Note: The default ITS GitLab runner is a shared resource and is subject to slowdowns during heavy usage.
You can run your own GitLab runner that is dedicated just to your group if you need to avoid processing delays.

Commit 316d1c4c authored by Kenny Moore's avatar Kenny Moore
Browse files

VPN working with variables for endpoints

parent 9c3b88ab
......@@ -60,6 +60,10 @@ locals {
default_cidr = "10.255.0.0/16"
default_regions = ["us-central1", "us-east1", "us-east4", "us-west1"]
default_subnets = {for x in local.default_regions : x => cidrsubnet(local.default_cidr,4,index(local.default_regions, x))}
pods_cidr = "10.255.128.0/17"
pods_range = {for x in local.default_regions : x => cidrsubnet(local.pods_cidr,3,index(local.default_regions, x))}
services_cidr = "10.255.224.0/19"
services_range = {for x in local.default_regions : x => cidrsubnet(local.services_cidr,3,index(local.default_regions, x))}
}
resource "google_compute_network" "default_vpc" {
......@@ -75,5 +79,6 @@ resource "google_compute_subnetwork" "default_subnet" {
name = "default-${each.key}"
region = each.key
ip_cidr_range = each.value
network = google_compute_network.default_vpc.self_link
network = google_compute_network.default_vpc.self_link
secondary_ip_range = var.gke ? [{range_name = "${each.key}-pods", ip_cidr_range = local.pods_range[each.key]},{range_name = "${each.key}-services", ip_cidr_range = local.services_range[each.key]}] : []
}
\ No newline at end of file
......@@ -81,18 +81,6 @@ resource "google_compute_forwarding_rule" "fr_udp4500" {
target = "${google_compute_vpn_gateway.vpn_gw.self_link}"
}
# VPN BGP Connection Information - U-M Side
locals{
um_vpn_endpoint = [{
ip = "141.213.154.20"
asn = "64900"
},
{
ip = "141.213.154.4"
asn = "64901"
}]
}
resource "google_compute_router" "vpn_router" {
name = "${var.prefix}-bgp-vpn-router"
project = var.project_id
......@@ -121,7 +109,7 @@ resource "google_compute_router_peer" "bgp_peer" {
router = google_compute_router.vpn_router.name
region = var.regions[0]
peer_ip_address = cidrhost(var.bgp_network[count.index],2)
peer_asn = local.um_vpn_endpoint[count.index].asn
peer_asn = var.um_vpn_endpoint[count.index].asn
interface = google_compute_router_interface.bgp_interface[count.index].name
}
......@@ -129,7 +117,7 @@ resource "google_compute_vpn_tunnel" "vpn_tunnel" {
count = length(var.bgp_network)
name = "bgp-vpn-tunnel${count.index}" # need a count
project = var.project_id
peer_ip = local.um_vpn_endpoint[count.index].ip # supply in var
peer_ip = var.um_vpn_endpoint[count.index].ip # supply in var
shared_secret = var.VPN_PASSWORD
target_vpn_gateway = "${google_compute_vpn_gateway.vpn_gw.self_link}"
router = "${google_compute_router.vpn_router.self_link}"
......
......@@ -29,7 +29,9 @@ variable "prefix" {
variable "VPN_PASSWORD" {
}
# variable "vpn_connection_info" {
# default = [{}]
# }
\ No newline at end of file
variable "um_vpn_endpoint" {
type = list(object({
ip = string
asn = string
}))
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment