kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

allow configuring dns zone names in FAST networking stages (#3021)

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2025-04-09 18:53:20 +02:00
committed by GitHub
parent b2e26e50ae
commit 7b993cd2f1
14 changed files with 57 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
fast/stages/2-networking-a-simple/README.md
View File

@@ -505,18 +505,18 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [prefix](variables-fast.tf#L76) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> | | [prefix](variables-fast.tf#L76) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | <code title="object&#40;&#123;&#10; vpn_tunnel_established &#61; optional&#40;object&#40;&#123;&#10; auto_close &#61; optional&#40;string, null&#41;&#10; duration &#61; optional&#40;string, &#34;120s&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; notification_channels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; user_labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10; vpn_tunnel_bandwidth &#61; optional&#40;object&#40;&#123;&#10; auto_close &#61; optional&#40;string, null&#41;&#10; duration &#61; optional&#40;string, &#34;120s&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; notification_channels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; threshold_mbys &#61; optional&#40;string, &#34;187.5&#34;&#41;&#10; user_labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; vpn_tunnel_established &#61; &#123;&#125;&#10; vpn_tunnel_bandwidth &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> | | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | <code title="object&#40;&#123;&#10; vpn_tunnel_established &#61; optional&#40;object&#40;&#123;&#10; auto_close &#61; optional&#40;string, null&#41;&#10; duration &#61; optional&#40;string, &#34;120s&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; notification_channels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; user_labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10; vpn_tunnel_bandwidth &#61; optional&#40;object&#40;&#123;&#10; auto_close &#61; optional&#40;string, null&#41;&#10; duration &#61; optional&#40;string, &#34;120s&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; notification_channels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; threshold_mbys &#61; optional&#40;string, &#34;187.5&#34;&#41;&#10; user_labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; vpn_tunnel_established &#61; &#123;&#125;&#10; vpn_tunnel_bandwidth &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> | |
| [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | <code title="object&#40;&#123;&#10; project_iam_viewer &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | <code>0-bootstrap</code> | | [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | <code title="object&#40;&#123;&#10; project_iam_viewer &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | <code>0-bootstrap</code> |
| [dns](variables.tf#L42) | DNS configuration. | <code title="object&#40;&#123;&#10; resolvers &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | | [dns](variables.tf#L42) | DNS configuration. | <code title="object&#40;&#123;&#10; gcp_domain &#61; optional&#40;string, &#34;gcp.example.com&#34;&#41;&#10; onprem_domain &#61; optional&#40;string, &#34;onprem.example.com&#34;&#41;&#10; resolvers &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | |
| [essential_contacts](variables.tf#L51) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | | | [essential_contacts](variables.tf#L53) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | |
| [factories_config](variables.tf#L57) | Configuration for network resource factories. | <code title="object&#40;&#123;&#10; dashboards &#61; optional&#40;string, &#34;data&#47;dashboards&#34;&#41;&#10; dns_policy_rules &#61; optional&#40;string, &#34;data&#47;dns-policy-rules.yaml&#34;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; cidr_file &#61; optional&#40;string, &#34;data&#47;cidrs.yaml&#34;&#41;&#10; classic_rules &#61; optional&#40;string, &#34;data&#47;firewall-rules&#34;&#41;&#10; hierarchical &#61; optional&#40;object&#40;&#123;&#10; egress_rules &#61; optional&#40;string, &#34;data&#47;hierarchical-egress-rules.yaml&#34;&#41;&#10; ingress_rules &#61; optional&#40;string, &#34;data&#47;hierarchical-ingress-rules.yaml&#34;&#41;&#10; policy_name &#61; optional&#40;string, &#34;net-default&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; policy_rules &#61; optional&#40;string, &#34;data&#47;firewall-policies&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; subnets &#61; optional&#40;string, &#34;data&#47;subnets&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | | [factories_config](variables.tf#L59) | Configuration for network resource factories. | <code title="object&#40;&#123;&#10; dashboards &#61; optional&#40;string, &#34;data&#47;dashboards&#34;&#41;&#10; dns_policy_rules &#61; optional&#40;string, &#34;data&#47;dns-policy-rules.yaml&#34;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; cidr_file &#61; optional&#40;string, &#34;data&#47;cidrs.yaml&#34;&#41;&#10; classic_rules &#61; optional&#40;string, &#34;data&#47;firewall-rules&#34;&#41;&#10; hierarchical &#61; optional&#40;object&#40;&#123;&#10; egress_rules &#61; optional&#40;string, &#34;data&#47;hierarchical-egress-rules.yaml&#34;&#41;&#10; ingress_rules &#61; optional&#40;string, &#34;data&#47;hierarchical-ingress-rules.yaml&#34;&#41;&#10; policy_name &#61; optional&#40;string, &#34;net-default&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; policy_rules &#61; optional&#40;string, &#34;data&#47;firewall-policies&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; subnets &#61; optional&#40;string, &#34;data&#47;subnets&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | |
| [outputs_location](variables.tf#L78) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | | | [outputs_location](variables.tf#L80) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
| [psa_ranges](variables.tf#L84) | IP ranges used for Private Service Access (CloudSQL, etc.). | <code title="object&#40;&#123;&#10; dev &#61; optional&#40;list&#40;object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10; peered_domains &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; prod &#61; optional&#40;list&#40;object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10; peered_domains &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | | [psa_ranges](variables.tf#L86) | IP ranges used for Private Service Access (CloudSQL, etc.). | <code title="object&#40;&#123;&#10; dev &#61; optional&#40;list&#40;object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10; peered_domains &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; prod &#61; optional&#40;list&#40;object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10; peered_domains &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | |
| [regions](variables.tf#L104) | Region definitions. | <code title="object&#40;&#123;&#10; primary &#61; string&#10; secondary &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; primary &#61; &#34;europe-west1&#34;&#10; secondary &#61; &#34;europe-west4&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | | [regions](variables.tf#L106) | Region definitions. | <code title="object&#40;&#123;&#10; primary &#61; string&#10; secondary &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; primary &#61; &#34;europe-west1&#34;&#10; secondary &#61; &#34;europe-west4&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | |
| [security_profile_groups](variables-fast.tf#L86) | Security profile group ids used for policy rule substitutions. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | <code>2-networking-ngfw</code> | | [security_profile_groups](variables-fast.tf#L86) | Security profile group ids used for policy rule substitutions. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | <code>2-networking-ngfw</code> |
| [spoke_configs](variables.tf#L116) | Spoke connectivity configurations. | <code title="object&#40;&#123;&#10; ncc_configs &#61; optional&#40;object&#40;&#123;&#10; export_psc &#61; optional&#40;bool, true&#41;&#10; dev &#61; optional&#40;object&#40;&#123;&#10; exclude_export_ranges &#61; list&#40;string&#41;&#10; &#125;&#41;, &#123;&#10; exclude_export_ranges &#61; &#91;&#93;&#10; &#125;&#41;&#10; prod &#61; optional&#40;object&#40;&#123;&#10; exclude_export_ranges &#61; list&#40;string&#41;&#10; &#125;&#41;, &#123;&#10; exclude_export_ranges &#61; &#91;&#93;&#10; &#125;&#41;&#10; &#125;&#41;&#41;&#10; peering_configs &#61; optional&#40;object&#40;&#123;&#10; dev &#61; optional&#40;object&#40;&#123;&#10; export &#61; optional&#40;bool, true&#41;&#10; import &#61; optional&#40;bool, true&#41;&#10; public_export &#61; optional&#40;bool&#41;&#10; public_import &#61; optional&#40;bool&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; prod &#61; optional&#40;object&#40;&#123;&#10; export &#61; optional&#40;bool, true&#41;&#10; import &#61; optional&#40;bool, true&#41;&#10; public_export &#61; optional&#40;bool&#41;&#10; public_import &#61; optional&#40;bool&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10; vpn_configs &#61; optional&#40;object&#40;&#123;&#10; dev &#61; optional&#40;object&#40;&#123;&#10; asn &#61; optional&#40;number, 65501&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; landing &#61; optional&#40;object&#40;&#123;&#10; asn &#61; optional&#40;number, 65500&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; prod &#61; optional&#40;object&#40;&#123;&#10; asn &#61; optional&#40;number, 65502&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; peering_configs &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> | | | [spoke_configs](variables.tf#L118) | Spoke connectivity configurations. | <code title="object&#40;&#123;&#10; ncc_configs &#61; optional&#40;object&#40;&#123;&#10; export_psc &#61; optional&#40;bool, true&#41;&#10; dev &#61; optional&#40;object&#40;&#123;&#10; exclude_export_ranges &#61; list&#40;string&#41;&#10; &#125;&#41;, &#123;&#10; exclude_export_ranges &#61; &#91;&#93;&#10; &#125;&#41;&#10; prod &#61; optional&#40;object&#40;&#123;&#10; exclude_export_ranges &#61; list&#40;string&#41;&#10; &#125;&#41;, &#123;&#10; exclude_export_ranges &#61; &#91;&#93;&#10; &#125;&#41;&#10; &#125;&#41;&#41;&#10; peering_configs &#61; optional&#40;object&#40;&#123;&#10; dev &#61; optional&#40;object&#40;&#123;&#10; export &#61; optional&#40;bool, true&#41;&#10; import &#61; optional&#40;bool, true&#41;&#10; public_export &#61; optional&#40;bool&#41;&#10; public_import &#61; optional&#40;bool&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; prod &#61; optional&#40;object&#40;&#123;&#10; export &#61; optional&#40;bool, true&#41;&#10; import &#61; optional&#40;bool, true&#41;&#10; public_export &#61; optional&#40;bool&#41;&#10; public_import &#61; optional&#40;bool&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10; vpn_configs &#61; optional&#40;object&#40;&#123;&#10; dev &#61; optional&#40;object&#40;&#123;&#10; asn &#61; optional&#40;number, 65501&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; landing &#61; optional&#40;object&#40;&#123;&#10; asn &#61; optional&#40;number, 65500&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; prod &#61; optional&#40;object&#40;&#123;&#10; asn &#61; optional&#40;number, 65502&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; peering_configs &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> | |
| [stage_config](variables-fast.tf#L94) | FAST stage configuration. | <code title="object&#40;&#123;&#10; networking &#61; optional&#40;object&#40;&#123;&#10; short_name &#61; optional&#40;string&#41;&#10; iam_admin_delegated &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_viewer &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | <code>1-resman</code> | | [stage_config](variables-fast.tf#L94) | FAST stage configuration. | <code title="object&#40;&#123;&#10; networking &#61; optional&#40;object&#40;&#123;&#10; short_name &#61; optional&#40;string&#41;&#10; iam_admin_delegated &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_viewer &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | <code>1-resman</code> |
| [tag_values](variables-fast.tf#L108) | Root-level tag values. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | <code>1-resman</code> | | [tag_values](variables-fast.tf#L108) | Root-level tag values. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | <code>1-resman</code> |
| [vpc_configs](variables.tf#L185) | Optional VPC network configurations. | <code title="object&#40;&#123;&#10; dev &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; cloudnat &#61; optional&#40;object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; landing &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; cloudnat &#61; optional&#40;object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; prod &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; cloudnat &#61; optional&#40;object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | | [vpc_configs](variables.tf#L187) | Optional VPC network configurations. | <code title="object&#40;&#123;&#10; dev &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; cloudnat &#61; optional&#40;object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; landing &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; cloudnat &#61; optional&#40;object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; prod &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; cloudnat &#61; optional&#40;object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | |
| [vpn_onprem_primary_config](variables.tf#L238) | VPN gateway configuration for onprem interconnection in the primary region. | <code title="object&#40;&#123;&#10; peer_external_gateways &#61; map&#40;object&#40;&#123;&#10; redundancy_type &#61; string&#10; interfaces &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; router_config &#61; object&#40;&#123;&#10; create &#61; optional&#40;bool, true&#41;&#10; asn &#61; number&#10; name &#61; optional&#40;string&#41;&#10; keepalive &#61; optional&#40;number&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; tunnels &#61; map&#40;object&#40;&#123;&#10; bgp_peer &#61; object&#40;&#123;&#10; address &#61; string&#10; asn &#61; number&#10; route_priority &#61; optional&#40;number, 1000&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; all_vpc_subnets &#61; bool&#10; all_peer_vpc_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; bgp_session_range &#61; string&#10; ike_version &#61; optional&#40;number, 2&#41;&#10; peer_external_gateway_interface &#61; optional&#40;number&#41;&#10; peer_gateway &#61; optional&#40;string, &#34;default&#34;&#41;&#10; router &#61; optional&#40;string&#41;&#10; shared_secret &#61; optional&#40;string&#41;&#10; vpn_gateway_interface &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | | [vpn_onprem_primary_config](variables.tf#L240) | VPN gateway configuration for onprem interconnection in the primary region. | <code title="object&#40;&#123;&#10; peer_external_gateways &#61; map&#40;object&#40;&#123;&#10; redundancy_type &#61; string&#10; interfaces &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; router_config &#61; object&#40;&#123;&#10; create &#61; optional&#40;bool, true&#41;&#10; asn &#61; number&#10; name &#61; optional&#40;string&#41;&#10; keepalive &#61; optional&#40;number&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; tunnels &#61; map&#40;object&#40;&#123;&#10; bgp_peer &#61; object&#40;&#123;&#10; address &#61; string&#10; asn &#61; number&#10; route_priority &#61; optional&#40;number, 1000&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; all_vpc_subnets &#61; bool&#10; all_peer_vpc_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; bgp_session_range &#61; string&#10; ike_version &#61; optional&#40;number, 2&#41;&#10; peer_external_gateway_interface &#61; optional&#40;number&#41;&#10; peer_gateway &#61; optional&#40;string, &#34;default&#34;&#41;&#10; router &#61; optional&#40;string&#41;&#10; shared_secret &#61; optional&#40;string&#41;&#10; vpn_gateway_interface &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | |
## Outputs ## Outputs

