kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,177 Commits 1 Branch 1 Tag
0fe3f165edcf77f7cfc5dcb7649360c21cdb0785
Commit Graph

4177 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ana Fernandez del Alamo
0fe3f165ed Add VPN monitoring alerts to 2-networking and VPN usage chart 
The Fast stage 2-networking-* currently adds a monitoring dashboard
for VPN metrics. This change adds an additional chart to monitor the
usage of the VPN bandwidth.

This change also adds the following monitoring alerts:

* VPN tunnel established
*
[VPN bandwidth](https://cloud.google.com/network-connectivity/docs/vpn/how-to/viewing-logs-metrics#define-bandwidth-alerts)

To configure the alerts, there is a new `alert_config` variable with
defined default values.

The alerts are created in the stage `b` by default. In the stages a,
c, d, and e, the alerts are created if the user creates the On-prem
VPN.

To disable the creation of alerts, add the following to
`terraform.tfvars`:

```
alert_config = {
  vpn_tunnel_established = null
  vpn_tunnel_bandwidth = null
}
```
 2023-06-06 13:49:21 +01:00
Julio Castillo
9af4db2fa0 Delete FAQ.md 2023-06-06 14:47:26 +02:00
lcaggio
7ed197aff4 Fix and improve GCS2BQ blueprint (#1416) 
* Fix roles

* Implement Shared VPC roles relying on project service_identity_iam variable

* Group project variable into project_config variable

* Rely on optional variables to avoid try()
 2023-06-06 09:06:58 +02:00
Ludovico Magnocavallo
fedb894f97 Fix NLB module (#1419) 
* net-nlb fixes

* formatting
 2023-06-05 19:42:32 +02:00
Ludovico Magnocavallo
ea4c00756b Network Load Balancer module (#1418) 
* wip

* example tests passing
 2023-06-05 13:21:40 +02:00
Ludo
a93a78f4e7 update changelog for v23.0.0 2023-06-05 11:40:27 +02:00
Ludo
c14ab4de55 update changelog 2023-06-05 11:39:30 +02:00
Luca Prete
0d6751a5f4 Remove hardcoded description from instance groups created under net-ilb (#1417) 2023-06-05 09:35:17 +00:00
Ludo
eb76a60208 update changelog 2023-06-05 11:19:45 +02:00
Ludovico Magnocavallo
c439a66b27 Add notice to net-ilb module on routes (#1415) 
* add support for routes

* boilerplate

* revert and add notice to README

* revert

* revert

* Fix README

---------

Co-authored-by: Julio Castillo <jccb@google.com>
 2023-06-05 09:40:34 +02:00
Prabha Arya
f2fe406a62 add alloydb module (#1403) 
* add alloydb module

* fix typos

* fix typos

* Add default googleapi route creation to net-vpc

* Reuse existing logic to create default routes

* Update net-vpc README

* Fix modules and blueprints tests

* Rename to `create_googleapis_routes`

* Fix FAST tests

* Fix nva stages tests

* update changelog

* fix typos

* fix version

* rearrange variables

* fix lint

* fix lint

* fix README

* fix README

* fix comments

* fix variables

* fix READMEs

---------

Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Ludo <ludomagno@google.com>
 2023-06-04 10:12:32 +00:00
Ludo
a7d694f9b0 update changelog 2023-06-03 16:21:17 +02:00
David Asaf
43ce70e1ed Bump GH TF version to coincide with module requirements (#1414) 2023-06-03 06:20:11 +00:00
Julio Castillo
d4de7219c5 Merge pull request #1411 from rosmo/jit-more 
Add networksecurity to JIT identity list
 2023-06-02 18:32:52 +02:00
Taneli Leppä
87db60de1f Add networksecurity to JIT identity list. 2023-06-02 16:11:16 +02:00
Ludovico Magnocavallo
884cb8b4bf Ensure all modules have an id output (#1410) 
* net-vpc

* a-d

* complete modules

* fix error
 2023-06-02 16:07:22 +02:00
apichick
f069562998 Added comment in the dns module, saying that inbound/outbound server policies are set in the net-vpc module (#1405) 
Co-authored-by: Luca Prete <preteluca@gmail.com>
 2023-06-02 11:35:25 +02:00
Alejandro Leal
7f4825feeb Merge pull request #1407 from bluPhy/master 
Multiple Updates in READMEs and wording
 2023-05-31 13:53:00 -04:00
Alejandro Leal
6c11527762 Multiple Updates 
modules/net-dedicated-vlan-attachment/variables.tf
modules/net-dedicated-vlan-attachment/README.md
CHANGELOG.md
blueprints/networking/ha-vpn-over-interconnect/README.md
 2023-05-31 13:26:22 -04:00
Simone Ruffilli
fda4daecff Cosmetic documentation fixes 2023-05-31 13:51:15 +02:00
Simone Ruffilli
7f561565e7 HA VPN over Interconnect modules and blueprint (#1390) 
Two new modules, net-ipsec-over-interconnect to establish HA VPN over existing VLAN attachments, and net-dedicated-vlan-attachment to create (optionally encrypted) vlan attachments, as well as the ha-vpn-over-interconnect blueprint that shows how to compose such modules to create a 99.9% encrypted interconnect.
 2023-05-31 10:53:38 +00:00
Wiktor Niesiobędzki
3ac6ceac1e Add trigger SA for Cloud Run 2023-05-30 17:08:37 +02:00
Ludo
91daad5570 update changelog 2023-05-30 09:42:04 +02:00
Julio Castillo
b1ea36b069 Merge pull request #1400 from GoogleCloudPlatform/jccb/default-vpc-routes 
Add default googleapi route creation to net-vpc
 2023-05-26 17:49:59 +02:00
Julio Castillo
b6ce4222d1 Fix nva stages tests 2023-05-26 17:32:34 +02:00
Julio Castillo
fb121b4d08 Fix FAST tests 2023-05-26 17:17:40 +02:00
Julio Castillo
0888cce3a5 Rename to create_googleapis_routes 2023-05-26 16:43:43 +02:00
Julio Castillo
cecbd2072c Fix modules and blueprints tests 2023-05-26 16:38:41 +02:00
Julio Castillo
563b5fa0cb Update net-vpc README 2023-05-26 12:46:16 +02:00
Julio Castillo
1e8c58c88e Reuse existing logic to create default routes 2023-05-26 12:01:38 +02:00
Julio Castillo
7a91a7e41c Add default googleapi route creation to net-vpc 2023-05-26 10:55:35 +02:00
Julio Castillo
868507e932 Update changelo 2023-05-24 19:48:18 +02:00
Julio Castillo
8a3c81b022 Update changelog 2023-05-24 19:44:45 +02:00
Julio Castillo
7b9e2aeb09 Update changelog 2023-05-24 19:28:41 +02:00
Julio Castillo
584a2e055b Merge pull request #1393 from GoogleCloudPlatform/juliocc-patch-1 
Update README.md
 2023-05-24 12:59:13 +02:00
Julio Castillo
e479d9815b Merge branch 'master' into juliocc-patch-1 2023-05-24 12:46:04 +02:00
Benoît Sauvère
aa80109081 allow to configure stack_type in the GKE modules (#1395) 
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
 2023-05-24 10:19:43 +00:00
Ludovico Magnocavallo
4aa99ea829 allow setting identities in egress policies (#1394) 2023-05-24 12:05:16 +02:00
Julio Castillo
d22bf2ec6b Update README.md 2023-05-24 11:34:21 +02:00
Gustavo Valverde
00cac9148a fix(stages): only add sandbox SA when sandbox feature is enabled (#1391) 
If you have the `project_factory` feature enabled, but not the `sandbox` feature (as it's not a requirement on your org), when doing a `terraform apply` on `1-resman` it raises this errors as it's expecting the wrong feature when creating the sandbox SA

```
│ Error: Invalid index
│ 
│   on branch-sandbox.tf line 68, in resource "google_organization_iam_member" "org_policy_admin_sandbox":
│   68:   member = module.branch-sandbox-sa.0.iam_email
│     ├────────────────
│     │ module.branch-sandbox-sa is empty tuple
│ 
│ The given key does not identify an element in this collection value: the collection has no elements.
```
 2023-05-24 05:17:35 +00:00
dependabot[bot]
d245088fa1 Bump requests in /blueprints/cloud-operations/network-dashboard/src (#1389) 
Bumps [requests](https://github.com/psf/requests) from 2.28.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.28.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-23 05:37:15 +00:00
Julio Castillo
aa850ead5f Merge pull request #1387 from GoogleCloudPlatform/jccb/cb-default-sa 
Add default Cloud Build SA to project module
 2023-05-22 19:25:17 +02:00
Julio Castillo
fddf8b52bc Fix sort order 2023-05-22 19:11:33 +02:00
Julio Castillo
3e67fc00ca Add default Cloud Build SA to project module 2023-05-22 19:11:33 +02:00
Ana Fernandez
00efd6099f Merge pull request #1388 from GoogleCloudPlatform/afda16/firewall-validator-argument 
Firewall Validator fix target_service_accounts ref
 2023-05-22 15:49:38 +01:00
Ana Fernandez del Alamo
4129eb11ae Firewall Validator fix target_service_accounts ref 
The Firewall Validator schema configuration contains a field
`target_service_account`. This should be updated to
`target_service_accounts` to match the `google_compute_firewall`
Terraform resource argument:

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall#target_service_accounts
 2023-05-22 15:28:48 +01:00
Ana Fernandez
8254303dc3 Merge pull request #1386 from GoogleCloudPlatform/afda16/logging-bucket-cmek 
Support CMEK encryption in logging-bucket module
 2023-05-22 15:28:15 +01:00
Ana Fernandez del Alamo
a5bbd09776 Support CMEK encryption in logging-bucket module 
We have a use case, Local Controls, that requires to configure
CMEK with Logging buckets. This commit adds an optional variable to
configure CMEK in the `logging-bucket` module. By default the Logging
bucket won't use CMEK encryption.

To configure CMEK for Logging buckets it's also required to add the
correct permissions to the bucket service account. For more information
and a Terraform example, see:

https://cloud.google.com/logging/docs/routing/managed-encryption-storage

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/logging_project_bucket_config#example-usage
 2023-05-22 15:12:27 +01:00
Ludovico Magnocavallo
e0911c6291 Add conditional org admin role to sandbox SA (#1385) 
* add org admin conditional role to sandbox SA

* tfdoc
 2023-05-21 10:48:41 +02:00
Roberto Jung Drebes
d2f0b17ec4 Allows groups from other orgs/domains (#1383) 
* Allows groups from other orgs
 2023-05-17 11:07:47 +02:00