diff --git a/.gitignore b/.gitignore index a2d19a2c5..b266b9dc6 100644 --- a/.gitignore +++ b/.gitignore @@ -37,8 +37,11 @@ examples/cloud-operations/adfs/ansible/gssh.sh examples/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/vars.yaml examples/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/gssh.sh blueprints/cloud-operations/network-dashboard/cloud-function.zip -blueprints/cloud-operations/apigee/bundle-export.zip -blueprints/cloud-operations/apigee/bundle-gcs2bq.zip -blueprints/cloud-operations/apigee/apiproxy.zip -blueprints/cloud-operations/apigee/create-datastore.sh -blueprints/cloud-operations/apigee/deploy-apiproxy.sh +blueprints/apigee/bigquery-analytics/bundle-export.zip +blueprints/apigee/bigquery-analytics/bundle-gcs2bq.zip +blueprints/apigee/bigquery-analytics/apiproxy.zip +blueprints/apigee/bigquery-analytics/create-datastore.sh +blueprints/apigee/bigquery-analytics/deploy-apiproxy.sh +blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle/apiproxy/targets/default.xml +blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle.zip +blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/deploy-apiproxy.sh diff --git a/blueprints/apigee/README.md b/blueprints/apigee/README.md new file mode 100644 index 000000000..67b933ce7 --- /dev/null +++ b/blueprints/apigee/README.md @@ -0,0 +1,8 @@ +# Apigee Examples + +This repository contains the following Apigee examples: + +* [Apigee BigQuery analytics](./bigquery-analytics/README.md) +* Apigee network patterns + * [Apigee X - Northbound GLB with PSC Neg, Southbouth PSC with ILB (L7) and Hybrid NEG +](./network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md) \ No newline at end of file diff --git a/blueprints/cloud-operations/apigee/README.md b/blueprints/apigee/bigquery-analytics/README.md similarity index 100% rename from blueprints/cloud-operations/apigee/README.md rename to blueprints/apigee/bigquery-analytics/README.md diff --git a/blueprints/cloud-operations/apigee/diagram1.png b/blueprints/apigee/bigquery-analytics/diagram1.png similarity index 100% rename from blueprints/cloud-operations/apigee/diagram1.png rename to blueprints/apigee/bigquery-analytics/diagram1.png diff --git a/blueprints/cloud-operations/apigee/diagram2.png b/blueprints/apigee/bigquery-analytics/diagram2.png similarity index 100% rename from blueprints/cloud-operations/apigee/diagram2.png rename to blueprints/apigee/bigquery-analytics/diagram2.png diff --git a/blueprints/cloud-operations/apigee/functions/export/index.js b/blueprints/apigee/bigquery-analytics/functions/export/index.js similarity index 100% rename from blueprints/cloud-operations/apigee/functions/export/index.js rename to blueprints/apigee/bigquery-analytics/functions/export/index.js diff --git a/blueprints/cloud-operations/apigee/functions/export/package-lock.json b/blueprints/apigee/bigquery-analytics/functions/export/package-lock.json similarity index 100% rename from blueprints/cloud-operations/apigee/functions/export/package-lock.json rename to blueprints/apigee/bigquery-analytics/functions/export/package-lock.json diff --git a/blueprints/cloud-operations/apigee/functions/export/package.json b/blueprints/apigee/bigquery-analytics/functions/export/package.json similarity index 100% rename from blueprints/cloud-operations/apigee/functions/export/package.json rename to blueprints/apigee/bigquery-analytics/functions/export/package.json diff --git a/blueprints/cloud-operations/apigee/functions/gcs2bq/index.js b/blueprints/apigee/bigquery-analytics/functions/gcs2bq/index.js similarity index 100% rename from blueprints/cloud-operations/apigee/functions/gcs2bq/index.js rename to blueprints/apigee/bigquery-analytics/functions/gcs2bq/index.js diff --git a/blueprints/cloud-operations/apigee/functions/gcs2bq/package-lock.json b/blueprints/apigee/bigquery-analytics/functions/gcs2bq/package-lock.json similarity index 100% rename from blueprints/cloud-operations/apigee/functions/gcs2bq/package-lock.json rename to blueprints/apigee/bigquery-analytics/functions/gcs2bq/package-lock.json diff --git a/blueprints/cloud-operations/apigee/functions/gcs2bq/package.json b/blueprints/apigee/bigquery-analytics/functions/gcs2bq/package.json similarity index 100% rename from blueprints/cloud-operations/apigee/functions/gcs2bq/package.json rename to blueprints/apigee/bigquery-analytics/functions/gcs2bq/package.json diff --git a/blueprints/cloud-operations/apigee/functions/gcs2bq/schema.json b/blueprints/apigee/bigquery-analytics/functions/gcs2bq/schema.json similarity index 100% rename from blueprints/cloud-operations/apigee/functions/gcs2bq/schema.json rename to blueprints/apigee/bigquery-analytics/functions/gcs2bq/schema.json diff --git a/blueprints/cloud-operations/apigee/main.tf b/blueprints/apigee/bigquery-analytics/main.tf similarity index 100% rename from blueprints/cloud-operations/apigee/main.tf rename to blueprints/apigee/bigquery-analytics/main.tf diff --git a/blueprints/cloud-operations/apigee/outputs.tf b/blueprints/apigee/bigquery-analytics/outputs.tf similarity index 100% rename from blueprints/cloud-operations/apigee/outputs.tf rename to blueprints/apigee/bigquery-analytics/outputs.tf diff --git a/blueprints/cloud-operations/apigee/package-lock.json b/blueprints/apigee/bigquery-analytics/package-lock.json similarity index 100% rename from blueprints/cloud-operations/apigee/package-lock.json rename to blueprints/apigee/bigquery-analytics/package-lock.json diff --git a/blueprints/cloud-operations/apigee/send-requests.sh b/blueprints/apigee/bigquery-analytics/send-requests.sh similarity index 100% rename from blueprints/cloud-operations/apigee/send-requests.sh rename to blueprints/apigee/bigquery-analytics/send-requests.sh diff --git a/blueprints/cloud-operations/apigee/templates/create-datastore.sh.tpl b/blueprints/apigee/bigquery-analytics/templates/create-datastore.sh.tpl similarity index 100% rename from blueprints/cloud-operations/apigee/templates/create-datastore.sh.tpl rename to blueprints/apigee/bigquery-analytics/templates/create-datastore.sh.tpl diff --git a/blueprints/cloud-operations/apigee/templates/deploy-apiproxy.sh.tpl b/blueprints/apigee/bigquery-analytics/templates/deploy-apiproxy.sh.tpl similarity index 100% rename from blueprints/cloud-operations/apigee/templates/deploy-apiproxy.sh.tpl rename to blueprints/apigee/bigquery-analytics/templates/deploy-apiproxy.sh.tpl diff --git a/blueprints/cloud-operations/apigee/terraform.tfvars.sample b/blueprints/apigee/bigquery-analytics/terraform.tfvars.sample similarity index 64% rename from blueprints/cloud-operations/apigee/terraform.tfvars.sample rename to blueprints/apigee/bigquery-analytics/terraform.tfvars.sample index c8c38cafb..db4213210 100644 --- a/blueprints/cloud-operations/apigee/terraform.tfvars.sample +++ b/blueprints/apigee/bigquery-analytics/terraform.tfvars.sample @@ -1,10 +1,10 @@ project_create = { - billing_account_id = "011D94-9C86C1-ADD197" - parent = "folders/586929298360" + billing_account_id = "12345-12345-123456" + parent = "folders/123456789" } -project_id = "g-prj-cd-sb-apigee-bq-10" +project_id = "my-project" envgroups = { - test = ["test.cool-demos.space"] + test = ["test.myorg.org"] } environments = { apis-test = { diff --git a/blueprints/cloud-operations/apigee/variables.tf b/blueprints/apigee/bigquery-analytics/variables.tf similarity index 100% rename from blueprints/cloud-operations/apigee/variables.tf rename to blueprints/apigee/bigquery-analytics/variables.tf diff --git a/blueprints/cloud-operations/apigee/versions.tf b/blueprints/apigee/bigquery-analytics/versions.tf similarity index 100% rename from blueprints/cloud-operations/apigee/versions.tf rename to blueprints/apigee/bigquery-analytics/versions.tf diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md new file mode 100644 index 000000000..e47ba6f33 --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md @@ -0,0 +1,68 @@ +# Apigee X - Northbound GLB with PSC Neg, Southbouth PSC with ILB (L7) and Hybrid NEG + +The following example shows how to expose an on-prem target backend to clients in the internet. + +The architecture is the one depicted below. + +![Diagram](diagram.png) + +To emulate an service deployed on-premise, we have used a managed instance group of instances running Nginx exposed via a regional internalload balancer (L7). The service is accesible through VPN. + +## Running the blueprint + +1. Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/cloudshell/editor?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fcloud-foundation-fabric&cloudshell_print=cloud-shell-readme.txt&cloudshell_working_dir=blueprints%2F%apigee%2F/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg), then go through the following steps to create resources: + +2. Copy the file [terraform.tfvars.sample](./terraform.tfvars.sample) to a file called ```terraform.tfvars``` and update the values if required. + +3. Initialize the terraform configuration + + ```terraform init``` + +4. Apply the terraform configuration + + ```terraform apply``` + +Once the resources have been created, do the following: + +Create an A record in your DNS registrar to point the environment group hostname to the public IP address returned after the terraform configuration was applied. You might need to wait some time until the certificate is provisioned. + +## Testing the blueprint + +Do the following to verify that everything works as expected. + +1. Deploy the API proxy + + ./deploy-apiproxy.sh + +2. Send a request + + curl -v https://HOSTNAME/test/ + + You should get back an HTTP 200 OK response. + + +## Variables + +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| [apigee_project_id](variables.tf#L17) | Project ID. | string | ✓ | | +| [billing_account_id](variables.tf#L47) | Parameters for the creation of the new project. | string | ✓ | | +| [hostname](variables.tf#L52) | Host name. | string | ✓ | | +| [onprem_project_id](variables.tf#L57) | Project ID. | string | ✓ | | +| [parent](variables.tf#L75) | Parent (organizations/organizationID or folders/folderID). | string | ✓ | | +| [apigee_proxy_only_subnet_ip_cidr_range](variables.tf#L23) | Subnet IP CIDR range. | string | | "10.2.1.0/24" | +| [apigee_psa_ip_cidr_range](variables.tf#L29) | Apigee PSA IP CIDR range. | string | | "10.0.4.0/22" | +| [apigee_psc_subnet_ip_cidr_range](variables.tf#L35) | Subnet IP CIDR range. | string | | "10.2.2.0/24" | +| [apigee_subnet_ip_cidr_range](variables.tf#L41) | Subnet IP CIDR range. | string | | "10.2.0.0/24" | +| [onprem_proxy_only_subnet_ip_cidr_range](variables.tf#L63) | Subnet IP CIDR range. | string | | "10.1.1.0/24" | +| [onprem_subnet_ip_cidr_range](variables.tf#L69) | Subnet IP CIDR range. | string | | "10.1.0.0/24" | +| [region](variables.tf#L80) | Region. | string | | "europe-west1" | +| [zone](variables.tf#L86) | Zone. | string | | "europe-west1-c" | + +## Outputs + +| name | description | sensitive | +|---|---|:---:| +| [ip_address](outputs.tf#L17) | GLB IP address. | | + + diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf new file mode 100644 index 000000000..0e4faabfb --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee.tf @@ -0,0 +1,96 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + envgroup = "test" + environment = "apis-test" +} + +module "apigee_project" { + source = "../../../../modules/project" + billing_account = var.billing_account_id + parent = var.parent + name = var.apigee_project_id + services = [ + "apigee.googleapis.com", + "compute.googleapis.com", + "servicenetworking.googleapis.com", + ] +} + +module "apigee_vpc" { + source = "../../../../modules/net-vpc" + project_id = module.apigee_project.project_id + name = "vpc" + subnets_proxy_only = [ + { + ip_cidr_range = var.apigee_proxy_only_subnet_ip_cidr_range + name = "regional-proxy" + region = var.region + active = true + } + ] + subnets = [ + { + ip_cidr_range = var.apigee_subnet_ip_cidr_range + name = "subnet" + region = var.region + } + ] + subnets_psc = [{ + ip_cidr_range = var.apigee_psc_subnet_ip_cidr_range + name = "subnet-psc" + region = var.region + }] + psa_config = { + ranges = { + "apigee" = var.apigee_psa_ip_cidr_range + } + } +} + +module "apigee" { + source = "../../../../modules/apigee" + project_id = module.apigee_project.project_id + organization = { + authorized_network = module.apigee_vpc.network.name + analytics_region = var.region + } + envgroups = { + (local.envgroup) = [var.hostname] + } + environments = { + (local.environment) = { + envgroups = [local.envgroup] + } + } + instances = { + instance-1 = { + region = var.region + environments = [local.environment] + psa_ip_cidr_range = var.apigee_psa_ip_cidr_range + } + } + endpoint_attachments = { + backend = { + region = var.region + service_attachment = google_compute_service_attachment.service_attachment.id + } + } + depends_on = [ + module.apigee_vpc + ] +} diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee_nb.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee_nb.tf new file mode 100644 index 000000000..b568da9a0 --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee_nb.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "glb" { + source = "../../../../modules/net-glb" + name = "glb" + project_id = module.apigee_project.project_id + protocol = "HTTPS" + use_classic_version = false + backend_service_configs = { + default = { + backends = [{ backend = "neg-0" }] + protocol = "HTTPS" + health_checks = [] + } + } + neg_configs = { + neg-0 = { + psc = { + region = var.region + target_service = module.apigee.instances["instance-1"].service_attachment + network = module.apigee_vpc.network.self_link + subnetwork = ( + module.apigee_vpc.subnets_psc["${var.region}/subnet-psc"].self_link + ) + } + } + } + ssl_certificates = { + managed_configs = { + default = { + domains = [var.hostname] + } + } + } + +} diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee_sb.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee_sb.tf new file mode 100644 index 000000000..e6df149b2 --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apigee_sb.tf @@ -0,0 +1,68 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "apigee_ilb_l7" { + source = "../../../../modules/net-ilb-l7" + name = "apigee-ilb" + project_id = module.apigee_project.project_id + region = var.region + backend_service_configs = { + default = { + backends = [{ + balancing_mode = "RATE" + group = "my-neg" + max_rate = { per_endpoint = 1 } + }] + } + } + neg_configs = { + my-neg = { + hybrid = { + zone = var.zone + endpoints = { + e-0 = { + ip_address = module.onprem_ilb_l7.address + port = 80 + } + } + } + } + } + health_check_configs = { + default = { + http = { + port = 80 + } + } + } + vpc_config = { + network = module.apigee_vpc.self_link + subnetwork = module.apigee_vpc.subnet_self_links["${var.region}/subnet"] + } + depends_on = [ + module.apigee_vpc.subnets_proxy_only + ] +} + +resource "google_compute_service_attachment" "service_attachment" { + name = "service-attachment" + project = module.apigee_project.project_id + region = var.region + enable_proxy_protocol = false + connection_preference = "ACCEPT_AUTOMATIC" + nat_subnets = [module.apigee_vpc.subnets_psc["${var.region}/subnet-psc"].self_link] + target_service = module.apigee_ilb_l7.forwarding_rule.id +} diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apiproxy.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apiproxy.tf new file mode 100644 index 000000000..a94b11eec --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/apiproxy.tf @@ -0,0 +1,41 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +resource "local_file" "target_endpoint_file" { + content = templatefile("${path.module}/templates/targets/default.xml.tpl", { + ip_address = module.apigee.endpoint_attachment_hosts["backend"] + }) + filename = "${path.module}/bundle/apiproxy/targets/default.xml" + file_permission = "0777" +} + +data "archive_file" "bundle" { + type = "zip" + source_dir = "${path.module}/bundle" + output_path = "${path.module}/bundle.zip" + depends_on = [ + local_file.target_endpoint_file + ] +} + +resource "local_file" "deploy_apiproxy_file" { + content = templatefile("${path.module}/templates/deploy-apiproxy.sh.tpl", { + organization = module.apigee.org_name + environment = local.environment + }) + filename = "${path.module}/deploy-apiproxy.sh" + file_permission = "0777" +} diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle/apiproxy/proxies/default.xml b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle/apiproxy/proxies/default.xml new file mode 100644 index 000000000..a277b3cda --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle/apiproxy/proxies/default.xml @@ -0,0 +1,18 @@ + + + + + + + + + + + + + /test + + + default + + diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle/apiproxy/test.xml b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle/apiproxy/test.xml new file mode 100644 index 000000000..93812d829 --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/bundle/apiproxy/test.xml @@ -0,0 +1,10 @@ + + + /test + + default + + + default + + diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/diagram.png b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/diagram.png new file mode 100644 index 000000000..8667cd318 Binary files /dev/null and b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/diagram.png differ diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/onprem.