-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7 from FairwindsOps/do/shared-vpc
Shared VPC network module
- Loading branch information
Showing
4 changed files
with
156 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# Changelog | ||
All notable changes to this project will be documented in this file. | ||
|
||
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) | ||
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). | ||
|
||
|
||
## 1.0.0 | ||
|
||
## Added | ||
|
||
* Initial release of the `shared-vpc` module, which features public networking and VPC-native functionality for two subnetworks, `staging` and `prod`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
### shared-vpc modules example parameters | ||
This directory contains two modules intended for use with each other, in order to create VPC intended to be shared. The first module, `network`, simply creates the network resource`, while the second module, `subnetwork`, creates a subnetwork within that network. The subnetwork is configured to create secondary IP alias ranges necessary for VPC-native GKE functionality. | ||
|
||
Each subnetwork is intended for association with an individual service project. You can instantiate the subnetwork module as many times as you'd like within a given network to fit your needs. Just be sure to adjust your names and IP ranges accordingly for no conflicts. | ||
|
||
To use these modules, you'd fill out your `network.tf` like this: | ||
|
||
``` | ||
module "network" { | ||
source = "git@github.com:FairwindsOps/terraform-gcp-vpc-native//shared-vpc/network?ref=shared-vpc-v0.0.1" | ||
// base network parameters | ||
network_name = "example-shared-vpc-1" | ||
region = "us-central1" | ||
} | ||
module "staging_subnetwork" { | ||
source = "git@github.com:FairwindsOps/terraform-gcp-vpc-native//shared-vpc/subnetwork?ref=shared-vpc-v0.0.1" | ||
// base subnetwork parameters | ||
shared_vpc = "${module.network.shared_vpc}" | ||
subnetwork_name = "example-staging-1" | ||
region = "${module.network.region}" | ||
enable_flow_logs = "false" | ||
//specify the staging subnetwork primary and secondary CIDRs for IP aliasing | ||
subnetwork_range = "172.16.0.0/24" | ||
subnetwork_pods = "172.16.128.0/17" | ||
subnetwork_services = "172.16.64.0/18" | ||
} | ||
module "prod_subnetwork" { | ||
source = "git@github.com:FairwindsOps/terraform-gcp-vpc-native//shared-vpc/subnetwork?ref=shared-vpc-v0.0.1" | ||
// base subnetwork parameters | ||
shared_vpc = "${module.network.shared_vpc}" | ||
subnetwork_name = "example-production-1" | ||
region = "${module.network.region}" | ||
enable_flow_logs = "false" | ||
//specify the prod subnetwork primary and secondary CIDRs for IP aliasing | ||
subnetwork_range = "172.17.0.0/24" | ||
subnetwork_pods = "172.17.128.0/17" | ||
subnetwork_services = "172.17.64.0/18" | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
####################### | ||
# Define all the variables we'll need | ||
####################### | ||
|
||
variable "network_name" { | ||
description = "the name of the network" | ||
} | ||
|
||
variable "region" { | ||
description = "region to use" | ||
} | ||
|
||
####################### | ||
# Create the network and subnetworks, including secondary IP ranges on subnetworks | ||
####################### | ||
|
||
resource "google_compute_network" "shared_vpc" { | ||
name = "${var.network_name}" | ||
routing_mode = "GLOBAL" | ||
auto_create_subnetworks = "false" | ||
} | ||
|
||
####################### | ||
# Provide outputs to be used in subnetwork and GKE cluster creation | ||
####################### | ||
output "shared_vpc" { | ||
value = "${google_compute_network.shared_vpc.self_link}" | ||
} | ||
|
||
output "region" { | ||
description = "The region in which this network exists" | ||
value = "${var.region}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
variable "shared_vpc" { | ||
description = "self_link of the shared vpc to create subnetwork in" | ||
} | ||
|
||
variable "region" { | ||
description = "region to use" | ||
} | ||
|
||
variable "subnetwork_name" { | ||
description = "name for the subnetwork" | ||
} | ||
|
||
variable "enable_flow_logs" { | ||
description = "whether to turn on flow logs or not" | ||
} | ||
|
||
variable "subnetwork_range" { | ||
description = "CIDR for subnetwork nodes" | ||
} | ||
|
||
variable "subnetwork_pods" { | ||
description = "secondary CIDR for pods" | ||
} | ||
|
||
variable "subnetwork_services" { | ||
description = "secondary CIDR for services" | ||
} | ||
|
||
|
||
/* note that for secondary ranges necessary for GKE Alias IPs, the ranges have | ||
to be manually specified with terraform currently -- no GKE automagic allowed here. */ | ||
resource "google_compute_subnetwork" "subnetwork" { | ||
name = "${var.subnetwork_name}" | ||
ip_cidr_range = "${var.subnetwork_range}" | ||
network = "${var.shared_vpc}" | ||
region = "${var.region}" | ||
private_ip_google_access = true | ||
enable_flow_logs = "${var.enable_flow_logs}" | ||
secondary_ip_range = { | ||
range_name = "gke-pods-1" | ||
ip_cidr_range = "${var.subnetwork_pods}" | ||
} | ||
secondary_ip_range = { | ||
range_name = "gke-services-1" | ||
ip_cidr_range = "${var.subnetwork_services}" | ||
} | ||
|
||
/* We ignore changes on secondary_ip_range because terraform doesn't list | ||
them in the same order every time during runs. */ | ||
lifecycle { | ||
ignore_changes = [ "secondary_ip_range" ] | ||
} | ||
} | ||
|
||
####################### | ||
# Provide outputs to be used in GKE cluster creation | ||
####################### | ||
output "subnetwork" { | ||
value = "${google_compute_subnetwork.subnetwork.name}" | ||
} | ||
|
||
output "subnetwork_pods" { | ||
value = "${var.subnetwork_pods}" | ||
} | ||
|
||
output "gke_pods_1" { | ||
value = "gke-pods-1" | ||
} | ||
|
||
output "gke_services_1" { | ||
value = "gke-services-1" | ||
} |