net-vpn-ha (#3420)
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
ccecb0dd24
commit
45d4674ae8
@@ -223,15 +223,16 @@ You can optionally avoid to specify MD5 keys and the module will automatically g
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L17) | VPN Gateway name (if an existing VPN Gateway is not used), and prefix used for dependent resources. | <code>string</code> | ✓ | |
|
||||
| [network](variables.tf#L22) | VPC used for the gateway and routes. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L48) | Project where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L53) | Region used for resources. | <code>string</code> | ✓ | |
|
||||
| [router_config](variables.tf#L58) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | <code title="object({ asn = optional(number) create = optional(bool, true) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) keepalive = optional(number) name = optional(string) override_name = optional(string) })">object({…})</code> | ✓ | |
|
||||
| [peer_gateways](variables.tf#L27) | Configuration of the (external or GCP) peer gateway. | <code title="map(object({ external = optional(object({ redundancy_type = string interfaces = list(string) description = optional(string, "Terraform managed external VPN gateway") name = optional(string) })) gcp = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [tunnels](variables.tf#L74) | VPN tunnel configurations. | <code title="map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) md5_authentication_key = optional(object({ name = string key = optional(string) })) ipv6 = optional(object({ nexthop_address = optional(string) peer_nexthop_address = optional(string) })) name = optional(string) }) bgp_session_range = string ike_version = optional(number, 2) name = optional(string) peer_external_gateway_interface = optional(number) peer_router_interface_name = optional(string) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [vpn_gateway](variables.tf#L111) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | <code>string</code> | | <code>null</code> |
|
||||
| [vpn_gateway_create](variables.tf#L117) | Create HA VPN Gateway. Set to null to avoid creation. | <code title="object({ description = optional(string, "Terraform managed external VPN gateway") ipv6 = optional(bool, false) })">object({…})</code> | | <code>{}</code> |
|
||||
| [name](variables.tf#L31) | VPN Gateway name (if an existing VPN Gateway is not used), and prefix used for dependent resources. | <code>string</code> | ✓ | |
|
||||
| [network](variables.tf#L36) | VPC used for the gateway and routes. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L62) | Project where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L67) | Region used for resources. | <code>string</code> | ✓ | |
|
||||
| [router_config](variables.tf#L72) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | <code title="object({ asn = optional(number) create = optional(bool, true) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) keepalive = optional(number) name = optional(string) override_name = optional(string) })">object({…})</code> | ✓ | |
|
||||
| [context](variables.tf#L17) | Context-specific interpolations. | <code title="object({ addresses = optional(map(string), {}) locations = optional(map(string), {}) networks = optional(map(string), {}) project_ids = optional(map(string), {}) routers = optional(map(string), {}) vpn_gateways = optional(map(string), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [peer_gateways](variables.tf#L41) | Configuration of the (external or GCP) peer gateway. | <code title="map(object({ external = optional(object({ redundancy_type = string interfaces = list(string) description = optional(string, "Terraform managed external VPN gateway") name = optional(string) })) gcp = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [tunnels](variables.tf#L88) | VPN tunnel configurations. | <code title="map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) md5_authentication_key = optional(object({ name = string key = optional(string) })) ipv6 = optional(object({ nexthop_address = optional(string) peer_nexthop_address = optional(string) })) name = optional(string) }) bgp_session_range = string ike_version = optional(number, 2) name = optional(string) peer_external_gateway_interface = optional(number) peer_router_interface_name = optional(string) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [vpn_gateway](variables.tf#L125) | HA VPN Gateway Self Link for using an existing HA VPN Gateway. Ignored if `vpn_gateway_create` is set to `true`. | <code>string</code> | | <code>null</code> |
|
||||
| [vpn_gateway_create](variables.tf#L131) | Create HA VPN Gateway. Set to null to avoid creation. | <code title="object({ description = optional(string, "Terraform managed external VPN gateway") ipv6 = optional(bool, false) })">object({…})</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -16,25 +16,39 @@
|
||||
*/
|
||||
|
||||
locals {
|
||||
ctx = {
|
||||
for k, v in var.context : k => {
|
||||
for kk, vv in v : "${local.ctx_p}${k}:${kk}" => vv
|
||||
}
|
||||
}
|
||||
ctx_p = "$"
|
||||
md5_keys = {
|
||||
for k, v in random_id.md5_keys
|
||||
: k => v.b64_url
|
||||
}
