DNS Refactory for hub-and-spoke

renato-rudnicki · renato-rudnicki · commit 7f3dbcfe88ae · 2024-11-01T17:58:15.000-03:00
diff --git a/3-networks-hub-and-spoke/envs/shared/dns-hub.tf b/3-networks-hub-and-spoke/envs/shared/dns-hub.tf
@@ -18,7 +18,7 @@
   DNS Hub VPC
 *****************************************/
 
-module "dns_hub_vpc" {
+module "dns_hub_vpc" { ///cria rede vpc
   source  = "terraform-google-modules/network/google"
   version = "~> 9.0"
 
@@ -99,7 +99,7 @@ module "dns-forwarding-zone" {
   Routers to advertise DNS proxy range "35.199.192.0/19"
 *********************************************************/
 
-module "dns_hub_region1_router1" {
+module "dns_hub_region1_router1" { //roteadores bgp
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 6.0"
 
diff --git a/3-networks-hub-and-spoke/envs/shared/interconnect.tf.example b/3-networks-hub-and-spoke/envs/shared/interconnect.tf.example
@@ -17,7 +17,7 @@
 module "dns_hub_interconnect" {
   source = "../../modules/dedicated_interconnect"
 
-  vpc_name                = "net-dns"
+  vpc_name                = "vpc-net-dns"
   interconnect_project_id = local.dns_hub_project_id
 
   region1                                 = local.default_region1
diff --git a/3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example b/3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example
@@ -18,7 +18,7 @@
 module "dns_hub_interconnect" {
   source = "../../modules/partner_interconnect"
 
-  vpc_name              = "net-dns"
+  vpc_name              = "vpc-net-dns"
   attachment_project_id = local.dns_hub_project_id
   preactivate           = var.preactivate_partner_interconnect
 
diff --git a/3-networks-hub-and-spoke/modules/base_shared_vpc/dns.tf b/3-networks-hub-and-spoke/modules/base_shared_vpc/dns.tf
@@ -40,6 +40,8 @@ module "peering_zone" {
   source  = "terraform-google-modules/cloud-dns/google"
   version = "~> 5.0"
 
+  count = local.mode == "spoke" ? 1 : 0
+
   project_id  = var.project_id
   type        = "peering"
   name        = "dz-${var.environment_code}-shared-base-to-dns-hub"
@@ -51,3 +53,23 @@ module "peering_zone" {
   ]
   target_network = data.google_compute_network.vpc_dns_hub.self_link
 }
+
+/******************************************
+ DNS Forwarding
+*****************************************/
+module "dns-forwarding-zone" {
+  source  = "terraform-google-modules/cloud-dns/google"
+  version = "~> 5.0"
+
+  count   = var.mode != "spoke" ? 1 : 0
+
+  project_id = var.project_id
+  type       = "forwarding"
+  name       = "fz-dns-hub"
+  domain     = var.domain
+
+  private_visibility_config_networks = [
+    module.dns_hub_vpc.network_self_link
+  ]
+  target_name_server_addresses = data.google_compute_network.vpc_dns_hub.self_link
+}
diff --git a/3-networks-hub-and-spoke/modules/base_shared_vpc/main.tf b/3-networks-hub-and-spoke/modules/base_shared_vpc/main.tf
@@ -126,7 +126,10 @@ module "region1_router1" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.private_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.private_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
 
@@ -142,7 +145,10 @@ module "region1_router2" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.private_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.private_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
 
@@ -158,7 +164,10 @@ module "region2_router1" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.private_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.private_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
 
@@ -174,6 +183,9 @@ module "region2_router2" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.private_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.private_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
diff --git a/3-networks-hub-and-spoke/modules/restricted_shared_vpc/dns.tf b/3-networks-hub-and-spoke/modules/restricted_shared_vpc/dns.tf
@@ -40,6 +40,8 @@ module "peering_zone" {
   source  = "terraform-google-modules/cloud-dns/google"
   version = "~> 5.0"
 
+  count = var.mode == "spoke" ? 1 : 0
+
   project_id  = var.project_id
   type        = "peering"
   name        = "dz-${var.environment_code}-shared-restricted-to-dns-hub"
@@ -51,3 +53,23 @@ module "peering_zone" {
   ]
   target_network = data.google_compute_network.vpc_dns_hub.self_link
 }
+
+/******************************************
+ DNS Forwarding
+*****************************************/
+module "dns-forwarding-zone" {
+  source  = "terraform-google-modules/cloud-dns/google"
+  version = "~> 5.0"
+
+  count   = var.mode != "spoke" ? 1 : 0
+
+  project_id = var.project_id
+  type       = "forwarding"
+  name       = "fz-dns-hub"
+  domain     = var.domain
+
+  private_visibility_config_networks = [
+    module.dns_hub_vpc.network_self_link
+  ]
+  target_name_server_addresses = data.google_compute_network.vpc_dns_hub.self_link
+}
diff --git a/3-networks-hub-and-spoke/modules/restricted_shared_vpc/main.tf b/3-networks-hub-and-spoke/modules/restricted_shared_vpc/main.tf
@@ -130,7 +130,10 @@ module "region1_router1" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.restricted_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.restricted_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
 
@@ -146,7 +149,10 @@ module "region1_router2" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.restricted_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.restricted_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
 
