Skip to content

Commit

Permalink
Update VPN-HA module to tf1.3 (wip)
Browse files Browse the repository at this point in the history
  • Loading branch information
@juliocc
juliocc committed Nov 30, 2022
1 parent f9f4272 commit 798d3a4
Show file tree
Hide file tree
Showing 20 changed files with 417 additions and 584 deletions.
94 changes: 39 additions & 55 deletions blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,93 +15,77 @@
# tfdoc:file:description Landing to Development VPN for region 1.

module "landing-to-dev-vpn-r1" {
source = "../../../modules/net-vpn-ha"
project_id = var.project_id
network = module.landing-vpc.self_link
region = var.regions.r1
name = "${var.prefix}-lnd-to-dev-r1"
router_create = false
router_name = "${var.prefix}-lnd-vpn-r1"
source = "../../../modules/net-vpn-ha"
project_id = var.project_id
network = module.landing-vpc.self_link
region = var.regions.r1
name = "${var.prefix}-lnd-to-dev-r1"
# router is created and managed by the production VPN module
# so we don't configure advertisements here
peer_gcp_gateway = module.dev-to-landing-vpn-r1.self_link
router_config = {
create = false
name = "${var.prefix}-lnd-vpn-r1"
asn = 64514
}
peer_gateway = { gcp = module.dev-to-landing-vpn-r1.self_link }
tunnels = {
0 = {
bgp_peer = {
address = "169.254.2.2"
asn = var.vpn_configs.dev-r1.asn
}
# use this attribute to configure different advertisements for dev
bgp_peer_options = null
bgp_session_range = "169.254.2.1/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = null
vpn_gateway_interface = 0
bgp_session_range = "169.254.2.1/30"
ike_version = 2
vpn_gateway_interface = 0
}
1 = {
bgp_peer = {
address = "169.254.2.6"
asn = var.vpn_configs.dev-r1.asn
}
# use this attribute to configure different advertisements for dev
bgp_peer_options = null
bgp_session_range = "169.254.2.5/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = null
vpn_gateway_interface = 1
bgp_session_range = "169.254.2.5/30"
ike_version = 2
vpn_gateway_interface = 1
}
}
}

module "dev-to-landing-vpn-r1" {
source = "../../../modules/net-vpn-ha"
project_id = var.project_id
network = module.dev-vpc.self_link
region = var.regions.r1
name = "${var.prefix}-dev-to-lnd-r1"
router_create = true
router_name = "${var.prefix}-dev-vpn-r1"
router_asn = var.vpn_configs.dev-r1.asn
router_advertise_config = (
var.vpn_configs.dev-r1.custom_ranges == null
? null
: {
groups = null
ip_ranges = coalesce(var.vpn_configs.dev-r1.custom_ranges, {})
mode = "CUSTOM"
source = "../../../modules/net-vpn-ha"
project_id = var.project_id
network = module.dev-vpc.self_link
region = var.regions.r1
name = "${var.prefix}-dev-to-lnd-r1"
router_config = {
name = "${var.prefix}-dev-vpn-r1"
asn = var.vpn_configs.dev-r1.asn
router_advertise_config = {
all_subnets = false
ip_ranges = coalesce(var.vpn_configs.dev-r1.custom_ranges, {})
mode = "CUSTOM"
}
)
peer_gcp_gateway = module.landing-to-dev-vpn-r1.self_link
}
peer_gateway = { gcp = module.landing-to-dev-vpn-r1.self_link }
tunnels = {
0 = {
bgp_peer = {
address = "169.254.2.1"
asn = var.vpn_configs.land-r1.asn
}
bgp_peer_options = null
bgp_session_range = "169.254.2.2/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = module.landing-to-dev-vpn-r1.random_secret
vpn_gateway_interface = 0
bgp_session_range = "169.254.2.2/30"
ike_version = 2
shared_secret = module.landing-to-dev-vpn-r1.random_secret
vpn_gateway_interface = 0
}
1 = {
bgp_peer = {
address = "169.254.2.5"
asn = var.vpn_configs.land-r1.asn
}
bgp_peer_options = null
bgp_session_range = "169.254.2.6/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = module.landing-to-dev-vpn-r1.random_secret
vpn_gateway_interface = 1
bgp_session_range = "169.254.2.6/30"
ike_version = 2
shared_secret = module.landing-to-dev-vpn-r1.random_secret
vpn_gateway_interface = 1
}
}
}
106 changes: 41 additions & 65 deletions blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,102 +15,78 @@
# tfdoc:file:description Landing to Production VPN for region 1.

