Skip to content

Commit

Permalink
Merge pull request #1028 from GoogleCloudPlatform/jccb/vpn-static-and…
Browse files Browse the repository at this point in the history 
…-dynamic-tf13

Align rest of vpn modules with #1027
  • Loading branch information
@juliocc
juliocc committed Nov 30, 2022
2 parents 620babe + 70b9316 commit 4441fd0
Show file tree
Hide file tree
Showing 24 changed files with 183 additions and 258 deletions.
2 changes: 0 additions & 2 deletions blueprints/networking/hub-and-spoke-peering/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -304,7 +304,6 @@ module "vpn-hub" {
remote_ranges = values(var.private_service_ranges)
tunnels = {
spoke-2 = {
ike_version = 2
peer_ip = module.vpn-spoke-2.address
shared_secret = ""
traffic_selectors = { local = ["0.0.0.0/0"], remote = null }
Expand All @@ -323,7 +322,6 @@ module "vpn-spoke-2" {
remote_ranges = ["10.0.0.0/8"]
tunnels = {
hub = {
ike_version = 2
peer_ip = module.vpn-hub.address
shared_secret = module.vpn-hub.random_secret
traffic_selectors = { local = ["0.0.0.0/0"], remote = null }
Expand Down
4 changes: 0 additions & 4 deletions blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ module "landing-to-dev-vpn-r1" {
asn = var.vpn_configs.dev-r1.asn
}
bgp_session_range = "169.254.2.1/30"
ike_version = 2
vpn_gateway_interface = 0
}
1 = {
Expand All @@ -44,7 +43,6 @@ module "landing-to-dev-vpn-r1" {
asn = var.vpn_configs.dev-r1.asn
}
bgp_session_range = "169.254.2.5/30"
ike_version = 2
vpn_gateway_interface = 1
}
}
Expand Down Expand Up @@ -73,7 +71,6 @@ module "dev-to-landing-vpn-r1" {
asn = var.vpn_configs.land-r1.asn
}
bgp_session_range = "169.254.2.2/30"
ike_version = 2
shared_secret = module.landing-to-dev-vpn-r1.random_secret
vpn_gateway_interface = 0
}
Expand All @@ -83,7 +80,6 @@ module "dev-to-landing-vpn-r1" {
asn = var.vpn_configs.land-r1.asn
}
bgp_session_range = "169.254.2.6/30"
ike_version = 2
shared_secret = module.landing-to-dev-vpn-r1.random_secret
vpn_gateway_interface = 1
}
Expand Down
4 changes: 0 additions & 4 deletions blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ module "landing-to-prod-vpn-r1" {
asn = var.vpn_configs.prod-r1.asn
}
bgp_session_range = "169.254.0.1/30"
ike_version = 2
vpn_gateway_interface = 0
}
1 = {
Expand All @@ -45,7 +44,6 @@ module "landing-to-prod-vpn-r1" {
asn = var.vpn_configs.prod-r1.asn
}
bgp_session_range = "169.254.0.5/30"
ike_version = 2
vpn_gateway_interface = 1
}
}
Expand Down Expand Up @@ -74,7 +72,6 @@ module "prod-to-landing-vpn-r1" {
asn = var.vpn_configs.land-r1.asn
}
bgp_session_range = "169.254.0.2/30"
ike_version = 2
shared_secret = module.landing-to-prod-vpn-r1.random_secret
vpn_gateway_interface = 0
}
Expand All @@ -84,7 +81,6 @@ module "prod-to-landing-vpn-r1" {
asn = var.vpn_configs.land-r1.asn
}
bgp_session_range = "169.254.0.6/30"
ike_version = 2
shared_secret = module.landing-to-prod-vpn-r1.random_secret
vpn_gateway_interface = 1
}
Expand Down
67 changes: 30 additions & 37 deletions blueprints/networking/onprem-google-access-dns/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,65 +79,58 @@ module "vpc-firewall" {
}

module "vpn1" {
source = "../../../modules/net-vpn-dynamic"
project_id = var.project_id
region = var.region.gcp1
network = module.vpc.name
name = "to-onprem1"
router_asn = var.bgp_asn.gcp1
source = "../../../modules/net-vpn-dynamic"
project_id = var.project_id
region = var.region.gcp1
network = module.vpc.name
name = "to-onprem1"
router_config = { asn = var.bgp_asn.gcp1 }
tunnels = {
onprem = {
bgp_peer = {
address = local.bgp_interface_onprem1
asn = var.bgp_asn.onprem1
}
bgp_peer_options = {
advertise_groups = ["ALL_SUBNETS"]
advertise_ip_ranges = {
(local.netblocks.dns) = "DNS resolvers"
(local.netblocks.private) = "private.gooogleapis.com"
(local.netblocks.restricted) = "restricted.gooogleapis.com"
}
advertise_mode = "CUSTOM"
route_priority = 1000
custom_advertise = {
all_subnets = true
all_vpc_subnets = false
all_peer_vpc_subnets = false
ip_ranges = {
(local.netblocks.dns) = "DNS resolvers"
(local.netblocks.private) = "private.gooogleapis.com"
(local.netblocks.restricted) = "restricted.gooogleapis.com"
} }
}
bgp_session_range = "${local.bgp_interface_gcp1}/30"
ike_version = 2
peer_ip = module.vm-onprem.external_ip
router = null
shared_secret = ""
}
}
}

