-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
12 changed files
with
394 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Terraform service networking example | ||
This example creates service networking with a global address. | ||
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| project\_id | Project ID | `string` | n/a | yes | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| peering | Service networking peering output | | ||
| project\_id | Project ID | | ||
|
||
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
resource "google_compute_network" "peering_network" { | ||
name = "private-network" | ||
auto_create_subnetworks = "false" | ||
} | ||
|
||
module "service_networking" { | ||
source = "terraform-google-modules/network/google//modules/routes" | ||
version = "~> 9.0" | ||
|
||
project_id = var.project_id | ||
network_id = google_compute_network.peering_network.id | ||
address_name = "global-address" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
output "project_id" { | ||
description = "Project ID" | ||
value = var.project_id | ||
} | ||
|
||
output "peering" { | ||
description = "Service networking peering output" | ||
value = module.service_networking.peering | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
variable "project_id" { | ||
description = "Project ID" | ||
type = string | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# Terraform Google service networking | ||
|
||
This module creates global network address and a service networking | ||
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| address\_name | Global address name | `string` | n/a | yes | | ||
| address\_prefix\_length | Global address prefix length | `number` | `16` | no | | ||
| address\_purpose | Global address purpose | `string` | `"VPC_PEERING"` | no | | ||
| address\_type | Global address type | `string` | `"INTERNAL"` | no | | ||
| create\_peered\_dns\_domain | Create peered dns domain | `bool` | `false` | no | | ||
| create\_peering\_routes\_config | Create peering route config | `bool` | `false` | no | | ||
| deletion\_policy | Deletion policy for service networking resource | `string` | `null` | no | | ||
| dns\_suffix | Dns suffix | `string` | `null` | no | | ||
| domain\_name | Domain name | `string` | `null` | no | | ||
| export\_custom\_routes | Export custom routes | `bool` | `false` | no | | ||
| import\_custom\_routes | Import custom routes to peering rout config | `bool` | `false` | no | | ||
| network\_id | Network id | `string` | n/a | yes | | ||
| network\_name | Network name | `string` | `null` | no | | ||
| project\_id | Project ID | `string` | n/a | yes | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| address\_id | Global address id | | ||
| peering | Service networking connection peering | | ||
|
||
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,27 +1,33 @@ | ||
resource "google_compute_global_address" "private_ip_address" { | ||
name = "private-ip-address" | ||
purpose = "VPC_PEERING" | ||
address_type = "INTERNAL" | ||
prefix_length = 16 | ||
network = google_compute_network.peering_network.id | ||
resource "google_compute_global_address" "global_address" { | ||
project = var.project_id | ||
name = var.address_name | ||
purpose = var.address_purpose | ||
address_type = var.address_type | ||
prefix_length = var.address_prefix_length | ||
network = var.network_id | ||
} | ||
|
||
resource "google_service_networking_connection" "default" { | ||
network = google_compute_network.peering_network.id | ||
network = var.network_id | ||
service = "servicenetworking.googleapis.com" | ||
reserved_peering_ranges = [google_compute_global_address.private_ip_address.name] | ||
reserved_peering_ranges = [google_compute_global_address.global_address.name] | ||
deletion_policy = var.deletion_policy | ||
} | ||
|
||
resource "google_compute_network_peering_routes_config" "peering_routes" { | ||
count = var.create_peering_routes_config ? 1 : 0 | ||
project = var.project_id | ||
peering = google_service_networking_connection.default.peering | ||
