feat: add vpc submodule

modules/vpc/main.tf

@@ -0,0 +1,58 @@
+locals {
+  subnet_name     = var.subnet_name != "" ? var.subnet_name : "${var.network_name}-${var.region}"
+  psc_subnet_name = "${local.subnet_name}-psc"
+}
+
+module "network" {
+  source  = "terraform-google-modules/network/google"
+  version = ">= 4.1.0, < 7.2.0"
+  # TODO: wait for fix release https://github.com/terraform-google-modules/terraform-google-network/pull/479
+  # this bug will make properties on subnet won't take effect, like purpose
+
+  project_id   = var.project
+  network_name = var.network_name
+
+  subnets = [
+    {
+      subnet_name           = local.subnet_name
+      subnet_ip             = var.vpc_cidr
+      subnet_region         = var.region
+      subnet_private_access = "true"
+    },
+    {
+      subnet_name   = local.psc_subnet_name
+      subnet_ip     = var.psc_vpc_cidr
+      subnet_region = var.region
+      purpose       = "PRIVATE_SERVICE_CONNECT"
+    },
+  ]
+
+  secondary_ranges = {
+    (local.subnet_name) = [
+      {
+        range_name    = var.secondary_ip_range_pods_name
+        ip_cidr_range = var.secondary_ip_range_pods
+      },
+      {
+        range_name    = var.secondary_ip_range_services_name
+        ip_cidr_range = var.secondary_ip_range_services
+      },
+    ]
+  }
+}
+
+// TODO implement firewall rules for privateservice connect
+
+module "cloud_router" {
+  source  = "terraform-google-modules/cloud-router/google"
+  version = "~> 5.0"
+
+  project = var.project
+  name    = "${var.network_name}-sn-router"
+  network = module.network.network_name
+  region  = var.region
+
+  nats = [{
+    name = "sn-nat-gateway"
+  }]
+}

modules/vpc/outputs.tf

@@ -0,0 +1,27 @@
+output "network" {
+  value = module.network.network_name
+}
+
+output "subnet_name" {
+  value = module.network.subnets_names[0]
+}
+
+output "psc_subnet_name" {
+  value = local.psc_subnet_name
+}
+
+output "secondary_ip_range_pods" {
+  value = var.secondary_ip_range_pods
+}
+
+output "secondary_ip_range_pods_name" {
+  value = var.secondary_ip_range_pods_name
+}
+
+output "secondary_ip_range_services" {
+  value = var.secondary_ip_range_services
+}
+
+output "secondary_ip_range_services_name" {
+  value = var.secondary_ip_range_services_name
+}

modules/vpc/variables.tf

@@ -0,0 +1,62 @@
+variable "project" {
+  type        = string
+  description = "The GCP project to deploy to"
+}
+
+variable "region" {
+  type        = string
+  description = "The GCP region to deploy to"
+}
+
+variable "network_name" {
+  type        = string
+  description = "The name of the VPC"
+}
+
+variable "subnet_name" {
+  type        = string
+  default     = ""
+  description = "The name of the subnet, can be left empty to auto-generate"
+}
+
+variable "vpc_cidr" {
+  type        = string
+  default     = "10.0.0.0/16"
+  description = "The CIDR block for the VPC"
+}
+
+variable "psc_subnet_name" {
+  type        = string
+  default     = ""
+  description = "The name of the PSC subnet, can be left empty to auto-generate"
+}
+
+variable "psc_vpc_cidr" {
+  type        = string
+  default     = "10.1.0.0/18"
+  description = "The CIDR block for the private service connect"
+}
+
+variable "secondary_ip_range_pods" {
+  type        = string
+  default     = "192.168.0.0/18"
+  description = "The secondary IP range for pods"
+}
+
+variable "secondary_ip_range_services" {
+  type        = string
+  default     = "192.168.64.0/18"
+  description = "The secondary IP range for services"
+}
+
+variable "secondary_ip_range_pods_name" {
+  type        = string
+  default     = "ip-range-pods"
+  description = "The name of the secondary IP range for pods"
+}
+
+variable "secondary_ip_range_services_name" {
+  type        = string
+  default     = "ip-range-svc"
+  description = "The name of the secondary IP range for services"
+}