terraform-polkadot-gcp-network

Features

This module sets up VPCs, DNS zones, and firewall rules for running Polkadot validator nodes on GCP.

Terraform Versions

For Terraform v0.12.0+

Usage

module "this" {
  source = "github.com/insight-w3f/terraform-polkadot-gcp-network"
}

Examples

• defaults

Known Issues

No issue is creating limit on this module.

Requirements

Name	Version
terraform	>= 0.12

Providers

Name	Version
cloudflare	n/a
google	n/a

Inputs

Name	Description	Type	Default	Required
azs	List of availability zones	list(string)	[]	no
bastion_enabled	Boolean to enable a bastion host. All ssh traffic restricted to bastion	bool	false	no
bastion_sg_name	Name for the bastion security group	string	"bastion-sg"	no
cidr	The cidr range for network	string	"10.0.0.0/16"	no
consul_enabled	Boolean to allow consul traffic	bool	false	no
consul_sg_name	Name for the consult security group	string	"consul-sg"	no
corporate_ip	The corporate IP you want to restrict ssh traffic to	string	""	no
create_internal_domain	Boolean to create an internal split horizon DNS	bool	false	no
create_public_regional_subdomain	Boolean to create regional subdomain - ie us-east-1.example.com	bool	false	no
hids_enabled	Boolean to enable intrusion detection systems traffic	bool	false	no
hids_sg_name	Name for the HIDS security group	string	"hids-sg"	no
internal_tld	The top level domain for the internal DNS	string	"internal"	no
logging_enabled	Boolean to allow logging related traffic	bool	false	no
logging_sg_name	Name for the logging security group	string	"logging-sg"	no
monitoring_enabled	Boolean to for prometheus related traffic	bool	false	no
monitoring_sg_name	Name for the monitoring security group	string	"monitoring-sg"	no
namespace	The namespace to deploy into	string	""	no
network_name	The network name, ie kusama / mainnet	string	""	no
num_azs	The number of AZs to deploy into	number	0	no
project	The GCP project name	string	n/a	yes
region	The GCP region	string	n/a	yes
root_domain_name	The public domain	string	""	no
sentry_node_sg_name	Name for the public node security group	string	"sentry-sg"	no
vault_enabled	Boolean to allow vault related traffic	bool	false	no
vault_sg_name	Name for the vault security group	string	"vault-sg"	no
vpc_name	The name of the VPC	string	"polkadot"	no
zone_id	The zone ID to configure as the root zoon - ie subdomain.example.com's zone ID	string	""	no

Outputs

Name	Description
azs	Availability zones
bastion_security_group_id	UID of the service account for the bastion host
consul_security_group_id	UID of the service account for the Consul servers
hids_security_group_id	UID of the service account for the HIDS group
internal_tld	The name of the internal domain
kubernetes_subnet	n/a
logging_security_group_id	UID of the service account for the logging group
monitoring_security_group_id	UID of the service account for the monitoring group
private_subnets	The IDs of the private subnets
private_subnets_cidr_blocks	CIDR ranges for the private subnets
private_subnets_names	The names of the public subnets
private_vpc_id	The ID of the private VPC
private_vpc_name	The name of the private VPC
public_regional_domain	The public regional domain
public_subnet_cidr_blocks	CIDR ranges for the public subnets
public_subnets	The IDs of the public subnets
public_subnets_names	The names of the public subnets
public_vpc_id	The ID of the public VPC
public_vpc_name	The name of the public VPC
root_domain_name	The name of the root domain
sentry_security_group_id	UID of the service account for the sentry group
vault_security_group_id	UID of the service account for the vault group

Testing

This module has been packaged with terratest tests

To run them:

1. Install Go
2. Run make test-init from the root of this repo
3. Run make test again from root

Authors

Module managed by Richard Mah

Credits

• Anton Babenko

License

Apache 2 Licensed. See LICENSE for full details.