kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactoring and restructure, update test resources outputs

Browse Source
This commit is contained in:
Aleksandr Averbukh
2019-10-14 00:26:03 +02:00
parent 12fda26e10
commit 1c1ac9a511
8 changed files with 239 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
infrastructure/net-hub-and-spoke/dns.tf
View File

@@ -1,68 +0,0 @@
# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##############################################################
# DNS Zones #
##############################################################
module "hub-private-zone" {
source = "terraform-google-modules/cloud-dns/google"
version = "~> 2.0"
project_id = var.hub_project_id
type = "private"
name = "${var.private_dns_zone_name}-hub-private"
domain = var.private_dns_zone_domain
private_visibility_config_networks = [module.vpc-hub.network_self_link]
}
module "spoke-1-peering-zone" {
source = "terraform-google-modules/cloud-dns/google"
version = "~> 2.0"
project_id = var.spoke_1_project_id
type = "peering"
name = "${var.private_dns_zone_name}-spoke-1-peering"
domain = var.private_dns_zone_domain
private_visibility_config_networks = [module.vpc-spoke-1.network_self_link]
target_network = module.vpc-hub.network_self_link
}
module "spoke-2-peering-zone" {
source = "terraform-google-modules/cloud-dns/google"
version = "~> 2.0"
project_id = var.spoke_2_project_id
type = "peering"
name = "${var.private_dns_zone_name}-spoke-2-peering"
domain = var.private_dns_zone_domain
private_visibility_config_networks = [module.vpc-spoke-2.network_self_link]
target_network = module.vpc-hub.network_self_link
}
module "hub-forwarding-zone" {
source = "terraform-google-modules/cloud-dns/google"
version = "~> 2.0"
project_id = var.hub_project_id
type = "forwarding"
name = "${var.forwarding_dns_zone_name}-hub-forwarding"
domain = var.forwarding_dns_zone_domain
private_visibility_config_networks = [module.vpc-hub.network_self_link]
target_name_server_addresses = var.forwarding_zone_server_addresses
}

26
infrastructure/net-hub-and-spoke/locals.tf
View File

@@ -1,26 +0,0 @@
# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
locals {
hub_subnet_regions = [for subnet in var.hub_subnets : subnet["subnet_region"]]
spoke_1_subnet_regions = [for subnet in var.spoke_1_subnets : subnet["subnet_region"]]
spoke_2_subnet_regions = [for subnet in var.spoke_2_subnets : subnet["subnet_region"]]
hub_subnet_cidr_ranges = [for subnet in var.hub_subnets : subnet["subnet_ip"]]
spoke_1_subnet_cidr_ranges = [for subnet in var.spoke_1_subnets : subnet["subnet_ip"]]
spoke_2_subnet_cidr_ranges = [for subnet in var.spoke_2_subnets : subnet["subnet_ip"]]
all_subnet_cidrs = concat(local.hub_subnet_cidr_ranges, local.spoke_1_subnet_cidr_ranges, local.spoke_2_subnet_cidr_ranges)
hub_to_spoke_1_router = var.spoke_to_spoke_route_advertisement ? element(concat(google_compute_router.hub-to-spoke-1-custom.*.name, list("")), 0) : element(concat(google_compute_router.hub-to-spoke-1-default.*.name, list("")), 0)
hub_to_spoke_2_router = var.spoke_to_spoke_route_advertisement ? element(concat(google_compute_router.hub-to-spoke-2-custom.*.name, list("")), 0) : element(concat(google_compute_router.hub-to-spoke-2-default.*.name, list("")), 0)
}

