diff --git a/fast/stages/2-networking-a-simple/README.md b/fast/stages/2-networking-a-simple/README.md
index 9943e46c9..f2316f17f 100644
--- a/fast/stages/2-networking-a-simple/README.md
+++ b/fast/stages/2-networking-a-simple/README.md
@@ -465,7 +465,8 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [cloud_dns_inbound_policy](outputs.tf#L87) | IP Addresses for Cloud DNS inbound policy. | | |
| [host_project_ids](outputs.tf#L92) | Network project ids. | | |
| [host_project_numbers](outputs.tf#L97) | Network project numbers. | | |
-| [shared_vpc_self_links](outputs.tf#L102) | Shared VPC host projects. | | |
-| [tfvars](outputs.tf#L107) | Terraform variables file for the following stages. | ✓ | |
-| [vpn_gateway_endpoints](outputs.tf#L113) | External IP Addresses for the GCP VPN gateways. | | |
+| [ping_commands](outputs.tf#L102) | Ping commands for test instances to be run to check VPC reachability. | | |
+| [shared_vpc_self_links](outputs.tf#L107) | Shared VPC host projects. | | |
+| [tfvars](outputs.tf#L112) | Terraform variables file for the following stages. | ✓ | |
+| [vpn_gateway_endpoints](outputs.tf#L118) | External IP Addresses for the GCP VPN gateways. | | |
diff --git a/fast/stages/2-networking-a-simple/data/firewall-rules/landing/default-ingress.yaml b/fast/stages/2-networking-a-simple/data/firewall-rules/landing/default-ingress.yaml
index 946f350ae..c4cd103f0 100644
--- a/fast/stages/2-networking-a-simple/data/firewall-rules/landing/default-ingress.yaml
+++ b/fast/stages/2-networking-a-simple/data/firewall-rules/landing/default-ingress.yaml
@@ -1,7 +1,7 @@
# skip boilerplate check
ingress:
- ingress-default-deny:
+ ingress-default-landing-deny:
description: "Deny and log any unmatched ingress traffic."
deny: true
priority: 65535
diff --git a/fast/stages/2-networking-a-simple/data/firewall-rules/landing/rules.yaml b/fast/stages/2-networking-a-simple/data/firewall-rules/landing/rules.yaml
index 2318f69df..28ad92c7b 100644
--- a/fast/stages/2-networking-a-simple/data/firewall-rules/landing/rules.yaml
+++ b/fast/stages/2-networking-a-simple/data/firewall-rules/landing/rules.yaml
@@ -4,7 +4,7 @@
# You can retain `---` (start of the document) to indicate an empty document.
ingress:
- allow-onprem-probes-example:
+ allow-onprem-probes-landing-example:
description: "Allow traffic from onprem probes"
source_ranges:
- onprem_probes
diff --git a/fast/stages/2-networking-a-simple/data/subnets/dev/dev-default-ew1.yaml b/fast/stages/2-networking-a-simple/data/subnets/dev/dev-default-ew1.yaml
index 928fb1ebf..735b4c763 100644
--- a/fast/stages/2-networking-a-simple/data/subnets/dev/dev-default-ew1.yaml
+++ b/fast/stages/2-networking-a-simple/data/subnets/dev/dev-default-ew1.yaml
@@ -3,4 +3,4 @@
name: dev-default
region: europe-west1
ip_cidr_range: 10.68.0.0/24
-description: Default subnet for dev
+description: Default europe-west1 subnet for dev
diff --git a/fast/stages/2-networking-a-simple/data/subnets/landing/landing-default-ew1.yaml b/fast/stages/2-networking-a-simple/data/subnets/landing/landing-default-ew1.yaml
index ad29c920b..7ba6b15ac 100644
--- a/fast/stages/2-networking-a-simple/data/subnets/landing/landing-default-ew1.yaml
+++ b/fast/stages/2-networking-a-simple/data/subnets/landing/landing-default-ew1.yaml