network = google_compute_network.peering_network.name | ||
import_custom_routes = true | ||
export_custom_routes = true | ||
network = var.network_name | ||
import_custom_routes = var.import_custom_routes | ||
export_custom_routes = var.export_custom_routes | ||
} | ||
|
||
resource "google_service_networking_peered_dns_domain" "default" { | ||
name = "example-com" | ||
network = google_compute_network.peering_network.name | ||
dns_suffix = "example.com." | ||
count = var.create_peered_dns_domain ? 1 : 0 | ||
project = var.project_id | ||
name = var.domain_name | ||
network = var.network_name | ||
dns_suffix = var.dns_suffix | ||
service = "servicenetworking.googleapis.com" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,156 @@ | ||
apiVersion: blueprints.cloud.google.com/v1alpha1 | ||
kind: BlueprintMetadata | ||
metadata: | ||
name: terraform-google-network-service-networking | ||
annotations: | ||
config.kubernetes.io/local-config: "true" | ||
spec: | ||
info: | ||
title: Terraform Google service networking | ||
source: | ||
repo: https://github.com/q2w/terraform-google-network.git | ||
sourceType: git | ||
dir: /modules/service-networking | ||
version: 9.1.0 | ||
actuationTool: | ||
flavor: Terraform | ||
version: ">= 0.13.0" | ||
description: {} | ||
content: | ||
examples: | ||
- name: basic_auto_mode | ||
location: examples/basic_auto_mode | ||
- name: basic_custom_mode | ||
location: examples/basic_custom_mode | ||
- name: basic_firewall_rule | ||
location: examples/basic_firewall_rule | ||
- name: basic_secondary_ranges | ||
location: examples/basic_secondary_ranges | ||
- name: basic_shared_vpc | ||
location: examples/basic_shared_vpc | ||
- name: basic_vpc_peering | ||
location: examples/basic_vpc_peering | ||
- name: bidirectional-firewall-rules | ||
location: examples/bidirectional-firewall-rules | ||
- name: delete_default_gateway_routes | ||
location: examples/delete_default_gateway_routes | ||
- name: firewall_logging | ||
location: examples/firewall_logging | ||
- name: global-network-firewall-policy | ||
location: examples/global-network-firewall-policy | ||
- name: hierarchical-firewall-policy | ||
location: examples/hierarchical-firewall-policy | ||
- name: ilb_routing | ||
location: examples/ilb_routing | ||
- name: multi_vpc | ||
location: examples/multi_vpc | ||
- name: network_service_tiers | ||
location: examples/network_service_tiers | ||
- name: packet_mirroring | ||
location: examples/packet_mirroring | ||
- name: private_service_connect | ||
location: examples/private_service_connect | ||
- name: private_service_connect_google_apis | ||
location: examples/private_service_connect_google_apis | ||
- name: regional-network-firewall-policy | ||
location: examples/regional-network-firewall-policy | ||
- name: routes | ||
location: examples/routes | ||
- name: secondary_ranges | ||
location: examples/secondary_ranges | ||
- name: service-networking | ||
location: examples/service-networking | ||
- name: simple_ipv6_project | ||
location: examples/simple_ipv6_project | ||
- name: simple_project | ||
location: examples/simple_project | ||
- name: simple_project_with_regional_network | ||
location: examples/simple_project_with_regional_network | ||
- name: submodule_firewall | ||
location: examples/submodule_firewall | ||
- name: submodule_network_peering | ||
location: examples/submodule_network_peering | ||
- name: submodule_svpc_access | ||
location: examples/submodule_svpc_access | ||
- name: submodule_vpc_serverless_connector | ||
location: examples/submodule_vpc_serverless_connector | ||
interfaces: | ||
variables: | ||
- name: address_name | ||
description: Global address name | ||
varType: string | ||
required: true | ||
- name: address_prefix_length | ||
description: Global address prefix length | ||
varType: number | ||
defaultValue: 16 | ||
- name: address_purpose | ||
description: Global address purpose | ||
varType: string | ||
defaultValue: VPC_PEERING | ||
- name: address_type | ||
description: Global address type | ||
