Skip to content

Commit

Permalink
Add new submodule for service-networking
Browse files Browse the repository at this point in the history
  • Loading branch information
q2w committed Aug 9, 2024
1 parent 344c0d3 commit 303862d
Show file tree
Hide file tree
Showing 12 changed files with 394 additions and 15 deletions.
1 change: 1 addition & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ docker_restore_examples:
.PHONY: docker_generate_docs
docker_generate_docs:
docker run --rm -it \
-e ENABLE_BPMETADATA \
-v $(CURDIR):/workspace \
$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'
Expand Down
17 changes: 17 additions & 0 deletions examples/service-networking/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Terraform service networking example
This example creates service networking with a global address.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| project\_id | Project ID | `string` | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| peering | Service networking peering output |
| project\_id | Project ID |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
13 changes: 13 additions & 0 deletions examples/service-networking/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
resource "google_compute_network" "peering_network" {
name = "private-network"
auto_create_subnetworks = "false"
}

module "service_networking" {
source = "terraform-google-modules/network/google//modules/service-networking"
version = "~> 9.0"

project_id = var.project_id
network_id = google_compute_network.peering_network.id
address_name = "global-address"
}
9 changes: 9 additions & 0 deletions examples/service-networking/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
output "project_id" {
description = "Project ID"
value = var.project_id
}

output "peering" {
description = "Service networking peering output"
value = module.service_networking.peering
}
4 changes: 4 additions & 0 deletions examples/service-networking/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
variable "project_id" {
description = "Project ID"
type = string
}
31 changes: 31 additions & 0 deletions modules/service-networking/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Terraform Google service networking

This module creates global network address and a service networking
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| address\_name | Global address name | `string` | n/a | yes |
| address\_prefix\_length | Global address prefix length | `number` | `16` | no |
| address\_purpose | Global address purpose | `string` | `"VPC_PEERING"` | no |
| address\_type | Global address type | `string` | `"INTERNAL"` | no |
| create\_peered\_dns\_domain | Create peered dns domain | `bool` | `false` | no |
| create\_peering\_routes\_config | Create peering route config | `bool` | `false` | no |
| deletion\_policy | Deletion policy for service networking resource | `string` | `null` | no |
| dns\_suffix | Dns suffix | `string` | `null` | no |
| domain\_name | Domain name | `string` | `null` | no |
| export\_custom\_routes | Export custom routes | `bool` | `false` | no |
| import\_custom\_routes | Import custom routes to peering rout config | `bool` | `false` | no |
| network\_id | Network id | `string` | n/a | yes |
| network\_name | Network name | `string` | `null` | no |
| project\_id | Project ID | `string` | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| address\_id | Global address id |
| peering | Service networking connection peering |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
36 changes: 21 additions & 15 deletions modules/service-networking/main.tf
Original file line number Diff line number Diff line change
@@ -1,27 +1,33 @@
resource "google_compute_global_address" "private_ip_address" {
name = "private-ip-address"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
network = google_compute_network.peering_network.id
resource "google_compute_global_address" "global_address" {
project = var.project_id
name = var.address_name
purpose = var.address_purpose
address_type = var.address_type
prefix_length = var.address_prefix_length
network = var.network_id
}

resource "google_service_networking_connection" "default" {
network = google_compute_network.peering_network.id
network = var.network_id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
reserved_peering_ranges = [google_compute_global_address.global_address.name]
deletion_policy = var.deletion_policy
}

resource "google_compute_network_peering_routes_config" "peering_routes" {
count = var.create_peering_routes_config ? 1 : 0
project = var.project_id
peering = google_service_networking_connection.default.peering
network = google_compute_network.peering_network.name
import_custom_routes = true
export_custom_routes = true
network = var.network_name
import_custom_routes = var.import_custom_routes
export_custom_routes = var.export_custom_routes
}

resource "google_service_networking_peered_dns_domain" "default" {
name = "example-com"
network = google_compute_network.peering_network.name
dns_suffix = "example.com."
count = var.create_peered_dns_domain ? 1 : 0
project = var.project_id
name = var.domain_name
network = var.network_name
dns_suffix = var.dns_suffix
service = "servicenetworking.googleapis.com"
}
}
156 changes: 156 additions & 0 deletions modules/service-networking/metadata.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
apiVersion: blueprints.cloud.google.com/v1alpha1
kind: BlueprintMetadata
metadata:
name: terraform-google-network-service-networking
annotations:
config.kubernetes.io/local-config: "true"
spec:
info:
title: Terraform Google service networking
source:
repo: https://github.com/q2w/terraform-google-network.git
sourceType: git
dir: /modules/service-networking
version: 9.1.0
actuationTool:
flavor: Terraform
version: ">= 0.13.0"
description: {}
content:
examples:
- name: basic_auto_mode
location: examples/basic_auto_mode
- name: basic_custom_mode
location: examples/basic_custom_mode
- name: basic_firewall_rule
location: examples/basic_firewall_rule
- name: basic_secondary_ranges
location: examples/basic_secondary_ranges
- name: basic_shared_vpc
location: examples/basic_shared_vpc
- name: basic_vpc_peering
location: examples/basic_vpc_peering
- name: bidirectional-firewall-rules
location: examples/bidirectional-firewall-rules
- name: delete_default_gateway_routes
location: examples/delete_default_gateway_routes
- name: firewall_logging
location: examples/firewall_logging
- name: global-network-firewall-policy
location: examples/global-network-firewall-policy
- name: hierarchical-firewall-policy
location: examples/hierarchical-firewall-policy
- name: ilb_routing
location: examples/ilb_routing
- name: multi_vpc
location: examples/multi_vpc
- name: network_service_tiers
location: examples/network_service_tiers
- name: packet_mirroring
location: examples/packet_mirroring
- name: private_service_connect
location: examples/private_service_connect
- name: private_service_connect_google_apis
location: examples/private_service_connect_google_apis
- name: regional-network-firewall-policy
location: examples/regional-network-firewall-policy
- name: routes
location: examples/routes
- name: secondary_ranges
location: examples/secondary_ranges
- name: service-networking
location: examples/service-networking
- name: simple_ipv6_project
location: examples/simple_ipv6_project
- name: simple_project
location: examples/simple_project
- name: simple_project_with_regional_network
location: examples/simple_project_with_regional_network
- name: submodule_firewall
location: examples/submodule_firewall
- name: submodule_network_peering
location: examples/submodule_network_peering
- name: submodule_svpc_access
location: examples/submodule_svpc_access
- name: submodule_vpc_serverless_connector
location: examples/submodule_vpc_serverless_connector
interfaces:
variables:
- name: address_name
description: Global address name
varType: string
required: true
- name: address_prefix_length
description: Global address prefix length
varType: number
defaultValue: 16
- name: address_purpose
description: Global address purpose
varType: string
defaultValue: VPC_PEERING
- name: address_type
description: Global address type
varType: string
defaultValue: INTERNAL
- name: create_peered_dns_domain
description: Create peered dns domain
varType: bool
defaultValue: false
- name: create_peering_routes_config
description: Create peering route config
varType: bool
defaultValue: false
- name: deletion_policy
description: Deletion policy for service networking resource
varType: string
- name: dns_suffix
description: Dns suffix
varType: string
- name: domain_name
description: Domain name
varType: string
- name: export_custom_routes
description: Export custom routes
varType: bool
defaultValue: false
- name: import_custom_routes
description: Import custom routes to peering rout config
varType: bool
defaultValue: false
- name: network_id
description: Network id
varType: string
required: true
- name: network_name
description: Network name
varType: string
- name: project_id
description: Project ID
varType: string
required: true
outputs:
- name: address_id
description: Global address id
- name: peering
description: Service networking connection peering
requirements:
roles:
- level: Project
roles:
- roles/compute.networkAdmin
- roles/compute.securityAdmin
- roles/iam.serviceAccountUser
- roles/vpcaccess.admin
- roles/serviceusage.serviceUsageAdmin
- roles/dns.admin
- roles/resourcemanager.tagAdmin
- roles/iam.serviceAccountAdmin
- roles/compute.orgFirewallPolicyAdmin
services:
- cloudresourcemanager.googleapis.com
- compute.googleapis.com
- serviceusage.googleapis.com
- vpcaccess.googleapis.com
- dns.googleapis.com
- networksecurity.googleapis.com
- iam.googleapis.com
9 changes: 9 additions & 0 deletions modules/service-networking/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
output "address_id" {
description = "Global address id"
value = google_compute_global_address.global_address.id
}

output "peering" {
description = "Service networking connection peering"
value = google_service_networking_connection.default.peering
}
80 changes: 80 additions & 0 deletions modules/service-networking/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
variable "project_id" {
description = "Project ID"
type = string
}

variable "address_name" {
description = "Global address name"
type = string
}

variable "address_purpose" {
description = "Global address purpose"
type = string
default = "VPC_PEERING"
}

variable "address_type" {
description = "Global address type"
type = string
default = "INTERNAL"
}

variable "address_prefix_length" {
description = "Global address prefix length"
type = number
default = 16
}

variable "network_name" {
description = "Network name"
type = string
default = null
}

variable "network_id" {
description = "Network id"
type = string
}

variable "deletion_policy" {
description = "Deletion policy for service networking resource"
type = string
default = null
}

variable "create_peering_routes_config" {
description = "Create peering route config"
type = bool
default = false
}

variable "import_custom_routes" {
description = "Import custom routes to peering rout config"
type = bool
default = false
}

variable "export_custom_routes" {
description = "Export custom routes"
type = bool
default = false
}

variable "create_peered_dns_domain" {
description = "Create peered dns domain"
type = bool
default = false
}

variable "domain_name" {
description = "Domain name"
type = string
default = null
}

variable "dns_suffix" {
description = "Dns suffix"
type = string
default = null
}
Loading

0 comments on commit 303862d

Please sign in to comment.