stackoom
  简体   繁体   中英

How to describe a shared VPC and define its subnets in GCP via terraform

 原文  2022-08-24 14:10:40       google-cloud-platform/ terraform/ terraform-provider-gcp

Question

I have created two shared VPCs for my organization, one for prod and one for non-prod usage.

For the these shared VPCs I want to create a description and define subnets, but I cannot find the right entries in terraform for these elements.

Ie Here is how I defined the resource block to specify the host project (and create a shared VPC):

resource "google_compute_shared_vpc_host_project" "dev-shared-shared-vpc-host" {
  provider = google.as_network_admin
  project  = google_project.dev-shared-vpc-host.project_id
}

Now when I try to create the subnet:

resource "google_compute_subnetwork" "dev-subnetwork" {
  provider      = google.as_network_admin
  name          = var.vpc_and_subnet_info.for_dev_env.subnetwork.name
  ip_cidr_range = var.vpc_and_subnet_info.for_dev_env.subnetwork.ip_cidr_range
  region        = var.region
  secondary_ip_range {
    range_name    = var.vpc_and_subnet_info.for_dev_env.subnetwork.secondary_ip_range.name
    ip_cidr_range = var.vpc_and_subnet_info.for_dev_env.subnetwork.secondary_ip_range.ip_cidr_range
  }
  network = google_compute_shared_vpc_host_project.dev-shared-shared-vpc-host.id
  project = google_project.dev-shared-vpc-host.id
}

I get an error like

╷
│ Error: Error creating Subnetwork: googleapi: Error 400: Invalid value for field 'resource.network': 'projects/projects/<redacted_project_id>/global/networks/<redacted_project_id>'. The URL is malformed., invalid
│
│   with google_compute_subnetwork.dev-subnetwork,
│   on networking.tf line 5, in resource "google_compute_subnetwork" "dev-subnetwork":
│    5: resource "google_compute_subnetwork" "dev-subnetwork" {
│

Obviously the projects/projects/.. is messing up the network parameter, but in the documentation for google_compute_shared_vpc_host_project there isn't any other output other than id . And for the input arguments there is no description . However, when I try to manually create the shared VPC, I can enter a description, and create a subnet.

Mind you, the google_compute_network that creates regular VPCs is quite well documented and the subnet that I defined above works well with it.

EDIT:

Fixing the project argument into project = google_project.dev-shared-vpc-host.project_id instead of id removes the projects/projects/... network error, but gives this error instead:

╷
│ Error: Error creating Subnetwork: googleapi: Error 404: The resource 'projects/<redacted_project_id>/global/networks/<redacted_project_id>' was not found, notFound
│
│   with google_compute_subnetwork.dev-subnetwork,
│   on networking.tf line 5, in resource "google_compute_subnetwork" "dev-subnetwork":
│    5: resource "google_compute_subnetwork" "dev-subnetwork" {
│
╵

1 answers

solution1
 0  2022-08-24 15:16:47

I seem to have misunderstood the creation of a shared VPC via google_compute_shared_vpc_host_project , this does not create a vpc perse, but only designates a project as the host project, thus sharing a vpc that must exist beforehand.

Therefore I should have created a google_compute_network beforehand, here is the HCL necessary to achieve what I wanted in the question:

resource "google_compute_network" "dev-vpc-network" {
  provider                = google.as_network_admin
  name                    = var.vpc_and_subnet_info.for_dev_env.vpc.name
  auto_create_subnetworks = var.vpc_and_subnet_info.for_dev_env.vpc.auto_create_subnetworks
  project                 = google_project.dev-shared-vpc-host.project_id
  description             = var.vpc_and_subnet_info.for_dev_env.vpc.description
}
resource "google_compute_shared_vpc_host_project" "dev-shared-shared-vpc-host" {
  provider = google.as_network_admin
  project  = google_project.dev-shared-vpc-host.project_id
}
resource "google_compute_subnetwork" "dev-subnetwork" {
  provider      = google.as_network_admin
  name          = var.vpc_and_subnet_info.for_dev_env.subnetwork.name
  ip_cidr_range = var.vpc_and_subnet_info.for_dev_env.subnetwork.ip_cidr_range
  region        = var.region
  secondary_ip_range {
    range_name    = var.vpc_and_subnet_info.for_dev_env.subnetwork.secondary_ip_range.name
    ip_cidr_range = var.vpc_and_subnet_info.for_dev_env.subnetwork.secondary_ip_range.ip_cidr_range
  }
  network = google_compute_network.dev-vpc-network.id
  project = google_project.dev-shared-vpc-host.project_id
}

Of course, in these examples I used variables declared in .tfvars to fill in the name, and other arguments needed in the resource blocks.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Terraform and GCP - Create new Compute VM in existing Shared VPC and Subnet AWS VPC CIDR and its subnets calculation Multiple subnets in a GCP network Create gke cluster with existing shared vpc network using terraform How to connect aws vpc and gcp bigquery with vpn? How to disable logging and monitoring service in GKE service in GCP Cloud via terraform In GCP, how to create firewall rules to isolate subnets by their IP ranges? How to take the reference of multiple subnets in route_table_association in Terraform? How to create an EKS cluster with public and private subnets using terraform? how to communicate 2 instances inside the same VPC but different subnets (regions) using internal IP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM