From 95f86f35dc457cdd306bdaa795ae622e7bd9dee3 Mon Sep 17 00:00:00 2001 From: Yisheng Cai Date: Fri, 21 Jul 2023 11:55:42 +0800 Subject: [PATCH] Add gcp module private-service (#31) * Add module private-service * Add README and examples --- examples/gcp/private-service/main.tf | 38 ++++++++++++++++++++ modules/gcp/private-service/README.md | 41 +++++++++++++++++++++ modules/gcp/private-service/common.tf | 34 ++++++++++++++++++ modules/gcp/private-service/main.tf | 51 +++++++++++++++++++++++++++ 4 files changed, 164 insertions(+) create mode 100644 examples/gcp/private-service/main.tf create mode 100644 modules/gcp/private-service/README.md create mode 100644 modules/gcp/private-service/common.tf create mode 100644 modules/gcp/private-service/main.tf diff --git a/examples/gcp/private-service/main.tf b/examples/gcp/private-service/main.tf new file mode 100644 index 0000000..352bb1a --- /dev/null +++ b/examples/gcp/private-service/main.tf @@ -0,0 +1,38 @@ +locals { + region = "us-east1" + project_id = "" +} + +provider "google" { + region = local.region + project = local.project_id +} + + +# Expose Private Pulsar Service to all regions in network default +module "gcp-private-service-core" { + source = "github.com/streamnative/terraform-managed-cloud//modules/gcp/private-service?ref=v3.3.1" + + region = local.region + network_name = "default" + subnet_name = "default" + domain_name = "gcp-use1-prod-snc.o-xxxx.g.snio.cloud" + service_attachment = "projects//regions/us-east1/serviceAttachments/pulsar-private-service" + cross_region_access = true + suffix = "core" +} + + +# Expose Private Pulsar Service to region us-east1 in network svc2 +module "gcp-private-service-svc2" { + source = "github.com/streamnative/terraform-managed-cloud//modules/gcp/private-service?ref=v3.3.1" + + region = local.region + network_name = "svc2" + subnet_name = "svc2" + domain_name = "gcp-use1-prod-snc.o-xxxx.g.snio.cloud" + service_attachment = "projects//regions/us-east1/serviceAttachments/pulsar-private-service" + cross_region_access = false + suffix = "svc2" +} + diff --git a/modules/gcp/private-service/README.md b/modules/gcp/private-service/README.md new file mode 100644 index 0000000..43e065c --- /dev/null +++ b/modules/gcp/private-service/README.md @@ -0,0 +1,41 @@ +# StreamNative Cloud - Managed GCP Private Service + +This Terraform modules configures your GCP network to access private StreamNative BYOC pulsar service. + +## QuickStart +Run the following terraform file with GCP Configuration: + +```hcl +locals { + region = "us-east1" + project_id = "" +} + +provider "google" { + region = local.region + project = local.project_id +} + + +# Expose Private Pulsar Service to all regions in network default +module "gcp-private-service-core" { + source = "github.com/streamnative/terraform-managed-cloud//modules/gcp/private-service?ref=v3.3.1" + + region = local.region + network_name = "default" + subnet_name = "default" + domain_name = "gcp-use1-prod-snc.o-xxxx.g.snio.cloud" + service_attachment = "projects//regions/us-east1/serviceAttachments/pulsar-private-service" + cross_region_access = true + suffix = "core" +} +``` +1. terraform init +1. terraform plan +1. terraform apply + + + +## Examples + +More examples of the modules can be found in the `examples/gcp/private-service` directory. diff --git a/modules/gcp/private-service/common.tf b/modules/gcp/private-service/common.tf new file mode 100644 index 0000000..c10d62b --- /dev/null +++ b/modules/gcp/private-service/common.tf @@ -0,0 +1,34 @@ +variable "region" { + type = string + description = "The GCP region where the private service connection will be configured." +} + +variable "network_name" { + type = string + description = "The GCP network where the private service connection will be available." +} + +variable "subnet_name" { + type = string + description = "The GCP subnet where the endpoint IP of private service connection will be allocated." +} + +variable "domain_name" { + type = string + description = "The base domain of private pulsar service." +} + +variable "service_attachment" { + type = string + description = "The id of pulsar private service attachment." +} + +variable "cross_region_access" { + type = bool + default = false + description = "Allow access cross regions in the network." +} + +variable "suffix" { + description = "The suffix that will be part of the name of resources." +} diff --git a/modules/gcp/private-service/main.tf b/modules/gcp/private-service/main.tf new file mode 100644 index 0000000..d70393f --- /dev/null +++ b/modules/gcp/private-service/main.tf @@ -0,0 +1,51 @@ +locals { + dns_name = "${var.domain_name}." +} + + +data "google_compute_network" "network" { + name = var.network_name +} + +data "google_compute_subnetwork" "subnet" { + name = var.subnet_name + region = var.region +} + +resource "google_compute_address" "psc_endpoint_address" { + name = "pulsar-psc-${var.suffix}" + region = var.region + subnetwork = data.google_compute_subnetwork.subnet.id + address_type = "INTERNAL" +} + + +resource "google_dns_managed_zone" "psc_endpoint_zone" { + name = "pulsar-psc-${var.suffix}" + dns_name = local.dns_name + visibility = "private" + private_visibility_config { + networks { + network_url = data.google_compute_network.network.id + } + } +} + +resource "google_dns_record_set" "wildcard_endpoint" { + managed_zone = google_dns_managed_zone.psc_endpoint_zone.name + name = "*.${local.dns_name}" + type = "A" + ttl = 300 + rrdatas = [google_compute_address.psc_endpoint_address.address] +} + + +resource "google_compute_forwarding_rule" "psc_endpoint" { + name = "pulsar-psc-${var.suffix}" + region = var.region + load_balancing_scheme = "" + allow_psc_global_access = var.cross_region_access + target = var.service_attachment + network = data.google_compute_network.network.id + ip_address = google_compute_address.psc_endpoint_address.id +}