Peer both gitlab-analysis VPCs to gstg and gprd

environments/gprd/external-access.tf

@@ -46,19 +46,44 @@ data "google_iam_policy" "dr-sa-access" {
 #
 #################################
 
-resource "google_compute_network_peering" "peering-gitlab-analysis" {
-  name         = "peering-gitlab-analysis"
+resource "google_compute_network_peering" "peering-gitlab-analysis-default" {
+  name         = "peering-gitlab-analysis-default"
   network      = "${var.network_env}"
   peer_network = "https://www.googleapis.com/compute/v1/projects/gitlab-analysis/global/networks/default"
 }
 
-resource "google_compute_firewall" "allow-postgres-gitlab-analysis" {
-  name        = "allow-postgres-gitlab-analysis"
-  description = "allow gitlab-analysis default network to access gprd network"
+resource "google_compute_network_peering" "peering-gitlab-analysis-gitlab-analysis-vpc" {
+  name         = "peering-gitlab-analysis-gitlab-analysis-vpc"
+  network      = "${var.network_env}"
+  peer_network = "https://www.googleapis.com/compute/v1/projects/gitlab-analysis/global/networks/gitlab-analysis-vpc"
+}
+
+resource "google_compute_firewall" "allow-postgres-gitlab-analysis-default" {
+  name        = "allow-postgres-gitlab-analysis-default"
+  description = "allow gitlab-analysis network default to access gprd network"
+  network     = "${var.network_env}"
+
+  source_ranges = [
+    "10.52.0.0/14", # only from us-west1 default subnet
+  ]
+
+  target_tags = [
+    "postgres-dr-archive",
+  ]
+
+  allow {
+    protocol = "tcp"
+    ports    = ["5432"]
+  }
+}
+
+resource "google_compute_firewall" "allow-postgres-gitlab-analysis-gitlab-analysis-vpc" {
+  name        = "allow-postgres-gitlab-analysis-gitlab-analysis-vpc"
+  description = "allow gitlab-analysis network gitlab-analysis-vpc to access gprd network"
   network     = "${var.network_env}"
 
   source_ranges = [
-    "10.138.0.0/20", # only from us-west1 default subnet
+    "10.160.0.0/14", # only from us-west1 default subnet
   ]
 
   target_tags = [

environments/gstg/external-access.tf

@@ -4,19 +4,44 @@
 #
 #################################
 
-resource "google_compute_network_peering" "peering-gitlab-analysis" {
-  name         = "peering-gitlab-analysis"
+resource "google_compute_network_peering" "peering-gitlab-analysis-default" {
+  name         = "peering-gitlab-analysis-default"
   network      = "${var.network_env}"
   peer_network = "https://www.googleapis.com/compute/v1/projects/gitlab-analysis/global/networks/default"
 }
 
-resource "google_compute_firewall" "allow-postgres-gitlab-analysis" {
-  name        = "allow-postgres-gitlab-analysis"
-  description = "allow gitlab-analysis default network to access gstg network"
+resource "google_compute_network_peering" "peering-gitlab-analysis-gitlab-analysis-vpc" {
+  name         = "peering-gitlab-analysis-gitlab-analysis-vpc"
+  network      = "${var.network_env}"
+  peer_network = "https://www.googleapis.com/compute/v1/projects/gitlab-analysis/global/networks/gitlab-analysis-vpc"
+}
+
+resource "google_compute_firewall" "allow-postgres-gitlab-analysis-default" {
+  name        = "allow-postgres-gitlab-analysis-default"
+  description = "allow gitlab-analysis network default to access gstg network"
+  network     = "${var.network_env}"
+
+  source_ranges = [
+    "10.52.0.0/14", # only from us-west-1 default subnet
+  ]
+
+  target_tags = [
+    "postgres-dr-archive",
+  ]
+
+  allow {
+    protocol = "tcp"
+    ports    = ["5432"]
+  }
+}
+
+resource "google_compute_firewall" "allow-postgres-gitlab-analysis-gitlab-analysis-vpc" {
+  name        = "allow-postgres-gitlab-analysis-gitlab-analysis-vpc"
+  description = "allow gitlab-analysis network gitlab-analysis-vpc to access gstg network"
   network     = "${var.network_env}"
 
   source_ranges = [
-    "10.138.0.0/20", # only from us-west-1 default subnet
+    "10.160.0.0/14", # only from us-west-1 default subnet
   ]
 
   target_tags = [