155
infrastructure/net-hub-and-spoke/main.tf
View File

@@ -12,6 +12,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.
locals {
hub_subnet_regions = [for subnet in var.hub_subnets : subnet["subnet_region"]]
spoke_1_subnet_regions = [for subnet in var.spoke_1_subnets : subnet["subnet_region"]]
spoke_2_subnet_regions = [for subnet in var.spoke_2_subnets : subnet["subnet_region"]]
hub_subnet_cidr_ranges = [for subnet in var.hub_subnets : subnet["subnet_ip"]]
spoke_1_subnet_cidr_ranges = [for subnet in var.spoke_1_subnets : subnet["subnet_ip"]]
spoke_2_subnet_cidr_ranges = [for subnet in var.spoke_2_subnets : subnet["subnet_ip"]]
all_subnet_cidrs = concat(local.hub_subnet_cidr_ranges, local.spoke_1_subnet_cidr_ranges, local.spoke_2_subnet_cidr_ranges)
hub_to_spoke_1_router = var.spoke_to_spoke_route_advertisement ? element(concat(google_compute_router.hub-to-spoke-1-custom.*.name, list("")), 0) : element(concat(google_compute_router.hub-to-spoke-1-default.*.name, list("")), 0)
hub_to_spoke_2_router = var.spoke_to_spoke_route_advertisement ? element(concat(google_compute_router.hub-to-spoke-2-custom.*.name, list("")), 0) : element(concat(google_compute_router.hub-to-spoke-2-default.*.name, list("")), 0)
}
##############################################################
# VPCs #
##############################################################
@@ -21,7 +33,7 @@ module "vpc-hub" {
version = "~> 1.2"
project_id = var.hub_project_id
network_name = "${var.prefix}-hub"
network_name = "hub-network"
subnets = var.hub_subnets
routing_mode = "GLOBAL"
}
@@ -31,7 +43,7 @@ module "vpc-spoke-1" {
version = "~> 1.2"
project_id = var.spoke_1_project_id
network_name = "${var.prefix}-spoke-1"
network_name = "spoke-1-network"
subnets = var.spoke_1_subnets
routing_mode = "GLOBAL"
}
@@ -41,7 +53,7 @@ module "vpc-spoke-2" {
version = "~> 1.2"
project_id = var.spoke_2_project_id
network_name = "${var.prefix}-spoke-2"
network_name = "spoke-2-network"
subnets = var.spoke_2_subnets
routing_mode = "GLOBAL"
}
@@ -80,6 +92,88 @@ module "firewall-spoke-2" {
admin_ranges = local.all_subnet_cidrs
}
##############################################################
# Cloud Routers #
##############################################################
resource "google_compute_router" "hub-to-spoke-1-custom" {
count = var.spoke_to_spoke_route_advertisement ? 1 : 0
name = "hub-to-spoke-1-custom"
region = element(local.hub_subnet_regions, 0)
network = module.vpc-hub.network_name
project = var.hub_project_id
bgp {
asn = var.hub_bgp_asn
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
dynamic "advertised_ip_ranges" {
for_each = toset(local.spoke_2_subnet_cidr_ranges)
content {
range = advertised_ip_ranges.value
}
}
}
}
resource "google_compute_router" "hub-to-spoke-2-custom" {
count = var.spoke_to_spoke_route_advertisement ? 1 : 0
name = "hub-to-spoke-2-custom"
region = element(local.hub_subnet_regions, 1)
network = module.vpc-hub.network_name
project = var.hub_project_id
bgp {
asn = var.hub_bgp_asn
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
dynamic "advertised_ip_ranges" {
for_each = toset(local.spoke_1_subnet_cidr_ranges)
content {
range = advertised_ip_ranges.value
}
}
}
}
resource "google_compute_router" "hub-to-spoke-1-default" {
count = var.spoke_to_spoke_route_advertisement ? 0 : 1
name = "hub-to-spoke-1-default"
region = element(local.hub_subnet_regions, 0)
network = module.vpc-hub.network_name
project = var.hub_project_id
bgp {
asn = var.hub_bgp_asn
}
}
resource "google_compute_router" "hub-to-spoke-2-default" {
count = var.spoke_to_spoke_route_advertisement ? 0 : 1
name = "hub-to-spoke-2-default"
region = element(local.hub_subnet_regions, 1)
network = module.vpc-hub.network_name
project = var.hub_project_id
bgp {
asn = var.hub_bgp_asn
}
}
resource "google_compute_router" "spoke-1" {
name = "spoke-1"
region = element(local.spoke_1_subnet_regions, 0)
network = module.vpc-spoke-1.network_name
project = var.spoke_1_project_id
bgp {
asn = var.spoke_1_bgp_asn
}
}
resource "google_compute_router" "spoke-2" {
name = "spoke-2"
region = element(local.spoke_2_subnet_regions, 0)
network = module.vpc-spoke-2.network_name
project = var.spoke_2_project_id
bgp {
asn = var.spoke_2_bgp_asn
}
}
##############################################################
# VPNs #
##############################################################
@@ -145,3 +239,58 @@ module "vpn-spoke-2-to-hub" {
peer_asn = [var.hub_bgp_asn]
cr_name = google_compute_router.spoke-2.name
}
##############################################################
# DNS Zones #
##############################################################
module "hub-private-zone" {
source = "terraform-google-modules/cloud-dns/google"
version = "~> 2.0"
project_id = var.hub_project_id
type = "private"
name = "${var.private_dns_zone_name}-hub-private"
domain = var.private_dns_zone_domain
private_visibility_config_networks = [module.vpc-hub.network_self_link]
}
module "hub-forwarding-zone" {
source = "terraform-google-modules/cloud-dns/google"
version = "~> 2.0"
project_id = var.hub_project_id
type = "forwarding"
name = "${var.forwarding_dns_zone_name}-hub-forwarding"
domain = var.forwarding_dns_zone_domain
private_visibility_config_networks = [module.vpc-hub.network_self_link]
target_name_server_addresses = var.forwarding_zone_server_addresses
}
module "spoke-1-peering-zone" {
source = "terraform-google-modules/cloud-dns/google"
version = "~> 2.0"
project_id = var.spoke_1_project_id
type = "peering"
name = "${var.private_dns_zone_name}-spoke-1-peering"
domain = var.private_dns_zone_domain
private_visibility_config_networks = [module.vpc-spoke-1.network_self_link]
target_network = module.vpc-hub.network_self_link
}
module "spoke-2-peering-zone" {
source = "terraform-google-modules/cloud-dns/google"
version = "~> 2.0"
project_id = var.spoke_2_project_id
type = "peering"
name = "${var.private_dns_zone_name}-spoke-2-peering"
domain = var.private_dns_zone_domain
private_visibility_config_networks = [module.vpc-spoke-2.network_self_link]
target_network = module.vpc-hub.network_self_link
}

47
infrastructure/net-hub-and-spoke/outputs.tf
View File

@@ -14,41 +14,58 @@
output "hub" {
value = {
name = module.vpc-hub.network_name
subnets = zipmap(
network_name = module.vpc-hub.network_name
subnets_ips = zipmap(
module.vpc-hub.subnets_names,
module.vpc-hub.subnets_ips
)
instances = zipmap(
google_compute_instance.hub.*.name,
google_compute_instance.hub.*.zone
subnets_regions = zipmap(
module.vpc-hub.subnets_names,
module.vpc-hub.subnets_regions
)
privte_dns_zone = {
name = module.hub-private-zone.name
domain = module.hub-private-zone.domain
}
forwarding_dns_zone = {
name = module.hub-forwarding-zone.name
domain = module.hub-forwarding-zone.domain
}
}
}
output "spoke-1" {
value = {
name = module.vpc-spoke-1.network_name
subnets = zipmap(
network_name = module.vpc-spoke-1.network_name
subnets_ips = zipmap(
module.vpc-spoke-1.subnets_names,
module.vpc-spoke-1.subnets_ips
)
instances = zipmap(
google_compute_instance.spoke-1.*.name,
google_compute_instance.spoke-1.*.zone
subnets_regions = zipmap(
module.vpc-spoke-1.subnets_names,
module.vpc-spoke-1.subnets_regions
)
peering_dns_zone = {
name = module.spoke-1-peering-zone.name
domain = module.spoke-1-peering-zone.domain
}
}
}
output "spoke-2" {
value = {
name = module.vpc-spoke-2.network_name
subnets = zipmap(
network_name = module.vpc-spoke-2.network_name
subnets_ips = zipmap(
module.vpc-spoke-2.subnets_names,
module.vpc-spoke-2.subnets_ips
)
instances = zipmap(
google_compute_instance.spoke-2.*.name,
google_compute_instance.spoke-2.*.zone
subnets_regions = zipmap(
module.vpc-spoke-2.subnets_names,
module.vpc-spoke-2.subnets_regions
)
peering_dns_zone = {
name = module.spoke-2-peering-zone.name
domain = module.spoke-2-peering-zone.domain
}
}
}

95
infrastructure/net-hub-and-spoke/routers.tf
View File

@@ -1,95 +0,0 @@
# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##############################################################
# Cloud Routers #
##############################################################
resource "google_compute_router" "hub-to-spoke-1-custom" {
count = var.spoke_to_spoke_route_advertisement ? 1 : 0
name = "hub-to-spoke-1-custom"
region = element(local.hub_subnet_regions, 0)
network = module.vpc-hub.network_name
project = var.hub_project_id
bgp {
asn = var.hub_bgp_asn
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
dynamic "advertised_ip_ranges" {
for_each = toset(local.spoke_2_subnet_cidr_ranges)
content {
range = advertised_ip_ranges.value
}
}
}
}
resource "google_compute_router" "hub-to-spoke-2-custom" {
count = var.spoke_to_spoke_route_advertisement ? 1 : 0
name = "hub-to-spoke-2-custom"
region = element(local.hub_subnet_regions, 1)
network = module.vpc-hub.network_name
project = var.hub_project_id
bgp {
asn = var.hub_bgp_asn
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
dynamic "advertised_ip_ranges" {
for_each = toset(local.spoke_1_subnet_cidr_ranges)
content {
range = advertised_ip_ranges.value
}
}
}
}
resource "google_compute_router" "hub-to-spoke-1-default" {
count = var.spoke_to_spoke_route_advertisement ? 0 : 1
name = "hub-to-spoke-1-default"
region = element(local.hub_subnet_regions, 0)
network = module.vpc-hub.network_name
project = var.hub_project_id
bgp {
asn = var.hub_bgp_asn
}
}
resource "google_compute_router" "hub-to-spoke-2-default" {
count = var.spoke_to_spoke_route_advertisement ? 0 : 1
name = "hub-to-spoke-2-default"
region = element(local.hub_subnet_regions, 1)
network = module.vpc-hub.network_name
project = var.hub_project_id
bgp {
asn = var.hub_bgp_asn
}
}
resource "google_compute_router" "spoke-1" {
name = "spoke-1"
region = element(local.spoke_1_subnet_regions, 0)
network = module.vpc-spoke-1.network_name
project = var.spoke_1_project_id
bgp {
asn = var.spoke_1_bgp_asn
}
}
resource "google_compute_router" "spoke-2" {
name = "spoke-2"
region = element(local.spoke_2_subnet_regions, 0)
network = module.vpc-spoke-2.network_name
project = var.spoke_2_project_id
bgp {
asn = var.spoke_2_bgp_asn
}
}

3
infrastructure/net-hub-and-spoke/terraform.tfvars.sample
View File

@@ -1,4 +1,3 @@
hub_project_id = "automation-examples"
spoke_1_project_id = "automation-examples"
spoke_2_project_id = "automation-examples"
prefix = "test"
spoke_2_project_id = "automation-examples"

57
infrastructure/net-hub-and-spoke/instances.tf → infrastructure/net-hub-and-spoke/test-resources.tf
View File

