Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Create module and example for NCC #575

Merged
merged 10 commits into from
Sep 30, 2024
262 changes: 262 additions & 0 deletions examples/network_connectivity_center/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,262 @@
/**
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

module "network_connectivity_center" {
source = "terraform-google-modules/network/google//modules/network-connectivity-center"
project_id = var.project_id
ncc_hub_name = var.ncc_hub_name
vpc_spokes = {
"vpc-1" = {
uri = module.vpc_spoke_vpc.network_id
}
}
hybrid_spokes = {
"vpn-1" = {
type = "vpn"
uris = [for k, v in module.local_to_remote_vpn.tunnel_self_links : v]
site_to_site_data_transfer = true
location = var.vpn_region
}
}
router_appliance_spokes = {
"appliance-1" = {
instances = [
{
virtual_machine = google_compute_instance.router_appliance_1.id
ip_address = google_compute_instance.router_appliance_1.network_interface[0].network_ip
},
{
virtual_machine = google_compute_instance.router_appliance_2.id
ip_address = google_compute_instance.router_appliance_2.network_interface[0].network_ip
}
]
location = var.instance_region
site_to_site_data_transfer = false
}
}
}

################################
# VPC Spoke #
################################
module "vpc_spoke_vpc" {
source = "terraform-google-modules/network/google"
project_id = var.project_id
network_name = var.vpc_spoke_vpc_name
routing_mode = "GLOBAL"

subnets = [
{
subnet_name = "vpc-spoke-subnet-01"
subnet_ip = "10.10.10.0/24"
subnet_region = "us-west1"
},
{
subnet_name = "vpc-spoke-subnet-02"
subnet_ip = "10.10.20.0/24"
subnet_region = "us-east1"
},
{
subnet_name = "vpc-spoke-subnet-03"
subnet_ip = "10.10.30.0/24"
subnet_region = "europe-west4"
}
]
}

################################
# VPN Spoke #
################################
# Simulates an on-prem network that will be connected over VPN
module "vpn_spoke_remote_vpc" {
source = "terraform-google-modules/network/google"
project_id = var.project_id
network_name = var.vpn_spoke_remote_vpc_name
routing_mode = "GLOBAL"

subnets = [
{
subnet_name = "vpn-subnet-01"
subnet_ip = "10.20.10.0/24"
subnet_region = "us-west1"
},
{
subnet_name = "vpn-subnet-02"
subnet_ip = "10.20.20.0/24"
subnet_region = "us-east1"
},
{
subnet_name = "vpn-subnet-03"
subnet_ip = "10.20.30.0/24"
subnet_region = "europe-west4"
}
]
}

module "vpn_spoke_local_vpc" {
source = "terraform-google-modules/network/google"
project_id = var.project_id
network_name = var.vpn_spoke_local_vpc_name
routing_mode = "GLOBAL"
subnets = []
}

module "remote_to_local_vpn" {
source = "terraform-google-modules/vpn/google//modules/vpn_ha"
version = "~> 4.0"

project_id = var.project_id
region = var.vpn_region
network = module.vpn_spoke_remote_vpc.network_id
name = "remote-to-local"
router_asn = 64513
peer_gcp_gateway = module.local_to_remote_vpn.self_link
tunnels = {
remote-0 = {
bgp_peer = {
address = "169.254.1.2"
asn = 64514
}
bgp_peer_options = null
bgp_session_range = "169.254.1.1/30"
ike_version = 2
vpn_gateway_interface = 0
peer_external_gateway_interface = null
shared_secret = module.local_to_remote_vpn.random_secret
}
remote-1 = {
bgp_peer = {
address = "169.254.2.2"
asn = 64514
}
bgp_peer_options = null
bgp_session_range = "169.254.2.1/30"
ike_version = 2
vpn_gateway_interface = 1
peer_external_gateway_interface = null
shared_secret = module.local_to_remote_vpn.random_secret
}
}
}

module "local_to_remote_vpn" {
source = "terraform-google-modules/vpn/google//modules/vpn_ha"
version = "~> 4.0"