@@ -3,4 +3,4 @@
name: landing-default
region: europe-west1
ip_cidr_range: 10.64.0.0/24
-description: Default subnet for landing
+description: Default europe-west1 subnet for landing
diff --git a/fast/stages/2-networking-a-simple/data/subnets/prod/prod-default-ew1.yaml b/fast/stages/2-networking-a-simple/data/subnets/prod/prod-default-ew1.yaml
index cdc77d463..86a6ae6b0 100644
--- a/fast/stages/2-networking-a-simple/data/subnets/prod/prod-default-ew1.yaml
+++ b/fast/stages/2-networking-a-simple/data/subnets/prod/prod-default-ew1.yaml
@@ -3,4 +3,4 @@
name: prod-default
region: europe-west1
ip_cidr_range: 10.72.0.0/24
-description: Default subnet for prod
+description: Default europe-west1 subnet for prod
diff --git a/fast/stages/2-networking-a-simple/net-dev.tf b/fast/stages/2-networking-a-simple/net-dev.tf
index 13a49498b..12b301e9b 100644
--- a/fast/stages/2-networking-a-simple/net-dev.tf
+++ b/fast/stages/2-networking-a-simple/net-dev.tf
@@ -89,6 +89,15 @@ module "dev-spoke-vpc" {
private = true
restricted = true
}
+ delete_default_routes_on_create = true
+ routes = {
+ default = {
+ dest_range = "0.0.0.0/0"
+ next_hop = "default-internet-gateway"
+ next_hop_type = "gateway"
+ priority = 1000
+ }
+ }
}
module "dev-spoke-firewall" {
diff --git a/fast/stages/2-networking-a-simple/net-landing.tf b/fast/stages/2-networking-a-simple/net-landing.tf
index 9a96e580a..b1f124975 100644
--- a/fast/stages/2-networking-a-simple/net-landing.tf
+++ b/fast/stages/2-networking-a-simple/net-landing.tf
@@ -51,14 +51,18 @@ module "landing-vpc" {
inbound = true
logging = var.dns.enable_logging
}
- # set explicit routes for googleapis in case the default route is deleted
- create_googleapis_routes = {
- private = true
- restricted = true
- }
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/landing"
}
+ delete_default_routes_on_create = true
+ routes = {
+ default = {
+ dest_range = "0.0.0.0/0"
+ next_hop = "default-internet-gateway"
+ next_hop_type = "gateway"
+ priority = 1000
+ }
+ }
}
module "landing-firewall" {
diff --git a/fast/stages/2-networking-a-simple/net-prod.tf b/fast/stages/2-networking-a-simple/net-prod.tf
index 0f8d9b393..2e1f3f7ad 100644
--- a/fast/stages/2-networking-a-simple/net-prod.tf
+++ b/fast/stages/2-networking-a-simple/net-prod.tf
@@ -81,11 +81,15 @@ module "prod-spoke-vpc" {
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/prod"
}
- psa_configs = var.psa_ranges.prod
- # set explicit routes for googleapis in case the default route is deleted
- create_googleapis_routes = {
- private = true
- restricted = true
+ psa_configs = var.psa_ranges.prod
+ delete_default_routes_on_create = true
+ routes = {
+ default = {
+ dest_range = "0.0.0.0/0"
+ next_hop = "default-internet-gateway"
+ next_hop_type = "gateway"
+ priority = 1000
+ }
}
}
diff --git a/fast/stages/2-networking-a-simple/outputs.tf b/fast/stages/2-networking-a-simple/outputs.tf
index 788a2c7bb..28da678b8 100644
--- a/fast/stages/2-networking-a-simple/outputs.tf
+++ b/fast/stages/2-networking-a-simple/outputs.tf
@@ -99,6 +99,11 @@ output "host_project_numbers" {
value = local.host_project_numbers
}
+output "ping_commands" {
+ description = "Ping commands for test instances to be run to check VPC reachability."
