names.
tunnel_self_links VPN tunnel self links.
tunnels VPN tunnel resources.