Created
October 20, 2019 11:36
-
-
Save ibenrodriguez/9667933cfb2dfec8fd868f09943d854a to your computer and use it in GitHub Desktop.
attempt to reproduce test 2b
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
8 commits over 2 days 14 changed files with 170 additions and 73 deletions. | |
31 terraform/aws_compute.tf | |
@@ -39,11 +39,9 @@ resource "aws_instance" "vm2a" { | |
user_data = "${data.template_file.install_ubuntu_deps_vm2a.rendered}" | |
vpc_security_group_ids = [ | |
"${aws_security_group.aws-allow-icmp.id}", | |
"${aws_security_group.aws-allow-ssh.id}", | |
"${aws_security_group.aws-allow-nginx.id}", | |
"${aws_security_group.aws-allow-icmp-gcp.id}" | |
"${aws_security_group.aws-allow-icmp-a.id}", | |
"${aws_security_group.aws-allow-ssh-a.id}", | |
"${aws_security_group.aws-allow-nginx-a.id}" | |
] | |
tags = { | |
@@ -63,10 +61,9 @@ resource "aws_instance" "vm2b" { | |
user_data = "${data.template_file.install_ubuntu_deps_vm2b.rendered}" | |
vpc_security_group_ids = [ | |
"${aws_security_group.aws-allow-icmp.id}", | |
"${aws_security_group.aws-allow-ssh.id}", | |
"${aws_security_group.aws-allow-nginx.id}", | |
"${aws_security_group.aws-allow-icmp-gcp.id}" | |
"${aws_security_group.aws-allow-icmp-b.id}", | |
"${aws_security_group.aws-allow-ssh-b.id}", | |
"${aws_security_group.aws-allow-nginx-b.id}" | |
] | |
tags = { | |
@@ -86,11 +83,9 @@ resource "aws_instance" "vm2c" { | |
user_data = "${data.template_file.install_centos_deps_vm2c.rendered}" | |
vpc_security_group_ids = [ | |
"${aws_security_group.aws-allow-icmp.id}", | |
"${aws_security_group.aws-allow-ssh.id}", | |
"${aws_security_group.aws-allow-nginx.id}", | |
"${aws_security_group.aws-allow-icmp-gcp.id}" | |
"${aws_security_group.aws-allow-icmp-a.id}", | |
"${aws_security_group.aws-allow-ssh-a.id}", | |
"${aws_security_group.aws-allow-nginx-a.id}" | |
] | |
tags = { | |
@@ -110,11 +105,9 @@ resource "aws_instance" "vm2d" { | |
user_data = "${data.template_file.install_centos_deps_vm2d.rendered}" | |
vpc_security_group_ids = [ | |
"${aws_security_group.aws-allow-icmp.id}", | |
"${aws_security_group.aws-allow-ssh.id}", | |
"${aws_security_group.aws-allow-nginx.id}", | |
"${aws_security_group.aws-allow-icmp-gcp.id}" | |
"${aws_security_group.aws-allow-icmp-b.id}", | |
"${aws_security_group.aws-allow-ssh-b.id}", | |
"${aws_security_group.aws-allow-nginx-b.id}" | |
] | |
tags = { | |
34 terraform/aws_security.tf → terraform/aws_security_a.tf | |
@@ -1,6 +1,5 @@ | |
resource "aws_security_group" "aws-allow-icmp" { | |
name = "aws-allow-icmp-${var.instance_id}" | |
resource "aws_security_group" "aws-allow-icmp-a" { | |
name = "aws-allow-icmp-a-${var.instance_id}" | |
description = "Allow icmp access from anywhere" | |
vpc_id = "${aws_vpc.aws_cluster_network.id}" | |
@@ -19,29 +18,8 @@ resource "aws_security_group" "aws-allow-icmp" { | |
} | |
} | |
resource "aws_security_group" "aws-allow-icmp-gcp" { | |
name = "aws-allow-icmp-gcp-${var.instance_id}" | |
description = "Allow icmp access from anywhere" | |
vpc_id = "${aws_vpc.aws_cluster_network.id}" | |
