From 9d3e37b2ae3de78850f9029acc754ca75e030f14 Mon Sep 17 00:00:00 2001
From: Max Xu <xuhuan@live.cn>
Date: Thu, 5 Dec 2024 23:56:43 +0800
Subject: [PATCH 1/3] feat: add vpc submodule

---
 modules/vpc/main.tf      | 58 +++++++++++++++++++++++++++++++++++++
 modules/vpc/outputs.tf   | 27 +++++++++++++++++
 modules/vpc/variables.tf | 62 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 147 insertions(+)
 create mode 100644 modules/vpc/main.tf
 create mode 100644 modules/vpc/outputs.tf
 create mode 100644 modules/vpc/variables.tf

diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf
new file mode 100644
index 0000000..db51caa
--- /dev/null
+++ b/modules/vpc/main.tf
@@ -0,0 +1,58 @@
+locals {
+  subnet_name     = var.subnet_name != "" ? var.subnet_name : "${var.network_name}-${var.region}"
+  psc_subnet_name = "${local.subnet_name}-psc"
+}
+
+module "network" {
+  source  = "terraform-google-modules/network/google"
+  version = ">= 4.1.0, < 7.2.0"
+  # TODO: wait for fix release https://github.com/terraform-google-modules/terraform-google-network/pull/479
+  # this bug will make properties on subnet won't take effect, like purpose
+
+  project_id   = var.project
+  network_name = var.network_name
+
+  subnets = [
+    {
+      subnet_name           = local.subnet_name
+      subnet_ip             = var.vpc_cidr
+      subnet_region         = var.region
+      subnet_private_access = "true"
+    },
+    {
+      subnet_name   = local.psc_subnet_name
+      subnet_ip     = var.psc_vpc_cidr
+      subnet_region = var.region
+      purpose       = "PRIVATE_SERVICE_CONNECT"
+    },
+  ]
+
+  secondary_ranges = {
+    (local.subnet_name) = [
+      {
+        range_name    = var.secondary_ip_range_pods_name
+        ip_cidr_range = var.secondary_ip_range_pods
+      },
+      {
+        range_name    = var.secondary_ip_range_services_name
+        ip_cidr_range = var.secondary_ip_range_services
+      },
+    ]
+  }
+}
+
+// TODO implement firewall rules for privateservice connect
+
+module "cloud_router" {
+  source  = "terraform-google-modules/cloud-router/google"
+  version = "~> 5.0"
+
+  project = var.project
+  name    = "${var.network_name}-sn-router"
+  network = module.network.network_name
+  region  = var.region
+
+  nats = [{
+    name = "sn-nat-gateway"
+  }]
+}
diff --git a/modules/vpc/outputs.tf b/modules/vpc/outputs.tf
new file mode 100644
index 0000000..79f1515
--- /dev/null
+++ b/modules/vpc/outputs.tf
@@ -0,0 +1,27 @@
+output "network" {
+  value = module.network.network_name
+}
+
+output "subnet_name" {
+  value = module.network.subnets_names[0]
+}
+
+output "psc_subnet_name" {
+  value = local.psc_subnet_name
+}
+
+output "secondary_ip_range_pods" {
+  value = var.secondary_ip_range_pods
+}
+
+output "secondary_ip_range_pods_name" {
+  value = var.secondary_ip_range_pods_name
+}
+
+output "secondary_ip_range_services" {
+  value = var.secondary_ip_range_services
+}
+
+output "secondary_ip_range_services_name" {
+  value = var.secondary_ip_range_services_name
+}
diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf
new file mode 100644
index 0000000..7460e28
--- /dev/null
+++ b/modules/vpc/variables.tf
@@ -0,0 +1,62 @@
+variable "project" {
+  type        = string
+  description = "The GCP project to deploy to"
+}
+
+variable "region" {
+  type        = string
+  description = "The GCP region to deploy to"
+}
+
+variable "network_name" {
+  type        = string
+  description = "The name of the VPC"
+}
+
+variable "subnet_name" {
+  type        = string
+  default     = ""
+  description = "The name of the subnet, can be left empty to auto-generate"
+}
+
+variable "vpc_cidr" {
+  type        = string
+  default     = "10.0.0.0/16"
+  description = "The CIDR block for the VPC"
+}
+
+variable "psc_subnet_name" {
+  type        = string
+  default     = ""
+  description = "The name of the PSC subnet, can be left empty to auto-generate"
+}
+
+variable "psc_vpc_cidr" {
+  type        = string
+  default     = "10.1.0.0/18"
+  description = "The CIDR block for the private service connect"
+}
+
+variable "secondary_ip_range_pods" {
+  type        = string
+  default     = "192.168.0.0/18"
+  description = "The secondary IP range for pods"
+}
+
+variable "secondary_ip_range_services" {
+  type        = string
+  default     = "192.168.64.0/18"
+  description = "The secondary IP range for services"
+}
+
+variable "secondary_ip_range_pods_name" {
+  type        = string
+  default     = "ip-range-pods"
+  description = "The name of the secondary IP range for pods"
+}
+
+variable "secondary_ip_range_services_name" {
+  type        = string
+  default     = "ip-range-svc"
+  description = "The name of the secondary IP range for services"
+}