varType: string | ||
defaultValue: INTERNAL | ||
- name: create_peered_dns_domain | ||
description: Create peered dns domain | ||
varType: bool | ||
defaultValue: false | ||
- name: create_peering_routes_config | ||
description: Create peering route config | ||
varType: bool | ||
defaultValue: false | ||
- name: deletion_policy | ||
description: Deletion policy for service networking resource | ||
varType: string | ||
- name: dns_suffix | ||
description: Dns suffix | ||
varType: string | ||
- name: domain_name | ||
description: Domain name | ||
varType: string | ||
- name: export_custom_routes | ||
description: Export custom routes | ||
varType: bool | ||
defaultValue: false | ||
- name: import_custom_routes | ||
description: Import custom routes to peering rout config | ||
varType: bool | ||
defaultValue: false | ||
- name: network_id | ||
description: Network id | ||
varType: string | ||
required: true | ||
- name: network_name | ||
description: Network name | ||
varType: string | ||
- name: project_id | ||
description: Project ID | ||
varType: string | ||
required: true | ||
outputs: | ||
- name: address_id | ||
description: Global address id | ||
- name: peering | ||
description: Service networking connection peering | ||
requirements: | ||
roles: | ||
- level: Project | ||
roles: | ||
- roles/compute.networkAdmin | ||
- roles/compute.securityAdmin | ||
- roles/iam.serviceAccountUser | ||
- roles/vpcaccess.admin | ||
- roles/serviceusage.serviceUsageAdmin | ||
- roles/dns.admin | ||
- roles/resourcemanager.tagAdmin | ||
- roles/iam.serviceAccountAdmin | ||
- roles/compute.orgFirewallPolicyAdmin | ||
services: | ||
- cloudresourcemanager.googleapis.com | ||
- compute.googleapis.com | ||
- serviceusage.googleapis.com | ||
- vpcaccess.googleapis.com | ||
- dns.googleapis.com | ||
- networksecurity.googleapis.com | ||
- iam.googleapis.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
output "address_id" { | ||
description = "Global address id" | ||
value = google_compute_global_address.global_address.id | ||
} | ||
|
||
output "peering" { | ||
description = "Service networking connection peering" | ||
value = google_service_networking_connection.default.peering | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
variable "project_id" { | ||
description = "Project ID" | ||
type = string | ||
} | ||
|
||
variable "address_name" { | ||
description = "Global address name" | ||
type = string | ||
} | ||
|
||
variable "address_purpose" { | ||
description = "Global address purpose" | ||
type = string | ||
default = "VPC_PEERING" | ||
} | ||
|
||
variable "address_type" { | ||
description = "Global address type" | ||
type = string | ||
default = "INTERNAL" | ||
} | ||
|
||
variable "address_prefix_length" { | ||
description = "Global address prefix length" | ||
type = number | ||
default = 16 | ||
} | ||
|
||
variable "network_name" { | ||
description = "Network name" | ||
type = string | ||
default = null | ||
} | ||
|
||
variable "network_id" { | ||
description = "Network id" | ||
type = string | ||
} | ||
|
||
variable "deletion_policy" { | ||
description = "Deletion policy for service networking resource" | ||
type = string | ||
default = null | ||
} | ||
|
||
variable "create_peering_routes_config" { | ||
description = "Create peering route config" | ||
type = bool | ||
default = false | ||
} | ||
|
||
variable "import_custom_routes" { | ||
description = "Import custom routes to peering rout config" | ||
type = bool | ||
default = false | ||
} | ||
|
||
variable "export_custom_routes" { | ||
description = "Export custom routes" | ||
type = bool | ||
default = false | ||
} | ||
|
||
variable "create_peered_dns_domain" { | ||
description = "Create peered dns domain" | ||
type = bool | ||
default = false | ||
} | ||
|
||
variable "domain_name" { | ||
description = "Domain name" | ||
type = string | ||
default = null | ||
} | ||
|
||
variable "dns_suffix" { | ||
description = "Dns suffix" | ||
type = string | ||
default = null | ||
} |
Oops, something went wrong.