diff --git a/3-networks-dual-svpc/README.md b/3-networks-dual-svpc/README.md index 73d2f0d58..c5c1f66cb 100644 --- a/3-networks-dual-svpc/README.md +++ b/3-networks-dual-svpc/README.md @@ -105,7 +105,11 @@ If you provisioned the prerequisites listed in the [Dedicated Interconnect READM If you provisioned the prerequisites listed in the [Partner Interconnect README](./modules/partner_interconnect/README.md) follow this steps to enable Partner Interconnect to access on-premises resources. +1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the shared envs folder in `3-networks-dual-svpc/envs/shared` +1. Rename `partner_interconnect.auto.tfvars.example` to `partner_interconnect.auto.tfvars` in the shared envs folder in `3-networks-dual-svpc/envs/shared` +1. Update the file `interconnect.tf` with values that are valid for your environment for the interconnects, locations, candidate subnetworks, vlan_tag8021q and peer info. 1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the base-env folder in `3-networks-dual-svpc/modules/base_env` . +1. Update the `enable_partner_interconnect` to `true` in each `main.tf` file in the environment folder in `3-networks-dual-svpc/envs/` . 1. Update the file `partner_interconnect.tf` with values that are valid for your environment for the VLAN attachments, locations, and candidate subnetworks. 1. The candidate subnetworks variable can be set to `null` to allow the interconnect module to auto generate this value. diff --git a/3-networks-dual-svpc/envs/shared/interconnect.auto.tfvars.example b/3-networks-dual-svpc/envs/shared/interconnect.auto.tfvars.example deleted file mode 100644 index d7386135a..000000000 --- a/3-networks-dual-svpc/envs/shared/interconnect.auto.tfvars.example +++ /dev/null @@ -1,4 +0,0 @@ - -enable_partner_interconnect = true -preactivate_partner_interconnect = true - diff --git a/3-networks-dual-svpc/envs/shared/partner_interconnect.auto.tfvars.example b/3-networks-dual-svpc/envs/shared/partner_interconnect.auto.tfvars.example new file mode 100644 index 000000000..aae4c298e --- /dev/null +++ b/3-networks-dual-svpc/envs/shared/partner_interconnect.auto.tfvars.example @@ -0,0 +1,18 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +enable_partner_interconnect = true +preactivate_partner_interconnect = true diff --git a/3-networks-dual-svpc/envs/shared/partner_interconnect.tf.example b/3-networks-dual-svpc/envs/shared/partner_interconnect.tf.example index cb48ceb92..36c7a651f 100644 --- a/3-networks-dual-svpc/envs/shared/partner_interconnect.tf.example +++ b/3-networks-dual-svpc/envs/shared/partner_interconnect.tf.example @@ -14,57 +14,26 @@ * limitations under the License. */ -module "shared_restricted_interconnect" { +module "dns_hub_interconnect" { source = "../../modules/partner_interconnect" - attachment_project_id = local.restricted_net_hub_project_id - vpc_name = "${local.environment_code}-shared-restricted" + vpc_name = "c-dns-hub" + attachment_project_id = local.dns_hub_project_id preactivate = var.preactivate_partner_interconnect region1 = local.default_region1 - region1_router1_name = module.restricted_shared_vpc[0].region1_router1.router.name + region1_router1_name = module.dns_hub_region1_router1.router.name region1_interconnect1_location = "las-zone1-770" region1_interconnect1_onprem_dc = "onprem-dc1" - region1_router2_name = module.restricted_shared_vpc[0].region1_router2.router.name + region1_router2_name = module.dns_hub_region1_router2.router.name region1_interconnect2_location = "las-zone1-770" region1_interconnect2_onprem_dc = "onprem-dc2" region2 = local.default_region2 - region2_router1_name = module.restricted_shared_vpc[0].region2_router1.router.name + region2_router1_name = module.dns_hub_region2_router1.router.name region2_interconnect1_location = "lax-zone2-19" region2_interconnect1_onprem_dc = "onprem-dc3" - region2_router2_name = module.restricted_shared_vpc[0].region2_router2.router.name - region2_interconnect2_location = "lax-zone1-403" - region2_interconnect2_onprem_dc = "onprem-dc4" - - cloud_router_labels = { - vlan_1 = "cr5", - vlan_2 = "cr6", - vlan_3 = "cr7", - vlan_4 = "cr8" - } -} - -module "shared_base_interconnect" { - source = "../../modules/partner_interconnect" - - attachment_project_id = local.base_net_hub_project_id - vpc_name = "${local.environment_code}-shared-base" - preactivate = var.preactivate_partner_interconnect - - region1 = local.default_region1 - region1_router1_name = module.base_shared_vpc[0].region1_router1.router.name - region1_interconnect1_location = "las-zone1-770" - region1_interconnect1_onprem_dc = "onprem-dc1" - region1_router2_name = module.base_shared_vpc[0].region1_router2.router.name - region1_interconnect2_location = "las-zone1-770" - region1_interconnect2_onprem_dc = "onprem-dc2" - - region2 = local.default_region2 - region2_router1_name = module.base_shared_vpc[0].region2_router1.router.name - region2_interconnect1_location = "lax-zone2-19" - region2_interconnect1_onprem_dc = "onprem-dc3" - region2_router2_name = module.base_shared_vpc[0].region2_router2.router.name + region2_router2_name = module.dns_hub_region2_router2.router.name region2_interconnect2_location = "lax-zone1-403" region2_interconnect2_onprem_dc = "onprem-dc4" diff --git a/3-networks-dual-svpc/modules/partner_interconnect/README.md b/3-networks-dual-svpc/modules/partner_interconnect/README.md index 0d00222b1..154a7e820 100644 --- a/3-networks-dual-svpc/modules/partner_interconnect/README.md +++ b/3-networks-dual-svpc/modules/partner_interconnect/README.md @@ -4,13 +4,14 @@ This module implements the recommendation proposed in [Establishing 99.99% Avail ## Prerequisites -1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-c-{base|restricted}-net-hub` under the folder `fldr-common` in case of Hub and Spoke architecture. - -Without Hub and Spoke enabled VLAN attachments will be created in `prj-{p|n|d}-shared-{base|restricted}` under corresponding environment's folder. +1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-{p|n|d}-shared-{base|restricted}` under corresponding environment's folder and `prj-c-dns-hub` under the folder `fldr-common`. ## Usage -1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the environment folder in `3-networks-dual-svpc/modules/base_env` . +1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the shared envs folder in `3-networks-dual-svpc/envs/shared` +1. Rename `partner_interconnect.auto.tfvars.example` to `partner_interconnect.auto.tfvars` in the shared envs folder in `3-networks-dual-svpc/envs/shared` +1. Update the file `interconnect.tf` with values that are valid for your environment for the interconnects, locations, candidate subnetworks, vlan_tag8021q and peer info. +1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the base-env folder in `3-networks-dual-svpc/modules/base_env` . 1. Update the `enable_partner_interconnect` to `true` in each `main.tf` file in the environment folder in `3-networks-dual-svpc/envs/` . 1. Update the file `partner_interconnect.tf` with values that are valid for your environment for the VLAN attachments, locations. diff --git a/3-networks-dual-svpc/modules/partner_interconnect/main.tf b/3-networks-dual-svpc/modules/partner_interconnect/main.tf index 3043347c5..a6291c69f 100644 --- a/3-networks-dual-svpc/modules/partner_interconnect/main.tf +++ b/3-networks-dual-svpc/modules/partner_interconnect/main.tf @@ -44,7 +44,7 @@ resource "google_compute_interconnect_attachment" "interconnect_attachment2_regi } resource "google_compute_interconnect_attachment" "interconnect_attachment1_region2" { - name = "vl-${var.region2_interconnect1_onprem_dc}-${var.region2_interconnect1_location}-${var.vpc_name}-${var.region2}-${local.suffix1}" + name = "vl-${var.region2_interconnect1_onprem_dc}-${var.region2_interconnect1_location}-${var.vpc_name}-${var.region2}-${local.suffix3}" project = var.attachment_project_id region = var.region2 router = var.region2_router1_name @@ -55,7 +55,7 @@ resource "google_compute_interconnect_attachment" "interconnect_attachment1_regi } resource "google_compute_interconnect_attachment" "interconnect_attachment2_region2" { - name = "vl-${var.region2_interconnect2_onprem_dc}-${var.region2_interconnect2_location}-${var.vpc_name}-${var.region2}-${local.suffix2}" + name = "vl-${var.region2_interconnect2_onprem_dc}-${var.region2_interconnect2_location}-${var.vpc_name}-${var.region2}-${local.suffix4}" project = var.attachment_project_id region = var.region2 router = var.region2_router2_name diff --git a/3-networks-hub-and-spoke/README.md b/3-networks-hub-and-spoke/README.md index 4261e7297..dfa6664a1 100644 --- a/3-networks-hub-and-spoke/README.md +++ b/3-networks-hub-and-spoke/README.md @@ -103,8 +103,8 @@ To see the version that makes use of the **Dual Shared VPC** architecture mode c If you provisioned the prerequisites listed in the [Dedicated Interconnect README](./modules/dedicated_interconnect/README.md), follow these steps to enable Dedicated Interconnect to access on-premises resources. -1. Rename `interconnect.tf.example` to `interconnect.tf` in the shared envs folder in `3-networks-hub-and-spoke/envs/shared` -1. Rename `interconnect.auto.tfvars.example` to `interconnect.auto.tfvars` in the shared envs folder in `3-networks-hub-and-spoke/envs/shared` +1. Rename `interconnect.tf.example` to `interconnect.tf` in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`. +1. Rename `interconnect.auto.tfvars.example` to `interconnect.auto.tfvars` in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`. 1. Update the file `interconnect.tf` with values that are valid for your environment for the interconnects, locations, candidate subnetworks, vlan_tag8021q and peer info. 1. The candidate subnetworks and vlan_tag8021q variables can be set to `null` to allow the interconnect module to auto generate these values. @@ -112,7 +112,8 @@ If you provisioned the prerequisites listed in the [Dedicated Interconnect READM If you provisioned the prerequisites listed in the [Partner Interconnect README](./modules/partner_interconnect/README.md) follow this steps to enable Partner Interconnect to access on-premises resources. -1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the base-env folder in `3-networks-hub-and-spoke/modules/base_env` . +1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf`in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`. +1. Rename `partner_interconnect.auto.tfvars.example` to `partner_interconnect.auto.tfvars` in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`. 1. Update the file `partner_interconnect.tf` with values that are valid for your environment for the VLAN attachments, locations, and candidate subnetworks. 1. The candidate subnetworks variable can be set to `null` to allow the interconnect module to auto generate this value. diff --git a/3-networks-hub-and-spoke/envs/shared/dns-hub.tf b/3-networks-hub-and-spoke/envs/shared/dns-hub.tf index bd6a40b8e..fb4014678 100644 --- a/3-networks-hub-and-spoke/envs/shared/dns-hub.tf +++ b/3-networks-hub-and-spoke/envs/shared/dns-hub.tf @@ -96,7 +96,7 @@ module "dns_hub_region1_router1" { network = module.dns_hub_vpc.network_name region = local.default_region1 bgp = { - asn = var.bgp_asn_dns + asn = local.dns_bgp_asn_number advertised_ip_ranges = [{ range = "35.199.192.0/19" }] } } @@ -109,7 +109,7 @@ module "dns_hub_region1_router2" { network = module.dns_hub_vpc.network_name region = local.default_region1 bgp = { - asn = var.bgp_asn_dns + asn = local.dns_bgp_asn_number advertised_ip_ranges = [{ range = "35.199.192.0/19" }] } } @@ -122,7 +122,7 @@ module "dns_hub_region2_router1" { network = module.dns_hub_vpc.network_name region = local.default_region2 bgp = { - asn = var.bgp_asn_dns + asn = local.dns_bgp_asn_number advertised_ip_ranges = [{ range = "35.199.192.0/19" }] } } @@ -135,7 +135,7 @@ module "dns_hub_region2_router2" { network = module.dns_hub_vpc.network_name region = local.default_region2 bgp = { - asn = var.bgp_asn_dns + asn = local.dns_bgp_asn_number advertised_ip_ranges = [{ range = "35.199.192.0/19" }] } } diff --git a/3-networks-hub-and-spoke/envs/shared/main.tf b/3-networks-hub-and-spoke/envs/shared/main.tf index 98062bef1..eb7beb5f2 100644 --- a/3-networks-hub-and-spoke/envs/shared/main.tf +++ b/3-networks-hub-and-spoke/envs/shared/main.tf @@ -18,6 +18,7 @@ locals { env = "common" environment_code = "c" bgp_asn_number = var.enable_partner_interconnect ? "16550" : "64514" + dns_bgp_asn_number = var.enable_partner_interconnect ? "16550" : var.bgp_asn_dns default_region1 = "us-west1" default_region2 = "us-central1" dns_hub_project_id = data.terraform_remote_state.org.outputs.dns_hub_project_id diff --git a/3-networks-hub-and-spoke/envs/shared/partner_interconnect.auto.tfvars.example b/3-networks-hub-and-spoke/envs/shared/partner_interconnect.auto.tfvars.example index c773306f9..aae4c298e 100644 --- a/3-networks-hub-and-spoke/envs/shared/partner_interconnect.auto.tfvars.example +++ b/3-networks-hub-and-spoke/envs/shared/partner_interconnect.auto.tfvars.example @@ -14,6 +14,5 @@ * limitations under the License. */ -enable_partner_interconnect = true +enable_partner_interconnect = true preactivate_partner_interconnect = true - diff --git a/3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example b/3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example index e7f29e0f3..fb060e013 100644 --- a/3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example +++ b/3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example @@ -14,6 +14,38 @@ * limitations under the License. */ + +module "dns_hub_interconnect" { + source = "../../modules/partner_interconnect" + + vpc_name = "c-dns-hub" + attachment_project_id = local.dns_hub_project_id + preactivate = var.preactivate_partner_interconnect + + region1 = local.default_region1 + region1_router1_name = module.dns_hub_region1_router1.router.name + region1_interconnect1_location = "las-zone1-770" + region1_interconnect1_onprem_dc = "onprem-dc-1" + region1_router2_name = module.dns_hub_region1_router2.router.name + region1_interconnect2_location = "las-zone1-770" + region1_interconnect2_onprem_dc = "onprem-dc-2" + + region2 = local.default_region2 + region2_router1_name = module.dns_hub_region2_router1.router.name + region2_interconnect1_location = "lax-zone2-19" + region2_interconnect1_onprem_dc = "onprem-dc-3" + region2_router2_name = module.dns_hub_region2_router2.router.name + region2_interconnect2_location = "lax-zone1-403" + region2_interconnect2_onprem_dc = "onprem-dc-4" + + cloud_router_labels = { + vlan_1 = "cr1", + vlan_2 = "cr2", + vlan_3 = "cr3", + vlan_4 = "cr4" + } +} + module "shared_restricted_interconnect" { source = "../../modules/partner_interconnect" diff --git a/3-networks-hub-and-spoke/modules/base_env/partner_interconnect.tf.example b/3-networks-hub-and-spoke/modules/base_env/partner_interconnect.tf.example deleted file mode 100644 index a71abbc81..000000000 --- a/3-networks-hub-and-spoke/modules/base_env/partner_interconnect.tf.example +++ /dev/null @@ -1,86 +0,0 @@ -/** - * Copyright 2022 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -module "shared_restricted_interconnect" { - source = "../partner_interconnect" - - attachment_project_id = local.restricted_net_hub_project_id - vpc_name = "${var.environment_code}-shared-restricted" - preactivate = true - - region1 = var.default_region1 - region1_router1_name = module.restricted_shared_vpc.region1_router1.router.name - region1_interconnect1_location = "las-zone1-770" - region1_interconnect1_onprem_dc = "onprem-dc1" - region1_router2_name = module.restricted_shared_vpc.region1_router2.router.name - region1_interconnect2_location = "las-zone1-770" - region1_interconnect2_onprem_dc = "onprem-dc2" - - region2 = var.default_region2 - region2_router1_name = module.restricted_shared_vpc.region2_router1.router.name - region2_interconnect1_location = "lax-zone2-19" - region2_interconnect1_onprem_dc = "onprem-dc3" - region2_router2_name = module.restricted_shared_vpc.region2_router2.router.name - region2_interconnect2_location = "lax-zone1-403" - region2_interconnect2_onprem_dc = "onprem-dc4" - - cloud_router_labels = { - vlan_1 = "cr5", - vlan_2 = "cr6", - vlan_3 = "cr7", - vlan_4 = "cr8" - } - - depends_on = [ - module.restricted_shared_vpc - ] -} - -module "shared_base_interconnect" { - source = "../partner_interconnect" - - attachment_project_id = local.base_net_hub_project_id - vpc_name = "${var.environment_code}-shared-base" - preactivate = true - - region1 = var.default_region1 - region1_router1_name = module.base_shared_vpc.region1_router1.router.name - region1_interconnect1_location = "las-zone1-770" - region1_interconnect1_onprem_dc = "onprem-dc1" - region1_router2_name = module.base_shared_vpc.region1_router2.router.name - region1_interconnect2_location = "las-zone1-770" - region1_interconnect2_onprem_dc = "onprem-dc2" - - region2 = var.default_region2 - region2_router1_name = module.base_shared_vpc.region2_router1.router.name - region2_interconnect1_location = "lax-zone2-19" - region2_interconnect1_onprem_dc = "onprem-dc3" - region2_router2_name = module.base_shared_vpc.region2_router2.router.name - region2_interconnect2_location = "lax-zone1-403" - region2_interconnect2_onprem_dc = "onprem-dc4" - - - cloud_router_labels = { - vlan_1 = "cr1", - vlan_2 = "cr2", - vlan_3 = "cr3", - vlan_4 = "cr4" - } - - depends_on = [ - module.base_shared_vpc - ] -} diff --git a/3-networks-hub-and-spoke/modules/partner_interconnect/README.md b/3-networks-hub-and-spoke/modules/partner_interconnect/README.md index f5b678a27..e29f095a9 100644 --- a/3-networks-hub-and-spoke/modules/partner_interconnect/README.md +++ b/3-networks-hub-and-spoke/modules/partner_interconnect/README.md @@ -4,14 +4,12 @@ This module implements the recommendation proposed in [Establishing 99.99% Avail ## Prerequisites -1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-c-{base|restricted}-net-hub` under the folder `fldr-common` in case of Hub and Spoke architecture. - -Without Hub and Spoke enabled VLAN attachments will be created in `prj-{p|n|d}-shared-{base|restricted}` under corresponding environment's folder. +1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-c-{base|restricted}-net-hub` and `prj-c-dns-hub` under the folder `fldr-common` in case of Hub and Spoke architecture. ## Usage -1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf` in the environment folder in `3-networks-hub-and-spoke/modules/base_env` . -1. Update the `enable_partner_interconnect` to `true` in each `main.tf` file in the environment folder in `3-networks-hub-and-spoke/envs/` . +1. Rename `partner_interconnect.tf.example` to `partner_interconnect.tf`in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`. +1. Rename `partner_interconnect.auto.tfvars.example` to `partner_interconnect.auto.tfvars` in the shared envs folder in `3-networks-hub-and-spoke/envs/shared`. 1. Update the file `partner_interconnect.tf` with values that are valid for your environment for the VLAN attachments, locations. diff --git a/3-networks-hub-and-spoke/modules/partner_interconnect/main.tf b/3-networks-hub-and-spoke/modules/partner_interconnect/main.tf index 8c25532cd..591403be1 100644 --- a/3-networks-hub-and-spoke/modules/partner_interconnect/main.tf +++ b/3-networks-hub-and-spoke/modules/partner_interconnect/main.tf @@ -45,7 +45,7 @@ resource "google_compute_interconnect_attachment" "interconnect_attachment2_regi } resource "google_compute_interconnect_attachment" "interconnect_attachment1_region2" { - name = "vl-${var.region2_interconnect1_onprem_dc}-${var.region2_interconnect1_location}-${var.vpc_name}-${var.region2}-${local.suffix1}" + name = "vl-${var.region2_interconnect1_onprem_dc}-${var.region2_interconnect1_location}-${var.vpc_name}-${var.region2}-${local.suffix3}" project = var.attachment_project_id region = var.region2 router = var.region2_router1_name @@ -56,7 +56,7 @@ resource "google_compute_interconnect_attachment" "interconnect_attachment1_regi } resource "google_compute_interconnect_attachment" "interconnect_attachment2_region2" { - name = "vl-${var.region2_interconnect2_onprem_dc}-${var.region2_interconnect2_location}-${var.vpc_name}-${var.region2}-${local.suffix2}" + name = "vl-${var.region2_interconnect2_onprem_dc}-${var.region2_interconnect2_location}-${var.vpc_name}-${var.region2}-${local.suffix4}" project = var.attachment_project_id region = var.region2 router = var.region2_router2_name