slawek/gcp-simple-lz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added conditional project designation feature for relevant modules.

Browse Source
This commit is contained in:
Sławek Koszewski
2025-03-31 21:17:33 +02:00
parent fadc7573cb
commit e7222382f1
13 changed files with 89 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+14 -4
View File
@@ -7,8 +7,18 @@ There are two submodules:
* Network - a module that creates a VPC with defined subnets * Network - a module that creates a VPC with defined subnets
* Cloud VPN - a module that creates a Cloud VPN * Cloud VPN - a module that creates a Cloud VPN
Compute Engine free tier regions: Compute Engine free tier regions:
* Oregon - **us-west1** * Oregon (**us-west1**)
* Iowa - **us-central1** * `us-west1-a`
* South Carolina - **us-east1** * `us-west1-b`
* `us-west1-c`
* Iowa (**us-central1**)
* `us-central1-a`
* `us-central1-b`
* `us-central1-c`
* `us-central1-f`
* South Carolina (**us-east1**)
* `us-east1-b`
* `us-east1-c`
* `us-east1-d`
main.tf
+15 -7
View File
@@ -7,9 +7,14 @@ terraform {
} }
} }
locals {
hub_region = substr(var.hub.zone, 0, length(var.hub.zone) - 2)
spoke_region = substr(var.spoke.zone, 0, length(var.spoke.zone) - 2)
}
provider "google" { provider "google" {
# Configuration options # Configuration options
region = var.hub.region region = local.hub_region
zone = var.hub.zone zone = var.hub.zone
project = var.hub.project project = var.hub.project
} }
@@ -18,10 +23,11 @@ module "hub_network" {
source = "./modules/network" source = "./modules/network"
name = "${var.hub.name}-vpc" name = "${var.hub.name}-vpc"
subnets = [{ subnets = [{
name = "${var.hub.name}-network" name = "${var.hub.name}-network"
cidr = var.hub.cidr cidr = var.hub.cidr
region = var.hub.region region = local.hub_region
}] }]
nat = true nat = true
@@ -30,12 +36,14 @@ module "hub_network" {
module "spoke_network" { module "spoke_network" {
source = "./modules/network" source = "./modules/network"
name = "${var.spoke.name}-vpc" name = "${var.spoke.name}-vpc"
project_id = var.spoke.project
subnets = [ subnets = [
{ {
name = "${var.spoke.name}-network" name = "${var.spoke.name}-network"
cidr = var.spoke.cidr cidr = var.spoke.cidr
region = var.spoke.region region = local.spoke_region
} }
] ]
@@ -70,7 +78,7 @@ module "gw" {
name = "${var.hub.name}-vpn" name = "${var.hub.name}-vpn"
network_name = module.hub_network.name network_name = module.hub_network.name
region = var.hub.region region = local.hub_region
vpn_external_ip = var.vpn_external_ip vpn_external_ip = var.vpn_external_ip
} }
@@ -102,6 +110,7 @@ module "vm_spoke" {
source = "./modules/linux-vm" source = "./modules/linux-vm"
name = "vm-${var.spoke.name}" name = "vm-${var.spoke.name}"
project_id = var.spoke.project
network_name = "${var.spoke.name}-vpc" network_name = "${var.spoke.name}-vpc"
subnet_name = "${var.spoke.name}-network" subnet_name = "${var.spoke.name}-network"
ssh = var.ssh ssh = var.ssh
@@ -112,8 +121,7 @@ module "vm_spoke" {
module "koszewscy_internal_zone" { module "koszewscy_internal_zone" {
source = "./modules/dns-managed-zone" source = "./modules/dns-managed-zone"
project_id = var.hub.project dns_name = "koszewscy.waw.pl."
dns_name = "koszewscy.waw.pl."
