From 93537e5da5de7e6af82a7194feb0bb2e5cd82fab Mon Sep 17 00:00:00 2001 From: Slawomir Koszewski Date: Mon, 31 Mar 2025 10:10:39 +0200 Subject: [PATCH] Finished first version of network, network-peering and linux-vm modules. --- main.tf | 73 +++++++++++++++++++++++----- modules/network-peering/main.tf | 24 +++++++++ modules/network-peering/variables.tf | 23 +++++++++ modules/network/main.tf | 20 ++++---- modules/network/outputs.tf | 9 ++++ variables.tf | 57 +++++++--------------- 6 files changed, 145 insertions(+), 61 deletions(-) create mode 100644 modules/network-peering/main.tf create mode 100644 modules/network-peering/variables.tf create mode 100644 modules/network/outputs.tf diff --git a/main.tf b/main.tf index 86dea30..41f8d54 100644 --- a/main.tf +++ b/main.tf @@ -9,25 +9,76 @@ terraform { provider "google" { # Configuration options - region = var.region - zone = var.zone - project = var.project_id + region = var.hub.region + zone = var.hub.zone + project = var.hub.project } -module "network" { +module "hub_network" { source = "./modules/network" - name = var.network_name - subnets = var.subnets + name = "${var.hub.name}-vpc" + subnets = [{ + name = "${var.hub.name}-network" + cidr = var.hub.cidr + region = var.hub.region + }] } -module "vm" { +module "spoke_network" { + source = "./modules/network" + + name = "${var.spoke.name}-vpc" + subnets = [ + { + name = "${var.spoke.name}-network" + cidr = var.spoke.cidr + region = var.spoke.region + } + ] +} + +module "hub_to_spoke_peering" { + source = "./modules/network-peering" + + left = { + project_id = var.hub.project + network_id = module.hub_network.id + network_name = module.hub_network.name + } + + right = { + project_id = var.spoke.project + network_id = module.spoke_network.id + network_name = module.spoke_network.name + } + + hub_spoke = true + + depends_on = [ + module.hub_network, + module.spoke_network + ] +} + +module "vm-hub" { source = "./modules/linux-vm" - name = "vm-test" - network_name = var.network_name - subnet_name = var.subnets[0].name + name = "vm-${var.hub.name}" + network_name = "${var.hub.name}-vpc" + subnet_name = "${var.hub.name}-network" ssh = var.ssh - depends_on = [module.network] + depends_on = [module.hub_network] +} + +module "vm-spoke" { + source = "./modules/linux-vm" + + name = "vm-${var.spoke.name}" + network_name = "${var.spoke.name}-vpc" + subnet_name = "${var.spoke.name}-network" + ssh = var.ssh + + depends_on = [module.spoke_network] } diff --git a/modules/network-peering/main.tf b/modules/network-peering/main.tf new file mode 100644 index 0000000..e8cd38f --- /dev/null +++ b/modules/network-peering/main.tf @@ -0,0 +1,24 @@ +# Peering +resource "google_compute_network_peering" "left_to_right" { + name = "${var.left.network_name}-to-${var.right.network_name}" + network = var.left.network_id + peer_network = var.right.network_id + + export_custom_routes = true + import_custom_routes = var.hub_spoke ? false : true + + export_subnet_routes_with_public_ip = true + import_subnet_routes_with_public_ip = var.hub_spoke ? false : true +} + +resource "google_compute_network_peering" "right_to_left" { + name = "${var.right.network_name}-to-${var.left.network_name}" + network = var.right.network_id + peer_network = var.left.network_id + + export_custom_routes = var.hub_spoke ? false : true + import_custom_routes = true + + export_subnet_routes_with_public_ip = var.hub_spoke ? false : true + import_subnet_routes_with_public_ip = true +} diff --git a/modules/network-peering/variables.tf b/modules/network-peering/variables.tf new file mode 100644 index 0000000..de9468a --- /dev/null +++ b/modules/network-peering/variables.tf @@ -0,0 +1,23 @@ +variable "left" { + description = "The left side of the peering connection." + type = object({ + project_id = string + network_id = string + network_name = string + }) +} + +variable "right" { + description = "The right side of the peering connection." + type = object({ + project_id = string + network_id = string + network_name = string + }) +} + +variable "hub_spoke" { + type = bool + default = false + description = "Set to true if the peering is hub-spoke." +} diff --git a/modules/network/main.tf b/modules/network/main.tf index 1257125..f97d81f 100644 --- a/modules/network/main.tf +++ b/modules/network/main.tf @@ -1,5 +1,5 @@ # VPC -resource "google_compute_network" "vpc_network" { +resource "google_compute_network" "network" { name = var.name auto_create_subnetworks = false } @@ -10,21 +10,21 @@ resource "google_compute_subnetwork" "subnet" { name = var.subnets[count.index].name ip_cidr_range = var.subnets[count.index].cidr region = var.subnets[count.index].region != null ? var.subnets[count.index].region : var.subnets[0].region - network = google_compute_network.vpc_network.id + network = google_compute_network.network.id } # Cloud NAT resource "google_compute_router" "cr" { name = "${var.name}-router" - network = google_compute_network.vpc_network.id - region = var.subnets[0].region + network = var.name + + depends_on = [google_compute_network.network] } -resource "google_compute_router_nat" "name" { - name = "${var.name}-nat" - region = var.subnets[0].region - router = google_compute_router.cr.name - nat_ip_allocate_option = "AUTO_ONLY" +resource "google_compute_router_nat" "nat" { + name = "${var.name}-nat" + router = google_compute_router.cr.name + nat_ip_allocate_option = "AUTO_ONLY" source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" - enable_dynamic_port_allocation = true + enable_dynamic_port_allocation = true } diff --git a/modules/network/outputs.tf b/modules/network/outputs.tf new file mode 100644 index 0000000..0a87d55 --- /dev/null +++ b/modules/network/outputs.tf @@ -0,0 +1,9 @@ +output "id" { + description = "The ID of the VPC network." + value = google_compute_network.network.id +} + +output "name" { + description = "The name of the VPC network." + value = google_compute_network.network.name +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 408eeeb..c0699b8 100644 --- a/variables.tf +++ b/variables.tf @@ -1,45 +1,21 @@ -variable "project_id" { - description = "The ID of the project." - type = string +variable "hub" { + type = object({ + name = string + region = string + zone = string + project = string + cidr = string + }) } -variable "region" { - description = "The region for the resources." - type = string - default = "us-west1" -} - -variable "zone" { - description = "The zone for the resources." - type = string - default = "us-west1-a" -} - -variable "network_name" { - description = "The name of the network." - type = string - default = "dom-lab-network" -} - -variable "subnets" { - description = "A list of subnets to create." - - type = list(object({ - name = string - cidr = string - region = string - })) - - default = [{ - name = "waw-default" - cidr = "192.168.16.0/24" - region = "us-west1" - }] - - validation { - condition = var.subnets[0].region != null - error_message = "The region for the first subnet must be specified." - } +variable "spoke" { + type = object({ + name = string + region = string + zone = string + project = string + cidr = string + }) } variable "ssh" { @@ -48,6 +24,7 @@ variable "ssh" { public_key = string ssh_user = string })) + default = [{ public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1Z96CGdoNnbazs89cdnDLDdju6UtuKAZctEAmnEaAC" ssh_user = "slawek@1password"