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/onprem.tf new file mode 100644 index 000000000..07bedf8a8 --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/onprem.tf @@ -0,0 +1,152 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "onprem_project" { + source = "../../../../modules/project" + billing_account = var.billing_account_id + parent = var.parent + name = var.onprem_project_id + services = [ + "compute.googleapis.com" + ] +} + +module "onprem_vpc" { + source = "../../../../modules/net-vpc" + project_id = module.onprem_project.project_id + name = "vpc" + subnets_proxy_only = [ + { + ip_cidr_range = var.onprem_proxy_only_subnet_ip_cidr_range + name = "regional-proxy" + region = var.region + active = true + } + ] + subnets = [ + { + ip_cidr_range = var.onprem_subnet_ip_cidr_range + name = "subnet" + region = var.region + } + ] +} + +module "firewall" { + source = "../../../../modules/net-vpc-firewall" + project_id = module.onprem_project.project_id + network = module.onprem_vpc.network.name + default_rules_config = { + disabled = true + } + ingress_rules = { + fw-allow-health-check = { + source_ranges = ["35.191.0.0/16", "130.211.0.0/22"] + targets = ["http-server"] + rules = [{ protocol = "tcp", ports = ["80"] }] + } + fw-allow-proxies = { + source_ranges = [var.onprem_proxy_only_subnet_ip_cidr_range] + targets = ["http-server"] + rules = [{ protocol = "tcp", ports = ["80"] }] + } + } +} + +module "cos-nginx" { + source = "../../../../modules/cloud-config-container/nginx" +} + +module "instance_template" { + source = "../../../../modules/compute-vm" + project_id = module.onprem_project.project_id + name = "nginx-template" + zone = var.zone + tags = ["http-server", "ssh"] + network_interfaces = [{ + network = module.onprem_vpc.self_link + subnetwork = module.onprem_vpc.subnet_self_links["${var.region}/subnet"] + nat = false + addresses = null + }] + boot_disk = { + image = "projects/cos-cloud/global/images/family/cos-stable" + type = "pd-ssd" + size = 10 + } + create_template = true + metadata = { + user-data = module.cos-nginx.cloud_config + } +} + +module "mig" { + source = "../../../../modules/compute-mig" + project_id = module.onprem_project.project_id + location = var.region + name = "mig" + target_size = 2 + instance_template = module.instance_template.template.self_link + named_ports = { + http = 80 + } + health_check_config = { + check_interval_sec = 1 + enable_logging = true + healthy_threshold = 1 + http = { + port_name = "http" + } + timeout_sec = 1 + unhealthy_threshold = 1 + } +} + +module "onprem_ilb_l7" { + source = "../../../../modules/net-ilb-l7" + name = "ilb" + project_id = module.onprem_project.project_id + region = var.region + backend_service_configs = { + default = { + port_name = "http" + backends = [{ + group = module.mig.group_manager.instance_group + }] + } + } + health_check_configs = { + default = { + check_interval_sec = 1 + enable_logging = true + healthy_threshold = 1 + http = { + port_name = "http" + port_specification = "USE_NAMED_PORT" + request_path = "/" + } + timeout_sec = 1 + unhealthy_threshold = 1 + } + } + vpc_config = { + network = module.onprem_vpc.self_link + subnetwork = module.onprem_vpc.subnet_self_links["${var.region}/subnet"] + } + depends_on = [ + module.onprem_vpc.subnets_proxy_only + ] +} diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/outputs.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/outputs.tf new file mode 100644 index 000000000..3dffa2808 --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "ip_address" { + description = "GLB IP address." + value = module.glb.address +} \ No newline at end of file diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/templates/deploy-apiproxy.sh.tpl b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/templates/deploy-apiproxy.sh.tpl new file mode 100644 index 000000000..21a0be14f --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/templates/deploy-apiproxy.sh.tpl @@ -0,0 +1,34 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + +ORGANIZATION=${organization} +ENVIRONMENT=${environment} + +export TOKEN=$(gcloud auth print-access-token) + +curl -v -X POST \ +-H "Authorization: Bearer $TOKEN" \ +-H "Content-Type:application/octet-stream" \ +-T 'bundle.zip' \ +"https://apigee.googleapis.com/v1/organizations/$ORGANIZATION/apis?name=test&action=import" + +curl -v -X POST \ +-H "Authorization: Bearer $TOKEN" \ +"https://apigee.googleapis.com/v1/organizations/$ORGANIZATION/environments/$ENVIRONMENT/apis/test/revisions/1/deployments" + +curl -v \ +-H "Authorization: Bearer $TOKEN" \ +"https://apigee.googleapis.com/v1/organizations/$ORGANIZATION/environments/$ENVIRONMENT/apis/test/revisions/1/deployments" diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/templates/targets/default.xml.tpl b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/templates/targets/default.xml.tpl new file mode 100644 index 000000000..a2290cc4c --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/templates/targets/default.xml.tpl @@ -0,0 +1,15 @@ + + + + + + + + + + + + + http://${ip_address} + + \ No newline at end of file diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/terraform.tfvars.sample b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/terraform.tfvars.sample new file mode 100644 index 000000000..8c3ff2970 --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/terraform.tfvars.sample @@ -0,0 +1,5 @@ +billing_account_id = "12345-12345-123456" +parent = "folders/123456789" +apigee_project_id = "my-apigee-project" +onprem_project_id = "my-onprem-project" +hostname = "test.myorg.org" \ No newline at end of file diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf new file mode 100644 index 000000000..5d28ab9f7 --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/variables.tf @@ -0,0 +1,90 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "apigee_project_id" { + description = "Project ID." + type = string + nullable = false +} + +variable "apigee_proxy_only_subnet_ip_cidr_range" { + description = "Subnet IP CIDR range." + type = string + default = "10.2.1.0/24" +} + +variable "apigee_psa_ip_cidr_range" { + description = "Apigee PSA IP CIDR range." + type = string + default = "10.0.4.0/22" +} + +variable "apigee_psc_subnet_ip_cidr_range" { + description = "Subnet IP CIDR range." + type = string + default = "10.2.2.0/24" +} + +variable "apigee_subnet_ip_cidr_range" { + description = "Subnet IP CIDR range." + type = string + default = "10.2.0.0/24" +} + +variable "billing_account_id" { + description = "Parameters for the creation of the new project." + type = string +} + +variable "hostname" { + description = "Host name." + type = string +} + +variable "onprem_project_id" { + description = "Project ID." + type = string + nullable = false +} + +variable "onprem_proxy_only_subnet_ip_cidr_range" { + description = "Subnet IP CIDR range." + type = string + default = "10.1.1.0/24" +} + +variable "onprem_subnet_ip_cidr_range" { + description = "Subnet IP CIDR range." + type = string + default = "10.1.0.0/24" +} + +variable "parent" { + description = "Parent (organizations/organizationID or folders/folderID)." + type = string +} + +variable "region" { + description = "Region." + type = string + default = "europe-west1" +} + +variable "zone" { + description = "Zone." + type = string + default = "europe-west1-c" +} diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/versions.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/versions.tf new file mode 100644 index 000000000..90b632f6d --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/versions.tf @@ -0,0 +1,29 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +terraform { + required_version = ">= 1.3.1" + required_providers { + google = { + source = "hashicorp/google" + version = ">= 4.47.0" # tftest + } + google-beta = { + source = "hashicorp/google-beta" + version = ">= 4.47.0" # tftest + } + } +} + + diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/vpn.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/vpn.tf new file mode 100644 index 000000000..c39878d19 --- /dev/null +++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/vpn.tf @@ -0,0 +1,117 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "apigee_vpn" { + source = "../../../../modules/net-vpn-ha" + project_id = module.apigee_project.project_id + network = module.apigee_vpc.self_link + region = var.region + name = "vpn" + router_config = { + name = "router" + asn = 64513 + custom_advertise = { + all_subnets = true + ip_ranges = { + "35.191.0.0/16" = "health checks" + "130.211.0.0/22" = "load balancers" + } + mode = "CUSTOM" + } + } + peer_gateway = { + gcp = module.onprem_vpn.self_link + } + tunnels = { + 0 = { + bgp_peer = { + address = "169.254.2.2" + asn = 64514 + } + bgp_peer_options = null + bgp_session_range = "169.254.2.1/30" + ike_version = 2 + peer_external_gateway_interface = null + router = null + shared_secret = null + vpn_gateway_interface = 0 + } + 1 = { + bgp_peer = { + address = "169.254.2.6" + asn = 64514 + } + bgp_peer_options = null + bgp_session_range = "169.254.2.5/30" + ike_version = 2 + peer_external_gateway_interface = null + router = null + shared_secret = null + vpn_gateway_interface = 1 + } + } +} + +module "onprem_vpn" { + source = "../../../../modules/net-vpn-ha" + project_id = module.onprem_project.project_id + network = module.onprem_vpc.self_link + region = var.region + name = "vpn" + router_config = { + name = "router-${var.region}" + asn = 64514 + custom_advertise = { + all_subnets = false + ip_ranges = { + (var.onprem_subnet_ip_cidr_range) = "subnet range" + } + mode = "CUSTOM" + } + } + peer_gateway = { + gcp = module.apigee_vpn.self_link + } + tunnels = { + 0 = { + bgp_peer = { + address = "169.254.2.1" + asn = 64513 + } + bgp_peer_options = null + bgp_session_range = "169.254.2.2/30" + ike_version = 2 + peer_external_gateway_interface = null + router = null + shared_secret = module.apigee_vpn.random_secret + vpn_gateway_interface = 0 + } + 1 = { + bgp_peer = { + address = "169.254.2.5" + asn = 64513 + } + bgp_peer_options = null + bgp_session_range = "169.254.2.6/30" + ike_version = 2 + peer_external_gateway_interface = null + router = null + shared_secret = module.apigee_vpn.random_secret + vpn_gateway_interface = 1 + } + } +} + diff --git a/tests/blueprints/cloud_operations/apigee/__init__.py b/tests/blueprints/apigee/bigquery-analytics/__init__.py similarity index 100% rename from tests/blueprints/cloud_operations/apigee/__init__.py rename to tests/blueprints/apigee/bigquery-analytics/__init__.py diff --git a/tests/blueprints/cloud_operations/apigee/basic.tfvars b/tests/blueprints/apigee/bigquery-analytics/basic.tfvars similarity index 100% rename from tests/blueprints/cloud_operations/apigee/basic.tfvars rename to tests/blueprints/apigee/bigquery-analytics/basic.tfvars diff --git a/tests/blueprints/cloud_operations/apigee/basic.yaml b/tests/blueprints/apigee/bigquery-analytics/basic.yaml similarity index 100% rename from tests/blueprints/cloud_operations/apigee/basic.yaml rename to tests/blueprints/apigee/bigquery-analytics/basic.yaml diff --git a/tests/blueprints/cloud_operations/apigee/tftest.yaml b/tests/blueprints/apigee/bigquery-analytics/tftest.yaml similarity index 92% rename from tests/blueprints/cloud_operations/apigee/tftest.yaml rename to tests/blueprints/apigee/bigquery-analytics/tftest.yaml index 49190499d..a3441f559 100644 --- a/tests/blueprints/cloud_operations/apigee/tftest.yaml +++ b/tests/blueprints/apigee/bigquery-analytics/tftest.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -module: blueprints/cloud-operations/apigee +module: blueprints/apigee/bigquery-analytics tests: basic: diff --git a/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/__init__.py b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/__init__.py new file mode 100644 index 000000000..6d6d1266c --- /dev/null +++ b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.tfvars b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.tfvars new file mode 100644 index 000000000..ae07c514f --- /dev/null +++ b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.tfvars @@ -0,0 +1,5 @@ +billing_account_id = "12345-12345-12345" +parent = "folders/123456789" +apigee_project_id = "my-apigee-project" +onprem_project_id = "my-onprem-project" +hostname = "test.myorg.org" diff --git a/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml new file mode 100644 index 000000000..ef1fa1e00 --- /dev/null +++ b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml @@ -0,0 +1,17 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +counts: + modules: 13 + resources: 72 diff --git a/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/tftest.yaml b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/tftest.yaml new file mode 100644 index 000000000..5c92fb82a --- /dev/null +++ b/tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/tftest.yaml @@ -0,0 +1,18 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +module: blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg + +tests: + basic: