kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into fast-dev

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2026-02-19 09:21:39 +00:00
parent 7e42aba824 90d7ffc703
commit 440b622536
18 changed files with 205 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
fast/stages/0-org-setup/datasets/classic-gcd/organization/.config.yaml
View File

@@ -86,11 +86,11 @@ iam_by_principals:
- roles/compute.xpnAdmin
$iam_principals:service_accounts/iac-0/iac-networking-ro:
# uncomment for cooperative VPC-SC configurations
# - roles/accesscontextmanager.policyViewer
# - roles/accesscontextmanager.policyReader
- roles/compute.orgFirewallPolicyUser
- roles/compute.viewer
# uncomment for cooperative VPC-SC configurations
# $iam_principals:service_accounts/iac-0/iac-pw-rw:
# $iam_principals:service_accounts/iac-0/iac-pf-rw:
# - roles/accesscontextmanager.policyEditor
# uncomment if you want to use Assured Workloads
# $iam_principals:service_accounts/iac-0/iac-pf-rw:
@@ -101,7 +101,7 @@ iam_by_principals:
- roles/cloudasset.viewer
$iam_principals:service_accounts/iac-0/iac-security-ro:
# uncomment for cooperative VPC-SC configurations
# - roles/accesscontextmanager.policyViewer
# - roles/accesscontextmanager.policyReader
- roles/cloudasset.viewer
$iam_principals:service_accounts/iac-0/iac-vpcsc-rw:
- roles/accesscontextmanager.policyAdmin

6
fast/stages/0-org-setup/datasets/classic/organization/.config.yaml
View File

@@ -86,11 +86,11 @@ iam_by_principals:
- roles/compute.xpnAdmin
$iam_principals:service_accounts/iac-0/iac-networking-ro:
# uncomment for cooperative VPC-SC configurations
# - roles/accesscontextmanager.policyViewer
# - roles/accesscontextmanager.policyReader
- roles/compute.orgFirewallPolicyUser
- roles/compute.viewer
# uncomment for cooperative VPC-SC configurations
# $iam_principals:service_accounts/iac-0/iac-pw-rw:
# $iam_principals:service_accounts/iac-0/iac-pf-rw:
# - roles/accesscontextmanager.policyEditor
# uncomment if you want to use Assured Workloads
# $iam_principals:service_accounts/iac-0/iac-pf-rw:
@@ -101,7 +101,7 @@ iam_by_principals:
- roles/cloudasset.viewer
$iam_principals:service_accounts/iac-0/iac-security-ro:
# uncomment for cooperative VPC-SC configurations
# - roles/accesscontextmanager.policyViewer
# - roles/accesscontextmanager.policyReader
- roles/cloudasset.viewer
$iam_principals:service_accounts/iac-0/iac-vpcsc-rw:
- roles/accesscontextmanager.policyAdmin

6
fast/stages/0-org-setup/datasets/hardened/organization/.config.yaml
View File

@@ -89,11 +89,11 @@ iam_by_principals:
- roles/compute.xpnAdmin
$iam_principals:service_accounts/iac-0/iac-networking-ro:
# uncomment for cooperative VPC-SC configurations
# - roles/accesscontextmanager.policyViewer
# - roles/accesscontextmanager.policyReader
- roles/compute.orgFirewallPolicyUser
- roles/compute.viewer
# uncomment for cooperative VPC-SC configurations
# $iam_principals:service_accounts/iac-0/iac-pw-rw:
# $iam_principals:service_accounts/iac-0/iac-pf-rw:
# - roles/accesscontextmanager.policyEditor
# uncomment if you want to use Assured Workloads
# $iam_principals:service_accounts/iac-0/iac-pf-rw:
@@ -104,7 +104,7 @@ iam_by_principals:
- roles/cloudasset.viewer
$iam_principals:service_accounts/iac-0/iac-security-ro:
# uncomment for cooperative VPC-SC configurations
# - roles/accesscontextmanager.policyViewer
# - roles/accesscontextmanager.policyReader
- roles/cloudasset.viewer
$iam_principals:service_accounts/iac-0/iac-vpcsc-rw:
- roles/accesscontextmanager.policyAdmin

6
fast/stages/2-networking/datasets/hub-and-spokes-nva/vpcs/dmz/.config.yaml
View File

@@ -17,6 +17,12 @@ routers:
"10.0.0.0/8": "rfc1918-10"
"172.16.0.0/12": "rfc1918-172"
"192.168.0.0/16": "rfc1918-192"
# # Uncomment to advertise the Cloud DNS query source address range. (see https://docs.cloud.google.com/dns/docs/server-policies-overview#altns-targets:~:text=0/19-,Type%202%20name%20server,-An%20IP%20address)
# "35.199.192.0/19": "cloud-dns-resolver"
# # Uncomment to advertise the Private Google Access routes. (see https://docs.cloud.google.com/vpc/docs/private-google-access-hybrid)
# "199.36.153.8/30": "private-googleapis-com"
# # Uncomment to advertise the Private Google Access routes that support VPC Service Controls. (see https://docs.cloud.google.com/vpc/docs/private-google-access-hybrid)
# "199.36.153.4/30": "restricted-googleapis-com"
nat_config:
nat-ew8:
region: europe-west1

10
fast/stages/2-networking/datasets/hub-and-spokes-peerings/vpcs/hub/.config.yaml
View File

@@ -19,6 +19,16 @@ routers:
vpn-router:
region: $locations:primary
asn: 64514
# Uncomment to enable custom route advertisement. (see https://docs.cloud.google.com/network-connectivity/docs/router/how-to/advertising-custom-ip)
# custom_advertise:
# all_subnets: true
# ip_ranges:
# # Uncomment to advertise the Cloud DNS query source address range. (see https://docs.cloud.google.com/dns/docs/server-policies-overview#altns-targets:~:text=0/19-,Type%202%20name%20server,-An%20IP%20address)
# "35.199.192.0/19": "cloud-dns-resolver"
# # Uncomment to advertise the Private Google Access routes. (see https://docs.cloud.google.com/vpc/docs/private-google-access-hybrid)
# "199.36.153.8/30": "private-googleapis-com"
# # Uncomment to advertise the Private Google Access routes that support VPC Service Controls. (see https://docs.cloud.google.com/vpc/docs/private-google-access-hybrid)
# "199.36.153.4/30": "restricted-googleapis-com"
routes:
default:
dest_range: 0.0.0.0/0

26
fast/stages/2-networking/datasets/hub-and-spokes-vpns/vpcs/hub/vpns/onprem.yaml
View File

@@ -30,6 +30,19 @@ tunnels:
bgp_peer:
address: 169.254.128.1
asn: 64513
# Uncomment to enable custom route advertisements for this BGP peer. (see https://docs.cloud.google.com/network-connectivity/docs/router/concepts/advertised-routes#am-custom)
# custom_advertise:
# all_subnets: true
# ip_ranges:
# "10.0.0.0/8": "rfc1918-10"
# "172.16.0.0/12": "rfc1918-172"
# "192.168.0.0/16": "rfc1918-192"
# # Uncomment to advertise the Cloud DNS query source address range. (see https://docs.cloud.google.com/dns/docs/server-policies-overview#altns-targets:~:text=0/19-,Type%202%20name%20server,-An%20IP%20address)
# "35.199.192.0/19": "cloud-dns-resolver"
# # Uncomment to advertise the Private Google Access routes. (see https://docs.cloud.google.com/vpc/docs/private-google-access-hybrid)
# "199.36.153.8/30": "private-googleapis-com"
# # Uncomment to advertise the Private Google Access routes that support VPC Service Controls. (see https://docs.cloud.google.com/vpc/docs/private-google-access-hybrid)
# "199.36.153.4/30": "restricted-googleapis-com"
bgp_session_range: "169.254.128.2/30"
peer_external_gateway_interface: 0
shared_secret: "mySecret"
@@ -38,6 +51,19 @@ tunnels:
bgp_peer:
address: 169.254.128.5
asn: 64513
# Uncomment to enable custom route advertisements for this BGP peer. (see https://docs.cloud.google.com/network-connectivity/docs/router/concepts/advertised-routes#am-custom)
# custom_advertise:
# all_subnets: true
# ip_ranges:
# "10.0.0.0/8": "rfc1918-10"
# "172.16.0.0/12": "rfc1918-172"
# "192.168.0.0/16": "rfc1918-192"
# # Uncomment to advertise the Cloud DNS query source address range. (see https://docs.cloud.google.com/dns/docs/server-policies-overview#altns-targets:~:text=0/19-,Type%202%20name%20server,-An%20IP%20address)
# "35.199.192.0/19": "cloud-dns-resolver"
# # Uncomment to advertise the Private Google Access routes. (see https://docs.cloud.google.com/vpc/docs/private-google-access-hybrid)
# "199.36.153.8/30": "private-googleapis-com"
# # Uncomment to advertise the Private Google Access routes that support VPC Service Controls. (see https://docs.cloud.google.com/vpc/docs/private-google-access-hybrid)
# "199.36.153.4/30": "restricted-googleapis-com"
bgp_session_range: "169.254.128.6/30"
peer_external_gateway_interface: 0
shared_secret: "mySecret"