|
||||
network = lookup(local.ctx.networks, var.network, var.network)
|
||||
peer_gateways_external = {
|
||||
for k, v in var.peer_gateways : k => v.external if v.external != null
|
||||
}
|
||||
peer_gateways_gcp = {
|
||||
for k, v in var.peer_gateways : k => v.gcp if v.gcp != null
|
||||
for k, v in var.peer_gateways :
|
||||
k => lookup(local.ctx.vpn_gateways, v.gcp, v.gcp) if v.gcp != null
|
||||
}
|
||||
project_id = lookup(
|
||||
local.ctx.project_ids, var.project_id, var.project_id
|
||||
)
|
||||
region = lookup(
|
||||
local.ctx.locations, var.region, var.region
|
||||
)
|
||||
router = (
|
||||
var.router_config.create
|
||||
? try(google_compute_router.router[0].name, null)
|
||||
: var.router_config.name
|
||||
: lookup(local.ctx.routers, var.router_config.name, var.router_config.name)
|
||||
)
|
||||
vpn_gateway = (
|
||||
var.vpn_gateway_create != null
|
||||
? try(google_compute_ha_vpn_gateway.ha_gateway[0].self_link, null)
|
||||
: var.vpn_gateway
|
||||
: lookup(local.ctx.vpn_gateways, var.vpn_gateway, var.vpn_gateway)
|
||||
)
|
||||
secret = random_id.secret.b64_url
|
||||
}
|
||||
@@ -43,23 +57,23 @@ resource "google_compute_ha_vpn_gateway" "ha_gateway" {
|
||||
count = var.vpn_gateway_create != null ? 1 : 0
|
||||
name = var.name
|
||||
description = var.vpn_gateway_create.description
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
network = var.network
|
||||
project = local.project_id
|
||||
region = local.region
|
||||
network = local.network
|
||||
stack_type = var.vpn_gateway_create.ipv6 ? "IPV4_IPV6" : "IPV4_ONLY"
|
||||
}
|
||||
|
||||
resource "google_compute_external_vpn_gateway" "external_gateway" {
|
||||
for_each = local.peer_gateways_external
|
||||
name = each.value.name != null ? each.value.name : "${var.name}-${each.key}"
|
||||
project = var.project_id
|
||||
project = local.project_id
|
||||
redundancy_type = each.value.redundancy_type
|
||||
description = each.value.description
|
||||
dynamic "interface" {
|
||||
for_each = each.value.interfaces
|
||||
content {
|
||||
id = interface.key
|
||||
ip_address = interface.value
|
||||
ip_address = lookup(local.ctx.addresses, interface.value, interface.value)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -67,9 +81,9 @@ resource "google_compute_external_vpn_gateway" "external_gateway" {
|
||||
resource "google_compute_router" "router" {
|
||||
count = var.router_config.create ? 1 : 0
|
||||
name = coalesce(var.router_config.name, "vpn-${var.name}")
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
network = var.network
|
||||
project = local.project_id
|
||||
region = local.region
|
||||
network = local.network
|
||||
bgp {
|
||||
advertise_mode = (
|
||||
var.router_config.custom_advertise != null
|
||||
@@ -96,8 +110,8 @@ resource "google_compute_router" "router" {
|
||||
|
||||
resource "google_compute_router_peer" "bgp_peer" {
|
||||
for_each = var.tunnels
|
||||
region = var.region
|
||||
project = var.project_id
|
||||
region = local.region
|
||||
project = local.project_id
|
||||
name = each.value.bgp_peer.name != null ? each.value.bgp_peer.name : "${var.name}-${each.key}"
|
||||
router = coalesce(each.value.router, local.router)
|
||||
peer_ip_address = each.value.bgp_peer.address
|
||||
@@ -132,10 +146,14 @@ resource "google_compute_router_peer" "bgp_peer" {
|
||||
|
||||
resource "google_compute_router_interface" "router_interface" {
|
||||
for_each = var.tunnels
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
name = each.value.peer_router_interface_name != null ? each.value.peer_router_interface_name : "${var.name}-${each.key}"
|
||||
router = local.router
|
||||
project = local.project_id
|
||||
region = local.region
|
||||
name = (
|
||||
each.value.peer_router_interface_name != null
|
||||
? each.value.peer_router_interface_name :
|
||||
"${var.name}-${each.key}"
|
||||
)
|
||||
router = local.router
|
||||
# FIXME: can bgp_session_range be null?
|
||||
ip_range = each.value.bgp_session_range == "" ? null : each.value.bgp_session_range
|
||||
vpn_tunnel = google_compute_vpn_tunnel.tunnels[each.key].name
|
||||
@@ -143,8 +161,8 @@ resource "google_compute_router_interface" "router_interface" {
|
||||
|
||||
resource "google_compute_vpn_tunnel" "tunnels" {
|
||||
for_each = var.tunnels
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
project = local.project_id
|
||||
region = local.region
|
||||
name = each.value.name != null ? each.value.name : "${var.name}-${each.key}"
|
||||
router = local.router
|
||||
peer_external_gateway = try(
|
||||
|
||||
@@ -14,6 +14,20 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "context" {
|
||||
description = "Context-specific interpolations."
|
||||
type = object({
|
||||
addresses = optional(map(string), {})
|
||||
locations = optional(map(string), {})
|
||||
networks = optional(map(string), {})
|
||||
project_ids = optional(map(string), {})
|
||||
routers = optional(map(string), {})
|
||||
vpn_gateways = optional(map(string), {})
|
||||
})
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "VPN Gateway name (if an existing VPN Gateway is not used), and prefix used for dependent resources."
|
||||
type = string
|
||||
|
||||
Reference in New Issue
Block a user