Hello,
I am deploying apigee x using terraform. We have shared vpc network setup in place and already allocated one subnet for the apigee project. We are using "https://github.com/apigee/terraform-modules/tree/main/samples/x-shared-vpc" for the apigee x deployments. As we already have service projects and shared vpc in place we are not using those sections from main.tf. Apigeee requires /22 cidr by default and we don't have that much ip's from shared vpc. So we created separate subnet with /21. But "apigee-x-core" module doesn't accept subnet, we have to pass network id itself. If we run with shared vpc id it will throw error like "RANGES EXHAUTED".
Next option we tried was to use "ALLOCATE A NEW IP RANGE". For that we have new resources "google_compute_global_address". Here also we have to specify network, which is "shared vpc" again. After running this we are getting this error "The specified network can not come from a different project., invalid" even though it is part of host project.
resource "google_compute_global_address" "apigee_range" {
name = "apigee-ip-range"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 21
network = <shared_vpc_id>
}
resource "google_service_networking_connection" "apigee_vpc_connection" {
network = <shared_vpc_id>
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.apigee_range.name]
}
module "apigee" {
source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/apigee-organization?ref=v15.0.0"
project_id = <service_project_id>
analytics_region = <region>
runtime_type = "CLOUD"
billing_type = <billing_type>
authorized_network = <shared_vpc_id>
database_encryption_key = <key_ids["org-db"]>
apigee_environments = <apigee_environments>
apigee_envgroups = <apigee_envgroups>
depends_on = [
google_project_service_identity.apigee_sa,
module.kms-org-db.id
]
}
Could you please share your views
LinkedIn
Twitter