4
fast/stages/2-networking-a-simple/dns-dev.tf
View File

@@ -21,9 +21,9 @@
module "dev-dns-priv-example" { module "dev-dns-priv-example" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = module.dev-spoke-project.project_id project_id = module.dev-spoke-project.project_id
name = "dev-gcp-example-com" name = "dev-${replace(var.dns.gcp_domain, ".", "-")}"
zone_config = { zone_config = {
domain = "dev.gcp.example.com." domain = "dev.${var.dns.gcp_domain}."
private = { private = {
client_networks = [module.landing-vpc.self_link] client_networks = [module.landing-vpc.self_link]
} }

8
fast/stages/2-networking-a-simple/dns-landing.tf
View File

@@ -22,9 +22,9 @@ module "landing-dns-fwd-onprem-example" {
source = "../../../modules/dns" source = "../../../modules/dns"
count = length(var.dns.resolvers) > 0 ? 1 : 0 count = length(var.dns.resolvers) > 0 ? 1 : 0
project_id = module.landing-project.project_id project_id = module.landing-project.project_id
name = "example-com" name = replace(var.dns.onprem_domain, ".", "-")
zone_config = { zone_config = {
domain = "onprem.example.com." domain = "${var.dns.onprem_domain}."
forwarding = { forwarding = {
client_networks = [module.landing-vpc.self_link] client_networks = [module.landing-vpc.self_link]
forwarders = { for ip in var.dns.resolvers : ip => null } forwarders = { for ip in var.dns.resolvers : ip => null }
@@ -49,9 +49,9 @@ module "landing-dns-fwd-onprem-rev-10" {
module "landing-dns-priv-gcp" { module "landing-dns-priv-gcp" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = module.landing-project.project_id project_id = module.landing-project.project_id
name = "gcp-example-com" name = replace(var.dns.gcp_domain, ".", "-")
zone_config = { zone_config = {
domain = "gcp.example.com." domain = "${var.dns.gcp_domain}."
private = { private = {
client_networks = [module.landing-vpc.self_link] client_networks = [module.landing-vpc.self_link]
} }

4
fast/stages/2-networking-a-simple/dns-prod.tf
View File

@@ -21,9 +21,9 @@
module "prod-dns-priv-example" { module "prod-dns-priv-example" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = module.prod-spoke-project.project_id project_id = module.prod-spoke-project.project_id
name = "prod-gcp-example-com" name = "prod-${replace(var.dns.gcp_domain, ".", "-")}"
zone_config = { zone_config = {
domain = "prod.gcp.example.com." domain = "prod.${var.dns.gcp_domain}."
private = { private = {
client_networks = [module.landing-vpc.self_link] client_networks = [module.landing-vpc.self_link]
} }

4
fast/stages/2-networking-a-simple/variables.tf
View File

@@ -42,7 +42,9 @@ variable "alert_config" {
variable "dns" { variable "dns" {
description = "DNS configuration." description = "DNS configuration."
type = object({ type = object({
resolvers = optional(list(string), []) gcp_domain = optional(string, "gcp.example.com")
onprem_domain = optional(string, "onprem.example.com")
resolvers = optional(list(string), [])
}) })
default = {} default = {}
nullable = false nullable = false

