Skip to content

Commit

Permalink
Merge pull request #7 from FairwindsOps/do/shared-vpc
Browse files Browse the repository at this point in the history
Shared VPC network module
  • Loading branch information
dosullivan authored Sep 4, 2019
2 parents 78ca2a2 + b4f8557 commit a11c19b
Show file tree
Hide file tree
Showing 4 changed files with 156 additions and 0 deletions.
12 changes: 12 additions & 0 deletions shared-vpc/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Changelog
All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).


## 1.0.0

## Added

* Initial release of the `shared-vpc` module, which features public networking and VPC-native functionality for two subnetworks, `staging` and `prod`.
39 changes: 39 additions & 0 deletions shared-vpc/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
### shared-vpc modules example parameters
This directory contains two modules intended for use with each other, in order to create VPC intended to be shared. The first module, `network`, simply creates the network resource`, while the second module, `subnetwork`, creates a subnetwork within that network. The subnetwork is configured to create secondary IP alias ranges necessary for VPC-native GKE functionality.

Each subnetwork is intended for association with an individual service project. You can instantiate the subnetwork module as many times as you'd like within a given network to fit your needs. Just be sure to adjust your names and IP ranges accordingly for no conflicts.

To use these modules, you'd fill out your `network.tf` like this:

```
module "network" {
source = "git@github.com:FairwindsOps/terraform-gcp-vpc-native//shared-vpc/network?ref=shared-vpc-v0.0.1"
// base network parameters
network_name = "example-shared-vpc-1"
region = "us-central1"
}
module "staging_subnetwork" {
source = "git@github.com:FairwindsOps/terraform-gcp-vpc-native//shared-vpc/subnetwork?ref=shared-vpc-v0.0.1"
// base subnetwork parameters
shared_vpc = "${module.network.shared_vpc}"
subnetwork_name = "example-staging-1"
region = "${module.network.region}"
enable_flow_logs = "false"
//specify the staging subnetwork primary and secondary CIDRs for IP aliasing
subnetwork_range = "172.16.0.0/24"
subnetwork_pods = "172.16.128.0/17"
subnetwork_services = "172.16.64.0/18"
}
module "prod_subnetwork" {
source = "git@github.com:FairwindsOps/terraform-gcp-vpc-native//shared-vpc/subnetwork?ref=shared-vpc-v0.0.1"
// base subnetwork parameters
shared_vpc = "${module.network.shared_vpc}"
subnetwork_name = "example-production-1"
region = "${module.network.region}"
enable_flow_logs = "false"
//specify the prod subnetwork primary and secondary CIDRs for IP aliasing
subnetwork_range = "172.17.0.0/24"
subnetwork_pods = "172.17.128.0/17"
subnetwork_services = "172.17.64.0/18"
}
```
33 changes: 33 additions & 0 deletions shared-vpc/network/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
#######################
# Define all the variables we'll need
#######################

variable "network_name" {
description = "the name of the network"
}

variable "region" {
description = "region to use"
}

#######################
# Create the network and subnetworks, including secondary IP ranges on subnetworks
#######################

resource "google_compute_network" "shared_vpc" {
name = "${var.network_name}"
routing_mode = "GLOBAL"
auto_create_subnetworks = "false"
}

#######################
# Provide outputs to be used in subnetwork and GKE cluster creation
#######################
output "shared_vpc" {
value = "${google_compute_network.shared_vpc.self_link}"
}

output "region" {
description = "The region in which this network exists"
value = "${var.region}"
}
72 changes: 72 additions & 0 deletions shared-vpc/subnetwork/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
variable "shared_vpc" {
description = "self_link of the shared vpc to create subnetwork in"
}

variable "region" {
description = "region to use"
}

variable "subnetwork_name" {
description = "name for the subnetwork"
}

variable "enable_flow_logs" {
description = "whether to turn on flow logs or not"
}

variable "subnetwork_range" {
description = "CIDR for subnetwork nodes"
}

variable "subnetwork_pods" {
description = "secondary CIDR for pods"
}

variable "subnetwork_services" {
description = "secondary CIDR for services"
}


/* note that for secondary ranges necessary for GKE Alias IPs, the ranges have
to be manually specified with terraform currently -- no GKE automagic allowed here. */
resource "google_compute_subnetwork" "subnetwork" {
name = "${var.subnetwork_name}"
ip_cidr_range = "${var.subnetwork_range}"
network = "${var.shared_vpc}"
region = "${var.region}"
private_ip_google_access = true
enable_flow_logs = "${var.enable_flow_logs}"
secondary_ip_range = {
range_name = "gke-pods-1"
ip_cidr_range = "${var.subnetwork_pods}"
}
secondary_ip_range = {
range_name = "gke-services-1"
ip_cidr_range = "${var.subnetwork_services}"
}

/* We ignore changes on secondary_ip_range because terraform doesn't list
them in the same order every time during runs. */
lifecycle {
ignore_changes = [ "secondary_ip_range" ]
}
}

#######################
# Provide outputs to be used in GKE cluster creation
#######################
output "subnetwork" {
value = "${google_compute_subnetwork.subnetwork.name}"
}

output "subnetwork_pods" {
value = "${var.subnetwork_pods}"
}

output "gke_pods_1" {
value = "gke-pods-1"
}

output "gke_services_1" {
value = "gke-services-1"
}

0 comments on commit a11c19b

Please sign in to comment.