network_id = module.hub_network.id network_id = module.hub_network.id
modules/cloud-vpn-tunnel/main.tf
+5 -1
View File
@@ -1,3 +1,5 @@
data "google_client_config" "default" {}
data "google_compute_vpn_gateway" "gw" { data "google_compute_vpn_gateway" "gw" {
name = var.gw_name name = var.gw_name
} }
@@ -6,12 +8,13 @@ locals {
vpc_name = regex("networks/([^/]+)$", data.google_compute_vpn_gateway.gw.network)[0] vpc_name = regex("networks/([^/]+)$", data.google_compute_vpn_gateway.gw.network)[0]
} }
data google_compute_network network { data "google_compute_network" "network" {
name = local.vpc_name name = local.vpc_name
} }
resource "google_compute_vpn_tunnel" "tunnel" { resource "google_compute_vpn_tunnel" "tunnel" {
name = var.name name = var.name
project = var.project_id != null ? var.project_id : data.google_client_config.default.project
target_vpn_gateway = data.google_compute_vpn_gateway.gw.id target_vpn_gateway = data.google_compute_vpn_gateway.gw.id
shared_secret = var.shared_secret shared_secret = var.shared_secret
@@ -25,6 +28,7 @@ resource "google_compute_vpn_tunnel" "tunnel" {
resource "google_compute_route" "route_to_remote_network" { resource "google_compute_route" "route_to_remote_network" {
count = length(var.remote_selectors) count = length(var.remote_selectors)
name = "${data.google_compute_network.network.name}-to-${replace(var.remote_selectors[count.index], "/[./]/", "-")}" name = "${data.google_compute_network.network.name}-to-${replace(var.remote_selectors[count.index], "/[./]/", "-")}"
project = var.project_id != null ? var.project_id : data.google_client_config.default.project
network = data.google_compute_network.network.name network = data.google_compute_network.network.name
dest_range = var.remote_selectors[count.index] dest_range = var.remote_selectors[count.index]
next_hop_vpn_tunnel = google_compute_vpn_tunnel.tunnel.id next_hop_vpn_tunnel = google_compute_vpn_tunnel.tunnel.id
modules/cloud-vpn-tunnel/variables.tf
+7
View File
@@ -3,6 +3,13 @@ variable "name" {
type = string type = string
} }
variable "project_id" {
description = "The GCP project ID. If not provided, the default project will be used."
type = string
nullable = true
default = null
}
variable "gw_name" { variable "gw_name" {
description = "The name of the VPN gateway" description = "The name of the VPN gateway"
type = string type = string
modules/cloud-vpn/main.tf
+8 -1
View File
@@ -1,14 +1,18 @@
data "google_client_config" "default" {}
# Cloud VPN # Cloud VPN
resource "google_compute_vpn_gateway" "gw" { resource "google_compute_vpn_gateway" "gw" {
name = var.name name = var.name
network = var.network_name network = var.network_name
region = var.region region = var.region
project = var.project_id != null ? var.project_id : data.google_client_config.default.project
} }
resource "google_compute_address" "vpn_ip" { resource "google_compute_address" "vpn_ip" {
count = var.vpn_external_ip != null ? 0 : 1 count = var.vpn_external_ip != null ? 0 : 1
name = "${var.name}-ip" name = "${var.name}-ip"
project = var.project_id != null ? var.project_id : data.google_client_config.default.project
region = var.region region = var.region
address_type = "EXTERNAL" address_type = "EXTERNAL"
} }
@@ -16,11 +20,12 @@ resource "google_compute_address" "vpn_ip" {
data "google_compute_address" "vpn_ip" { data "google_compute_address" "vpn_ip" {
count = var.vpn_external_ip != null ? 1 : 0 count = var.vpn_external_ip != null ? 1 : 0
name = var.vpn_external_ip name = var.vpn_external_ip
} }
resource "google_compute_forwarding_rule" "gw_fw_esp" { resource "google_compute_forwarding_rule" "gw_fw_esp" {
name = "fwd-esp" name = "fwd-esp"
project = var.project_id != null ? var.project_id : data.google_client_config.default.project