22
fast/stages/2-networking-b-nva/README.md
View File

@@ -566,20 +566,20 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [prefix](variables-fast.tf#L76) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> | | [prefix](variables-fast.tf#L76) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | <code title="object&#40;&#123;&#10; vpn_tunnel_established &#61; optional&#40;object&#40;&#123;&#10; auto_close &#61; optional&#40;string, null&#41;&#10; duration &#61; optional&#40;string, &#34;120s&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; notification_channels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; user_labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10; vpn_tunnel_bandwidth &#61; optional&#40;object&#40;&#123;&#10; auto_close &#61; optional&#40;string, null&#41;&#10; duration &#61; optional&#40;string, &#34;120s&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; notification_channels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; threshold_mbys &#61; optional&#40;string, &#34;187.5&#34;&#41;&#10; user_labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; vpn_tunnel_established &#61; &#123;&#125;&#10; vpn_tunnel_bandwidth &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> | | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | <code title="object&#40;&#123;&#10; vpn_tunnel_established &#61; optional&#40;object&#40;&#123;&#10; auto_close &#61; optional&#40;string, null&#41;&#10; duration &#61; optional&#40;string, &#34;120s&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; notification_channels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; user_labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10; vpn_tunnel_bandwidth &#61; optional&#40;object&#40;&#123;&#10; auto_close &#61; optional&#40;string, null&#41;&#10; duration &#61; optional&#40;string, &#34;120s&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; notification_channels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; threshold_mbys &#61; optional&#40;string, &#34;187.5&#34;&#41;&#10; user_labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; vpn_tunnel_established &#61; &#123;&#125;&#10; vpn_tunnel_bandwidth &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> | |
| [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | <code title="object&#40;&#123;&#10; project_iam_viewer &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | <code>0-bootstrap</code> | | [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | <code title="object&#40;&#123;&#10; project_iam_viewer &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | <code>0-bootstrap</code> |
| [dns](variables.tf#L42) | DNS configuration. | <code title="object&#40;&#123;&#10; resolvers &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | | [dns](variables.tf#L42) | DNS configuration. | <code title="object&#40;&#123;&#10; gcp_domain &#61; optional&#40;string, &#34;gcp.example.com&#34;&#41;&#10; onprem_domain &#61; optional&#40;string, &#34;onprem.example.com&#34;&#41;&#10; resolvers &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | |
| [essential_contacts](variables.tf#L51) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | | | [essential_contacts](variables.tf#L53) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | |
| [factories_config](variables.tf#L57) | Configuration for network resource factories. | <code title="object&#40;&#123;&#10; dashboards &#61; optional&#40;string, &#34;data&#47;dashboards&#34;&#41;&#10; dns_policy_rules &#61; optional&#40;string, &#34;data&#47;dns-policy-rules.yaml&#34;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; cidr_file &#61; optional&#40;string, &#34;data&#47;cidrs.yaml&#34;&#41;&#10; classic_rules &#61; optional&#40;string, &#34;data&#47;firewall-rules&#34;&#41;&#10; hierarchical &#61; optional&#40;object&#40;&#123;&#10; egress_rules &#61; optional&#40;string, &#34;data&#47;hierarchical-egress-rules.yaml&#34;&#41;&#10; ingress_rules &#61; optional&#40;string, &#34;data&#47;hierarchical-ingress-rules.yaml&#34;&#41;&#10; policy_name &#61; optional&#40;string, &#34;net-default&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; policy_rules &#61; optional&#40;string, &#34;data&#47;firewall-policies&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; subnets &#61; optional&#40;string, &#34;data&#47;subnets&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | | [factories_config](variables.tf#L59) | Configuration for network resource factories. | <code title="object&#40;&#123;&#10; dashboards &#61; optional&#40;string, &#34;data&#47;dashboards&#34;&#41;&#10; dns_policy_rules &#61; optional&#40;string, &#34;data&#47;dns-policy-rules.yaml&#34;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; cidr_file &#61; optional&#40;string, &#34;data&#47;cidrs.yaml&#34;&#41;&#10; classic_rules &#61; optional&#40;string, &#34;data&#47;firewall-rules&#34;&#41;&#10; hierarchical &#61; optional&#40;object&#40;&#123;&#10; egress_rules &#61; optional&#40;string, &#34;data&#47;hierarchical-egress-rules.yaml&#34;&#41;&#10; ingress_rules &#61; optional&#40;string, &#34;data&#47;hierarchical-ingress-rules.yaml&#34;&#41;&#10; policy_name &#61; optional&#40;string, &#34;net-default&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; policy_rules &#61; optional&#40;string, &#34;data&#47;firewall-policies&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; subnets &#61; optional&#40;string, &#34;data&#47;subnets&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | |
| [gcp_ranges](variables.tf#L78) | GCP address ranges in name => range format. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; gcp_dev_primary &#61; &#34;10.68.0.0&#47;16&#34;&#10; gcp_dev_secondary &#61; &#34;10.84.0.0&#47;16&#34;&#10; gcp_regional_vpc_primary &#61; &#34;10.65.0.0&#47;17&#34;&#10; gcp_regional_vpc_secondary &#61; &#34;10.81.0.0&#47;17&#34;&#10; gcp_landing_primary &#61; &#34;10.64.0.0&#47;17&#34;&#10; gcp_landing_secondary &#61; &#34;10.80.0.0&#47;17&#34;&#10; gcp_dmz_primary &#61; &#34;10.64.128.0&#47;17&#34;&#10; gcp_dmz_secondary &#61; &#34;10.80.128.0&#47;17&#34;&#10; gcp_prod_primary &#61; &#34;10.72.0.0&#47;16&#34;&#10; gcp_prod_secondary &#61; &#34;10.88.0.0&#47;16&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | | [gcp_ranges](variables.tf#L80) | GCP address ranges in name => range format. | <code>map&#40;string&#41;</code> | | <code title="&#123;&#10; gcp_dev_primary &#61; &#34;10.68.0.0&#47;16&#34;&#10; gcp_dev_secondary &#61; &#34;10.84.0.0&#47;16&#34;&#10; gcp_regional_vpc_primary &#61; &#34;10.65.0.0&#47;17&#34;&#10; gcp_regional_vpc_secondary &#61; &#34;10.81.0.0&#47;17&#34;&#10; gcp_landing_primary &#61; &#34;10.64.0.0&#47;17&#34;&#10; gcp_landing_secondary &#61; &#34;10.80.0.0&#47;17&#34;&#10; gcp_dmz_primary &#61; &#34;10.64.128.0&#47;17&#34;&#10; gcp_dmz_secondary &#61; &#34;10.80.128.0&#47;17&#34;&#10; gcp_prod_primary &#61; &#34;10.72.0.0&#47;16&#34;&#10; gcp_prod_secondary &#61; &#34;10.88.0.0&#47;16&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | |
| [network_mode](variables.tf#L95) | Selection of the network design to deploy. | <code>string</code> | | <code>&#34;simple&#34;</code> | | | [network_mode](variables.tf#L97) | Selection of the network design to deploy. | <code>string</code> | | <code>&#34;simple&#34;</code> | |
| [outputs_location](variables.tf#L106) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | | | [outputs_location](variables.tf#L108) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
| [psa_ranges](variables.tf#L112) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | <code title="object&#40;&#123;&#10; dev &#61; optional&#40;list&#40;object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10; peered_domains &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; prod &#61; optional&#40;list&#40;object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10; peered_domains &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | | [psa_ranges](variables.tf#L114) | IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. | <code title="object&#40;&#123;&#10; dev &#61; optional&#40;list&#40;object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10; peered_domains &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; prod &#61; optional&#40;list&#40;object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10; peered_domains &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | |
| [regions](variables.tf#L132) | Region definitions. | <code title="object&#40;&#123;&#10; primary &#61; string&#10; secondary &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; primary &#61; &#34;europe-west1&#34;&#10; secondary &#61; &#34;europe-west4&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | | [regions](variables.tf#L134) | Region definitions. | <code title="object&#40;&#123;&#10; primary &#61; string&#10; secondary &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; primary &#61; &#34;europe-west1&#34;&#10; secondary &#61; &#34;europe-west4&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | |
| [security_profile_groups](variables-fast.tf#L86) | Security profile group ids used for policy rule substitutions. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | <code>2-networking-ngfw</code> | | [security_profile_groups](variables-fast.tf#L86) | Security profile group ids used for policy rule substitutions. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | <code>2-networking-ngfw</code> |
| [stage_config](variables-fast.tf#L94) | FAST stage configuration. | <code title="object&#40;&#123;&#10; networking &#61; optional&#40;object&#40;&#123;&#10; short_name &#61; optional&#40;string&#41;&#10; iam_admin_delegated &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_viewer &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | <code>1-resman</code> | | [stage_config](variables-fast.tf#L94) | FAST stage configuration. | <code title="object&#40;&#123;&#10; networking &#61; optional&#40;object&#40;&#123;&#10; short_name &#61; optional&#40;string&#41;&#10; iam_admin_delegated &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_viewer &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | <code>1-resman</code> |
| [tag_values](variables-fast.tf#L108) | Root-level tag values. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | <code>1-resman</code> | | [tag_values](variables-fast.tf#L108) | Root-level tag values. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | <code>1-resman</code> |
| [vpc_configs](variables.tf#L144) | Optional VPC network configurations. | <code title="object&#40;&#123;&#10; dev &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dmz &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; cloudnat &#61; optional&#40;object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; landing &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; prod &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; regional_primary &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; regional_secondary &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | | [vpc_configs](variables.tf#L146) | Optional VPC network configurations. | <code title="object&#40;&#123;&#10; dev &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dmz &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; cloudnat &#61; optional&#40;object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; landing &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; prod &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; regional_primary &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; regional_secondary &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | |
| [vpn_onprem_primary_config](variables.tf#L227) | VPN gateway configuration for onprem interconnection in the primary region. | <code title="object&#40;&#123;&#10; peer_external_gateways &#61; map&#40;object&#40;&#123;&#10; redundancy_type &#61; string&#10; interfaces &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; router_config &#61; object&#40;&#123;&#10; create &#61; optional&#40;bool, true&#41;&#10; asn &#61; number&#10; name &#61; optional&#40;string&#41;&#10; keepalive &#61; optional&#40;number&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; tunnels &#61; map&#40;object&#40;&#123;&#10; bgp_peer &#61; object&#40;&#123;&#10; address &#61; string&#10; asn &#61; number&#10; route_priority &#61; optional&#40;number, 1000&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; all_vpc_subnets &#61; bool&#10; all_peer_vpc_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; bgp_session_range &#61; string&#10; ike_version &#61; optional&#40;number, 2&#41;&#10; peer_external_gateway_interface &#61; optional&#40;number&#41;&#10; peer_gateway &#61; optional&#40;string, &#34;default&#34;&#41;&#10; router &#61; optional&#40;string&#41;&#10; shared_secret &#61; optional&#40;string&#41;&#10; vpn_gateway_interface &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | | [vpn_onprem_primary_config](variables.tf#L229) | VPN gateway configuration for onprem interconnection in the primary region. | <code title="object&#40;&#123;&#10; peer_external_gateways &#61; map&#40;object&#40;&#123;&#10; redundancy_type &#61; string&#10; interfaces &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; router_config &#61; object&#40;&#123;&#10; create &#61; optional&#40;bool, true&#41;&#10; asn &#61; number&#10; name &#61; optional&#40;string&#41;&#10; keepalive &#61; optional&#40;number&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; tunnels &#61; map&#40;object&#40;&#123;&#10; bgp_peer &#61; object&#40;&#123;&#10; address &#61; string&#10; asn &#61; number&#10; route_priority &#61; optional&#40;number, 1000&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; all_vpc_subnets &#61; bool&#10; all_peer_vpc_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; bgp_session_range &#61; string&#10; ike_version &#61; optional&#40;number, 2&#41;&#10; peer_external_gateway_interface &#61; optional&#40;number&#41;&#10; peer_gateway &#61; optional&#40;string, &#34;default&#34;&#41;&#10; router &#61; optional&#40;string&#41;&#10; shared_secret &#61; optional&#40;string&#41;&#10; vpn_gateway_interface &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | |
| [vpn_onprem_secondary_config](variables.tf#L270) | VPN gateway configuration for onprem interconnection in the secondary region. | <code title="object&#40;&#123;&#10; peer_external_gateways &#61; map&#40;object&#40;&#123;&#10; redundancy_type &#61; string&#10; interfaces &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; router_config &#61; object&#40;&#123;&#10; create &#61; optional&#40;bool, true&#41;&#10; asn &#61; number&#10; name &#61; optional&#40;string&#41;&#10; keepalive &#61; optional&#40;number&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; tunnels &#61; map&#40;object&#40;&#123;&#10; bgp_peer &#61; object&#40;&#123;&#10; address &#61; string&#10; asn &#61; number&#10; route_priority &#61; optional&#40;number, 1000&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; all_vpc_subnets &#61; bool&#10; all_peer_vpc_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; bgp_session_range &#61; string&#10; ike_version &#61; optional&#40;number, 2&#41;&#10; peer_external_gateway_interface &#61; optional&#40;number&#41;&#10; peer_gateway &#61; optional&#40;string, &#34;default&#34;&#41;&#10; router &#61; optional&#40;string&#41;&#10; shared_secret &#61; optional&#40;string&#41;&#10; vpn_gateway_interface &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | | [vpn_onprem_secondary_config](variables.tf#L272) | VPN gateway configuration for onprem interconnection in the secondary region. | <code title="object&#40;&#123;&#10; peer_external_gateways &#61; map&#40;object&#40;&#123;&#10; redundancy_type &#61; string&#10; interfaces &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; router_config &#61; object&#40;&#123;&#10; create &#61; optional&#40;bool, true&#41;&#10; asn &#61; number&#10; name &#61; optional&#40;string&#41;&#10; keepalive &#61; optional&#40;number&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; tunnels &#61; map&#40;object&#40;&#123;&#10; bgp_peer &#61; object&#40;&#123;&#10; address &#61; string&#10; asn &#61; number&#10; route_priority &#61; optional&#40;number, 1000&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; all_vpc_subnets &#61; bool&#10; all_peer_vpc_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; bgp_session_range &#61; string&#10; ike_version &#61; optional&#40;number, 2&#41;&#10; peer_external_gateway_interface &#61; optional&#40;number&#41;&#10; peer_gateway &#61; optional&#40;string, &#34;default&#34;&#41;&#10; router &#61; optional&#40;string&#41;&#10; shared_secret &#61; optional&#40;string&#41;&#10; vpn_gateway_interface &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | |
## Outputs ## Outputs

4
fast/stages/2-networking-b-nva/dns-dev.tf
View File

@@ -21,9 +21,9 @@
module "dev-dns-priv-example" { module "dev-dns-priv-example" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = module.dev-spoke-project.project_id project_id = module.dev-spoke-project.project_id
name = "dev-gcp-example-com" name = "dev-${replace(var.dns.gcp_domain, ".", "-")}"
zone_config = { zone_config = {
domain = "dev.gcp.example.com." domain = "dev.${var.dns.gcp_domain}."
private = { private = {
client_networks = [ client_networks = [
# module.dmz-vpc.self_link # module.dmz-vpc.self_link

8
fast/stages/2-networking-b-nva/dns-landing.tf
View File

@@ -22,9 +22,9 @@ module "landing-dns-fwd-onprem-example" {
source = "../../../modules/dns" source = "../../../modules/dns"
count = length(var.dns.resolvers) > 0 ? 1 : 0 count = length(var.dns.resolvers) > 0 ? 1 : 0
project_id = module.landing-project.project_id project_id = module.landing-project.project_id
name = "example-com" name = replace(var.dns.onprem_domain, ".", "-")
zone_config = { zone_config = {
domain = "onprem.example.com." domain = "${var.dns.onprem_domain}."
forwarding = { forwarding = {
client_networks = concat( client_networks = concat(
[ [
@@ -69,9 +69,9 @@ module "landing-dns-fwd-onprem-rev-10" {
module "landing-dns-priv-gcp" { module "landing-dns-priv-gcp" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = module.landing-project.project_id project_id = module.landing-project.project_id
name = "gcp-example-com" name = replace(var.dns.gcp_domain, ".", "-")
zone_config = { zone_config = {
domain = "gcp.example.com." domain = "${var.dns.gcp_domain}."
private = { private = {
client_networks = concat( client_networks = concat(
[ [

4
fast/stages/2-networking-b-nva/dns-prod.tf
View File

@@ -21,9 +21,9 @@
module "prod-dns-priv-example" { module "prod-dns-priv-example" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = module.prod-spoke-project.project_id project_id = module.prod-spoke-project.project_id
name = "prod-gcp-example-com" name = "prod-${replace(var.dns.gcp_domain, ".", "-")}"
zone_config = { zone_config = {
domain = "prod.gcp.example.com." domain = "prod.${var.dns.gcp_domain}."
private = { private = {
client_networks = [ client_networks = [
# module.dmz-vpc.self_link # module.dmz-vpc.self_link

4
fast/stages/2-networking-b-nva/variables.tf
View File

@@ -42,7 +42,9 @@ variable "alert_config" {
variable "dns" { variable "dns" {
description = "DNS configuration." description = "DNS configuration."
type = object({ type = object({
resolvers = optional(list(string), []) gcp_domain = optional(string, "gcp.example.com")
onprem_domain = optional(string, "onprem.example.com")
resolvers = optional(list(string), [])
}) })
default = {} default = {}
nullable = false nullable = false

18
fast/stages/2-networking-c-separate-envs/README.md
View File

@@ -364,18 +364,18 @@ Regions are defined via the `regions` variable which sets up a mapping between t
| [prefix](variables-fast.tf#L76) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> | | [prefix](variables-fast.tf#L76) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
| [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | <code title="object&#40;&#123;&#10; vpn_tunnel_established &#61; optional&#40;object&#40;&#123;&#10; auto_close &#61; optional&#40;string, null&#41;&#10; duration &#61; optional&#40;string, &#34;120s&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; notification_channels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; user_labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10; vpn_tunnel_bandwidth &#61; optional&#40;object&#40;&#123;&#10; auto_close &#61; optional&#40;string, null&#41;&#10; duration &#61; optional&#40;string, &#34;120s&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; notification_channels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; threshold_mbys &#61; optional&#40;string, &#34;187.5&#34;&#41;&#10; user_labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; vpn_tunnel_established &#61; &#123;&#125;&#10; vpn_tunnel_bandwidth &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> | | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | <code title="object&#40;&#123;&#10; vpn_tunnel_established &#61; optional&#40;object&#40;&#123;&#10; auto_close &#61; optional&#40;string, null&#41;&#10; duration &#61; optional&#40;string, &#34;120s&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; notification_channels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; user_labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10; vpn_tunnel_bandwidth &#61; optional&#40;object&#40;&#123;&#10; auto_close &#61; optional&#40;string, null&#41;&#10; duration &#61; optional&#40;string, &#34;120s&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; notification_channels &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; threshold_mbys &#61; optional&#40;string, &#34;187.5&#34;&#41;&#10; user_labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; vpn_tunnel_established &#61; &#123;&#125;&#10; vpn_tunnel_bandwidth &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> | |
| [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | <code title="object&#40;&#123;&#10; project_iam_viewer &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | <code>0-bootstrap</code> | | [custom_roles](variables-fast.tf#L40) | Custom roles defined at the org level, in key => id format. | <code title="object&#40;&#123;&#10; project_iam_viewer &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | <code>0-bootstrap</code> |
| [dns](variables.tf#L42) | DNS configuration. | <code title="object&#40;&#123;&#10; dev_resolvers &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; prod_resolvers &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | | [dns](variables.tf#L42) | DNS configuration. | <code title="object&#40;&#123;&#10; gcp_domain &#61; optional&#40;string, &#34;gcp.example.com&#34;&#41;&#10; onprem_domain &#61; optional&#40;string, &#34;onprem.example.com&#34;&#41;&#10; dev_resolvers &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; prod_resolvers &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | |
| [essential_contacts](variables.tf#L52) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | | | [essential_contacts](variables.tf#L54) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | |
| [factories_config](variables.tf#L58) | Configuration for network resource factories. | <code title="object&#40;&#123;&#10; dashboards &#61; optional&#40;string, &#34;data&#47;dashboards&#34;&#41;&#10; dns_policy_rules &#61; optional&#40;string, &#34;data&#47;dns-policy-rules.yaml&#34;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; cidr_file &#61; optional&#40;string, &#34;data&#47;cidrs.yaml&#34;&#41;&#10; classic_rules &#61; optional&#40;string, &#34;data&#47;firewall-rules&#34;&#41;&#10; hierarchical &#61; optional&#40;object&#40;&#123;&#10; egress_rules &#61; optional&#40;string, &#34;data&#47;hierarchical-egress-rules.yaml&#34;&#41;&#10; ingress_rules &#61; optional&#40;string, &#34;data&#47;hierarchical-ingress-rules.yaml&#34;&#41;&#10; policy_name &#61; optional&#40;string, &#34;net-default&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; policy_rules &#61; optional&#40;string, &#34;data&#47;firewall-policies&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; subnets &#61; optional&#40;string, &#34;data&#47;subnets&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | | [factories_config](variables.tf#L60) | Configuration for network resource factories. | <code title="object&#40;&#123;&#10; dashboards &#61; optional&#40;string, &#34;data&#47;dashboards&#34;&#41;&#10; dns_policy_rules &#61; optional&#40;string, &#34;data&#47;dns-policy-rules.yaml&#34;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; cidr_file &#61; optional&#40;string, &#34;data&#47;cidrs.yaml&#34;&#41;&#10; classic_rules &#61; optional&#40;string, &#34;data&#47;firewall-rules&#34;&#41;&#10; hierarchical &#61; optional&#40;object&#40;&#123;&#10; egress_rules &#61; optional&#40;string, &#34;data&#47;hierarchical-egress-rules.yaml&#34;&#41;&#10; ingress_rules &#61; optional&#40;string, &#34;data&#47;hierarchical-ingress-rules.yaml&#34;&#41;&#10; policy_name &#61; optional&#40;string, &#34;net-default&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; policy_rules &#61; optional&#40;string, &#34;data&#47;firewall-policies&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; subnets &#61; optional&#40;string, &#34;data&#47;subnets&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | |
| [outputs_location](variables.tf#L79) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | | | [outputs_location](variables.tf#L81) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
| [psa_ranges](variables.tf#L85) | IP ranges used for Private Service Access (e.g. CloudSQL). | <code title="object&#40;&#123;&#10; dev &#61; optional&#40;list&#40;object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10; peered_domains &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; prod &#61; optional&#40;list&#40;object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10; peered_domains &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | | [psa_ranges](variables.tf#L87) | IP ranges used for Private Service Access (e.g. CloudSQL). | <code title="object&#40;&#123;&#10; dev &#61; optional&#40;list&#40;object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10; peered_domains &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; prod &#61; optional&#40;list&#40;object&#40;&#123;&#10; ranges &#61; map&#40;string&#41;&#10; export_routes &#61; optional&#40;bool, false&#41;&#10; import_routes &#61; optional&#40;bool, false&#41;&#10; peered_domains &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | |
| [regions](variables.tf#L105) | Region definitions. | <code title="object&#40;&#123;&#10; primary &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; primary &#61; &#34;europe-west1&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | | | [regions](variables.tf#L107) | Region definitions. | <code title="object&#40;&#123;&#10; primary &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; primary &#61; &#34;europe-west1&#34;&#10;&#125;">&#123;&#8230;&#125;</code> | |
| [security_profile_groups](variables-fast.tf#L86) | Security profile group ids used for policy rule substitutions. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | <code>2-networking-ngfw</code> | | [security_profile_groups](variables-fast.tf#L86) | Security profile group ids used for policy rule substitutions. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | <code>2-networking-ngfw</code> |
| [stage_config](variables-fast.tf#L94) | FAST stage configuration. | <code title="object&#40;&#123;&#10; networking &#61; optional&#40;object&#40;&#123;&#10; short_name &#61; optional&#40;string&#41;&#10; iam_admin_delegated &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_viewer &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | <code>1-resman</code> | | [stage_config](variables-fast.tf#L94) | FAST stage configuration. | <code title="object&#40;&#123;&#10; networking &#61; optional&#40;object&#40;&#123;&#10; short_name &#61; optional&#40;string&#41;&#10; iam_admin_delegated &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_viewer &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | <code>1-resman</code> |
| [tag_values](variables-fast.tf#L108) | Root-level tag values. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | <code>1-resman</code> | | [tag_values](variables-fast.tf#L108) | Root-level tag values. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> | <code>1-resman</code> |
| [vpc_configs](variables.tf#L115) | Optional VPC network configurations. | <code title="object&#40;&#123;&#10; dev &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; cloudnat &#61; optional&#40;object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; prod &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; cloudnat &#61; optional&#40;object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | | [vpc_configs](variables.tf#L117) | Optional VPC network configurations. | <code title="object&#40;&#123;&#10; dev &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; cloudnat &#61; optional&#40;object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; prod &#61; optional&#40;object&#40;&#123;&#10; mtu &#61; optional&#40;number, 1500&#41;&#10; cloudnat &#61; optional&#40;object&#40;&#123;&#10; enable &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; create_inbound_policy &#61; optional&#40;bool, true&#41;&#10; enable_logging &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; firewall &#61; optional&#40;object&#40;&#123;&#10; create_policy &#61; optional&#40;bool, false&#41;&#10; policy_has_priority &#61; optional&#40;bool, false&#41;&#10; use_classic &#61; optional&#40;bool, true&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | |
| [vpn_onprem_dev_primary_config](variables.tf#L153) | VPN gateway configuration for onprem interconnection from dev in the primary region. | <code title="object&#40;&#123;&#10; peer_external_gateways &#61; map&#40;object&#40;&#123;&#10; redundancy_type &#61; string&#10; interfaces &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; router_config &#61; object&#40;&#123;&#10; create &#61; optional&#40;bool, true&#41;&#10; asn &#61; number&#10; name &#61; optional&#40;string&#41;&#10; keepalive &#61; optional&#40;number&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; tunnels &#61; map&#40;object&#40;&#123;&#10; bgp_peer &#61; object&#40;&#123;&#10; address &#61; string&#10; asn &#61; number&#10; route_priority &#61; optional&#40;number, 1000&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; all_vpc_subnets &#61; bool&#10; all_peer_vpc_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; bgp_session_range &#61; string&#10; ike_version &#61; optional&#40;number, 2&#41;&#10; peer_external_gateway_interface &#61; optional&#40;number&#41;&#10; peer_gateway &#61; optional&#40;string, &#34;default&#34;&#41;&#10; router &#61; optional&#40;string&#41;&#10; shared_secret &#61; optional&#40;string&#41;&#10; vpn_gateway_interface &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | | [vpn_onprem_dev_primary_config](variables.tf#L155) | VPN gateway configuration for onprem interconnection from dev in the primary region. | <code title="object&#40;&#123;&#10; peer_external_gateways &#61; map&#40;object&#40;&#123;&#10; redundancy_type &#61; string&#10; interfaces &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; router_config &#61; object&#40;&#123;&#10; create &#61; optional&#40;bool, true&#41;&#10; asn &#61; number&#10; name &#61; optional&#40;string&#41;&#10; keepalive &#61; optional&#40;number&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; tunnels &#61; map&#40;object&#40;&#123;&#10; bgp_peer &#61; object&#40;&#123;&#10; address &#61; string&#10; asn &#61; number&#10; route_priority &#61; optional&#40;number, 1000&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; all_vpc_subnets &#61; bool&#10; all_peer_vpc_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; bgp_session_range &#61; string&#10; ike_version &#61; optional&#40;number, 2&#41;&#10; peer_external_gateway_interface &#61; optional&#40;number&#41;&#10; peer_gateway &#61; optional&#40;string, &#34;default&#34;&#41;&#10; router &#61; optional&#40;string&#41;&#10; shared_secret &#61; optional&#40;string&#41;&#10; vpn_gateway_interface &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | |
| [vpn_onprem_prod_primary_config](variables.tf#L196) | VPN gateway configuration for onprem interconnection from prod in the primary region. | <code title="object&#40;&#123;&#10; peer_external_gateways &#61; map&#40;object&#40;&#123;&#10; redundancy_type &#61; string&#10; interfaces &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; router_config &#61; object&#40;&#123;&#10; create &#61; optional&#40;bool, true&#41;&#10; asn &#61; number&#10; name &#61; optional&#40;string&#41;&#10; keepalive &#61; optional&#40;number&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; tunnels &#61; map&#40;object&#40;&#123;&#10; bgp_peer &#61; object&#40;&#123;&#10; address &#61; string&#10; asn &#61; number&#10; route_priority &#61; optional&#40;number, 1000&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; all_vpc_subnets &#61; bool&#10; all_peer_vpc_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; bgp_session_range &#61; string&#10; ike_version &#61; optional&#40;number, 2&#41;&#10; peer_external_gateway_interface &#61; optional&#40;number&#41;&#10; peer_gateway &#61; optional&#40;string, &#34;default&#34;&#41;&#10; router &#61; optional&#40;string&#41;&#10; shared_secret &#61; optional&#40;string&#41;&#10; vpn_gateway_interface &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | | [vpn_onprem_prod_primary_config](variables.tf#L198) | VPN gateway configuration for onprem interconnection from prod in the primary region. | <code title="object&#40;&#123;&#10; peer_external_gateways &#61; map&#40;object&#40;&#123;&#10; redundancy_type &#61; string&#10; interfaces &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; router_config &#61; object&#40;&#123;&#10; create &#61; optional&#40;bool, true&#41;&#10; asn &#61; number&#10; name &#61; optional&#40;string&#41;&#10; keepalive &#61; optional&#40;number&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; tunnels &#61; map&#40;object&#40;&#123;&#10; bgp_peer &#61; object&#40;&#123;&#10; address &#61; string&#10; asn &#61; number&#10; route_priority &#61; optional&#40;number, 1000&#41;&#10; custom_advertise &#61; optional&#40;object&#40;&#123;&#10; all_subnets &#61; bool&#10; all_vpc_subnets &#61; bool&#10; all_peer_vpc_subnets &#61; bool&#10; ip_ranges &#61; map&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#10; bgp_session_range &#61; string&#10; ike_version &#61; optional&#40;number, 2&#41;&#10; peer_external_gateway_interface &#61; optional&#40;number&#41;&#10; peer_gateway &#61; optional&#40;string, &#34;default&#34;&#41;&#10; router &#61; optional&#40;string&#41;&#10; shared_secret &#61; optional&#40;string&#41;&#10; vpn_gateway_interface &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | |
## Outputs ## Outputs

