kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
hunfabric/modules/ncc-spoke-ra/README.md
Simon Roberts 26dbaa2d6e Enable terraform_naming_convention in tflint (#3930) 
* Draft terraform_naming_convention

* Two fast/stages fixes for terraform_naming_convention

* Disable terraform_naming_convention for resources for now

* module fixes for terraform_naming_convention

* tfdoc

* Remove "moved" from recipe and needs-fixing

* Fix moved for spoke_ra

* fix tests

* Use default (snake_case) for resources

* factory.terraform_data.project-preconditions

* First-pass migration of resources + tests

* Fix tests/modules/organization

* Require snake_case for variables; Add annotations for _testing

* permit _fast_debug variable

* Fix net_vpc_factory and net_vpc_firewall tests

* tfdoc addons and recipe

* Fix more tests

* Fix some net-global -> net_global tests

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2026-05-06 06:06:26 +00:00

168 lines
5.5 KiB
Markdown
Raw Permalink Blame History

# NCC Spoke RA Module
This module allows management of NCC Spokes backed by Router Appliances. Network virtual appliances used as router appliances allow to connect an external network to Google Cloud by using a SD-WAN router or another appliance with BGP capabilities (_site-to-cloud_ connectivity). It is also possible to enable site-to-site data transfer, although this feature is not available in all regions, particularly not in EMEA.
The module manages a hub (optionally), a spoke, and the corresponding Cloud Router and BGP sessions to the router appliance(s).
## Examples
### Simple hub & spoke
```hcl
module "spoke-ra" {
source = "./fabric/modules/ncc-spoke-ra"
hub = { create = true, name = "ncc-hub" }
name = "spoke-ra"
project_id = var.project_id
region = var.region
router_appliances = [
{
internal_ip = module.compute-vm-primary-b.internal_ip
vm_self_link = module.compute-vm-primary-b.self_link
}
]
router_config = {
asn = 65000
ip_interface0 = "10.0.16.14"
ip_interface1 = "10.0.16.15"
peer_asn = 65001
}
vpc_config = {
network_name = var.vpc.self_link
subnet_self_link = var.subnet.self_link
}
}
# tftest modules=5 resources=11 fixtures=fixtures/compute-vm-nva.tf e2e
```
### Two spokes
```hcl
resource "google_network_connectivity_hub" "default" {
name = "Hub"
description = "Hub"
project = var.project_id
}
module "spoke-ra-a" {
source = "./fabric/modules/ncc-spoke-ra"
hub = { id = google_network_connectivity_hub.default.id }
name = "spoke-ra-a"
project_id = var.project_id
region = var.regions.primary
router_appliances = [
{
internal_ip = module.compute-vm-primary-b.internal_ip
vm_self_link = module.compute-vm-primary-b.self_link
}
]
router_config = {
asn = 65000
ip_interface0 = "10.0.16.14"
ip_interface1 = "10.0.16.15"
peer_asn = 65001
}
vpc_config = {
network_name = var.vpc.self_link
subnet_self_link = var.subnets.primary.self_link
}
}
module "spoke-ra-b" {
source = "./fabric/modules/ncc-spoke-ra"
hub = { id = google_network_connectivity_hub.default.id }
name = "spoke-ra-b"
project_id = var.project_id
region = var.regions.secondary
router_appliances = [
{
internal_ip = module.compute-vm-secondary-b.internal_ip
vm_self_link = module.compute-vm-secondary-b.self_link
}
]
router_config = {
asn = 65000
ip_interface0 = "10.1.16.14"
ip_interface1 = "10.1.16.15"
peer_asn = 65002
}
vpc_config = {
network_name = var.vpc.self_link
subnet_self_link = var.subnets.secondary.self_link
}
}
# tftest modules=6 resources=17 fixtures=fixtures/compute-vm-nva.tf e2e
```
### Spoke with load-balanced router appliances
```hcl
resource "google_network_connectivity_hub" "default" {
name = "Hub"
description = "Hub"
project = var.project_id
}
module "spoke-ra" {
source = "./fabric/modules/ncc-spoke-ra"
hub = { id = google_network_connectivity_hub.default.id }
name = "spoke-ra"
project_id = var.project_id
region = var.region
router_appliances = [
{
internal_ip = module.compute-vm-primary-b.internal_ip
vm_self_link = module.compute-vm-primary-b.self_link
},
{
internal_ip = module.compute-vm-primary-c.internal_ip
vm_self_link = module.compute-vm-primary-c.self_link
}
]
router_config = {
asn = 65000
custom_advertise = {
all_subnets = true
ip_ranges = {
"10.10.0.0/24" = "peered-vpc"
}
}
ip_interface0 = "10.0.16.14"
ip_interface1 = "10.0.16.15"
peer_asn = 65001
}
vpc_config = {
network_name = var.vpc.self_link
subnet_self_link = var.subnet.self_link
}
}
# tftest modules=5 resources=13 fixtures=fixtures/compute-vm-nva.tf e2e
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [hub](variables.tf#L23) | The NCC hub. You should either provide an existing hub id or a hub name if create is true. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [name](variables.tf#L37) | The name of the NCC spoke. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L42) | The ID of the project where the NCC hub & spokes will be created. | <code>string</code> | ✓ | |
| [region](variables.tf#L47) | Region where the spoke is located. | <code>string</code> | ✓ | |
| [router_appliances](variables.tf#L52) | List of router appliances this spoke is associated with. | <code>list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [router_config](variables.tf#L60) | Configuration of the Cloud Router. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [vpc_config](variables.tf#L76) | Network and subnetwork for the CR interfaces. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [data_transfer](variables.tf#L17) | Site-to-site data transfer feature, available only in some regions. | <code>bool</code> | | <code>false</code> |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [hub](outputs.tf#L17) | NCC hub resource (only if auto-created). | |
| [id](outputs.tf#L22) | Fully qualified hub id. | |
| [router](outputs.tf#L27) | Cloud Router resource. | |
| [spoke_ra](outputs.tf#L32) | NCC spoke resource. | |
## Fixtures
- [compute-vm-nva.tf](../../tests/fixtures/compute-vm-nva.tf)
<!-- END TFDOC -->
Reference in New Issue View Git Blame Copy Permalink