+ value = var.create_test_instances ? join("\n", [for instance, _ in local.test-vms : "ping -c 1 ${module.test-vms[instance].internal_ip} # ${instance}"]) : ""
+}
+
output "shared_vpc_self_links" {
description = "Shared VPC host projects."
value = local.vpc_self_links
diff --git a/fast/stages/2-networking-a-simple/test-resources.tf b/fast/stages/2-networking-a-simple/test-resources.tf
index 6beb8fa28..a9993cfb3 100644
--- a/fast/stages/2-networking-a-simple/test-resources.tf
+++ b/fast/stages/2-networking-a-simple/test-resources.tf
@@ -18,21 +18,21 @@
locals {
test-vms = {
- dev = {
+ dev-spoke-primary = {
region = var.regions.primary
project_id = module.dev-spoke-project.project_id
zone = "b"
network = module.dev-spoke-vpc.self_link
subnetwork = module.dev-spoke-vpc.subnet_self_links["${var.regions.primary}/dev-default"]
}
- landing = {
+ landing-primary = {
region = var.regions.primary
project_id = module.landing-project.project_id
zone = "b"
network = module.landing-vpc.self_link
subnetwork = module.landing-vpc.subnet_self_links["${var.regions.primary}/landing-default"]
}
- prod = {
+ prod-spoke-primary = {
region = var.regions.primary
project_id = module.prod-spoke-project.project_id
zone = "b"
@@ -72,8 +72,3 @@ module "test-vms" {
EOF
}
}
-
-output "ping_commands" {
- description = "Ping commands that can be run to check VPC reachability."
- value = var.create_test_instances ? join("\n", [for instance, _ in local.test-vms : "ping -c 1 ${module.test-vms[instance].internal_ip} # ${instance}"]) : ""
-}
diff --git a/fast/stages/2-networking-c-nva/README.md b/fast/stages/2-networking-c-nva/README.md
index a73740307..88f57974d 100644
--- a/fast/stages/2-networking-c-nva/README.md
+++ b/fast/stages/2-networking-c-nva/README.md
@@ -448,7 +448,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [nva.tf](./nva.tf) | None | compute-mig · compute-vm · simple-nva | |
| [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file |
| [regions.tf](./regions.tf) | Compute short names for regions. | | |
-| [test-resources.tf](./test-resources.tf) | temporary instances for testing | compute-vm | |
+| [test-resources.tf](./test-resources.tf) | Temporary instances for testing | | |
| [variables.tf](./variables.tf) | Module variables. | | |
| [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | |
@@ -458,23 +458,24 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
|---|---|:---:|:---:|:---:|:---:|
| [automation](variables.tf#L42) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 0-bootstrap |
| [billing_account](variables.tf#L50) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap |
-| [folder_ids](variables.tf#L126) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…}) | ✓ | | 1-resman |
-| [organization](variables.tf#L151) | Organization details. | object({…}) | ✓ | | 0-bootstrap |
-| [prefix](variables.tf#L167) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap |
+| [folder_ids](variables.tf#L132) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…}) | ✓ | | 1-resman |
+| [organization](variables.tf#L157) | Organization details. | object({…}) | ✓ | | 0-bootstrap |
+| [prefix](variables.tf#L173) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap |
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | |
-| [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap |
-| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | |
-| [enable_cloud_nat](variables.tf#L82) | Deploy Cloud NAT. | bool | | false | |
-| [essential_contacts](variables.tf#L89) | Email used for essential contacts, unset if null. | string | | null | |
-| [factories_config](variables.tf#L95) | Configuration for network resource factories. | object({…}) | | {…} | |
-| [fast_features](variables.tf#L116) | Selective control for top-level FAST features. | object({…}) | | {} | 0-0-bootstrap |