From 51e17a4460790d0aa4eedddf2e15b136a2e87d16 Mon Sep 17 00:00:00 2001
From: Max Xu <xuhuan@live.cn>
Date: Mon, 9 Dec 2024 17:10:54 +0800
Subject: [PATCH 2/3] Add license and tfdocs

---
 modules/vpc/README.md    | 67 ++++++++++++++++++++++++++++++++++++++++
 modules/vpc/main.tf      | 14 +++++++++
 modules/vpc/outputs.tf   | 14 +++++++++
 modules/vpc/variables.tf | 14 +++++++++
 4 files changed, 109 insertions(+)
 create mode 100644 modules/vpc/README.md

diff --git a/modules/vpc/README.md b/modules/vpc/README.md
new file mode 100644
index 0000000..a6df13a
--- /dev/null
+++ b/modules/vpc/README.md
@@ -0,0 +1,67 @@
+<!--
+  ~ Copyright 2023 StreamNative, Inc.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+-->
+
+# VPC Module
+A basic module used to create a GCP VPC Network with a Subnet and Private Service Connect Subnet, intended to be used by StreamNative Cloud. 
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_cloud_router"></a> [cloud\_router](#module\_cloud\_router) | terraform-google-modules/cloud-router/google | ~> 5.0 |
+| <a name="module_network"></a> [network](#module\_network) | terraform-google-modules/network/google | >= 4.1.0, < 7.2.0 |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_network_name"></a> [network\_name](#input\_network\_name) | The name of the VPC | `string` | n/a | yes |
+| <a name="input_project"></a> [project](#input\_project) | The GCP project to deploy to | `string` | n/a | yes |
+| <a name="input_psc_subnet_name"></a> [psc\_subnet\_name](#input\_psc\_subnet\_name) | The name of the PSC subnet, can be left empty to auto-generate | `string` | `""` | no |
+| <a name="input_psc_vpc_cidr"></a> [psc\_vpc\_cidr](#input\_psc\_vpc\_cidr) | The CIDR block for the private service connect | `string` | `"10.1.0.0/18"` | no |
+| <a name="input_region"></a> [region](#input\_region) | The GCP region to deploy to | `string` | n/a | yes |
+| <a name="input_secondary_ip_range_pods"></a> [secondary\_ip\_range\_pods](#input\_secondary\_ip\_range\_pods) | The secondary IP range for pods | `string` | `"192.168.0.0/18"` | no |
+| <a name="input_secondary_ip_range_pods_name"></a> [secondary\_ip\_range\_pods\_name](#input\_secondary\_ip\_range\_pods\_name) | The name of the secondary IP range for pods | `string` | `"ip-range-pods"` | no |
+| <a name="input_secondary_ip_range_services"></a> [secondary\_ip\_range\_services](#input\_secondary\_ip\_range\_services) | The secondary IP range for services | `string` | `"192.168.64.0/18"` | no |
+| <a name="input_secondary_ip_range_services_name"></a> [secondary\_ip\_range\_services\_name](#input\_secondary\_ip\_range\_services\_name) | The name of the secondary IP range for services | `string` | `"ip-range-svc"` | no |
+| <a name="input_subnet_name"></a> [subnet\_name](#input\_subnet\_name) | The name of the subnet, can be left empty to auto-generate | `string` | `""` | no |
+| <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | The CIDR block for the VPC | `string` | `"10.0.0.0/16"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_network"></a> [network](#output\_network) | n/a |
+| <a name="output_psc_subnet_name"></a> [psc\_subnet\_name](#output\_psc\_subnet\_name) | n/a |
+| <a name="output_secondary_ip_range_pods"></a> [secondary\_ip\_range\_pods](#output\_secondary\_ip\_range\_pods) | n/a |
+| <a name="output_secondary_ip_range_pods_name"></a> [secondary\_ip\_range\_pods\_name](#output\_secondary\_ip\_range\_pods\_name) | n/a |
+| <a name="output_secondary_ip_range_services"></a> [secondary\_ip\_range\_services](#output\_secondary\_ip\_range\_services) | n/a |
+| <a name="output_secondary_ip_range_services_name"></a> [secondary\_ip\_range\_services\_name](#output\_secondary\_ip\_range\_services\_name) | n/a |
+| <a name="output_subnet_name"></a> [subnet\_name](#output\_subnet\_name) | n/a |
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf
index db51caa..b3f3724 100644
--- a/modules/vpc/main.tf
+++ b/modules/vpc/main.tf
@@ -1,3 +1,17 @@
+# Copyright 2023 StreamNative, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 locals {
   subnet_name     = var.subnet_name != "" ? var.subnet_name : "${var.network_name}-${var.region}"
   psc_subnet_name = "${local.subnet_name}-psc"
diff --git a/modules/vpc/outputs.tf b/modules/vpc/outputs.tf
index 79f1515..2188a31 100644
--- a/modules/vpc/outputs.tf
+++ b/modules/vpc/outputs.tf
@@ -1,3 +1,17 @@
+# Copyright 2023 StreamNative, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 output "network" {
   value = module.network.network_name
 }
diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf
index 7460e28..74b649b 100644
--- a/modules/vpc/variables.tf
+++ b/modules/vpc/variables.tf
@@ -1,3 +1,17 @@
+# Copyright 2023 StreamNative, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 variable "project" {
   type        = string
   description = "The GCP project to deploy to"

From 2371e5ace10c5f27b6492b94c0b6d2570cb505c8 Mon Sep 17 00:00:00 2001
From: Max Xu <xuhuan@live.cn>
Date: Fri, 13 Dec 2024 18:32:55 +0800
Subject: [PATCH 3/3] Update

---
 modules/vpc/main.tf      | 2 +-
 modules/vpc/variables.tf | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf
index b3f3724..8c7bd45 100644
--- a/modules/vpc/main.tf
+++ b/modules/vpc/main.tf
@@ -67,6 +67,6 @@ module "cloud_router" {
   region  = var.region
 
   nats = [{
-    name = "sn-nat-gateway"
+    name = var.nat_gateway_name
   }]
 }
diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf
index 74b649b..3e02609 100644
--- a/modules/vpc/variables.tf
+++ b/modules/vpc/variables.tf
@@ -74,3 +74,9 @@ variable "secondary_ip_range_services_name" {
   default     = "ip-range-svc"
   description = "The name of the secondary IP range for services"
 }
+
+variable "nat_gateway_name" {
+  type        = string
+  default     = "sn-nat-gateway"
+  description = "The name of Cloud NAT Gateway"
+}