4722efea40 | ||
---|---|---|
.. | ||
README.md | ||
main.tf | ||
outputs.tf | ||
variables.tf | ||
versions.tf |
README.md
Google Cloud DNS Response Policy
This module allows management of a Google Cloud DNS policy and its rules. The policy can already exist and be referenced by name by setting the policy_create
variable to false
.
Examples
Manage policy and override resolution for specific names
This example shows how to create a policy with a single rule, that directs a specific Google API name to the restricted VIP addresses.
module "dns-policy" {
source = "./fabric/modules/dns-response-policy"
project_id = "myproject"
name = "googleapis"
networks = {
landing = var.vpc.self_link
}
rules = {
pubsub = {
dns_name = "pubsub.googleapis.com."
local_data = {
A = {
rrdatas = ["199.36.153.4", "199.36.153.5"]
}
}
}
}
}
# tftest modules=1 resources=2 inventory=simple.yaml
Use existing policy and override resolution via wildcard with exceptions
This example shows how to create a policy with a single rule, that directs all Google API names except specific ones to the restricted VIP addresses.
module "dns-policy" {
source = "./fabric/modules/dns-response-policy"
project_id = "myproject"
name = "googleapis"
policy_create = false
networks = {
landing = var.vpc.self_link
}
rules = {
default = {
dns_name = "*.googleapis.com."
local_data = {
CNAME = {
rrdatas = ["restricted.googleapis.com."]
}
}
}
pubsub = {
dns_name = "pubsub.googleapis.com."
}
restricted = {
dns_name = "restricted.googleapis.com."
local_data = {
A = {
rrdatas = ["199.36.153.4", "199.36.153.5"]
}
}
}
}
}
# tftest modules=1 resources=3 inventory=nocreate.yaml
Variables
name | description | type | required | default |
---|---|---|---|---|
name | Policy name. | string |
✓ | |
project_id | Project id for the zone. | string |
✓ | |
clusters | Map of GKE clusters to which this policy is applied in name => id format. | map(string) |
{} |
|
description | Policy description. | string |
"Terraform managed." |
|
networks | Map of VPC self links to which this policy is applied in name => self link format. | map(string) |
{} |
|
policy_create | Set to false to use the existing policy matching name and only manage rules. | bool |
true |
|
rules | Map of policy rules in name => rule format. Local data takes precedence over behavior and is in the form record type => attributes. | map(object({…})) |
{} |
Outputs
name | description | sensitive |
---|---|---|
id | Policy id. | |
name | Policy name. | |
policy | Policy resource. |