Commit a51e1d90 authored by John Jarvis's avatar John Jarvis

Add vpn module and configuration for gprd.

parent 7d1b1a7f
......@@ -262,7 +262,7 @@ module "file" {
#
# External LoadBalancer
#
#################################
##################################
module "external-lb" {
attach_data_disk = false
......@@ -281,3 +281,21 @@ module "external-lb" {
tier = "lb"
vpc = "${module.network.self_link}"
}
##################################
#
# VPN connection to Azure
#
##################################
module "google-azure-vpn" {
source = "../../modules/google/vpn"
name = "gcp-azure-${var.environment}"
network_name = "${module.network.self_link}"
network_link = "${module.network.name}"
region = "${var.region}"
peer_ip = "${var.vpn_peer_address}"
shared_secret = "${var.vpn_shared_secret}"
dest_subnet = "${var.vpn_dest_subnet}"
source_subnet = "${var.vpn_source_subnet}"
}
......@@ -101,3 +101,28 @@ variable "subnetworks" {
"web" = "10.220.8.0/23"
}
}
variable "vpn_peer_address" {
type = "string"
default = "40.70.42.69"
}
variable "vpn_dest_subnet" {
type = "string"
// 10.66.4.0/24 pgprod
// 10.67.3.0/24 deploy prod, for testing
default = "10.67.3.0/24"
}
variable "vpn_source_subnet" {
type = "string"
// 10.216.0.0/13 for all of GitLabGeoPrd
// 10.217.1.0/24 for DBGPrd
default = "10.216.0.0/13"
}
variable "vpn_shared_secret" {
type = "string"
}
resource "google_compute_vpn_gateway" "target_gateway" {
name = "${var.name}-vpn-tunnel"
network = "${var.network_link}"
region = "${var.region}"
}
resource "google_compute_address" "vpn_static_ip" {
name = "${var.name}-static-ip"
region = "${var.region}"
}
resource "google_compute_forwarding_rule" "fr_esp" {
name = "fr-esp"
region = "${var.region}"
ip_protocol = "ESP"
ip_address = "${google_compute_address.vpn_static_ip.address}"
target = "${google_compute_vpn_gateway.target_gateway.self_link}"
}
resource "google_compute_forwarding_rule" "fr_udp500" {
name = "fr-udp500"
region = "${var.region}"
ip_protocol = "UDP"
port_range = "500"
ip_address = "${google_compute_address.vpn_static_ip.address}"
target = "${google_compute_vpn_gateway.target_gateway.self_link}"
}
resource "google_compute_forwarding_rule" "fr_udp4500" {
name = "fr-udp4500"
region = "${var.region}"
ip_protocol = "UDP"
port_range = "4500"
ip_address = "${google_compute_address.vpn_static_ip.address}"
target = "${google_compute_vpn_gateway.target_gateway.self_link}"
}
resource "google_compute_vpn_tunnel" "tunnel1" {
name = "${var.name}"
region = "${var.region}"
peer_ip = "${var.peer_ip}"
shared_secret = "${var.shared_secret}"
local_traffic_selector = ["${var.source_subnet}"]
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway.self_link}"
depends_on = [
"google_compute_forwarding_rule.fr_esp",
"google_compute_forwarding_rule.fr_udp500",
"google_compute_forwarding_rule.fr_udp4500",
]
}
resource "google_compute_route" "route1" {
name = "route1"
network = "${var.network_name}"
dest_range = "${var.dest_subnet}"
priority = 1000
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}"
}
variable "name" {
type = "string"
description = "name of the vpn"
default = false
}
variable "network_link" {
type = "string"
description = "network link for the vpn"
default = false
}
variable "network_name" {
type = "string"
description = "network name for the vpn"
default = false
}
variable "region" {
type = "string"
description = "region for the vpn"
default = false
}
variable "peer_ip" {
type = "string"
description = "peer ip address for what this is connecting to"
default = false
}
variable "shared_secret" {
type = "string"
description = "shared secret of the vpn"
default = false
}
variable "dest_subnet" {
type = "string"
description = "destination subnet for the connection"
default = false
}
variable "source_subnet" {
type = "string"
description = "source subnet for the connection"
default = false
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment