# Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: compute.cnrm.cloud.google.com/v1beta1 kind: ComputeVPNGateway metadata: name: network-name-ha-vpn-gateway # kpt-set: ${network-name}-ha-vpn-gateway namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.2 spec: description: "Compute HA VPN Gateway" networkRef: name: network-name # kpt-set: ${network-name} region: us-central1 # kpt-set: ${region} --- apiVersion: compute.cnrm.cloud.google.com/v1beta1 kind: ComputeExternalVPNGateway metadata: name: network-name-ext-vpn-gateway # kpt-set: ${network-name}-ext-vpn-gateway namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.2 spec: redundancyType: "TWO_IPS_REDUNDANCY" interface: - id: 0 ipAddress: "15.1.0.120" # kpt-set: ${vpn-tunnel-peer-ip-01} - id: 1 ipAddress: "15.1.1.120" # kpt-set: ${vpn-tunnel-peer-ip-02} --- apiVersion: compute.cnrm.cloud.google.com/v1beta1 kind: ComputeVPNTunnel metadata: name: network-name-vpn-tunnel-01 # kpt-set: ${network-name}-vpn-tunnel-01 namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.2 spec: peerExternalGatewayInterface: 0 peerExternalGatewayRef: name: network-name-ext-vpn-gateway # kpt-set: ${network-name}-ext-vpn-gateway region: us-central1 # kpt-set: ${region} routerRef: name: network-name-router # kpt-set: ${prefix}${network-name}-router sharedSecret: valueFrom: secretKeyRef: name: vpn-shared-secret # kpt-set: ${vpn-secret-name} key: vpn-shared-secret # kpt-set: ${vpn-secret-key} vpnGatewayInterface: 0 vpnGatewayRef: name: network-name-ha-vpn-gateway # kpt-set: ${network-name}-ha-vpn-gateway --- apiVersion: compute.cnrm.cloud.google.com/v1beta1 kind: ComputeVPNTunnel metadata: name: network-name-vpn-tunnel-02 # kpt-set: ${network-name}-vpn-tunnel-02 namespace: networking # kpt-set: ${namespace} annotations: cnrm.cloud.google.com/project-id: project-id # kpt-set: ${project-id} cnrm.cloud.google.com/blueprint: cnrm/landing-zone:networking/v0.4.2 spec: peerExternalGatewayInterface: 1 peerExternalGatewayRef: name: network-name-ext-vpn-gateway # kpt-set: ${network-name}-ext-vpn-gateway region: us-central1 # kpt-set: ${region} routerRef: name: network-name-router # kpt-set: ${prefix}${network-name}-router sharedSecret: valueFrom: secretKeyRef: name: vpn-shared-secret # kpt-set: ${vpn-secret-name} key: vpn-shared-secret # kpt-set: ${vpn-secret-key} vpnGatewayInterface: 1 vpnGatewayRef: name: network-name-ha-vpn-gateway # kpt-set: ${network-name}-ha-vpn-gateway