@@ -162,7 +168,10 @@ module "region2_router1" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.restricted_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.restricted_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
 
@@ -178,6 +187,9 @@ module "region2_router2" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.restricted_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.restricted_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -126,7 +126,10 @@ module "region1_router1" {`
`126`	`126`	`bgp = {`
`127`	`127`	`asn = var.bgp_asn_subnet`
`128`	`128`	`advertised_groups = ["ALL_SUBNETS"]`
`129`		`- advertised_ip_ranges = [{ range = local.private_googleapis_cidr }]`
	`129`	`+ advertised_ip_ranges = [`
	`130`	`+ { range = local.private_googleapis_cidr },`
	`131`	`+ { range = "35.199.192.0/19" }`
	`132`	`+ ]`
`130`	`133`	`}`
`131`	`134`	`}`
`132`	`135`
`@@ -142,7 +145,10 @@ module "region1_router2" {`
`142`	`145`	`bgp = {`
`143`	`146`	`asn = var.bgp_asn_subnet`
`144`	`147`	`advertised_groups = ["ALL_SUBNETS"]`
`145`		`- advertised_ip_ranges = [{ range = local.private_googleapis_cidr }]`
	`148`	`+ advertised_ip_ranges = [`
	`149`	`+ { range = local.private_googleapis_cidr },`
	`150`	`+ { range = "35.199.192.0/19" }`
	`151`	`+ ]`
`146`	`152`	`}`
`147`	`153`	`}`
`148`	`154`
`@@ -158,7 +164,10 @@ module "region2_router1" {`
`158`	`164`	`bgp = {`
`159`	`165`	`asn = var.bgp_asn_subnet`
`160`	`166`	`advertised_groups = ["ALL_SUBNETS"]`
`161`		`- advertised_ip_ranges = [{ range = local.private_googleapis_cidr }]`
	`167`	`+ advertised_ip_ranges = [`
	`168`	`+ { range = local.private_googleapis_cidr },`
	`169`	`+ { range = "35.199.192.0/19" }`
	`170`	`+ ]`
`162`	`171`	`}`
`163`	`172`	`}`
`164`	`173`
`@@ -174,6 +183,9 @@ module "region2_router2" {`
`174`	`183`	`bgp = {`
`175`	`184`	`asn = var.bgp_asn_subnet`
`176`	`185`	`advertised_groups = ["ALL_SUBNETS"]`
`177`		`- advertised_ip_ranges = [{ range = local.private_googleapis_cidr }]`
	`186`	`+ advertised_ip_ranges = [`
	`187`	`+ { range = local.private_googleapis_cidr },`
	`188`	`+ { range = "35.199.192.0/19" }`
	`189`	`+ ]`
`178`	`190`	`}`
`179`	`191`	`}`
Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,10 @@ module "region1_router1" {`
`130`	`130`	`bgp = {`
`131`	`131`	`asn = var.bgp_asn_subnet`
`132`	`132`	`advertised_groups = ["ALL_SUBNETS"]`
`133`		`- advertised_ip_ranges = [{ range = local.restricted_googleapis_cidr }]`
	`133`	`+ advertised_ip_ranges = [`
	`134`	`+ { range = local.restricted_googleapis_cidr },`
	`135`	`+ { range = "35.199.192.0/19" }`
	`136`	`+ ]`
`134`	`137`	`}`
`135`	`138`	`}`
`136`	`139`
`@@ -146,7 +149,10 @@ module "region1_router2" {`
`146`	`149`	`bgp = {`
`147`	`150`	`asn = var.bgp_asn_subnet`
`148`	`151`	`advertised_groups = ["ALL_SUBNETS"]`
`149`		`- advertised_ip_ranges = [{ range = local.restricted_googleapis_cidr }]`
	`152`	`+ advertised_ip_ranges = [`
	`153`	`+ { range = local.restricted_googleapis_cidr },`
	`154`	`+ { range = "35.199.192.0/19" }`
	`155`	`+ ]`
`150`	`156`	`}`
`151`	`157`	`}`
`152`	`158`
`@@ -162,7 +168,10 @@ module "region2_router1" {`
`162`	`168`	`bgp = {`
`163`	`169`	`asn = var.bgp_asn_subnet`
`164`	`170`	`advertised_groups = ["ALL_SUBNETS"]`
`165`		`- advertised_ip_ranges = [{ range = local.restricted_googleapis_cidr }]`
	`171`	`+ advertised_ip_ranges = [`
	`172`	`+ { range = local.restricted_googleapis_cidr },`
	`173`	`+ { range = "35.199.192.0/19" }`
	`174`	`+ ]`
`166`	`175`	`}`
`167`	`176`	`}`
`168`	`177`
`@@ -178,6 +187,9 @@ module "region2_router2" {`
`178`	`187`	`bgp = {`
`179`	`188`	`asn = var.bgp_asn_subnet`
`180`	`189`	`advertised_groups = ["ALL_SUBNETS"]`
`181`		`- advertised_ip_ranges = [{ range = local.restricted_googleapis_cidr }]`
	`190`	`+ advertised_ip_ranges = [`
	`191`	`+ { range = local.restricted_googleapis_cidr },`
	`192`	`+ { range = "35.199.192.0/19" }`
	`193`	`+ ]`
`182`	`194`	`}`
`183`	`195`	`}`