Add filtering-proxy-psc blueprint #962
Conversation
|
Thanks for this submission! Most of our blueprints try to minimize requirements by allowing reuse of a preexisting project, VPC, etc. as many users only have a project available for testing. Do you think a folder is necessary? Can we make project creation optional like in most other blueprints, and allow reuse of an existing VPC for clients? There are several examples here on how to do that. |
|
I would suggest that we move example of how the environment should be set up (folder + org.policy for external IPs) into separate example-environment.tf (or something similarly named), so that user can remove such file if they want to or move into some other part of the TF codebase. Same with creating folter 'netops' - most probably customer already has it, so we can just leave it in the example and user wants they can replace local object/variable that points to the folder. About using |
I disagree: blueprints are limited examples and don't prescribe "how the environment should look like", which is a foundational design topic. In this case, the example shows a proxy via PSC, there's no prescriptive guidance that would involve folders or specific project layouts needed. This repository has a very specific approach, and examples that are not reflecting it will not be accepted. |
|
One more thing: we also strongly discourage submodules and nested patterns. This is all detailed clearly in our contributing guidelines. What's the rationale for having a submodule here? |
|
@ludoo done - everything is now in the same project, which can already exist or will be created if not |
|
Let me rephrase the comments above in a more productive way: what is the bare minimum design and resources that would allow showing this feature? |
This has been taken from the |
|
@ludoo submodule removed |
|
We may need 2 projects to showcase the feature
How should be go about it? Have 2 different directories with examples of proxy and example of consumer? edit: I see that this is implemented in the same file. Most probably splitting main.tf into 2 files would help :) |
Actually we can do everything in one project with separate VPCs. |
There was a problem hiding this comment.
This is really nice, thanks! :)
A couple minor additions if you still have the energy
- variables and outputs should be sorted alphabetically, tests will fail if they aren't
- you might want to add links to the top-level/blueprint/section READMEs to make this discoverable
I am also adding you to the repo users, so you will be able to run tests, merge once all checks pass, and in the future use local branches for PRs.
|
@kunzese feel free to merge whenever you're ready :) |
This PR adds a new variation of the
filtering-proxyblueprint in which the shared VPC is replaced by isolated VPCs and the proxy service is published and consumed via the Private Service Connect.FYI @gaspar-chilingarov