From 1c1ac9a511947e6abbbf9bba4065252a94339a03 Mon Sep 17 00:00:00 2001 From: Aleksandr Averbukh Date: Mon, 14 Oct 2019 00:26:03 +0200 Subject: [PATCH] Refactoring and restructure, update test resources outputs --- infrastructure/net-hub-and-spoke/dns.tf | 68 -------- infrastructure/net-hub-and-spoke/locals.tf | 26 --- infrastructure/net-hub-and-spoke/main.tf | 155 +++++++++++++++++- infrastructure/net-hub-and-spoke/outputs.tf | 47 ++++-- infrastructure/net-hub-and-spoke/routers.tf | 95 ----------- .../net-hub-and-spoke/terraform.tfvars.sample | 3 +- .../{instances.tf => test-resources.tf} | 57 ++++++- infrastructure/net-hub-and-spoke/variables.tf | 8 - 8 files changed, 239 insertions(+), 220 deletions(-) delete mode 100644 infrastructure/net-hub-and-spoke/dns.tf delete mode 100644 infrastructure/net-hub-and-spoke/locals.tf delete mode 100644 infrastructure/net-hub-and-spoke/routers.tf rename infrastructure/net-hub-and-spoke/{instances.tf => test-resources.tf} (58%) diff --git a/infrastructure/net-hub-and-spoke/dns.tf b/infrastructure/net-hub-and-spoke/dns.tf deleted file mode 100644 index b0e9932b9..000000000 --- a/infrastructure/net-hub-and-spoke/dns.tf +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -############################################################## -# DNS Zones # -############################################################## - -module "hub-private-zone" { - source = "terraform-google-modules/cloud-dns/google" - version = "~> 2.0" - - project_id = var.hub_project_id - type = "private" - name = "${var.private_dns_zone_name}-hub-private" - domain = var.private_dns_zone_domain - - private_visibility_config_networks = [module.vpc-hub.network_self_link] -} - -module "spoke-1-peering-zone" { - source = "terraform-google-modules/cloud-dns/google" - version = "~> 2.0" - - project_id = var.spoke_1_project_id - type = "peering" - name = "${var.private_dns_zone_name}-spoke-1-peering" - domain = var.private_dns_zone_domain - - private_visibility_config_networks = [module.vpc-spoke-1.network_self_link] - target_network = module.vpc-hub.network_self_link -} - -module "spoke-2-peering-zone" { - source = "terraform-google-modules/cloud-dns/google" - version = "~> 2.0" - - project_id = var.spoke_2_project_id - type = "peering" - name = "${var.private_dns_zone_name}-spoke-2-peering" - domain = var.private_dns_zone_domain - - private_visibility_config_networks = [module.vpc-spoke-2.network_self_link] - target_network = module.vpc-hub.network_self_link -} - -module "hub-forwarding-zone" { - source = "terraform-google-modules/cloud-dns/google" - version = "~> 2.0" - - project_id = var.hub_project_id - type = "forwarding" - name = "${var.forwarding_dns_zone_name}-hub-forwarding" - domain = var.forwarding_dns_zone_domain - - private_visibility_config_networks = [module.vpc-hub.network_self_link] - target_name_server_addresses = var.forwarding_zone_server_addresses -} \ No newline at end of file diff --git a/infrastructure/net-hub-and-spoke/locals.tf b/infrastructure/net-hub-and-spoke/locals.tf deleted file mode 100644 index 80572b6e8..000000000 --- a/infrastructure/net-hub-and-spoke/locals.tf +++ /dev/null @@ -1,26 +0,0 @@ - -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -locals { - hub_subnet_regions = [for subnet in var.hub_subnets : subnet["subnet_region"]] - spoke_1_subnet_regions = [for subnet in var.spoke_1_subnets : subnet["subnet_region"]] - spoke_2_subnet_regions = [for subnet in var.spoke_2_subnets : subnet["subnet_region"]] - hub_subnet_cidr_ranges = [for subnet in var.hub_subnets : subnet["subnet_ip"]] - spoke_1_subnet_cidr_ranges = [for subnet in var.spoke_1_subnets : subnet["subnet_ip"]] - spoke_2_subnet_cidr_ranges = [for subnet in var.spoke_2_subnets : subnet["subnet_ip"]] - all_subnet_cidrs = concat(local.hub_subnet_cidr_ranges, local.spoke_1_subnet_cidr_ranges, local.spoke_2_subnet_cidr_ranges) - hub_to_spoke_1_router = var.spoke_to_spoke_route_advertisement ? element(concat(google_compute_router.hub-to-spoke-1-custom.*.name, list("")), 0) : element(concat(google_compute_router.hub-to-spoke-1-default.*.name, list("")), 0) - hub_to_spoke_2_router = var.spoke_to_spoke_route_advertisement ? element(concat(google_compute_router.hub-to-spoke-2-custom.*.name, list("")), 0) : element(concat(google_compute_router.hub-to-spoke-2-default.*.name, list("")), 0) -} diff --git a/infrastructure/net-hub-and-spoke/main.tf b/infrastructure/net-hub-and-spoke/main.tf index 6b988e98e..dac93f3be 100644 --- a/infrastructure/net-hub-and-spoke/main.tf +++ b/infrastructure/net-hub-and-spoke/main.tf @@ -12,6 +12,18 @@ # See the License for the specific language governing permissions and # limitations under the License. +locals { + hub_subnet_regions = [for subnet in var.hub_subnets : subnet["subnet_region"]] + spoke_1_subnet_regions = [for subnet in var.spoke_1_subnets : subnet["subnet_region"]] + spoke_2_subnet_regions = [for subnet in var.spoke_2_subnets : subnet["subnet_region"]] + hub_subnet_cidr_ranges = [for subnet in var.hub_subnets : subnet["subnet_ip"]] + spoke_1_subnet_cidr_ranges = [for subnet in var.spoke_1_subnets : subnet["subnet_ip"]] + spoke_2_subnet_cidr_ranges = [for subnet in var.spoke_2_subnets : subnet["subnet_ip"]] + all_subnet_cidrs = concat(local.hub_subnet_cidr_ranges, local.spoke_1_subnet_cidr_ranges, local.spoke_2_subnet_cidr_ranges) + hub_to_spoke_1_router = var.spoke_to_spoke_route_advertisement ? element(concat(google_compute_router.hub-to-spoke-1-custom.*.name, list("")), 0) : element(concat(google_compute_router.hub-to-spoke-1-default.*.name, list("")), 0) + hub_to_spoke_2_router = var.spoke_to_spoke_route_advertisement ? element(concat(google_compute_router.hub-to-spoke-2-custom.*.name, list("")), 0) : element(concat(google_compute_router.hub-to-spoke-2-default.*.name, list("")), 0) +} + ############################################################## # VPCs # ############################################################## @@ -21,7 +33,7 @@ module "vpc-hub" { version = "~> 1.2" project_id = var.hub_project_id - network_name = "${var.prefix}-hub" + network_name = "hub-network" subnets = var.hub_subnets routing_mode = "GLOBAL" } @@ -31,7 +43,7 @@ module "vpc-spoke-1" { version = "~> 1.2" project_id = var.spoke_1_project_id - network_name = "${var.prefix}-spoke-1" + network_name = "spoke-1-network" subnets = var.spoke_1_subnets routing_mode = "GLOBAL" } @@ -41,7 +53,7 @@ module "vpc-spoke-2" { version = "~> 1.2" project_id = var.spoke_2_project_id - network_name = "${var.prefix}-spoke-2" + network_name = "spoke-2-network" subnets = var.spoke_2_subnets routing_mode = "GLOBAL" } @@ -80,6 +92,88 @@ module "firewall-spoke-2" { admin_ranges = local.all_subnet_cidrs } +############################################################## +# Cloud Routers # +############################################################## + +resource "google_compute_router" "hub-to-spoke-1-custom" { + count = var.spoke_to_spoke_route_advertisement ? 1 : 0 + name = "hub-to-spoke-1-custom" + region = element(local.hub_subnet_regions, 0) + network = module.vpc-hub.network_name + project = var.hub_project_id + bgp { + asn = var.hub_bgp_asn + advertise_mode = "CUSTOM" + advertised_groups = ["ALL_SUBNETS"] + + dynamic "advertised_ip_ranges" { + for_each = toset(local.spoke_2_subnet_cidr_ranges) + content { + range = advertised_ip_ranges.value + } + } + } +} + +resource "google_compute_router" "hub-to-spoke-2-custom" { + count = var.spoke_to_spoke_route_advertisement ? 1 : 0 + name = "hub-to-spoke-2-custom" + region = element(local.hub_subnet_regions, 1) + network = module.vpc-hub.network_name + project = var.hub_project_id + bgp { + asn = var.hub_bgp_asn + advertise_mode = "CUSTOM" + advertised_groups = ["ALL_SUBNETS"] + dynamic "advertised_ip_ranges" { + for_each = toset(local.spoke_1_subnet_cidr_ranges) + content { + range = advertised_ip_ranges.value + } + } + } +} + +resource "google_compute_router" "hub-to-spoke-1-default" { + count = var.spoke_to_spoke_route_advertisement ? 0 : 1 + name = "hub-to-spoke-1-default" + region = element(local.hub_subnet_regions, 0) + network = module.vpc-hub.network_name + project = var.hub_project_id + bgp { + asn = var.hub_bgp_asn + } +} +resource "google_compute_router" "hub-to-spoke-2-default" { + count = var.spoke_to_spoke_route_advertisement ? 0 : 1 + name = "hub-to-spoke-2-default" + region = element(local.hub_subnet_regions, 1) + network = module.vpc-hub.network_name + project = var.hub_project_id + bgp { + asn = var.hub_bgp_asn + } +} +resource "google_compute_router" "spoke-1" { + name = "spoke-1" + region = element(local.spoke_1_subnet_regions, 0) + network = module.vpc-spoke-1.network_name + project = var.spoke_1_project_id + bgp { + asn = var.spoke_1_bgp_asn + } +} +resource "google_compute_router" "spoke-2" { + name = "spoke-2" + region = element(local.spoke_2_subnet_regions, 0) + network = module.vpc-spoke-2.network_name + project = var.spoke_2_project_id + bgp { + asn = var.spoke_2_bgp_asn + } +} + ############################################################## # VPNs # ############################################################## @@ -145,3 +239,58 @@ module "vpn-spoke-2-to-hub" { peer_asn = [var.hub_bgp_asn] cr_name = google_compute_router.spoke-2.name } + +############################################################## +# DNS Zones # +############################################################## + +module "hub-private-zone" { + source = "terraform-google-modules/cloud-dns/google" + version = "~> 2.0" + + project_id = var.hub_project_id + type = "private" + name = "${var.private_dns_zone_name}-hub-private" + domain = var.private_dns_zone_domain + + private_visibility_config_networks = [module.vpc-hub.network_self_link] +} + +module "hub-forwarding-zone" { + source = "terraform-google-modules/cloud-dns/google" + version = "~> 2.0" + + project_id = var.hub_project_id + type = "forwarding" + name = "${var.forwarding_dns_zone_name}-hub-forwarding" + domain = var.forwarding_dns_zone_domain + + private_visibility_config_networks = [module.vpc-hub.network_self_link] + target_name_server_addresses = var.forwarding_zone_server_addresses +} + +module "spoke-1-peering-zone" { + source = "terraform-google-modules/cloud-dns/google" + version = "~> 2.0" + + project_id = var.spoke_1_project_id + type = "peering" + name = "${var.private_dns_zone_name}-spoke-1-peering" + domain = var.private_dns_zone_domain + + private_visibility_config_networks = [module.vpc-spoke-1.network_self_link] + target_network = module.vpc-hub.network_self_link +} + +module "spoke-2-peering-zone" { + source = "terraform-google-modules/cloud-dns/google" + version = "~> 2.0" + + project_id = var.spoke_2_project_id + type = "peering" + name = "${var.private_dns_zone_name}-spoke-2-peering" + domain = var.private_dns_zone_domain + + private_visibility_config_networks = [module.vpc-spoke-2.network_self_link] + target_network = module.vpc-hub.network_self_link +} diff --git a/infrastructure/net-hub-and-spoke/outputs.tf b/infrastructure/net-hub-and-spoke/outputs.tf index 0b19d8a6e..747c1c5cd 100644 --- a/infrastructure/net-hub-and-spoke/outputs.tf +++ b/infrastructure/net-hub-and-spoke/outputs.tf @@ -14,41 +14,58 @@ output "hub" { value = { - name = module.vpc-hub.network_name - subnets = zipmap( + network_name = module.vpc-hub.network_name + subnets_ips = zipmap( module.vpc-hub.subnets_names, module.vpc-hub.subnets_ips ) - instances = zipmap( - google_compute_instance.hub.*.name, - google_compute_instance.hub.*.zone + subnets_regions = zipmap( + module.vpc-hub.subnets_names, + module.vpc-hub.subnets_regions ) + privte_dns_zone = { + name = module.hub-private-zone.name + domain = module.hub-private-zone.domain + } + forwarding_dns_zone = { + name = module.hub-forwarding-zone.name + domain = module.hub-forwarding-zone.domain + } } } output "spoke-1" { value = { - name = module.vpc-spoke-1.network_name - subnets = zipmap( + network_name = module.vpc-spoke-1.network_name + subnets_ips = zipmap( module.vpc-spoke-1.subnets_names, module.vpc-spoke-1.subnets_ips ) - instances = zipmap( - google_compute_instance.spoke-1.*.name, - google_compute_instance.spoke-1.*.zone + subnets_regions = zipmap( + module.vpc-spoke-1.subnets_names, + module.vpc-spoke-1.subnets_regions ) + peering_dns_zone = { + name = module.spoke-1-peering-zone.name + domain = module.spoke-1-peering-zone.domain + } } } + output "spoke-2" { value = { - name = module.vpc-spoke-2.network_name - subnets = zipmap( + network_name = module.vpc-spoke-2.network_name + subnets_ips = zipmap( module.vpc-spoke-2.subnets_names, module.vpc-spoke-2.subnets_ips ) - instances = zipmap( - google_compute_instance.spoke-2.*.name, - google_compute_instance.spoke-2.*.zone + subnets_regions = zipmap( + module.vpc-spoke-2.subnets_names, + module.vpc-spoke-2.subnets_regions ) + peering_dns_zone = { + name = module.spoke-2-peering-zone.name + domain = module.spoke-2-peering-zone.domain + } } } diff --git a/infrastructure/net-hub-and-spoke/routers.tf b/infrastructure/net-hub-and-spoke/routers.tf deleted file mode 100644 index 2f2ab3b4c..000000000 --- a/infrastructure/net-hub-and-spoke/routers.tf +++ /dev/null @@ -1,95 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -############################################################## -# Cloud Routers # -############################################################## - -resource "google_compute_router" "hub-to-spoke-1-custom" { - count = var.spoke_to_spoke_route_advertisement ? 1 : 0 - name = "hub-to-spoke-1-custom" - region = element(local.hub_subnet_regions, 0) - network = module.vpc-hub.network_name - project = var.hub_project_id - bgp { - asn = var.hub_bgp_asn - advertise_mode = "CUSTOM" - advertised_groups = ["ALL_SUBNETS"] - - dynamic "advertised_ip_ranges" { - for_each = toset(local.spoke_2_subnet_cidr_ranges) - content { - range = advertised_ip_ranges.value - } - } - } -} - -resource "google_compute_router" "hub-to-spoke-2-custom" { - count = var.spoke_to_spoke_route_advertisement ? 