-
Notifications
You must be signed in to change notification settings - Fork 0
/
metadata.yaml
201 lines (200 loc) · 7.71 KB
/
metadata.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: blueprints.cloud.google.com/v1alpha1
kind: BlueprintMetadata
metadata:
name: terraform-google-network
annotations:
config.kubernetes.io/local-config: "true"
spec:
title: Terraform Network Module
source:
repo: https://github.com/terraform-google-modules/terraform-google-network
sourceType: git
version: 8.1.0
actuationTool:
type: Terraform
version: '>= 0.13.0'
subBlueprints:
- name: fabric-net-firewall
location: modules/fabric-net-firewall
- name: fabric-net-svpc-access
location: modules/fabric-net-svpc-access
- name: firewall-rules
location: modules/firewall-rules
- name: network-peering
location: modules/network-peering
- name: private-service-connect
location: modules/private-service-connect
- name: routes
location: modules/routes
- name: routes-beta
location: modules/routes-beta
- name: subnets
location: modules/subnets
- name: subnets-beta
location: modules/subnets-beta
- name: vpc
location: modules/vpc
- name: vpc-serverless-connector-beta
location: modules/vpc-serverless-connector-beta
examples:
- name: basic_auto_mode
location: examples/basic_auto_mode
- name: basic_custom_mode
location: examples/basic_custom_mode
- name: basic_firewall_rule
location: examples/basic_firewall_rule
- name: basic_secondary_ranges
location: examples/basic_secondary_ranges
- name: basic_shared_vpc
location: examples/basic_shared_vpc
- name: basic_vpc_peering
location: examples/basic_vpc_peering
- name: delete_default_gateway_routes
location: examples/delete_default_gateway_routes
- name: firewall_logging
location: examples/firewall_logging
- name: ilb_routing
location: examples/ilb_routing
- name: multi_vpc
location: examples/multi_vpc
- name: network_service_tiers
location: examples/network_service_tiers
- name: packet_mirroring
location: examples/packet_mirroring
- name: private_service_connect
location: examples/private_service_connect
- name: private_service_connect_google_apis
location: examples/private_service_connect_google_apis
- name: routes
location: examples/routes
- name: secondary_ranges
location: examples/secondary_ranges
- name: simple_project
location: examples/simple_project
- name: simple_project_with_regional_network
location: examples/simple_project_with_regional_network
- name: submodule_firewall
location: examples/submodule_firewall
- name: submodule_network_peering
location: examples/submodule_network_peering
- name: submodule_svpc_access
location: examples/submodule_svpc_access
- name: submodule_vpc_serverless_connector
location: examples/submodule_vpc_serverless_connector
variables:
- name: auto_create_subnetworks
description: When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources.
type: bool
default: false
required: false
- name: delete_default_internet_gateway_routes
description: If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted
type: bool
default: false
required: false
- name: description
description: An optional description of this resource. The resource must be recreated to modify this field.
type: string
default: ""
required: false
- name: firewall_rules
description: List of firewall rules
type: any
default: []
required: false
- name: mtu
description: 'The network MTU (If set to 0, meaning MTU is unset - defaults to ''1460''). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively.'
type: number
default: 0
required: false
- name: network_name
description: The name of the network being created
type: string
required: true
- name: project_id
description: The ID of the project where this VPC will be created
type: string
required: true
- name: routes
description: List of routes being created in this VPC
type: list(map(string))
default: []
required: false
- name: routing_mode
description: The network routing mode (default 'GLOBAL')
type: string
default: GLOBAL
required: false
- name: secondary_ranges
description: Secondary ranges that will be used in some of the subnets
type: map(list(object({ range_name = string, ip_cidr_range = string })))
default: {}
required: false
- name: shared_vpc_host
description: Makes this project a Shared VPC host if 'true' (default 'false')
type: bool
default: false
required: false
- name: subnets
description: The list of subnets being created
type: list(object({subnet_name = string, subnet_ip = string, subnet_region = string, subnet_private_access = optional(string), subnet_private_ipv6_access = optional(string), subnet_flow_logs = optional(string), subnet_flow_logs_interval = optional(string), subnet_flow_logs_sampling = optional(string), subnet_flow_logs_metadata = optional(string), subnet_flow_logs_filter = optional(string), subnet_flow_logs_metadata_fields = optional(list(string)), description = optional(string)}))
required: true
outputs:
- name: network
description: The created network
- name: network_id
description: The ID of the VPC being created
- name: network_name
description: The name of the VPC being created
- name: network_self_link
description: The URI of the VPC being created
- name: project_id
description: VPC project id
- name: route_names
description: The route names associated with this VPC
- name: subnets
description: A map with keys of form subnet_region/subnet_name and values being the outputs of the google_compute_subnetwork resources used to create corresponding subnets.
- name: subnets_flow_logs
description: Whether the subnets will have VPC flow logs enabled
- name: subnets_ids
description: The IDs of the subnets being created
- name: subnets_ips
description: The IPs and CIDRs of the subnets being created
- name: subnets_names
description: The names of the subnets being created
- name: subnets_private_access
description: Whether the subnets will have access to Google API's without a public IP
- name: subnets_regions
description: The region where the subnets will be created
- name: subnets_secondary_ranges
description: The secondary ranges associated with these subnets
- name: subnets_self_links
description: The self-links of subnets being created
roles:
- level: Project
roles:
- roles/compute.networkAdmin
- roles/compute.securityAdmin
- roles/iam.serviceAccountUser
- roles/vpcaccess.admin
- roles/serviceusage.serviceUsageAdmin
- roles/dns.admin
services:
- cloudresourcemanager.googleapis.com
- compute.googleapis.com
- serviceusage.googleapis.com
- vpcaccess.googleapis.com
- dns.googleapis.com