ip_protocol = "ESP" ip_protocol = "ESP"
ip_address = var.vpn_external_ip != null ? data.google_compute_address.vpn_ip[0].address : google_compute_address.vpn_ip[0].address ip_address = var.vpn_external_ip != null ? data.google_compute_address.vpn_ip[0].address : google_compute_address.vpn_ip[0].address
target = google_compute_vpn_gateway.gw.id target = google_compute_vpn_gateway.gw.id
@@ -28,6 +33,7 @@ resource "google_compute_forwarding_rule" "gw_fw_esp" {
resource "google_compute_forwarding_rule" "gw_fw_udp_500" { resource "google_compute_forwarding_rule" "gw_fw_udp_500" {
name = "fwd-udp-500" name = "fwd-udp-500"
project = var.project_id != null ? var.project_id : data.google_client_config.default.project
ip_protocol = "UDP" ip_protocol = "UDP"
ip_address = var.vpn_external_ip != null ? data.google_compute_address.vpn_ip[0].address : google_compute_address.vpn_ip[0].address ip_address = var.vpn_external_ip != null ? data.google_compute_address.vpn_ip[0].address : google_compute_address.vpn_ip[0].address
port_range = "500" port_range = "500"
@@ -36,6 +42,7 @@ resource "google_compute_forwarding_rule" "gw_fw_udp_500" {
resource "google_compute_forwarding_rule" "gw_fw_udp_4500" { resource "google_compute_forwarding_rule" "gw_fw_udp_4500" {
name = "fwd-udp-4500" name = "fwd-udp-4500"
project = var.project_id != null ? var.project_id : data.google_client_config.default.project
ip_protocol = "UDP" ip_protocol = "UDP"
ip_address = var.vpn_external_ip != null ? data.google_compute_address.vpn_ip[0].address : google_compute_address.vpn_ip[0].address ip_address = var.vpn_external_ip != null ? data.google_compute_address.vpn_ip[0].address : google_compute_address.vpn_ip[0].address
port_range = "4500" port_range = "4500"
modules/cloud-vpn/variables.tf
+7
View File
@@ -3,6 +3,13 @@ variable "name" {
type = string type = string
} }
variable "project_id" {
description = "The GCP project ID. If not provided, the default project will be used."
type = string
nullable = true
default = null
}
variable "network_name" { variable "network_name" {
description = "The name of the network." description = "The name of the network."
type = string type = string
modules/dns-managed-zone/main.tf
+4 -2
View File
@@ -1,7 +1,9 @@
data "google_client_config" "default" {}
resource "google_dns_managed_zone" "zone" { resource "google_dns_managed_zone" "zone" {
dns_name = var.dns_name dns_name = var.dns_name
name = var.zone_name != null ? var.zone_name : "${replace(replace(var.dns_name, "/\\.$/", ""), ".", "-")}-zone" name = var.zone_name != null ? var.zone_name : "${replace(replace(var.dns_name, "/\\.$/", ""), ".", "-")}-zone"
project = var.project_id project = var.project_id != null ? var.project_id : data.google_client_config.default.project
visibility = var.network_id != null ? "private" : "public" visibility = var.network_id != null ? "private" : "public"
@@ -38,7 +40,7 @@ resource "google_dns_managed_zone" "zone" {
resource "google_dns_record_set" "records" { resource "google_dns_record_set" "records" {
count = length(var.resource_records) count = length(var.resource_records)
project = var.project_id project = var.project_id != null ? var.project_id : data.google_client_config.default.project
managed_zone = google_dns_managed_zone.zone.name managed_zone = google_dns_managed_zone.zone.name
name = var.resource_records[count.index].name name = var.resource_records[count.index].name
modules/dns-managed-zone/variables.tf
+3 -1
View File
@@ -1,6 +1,8 @@
variable "project_id" { variable "project_id" {
description = "The project ID where the managed zone will be created." description = "The GCP project ID. If not provided, the default project will be used."