module "vpn2" {
source = "../../../modules/net-vpn-dynamic"
project_id = var.project_id
region = var.region.gcp2
network = module.vpc.name
name = "to-onprem2"
router_asn = var.bgp_asn.gcp2
source = "../../../modules/net-vpn-dynamic"
project_id = var.project_id
region = var.region.gcp2
network = module.vpc.name
name = "to-onprem2"
router_config = { asn = var.bgp_asn.gcp2 }
tunnels = {
onprem = {
bgp_peer = {
address = local.bgp_interface_onprem2
asn = var.bgp_asn.onprem2
}
bgp_peer_options = {
advertise_groups = ["ALL_SUBNETS"]
advertise_ip_ranges = {
(local.netblocks.dns) = "DNS resolvers"
(local.netblocks.private) = "private.gooogleapis.com"
(local.netblocks.restricted) = "restricted.gooogleapis.com"
custom_advertise = {
all_subnets = true
all_vpc_subnets = false
all_peer_vpc_subnets = false
ip_ranges = {
(local.netblocks.dns) = "DNS resolvers"
(local.netblocks.private) = "private.gooogleapis.com"
(local.netblocks.restricted) = "restricted.gooogleapis.com"
}
}
advertise_mode = "CUSTOM"
route_priority = 1000
}
bgp_session_range = "${local.bgp_interface_gcp2}/30"
ike_version = 2
peer_ip = module.vm-onprem.external_ip
router = null
shared_secret = ""
}
}
}
Expand Down
22 changes: 6 additions & 16 deletions blueprints/networking/private-cloud-function-from-onprem/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,6 @@ module "vpn-onprem" {
asn = 65002
}
bgp_session_range = "169.254.0.1/30"
ike_version = 2
vpn_gateway_interface = 0
}
tunnel-1 = {
Expand All @@ -103,7 +102,6 @@ module "vpn-onprem" {
asn = 65002
}
bgp_session_range = "169.254.0.5/30"
ike_version = 2
vpn_gateway_interface = 1
}
}
Expand Down Expand Up @@ -132,26 +130,18 @@ module "vpn-hub" {
address = "169.254.0.1"
asn = 65001
}
bgp_peer_options = null
bgp_session_range = "169.254.0.2/30"
ike_version = 2
vpn_gateway_interface = 0
peer_external_gateway_interface = null
router = null
shared_secret = module.vpn-onprem.random_secret
bgp_session_range = "169.254.0.2/30"
vpn_gateway_interface = 0
shared_secret = module.vpn-onprem.random_secret
}
tunnel-1 = {
bgp_peer = {
address = "169.254.0.5"
asn = 65001
}
bgp_peer_options = null
bgp_session_range = "169.254.0.6/30"
ike_version = 2
vpn_gateway_interface = 1
peer_external_gateway_interface = null
router = null
shared_secret = module.vpn-onprem.random_secret
bgp_session_range = "169.254.0.6/30"
vpn_gateway_interface = 1
shared_secret = module.vpn-onprem.random_secret
}
}
}
Expand Down
4 changes: 0 additions & 4 deletions fast/stages/02-networking-nva/vpn-onprem.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,7 @@ module "landing-to-onprem-ew1-vpn" {
}
bgp_peer_options = local.bgp_peer_options_onprem.landing-trusted-ew1
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
ike_version = 2
peer_external_gateway_interface = t.peer_external_gateway_interface
router = null
shared_secret = t.secret
vpn_gateway_interface = t.vpn_gateway_interface
}
Expand Down Expand Up @@ -87,9 +85,7 @@ module "landing-to-onprem-ew4-vpn" {
}
bgp_peer_options = local.bgp_peer_options_onprem.landing-trusted-ew4
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
ike_version = 2
peer_external_gateway_interface = t.peer_external_gateway_interface
router = null
shared_secret = t.secret
vpn_gateway_interface = t.vpn_gateway_interface
}
Expand Down
1 change: 0 additions & 1 deletion fast/stages/02-networking-peering/vpn-onprem.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ module "landing-to-onprem-ew1-vpn" {
}
bgp_peer_options = local.bgp_peer_options_onprem.landing-ew1
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
ike_version = 2
peer_external_gateway_interface = t.peer_external_gateway_interface
shared_secret = t.secret
vpn_gateway_interface = t.vpn_gateway_interface
Expand Down
1 change: 0 additions & 1 deletion fast/stages/02-networking-separate-envs/vpn-onprem-dev.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ module "dev-to-onprem-ew1-vpn" {
}
bgp_peer_options = local.bgp_peer_options_onprem.dev-ew1
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
ike_version = 2
peer_external_gateway_interface = t.peer_external_gateway_interface
