renato-rudnicki · renato-rudnicki · Nov 1, 2024 · Nov 4, 2024 · Nov 6, 2024 · Nov 6, 2024
diff --git a/3-networks-hub-and-spoke/envs/shared/dns-hub.tf b/3-networks-hub-and-spoke/envs/shared/dns-hub.tf
diff --git a/3-networks-hub-and-spoke/envs/shared/interconnect.tf.example b/3-networks-hub-and-spoke/envs/shared/interconnect.tf.example
@@ -17,7 +17,7 @@
 module "dns_hub_interconnect" {
   source = "../../modules/dedicated_interconnect"
 
-  vpc_name                = "net-dns"
+  vpc_name                = "vpc-net-dns"
   interconnect_project_id = local.dns_hub_project_id
 
   region1                                 = local.default_region1

diff --git a/3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example b/3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example
@@ -18,7 +18,7 @@
 module "dns_hub_interconnect" {
   source = "../../modules/partner_interconnect"
 
-  vpc_name              = "net-dns"
+  vpc_name              = "vpc-net-dns"
   attachment_project_id = local.dns_hub_project_id
   preactivate           = var.preactivate_partner_interconnect
 

diff --git a/3-networks-hub-and-spoke/modules/base_shared_vpc/dns.tf b/3-networks-hub-and-spoke/modules/base_shared_vpc/dns.tf
@@ -40,6 +40,8 @@ module "peering_zone" {
   source  = "terraform-google-modules/cloud-dns/google"
   version = "~> 5.0"
 
+  count = local.mode == "spoke" ? 1 : 0
+
   project_id  = var.project_id
   type        = "peering"
   name        = "dz-${var.environment_code}-shared-base-to-dns-hub"
@@ -51,3 +53,23 @@ module "peering_zone" {
   ]
   target_network = data.google_compute_network.vpc_dns_hub.self_link
 }
+
+/******************************************
+ DNS Forwarding
+*****************************************/
+module "dns-forwarding-zone" {
+  source  = "terraform-google-modules/cloud-dns/google"
+  version = "~> 5.0"
+
+  count   = var.mode != "spoke" ? 1 : 0
+
+  project_id = var.project_id
+  type       = "forwarding"
+  name       = "fz-dns-hub"
+  domain     = var.domain
+
+  private_visibility_config_networks = [
+    module.dns_hub_vpc.network_self_link
+  ]
+  target_name_server_addresses = data.google_compute_network.vpc_dns_hub.self_link
+}
diff --git a/3-networks-hub-and-spoke/modules/base_shared_vpc/main.tf b/3-networks-hub-and-spoke/modules/base_shared_vpc/main.tf
@@ -126,7 +126,10 @@ module "region1_router1" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.private_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.private_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
 
@@ -142,7 +145,10 @@ module "region1_router2" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.private_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.private_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
 
@@ -158,7 +164,10 @@ module "region2_router1" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.private_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.private_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
 
@@ -174,6 +183,9 @@ module "region2_router2" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.private_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.private_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
diff --git a/3-networks-hub-and-spoke/modules/restricted_shared_vpc/dns.tf b/3-networks-hub-and-spoke/modules/restricted_shared_vpc/dns.tf
@@ -40,6 +40,8 @@ module "peering_zone" {
   source  = "terraform-google-modules/cloud-dns/google"
   version = "~> 5.0"
 
+  count = var.mode == "spoke" ? 1 : 0
+
   project_id  = var.project_id
   type        = "peering"
   name        = "dz-${var.environment_code}-shared-restricted-to-dns-hub"
@@ -51,3 +53,23 @@ module "peering_zone" {
   ]
   target_network = data.google_compute_network.vpc_dns_hub.self_link
 }
+
+/******************************************
+ DNS Forwarding
+*****************************************/
+module "dns-forwarding-zone" {
+  source  = "terraform-google-modules/cloud-dns/google"
+  version = "~> 5.0"
+
+  count   = var.mode != "spoke" ? 1 : 0
+
+  project_id = var.project_id
+  type       = "forwarding"
+  name       = "fz-dns-hub"
+  domain     = var.domain
+
+  private_visibility_config_networks = [
+    module.dns_hub_vpc.network_self_link
+  ]
+  target_name_server_addresses = data.google_compute_network.vpc_dns_hub.self_link
+}
diff --git a/3-networks-hub-and-spoke/modules/restricted_shared_vpc/main.tf b/3-networks-hub-and-spoke/modules/restricted_shared_vpc/main.tf
@@ -130,7 +130,10 @@ module "region1_router1" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.restricted_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.restricted_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
 
@@ -146,7 +149,10 @@ module "region1_router2" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.restricted_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.restricted_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
 
@@ -162,7 +168,10 @@ module "region2_router1" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.restricted_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.restricted_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }
 
@@ -178,6 +187,9 @@ module "region2_router2" {
   bgp = {
     asn                  = var.bgp_asn_subnet
     advertised_groups    = ["ALL_SUBNETS"]
-    advertised_ip_ranges = [{ range = local.restricted_googleapis_cidr }]
+    advertised_ip_ranges = [
+      { range = local.restricted_googleapis_cidr },
+      { range = "35.199.192.0/19" }
+    ]
   }
 }