Skip to content

Commit

Permalink
Update net-vpc README
Browse files Browse the repository at this point in the history
  • Loading branch information
juliocc committed May 26, 2023
1 parent 1e8c58c commit 563b5fa
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 12 deletions.
2 changes: 1 addition & 1 deletion blueprints/apigee/bigquery-analytics/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -106,5 +106,5 @@ module "test" {
europe-west1 = "10.0.0.0/28"
}
}
# tftest modules=10 resources=62
# tftest modules=10 resources=64
```
50 changes: 39 additions & 11 deletions modules/net-vpc/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ This module allows creation and management of VPC networks including subnetworks
- [DNS Policies](#dns-policies)
- [Subnet Factory](#subnet-factory)
- [Custom Routes](#custom-routes)
- [Private Google Access routes](#private-google-access-routes)
- [Allow Firewall Policy to be evaluated before Firewall Rules](#allow-firewall-policy-to-be-evaluated-before-firewall-rules)
- [Variables](#variables)
- [Outputs](#outputs)
Expand Down Expand Up @@ -45,7 +46,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=3 inventory=simple.yaml
# tftest modules=1 resources=5 inventory=simple.yaml
```

### Subnet Options
Expand Down Expand Up @@ -92,7 +93,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=5 inventory=subnet-options.yaml
# tftest modules=1 resources=7 inventory=subnet-options.yaml
```

### Subnet IAM
Expand Down Expand Up @@ -129,7 +130,7 @@ module "vpc" {
}
}
}
# tftest modules=1 resources=6 inventory=subnet-iam.yaml
# tftest modules=1 resources=8 inventory=subnet-iam.yaml
```

### Peering
Expand Down Expand Up @@ -164,7 +165,7 @@ module "vpc-spoke-1" {
import_routes = true
}
}
# tftest modules=2 resources=6 inventory=peering.yaml
# tftest modules=2 resources=10 inventory=peering.yaml
```

### Shared VPC
Expand Down Expand Up @@ -215,7 +216,7 @@ module "vpc-host" {
}
}
}
# tftest modules=1 resources=7 inventory=shared-vpc.yaml
# tftest modules=1 resources=9 inventory=shared-vpc.yaml
```

### Private Service Networking
Expand All @@ -236,7 +237,7 @@ module "vpc" {
ranges = { myrange = "10.0.1.0/24" }
}
}
# tftest modules=1 resources=5 inventory=psc.yaml
# tftest modules=1 resources=7 inventory=psc.yaml
```

### Private Service Networking with peering routes
Expand All @@ -261,7 +262,7 @@ module "vpc" {
import_routes = true
}
}
# tftest modules=1 resources=5 inventory=psc-routes.yaml
# tftest modules=1 resources=7 inventory=psc-routes.yaml
```

### Subnets for Private Service Connect, Proxy-only subnets
Expand Down Expand Up @@ -293,7 +294,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=3 inventory=proxy-only-subnets.yaml
# tftest modules=1 resources=5 inventory=proxy-only-subnets.yaml
```

### DNS Policies
Expand All @@ -318,7 +319,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=3 inventory=dns-policies.yaml
# tftest modules=1 resources=5 inventory=dns-policies.yaml
```

### Subnet Factory
Expand All @@ -332,7 +333,7 @@ module "vpc" {
name = "my-network"
data_folder = "config/subnets"
}
# tftest modules=1 resources=9 files=subnet-simple,subnet-simple-2,subnet-detailed,subnet-proxy,subnet-psc inventory=factory.yaml
# tftest modules=1 resources=11 files=subnet-simple,subnet-simple-2,subnet-detailed,subnet-proxy,subnet-psc inventory=factory.yaml
```

```yaml
Expand Down Expand Up @@ -400,6 +401,7 @@ locals {
vpn_tunnel = "regions/europe-west1/vpnTunnels/foo"
}
}
module "vpc" {
source = "./fabric/modules/net-vpc"
for_each = local.route_types
Expand All @@ -420,10 +422,36 @@ module "vpc" {
next_hop = "global/gateways/default-internet-gateway"
}
}
create_default_routes = {
restricted = false
restricted-6 = false
private = false
private-6 = false
}
}
# tftest modules=5 resources=15 inventory=routes.yaml
```

### Private Google Access routes

By default the VPC module creates IPv4 routes for the [Private Google Access ranges](https://cloud.google.com/vpc/docs/configure-private-google-access#config-routing). This behavior can be controlled through the `create_default_routes` variable:

```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
name = "my-vpc"
create_default_routes = {
restricted = false
restricted-6 = true
private = false
private-6 = true
}
}
# tftest modules=1 resources=3 inventory=googleapis.yaml
```


### Allow Firewall Policy to be evaluated before Firewall Rules

```hcl
Expand All @@ -449,7 +477,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=3 inventory=firewall_policy_enforcement_order.yaml
# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml
```
<!-- BEGIN TFDOC -->

Expand Down

0 comments on commit 563b5fa

Please sign in to comment.