-| [gcp_ranges](variables.tf#L136) | GCP address ranges in name => range format. | map(string) | | {…} | |
-| [outputs_location](variables.tf#L161) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
-| [psa_ranges](variables.tf#L178) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | |
-| [regions](variables.tf#L198) | Region definitions. | object({…}) | | {…} | |
-| [service_accounts](variables.tf#L210) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman |
-| [vpn_onprem_primary_config](variables.tf#L224) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | |
-| [vpn_onprem_secondary_config](variables.tf#L267) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | |
+| [create_test_instances](variables.tf#L63) | Enables the creation of test VMs in each VPC, useful to test and troubleshoot connectivity. | bool | | false | |
+| [custom_roles](variables.tf#L69) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap |
+| [dns](variables.tf#L78) | DNS configuration. | object({…}) | | {} | |
+| [enable_cloud_nat](variables.tf#L88) | Deploy Cloud NAT. | bool | | false | |
+| [essential_contacts](variables.tf#L95) | Email used for essential contacts, unset if null. | string | | null | |
+| [factories_config](variables.tf#L101) | Configuration for network resource factories. | object({…}) | | {…} | |
+| [fast_features](variables.tf#L122) | Selective control for top-level FAST features. | object({…}) | | {} | 0-0-bootstrap |
+| [gcp_ranges](variables.tf#L142) | GCP address ranges in name => range format. | map(string) | | {…} | |
+| [outputs_location](variables.tf#L167) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
+| [psa_ranges](variables.tf#L184) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | object({…}) | | {} | |
+| [regions](variables.tf#L204) | Region definitions. | object({…}) | | {…} | |
+| [service_accounts](variables.tf#L216) | Automation service accounts in name => email format. | object({…}) | | null | 1-resman |
+| [vpn_onprem_primary_config](variables.tf#L230) | VPN gateway configuration for onprem interconnection in the primary region. | object({…}) | | null | |
+| [vpn_onprem_secondary_config](variables.tf#L273) | VPN gateway configuration for onprem interconnection in the secondary region. | object({…}) | | null | |
## Outputs
@@ -482,7 +483,8 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
|---|---|:---:|---|
| [host_project_ids](outputs.tf#L88) | Network project ids. | | |
| [host_project_numbers](outputs.tf#L93) | Network project numbers. | | |
-| [shared_vpc_self_links](outputs.tf#L98) | Shared VPC host projects. | | |
-| [tfvars](outputs.tf#L103) | Terraform variables file for the following stages. | ✓ | |
-| [vpn_gateway_endpoints](outputs.tf#L109) | External IP Addresses for the GCP VPN gateways. | | |
+| [ping_commands](outputs.tf#L98) | Ping commands for test instances to be run to check VPC reachability. | | |
+| [shared_vpc_self_links](outputs.tf#L103) | Shared VPC host projects. | | |
+| [tfvars](outputs.tf#L108) | Terraform variables file for the following stages. | ✓ | |
+| [vpn_gateway_endpoints](outputs.tf#L114) | External IP Addresses for the GCP VPN gateways. | | |
diff --git a/fast/stages/2-networking-c-nva/data/firewall-rules/landing/default-ingress.yaml b/fast/stages/2-networking-c-nva/data/firewall-rules/landing/default-ingress.yaml
index a8fd0c587..c4cd103f0 100644
--- a/fast/stages/2-networking-c-nva/data/firewall-rules/landing/default-ingress.yaml
+++ b/fast/stages/2-networking-c-nva/data/firewall-rules/landing/default-ingress.yaml
@@ -1,7 +1,7 @@
# skip boilerplate check
ingress:
- landing-ingress-default-deny:
+ ingress-default-landing-deny:
description: "Deny and log any unmatched ingress traffic."
deny: true
priority: 65535
diff --git a/fast/stages/2-networking-c-nva/data/subnets/landing/landing-default-ew1.yaml b/fast/stages/2-networking-c-nva/data/subnets/landing/landing-default-ew1.yaml
index 9954030b9..7ba6b15ac 100644
--- a/fast/stages/2-networking-c-nva/data/subnets/landing/landing-default-ew1.yaml
+++ b/fast/stages/2-networking-c-nva/data/subnets/landing/landing-default-ew1.yaml
@@ -3,4 +3,4 @@
name: landing-default
region: europe-west1
ip_cidr_range: 10.64.0.0/24
-description: Default europe-west1 subnet for landing landing
+description: Default europe-west1 subnet for landing
diff --git a/fast/stages/2-networking-c-nva/dns-dev.tf b/fast/stages/2-networking-c-nva/dns-dev.tf
index 88e4e23ef..fcd009099 100644
--- a/fast/stages/2-networking-c-nva/dns-dev.tf
+++ b/fast/stages/2-networking-c-nva/dns-dev.tf
@@ -26,8 +26,8 @@ module "dev-dns-priv-example" {
domain = "dev.gcp.example.com."
private = {
client_networks = [
+ # module.dmz-vpc.self_link
module.landing-vpc.self_link,
- module.dmz-vpc.self_link
]
}
}
diff --git a/fast/stages/2-networking-c-nva/dns-landing.tf b/fast/stages/2-networking-c-nva/dns-landing.tf
index 168aac826..e60f17649 100644
--- a/fast/stages/2-networking-c-nva/dns-landing.tf
+++ b/fast/stages/2-networking-c-nva/dns-landing.tf
@@ -60,7 +60,7 @@ module "landing-dns-priv-gcp" {
domain = "gcp.example.com."
private = {
client_networks = [
- module.dmz-vpc.self_link,
+ # module.dmz-vpc.self_link,
module.landing-vpc.self_link
]
}
diff --git a/fast/stages/2-networking-c-nva/dns-prod.tf b/fast/stages/2-networking-c-nva/dns-prod.tf
index 5444ff328..462f158d3 100644
--- a/fast/stages/2-networking-c-nva/dns-prod.tf
+++ b/fast/stages/2-networking-c-nva/dns-prod.tf
@@ -25,7 +25,10 @@ module "prod-dns-priv-example" {
zone_config = {
domain = "prod.gcp.example.com."
private = {
- client_networks = [module.landing-vpc.self_link, module.dmz-vpc.self_link]
+ client_networks = [
+ # module.dmz-vpc.self_link
+ module.landing-vpc.self_link,
+ ]
}
}
recordsets = {
diff --git a/fast/stages/2-networking-c-nva/net-dev.tf b/fast/stages/2-networking-c-nva/net-dev.tf
index 9344c8af4..07b427e29 100644
--- a/fast/stages/2-networking-c-nva/net-dev.tf
+++ b/fast/stages/2-networking-c-nva/net-dev.tf
@@ -93,28 +93,28 @@ module "dev-spoke-vpc" {
nva-primary-to-primary = {
dest_range = "0.0.0.0/0"
priority = 1000
- tags = ["primary"]
+ tags = [local.region_shortnames[var.regions.primary]]
next_hop_type = "ilb"
next_hop = module.ilb-nva-landing["primary"].forwarding_rule_addresses[""]
}
nva-secondary-to-secondary = {
dest_range = "0.0.0.0/0"
priority = 1000
- tags = ["secondary"]
+ tags = [local.region_shortnames[var.regions.secondary]]
next_hop_type = "ilb"
next_hop = module.ilb-nva-landing["secondary"].forwarding_rule_addresses[""]
}
nva-primary-to-secondary = {
dest_range = "0.0.0.0/0"
priority = 1001
- tags = ["primary"]
+ tags = [local.region_shortnames[var.regions.primary]]
next_hop_type = "ilb"
next_hop = module.ilb-nva-landing["primary"].forwarding_rule_addresses[""]
}
nva-secondary-to-primary = {
dest_range = "0.0.0.0/0"
