diff --git a/.gitignore b/.gitignore
index cbf110dd2..314dbd636 100644
--- a/.gitignore
+++ b/.gitignore
@@ -54,4 +54,5 @@ blueprints/gke/autopilot/ansible/gssh.sh
blueprints/gke/autopilot/ansible/vars/vars.yaml
blueprints/gke/autopilot/bundle/monitoring/kustomization.yaml
blueprints/gke/autopilot/bundle/locust/kustomization.yaml
-blueprints/gke/autopilot/bundle.tar.gz
\ No newline at end of file
+blueprints/gke/autopilot/bundle.tar.gz
+modules/net-vpc/README.md
diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index 091619c7d..d66171185 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -286,7 +286,6 @@ Along with common private subnets module supports creation more service specific
- [Proxy-only subnets](https://cloud.google.com/load-balancing/docs/proxy-only-subnets) for Regional HTTPS Internal HTTPS Load Balancers
- [Private Service Connect](https://cloud.google.com/vpc/docs/private-service-connect#psc-subnets) subnets
-- [Global Proxy-only subnets](https://cloud.google.com/load-balancing/docs/proxy-only-subnets#envoy-lb) with purpose for Cross-region internal Application Load Balancers
```hcl
module "vpc" {
@@ -300,6 +299,13 @@ module "vpc" {
name = "regional-proxy"
region = "europe-west1"
active = true
+ },
+ {
+ ip_cidr_range = "10.0.4.0/24"
+ name = "global-proxy"
+ region = "australia-southeast2"
+ active = true
+ global = true
}
]
subnets_psc = [
@@ -309,14 +315,6 @@ module "vpc" {
region = "europe-west1"
}
]
- subnets_global_proxy_only = [
- {
- ip_cidr_range = "10.0.5.0/24"
- name = "global-proxy"
- region = "europe-west1"
- active = true
- }
- ]
}
# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml
```
@@ -394,13 +392,6 @@ flow_logs: # enable, set to empty map to use defaults
filter_expression: null
```
-```yaml
-# tftest-file id=subnet-global-proxy path=config/subnets/subnet-global-proxy.yaml
-region: europe-west4
-ip_cidr_range: 10.0.5.0/24
-purpose: GLOBAL_MANAGED_PROXY
-```
-
```yaml
# tftest-file id=subnet-proxy path=config/subnets/subnet-proxy.yaml
region: europe-west4
@@ -537,7 +528,6 @@ module "vpc" {
# tftest modules=1 resources=5 inventory=ipv6.yaml
```
-
## Variables
| name | description | type | required | default |
@@ -563,10 +553,9 @@ module "vpc" {
| [subnet_iam_bindings](variables.tf#L173) | Authoritative IAM bindings in {REGION/NAME => {ROLE => {members = [], condition = {}}}}. | map(map(object({…}))) | | {} |
| [subnet_iam_bindings_additive](variables.tf#L187) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} |
| [subnets](variables.tf#L203) | Subnet configuration. | list(object({…})) | | [] |
-| [subnets_global_proxy_only](variables.tf#L230) | List of proxy-only subnets for Cross-region Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…})) | | [] |
-| [subnets_proxy_only](variables.tf#L243) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…})) | | [] |
-| [subnets_psc](variables.tf#L256) | List of subnets for Private Service Connect service producers. | list(object({…})) | | [] |
-| [vpc_create](variables.tf#L268) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true |
+| [subnets_proxy_only](variables.tf#L230) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…})) | | [] |
+| [subnets_psc](variables.tf#L244) | List of subnets for Private Service Connect service producers. | list(object({…})) | | [] |
+| [vpc_create](variables.tf#L256) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true |
## Outputs
@@ -585,7 +574,6 @@ module "vpc" {
| [subnet_secondary_ranges](outputs.tf#L110) | Map of subnet secondary ranges keyed by name. | |
| [subnet_self_links](outputs.tf#L121) | Map of subnet self links keyed by name. | |
| [subnets](outputs.tf#L126) | Subnet resources. | |
-| [subnets_global_proxy_only](outputs.tf#L131) | Cross-region internal L7 ILB resources. | |
-| [subnets_proxy_only](outputs.tf#L136) | L7 ILB or L7 Regional LB subnet resources. | |
-| [subnets_psc](outputs.tf#L141) | Private Service Connect subnet resources. | |
+| [subnets_proxy_only](outputs.tf#L131) | L7 ILB or L7 Regional LB subnet resources. | |
+| [subnets_psc](outputs.tf#L136) | Private Service Connect subnet resources. | |
diff --git a/modules/net-vpc/outputs.tf b/modules/net-vpc/outputs.tf
index 4f956a3a5..503923d9c 100644
--- a/modules/net-vpc/outputs.tf
+++ b/modules/net-vpc/outputs.tf
@@ -128,11 +128,6 @@ output "subnets" {
value = { for k, v in google_compute_subnetwork.subnetwork : k => v }
}
-output "subnets_global_proxy_only" {
- description = "Cross-region internal L7 ILB resources."
- value = { for k, v in google_compute_subnetwork.global_proxy_only : k => v }
-}
-
output "subnets_proxy_only" {
description = "L7 ILB or L7 Regional LB subnet resources."
value = { for k, v in google_compute_subnetwork.proxy_only : k => v }
diff --git a/modules/net-vpc/subnets.tf b/modules/net-vpc/subnets.tf
index e3f8aeac2..917c53434 100644
--- a/modules/net-vpc/subnets.tf
+++ b/modules/net-vpc/subnets.tf
@@ -79,10 +79,6 @@ locals {
{ for s in var.subnets_psc : "${s.region}/${s.name}" => s },
{ for k, v in local._factory_subnets : k => v if v.purpose == "PRIVATE_SERVICE_CONNECT" }
)
- subnets_global_proxy_only = merge(
- { for s in var.subnets_global_proxy_only : "${s.region}/${s.name}" => s },
- { for k, v in local._factory_subnets : k => v if v.purpose == "GLOBAL_MANAGED_PROXY" }
- )
}
resource "google_compute_subnetwork" "subnetwork" {
@@ -134,25 +130,10 @@ resource "google_compute_subnetwork" "proxy_only" {
ip_cidr_range = each.value.ip_cidr_range
description = (
each.value.description == null
- ? "Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB."
+ ? "Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB"
: each.value.description
)
- purpose = "REGIONAL_MANAGED_PROXY"
- role = each.value.active != false ? "ACTIVE" : "BACKUP"
-}
-resource "google_compute_subnetwork" "global_proxy_only" {
- for_each = local.subnets_global_proxy_only
- project = var.project_id
- network = local.network.name
- name = each.value.name
- region = each.value.region
- ip_cidr_range = each.value.ip_cidr_range
- description = (
- each.value.description == null
- ? "Terraform-managed proxy-only subnet for cross-regional Internal HTTPS LB."
- : each.value.description
- )
- purpose = "GLOBAL_MANAGED_PROXY"
+ purpose = each.value.global != false ? "GLOBAL_MANAGED_PROXY" : "REGIONAL_MANAGED_PROXY"
role = each.value.active != false ? "ACTIVE" : "BACKUP"
}
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index 44e7c4c8b..30d7afd3f 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -227,27 +227,15 @@ variable "subnets" {
nullable = false
}
-variable "subnets_global_proxy_only" {
- description = "List of proxy-only subnets for Cross-region Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active."
- type = list(object({
- name = string
- ip_cidr_range = string
- region = string
- description = optional(string)
- active = bool
- }))
- default = []
- nullable = false
-}
-
variable "subnets_proxy_only" {
- description = "List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active."
+ description = "List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active."
type = list(object({
name = string
ip_cidr_range = string
region = string
description = optional(string)
active = bool
+ global = optional(bool, false)
}))
default = []
nullable = false
diff --git a/tests/modules/net_vpc/examples/proxy-only-subnets.yaml b/tests/modules/net_vpc/examples/proxy-only-subnets.yaml
index e5fd80065..6bfef20fc 100644
--- a/tests/modules/net_vpc/examples/proxy-only-subnets.yaml
+++ b/tests/modules/net_vpc/examples/proxy-only-subnets.yaml
@@ -16,15 +16,6 @@ values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
- module.vpc.google_compute_subnetwork.global_proxy_only["europe-west1/global-proxy"]:
- description: Terraform-managed global proxy-only subnet for cross-region Internal HTTPS LB.
- ip_cidr_range: 10.0.5.0/24
- log_config: []
- name: global-proxy
- project: my-project
- purpose: GLOBAL_MANAGED_PROXY
- region: europe-west1
- role: ACTIVE
module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]:
description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB.
ip_cidr_range: 10.0.1.0/24
@@ -34,6 +25,15 @@ values:
purpose: REGIONAL_MANAGED_PROXY
region: europe-west1
role: ACTIVE
+ module.vpc.google_compute_subnetwork.proxy_only["australia-southeast2/global-proxy"]:
+ description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB.
+ ip_cidr_range: 10.0.4.0/24
+ log_config: []
+ name: global-proxy
+ project: my-project
+ purpose: GLOBAL_MANAGED_PROXY
+ region: australia-southeast2
+ role: ACTIVE
module.vpc.google_compute_subnetwork.psc["europe-west1/psc"]:
description: Terraform-managed subnet for Private Service Connect (PSC NAT).
ip_cidr_range: 10.0.3.0/24
diff --git a/tools/.python-version b/tools/.python-version
new file mode 100644
index 000000000..dfea59949
--- /dev/null
+++ b/tools/.python-version
@@ -0,0 +1 @@
+lint