This blueprint shows how to create reusable and modular Cloud DNS architectures when using Shared VPC.
The goal is to provision dedicated Cloud DNS instances for application teams that want to manage their own DNS records, and configure DNS peering to ensure name resolution works in a common Shared VPC.
The blueprint will:
- Create a GCP project per application team based on the
teams
input variable - Create a VPC and Cloud DNS instance per application team
- Create a Cloud DNS private zone per application team in the form of
[teamname].[dns_domain]
, withteamname
anddns_domain
based on input variables - Configure DNS peering for each private zone from the Shared VPC to the DNS VPC of each application team
The resources created in this blueprint are shown in the high level diagram below:
Note that Terraform 0.13 at least is required due to the use of for_each
with modules.
name | description | type | required | default |
---|---|---|---|---|
billing_account_id | Billing account associated with the GCP Projects that will be created for each team. | string |
✓ | |
folder_id | Folder ID in which DNS projects will be created. | string |
✓ | |
prefix | Prefix used for resource names. | string |
✓ | |
shared_vpc_link | Shared VPC self link, used for DNS peering. | string |
✓ | |
dns_domain | DNS domain under which each application team DNS domain will be created. | string |
"example.org" |
|
project_services | Service APIs enabled by default. | list(string) |
[…] |
|
teams | List of application teams requiring their own Cloud DNS instance. | list(string) |
[…] |
name | description | sensitive |
---|---|---|
teams | Team resources. |
module "test" {
source = "./fabric/blueprints/cloud-operations/dns-shared-vpc"
billing_account_id = "111111-222222-333333"
folder_id = "folders/1234567890"
prefix = "test"
shared_vpc_link = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default"
teams = ["team1", "team2"]
}
# tftest modules=9 resources=16