Note: The default ITS GitLab runner is a shared resource and is subject to slowdowns during heavy usage.
You can run your own GitLab runner that is dedicated just to your group if you need to avoid processing delays.

Commit e6357745 authored by Kenny Moore's avatar Kenny Moore
Browse files

BGP VPN established

parent 845af336
...@@ -32,7 +32,7 @@ resource "google_project_iam_member" "project_iam" { ...@@ -32,7 +32,7 @@ resource "google_project_iam_member" "project_iam" {
locals{ locals{
filter_string = "resource.type=\"project\"\nresource.labels.project_id=\"google_project.gcp_project.project_id\" \nlogName=\"projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity\"" filter_string = "resource.type=\"project\"\nresource.labels.project_id=\"${google_project.gcp_project.project_id}\" \nlogName=\"projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity\""
} }
resource "google_logging_project_sink" "log_export" { resource "google_logging_project_sink" "log_export" {
...@@ -40,7 +40,7 @@ resource "google_logging_project_sink" "log_export" { ...@@ -40,7 +40,7 @@ resource "google_logging_project_sink" "log_export" {
name = "${google_project.gcp_project.project_id}-log-export" name = "${google_project.gcp_project.project_id}-log-export"
destination = "${var.log_export_destination}" destination = "${var.log_export_destination}"
# filter = "projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity" # Need this # filter = "projects/${google_project.gcp_project.project_id}/logs/cloudaudit.googleapis.com%2Factivity" # Need this
filter = "local.filter_string" filter = local.filter_string
unique_writer_identity = true unique_writer_identity = true
} }
......
...@@ -36,18 +36,6 @@ resource "google_compute_subnetwork" "vpn_subnet" { ...@@ -36,18 +36,6 @@ resource "google_compute_subnetwork" "vpn_subnet" {
network = google_compute_network.vpn_vpc.self_link network = google_compute_network.vpn_vpc.self_link
} }
# VPN BGP Connection Information - U-M Side
locals{
um_vpn_endpoint = [{
ip = "141.213.154.20"
asn = "64900"
},
{
ip = "141.213.154.4"
asn = "64901"
}]
}
# # create vpn gateway # # create vpn gateway
resource "google_compute_vpn_gateway" "vpn_gw" { resource "google_compute_vpn_gateway" "vpn_gw" {
name = "${var.prefix}-bgp-vpn-gateway" name = "${var.prefix}-bgp-vpn-gateway"
...@@ -93,6 +81,18 @@ resource "google_compute_forwarding_rule" "fr_udp4500" { ...@@ -93,6 +81,18 @@ resource "google_compute_forwarding_rule" "fr_udp4500" {
target = "${google_compute_vpn_gateway.vpn_gw.self_link}" target = "${google_compute_vpn_gateway.vpn_gw.self_link}"
} }
# VPN BGP Connection Information - U-M Side
locals{
um_vpn_endpoint = [{
ip = "141.213.154.20"
asn = "64900"
},
{
ip = "141.213.154.4"
asn = "64901"
}]
}
resource "google_compute_router" "vpn_router" { resource "google_compute_router" "vpn_router" {
name = "${var.prefix}-bgp-vpn-router" name = "${var.prefix}-bgp-vpn-router"
project = var.project_id project = var.project_id
...@@ -104,7 +104,7 @@ resource "google_compute_router" "vpn_router" { ...@@ -104,7 +104,7 @@ resource "google_compute_router" "vpn_router" {
} }
# Create a BGP Interface/Session based on the number of bgp networks specified in # Create a BGP Interface/Session based on the number of bgp networks specified in
resource "google_compute_router_interface" "bgp-interface" { resource "google_compute_router_interface" "bgp_interface" {
count = length(var.bgp_network) count = length(var.bgp_network)
name = "bgp-vpn-interface${count.index}" # should use var/count name = "bgp-vpn-interface${count.index}" # should use var/count
project = var.project_id project = var.project_id
...@@ -114,6 +114,17 @@ resource "google_compute_router_interface" "bgp-interface" { ...@@ -114,6 +114,17 @@ resource "google_compute_router_interface" "bgp-interface" {
vpn_tunnel = "${google_compute_vpn_tunnel.vpn_tunnel[count.index].name}" # need to write for this to be multiple tunnels vpn_tunnel = "${google_compute_vpn_tunnel.vpn_tunnel[count.index].name}" # need to write for this to be multiple tunnels
} }
resource "google_compute_router_peer" "bgp_peer" {
count = length(var.bgp_network)
name = "${var.prefix}-bgp-peer${count.index}"
project = var.project_id
router = google_compute_router.vpn_router.name
region = var.regions[0]
peer_ip_address = cidrhost(var.bgp_network[count.index],2)
peer_asn = local.um_vpn_endpoint[count.index].asn
interface = google_compute_router_interface.bgp_interface[count.index].name
}
resource "google_compute_vpn_tunnel" "vpn_tunnel" { resource "google_compute_vpn_tunnel" "vpn_tunnel" {
count = length(var.bgp_network) count = length(var.bgp_network)
name = "bgp-vpn-tunnel${count.index}" # need a count name = "bgp-vpn-tunnel${count.index}" # need a count
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment