A Response Policy is a collection of selectors that apply to queries made against one or more Virtual Private Cloud networks.
resource "google_compute_network" "network-1" {
name = "network-1"
auto_create_subnetworks = false
}
resource "google_compute_network" "network-2" {
name = "network-2"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "subnetwork-1" {
name = google_compute_network.network-1.name
network = google_compute_network.network-1.name
ip_cidr_range = "10.0.36.0/24"
region = "us-central1"
private_ip_google_access = true
secondary_ip_range {
range_name = "pod"
ip_cidr_range = "10.0.0.0/19"
}
secondary_ip_range {
range_name = "svc"
ip_cidr_range = "10.0.32.0/22"
}
}
resource "google_container_cluster" "cluster-1" {
name = "cluster-1"
location = "us-central1-c"
initial_node_count = 1
networking_mode = "VPC_NATIVE"
default_snat_status {
disabled = true
}
network = google_compute_network.network-1.name
subnetwork = google_compute_subnetwork.subnetwork-1.name
private_cluster_config {
enable_private_endpoint = true
enable_private_nodes = true
master_ipv4_cidr_block = "10.42.0.0/28"
master_global_access_config {
enabled = true
}
}
master_authorized_networks_config {
}
ip_allocation_policy {
cluster_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name
services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name
}
deletion_protection = "true"
}
resource "google_dns_response_policy" "example-response-policy" {
response_policy_name = "example-response-policy"
networks {
network_url = google_compute_network.network-1.id
}
networks {
network_url = google_compute_network.network-2.id
}
gke_clusters {
gke_cluster_name = google_container_cluster.cluster-1.id
}
}
The following arguments are supported:
response_policy_name
-
(Required)
The user assigned name for this Response Policy, such as myresponsepolicy
.description
-
(Optional)
The description of the response policy, such as My new response policy
.
networks
-
(Optional)
The list of network names specifying networks to which this policy is applied.
Structure is documented below.
gke_clusters
-
(Optional)
The list of Google Kubernetes Engine clusters that can see this zone.
Structure is documented below.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
network_url
-
(Required)
The fully qualified URL of the VPC network to bind to.
This should be formatted like
https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}
The gke_clusters
block supports:
gke_cluster_name
-
(Required)
The resource name of the cluster to bind this ManagedZone to.
This should be specified in the format like
projects/*/locations/*/clusters/*
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/responsePolicies/{{response_policy_name}}
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.ResponsePolicy can be imported using any of these accepted formats:
projects/{{project}}/responsePolicies/{{response_policy_name}}
{{project}}/{{response_policy_name}}
{{response_policy_name}}
In Terraform v1.5.0 and later, use an import
block to import ResponsePolicy using one of the formats above. For example:
import {
id = "projects/{{project}}/responsePolicies/{{response_policy_name}}"
to = google_dns_response_policy.default
}
When using the terraform import
command, ResponsePolicy can be imported using one of the formats above. For example:
$ terraform import google_dns_response_policy.default projects/{{project}}/responsePolicies/{{response_policy_name}}
$ terraform import google_dns_response_policy.default {{project}}/{{response_policy_name}}
$ terraform import google_dns_response_policy.default {{response_policy_name}}
This resource supports User Project Overrides.