kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update VPN-HA module to tf1.3 (wip)

Browse Source
This commit is contained in:
Julio Castillo
2022-11-30 10:50:00 +01:00
parent f9f42729b4
commit 798d3a4136
20 changed files with 417 additions and 584 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
fast/stages/02-networking-nva/variables.tf
View File

@@ -235,10 +235,7 @@ variable "vpn_onprem_configs" {
})
peer_external_gateway = object({
redundancy_type = string
interfaces = list(object({
id = number
ip_address = string
}))
interfaces = list(string)
})
tunnels = list(object({
peer_asn = number
@@ -258,9 +255,7 @@ variable "vpn_onprem_configs" {
}
peer_external_gateway = {
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
interfaces = [
{ id = 0, ip_address = "8.8.8.8" },
]
interfaces = ["8.8.8.8"]
}
tunnels = [
{
@@ -288,9 +283,7 @@ variable "vpn_onprem_configs" {
}
peer_external_gateway = {
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
interfaces = [
{ id = 0, ip_address = "8.8.8.8" },
]
interfaces = ["8.8.8.8"]
}
tunnels = [
{

46
fast/stages/02-networking-nva/vpn-onprem.tf
View File

@@ -33,16 +33,19 @@ locals {
}
module "landing-to-onprem-ew1-vpn" {
count = local.enable_onprem_vpn ? 1 : 0
source = "../../../modules/net-vpn-ha"
project_id = module.landing-project.project_id
network = module.landing-trusted-vpc.self_link
region = "europe-west1"
name = "vpn-to-onprem-ew1"
router_create = true
router_name = "landing-onprem-vpn-ew1"
router_asn = var.router_configs.landing-trusted-ew1.asn
peer_external_gateway = var.vpn_onprem_configs.landing-trusted-ew1.peer_external_gateway
count = local.enable_onprem_vpn ? 1 : 0
source = "../../../modules/net-vpn-ha"
project_id = module.landing-project.project_id
network = module.landing-trusted-vpc.self_link
region = "europe-west1"
name = "vpn-to-onprem-ew1"
router_config = {
name = "landing-onprem-vpn-ew1"
asn = var.router_configs.landing-trusted-ew1.asn
}
peer_gateway = {
external = var.vpn_onprem_configs.landing-trusted-ew1.peer_external_gateway
}
tunnels = {
for t in var.vpn_onprem_configs.landing-trusted-ew1.tunnels :
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {
@@ -62,16 +65,19 @@ module "landing-to-onprem-ew1-vpn" {
}
module "landing-to-onprem-ew4-vpn" {
count = local.enable_onprem_vpn ? 1 : 0
source = "../../../modules/net-vpn-ha"
project_id = module.landing-project.project_id
network = module.landing-trusted-vpc.self_link
region = "europe-west4"
name = "vpn-to-onprem-ew4"
router_create = true
router_name = "landing-onprem-vpn-ew4"
router_asn = var.router_configs.landing-trusted-ew4.asn
peer_external_gateway = var.vpn_onprem_configs.landing-trusted-ew4.peer_external_gateway
count = local.enable_onprem_vpn ? 1 : 0
source = "../../../modules/net-vpn-ha"
project_id = module.landing-project.project_id
network = module.landing-trusted-vpc.self_link
region = "europe-west4"
name = "vpn-to-onprem-ew4"
router_config = {
name = "landing-onprem-vpn-ew4"
asn = var.router_configs.landing-trusted-ew4.asn
}
peer_gateway = {
external = var.vpn_onprem_configs.landing-trusted-ew4.peer_external_gateway
}
tunnels = {
for t in var.vpn_onprem_configs.landing-trusted-ew4.tunnels :
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {

9
fast/stages/02-networking-peering/variables.tf
View File

@@ -213,10 +213,7 @@ variable "vpn_onprem_configs" {
})
peer_external_gateway = object({
redundancy_type = string
interfaces = list(object({
id = number
ip_address = string
}))
interfaces = list(string)
})
tunnels = list(object({
peer_asn = number
@@ -236,9 +233,7 @@ variable "vpn_onprem_configs" {
}
peer_external_gateway = {
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
interfaces = [
{ id = 0, ip_address = "8.8.8.8" },
]
interfaces = ["8.8.8.8"]
}
tunnels = [
{

24
fast/stages/02-networking-peering/vpn-onprem.tf
View File

@@ -33,16 +33,19 @@ locals {
}
module "landing-to-onprem-ew1-vpn" {
count = local.enable_onprem_vpn ? 1 : 0
source = "../../../modules/net-vpn-ha"
project_id = module.landing-project.project_id
network = module.landing-vpc.self_link
region = "europe-west1"
name = "vpn-to-onprem-ew1"
router_create = true
router_name = "landing-onprem-vpn-ew1"
router_asn = var.router_onprem_configs.landing-ew1.asn
peer_external_gateway = var.vpn_onprem_configs.landing-ew1.peer_external_gateway
count = local.enable_onprem_vpn ? 1 : 0
source = "../../../modules/net-vpn-ha"
project_id = module.landing-project.project_id
network = module.landing-vpc.self_link
region = "europe-west1"
name = "vpn-to-onprem-ew1"
router_config = {
name = "landing-onprem-vpn-ew1"
asn = var.router_onprem_configs.landing-ew1.asn
}
peer_gateway = {
external = var.vpn_onprem_configs.landing-ew1.peer_external_gateway
}
tunnels = {
for t in var.vpn_onprem_configs.landing-ew1.tunnels :
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {
@@ -54,7 +57,6 @@ module "landing-to-onprem-ew1-vpn" {
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
ike_version = 2
peer_external_gateway_interface = t.peer_external_gateway_interface
router = null
shared_secret = t.secret
vpn_gateway_interface = t.vpn_gateway_interface
}

14
fast/stages/02-networking-separate-envs/variables.tf
View File

@@ -207,10 +207,7 @@ variable "vpn_onprem_configs" {
})
peer_external_gateway = object({
redundancy_type = string
interfaces = list(object({
id = number
ip_address = string
}))
interfaces = list(string)
})
tunnels = list(object({
peer_asn = number
@@ -230,9 +227,8 @@ variable "vpn_onprem_configs" {
}
peer_external_gateway = {
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
interfaces = [
{ id = 0, ip_address = "8.8.8.8" },
]
interfaces = ["8.8.8.8"]
}
tunnels = [
{
@@ -260,9 +256,7 @@ variable "vpn_onprem_configs" {
}
peer_external_gateway = {
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
interfaces = [
{ id = 0, ip_address = "8.8.8.8" },
]
interfaces = ["8.8.8.8"]
}
tunnels = [
{

24
fast/stages/02-networking-separate-envs/vpn-onprem-dev.tf
View File

@@ -33,16 +33,19 @@ locals {
}
module "dev-to-onprem-ew1-vpn" {
count = local.enable_onprem_vpn ? 1 : 0
source = "../../../modules/net-vpn-ha"
project_id = module.dev-spoke-project.project_id
network = module.dev-spoke-vpc.self_link
region = "europe-west1"
name = "vpn-to-onprem-ew1"
router_create = true
router_name = "dev-onprem-vpn-ew1"
router_asn = var.router_onprem_configs.dev-ew1.asn
peer_external_gateway = var.vpn_onprem_configs.dev-ew1.peer_external_gateway
count = local.enable_onprem_vpn ? 1 : 0
source = "../../../modules/net-vpn-ha"
project_id = module.dev-spoke-project.project_id
network = module.dev-spoke-vpc.self_link
region = "europe-west1"
name = "vpn-to-onprem-ew1"
router_config = {
name = "dev-onprem-vpn-ew1"
asn = var.router_onprem_configs.dev-ew1.asn
}
peer_gateway = {
external = var.vpn_onprem_configs.dev-ew1.peer_external_gateway
}
tunnels = {
for t in var.vpn_onprem_configs.dev-ew1.tunnels :
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {
@@ -54,7 +57,6 @@ module "dev-to-onprem-ew1-vpn" {
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
ike_version = 2
peer_external_gateway_interface = t.peer_external_gateway_interface
router = null
shared_secret = t.secret
vpn_gateway_interface = t.vpn_gateway_interface
}

24
fast/stages/02-networking-separate-envs/vpn-onprem-prod.tf
View File

@@ -17,16 +17,19 @@
# tfdoc:file:description VPN between prod and onprem.
module "prod-to-onprem-ew1-vpn" {
count = local.enable_onprem_vpn ? 1 : 0
source = "../../../modules/net-vpn-ha"
project_id = module.prod-spoke-project.project_id
network = module.prod-spoke-vpc.self_link
region = "europe-west1"
name = "vpn-to-onprem-ew1"
router_create = true
router_name = "prod-onprem-vpn-ew1"
router_asn = var.router_onprem_configs.prod-ew1.asn
peer_external_gateway = var.vpn_onprem_configs.prod-ew1.peer_external_gateway
count = local.enable_onprem_vpn ? 1 : 0
source = "../../../modules/net-vpn-ha"
project_id = module.prod-spoke-project.project_id
network = module.prod-spoke-vpc.self_link
region = "europe-west1"
name = "vpn-to-onprem-ew1"
router_config = {
name = "prod-onprem-vpn-ew1"
asn = var.router_onprem_configs.prod-ew1.asn
}
peer_gateway = {
external = var.vpn_onprem_configs.prod-ew1.peer_external_gateway
}
tunnels = {
for t in var.vpn_onprem_configs.prod-ew1.tunnels :
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {
@@ -38,7 +41,6 @@ module "prod-to-onprem-ew1-vpn" {
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
ike_version = 2
peer_external_gateway_interface = t.peer_external_gateway_interface
router = null
shared_secret = t.secret
vpn_gateway_interface = t.vpn_gateway_interface
}

9
fast/stages/02-networking-vpn/variables.tf
View File

@@ -213,10 +213,7 @@ variable "vpn_onprem_configs" {
})
peer_external_gateway = object({
redundancy_type = string
interfaces = list(object({
id = number
ip_address = string
}))
interfaces = list(string)
})
tunnels = list(object({
peer_asn = number
@@ -236,9 +233,7 @@ variable "vpn_onprem_configs" {
}
peer_external_gateway = {
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
interfaces = [
{ id = 0, ip_address = "8.8.8.8" },
]
interfaces = ["8.8.8.8"]
}
tunnels = [
{

24
fast/stages/02-networking-vpn/vpn-onprem.tf
View File

@@ -33,16 +33,19 @@ locals {
}
module "landing-to-onprem-ew1-vpn" {
count = local.enable_onprem_vpn ? 1 : 0
source = "../../../modules/net-vpn-ha"
project_id = module.landing-project.project_id
network = module.landing-vpc.self_link
region = "europe-west1"
name = "vpn-to-onprem-ew1"
router_create = true
router_name = "landing-onprem-vpn-ew1"
router_asn = var.router_onprem_configs.landing-ew1.asn
peer_external_gateway = var.vpn_onprem_configs.landing-ew1.peer_external_gateway
count = local.enable_onprem_vpn ? 1 : 0
source = "../../../modules/net-vpn-ha"
project_id = module.landing-project.project_id
network = module.landing-vpc.self_link
region = "europe-west1"
name = "vpn-to-onprem-ew1"
router_config = {
name = "landing-onprem-vpn-ew1"
asn = var.router_onprem_configs.landing-ew1.asn
}
peer_gateway = {
external = var.vpn_onprem_configs.landing-ew1.peer_external_gateway
}
tunnels = {
for t in var.vpn_onprem_configs.landing-ew1.tunnels :
"remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => {
@@ -54,7 +57,6 @@ module "landing-to-onprem-ew1-vpn" {
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
ike_version = 2
peer_external_gateway_interface = t.peer_external_gateway_interface
router = null
shared_secret = t.secret
vpn_gateway_interface = t.vpn_gateway_interface
}

