Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/memes/terraform-google-volterra
https://github.com/memes/terraform-google-volterra
Last synced: 7 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/memes/terraform-google-volterra
- Owner: memes
- License: mit
- Created: 2021-04-01T17:47:38.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2024-10-29T03:25:39.000Z (3 months ago)
- Last Synced: 2024-10-29T04:25:09.638Z (3 months ago)
- Language: HCL
- Size: 139 KB
- Stars: 0
- Watchers: 3
- Forks: 2
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# F5 Distributed Cloud GCP VPC Site module
[](CODE_OF_CONDUCT.md)
This Terraform module creates an opinionated F5 Distributed Cloud [GCP VPC Site].
> NOTE: The intent of this module is to easily repeat a common use-case when
> deploying an F5 XC [GCP VPC Site]. It does not expose every option available.
## Opinions
1. The F5XC Site will use *existing* VPC network(s)
2. The F5XC Site will be configured as an *ingress-egress gateway* with 2 network interfaces
## Examples
### Enable standard overrides
|Item|Managed by module|Description|
|----|-----------------|-----------|
|Override googleapis.com|✓|Always directed to `restricted.googleapis.com`|
|Override gcr.io|✓|Default `overrides` value will direct to `restricted.googleapis.com`|
|Override pkg.dev|✓|Default `overrides` value will direct to `restricted.googleapis.com`|
|Added to VPC network|✓|Zones will be added as Private Cloud DNS to any VPC network provided in `network_self_links`|
|Route to private endpoints||Must be managed per-VPC|
```hcl
module "restricted_apis" {
source = "memes/restricted-apis-dns/google"
version = "1.2.0"
project_id = "my-project-id"
network_self_links = [
"projects/my-project-id/globals/network/my-network",
]
}
```
### Disable restricted override for Container Registry and Artifact Registry
|Item|Managed by module|Description|
|----|-----------------|-----------|
|Override googleapis.com|✓|Always directed to `restricted.googleapis.com`|
|Override gcr.io||Setting `overrides` to []|
|Override pkg.dev||Setting `overrides` to []|
|Added to VPC network|✓|Zones will be added as Private Cloud DNS to any VPC network provided in `network_self_links`|
|Route to private endpoints||Must be managed per-VPC|
```hcl
module "restricted_apis" {
source = "memes/restricted-apis-dns/google"
version = "1.2.0"
project_id = "my-project-id"
overrides = []
network_self_links = [
"projects/my-project-id/globals/network/my-network",
]
}
```
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.1 |
| [google](#requirement\_google) | >= 4.57 |
| [volterra](#requirement\_volterra) | >= 0.11.20 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [regions](#module\_regions) | memes/region-detail/google | 1.1.6 |
## Resources
| Name | Type |
|------|------|
| [volterra_gcp_vpc_site.site](https://registry.terraform.io/providers/volterraedge/volterra/latest/docs/resources/gcp_vpc_site) | resource |
| [volterra_tf_params_action.site](https://registry.terraform.io/providers/volterraedge/volterra/latest/docs/resources/tf_params_action) | resource |
| [google_compute_subnetwork.inside](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_subnetwork) | data source |
| [google_compute_subnetwork.outside](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_subnetwork) | data source |
| [google_compute_zones.zones](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_zones) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [cloud\_credential\_name](#input\_cloud\_credential\_name) | The name of an existing Cloud Credential to use when generating this site. | `string` | n/a | yes |
| [name](#input\_name) | The name to apply to the GCP VPC site. | `string` | n/a | yes |
| [subnets](#input\_subnets) | Provides the Compute Engine subnetworks to use for outside and, optionally,
inside networking of deployed gateway. |
object({
inside = string
outside = string
}) | n/a | yes |
| [annotations](#input\_annotations) | An optional set of key:value annotations that will be added to generated XC
resources. | `map(string)` | `{}` | no |
| [dc\_cluster\_group](#input\_dc\_cluster\_group) | n/a | object({
interface = string
name = string
namespace = string
tenant = string
}) | `null` | no |
| [description](#input\_description) | An optional description to apply to the GCP VPC Site. If empty, a generated
description will be applied. | `string` | `null` | no |
| [forward\_proxy\_policies](#input\_forward\_proxy\_policies) | n/a | list(object({
name = string
namespace = string
tenant = string
})) | `null` | no |
| [gcp\_labels](#input\_gcp\_labels) | An optional set of key:value string pairs that will be added on the | `map(string)` | `{}` | no |
| [global\_networks](#input\_global\_networks) | n/a | object({
inside = object({
name = string
namespace = string
tenant = string
})
outside = object({
name = string
namespace = string
tenant = string
})
}) | `null` | no |
| [labels](#input\_labels) | An optional set of key:value string pairs that will be added generated XC
resources. | `map(string)` | `{}` | no |
| [network\_policies](#input\_network\_policies) | n/a | object({
type = string
refs = list(object({
name = string
namespace = string
tenant = string
})) }) | `null` | no |
| [site\_options](#input\_site\_options) | n/a | object({
blocked_services = map(object({
dns = bool
ssh = bool
web_user_interface = bool
}))
log_receiver = object({
name = string
namespace = string
tenant = string
})
offline_survivability_mode = bool
perf_mode = string
sm_connection = string
}) | {
"blocked_services": null,
"log_receiver": null,
"offline_survivability_mode": false,
"perf_mode": null,
"sm_connection": null
} | no |
| [static\_routes](#input\_static\_routes) | n/a | object({
outside = object({
simple = list(string)
custom = list(object({
type = string
attrs = list(string)
labels = map(string)
interface = object({
name = string
namespace = string
tenant = string
})
address = string
subnets = list(string)
}))
})
inside = object({
# GCP VPC site does not support simple static routes on inside
# simple = list(string)
custom = list(object({
type = string
attrs = list(string)
labels = map(string)
interface = object({
name = string
namespace = string
tenant = string
})
address = string
subnets = list(string)
}))
})
}) | `null` | no |
| [vm\_options](#input\_vm\_options) | n/a | object({
disk_size = number
instance_type = string
nodes_per_az = number
os_version = string
ssh_key = string
sw_version = string
zones = list(string)
}) | {
"disk_size": 80,
"instance_type": "n2-standard-8",
"nodes_per_az": 0,
"os_version": null,
"ssh_key": null,
"sw_version": null,
"zones": null
} | no |
## Outputs
No outputs.
[f5 distributed cloud role]: https://registry.terraform.io/modules/memes/f5-distributed-cloud-role/google/latest?tab=readme
[gcp vpc site]: https://docs.cloud.f5.com/docs/how-to/site-management/create-gcp-site