kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
396265bb15eb132159c2fb7ee52874040161b0e8
hunfabric/modules/gcve-private-cloud/README.md
Ludovico Magnocavallo 50ac3a5013 Refactor of FAST resource management and subsequent stages (#2648) 
* untested

* pllan testing

* fix stage 2s

* move providers to their own file

* single-environment stage 3

* fixes and moved blocks

* stage3 factory

* doc

* review comments

* review comments

* tfdoc

* fasts tage 1 tests

* netsec as stage 2

* fix backported roles

* fix backported roles

* tfdoc

* fixes

* fix tag value roles in stage 1

* remove checklist, fix stage 1 tests

* inventory

* Small bugfix

* refactor context tag values

* fix previous merge

* fix previous merge

* fix previous merge

* support short names for top level automation resources, change top level context variable

* fix new top level context

* roll back merge changes to stage 0 outputs

* roll back more merge changes

* linting errors

* tfdoc

* fix tests, roll back merge in tenants stage

* tfdoc

* fix inventory

* optional stage 2 env folders and tag bindings

* tflint

* damn tflint

* damn tflint

* tfdoc

* fix networking tests

* tflint

* fix test inventories

* tfdoc

* use coalesce for project parents

* fix billing role conditions

* fix billing role conditions

* security stage tested (ngw resources need fixing/porting)

* boilerplate

* fix inventory

* stage envs and stage linking script

* initial work on resman docs, update diagram, improve teams folder

* resman README

* fix stage 2 IAM delegation

* remove checklist from bootstrap

* stage 1 tests

* stage 0 1 and 2 tests

* tflint

* tflint

* tfdoc

* GCVE stage refactor (untested)

* GCVE stage refactor (untested)

* GCVE stage 3

* gcve tests

* tflint

* tfdoc

* fix links

* module tests

* stages README

* move network security to stage 2

* network security tests

* replace stage links in README files

* minimal netsec stage refactor

* use factory for iac org policies, add configurable drs org policy for iac

* test mt stage

* tfdoc

* fix cicd workflows

* fix cicd workflows

* gke-dev stage

* tflint

* remove data platform stage

* exclude provider files via tfdoc opts

* remove data platform tests and links

* fix merge

* fix resman inventory

* boilerplate

* inventory

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
2024-10-31 16:55:54 +01:00

159 lines
8.0 KiB
Markdown
Raw Blame History

# Google Cloud VMWare Engine Private Cloud module
The module manages one or more Google Cloud VMWare Engine Private Clouds.
It can either create a new VMWare engine network shared between the private clouds or it can use an existing one. The module also creates peering connections to users' VPCs or other VMware engine networks.
To understand the limits and to properly configure the vSphere/vSAN subnets CIDR range please refer to the [GCVE public documentation](https://cloud.google.com/vmware-engine/docs/quickstart-networking-requirements).
The deployment might require up to 2 hours, depending on the selected private cloud target zone.
<!-- BEGIN TOC -->
- [Limitations](#limitations)
- [Basic Private Cloud Creation](#basic-private-cloud-creation)
- [Customize management cluster configs](#customize-management-cluster-configs)
- [Create additional clusters](#create-additional-clusters)
- [Enable cluster Internet access and inbound connectivity](#enable-cluster-internet-access-and-inbound-connectivity)
- [Variables](#variables)
- [Outputs](#outputs)
<!-- END TOC -->
## Limitations
The module and underlying resources still don't support the creation of stretched (regional) private clouds.
## Basic Private Cloud Creation
```hcl
module "gcve-pc" {
source = "./fabric/modules/gcve-private-cloud"
prefix = "gcve-pc"
project_id = "gcve-test-project"
vmw_network_peerings = {
transit-conn1 = {
peer_network = "projects/test-prj-gcve-01/global/networks/default"
}
}
vmw_private_cloud_configs = {
pcc_one = {
cidr = "192.168.0.0/24"
zone = "europe-west8-a"
}
}
}
# tftest modules=1 resources=3 inventory=basic.yaml
```
## Customize management cluster configs
You can customize the management cluster of each VMware engine private cloud.
```hcl
module "gcve-pc" {
source = "./fabric/modules/gcve-private-cloud"
prefix = "gcve-pc"
project_id = "gcve-test-project"
vmw_network_peerings = {
transit-conn1 = {
peer_network = "projects/test-prj-gcve-01/global/networks/default"
}
}
vmw_private_cloud_configs = {
pcc_one = {
cidr = "192.168.0.0/24"
management_cluster_config = {
node_type_id = "standard-72"
node_count = 6
custom_core_count = 28
}
zone = "europe-west8-a"
}
}
}
# tftest modules=1 resources=3 inventory=custom-management.yaml
```
## Create additional clusters
You can optionally create additional clusters in each VMware engine private cloud.
```hcl
module "gcve-pc" {
source = "./fabric/modules/gcve-private-cloud"
prefix = "gcve-pc"
project_id = "gcve-test-project"
vmw_network_peerings = {
transit-conn1 = {
peer_network = "projects/test-prj-gcve-01/global/networks/default"
}
}
vmw_private_cloud_configs = {
pcc_one = {
cidr = "192.168.0.0/24"
additional_cluster_configs = {
test-cluster-one = {
node_type_id = "standard-72"
node_count = 6
custom_core_count = 28
}
test-cluster-two = {
node_type_id = "standard-72"
node_count = 4
custom_core_count = 28
}
}
zone = "europe-west8-a"
}
}
}
# tftest modules=1 resources=5 inventory=additional-clusters.yaml
```
## Enable cluster Internet access and inbound connectivity
```hcl
module "gcve-pc" {
source = "./fabric/modules/gcve-private-cloud"
prefix = "gcve-pc"
project_id = "gcve-test-project"
vmw_network_config = {
network_policies = {
ew8 = {
edge_services_cidr = "192.168.100.0/26"
region = "europe-west8"
expose_on_internet = true
outbound_internet_access = true
}
}
}
vmw_private_cloud_configs = {
pcc_one = {
cidr = "192.168.0.0/24"
zone = "europe-west8-a"
}
}
}
# tftest modules=1 resources=3 inventory=network-policy.yaml
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [prefix](variables.tf#L17) | Prefix used in resource names. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L22) | Project id. | <code>string</code> | ✓ | |
| [vmw_network_config](variables.tf#L27) | VMware Engine network configuration. | <code title="object&#40;&#123;&#10; create &#61; optional&#40;bool, true&#41;&#10; description &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10; name &#61; optional&#40;string, &#34;default&#34;&#41;&#10; network_policies &#61; optional&#40;map&#40;object&#40;&#123;&#10; edge_services_cidr &#61; string&#10; region &#61; string&#10; description &#61; optional&#40;string, &#34;Terraform-managed.&#34;&#41;&#10; expose_on_internet &#61; optional&#40;bool&#41;&#10; outbound_internet_access &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [vmw_network_peerings](variables.tf#L44) | The network peerings towards users' VPCs or other VMware Engine networks. The key is the peering name suffix. | <code title="map&#40;object&#40;&#123;&#10; peer_network &#61; string&#10; description &#61; optional&#40;string, &#34;Managed by Terraform.&#34;&#41;&#10; peer_to_vmware_engine_network &#61; optional&#40;bool, false&#41;&#10; routes_config &#61; optional&#40;object&#40;&#123;&#10; export &#61; optional&#40;bool, false&#41;&#10; import &#61; optional&#40;bool, false&#41;&#10; public_export &#61; optional&#40;bool, false&#41;&#10; public_import &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [vmw_private_cloud_configs](variables.tf#L60) | The VMware private cloud configurations. The key is the unique private cloud name suffix. | <code title="map&#40;object&#40;&#123;&#10; cidr &#61; string&#10; zone &#61; string&#10; description &#61; optional&#40;string, &#34;Managed by Terraform.&#34;&#41;&#10; additional_cluster_configs &#61; optional&#40;map&#40;object&#40;&#123;&#10; custom_core_count &#61; optional&#40;number&#41;&#10; node_count &#61; optional&#40;number, 3&#41;&#10; node_type_id &#61; optional&#40;string, &#34;standard-72&#34;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; management_cluster_config &#61; optional&#40;object&#40;&#123;&#10; custom_core_count &#61; optional&#40;number&#41;&#10; name &#61; optional&#40;string, &#34;mgmt-cluster&#34;&#41;&#10; node_count &#61; optional&#40;number, 3&#41;&#10; node_type_id &#61; optional&#40;string, &#34;standard-72&#34;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#123;&#10; pcc_one &#61; &#123;&#10; cidr &#61; &#34;192.168.0.0&#47;24&#34;&#10; additional_cluster_configs &#61; &#123;&#10; test-cluster-one &#61; &#123;&#10; node_type_id &#61; &#34;standard-72&#34;&#10; node_count &#61; 6&#10; custom_core_count &#61; 28&#10; &#125;&#10; test-cluster-two &#61; &#123;&#10; node_type_id &#61; &#34;standard-72&#34;&#10; node_count &#61; 4&#10; custom_core_count &#61; 28&#10; &#125;&#10; &#125;&#10; zone &#61; &#34;europe-west8-a&#34;&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [network](outputs.tf#L17) | VMware engine network. | |
| [network_id](outputs.tf#L22) | VMware engine network id. | |
| [network_peerings](outputs.tf#L27) | The peerings created towards the user VPC or other VMware engine networks. | |
| [network_policies](outputs.tf#L32) | The network policies associated to the VMware engine network. | |
| [private_clouds](outputs.tf#L37) | VMware engine private cloud resources. | |
<!-- END TFDOC -->
Reference in New Issue View Git Blame Copy Permalink