-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
114 lines (108 loc) · 4.18 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
provider "google" {
project = var.project_id
region = var.region
}
module "project-services" {
source = "terraform-google-modules/project-factory/google//modules/project_services"
version = "~> 14.1"
project_id = var.project_id
activate_apis = [
"compute.googleapis.com",
"iam.googleapis.com",
"servicenetworking.googleapis.com"
]
# DO NOT REMOVE disalbe* options. APIs will be DISABLED if you destroy resources after removing below, effect your services:
disable_services_on_destroy = false
disable_dependent_services = false
}
locals {
vpc-name-without-stage = "gke-networktest"
# CIDR: 172.19.0.0/16, 172.19.0.0/20 -172.19.15.255, 172.19.32.0/20-172.19.47.255
b-class = "172.19"
# b-class = "172.20"
}
resource "google_compute_network" "this" {
provider = google
name = format("%s-%s", local.vpc-name-without-stage, var.stage)
auto_create_subnetworks = false
mtu = 1460
}
resource "google_compute_subnetwork" "this" {
name = format("%s-subnet1-%s", local.vpc-name-without-stage, var.stage)
ip_cidr_range = format("%s.0.0/20", local.b-class)
region = var.region
network = google_compute_network.this.name
private_ip_google_access = true
log_config {
aggregation_interval = "INTERVAL_10_MIN"
flow_sampling = 0.1
metadata = "INCLUDE_ALL_METADATA"
}
}
resource "google_compute_subnetwork" "subnet2" {
name = format("%s-subnet2", google_compute_network.this.name)
ip_cidr_range = format("%s.32.0/20", local.b-class)
region = var.region
network = google_compute_network.this.name
private_ip_google_access = true
log_config {
aggregation_interval = "INTERVAL_10_MIN"
flow_sampling = 0.1
metadata = "INCLUDE_ALL_METADATA"
}
}
resource "google_compute_global_address" "vpc-peering" {
name = format("managed-service-%s", var.stage)
purpose = "VPC_PEERING"
address_type = "INTERNAL"
address = format("%s.128.0", local.b-class)
prefix_length = 20
network = google_compute_network.this.id
}
resource "google_service_networking_connection" "vpc-peering" {
network = google_compute_network.this.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.vpc-peering.name]
depends_on = [google_compute_global_address.vpc-peering]
}
resource "google_compute_network_peering_routes_config" "peering_routes" {
peering = google_service_networking_connection.vpc-peering.peering
network = google_compute_network.this.name
import_custom_routes = true
export_custom_routes = true
}
#
# Testing for PRIVATE_SERVICE_CONNECT type resource is not yet completed
#
# provider "google-beta" {
# project = var.project_id
# region = var.region
# }
#
# IMPORTANT - provider for the PRIVATE_SERVICE_CONNECT is 'google-beta'
# resource "google_compute_network" "google-beta" {
# provider = google-beta
# name = format("gke-networktest-%s", var.stage)
# auto_create_subnetworks = false
# mtu = 1460
# }
# resource "google_compute_global_address" "psc" {
# provider = google-beta
# name = "psc-managed-service"
# address_type = "INTERNAL"
# purpose = "PRIVATE_SERVICE_CONNECT"
# network = google_compute_network.this.id
# address = "172.19.144.1"
# # prefix_length = 20
# # resource.prefixLength': '20'. The field cannot be specified for reserving internal IP Addresses. Please unset the field and retry the operation
# # This field is not applicable to addresses with addressType=EXTERNAL, or addressType=INTERNAL when purpose=PRIVATE_SERVICE_CONNECT
# # address = "172.19.144.1/32" # Invalid value for field 'resource.address': '172.19.144.1/32'. Must be a valid IP address.
# }
data "terraform_remote_state" "this" {
backend = "gcs"
workspace = var.stage
config = {
bucket = var.backend_bucket
prefix = format("vpc/%s", format("gke-networktest-%s", var.stage))
}
}