ingress { | |
from_port = 8 | |
to_port = 0 | |
protocol = "icmp" | |
cidr_blocks = ["${var.gcp_subnet_vpn}"] | |
} | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["${var.gcp_subnet_vpn}"] | |
} | |
} | |
resource "aws_security_group" "aws-allow-ssh" { | |
name = "aws-allow-ssh-${var.instance_id}" | |
resource "aws_security_group" "aws-allow-ssh-a" { | |
name = "aws-allow-ssh-a-${var.instance_id}" | |
description = "Allow ssh access from anywhere" | |
vpc_id = "${aws_vpc.aws_cluster_network.id}" | |
@@ -60,8 +38,8 @@ resource "aws_security_group" "aws-allow-ssh" { | |
} | |
} | |
resource "aws_security_group" "aws-allow-nginx" { | |
name = "aws-allow-nginx-${var.instance_id}" | |
resource "aws_security_group" "aws-allow-nginx-a" { | |
name = "aws-allow-nginx-a-${var.instance_id}" | |
description = "Allow nginx access from anywhere" | |
vpc_id = "${aws_vpc.aws_cluster_network.id}" | |
59 terraform/aws_security_b.tf | |
@@ -0,0 +1,59 @@ | |
resource "aws_security_group" "aws-allow-icmp-b" { | |
name = "aws-allow-icmp-b-${var.instance_id}" | |
description = "Allow icmp access from anywhere" | |
vpc_id = "${aws_vpc.aws_cluster_network.id}" | |
ingress { | |
from_port = 8 | |
to_port = 0 | |
protocol = "icmp" | |
cidr_blocks = ["${var.allowed_ip}", "${var.gcp_vpc}", "${var.azure_vpc}", "${var.aws_vpc}"] | |
} | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
} | |
resource "aws_security_group" "aws-allow-ssh-b" { | |
name = "aws-allow-ssh-b-${var.instance_id}" | |
description = "Allow ssh access from anywhere" | |
vpc_id = "${aws_vpc.aws_cluster_network.id}" | |
ingress { | |
from_port = 22 | |
to_port = 22 | |
protocol = "tcp" | |
cidr_blocks = ["${var.allowed_ip}", "${var.gcp_vpc}", "${var.azure_vpc}", "${var.aws_vpc}"] | |
} | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["${var.allowed_ip}", "${var.gcp_vpc}", "${var.azure_vpc}", "${var.aws_vpc}"] | |
} | |
} | |
resource "aws_security_group" "aws-allow-nginx-b" { | |
name = "aws-allow-nginx-b-${var.instance_id}" | |
description = "Allow nginx access from anywhere" | |
vpc_id = "${aws_vpc.aws_cluster_network.id}" | |
ingress { | |
from_port = 80 | |
to_port = 80 | |
protocol = "tcp" | |
cidr_blocks = ["${var.allowed_ip}", "${var.gcp_vpc}", "${var.azure_vpc}", "${var.aws_vpc}"] | |
} | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["${var.allowed_ip}", "${var.gcp_vpc}", "${var.azure_vpc}", "${var.aws_vpc}"] | |
} | |
} | |
6 terraform/aws_variables.tf | |
@@ -15,10 +15,6 @@ variable "aws_vms_size" { | |
default = "t3.micro" | |
type = "string" | |
} | |
variable "aws_subnet_vpn" { | |
default = "10.242.0.0/16" | |
type = "string" | |
} | |
variable "aws_subnet2a1" { | |
default = "10.242.1.0/24" | |
type = "string" | |
@@ -35,7 +31,7 @@ variable "aws_subnet2b2" { | |
default = "10.242.4.0/24" | |
type = "string" | |
} | |
variable "aws_vpc_cidr" { | |
variable "aws_vpc" { | |
default = "10.242.0.0/16" | |
type = "string" | |
} | |
2 terraform/aws_vpc.tf | |
@@ -3,7 +3,7 @@ data "aws_availability_zones" "available" { | |
} | |
resource "aws_vpc" "aws_cluster_network" { | |
cidr_block = "${var.aws_vpc_cidr}" | |
cidr_block = "${var.aws_vpc}" | |
tags = "${ | |
map( | |
2 terraform/aws_vpn.tf | |
@@ -27,7 +27,7 @@ resource "aws_vpn_connection" "aws-vpn-connection1" { | |
} | |
resource "aws_vpn_connection_route" "gcp_hybrid_cloud-1" { | |
destination_cidr_block = "${var.gcp_subnet_vpn}" | |
destination_cidr_block = "${var.gcp_vpc}" | |
vpn_connection_id = "${aws_vpn_connection.aws-vpn-connection1.id}" | |
} | |
8 terraform/azure_compute.tf | |
@@ -89,7 +89,7 @@ resource "azurerm_network_interface" "vm3a-nic" { | |
name = "vm3a-nic-${var.instance_id}" | |
location = "${azurerm_resource_group.k8s.location}" | |
resource_group_name = "${azurerm_resource_group.k8s.name}" | |
network_security_group_id = "${azurerm_network_security_group.azure-security-group.id}" | |
network_security_group_id = "${azurerm_network_security_group.azure-security-group-a.id}" | |
ip_configuration { | |
name = "nic-config" | |
@@ -107,7 +107,7 @@ resource "azurerm_network_interface" "vm3b-nic" { | |
name = "vm3b-nic-${var.instance_id}" | |
location = "${azurerm_resource_group.k8s.location}" | |
resource_group_name = "${azurerm_resource_group.k8s.name}" | |
network_security_group_id = "${azurerm_network_security_group.azure-security-group.id}" | |
network_security_group_id = "${azurerm_network_security_group.azure-security-group-b.id}" | |
ip_configuration { | |
name = "nic-config" | |
@@ -125,7 +125,7 @@ resource "azurerm_network_interface" "vm3c-nic" { | |
name = "vm3c-nic-${var.instance_id}" | |
location = "${azurerm_resource_group.k8s.location}" | |
resource_group_name = "${azurerm_resource_group.k8s.name}" | |
network_security_group_id = "${azurerm_network_security_group.azure-security-group.id}" | |
network_security_group_id = "${azurerm_network_security_group.azure-security-group-a.id}" | |
ip_configuration { | |
name = "nic-config" | |
@@ -143,7 +143,7 @@ resource "azurerm_network_interface" "vm3d-nic" { | |
name = "vm3d-nic-${var.instance_id}" | |
location = "${azurerm_resource_group.k8s.location}" | |
resource_group_name = "${azurerm_resource_group.k8s.name}" | |
network_security_group_id = "${azurerm_network_security_group.azure-security-group.id}" | |
network_security_group_id = "${azurerm_network_security_group.azure-security-group-b.id}" | |
ip_configuration { | |
name = "nic-config" | |
38 terraform/azure_network.tf | |
@@ -62,8 +62,8 @@ resource "azurerm_subnet_route_table_association" "vnet_assoc_b" { | |
subnet_id = "${azurerm_subnet.subnet3b.id}" | |
route_table_id = "${azurerm_route_table.route_subnet3b.id}" | |
} | |
resource "azurerm_network_security_group" "azure-security-group" { | |
name = "azure-security-group-${var.instance_id}" | |
resource "azurerm_network_security_group" "azure-security-group-a" { | |
name = "azure-security-group-a-${var.instance_id}" | |
location = "${azurerm_resource_group.k8s.location}" | |
resource_group_name = "${azurerm_resource_group.k8s.name}" | |
@@ -95,3 +95,37 @@ resource "azurerm_network_security_group" "azure-security-group" { | |