1 : 0 - name = "hub-to-spoke-2-custom" - region = element(local.hub_subnet_regions, 1) - network = module.vpc-hub.network_name - project = var.hub_project_id - bgp { - asn = var.hub_bgp_asn - advertise_mode = "CUSTOM" - advertised_groups = ["ALL_SUBNETS"] - dynamic "advertised_ip_ranges" { - for_each = toset(local.spoke_1_subnet_cidr_ranges) - content { - range = advertised_ip_ranges.value - } - } - } -} - -resource "google_compute_router" "hub-to-spoke-1-default" { - count = var.spoke_to_spoke_route_advertisement ? 0 : 1 - name = "hub-to-spoke-1-default" - region = element(local.hub_subnet_regions, 0) - network = module.vpc-hub.network_name - project = var.hub_project_id - bgp { - asn = var.hub_bgp_asn - } -} -resource "google_compute_router" "hub-to-spoke-2-default" { - count = var.spoke_to_spoke_route_advertisement ? 0 : 1 - name = "hub-to-spoke-2-default" - region = element(local.hub_subnet_regions, 1) - network = module.vpc-hub.network_name - project = var.hub_project_id - bgp { - asn = var.hub_bgp_asn - } -} -resource "google_compute_router" "spoke-1" { - name = "spoke-1" - region = element(local.spoke_1_subnet_regions, 0) - network = module.vpc-spoke-1.network_name - project = var.spoke_1_project_id - bgp { - asn = var.spoke_1_bgp_asn - } -} -resource "google_compute_router" "spoke-2" { - name = "spoke-2" - region = element(local.spoke_2_subnet_regions, 0) - network = module.vpc-spoke-2.network_name - project = var.spoke_2_project_id - bgp { - asn = var.spoke_2_bgp_asn - } -} diff --git a/infrastructure/net-hub-and-spoke/terraform.tfvars.sample b/infrastructure/net-hub-and-spoke/terraform.tfvars.sample index 5d94a27a6..b11c2e5d0 100644 --- a/infrastructure/net-hub-and-spoke/terraform.tfvars.sample +++ b/infrastructure/net-hub-and-spoke/terraform.tfvars.sample @@ -1,4 +1,3 @@ hub_project_id = "automation-examples" spoke_1_project_id = "automation-examples" -spoke_2_project_id = "automation-examples" -prefix = "test" \ No newline at end of file +spoke_2_project_id = "automation-examples" \ No newline at end of file diff --git a/infrastructure/net-hub-and-spoke/instances.tf b/infrastructure/net-hub-and-spoke/test-resources.tf similarity index 58% rename from infrastructure/net-hub-and-spoke/instances.tf rename to infrastructure/net-hub-and-spoke/test-resources.tf index 127e5e12c..770cc3d38 100644 --- a/infrastructure/net-hub-and-spoke/instances.tf +++ b/infrastructure/net-hub-and-spoke/test-resources.tf @@ -12,10 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +############################################################################### +# Hub test VMs and DNS records # +############################################################################### + resource "google_compute_instance" "hub" { count = length(var.hub_subnets) project = var.hub_project_id - name = "${var.prefix}-hub-${element(var.hub_subnets, count.index)["subnet_name"]}" + name = "hub-${element(var.hub_subnets, count.index)["subnet_name"]}" machine_type = "f1-micro" zone = "${element(local.hub_subnet_regions, count.index)}-b" tags = ["ssh"] @@ -43,10 +47,14 @@ resource "google_dns_record_set" "hub" { rrdatas = [google_compute_instance.hub[count.index].network_interface.0.network_ip] } +############################################################################### +# Spoke 1 test VMs and DNS records # +############################################################################### + resource "google_compute_instance" "spoke-1" { count = length(var.spoke_1_subnets) project = var.spoke_1_project_id - name = "${var.prefix}-spoke-1-${element(var.spoke_1_subnets, count.index)["subnet_name"]}" + name = "spoke-1-${element(var.spoke_1_subnets, count.index)["subnet_name"]}" machine_type = "f1-micro" zone = "${element(local.spoke_1_subnet_regions, count.index)}-b" tags = ["ssh"] @@ -74,10 +82,14 @@ resource "google_dns_record_set" "spoke-1" { rrdatas = [google_compute_instance.spoke-1[count.index].network_interface.0.network_ip] } +############################################################################### +# Spoke 2 test VMs and DNS records # +############################################################################### + resource "google_compute_instance" "spoke-2" { count = length(var.spoke_2_subnets) project = var.spoke_2_project_id - name = "${var.prefix}-spoke-2-${element(var.spoke_2_subnets, count.index)["subnet_name"]}" + name = "spoke-2-${element(var.spoke_2_subnets, count.index)["subnet_name"]}" machine_type = "f1-micro" zone = "${element(local.spoke_2_subnet_regions, count.index)}-b" tags = ["ssh"] @@ -104,3 +116,42 @@ resource "google_dns_record_set" "spoke-2" { rrdatas = [google_compute_instance.spoke-2[count.index].network_interface.0.network_ip] } + +############################################################################### +# test outputs # +############################################################################### + +output "test-instances" { + value = { + hub = { + instance_zones = zipmap( + google_compute_instance.hub.*.name, + google_compute_instance.hub.*.zone + ) + instances_dns_names = zipmap( + google_compute_instance.hub.*.name, + google_dns_record_set.hub.*.name + ) + } + spoke-1 = { + instances_zones = zipmap( + google_compute_instance.spoke-1.*.name, + google_compute_instance.spoke-1.*.zone + ) + instances_dns_names = zipmap( + google_compute_instance.spoke-1.*.name, + google_dns_record_set.spoke-1.*.name + ) + } + spoke-2 = { + instances_zones = zipmap( + google_compute_instance.spoke-2.*.name, + google_compute_instance.spoke-2.*.zone + ) + instances_dns_names = zipmap( + google_compute_instance.spoke-2.*.name, + google_dns_record_set.spoke-2.*.name + ) + } + } +} diff --git a/infrastructure/net-hub-and-spoke/variables.tf b/infrastructure/net-hub-and-spoke/variables.tf index 129fa2765..520da6fdb 100644 --- a/infrastructure/net-hub-and-spoke/variables.tf +++ b/infrastructure/net-hub-and-spoke/variables.tf @@ -24,10 +24,6 @@ variable "spoke_2_project_id" { description = "Spoke 2 Project id." } -variable "prefix" { - description = "Prefix for VPC names." -} - variable "spoke_to_spoke_route_advertisement" { description = "Use custom route advertisement in hub routers to advertise all spoke subnets." default = true @@ -56,7 +52,6 @@ variable "hub_subnets" { subnet_region = "europe-west1" }, { - subnet_name = "subnet-b" subnet_ip = "10.10.20.0/24" subnet_region = "europe-west2" @@ -72,7 +67,6 @@ variable "spoke_1_subnets" { subnet_region = "asia-east1" }, { - subnet_name = "subnet-b" subnet_ip = "10.20.20.0/24" subnet_region = "asia-northeast1" @@ -88,7 +82,6 @@ variable "spoke_2_subnets" { subnet_region = "us-west1" }, { - subnet_name = "subnet-b" subnet_ip = "10.30.20.0/24" subnet_region = "us-west2" @@ -120,4 +113,3 @@ variable "forwarding_zone_server_addresses" { description = "Forwarding DNS Zone Server Addresses" default = ["8.8.8.8", "8.8.4.4"] } - \ No newline at end of file