module "landing-to-prod-vpn-r1" {
source = "../../../modules/net-vpn-ha"
project_id = var.project_id
network = module.landing-vpc.self_link
region = var.regions.r1
name = "${var.prefix}-lnd-to-prd-r1"
router_create = true
router_name = "${var.prefix}-lnd-vpn-r1"
router_asn = var.vpn_configs.land-r1.asn
router_advertise_config = (
var.vpn_configs.land-r1.custom_ranges == null
? null
: {
groups = null
ip_ranges = coalesce(var.vpn_configs.land-r1.custom_ranges, {})
mode = "CUSTOM"
source = "../../../modules/net-vpn-ha"
project_id = var.project_id
network = module.landing-vpc.self_link
region = var.regions.r1
name = "${var.prefix}-lnd-to-prd-r1"
router_config = {
name = "${var.prefix}-lnd-vpn-r1"
asn = var.vpn_configs.land-r1.asn
custom_advertise = {
all_subnets = false
ip_ranges = coalesce(var.vpn_configs.land-r1.custom_ranges, {})
}
)
peer_gcp_gateway = module.prod-to-landing-vpn-r1.self_link
}
peer_gateway = { gcp = module.prod-to-landing-vpn-r1.self_link }
tunnels = {
0 = {
bgp_peer = {
address = "169.254.0.2"
asn = var.vpn_configs.prod-r1.asn
}
bgp_peer_options = null
bgp_session_range = "169.254.0.1/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = null
vpn_gateway_interface = 0
bgp_session_range = "169.254.0.1/30"
ike_version = 2
vpn_gateway_interface = 0
}
1 = {
bgp_peer = {
address = "169.254.0.6"
asn = var.vpn_configs.prod-r1.asn
}
bgp_peer_options = null
bgp_session_range = "169.254.0.5/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = null
vpn_gateway_interface = 1
bgp_session_range = "169.254.0.5/30"
ike_version = 2
vpn_gateway_interface = 1
}
}
}

module "prod-to-landing-vpn-r1" {
source = "../../../modules/net-vpn-ha"
project_id = var.project_id
network = module.prod-vpc.self_link
region = var.regions.r1
name = "${var.prefix}-prd-to-lnd-r1"
router_create = true
router_name = "${var.prefix}-prd-vpn-r1"
router_asn = var.vpn_configs.prod-r1.asn
# the router is managed here but shared with the dev VPN
router_advertise_config = (
var.vpn_configs.prod-r1.custom_ranges == null
? null
: {
groups = null
ip_ranges = coalesce(var.vpn_configs.prod-r1.custom_ranges, {})
mode = "CUSTOM"
source = "../../../modules/net-vpn-ha"
project_id = var.project_id
network = module.prod-vpc.self_link
region = var.regions.r1
name = "${var.prefix}-prd-to-lnd-r1"
router_config = {
name = "${var.prefix}-prd-vpn-r1"
asn = var.vpn_configs.prod-r1.asn
# the router is managed here but shared with the dev VPN
custom_advertise = {
all_subnets = false
ip_ranges = coalesce(var.vpn_configs.prod-r1.custom_ranges, {})
}
)
peer_gcp_gateway = module.landing-to-prod-vpn-r1.self_link
}
peer_gateway = { gcp = module.landing-to-prod-vpn-r1.self_link }
tunnels = {
0 = {
bgp_peer = {
address = "169.254.0.1"
asn = var.vpn_configs.land-r1.asn
}
# use this attribute to configure different advertisements for prod
bgp_peer_options = null
bgp_session_range = "169.254.0.2/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = module.landing-to-prod-vpn-r1.random_secret
vpn_gateway_interface = 0
bgp_session_range = "169.254.0.2/30"
ike_version = 2
shared_secret = module.landing-to-prod-vpn-r1.random_secret
vpn_gateway_interface = 0
}
1 = {
bgp_peer = {
address = "169.254.0.5"
asn = var.vpn_configs.land-r1.asn
}
# use this attribute to configure different advertisements for prod
bgp_peer_options = null
bgp_session_range = "169.254.0.6/30"
ike_version = 2
peer_external_gateway_interface = null
router = null
shared_secret = module.landing-to-prod-vpn-r1.random_secret
vpn_gateway_interface = 1
bgp_session_range = "169.254.0.6/30"
ike_version = 2
shared_secret = module.landing-to-prod-vpn-r1.random_secret
vpn_gateway_interface = 1
}
}
}
58 changes: 26 additions & 32 deletions blueprints/networking/private-cloud-function-from-onprem/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,59 +79,53 @@ module "vpn-onprem" {
region = var.region
network = module.vpc-onprem.self_link
name = "${var.name}-onprem-to-hub"
router_asn = 65001
router_advertise_config = {
groups = ["ALL_SUBNETS"]
ip_ranges = {
router_config = {
asn = 65001
custom_advertise = {
all_subnets = true
ip_ranges = {}
}
mode = "CUSTOM"
}
peer_gcp_gateway = module.vpn-hub.self_link
peer_gateway = { gcp = module.vpn-hub.self_link }
tunnels = {
tunnel-0 = {
bgp_peer = {
address = "169.254.0.2"
asn = 65002
}
bgp_peer_options = null
bgp_session_range = "169.254.0.1/30"
ike_version = 2
vpn_gateway_interface = 0
peer_external_gateway_interface = null
router = null
shared_secret = ""
bgp_session_range = "169.254.0.1/30"
ike_version = 2
vpn_gateway_interface = 0
}
tunnel-1 = {
bgp_peer = {
address = "169.254.0.6"
asn = 65002
}
bgp_peer_options = null
bgp_session_range = "169.254.0.5/30"
ike_version = 2
vpn_gateway_interface = 1
peer_external_gateway_interface = null
router = null
shared_secret = ""
bgp_session_range = "169.254.0.5/30"
ike_version = 2
vpn_gateway_interface = 1
}
}
}

module "vpn-hub" {
source = "../../../modules/net-vpn-ha"
project_id = module.project.project_id
region = var.region
network = module.vpc-hub.name
name = "${var.name}-hub-to-onprem"
router_asn = 65002
peer_gcp_gateway = module.vpn-onprem.self_link
router_advertise_config = {
groups = ["ALL_SUBNETS"]
ip_ranges = {
(var.psc_endpoint) = "to-psc-endpoint"
source = "../../../modules/net-vpn-ha"
project_id = module.project.project_id
region = var.region
network = module.vpc-hub.name
name = "${var.name}-hub-to-onprem"
router_config = {
asn = 65002
custom_advertise = {
all_subnets = true
ip_ranges = {
(var.psc_endpoint) = "to-psc-endpoint"
}
}
mode = "CUSTOM"
}
peer_gateway = { gcp = module.vpn-onprem.self_link }

tunnels = {
tunnel-0 = {
bgp_peer = {
Expand Down
13 changes: 3 additions & 10 deletions fast/stages/02-networking-nva/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -235,10 +235,7 @@ variable "vpn_onprem_configs" {
})
peer_external_gateway = object({
redundancy_type = string
interfaces = list(object({
id = number
ip_address = string
}))
interfaces = list(string)
})
tunnels = list(object({
peer_asn = number
Expand All @@ -258,9 +255,7 @@ variable "vpn_onprem_configs" {
}
peer_external_gateway = {
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
interfaces = [
{ id = 0, ip_address = "8.8.8.8" },
]
interfaces = ["8.8.8.8"]
}
tunnels = [
{
Expand Down Expand Up @@ -288,9 +283,7 @@ variable "vpn_onprem_configs" {
}
peer_external_gateway = {
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
interfaces = [
{ id = 0, ip_address = "8.8.8.8" },
]
interfaces = ["8.8.8.8"]
}
tunnels = [
{
Expand Down

0 comments on commit 798d3a4

Please sign in to comment.