4
fast/stages/2-networking-c-separate-envs/dns-dev.tf
View File

@@ -21,9 +21,9 @@
module "dev-dns-private-zone" { module "dev-dns-private-zone" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = module.dev-spoke-project.project_id project_id = module.dev-spoke-project.project_id
name = "dev-gcp-example-com" name = "dev-${replace(var.dns.gcp_domain, ".", "-")}"
zone_config = { zone_config = {
domain = "dev.gcp.example.com." domain = "dev.${var.dns.gcp_domain}."
private = { private = {
client_networks = [module.dev-spoke-vpc.self_link] client_networks = [module.dev-spoke-vpc.self_link]
} }

4
fast/stages/2-networking-c-separate-envs/dns-prod.tf
View File

@@ -21,9 +21,9 @@
module "prod-dns-private-zone" { module "prod-dns-private-zone" {
source = "../../../modules/dns" source = "../../../modules/dns"
project_id = module.prod-spoke-project.project_id project_id = module.prod-spoke-project.project_id
name = "prod-gcp-example-com" name = "prod-${replace(var.dns.gcp_domain, ".", "-")}"
zone_config = { zone_config = {
domain = "prod.gcp.example.com." domain = "prod.${var.dns.gcp_domain}."
private = { private = {
client_networks = [module.prod-spoke-vpc.self_link] client_networks = [module.prod-spoke-vpc.self_link]
} }

2
fast/stages/2-networking-c-separate-envs/variables.tf
View File

@@ -42,6 +42,8 @@ variable "alert_config" {
variable "dns" { variable "dns" {
description = "DNS configuration." description = "DNS configuration."
type = object({ type = object({
gcp_domain = optional(string, "gcp.example.com")
onprem_domain = optional(string, "onprem.example.com")
dev_resolvers = optional(list(string), []) dev_resolvers = optional(list(string), [])
prod_resolvers = optional(list(string), []) prod_resolvers = optional(list(string), [])
}) })