@@ -12,10 +12,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
###############################################################################
# Hub test VMs and DNS records #
###############################################################################
resource "google_compute_instance" "hub" {
count = length(var.hub_subnets)
project = var.hub_project_id
name = "${var.prefix}-hub-${element(var.hub_subnets, count.index)["subnet_name"]}"
name = "hub-${element(var.hub_subnets, count.index)["subnet_name"]}"
machine_type = "f1-micro"
zone = "${element(local.hub_subnet_regions, count.index)}-b"
tags = ["ssh"]
@@ -43,10 +47,14 @@ resource "google_dns_record_set" "hub" {
rrdatas = [google_compute_instance.hub[count.index].network_interface.0.network_ip]
}
###############################################################################
# Spoke 1 test VMs and DNS records #
###############################################################################
resource "google_compute_instance" "spoke-1" {
count = length(var.spoke_1_subnets)
project = var.spoke_1_project_id
name = "${var.prefix}-spoke-1-${element(var.spoke_1_subnets, count.index)["subnet_name"]}"
name = "spoke-1-${element(var.spoke_1_subnets, count.index)["subnet_name"]}"
machine_type = "f1-micro"
zone = "${element(local.spoke_1_subnet_regions, count.index)}-b"
tags = ["ssh"]
@@ -74,10 +82,14 @@ resource "google_dns_record_set" "spoke-1" {
rrdatas = [google_compute_instance.spoke-1[count.index].network_interface.0.network_ip]
}
###############################################################################
# Spoke 2 test VMs and DNS records #
###############################################################################
resource "google_compute_instance" "spoke-2" {
count = length(var.spoke_2_subnets)
project = var.spoke_2_project_id
name = "${var.prefix}-spoke-2-${element(var.spoke_2_subnets, count.index)["subnet_name"]}"
name = "spoke-2-${element(var.spoke_2_subnets, count.index)["subnet_name"]}"
machine_type = "f1-micro"
zone = "${element(local.spoke_2_subnet_regions, count.index)}-b"
tags = ["ssh"]
@@ -104,3 +116,42 @@ resource "google_dns_record_set" "spoke-2" {
rrdatas = [google_compute_instance.spoke-2[count.index].network_interface.0.network_ip]
}
###############################################################################
# test outputs #
###############################################################################
output "test-instances" {
value = {
hub = {
instance_zones = zipmap(
google_compute_instance.hub.*.name,
google_compute_instance.hub.*.zone
)
instances_dns_names = zipmap(
google_compute_instance.hub.*.name,
google_dns_record_set.hub.*.name
)
}
spoke-1 = {
instances_zones = zipmap(
google_compute_instance.spoke-1.*.name,
google_compute_instance.spoke-1.*.zone
)
instances_dns_names = zipmap(
google_compute_instance.spoke-1.*.name,
google_dns_record_set.spoke-1.*.name
)
}
spoke-2 = {
instances_zones = zipmap(
google_compute_instance.spoke-2.*.name,
google_compute_instance.spoke-2.*.zone
)
instances_dns_names = zipmap(
google_compute_instance.spoke-2.*.name,
google_dns_record_set.spoke-2.*.name
)
}
}
}

8
infrastructure/net-hub-and-spoke/variables.tf
View File

@@ -24,10 +24,6 @@ variable "spoke_2_project_id" {
description = "Spoke 2 Project id."
}
variable "prefix" {
description = "Prefix for VPC names."
}
variable "spoke_to_spoke_route_advertisement" {
description = "Use custom route advertisement in hub routers to advertise all spoke subnets."
default = true
@@ -56,7 +52,6 @@ variable "hub_subnets" {
subnet_region = "europe-west1"
},
{
subnet_name = "subnet-b"
subnet_ip = "10.10.20.0/24"
subnet_region = "europe-west2"
@@ -72,7 +67,6 @@ variable "spoke_1_subnets" {
subnet_region = "asia-east1"
},
{
subnet_name = "subnet-b"
subnet_ip = "10.20.20.0/24"
subnet_region = "asia-northeast1"
@@ -88,7 +82,6 @@ variable "spoke_2_subnets" {
subnet_region = "us-west1"
},
{
subnet_name = "subnet-b"
subnet_ip = "10.30.20.0/24"
subnet_region = "us-west2"
@@ -120,4 +113,3 @@ variable "forwarding_zone_server_addresses" {
description = "Forwarding DNS Zone Server Addresses"
default = ["8.8.8.8", "8.8.4.4"]
}