kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

New folder structure

Browse Source
This commit is contained in:
Julio Castillo
2022-01-10 15:09:38 +01:00
parent 29426890a2
commit 8df9ef9035
403 changed files with 238 additions and 439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
examples/networking/private-cloud-function-from-onprem/README.md Normal file
View File

@@ -0,0 +1,37 @@
# Calling a private Cloud Function from On-premises
This example shows how to invoke a private Google Cloud Function from the on-prem environment via a Private Service Connect endpoint.
According to the [documentation](https://cloud.google.com/functions/docs/networking/network-settings#ingress_settings), only requests from VPC networks in the same project or VPC Service Controls perimeter are allowed to call a private Cloud Function. That's the reason why a Private Service Connect endpoint is needed in this architecture.
The Terraform script in this folder will create two projects connected via VPN: one to simulate the on-prem environment and another containing the Cloud Function and the Private Service Connect endpoint.
The "on-prem" project contains a small VM that can be used to test the accessibility to the private Cloud Function:
```bash
curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/YOUR_FUNCTION_NAME
```
![Cloud Function via Private Service Connect](diagram.png "High-level diagram")
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| project_id | Project id. | <code>string</code> | ✓ | |
| ip_ranges | IP ranges used for the VPCs. | <code title="object&#40;&#123;&#10; onprem &#61; string&#10; hub &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; onprem &#61; &#34;10.0.1.0&#47;24&#34;,&#10; hub &#61; &#34;10.0.2.0&#47;24&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
| name | Name used for new resources. | <code>string</code> | | <code>&#34;cf-via-psc&#34;</code> |
| project_create | If non null, creates project instead of using an existing one. | <code title="object&#40;&#123;&#10; billing_account_id &#61; string&#10; parent &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| psc_endpoint | IP used for the Private Service Connect endpoint, it must not overlap with the hub_ip_range. | <code>string</code> | | <code>&#34;172.16.32.1&#34;</code> |
| region | Region where the resources will be created. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| function_url | URL of the Cloud Function. | |
<!-- END TFDOC -->

22
examples/networking/private-cloud-function-from-onprem/assets/main.py Normal file
View File

@@ -0,0 +1,22 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def main(request):
request_json = request.get_json()
if request.args and 'message' in request.args:
return request.args.get('message')
elif request_json and 'message' in request_json:
return request_json['message']
else:
return f'Hello World!!1\n'

BIN
examples/networking/private-cloud-function-from-onprem/diagram.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 63 KiB

260
examples/networking/private-cloud-function-from-onprem/main.tf Normal file
View File

@@ -0,0 +1,260 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
psc_name = replace(var.name, "-", "")
}
module "project" {
source = "../../../modules/project"
name = var.project_id
project_create = var.project_create == null ? false : true
billing_account = try(var.project_create.billing_account_id, null)
parent = try(var.project_create.parent, null)
service_config = {
disable_dependent_services = false
disable_on_destroy = false
}
services = [
"cloudfunctions.googleapis.com",
"cloudbuild.googleapis.com",
"compute.googleapis.com",
"dns.googleapis.com"
]
}
###############################################################################
# VPCs #
###############################################################################
module "vpc-onprem" {
source = "../../../modules/net-vpc"
project_id = module.project.project_id
name = "${var.name}-onprem"
subnets = [
{
ip_cidr_range = var.ip_ranges.onprem
name = "${var.name}-onprem"
region = var.region
secondary_ip_range = {}
}
]
subnet_private_access = {
"${var.region}/${var.name}-onprem" = false
}
}
module "firewall-onprem" {
source = "../../../modules/net-vpc-firewall"
project_id = module.project.project_id
network = module.vpc-onprem.name
}
module "vpc-hub" {
source = "../../../modules/net-vpc"
project_id = module.project.project_id
name = "${var.name}-hub"
subnets = [
{
ip_cidr_range = var.ip_ranges.hub
name = "${var.name}-hub"
region = var.region
secondary_ip_range = {}
}
]
}
###############################################################################
# VPNs #
###############################################################################
module "vpn-onprem" {
source = "../../../modules/net-vpn-ha"
project_id = module.project.project_id
region = var.region
network = module.vpc-onprem.self_link
name = "${var.name}-onprem-to-hub"
router_asn = 65001
router_advertise_config = {
groups = ["ALL_SUBNETS"]
ip_ranges = {
}
mode = "CUSTOM"
}
peer_gcp_gateway = module.vpn-hub.self_link
tunnels = {
tunnel-0 = {
bgp_peer = {
address = "169.254.0.2"
asn = 65002
}
bgp_peer_options = null
bgp_session_range = "169.254.0.1/30"
ike_version = 2
vpn_gateway_interface = 0
peer_external_gateway_interface = null
router = null
shared_secret = ""
}
tunnel-1 = {
bgp_peer = {
address = "169.254.0.6"
asn = 65002
}
bgp_peer_options = null
bgp_session_range = "169.254.0.5/30"
ike_version = 2
vpn_gateway_interface = 1
peer_external_gateway_interface = null
router = null
shared_secret = ""
}
}
}
module "vpn-hub" {
source = "../../../modules/net-vpn-ha"
project_id = module.project.project_id
region = var.region
network = module.vpc-hub.name
name = "${var.name}-hub-to-onprem"
router_asn = 65002
peer_gcp_gateway = module.vpn-onprem.self_link
router_advertise_config = {
groups = ["ALL_SUBNETS"]
ip_ranges = {
(var.psc_endpoint) = "to-psc-endpoint"
}
mode = "CUSTOM"
}
tunnels = {
tunnel-0 = {
bgp_peer = {
address = "169.254.0.1"
asn = 65001
}
bgp_peer_options = null
bgp_session_range = "169.254.0.2/30"
ike_version = 2
vpn_gateway_interface = 0
peer_external_gateway_interface = null
router = null
shared_secret = module.vpn-onprem.random_secret
}
tunnel-1 = {
bgp_peer = {
address = "169.254.0.5"
asn = 65001
}
bgp_peer_options = null
bgp_session_range = "169.254.0.6/30"
ike_version = 2
vpn_gateway_interface = 1
peer_external_gateway_interface = null
router = null
shared_secret = module.vpn-onprem.random_secret
}
}
}
###############################################################################
# VMs #
###############################################################################
module "test-vm" {
source = "../../../modules/compute-vm"
project_id = module.project.project_id
zone = "${var.region}-b"
name = "${var.name}-test"
instance_type = "e2-micro"
boot_disk = {
image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2104"
type = "pd-balanced"
size = 10
}
network_interfaces = [{
addresses = null
nat = false
network = module.vpc-onprem.self_link
subnetwork = module.vpc-onprem.subnet_self_links["${var.region}/${var.name}-onprem"]
}]
tags = ["ssh"]
}
###############################################################################
# Cloud Function #
###############################################################################
module "function-hello" {
source = "../../../modules/cloud-function"
project_id = module.project.project_id
name = var.name
bucket_name = "${var.name}-tf-cf-deploy"
ingress_settings = "ALLOW_INTERNAL_ONLY"
bundle_config = {
source_dir = "${path.module}/assets"
output_path = "bundle.zip"
excludes = null
}
bucket_config = {
location = var.region
lifecycle_delete_age = null
}
iam = {
"roles/cloudfunctions.invoker" = ["allUsers"]
}
}
###############################################################################
# DNS #
###############################################################################
module "private-dns-onprem" {
source = "../../../modules/dns"
project_id = module.project.project_id
type = "private"
name = var.name
domain = "${var.region}-${module.project.project_id}.cloudfunctions.net."
client_networks = [module.vpc-onprem.self_link]
recordsets = {
"A " = { ttl = 300, records = [module.addresses.psc_addresses[local.psc_name].address] }
}
}
###############################################################################
# PSCs #
###############################################################################
module "addresses" {
source = "../../../modules/net-address"
project_id = module.project.project_id
psc_addresses = {
(local.psc_name) = {
address = var.psc_endpoint
network = module.vpc-hub.self_link
}
}
}
resource "google_compute_global_forwarding_rule" "psc-endpoint" {
provider = google-beta
project = module.project.project_id
name = local.psc_name
network = module.vpc-hub.self_link
ip_address = module.addresses.psc_addresses[local.psc_name].self_link
target = "vpc-sc"
load_balancing_scheme = ""
}

20
examples/networking/private-cloud-function-from-onprem/outputs.tf Normal file
View File

@@ -0,0 +1,20 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
output "function_url" {
description = "URL of the Cloud Function."
value = module.function-hello.function.https_trigger_url
}

59
examples/networking/private-cloud-function-from-onprem/variables.tf Normal file
View File

@@ -0,0 +1,59 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "ip_ranges" {
description = "IP ranges used for the VPCs."
type = object({
onprem = string
hub = string
})
default = {
onprem = "10.0.1.0/24",
hub = "10.0.2.0/24"
}
}
variable "name" {
description = "Name used for new resources."
type = string
default = "cf-via-psc"
}
variable "project_create" {
description = "If non null, creates project instead of using an existing one."
type = object({
billing_account_id = string
parent = string
})
default = null
}
variable "project_id" {
description = "Project id."
type = string
}
variable "psc_endpoint" {
description = "IP used for the Private Service Connect endpoint, it must not overlap with the hub_ip_range."
type = string
default = "172.16.32.1"
}
variable "region" {
description = "Region where the resources will be created."
type = string
default = "europe-west1"
}

29
examples/networking/private-cloud-function-from-onprem/versions.tf Normal file
View File

@@ -0,0 +1,29 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
terraform {
required_version = ">= 1.0.0"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.0.0"
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.0.0"
}
}
}