Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Open sidebar
gitlab-com
gitlab-com-infrastructure
Commits
a51e1d90
Commit
a51e1d90
authored
Jan 31, 2018
by
John Jarvis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add vpn module and configuration for gprd.
parent
7d1b1a7f
Changes
4
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
152 additions
and
1 deletion
+152
-1
environments/gprd/main.tf
environments/gprd/main.tf
+19
-1
environments/gprd/variables.tf
environments/gprd/variables.tf
+25
-0
modules/google/vpn/main.tf
modules/google/vpn/main.tf
+61
-0
modules/google/vpn/variables.tf
modules/google/vpn/variables.tf
+47
-0
No files found.
environments/gprd/main.tf
View file @
a51e1d90
...
...
@@ -262,7 +262,7 @@ module "file" {
#
# External LoadBalancer
#
#################################
#################################
#
module
"external-lb"
{
attach_data_disk
=
false
...
...
@@ -281,3 +281,21 @@ module "external-lb" {
tier
=
"lb"
vpc
=
"
${module
.
network
.
self_link
}
"
}
##################################
#
# VPN connection to Azure
#
##################################
module
"google-azure-vpn"
{
source
=
"../../modules/google/vpn"
name
=
"gcp-azure-
${
var
.
environment
}
"
network_name
=
"
${module
.
network
.
self_link
}
"
network_link
=
"
${module
.
network
.
name
}
"
region
=
"
${
var
.
region
}
"
peer_ip
=
"
${
var
.
vpn_peer_address
}
"
shared_secret
=
"
${
var
.
vpn_shared_secret
}
"
dest_subnet
=
"
${
var
.
vpn_dest_subnet
}
"
source_subnet
=
"
${
var
.
vpn_source_subnet
}
"
}
environments/gprd/variables.tf
View file @
a51e1d90
...
...
@@ -101,3 +101,28 @@ variable "subnetworks" {
"web"
=
"10.220.8.0/23"
}
}
variable
"vpn_peer_address"
{
type
=
"string"
default
=
"40.70.42.69"
}
variable
"vpn_dest_subnet"
{
type
=
"string"
// 10.66.4.0/24 pgprod
// 10.67.3.0/24 deploy prod, for testing
default
=
"10.67.3.0/24"
}
variable
"vpn_source_subnet"
{
type
=
"string"
// 10.216.0.0/13 for all of GitLabGeoPrd
// 10.217.1.0/24 for DBGPrd
default
=
"10.216.0.0/13"
}
variable
"vpn_shared_secret"
{
type
=
"string"
}
modules/google/vpn/main.tf
0 → 100644
View file @
a51e1d90
resource
"google_compute_vpn_gateway"
"target_gateway"
{
name
=
"
${
var
.
name
}
-vpn-tunnel"
network
=
"
${
var
.
network_link
}
"
region
=
"
${
var
.
region
}
"
}
resource
"google_compute_address"
"vpn_static_ip"
{
name
=
"
${
var
.
name
}
-static-ip"
region
=
"
${
var
.
region
}
"
}
resource
"google_compute_forwarding_rule"
"fr_esp"
{
name
=
"fr-esp"
region
=
"
${
var
.
region
}
"
ip_protocol
=
"ESP"
ip_address
=
"
${
google_compute_address
.
vpn_static_ip
.
address
}
"
target
=
"
${
google_compute_vpn_gateway
.
target_gateway
.
self_link
}
"
}
resource
"google_compute_forwarding_rule"
"fr_udp500"
{
name
=
"fr-udp500"
region
=
"
${
var
.
region
}
"
ip_protocol
=
"UDP"
port_range
=
"500"
ip_address
=
"
${
google_compute_address
.
vpn_static_ip
.
address
}
"
target
=
"
${
google_compute_vpn_gateway
.
target_gateway
.
self_link
}
"
}
resource
"google_compute_forwarding_rule"
"fr_udp4500"
{
name
=
"fr-udp4500"
region
=
"
${
var
.
region
}
"
ip_protocol
=
"UDP"
port_range
=
"4500"
ip_address
=
"
${
google_compute_address
.
vpn_static_ip
.
address
}
"
target
=
"
${
google_compute_vpn_gateway
.
target_gateway
.
self_link
}
"
}
resource
"google_compute_vpn_tunnel"
"tunnel1"
{
name
=
"
${
var
.
name
}
"
region
=
"
${
var
.
region
}
"
peer_ip
=
"
${
var
.
peer_ip
}
"
shared_secret
=
"
${
var
.
shared_secret
}
"
local_traffic_selector
=
[
"
${
var
.
source_subnet
}
"
]
target_vpn_gateway
=
"
${
google_compute_vpn_gateway
.
target_gateway
.
self_link
}
"
depends_on
=
[
"google_compute_forwarding_rule.fr_esp"
,
"google_compute_forwarding_rule.fr_udp500"
,
"google_compute_forwarding_rule.fr_udp4500"
,
]
}
resource
"google_compute_route"
"route1"
{
name
=
"route1"
network
=
"
${
var
.
network_name
}
"
dest_range
=
"
${
var
.
dest_subnet
}
"
priority
=
1000
next_hop_vpn_tunnel
=
"
${
google_compute_vpn_tunnel
.
tunnel1
.
self_link
}
"
}
modules/google/vpn/variables.tf
0 → 100644
View file @
a51e1d90
variable
"name"
{
type
=
"string"
description
=
"name of the vpn"
default
=
false
}
variable
"network_link"
{
type
=
"string"
description
=
"network link for the vpn"
default
=
false
}
variable
"network_name"
{
type
=
"string"
description
=
"network name for the vpn"
default
=
false
}
variable
"region"
{
type
=
"string"
description
=
"region for the vpn"
default
=
false
}
variable
"peer_ip"
{
type
=
"string"
description
=
"peer ip address for what this is connecting to"
default
=
false
}
variable
"shared_secret"
{
type
=
"string"
description
=
"shared secret of the vpn"
default
=
false
}
variable
"dest_subnet"
{
type
=
"string"
description
=
"destination subnet for the connection"
default
=
false
}
variable
"source_subnet"
{
type
=
"string"
description
=
"source subnet for the connection"
default
=
false
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
