add qserv prod vpc peers

lsst · Jul 6, 2023 · 5387340 · 5387340
1 parent 8ad3f03
commit 5387340
Show file tree

Hide file tree

Showing 8 changed files with 127 additions and 2 deletions.
diff --git a/environment/deployments/qserv/env/prod-vpcpeer2.tfvars b/environment/deployments/qserv/env/prod-vpcpeer2.tfvars
@@ -0,0 +1,7 @@
+application_name        = "qserv"
+environment             = "int"
+network_name            = "qserv-int-vpc"
+
+remote_application_name = "science-platform"
+remote_environment      = "dev"
+remote_network_name     = "custom-vpc"
diff --git a/environment/deployments/qserv/env/prod-vpcpeer3.tfvars b/environment/deployments/qserv/env/prod-vpcpeer3.tfvars
@@ -0,0 +1,7 @@
+application_name = "qserv"
+environment      = "prod"
+network_name     = "qserv-prod-vpc"
+
+remote_application_name = "science-platform"
+remote_environment      = "int"
+remote_network_name     = "custom-vpc"
diff --git a/environment/deployments/qserv/vpc_peering2/main.tf b/environment/deployments/qserv/vpc_peering2/main.tf
@@ -34,7 +34,8 @@ module "peering-1" {
 
   local_network = data.google_compute_network.local_network.self_link
   peer_network  = data.google_compute_network.remote_peer_project.self_link
-  peer_name     = "vpc-peer-qserv-int-to-rsp-dev"
+  #peer_name     = "vpc-peer-qserv-int-to-rsp-dev"
+  peer_name = "vpc-peer-qserv-${var.environment}-to-rsp-${var.remote_environment}"
 
   export_local_custom_routes = true
-}
+}
diff --git a/environment/deployments/qserv/vpc_peering3/backend.tf b/environment/deployments/qserv/vpc_peering3/backend.tf
@@ -0,0 +1,11 @@
+# ------------------------------------------------------------
+#   BACKEND BLOCK
+# ------------------------------------------------------------
+
+terraform {
+  backend "gcs" {}
+  required_providers {
+    google      = "~> 3.1"
+    google-beta = "~> 3.1"
+  }
+}
diff --git a/environment/deployments/qserv/vpc_peering3/main.tf b/environment/deployments/qserv/vpc_peering3/main.tf
@@ -0,0 +1,40 @@
+# ----------------------------------------
+#   LOCAL PEER
+# ----------------------------------------
+data "google_projects" "local_peer_project" {
+  filter = "labels.application_name=${var.application_name} labels.environment=${var.environment}"
+}
+
+// Get the self link of the VPC in remote project
+data "google_compute_network" "local_network" {
+  project = data.google_projects.local_peer_project.projects[0].project_id
+  name    = var.network_name
+}
+
+# ----------------------------------------
+#   REMOTE PEER
+# ----------------------------------------
+// Filter project based on the project labels of the remote project
+data "google_projects" "remote_peer_project" {
+  filter = "labels.application_name=${var.remote_application_name} labels.environment=${var.remote_environment}"
+}
+
+// Get the self link of the VPC in local project
+data "google_compute_network" "remote_peer_project" {
+  project = data.google_projects.remote_peer_project.projects[0].project_id
+  name    = var.remote_network_name
+}
+
+# ----------------------------------------
+#   VPC PEERING
+# ----------------------------------------
+module "peering-1" {
+  # qserv-prod <-> rsp-dev
+  source = "../../../../modules/vpc_peering"
+
+  local_network = data.google_compute_network.local_network.self_link
+  peer_network  = data.google_compute_network.remote_peer_project.self_link
+  peer_name     = "vpc-peer-qserv-${var.environment}-to-rsp-${var.remote_environment}"
+
+  export_local_custom_routes = true
+}
diff --git a/environment/deployments/qserv/vpc_peering3/outputs.tf b/environment/deployments/qserv/vpc_peering3/outputs.tf
@@ -0,0 +1 @@
+
diff --git a/environment/deployments/qserv/vpc_peering3/readme.md b/environment/deployments/qserv/vpc_peering3/readme.md
@@ -0,0 +1,26 @@
+# VPC Peer
+
+This terraform module will peer two VPCs together.
+
+This setup assumes we're peering two GCP `projects` together and instead of hard coding the project_id we can filter the projects based on the labels assigned to the project.
+
+Last, we need to get the VPC name so we can get the self_link to peer the two VPCs together.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| google | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| application\_name | The local 'application\_name' label value. | `string` | n/a | yes |
+| environment | The local 'environment' label value | `string` | n/a | yes |
+| network\_name | The VPC name in the local project. | `string` | n/a | yes |
+| remote\_application\_name | The remote 'application\_name' label value. | `string` | `"science-platform"` | no |
+| remote\_environment | The remote `environment` label value. | `string` | `"dev"` | no |
+| remote\_network\_name | The VPC name in the remote project to peer to | `string` | `"custom-vpc"` | no |
+
+## Outputs
diff --git a/environment/deployments/qserv/vpc_peering3/variables.tf b/environment/deployments/qserv/vpc_peering3/variables.tf
@@ -0,0 +1,32 @@
+variable "remote_application_name" {
+  description = "The remote 'application_name' label value."
+  type        = string
+  default     = "science-platform"
+}
+
+variable "remote_environment" {
+  description = "The remote `environment` label value."
+  type        = string
+  default     = "dev"
+}
+
+variable "remote_network_name" {
+  description = "The VPC name in the remote project to peer to"
+  type        = string
+  default     = "custom-vpc"
+}
+
+variable "application_name" {
+  description = "The local 'application_name' label value."
+  type        = string
+}
+
+variable "environment" {
+  description = "The local 'environment' label value"
+  type        = string
+}
+
+variable "network_name" {
+  description = "The VPC name in the local project."
+  type        = string
+}