environment = "Production" | |
} | |
} | |
resource "azurerm_network_security_group" "azure-security-group-b" { | |
name = "azure-security-group-b-${var.instance_id}" | |
location = "${azurerm_resource_group.k8s.location}" | |
resource_group_name = "${azurerm_resource_group.k8s.name}" | |
security_rule { | |
name = "ALL-IN" | |
priority = 1001 | |
direction = "Inbound" | |
access = "Allow" | |
protocol = "*" | |
source_port_range = "*" | |
destination_port_range = "*" | |
source_address_prefixes = ["${var.allowed_ip}", "${var.azure_vpc}", "${var.gcp_vpc}", "${var.aws_vpc}"] | |
destination_address_prefix = "*" | |
} | |
security_rule { | |
name = "ALL-OUT" | |
priority = 1001 | |
direction = "Outbound" | |
access = "Allow" | |
protocol = "*" | |
source_port_range = "*" | |
destination_port_range = "*" | |
source_address_prefix = "*" | |
destination_address_prefix = "*" | |
} | |
tags = { | |
environment = "Production" | |
} | |
} | |
4 terraform/azure_vpn.tf | |
@@ -7,7 +7,7 @@ resource "azurerm_local_network_gateway" "gcp-test-gw" { | |
resource_group_name = "${azurerm_resource_group.k8s.name}" | |
gateway_address = "${google_compute_address.gcp-vpn-ip.address}" | |
address_space = ["${var.gcp_subnet_vpn}"] | |
address_space = ["${var.gcp_vpc}"] | |
} | |
resource "azurerm_local_network_gateway" "aws-test-gw" { | |
name = "aws-test-gw" | |
@@ -16,7 +16,7 @@ resource "azurerm_local_network_gateway" "aws-test-gw" { | |
resource_group_name = "${azurerm_resource_group.k8s.name}" | |
gateway_address = "${aws_vpn_connection.aws-vpn-connection2.tunnel1_address}" | |
address_space = ["${var.aws_subnet_vpn}"] | |
address_space = ["${var.aws_vpc}"] | |
} | |
4 terraform/gcp_compute.tf | |
@@ -80,6 +80,7 @@ resource "google_compute_address" "vm1d-ipv4" { | |
resource "google_compute_instance" "vm1a" { | |
name = "vm1a-${var.instance_id}" | |
machine_type = "${var.gcp_vms_size}" | |
tags = ["instance-a"] | |
zone = "${data.google_compute_zones.available.names[0]}" | |
@@ -106,6 +107,7 @@ resource "google_compute_instance" "vm1a" { | |
resource "google_compute_instance" "vm1b" { | |
name = "vm1b-${var.instance_id}" | |
tags = ["instance-b"] | |
machine_type = "${var.gcp_vms_size}" | |
zone = "${data.google_compute_zones.available.names[0]}" | |
@@ -134,6 +136,7 @@ resource "google_compute_instance" "vm1b" { | |
resource "google_compute_instance" "vm1c" { | |
name = "vm1c-${var.instance_id}" | |
machine_type = "${var.gcp_vms_size}" | |
tags = ["instance-a"] | |
zone = "${data.google_compute_zones.available.names[0]}" | |
boot_disk { | |
@@ -160,6 +163,7 @@ resource "google_compute_instance" "vm1c" { | |
resource "google_compute_instance" "vm1d" { | |
name = "vm1d-${var.instance_id}" | |
machine_type = "${var.gcp_vms_size}" | |
tags = ["instance-b"] | |
zone = "${data.google_compute_zones.available.names[0]}" | |
boot_disk { | |
39 terraform/gcp_security.tf | |
@@ -1,5 +1,5 @@ | |
resource "google_compute_firewall" "debug" { | |
name = "debug-firewall-${var.instance_id}" | |
resource "google_compute_firewall" "allow-a" { | |
name = "allow-a-firewall-${var.instance_id}" | |
network = "${google_compute_network.gcp-network.name}" | |
allow { | |
@@ -8,12 +8,36 @@ resource "google_compute_firewall" "debug" { | |
allow { | |
protocol = "tcp" | |
ports = ["22"] | |
} | |
source_tags = ["ssh"] | |
target_tags = ["instance-a"] | |
source_ranges = ["0.0.0.0/0"] | |
} | |
resource "google_compute_firewall" "allow-b" { | |
name = "allow-b-firewall-${var.instance_id}" | |
network = "${google_compute_network.gcp-network.name}" | |
allow { | |
protocol = "icmp" | |
} | |
allow { | |
protocol = "tcp" | |
ports = ["22"] | |
} | |
target_tags = ["instance-b"] | |
source_ranges = [ | |
"${var.allowed_ip}", | |
"${var.gcp_vpc}", | |
"${var.aws_vpc}", | |
"${var.azure_vpc}" | |
] | |
priority = 100 | |
} | |
resource "google_compute_firewall" "gcp-allow-vpn" { | |
name = "${google_compute_network.gcp-network.name}-gcp-allow-vpn-${var.instance_id}" | |
network = "${google_compute_network.gcp-network.name}" | |
@@ -27,12 +51,17 @@ resource "google_compute_firewall" "gcp-allow-vpn" { | |
protocol = "udp" | |
ports = ["0-65535"] | |
} | |
allow { | |
protocol = "icmp" | |
} | |
allow { | |
protocol = "all" | |
} | |
source_ranges = [ | |
"${var.aws_subnet_vpn}", | |
"${var.gcp_vpc}", | |
"${var.aws_vpc}", | |
"${var.azure_vpc}" | |
] | |
} | |
2 terraform/gcp_variables.tf | |
@@ -2,7 +2,7 @@ variable "gcp_region" { | |
default = "europe-north1" | |
type = "string" | |
} | |
variable "gcp_subnet_vpn" { | |
variable "gcp_vpc" { | |
default = "10.241.0.0/16" | |
type = "string" | |
} | |
8 terraform/gcp_vpn.tf | |
@@ -47,8 +47,8 @@ resource "google_compute_vpn_tunnel" "gcp-tunnel1" { | |
ike_version = 1 | |
target_vpn_gateway = "${google_compute_vpn_gateway.gcp-vpn-gw.self_link}" | |
local_traffic_selector = ["${var.gcp_subnet_vpn}"] | |
remote_traffic_selector = ["${var.aws_subnet_vpn}"] | |
local_traffic_selector = ["${var.gcp_vpc}"] | |
remote_traffic_selector = ["${var.aws_vpc}"] | |
depends_on = [ | |
"google_compute_forwarding_rule.fr_esp", | |
@@ -59,7 +59,7 @@ resource "google_compute_vpn_tunnel" "gcp-tunnel1" { | |
resource "google_compute_route" "aws1" { | |
name = "aws-route1-${var.instance_id}" | |
dest_range = "${var.aws_subnet_vpn}" | |
dest_range = "${var.aws_vpc}" | |
network = "${google_compute_network.gcp-network.self_link}" | |
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.gcp-tunnel1.self_link}" | |
priority = 100 | |
@@ -80,7 +80,7 @@ resource "google_compute_vpn_tunnel" "gcp-tunnel2" { | |
target_vpn_gateway = "${google_compute_vpn_gateway.gcp-vpn-gw.self_link}" | |
local_traffic_selector = ["${var.gcp_subnet_vpn}"] | |
local_traffic_selector = ["${var.gcp_vpc}"] | |
remote_traffic_selector = ["${var.azure_vpc}"] | |
depends_on = [ | |
6 terraform/variables.tf | |
@@ -10,4 +10,8 @@ variable "private_ssh_key" { | |
variable "instance_id" { | |
type = "string" | |
} | |
} | |
variable "allowed_ip" { | |
type = "string" | |
default = "" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment