This module allows managing Cross-regional Internal HTTP/HTTPS Load Balancers (L7 ILBs). It's designed to expose the full configuration of the underlying resources, and to facilitate common usage patterns by providing sensible defaults, and optionally managing prerequisite resources like health checks, instance groups, etc.
Due to the complexity of the underlying resources, changes to the configuration that involve recreation of resources are best applied in stages, starting by disabling the configuration in the urlmap that references the resources that need recreation, then doing the same for the backend service, etc.
When using Shared VPC, this module also allows configuring [cross-project backend services](https://cloud.google.com/load-balancing/docs/l7-internal/l7-internal-shared-vpc#cross-project):
group = "projects/prj-svc/zones/europe-west1-a/instanceGroups/my-ig-ew1"
}, {
group = "projects/prj-svc/zones/europe-west4-a/instanceGroups/my-ig-ew4"
}]
}
}
health_check_configs = {
default = {
project_id = "prj-svc"
http = {
port_specification = "USE_SERVING_PORT"
}
}
}
vpc_config = {
network = var.vpc.self_link
subnetworks = {
europe-west1 = var.subnet1.self_link
europe-west4 = var.subnet2.self_link
}
}
}
# tftest modules=1 resources=6
```
### Health Checks
You can leverage externally defined health checks for backend services, or have the module create them for you. By default a simple HTTP health check is created, and used in backend services.
Health check configuration is controlled via the `health_check_configs` variable, which behaves in a similar way to other LB modules in this repository.
Defining different health checks from the default is very easy. You can for example replace the default HTTP health check with a TCP one and reference it in you backend service:
group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig-ew1"
}, {
group = "projects/myprj/zones/europe-west4-a/instanceGroups/my-ig-ew4"
}]
health_checks = ["custom-tcp"]
}
}
health_check_configs = {
custom-tcp = {
tcp = { port = 80 }
}
}
vpc_config = {
network = var.vpc.self_link
subnetworks = {
europe-west1 = var.subnet1.self_link
europe-west4 = var.subnet2.self_link
}
}
}
# tftest modules=1 resources=6
```
To leverage existing health checks without having the module create them, simply pass their self links to backend services and set the `health_check_configs` variable to an empty map:
The module exposes the full URL map resource configuration, with some minor changes to the interface to decrease verbosity, and support for aliasing backend services via keys.
The default URL map configuration sets the `default` backend service as the default service for the load balancer as a convenience. Just override the `urlmap_config` variable to change the default behaviour:
| [description](variables.tf#L23) | Optional description used for resources. | <code>string</code> | | <code>"Terraform managed."</code> |
| [group_configs](variables.tf#L29) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | <codetitle="map(object({ zone = string instances = optional(list(string)) named_ports = optional(map(number), {}) project_id = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
| [labels](variables.tf#L52) | Labels set on resources. | <code>map(string)</code> | | <code>{}</code> |
| [neg_configs](variables.tf#L63) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | <codetitle="map(object({ project_id = optional(string) cloudrun = optional(object({ region = string target_service = optional(object({ name = string tag = optional(string) })) target_urlmask = optional(string) })) gce = optional(object({ zone = string network = optional(string) subnetwork = optional(string) endpoints = optional(map(object({ instance = string ip_address = string port = number }))) })) hybrid = optional(object({ zone = string network = optional(string) endpoints = optional(map(object({ ip_address = string port = number }))) })) psc = optional(object({ region = string target_service = string network = optional(string) subnetwork = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
| [network_tier_premium](variables.tf#L129) | Use premium network tier. Defaults to true. | <code>bool</code> | | <code>true</code> |
| [ports](variables.tf#L136) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | <code>list(string)</code> | | <code>null</code> |
| [protocol](variables.tf#L147) | Protocol supported by this load balancer. | <code>string</code> | | <code>"HTTP"</code> |
| [service_directory_registration](variables.tf#L160) | Service directory namespace and service used to register this load balancer. | <codetitle="object({ namespace = string service_directory_region = string })">object({…})</code> | | <code>null</code> |
| [urlmap_config](variables-urlmap.tf#L19) | The URL map configuration. | <codetitle="object({ default_service=optional(string) default_url_redirect=optional(object({ host=optional(string) https=optional(bool) path=optional(string) prefix=optional(string) response_code=optional(string) strip_query=optional(bool) })) host_rules=optional(list(object({ hosts=list(string) path_matcher=string description=optional(string) }))) path_matchers=optional(map(object({ description=optional(string) default_service=optional(string) default_url_redirect=optional(object({ host=optional(string) https=optional(bool) path=optional(string) prefix=optional(string) response_code=optional(string) strip_query=optional(bool) })) path_rules=optional(list(object({ paths=list(string) service=optional(string) route_action=optional(object({ request_mirror_backend=optional(string) cors_policy=optional(object({ allow_credentials=optional(bool) allow_headers=optional(string) allow_methods=optional(string) allow_origin_regexes=list(string) allow_origins=list(string) disabled=optional(bool) expose_headers=optional(string) max_age=optional(string) })) fault_injection_policy=optional(object({ abort=optional(object({ percentage=number status=number })) delay=optional(object({ fixed=object({ seconds=number nanos=number }) percentage=number })) })) retry_policy=optional(object({ num_retries=number retry_conditions=optional(list(string)) per_try_timeout=optional(object({ seconds=number nanos=optional(number) })) })) timeout=optional(object({ seconds=number nanos=optional(number) })) url_rewrite=optional(object({ host=optional(string) path_prefix=optional(string) })) weighted_backend_services=optional(map(object({ weight=number header_action=optional(object({ request_add=optional(map(object({ value=string replace=optional(bool,true) }))) request_remove=optional(list(string)) response_add&#