-
Notifications
You must be signed in to change notification settings - Fork 93
/
metadata.yaml
185 lines (184 loc) · 5.55 KB
/
metadata.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: blueprints.cloud.google.com/v1alpha1
kind: BlueprintMetadata
metadata:
name: terraform-google-vpn
annotations:
config.kubernetes.io/local-config: "true"
spec:
title: 'Terraform Google Cloud Platform - '
source:
repo: https://github.com/terraform-google-modules/terraform-google-vpn
sourceType: git
version: 4.2.0
actuationTool:
type: Terraform
version: '>=0.13.0'
subBlueprints:
- name: vpn_ha
location: modules/vpn_ha
examples:
- name: multi_tunnels
location: examples/multi_tunnels
- name: single_tunnels
location: examples/single_tunnels
- name: vpn_ha
location: examples/vpn_ha
variables:
- name: advertised_route_priority
description: Please enter the priority for the advertised route to BGP peer(default is 100)
type: number
default: 100
required: false
- name: bgp_cr_session_range
description: Please enter the cloud-router interface IP/Session IP
type: list(string)
default:
- 169.254.1.1/30
- 169.254.1.5/30
required: false
- name: bgp_remote_session_range
description: Please enter the remote environments BGP Session IP
type: list(string)
default:
- 169.254.1.2
- 169.254.1.6
required: false
- name: cr_enabled
description: If there is a cloud router for BGP routing
type: bool
default: false
required: false
- name: cr_name
description: The name of cloud router for BGP routing
type: string
default: ""
required: false
- name: gateway_name
description: The name of VPN gateway
type: string
default: test-vpn
required: false
- name: ike_version
description: Please enter the IKE version used by this tunnel (default is IKEv2)
type: number
default: 2
required: false
- name: local_traffic_selector
description: |
Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway.
Value should be list of CIDR formatted strings and ranges should be disjoint.
type: list(string)
default:
- 0.0.0.0/0
required: false
- name: network
description: The name of VPC being created
type: string
required: true
- name: peer_asn
description: Please enter the ASN of the BGP peer that cloud router will use
type: list(string)
default:
- "65101"
required: false
- name: peer_ips
description: IP address of remote-peer/gateway
type: list(string)
required: true
- name: project_id
description: The ID of the project where this VPC will be created
type: string
required: true
- name: region
description: The region in which you want to create the VPN gateway
type: string
required: true
- name: remote_subnet
description: remote subnet ip range in CIDR format - x.x.x.x/x
type: list(string)
default: []
required: false
- name: remote_traffic_selector
description: |
Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway.
Value should be list of CIDR formatted strings and ranges should be disjoint.
type: list(string)
default:
- 0.0.0.0/0
required: false
- name: route_priority
description: Priority for static route being created
type: number
default: 1000
required: false
- name: route_tags
description: A list of instance tags to which this route applies.
type: list(string)
default: []
required: false
- name: shared_secret
description: Please enter the shared secret/pre-shared key
type: string
default: ""
required: false
- name: tunnel_count
description: The number of tunnels from each VPN gw (default is 1)
type: number
default: 1
required: false
- name: tunnel_name_prefix
description: The optional custom name of VPN tunnel being created
type: string
default: ""
required: false
- name: vpn_gw_ip
description: Please enter the public IP address of the VPN Gateway, if you have already one. Do not set this variable to autocreate one
type: string
default: ""
required: false
outputs:
- name: gateway_ip
description: The VPN Gateway Public IP
- name: gateway_self_link
description: The self-link of the Gateway
- name: ipsec_secret-dynamic
description: The secret
- name: ipsec_secret-static
description: The secret
- name: name
description: The name of the Gateway
- name: network
description: The name of the VPC
- name: project_id
description: The Project-ID
- name: vpn_tunnels_names-dynamic
description: The VPN tunnel name is
- name: vpn_tunnels_names-static
description: The VPN tunnel name is
- name: vpn_tunnels_self_link-dynamic
description: The VPN tunnel self-link is
- name: vpn_tunnels_self_link-static
description: The VPN tunnel self-link is
roles:
- level: Project
roles:
- roles/owner
- roles/compute.networkAdmin
- roles/compute.instanceAdmin
- roles/iam.serviceAccountUser
services:
- cloudresourcemanager.googleapis.com
- compute.googleapis.com