create subnet

Author: Florencia Comuzzi

SETUP.md

@@ -11,7 +11,9 @@ Deployments are triggered from GitHub Actions workflows.
 * Create a service account JSON file.
 * Add as a repository secret by going to Settings > Secrets and variables > Actions. Name it GCP_CREDENTIALS and paste in the credentials JSON.
 * Create the buckets for Terraform state like `prod-tf-state-bucket`. The bucket names are specified in the `backend/{env}.tfvars` file.
-* Go to the bucket > Permissions > Add Member > Service Account > k8s-environment-terraform-cicd@florenciacomuzzi.iam.gserviceaccount.com > Role > Storage Object Admin.
+* Go to the bucket > Permissions > Add Member > Service Account > k8s-environment-terraform-cicd@florenciacomuzzi.iam.gserviceaccount.com > Role > 
+  * Storage Object Admin
+  * Compute Network Admin
 * Enable the Compute Engine API if it is not enabled. You will need [Owner](https://cloud.google.com/service-usage/docs/access-control#basic_roles) access to the project.
 
 ### GitHub

main.tf

@@ -1,3 +1,26 @@
 resource "google_compute_network" "vpc_network" {
-  name = var.vpc_name
+  name                     = var.vpc_name
+  auto_create_subnetworks  = false
+  enable_ula_internal_ipv6 = true
+}
+
+resource "google_compute_subnetwork" "default" {
+  name = "example-subnetwork"
+
+  ip_cidr_range = "10.0.0.0/16"
+  region        = var.region
+
+  stack_type       = "IPV4_IPV6"
+  ipv6_access_type = "INTERNAL" # Change to "EXTERNAL" if creating an external loadbalancer
+
+  network = google_compute_network.vpc_network.id
+  secondary_ip_range {
+    range_name    = "services-range"
+    ip_cidr_range = "192.168.0.0/24"
+  }
+
+  secondary_ip_range {
+    range_name    = "pod-ranges"
+    ip_cidr_range = "192.168.1.0/24"
+  }
 }