shared_secret = t.secret
vpn_gateway_interface = t.vpn_gateway_interface
Expand Down
1 change: 0 additions & 1 deletion fast/stages/02-networking-separate-envs/vpn-onprem-prod.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ module "prod-to-onprem-ew1-vpn" {
}
bgp_peer_options = local.bgp_peer_options_onprem.prod-ew1
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
ike_version = 2
peer_external_gateway_interface = t.peer_external_gateway_interface
shared_secret = t.secret
vpn_gateway_interface = t.vpn_gateway_interface
Expand Down
1 change: 0 additions & 1 deletion fast/stages/02-networking-vpn/vpn-onprem.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ module "landing-to-onprem-ew1-vpn" {
}
bgp_peer_options = local.bgp_peer_options_onprem.landing-ew1
bgp_session_range = "${cidrhost(t.session_range, 2)}/30"
ike_version = 2
peer_external_gateway_interface = t.peer_external_gateway_interface
shared_secret = t.secret
vpn_gateway_interface = t.vpn_gateway_interface
Expand Down
4 changes: 0 additions & 4 deletions fast/stages/02-networking-vpn/vpn-spoke-dev.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ module "landing-to-dev-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.0/27", 2)
}/30"
ike_version = 2
vpn_gateway_interface = 0
}
1 = {
Expand All @@ -68,7 +67,6 @@ module "landing-to-dev-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.0/27", 6)
}/30"
ike_version = 2
vpn_gateway_interface = 1
}
}
Expand Down Expand Up @@ -98,7 +96,6 @@ module "dev-to-landing-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.0/27", 1)
}/30"
ike_version = 2
shared_secret = module.landing-to-dev-ew1-vpn.random_secret
vpn_gateway_interface = 0
}
Expand All @@ -111,7 +108,6 @@ module "dev-to-landing-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.0/27", 5)
}/30"
ike_version = 2
shared_secret = module.landing-to-dev-ew1-vpn.random_secret
vpn_gateway_interface = 1
}
Expand Down
16 changes: 4 additions & 12 deletions fast/stages/02-networking-vpn/vpn-spoke-prod-ew1.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ module "landing-to-prod-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.64/27", 2)
}/30"
ike_version = 2
vpn_gateway_interface = 0
}
1 = {
Expand All @@ -51,7 +50,6 @@ module "landing-to-prod-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.64/27", 6)
}/30"
ike_version = 2
vpn_gateway_interface = 1
}
}
Expand All @@ -78,11 +76,8 @@ module "prod-to-landing-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.64/27", 1)
}/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = module.landing-to-prod-ew1-vpn.random_secret
vpn_gateway_interface = 0
shared_secret = module.landing-to-prod-ew1-vpn.random_secret
vpn_gateway_interface = 0
}
1 = {
bgp_peer = {
Expand All @@ -93,11 +88,8 @@ module "prod-to-landing-ew1-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.64/27", 5)
}/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = module.landing-to-prod-ew1-vpn.random_secret
vpn_gateway_interface = 1
shared_secret = module.landing-to-prod-ew1-vpn.random_secret
vpn_gateway_interface = 1
}
}
}
4 changes: 0 additions & 4 deletions fast/stages/02-networking-vpn/vpn-spoke-prod-ew4.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ module "landing-to-prod-ew4-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.96/27", 2)
}/30"
ike_version = 2
vpn_gateway_interface = 0
}
1 = {
Expand All @@ -51,7 +50,6 @@ module "landing-to-prod-ew4-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.96/27", 6)
}/30"
ike_version = 2
vpn_gateway_interface = 1
}
}
Expand All @@ -78,7 +76,6 @@ module "prod-to-landing-ew4-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.96/27", 1)
}/30"
ike_version = 2
shared_secret = module.landing-to-prod-ew4-vpn.random_secret
vpn_gateway_interface = 0
}
Expand All @@ -91,7 +88,6 @@ module "prod-to-landing-ew4-vpn" {
bgp_session_range = "${
cidrhost("169.254.0.96/27", 5)
}/30"
ike_version = 2
shared_secret = module.landing-to-prod-ew4-vpn.random_secret
vpn_gateway_interface = 1
}
Expand Down

0 comments on commit 4441fd0

Please sign in to comment.