priority = 1001
- tags = ["secondary"]
+ tags = [local.region_shortnames[var.regions.secondary]]
next_hop_type = "ilb"
next_hop = module.ilb-nva-landing["secondary"].forwarding_rule_addresses[""]
}
diff --git a/fast/stages/2-networking-c-nva/net-landing.tf b/fast/stages/2-networking-c-nva/net-landing.tf
index f0eddc6f9..b40fc18d5 100644
--- a/fast/stages/2-networking-c-nva/net-landing.tf
+++ b/fast/stages/2-networking-c-nva/net-landing.tf
@@ -57,6 +57,15 @@ module "dmz-vpc" {
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/dmz"
}
+ delete_default_routes_on_create = true
+ routes = {
+ default = {
+ dest_range = "0.0.0.0/0"
+ next_hop = "default-internet-gateway"
+ next_hop_type = "gateway"
+ priority = 1000
+ }
+ }
}
module "dmz-firewall" {
diff --git a/fast/stages/2-networking-c-nva/net-prod.tf b/fast/stages/2-networking-c-nva/net-prod.tf
index e37e77cf3..0444fa13c 100644
--- a/fast/stages/2-networking-c-nva/net-prod.tf
+++ b/fast/stages/2-networking-c-nva/net-prod.tf
@@ -91,28 +91,28 @@ module "prod-spoke-vpc" {
nva-primary-to-primary = {
dest_range = "0.0.0.0/0"
priority = 1000
- tags = ["primary"]
+ tags = [local.region_shortnames[var.regions.primary]]
next_hop_type = "ilb"
next_hop = module.ilb-nva-landing["primary"].forwarding_rule_addresses[""]
}
nva-secondary-to-secondary = {
dest_range = "0.0.0.0/0"
priority = 1000
- tags = ["secondary"]
+ tags = [local.region_shortnames[var.regions.secondary]]
next_hop_type = "ilb"
next_hop = module.ilb-nva-landing["secondary"].forwarding_rule_addresses[""]
}
nva-primary-to-secondary = {
dest_range = "0.0.0.0/0"
priority = 1001
- tags = ["primary"]
+ tags = [local.region_shortnames[var.regions.primary]]
next_hop_type = "ilb"
next_hop = module.ilb-nva-landing["secondary"].forwarding_rule_addresses[""]
}
nva-secondary-to-primary = {
dest_range = "0.0.0.0/0"
priority = 1001
- tags = ["secondary"]
+ tags = [local.region_shortnames[var.regions.secondary]]
next_hop_type = "ilb"
next_hop = module.ilb-nva-landing["primary"].forwarding_rule_addresses[""]
}
diff --git a/fast/stages/2-networking-c-nva/outputs.tf b/fast/stages/2-networking-c-nva/outputs.tf
index 886d19827..42fe5d064 100644
--- a/fast/stages/2-networking-c-nva/outputs.tf
+++ b/fast/stages/2-networking-c-nva/outputs.tf
@@ -95,6 +95,11 @@ output "host_project_numbers" {
value = local.host_project_numbers
}
+output "ping_commands" {
+ description = "Ping commands for test instances to be run to check VPC reachability."
+ value = var.create_test_instances ? join("\n", [for instance, _ in local.test-vms : "ping -c 1 ${module.test-vms[instance].internal_ip} # ${instance}"]) : ""
+}
+
output "shared_vpc_self_links" {
description = "Shared VPC host projects."
value = local.vpc_self_links
diff --git a/fast/stages/2-networking-c-nva/test-resources.tf b/fast/stages/2-networking-c-nva/test-resources.tf
index 087b6743f..a07cb0eef 100644
--- a/fast/stages/2-networking-c-nva/test-resources.tf
+++ b/fast/stages/2-networking-c-nva/test-resources.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,242 +14,107 @@
* limitations under the License.
*/
-# tfdoc:file:description temporary instances for testing
+# tfdoc:file:description Temporary instances for testing
-# # dmz (Landing)
+locals {
+ test-vms = {
+ dev-spoke-primary = {
+ network = module.dev-spoke-vpc.self_link
+ project_id = module.dev-spoke-project.project_id
+ region = var.regions.primary
+ subnetwork = module.dev-spoke-vpc.subnet_self_links["${var.regions.primary}/dev-default"]
+ tags = [local.region_shortnames[var.regions.primary]]
+ zone = "b"
+ }
+ dev-spoke-secondary = {
+ network = module.dev-spoke-vpc.self_link
+ project_id = module.dev-spoke-project.project_id
+ region = var.regions.secondary
+ subnetwork = module.dev-spoke-vpc.subnet_self_links["${var.regions.secondary}/dev-default"]
+ tags = [local.region_shortnames[var.regions.secondary]]
+ zone = "b"
+ }
+ dmz-primary = {
+ network = module.dmz-vpc.self_link
+ project_id = module.landing-project.project_id
+ region = var.regions.primary
+ subnetwork = module.dmz-vpc.subnet_self_links["${var.regions.primary}/dmz-default"]
+ tags = [local.region_shortnames[var.regions.primary]]
+ zone = "b"
+ }
+ dmz-secondary = {
+ network = module.dmz-vpc.self_link
+ project_id = module.landing-project.project_id
+ region = var.regions.secondary
+ subnetwork = module.dmz-vpc.subnet_self_links["${var.regions.secondary}/dmz-default"]
+ tags = [local.region_shortnames[var.regions.secondary]]
+ zone = "b"
+ }
+ landing-primary = {
+ network = module.landing-vpc.self_link
+ project_id = module.landing-project.project_id
+ region = var.regions.primary
+ subnetwork = module.landing-vpc.subnet_self_links["${var.regions.primary}/landing-default"]
+ tags = [local.region_shortnames[var.regions.primary]]
+ zone = "b"
+ }
+ landing-secondary = {
+ network = module.landing-vpc.self_link
+ project_id = module.landing-project.project_id
+ region = var.regions.secondary
+ subnetwork = module.landing-vpc.subnet_self_links["${var.regions.secondary}/landing-default"]
+ tags = [local.region_shortnames[var.regions.secondary]]
+ zone = "b"
+ }
+ prod-spoke-primary = {
+ network = module.prod-spoke-vpc.self_link
+ project_id = module.prod-spoke-project.project_id
+ region = var.regions.primary
+ subnetwork = module.prod-spoke-vpc.subnet_self_links["${var.regions.primary}/prod-default"]
+ tags = [local.region_shortnames[var.regions.primary]]
+ zone = "b"
+ }
+ prod-spoke-secondary = {
+ network = module.prod-spoke-vpc.self_link
+ project_id = module.prod-spoke-project.project_id
+ region = var.regions.secondary
+ subnetwork = module.prod-spoke-vpc.subnet_self_links["${var.regions.secondary}/prod-default"]
+ tags = [local.region_shortnames[var.regions.secondary]]
+ zone = "b"
+ }
+ }
+}
-# module "test-vm-dmz-primary-0" {
-# source = "../../../modules/compute-vm"
-# project_id = module.landing-project.project_id
-# zone = "${var.regions.primary}-b"
-# name = "test-vm-lnd-unt-pri-0"
-# network_interfaces = [{
-# network = module.dmz-vpc.self_link
-# subnetwork = module.dmz-vpc.subnet_self_links["${var.regions.primary}/dmz-default"]
-# }]
-# tags = ["primary", "ssh"]
-# service_account_create = true
-# boot_disk = {
-# initialize_params = {
-# image = "projects/debian-cloud/global/images/family/debian-10"
-# }
-# }
-# options = {
-# spot = true
-# termination_action = "STOP"
-# }
-# metadata = {
-# startup-script = <