-
Notifications
You must be signed in to change notification settings - Fork 61
/
main.tf
112 lines (105 loc) · 3.42 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
subnet_region_name = { for subnet in var.exposure_subnets :
subnet.region => "${subnet.region}/${subnet.name}"
}
}
module "project" {
source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/project?ref=v28.0.0"
name = var.project_id
parent = var.project_parent
billing_account = var.billing_account
project_create = var.project_create
services = [
"apigee.googleapis.com",
"cloudkms.googleapis.com",
"compute.googleapis.com",
"servicenetworking.googleapis.com"
]
}
module "vpc" {
source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/net-vpc?ref=v28.0.0"
project_id = module.project.project_id
name = var.network
subnets = var.exposure_subnets
psa_config = {
ranges = {
apigee-range = var.peering_range
apigee-support-range = var.support_range
}
}
}
module "apigee-x-core" {
source = "../../modules/apigee-x-core"
project_id = module.project.project_id
apigee_environments = var.apigee_environments
apigee_envgroups = var.apigee_envgroups
apigee_instances = var.apigee_instances
ax_region = var.ax_region
network = module.vpc.network.id
}
module "apigee-x-mtls-mig" {
for_each = var.apigee_instances
source = "../../modules/apigee-x-mtls-mig"
project_id = module.project.project_id
endpoint_ip = module.apigee-x-core.instance_endpoints[each.key]
ca_cert_path = var.ca_cert_path
tls_cert_path = var.tls_cert_path
tls_key_path = var.tls_key_path
network = var.network
network_tags = var.network_tags
subnet = module.vpc.subnet_self_links[local.subnet_region_name[each.value.region]]
region = each.value.region
}
module "ilb" {
for_each = var.apigee_instances
source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/net-lb-int?ref=v28.0.0"
project_id = module.project.project_id
region = each.value.region
name = "apigee-mtls-${each.key}"
service_label = "apigee-mtls-${each.key}"
vpc_config = {
network = module.vpc.network.id
subnetwork = module.vpc.subnet_self_links[local.subnet_region_name[each.value.region]]
}
forwarding_rules_config = {
"" = {
ports = [443]
}
}
backends = [
{
group = module.apigee-x-mtls-mig[each.key].instance_group,
failover = false
balancing_mode = "CONNECTION"
}
]
health_check_config = {
tcp = { port = 443 }
}
}
resource "google_compute_firewall" "allow_ilb_hc" {
name = "hc-mtls-ilb"
project = module.project.project_id
network = var.network
source_ranges = ["130.211.0.0/22", "35.191.0.0/16"]
target_tags = var.network_tags
allow {
protocol = "tcp"
ports = ["443"]
}
}