61
fast/stages/02-networking-vpn/vpn-spoke-dev.tf
View File

@@ -39,11 +39,13 @@ module "landing-to-dev-ew1-vpn" {
network = module.landing-vpc.self_link
region = "europe-west1"
name = "vpn-to-dev-ew1"
# The router used for this VPN is managed in vpn-prod.tf
router_create = false
router_name = "landing-vpn-ew1"
router_asn = var.router_spoke_configs.landing-ew1.asn
peer_gcp_gateway = module.dev-to-landing-ew1-vpn.self_link
router_config = {
# The router used for this VPN is managed in vpn-prod.tf
create = false
name = "landing-vpn-ew1"
asn = var.router_spoke_configs.landing-ew1.asn
}
peer_gateway = { gcp = module.dev-to-landing-ew1-vpn.self_link }
tunnels = {
0 = {
bgp_peer = {
@@ -54,11 +56,8 @@ module "landing-to-dev-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.0/27", 2)
}/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = null
vpn_gateway_interface = 0
ike_version = 2
vpn_gateway_interface = 0
}
1 = {
bgp_peer = {
@@ -69,11 +68,8 @@ module "landing-to-dev-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.0/27", 6)
}/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = null
vpn_gateway_interface = 1
ike_version = 2
vpn_gateway_interface = 1
}
}
depends_on = [
@@ -82,15 +78,16 @@ module "landing-to-dev-ew1-vpn" {
}
module "dev-to-landing-ew1-vpn" {
source = "../../../modules/net-vpn-ha"
project_id = module.dev-spoke-project.project_id
network = module.dev-spoke-vpc.self_link
region = "europe-west1"
name = "vpn-to-landing-ew1"
router_create = true
router_name = "dev-spoke-vpn-ew1"
router_asn = var.router_spoke_configs.spoke-dev-ew1.asn
peer_gcp_gateway = module.landing-to-dev-ew1-vpn.self_link
source = "../../../modules/net-vpn-ha"
project_id = module.dev-spoke-project.project_id
network = module.dev-spoke-vpc.self_link
region = "europe-west1"
name = "vpn-to-landing-ew1"
router_config = {
name = "dev-spoke-vpn-ew1"
asn = var.router_spoke_configs.spoke-dev-ew1.asn
}
peer_gateway = { gcp = module.landing-to-dev-ew1-vpn.self_link }
tunnels = {
0 = {
bgp_peer = {
@@ -101,11 +98,9 @@ module "dev-to-landing-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.0/27", 1)
}/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = module.landing-to-dev-ew1-vpn.random_secret
vpn_gateway_interface = 0
ike_version = 2
shared_secret = module.landing-to-dev-ew1-vpn.random_secret
vpn_gateway_interface = 0
}
1 = {
bgp_peer = {
@@ -116,11 +111,9 @@ module "dev-to-landing-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.0/27", 5)
}/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = module.landing-to-dev-ew1-vpn.random_secret
vpn_gateway_interface = 1
ike_version = 2
shared_secret = module.landing-to-dev-ew1-vpn.random_secret
vpn_gateway_interface = 1
}
}
}

52
fast/stages/02-networking-vpn/vpn-spoke-prod-ew1.tf
View File

@@ -19,15 +19,16 @@
# local.vpn_spoke_bgp_peer_options is defined in the dev VPN file
module "landing-to-prod-ew1-vpn" {
source = "../../../modules/net-vpn-ha"
project_id = module.landing-project.project_id
network = module.landing-vpc.self_link
region = "europe-west1"
name = "vpn-to-prod-ew1"
router_create = true
router_name = "landing-vpn-ew1"
router_asn = var.router_spoke_configs.landing-ew1.asn
peer_gcp_gateway = module.prod-to-landing-ew1-vpn.self_link
source = "../../../modules/net-vpn-ha"
project_id = module.landing-project.project_id
network = module.landing-vpc.self_link
region = "europe-west1"
name = "vpn-to-prod-ew1"
router_config = {
name = "landing-vpn-ew1"
asn = var.router_spoke_configs.landing-ew1.asn
}
peer_gateway = { gcp = module.prod-to-landing-ew1-vpn.self_link }
tunnels = {
0 = {
bgp_peer = {
@@ -38,11 +39,8 @@ module "landing-to-prod-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.64/27", 2)
}/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = null
vpn_gateway_interface = 0
ike_version = 2
vpn_gateway_interface = 0
}
1 = {
bgp_peer = {
@@ -53,25 +51,23 @@ module "landing-to-prod-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.64/27", 6)
}/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = null
vpn_gateway_interface = 1
ike_version = 2
vpn_gateway_interface = 1
}
}
}
module "prod-to-landing-ew1-vpn" {
source = "../../../modules/net-vpn-ha"
project_id = module.prod-spoke-project.project_id
network = module.prod-spoke-vpc.self_link
region = "europe-west1"
name = "vpn-to-landing-ew1"
router_create = true
router_name = "prod-spoke-vpn-ew1"
router_asn = var.router_spoke_configs.spoke-prod-ew1.asn
peer_gcp_gateway = module.landing-to-prod-ew1-vpn.self_link
source = "../../../modules/net-vpn-ha"
project_id = module.prod-spoke-project.project_id
network = module.prod-spoke-vpc.self_link
region = "europe-west1"
name = "vpn-to-landing-ew1"
router_config = {
name = "prod-spoke-vpn-ew1"
asn = var.router_spoke_configs.spoke-prod-ew1.asn
}
peer_gateway = { gcp = module.landing-to-prod-ew1-vpn.self_link }
tunnels = {
0 = {
bgp_peer = {

68
fast/stages/02-networking-vpn/vpn-spoke-prod-ew4.tf
View File

@@ -19,15 +19,16 @@
# local.vpn_spoke_bgp_peer_options is defined in the dev VPN file
module "landing-to-prod-ew4-vpn" {
source = "../../../modules/net-vpn-ha"
project_id = module.landing-project.project_id
network = module.landing-vpc.self_link
region = "europe-west4"
name = "vpn-to-prod-ew4"
router_create = true
router_name = "landing-vpn-ew4"
router_asn = var.router_spoke_configs.landing-ew4.asn
peer_gcp_gateway = module.prod-to-landing-ew4-vpn.self_link
source = "../../../modules/net-vpn-ha"
project_id = module.landing-project.project_id
network = module.landing-vpc.self_link
region = "europe-west4"
name = "vpn-to-prod-ew4"
router_config = {
name = "landing-vpn-ew4"
asn = var.router_spoke_configs.landing-ew4.asn
}
peer_gateway = { gcp = module.prod-to-landing-ew4-vpn.self_link }
tunnels = {
0 = {
bgp_peer = {
@@ -38,11 +39,8 @@ module "landing-to-prod-ew4-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.96/27", 2)
}/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = null
vpn_gateway_interface = 0
ike_version = 2
vpn_gateway_interface = 0
}
1 = {
bgp_peer = {
@@ -53,25 +51,23 @@ module "landing-to-prod-ew4-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.96/27", 6)
}/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = null
vpn_gateway_interface = 1
ike_version = 2
vpn_gateway_interface = 1
}
}
}
module "prod-to-landing-ew4-vpn" {
source = "../../../modules/net-vpn-ha"
project_id = module.prod-spoke-project.project_id
network = module.prod-spoke-vpc.self_link
region = "europe-west4"
name = "vpn-to-landing-ew4"
router_create = true
router_name = "prod-spoke-vpn-ew4"
router_asn = var.router_spoke_configs.spoke-prod-ew4.asn
peer_gcp_gateway = module.landing-to-prod-ew4-vpn.self_link
source = "../../../modules/net-vpn-ha"
project_id = module.prod-spoke-project.project_id
network = module.prod-spoke-vpc.self_link
region = "europe-west4"
name = "vpn-to-landing-ew4"
router_config = {
name = "prod-spoke-vpn-ew4"
asn = var.router_spoke_configs.spoke-prod-ew4.asn
}
peer_gateway = { gcp = module.landing-to-prod-ew4-vpn.self_link }
tunnels = {
0 = {
bgp_peer = {
@@ -82,11 +78,9 @@ module "prod-to-landing-ew4-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.96/27", 1)
}/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = module.landing-to-prod-ew4-vpn.random_secret
vpn_gateway_interface = 0
ike_version = 2
shared_secret = module.landing-to-prod-ew4-vpn.random_secret
vpn_gateway_interface = 0
}
1 = {
bgp_peer = {
@@ -97,11 +91,9 @@ module "prod-to-landing-ew4-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.96/27", 5)
}/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = module.landing-to-prod-ew4-vpn.random_secret
vpn_gateway_interface = 1
ike_version = 2
shared_secret = module.landing-to-prod-ew4-vpn.random_secret
vpn_gateway_interface = 1
}
}
}