project_id = var.project_id
region = var.vpn_region
network = module.vpn_spoke_local_vpc.network_id
name = "local-to-remote"
peer_gcp_gateway = module.remote_to_local_vpn.self_link
router_asn = 64514
tunnels = {
remote-0 = {
bgp_peer = {
address = "169.254.1.1"
asn = 64513
}
bgp_peer_options = null
bgp_session_range = "169.254.1.2/30"
ike_version = 2
vpn_gateway_interface = 0
peer_external_gateway_interface = null
shared_secret = ""
}
remote-1 = {
bgp_peer = {
address = "169.254.2.1"
asn = 64513
}
bgp_peer_options = null
bgp_session_range = "169.254.2.2/30"
ike_version = 2
vpn_gateway_interface = 1
peer_external_gateway_interface = null
shared_secret = ""
}
}
}


################################
# Router Appliance Spoke #
################################
data "google_compute_zones" "available" {
project = var.project_id
region = var.instance_region
}

resource "random_shuffle" "zone" {
input = data.google_compute_zones.available.names
result_count = 1
}

module "router_appliance_spoke_vpc" {
source = "terraform-google-modules/network/google"
project_id = var.project_id
network_name = var.router_appliance_vpc_name
routing_mode = "GLOBAL"

subnets = [
{
subnet_name = "router-appliance-subnet-01"
subnet_ip = "10.20.10.0/24"
subnet_region = var.instance_region
}
]
}

resource "google_compute_instance" "router_appliance_1" {
name = "fake-router-appliance-1"
machine_type = "e2-medium"
project = var.project_id
can_ip_forward = true
zone = random_shuffle.zone.result[0]

boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}

network_interface {
subnetwork = module.router_appliance_spoke_vpc.subnets["${var.instance_region}/router-appliance-subnet-01"].id
access_config {
network_tier = "PREMIUM"
}
}
}

resource "google_compute_instance" "router_appliance_2" {
name = "fake-router-appliance-2"
machine_type = "e2-medium"
project = var.project_id
can_ip_forward = true
zone = random_shuffle.zone.result[0]

boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}

network_interface {
subnetwork = module.router_appliance_spoke_vpc.subnets["${var.instance_region}/router-appliance-subnet-01"].id
access_config {
network_tier = "PREMIUM"
}
}
}
41 changes: 41 additions & 0 deletions examples/network_connectivity_center/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
/**
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

output "ncc_hub" {
description = "The NCC Hub object"
value = module.network_connectivity_center.ncc_hub
}

output "vpc_spokes" {
description = "All vpc spoke objects"
value = module.network_connectivity_center.vpc_spokes
}


output "hybrid_spokes" {
description = "All hybrid spoke objects"
value = module.network_connectivity_center.hybrid_spokes
}

output "router_appliance_spokes" {
description = "All router appliance spoke objects"
value = module.network_connectivity_center.router_appliance_spokes
}

output "spokes" {
description = "All spoke objects prefixed with the type of spoke (vpc, hybrid, appliance)"
value = module.network_connectivity_center.spokes
}
59 changes: 59 additions & 0 deletions examples/network_connectivity_center/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
/**
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

variable "project_id" {
description = "The project ID to host the network in"
}

variable "vpn_region" {
description = "The region where to deploy the VPN"
default = "europe-west4"
}

variable "instance_region" {
description = "The region where to deploy the Router Instance in"
default = "us-central1"
}

variable "ncc_hub_name" {
description = "The Name of the NCC Hub"
type = string
default = "ncc-hub"
}

variable "vpc_spoke_vpc_name" {
description = "The VPC Name for the VPC Spoke"
type = string
default = "vpc-spoke"
}

variable "vpn_spoke_local_vpc_name" {
description = "The name for the local VPC (GCP side) for the VPN Spoke"
type = string
default = "vpn-local-spoke"
}

variable "vpn_spoke_remote_vpc_name" {
description = "The name for the remote VPC (fake on-orem) for the VPN Spoke"
type = string
default = "vpn-remote-spoke"
}

variable "router_appliance_vpc_name" {
description = "The VPC Name for the VPC Spoke"
type = string
default = "router-appliance-spoke"
}
27 changes: 27 additions & 0 deletions examples/network_connectivity_center/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
/**
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

terraform {
required_version = ">=0.13.0"

required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.40.0"

}
}
}
Loading