type = string type = string
nullable = true
default = null
} }
variable "dns_name" { variable "dns_name" {
modules/linux-vm/main.tf
+6 -2
View File
@@ -1,7 +1,10 @@
data "google_client_config" "default" {}
resource "google_compute_instance" "vm_hub" { resource "google_compute_instance" "vm_hub" {
name = var.name name = var.name
machine_type = var.machine_type machine_type = var.machine_type
can_ip_forward = var.can_ip_forward can_ip_forward = var.can_ip_forward
project = var.project_id != null ? var.project_id : data.google_client_config.default.project
description = var.description description = var.description
boot_disk { boot_disk {
@@ -11,8 +14,9 @@ resource "google_compute_instance" "vm_hub" {
} }
network_interface { network_interface {
network = var.network_name network = var.network_name
subnetwork = var.subnet_name subnetwork = var.subnet_name
subnetwork_project = var.project_id != null ? var.project_id : data.google_client_config.default.project
} }
metadata = { metadata = {
modules/linux-vm/variables.tf
+7
View File
@@ -3,6 +3,13 @@ variable "name" {
type = string type = string
} }
variable "project_id" {
description = "The GCP project ID. If not provided, the default project will be used."
type = string
nullable = true
default = null
}
variable "machine_type" { variable "machine_type" {
description = "The machine type of the VM instance." description = "The machine type of the VM instance."
type = string type = string
modules/network/main.tf
+6
View File
@@ -1,13 +1,17 @@
data "google_client_config" "default" {}
# VPC # VPC
resource "google_compute_network" "network" { resource "google_compute_network" "network" {
name = var.name name = var.name
auto_create_subnetworks = false auto_create_subnetworks = false
project = var.project_id != null ? var.project_id : data.google_client_config.default.project
} }
# Subnets # Subnets
resource "google_compute_subnetwork" "subnet" { resource "google_compute_subnetwork" "subnet" {
count = length(var.subnets) count = length(var.subnets)
name = var.subnets[count.index].name name = var.subnets[count.index].name
project = var.project_id != null ? var.project_id : data.google_client_config.default.project
ip_cidr_range = var.subnets[count.index].cidr ip_cidr_range = var.subnets[count.index].cidr
region = var.subnets[count.index].region != null ? var.subnets[count.index].region : var.subnets[0].region region = var.subnets[count.index].region != null ? var.subnets[count.index].region : var.subnets[0].region
network = google_compute_network.network.id network = google_compute_network.network.id
@@ -18,6 +22,7 @@ resource "google_compute_router" "cr" {
count = var.nat ? 1 : 0 count = var.nat ? 1 : 0
name = "${var.name}-router" name = "${var.name}-router"
network = var.name network = var.name
project = var.project_id != null ? var.project_id : data.google_client_config.default.project
depends_on = [google_compute_network.network] depends_on = [google_compute_network.network]
} }
@@ -25,6 +30,7 @@ resource "google_compute_router" "cr" {
resource "google_compute_router_nat" "nat" { resource "google_compute_router_nat" "nat" {
count = var.nat ? 1 : 0 count = var.nat ? 1 : 0
name = "${var.name}-nat" name = "${var.name}-nat"
project = var.project_id != null ? var.project_id : data.google_client_config.default.project
router = google_compute_router.cr[0].name router = google_compute_router.cr[0].name
nat_ip_allocate_option = "AUTO_ONLY" nat_ip_allocate_option = "AUTO_ONLY"
source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
modules/network/variables.tf
+7
View File
@@ -3,6 +3,13 @@ variable "name" {
type = string type = string
} }
variable "project_id" {
description = "The GCP project ID. If not provided, the default project will be used."
type = string
nullable = true
default = null
}
# A Cloud NAT will be created in the same region as the first subnet. # A Cloud NAT will be created in the same region as the first subnet.
variable "subnets" { variable "subnets" {
description = "A list of subnets with names and CIDRs." description = "A list of subnets with names and CIDRs."
variables.tf
-2
View File
@@ -1,7 +1,6 @@
variable "hub" { variable "hub" {
type = object({ type = object({
name = string name = string
region = string
zone = string zone = string
project = string project = string
cidr = string cidr = string
@@ -11,7 +10,6 @@ variable "hub" {
variable "spoke" { variable "spoke" {
type = object({ type = object({
name = string name = string
region = string
zone = string zone = string
project = string project = string
cidr = string cidr = string