Allow cross-project backend services in ILB L7 module (#991)
* wip * neg, README * fix neg variable * fix neg project id, enable global access, add service directory
This commit is contained in:
parent
ddd47b0095
commit
002ba4eef7
File diff suppressed because one or more lines are too long
|
@ -31,9 +31,13 @@ locals {
|
|||
}
|
||||
|
||||
resource "google_compute_region_backend_service" "default" {
|
||||
provider = google-beta
|
||||
for_each = var.backend_service_configs
|
||||
project = var.project_id
|
||||
provider = google-beta
|
||||
for_each = var.backend_service_configs
|
||||
project = (
|
||||
each.value.project_id == null
|
||||
? var.project_id
|
||||
: each.value.project_id
|
||||
)
|
||||
region = var.region
|
||||
name = "${var.name}-${each.key}"
|
||||
description = var.description
|
||||
|
|
|
@ -17,9 +17,13 @@
|
|||
# tfdoc:file:description Health check resource.
|
||||
|
||||
resource "google_compute_health_check" "default" {
|
||||
provider = google-beta
|
||||
for_each = var.health_check_configs
|
||||
project = var.project_id
|
||||
provider = google-beta
|
||||
for_each = var.health_check_configs
|
||||
project = (
|
||||
each.value.project_id == null
|
||||
? var.project_id
|
||||
: each.value.project_id
|
||||
)
|
||||
name = "${var.name}-${each.key}"
|
||||
description = each.value.description
|
||||
check_interval_sec = each.value.check_interval_sec
|
||||
|
|
|
@ -33,13 +33,15 @@ locals {
|
|||
"${v.neg}-${v.ip_address}-${coalesce(v.port, "none")}" => v
|
||||
}
|
||||
neg_regional = {
|
||||
for k, v in var.neg_configs : k => v.cloudrun if v.cloudrun != null
|
||||
for k, v in var.neg_configs :
|
||||
k => merge(v.cloudrun, { project_id = v.project_id }) if v.cloudrun != null
|
||||
}
|
||||
neg_zonal = {
|
||||
# we need to rebuild new objects as we cannot merge different types
|
||||
for k, v in var.neg_configs : k => {
|
||||
endpoints = v.gce != null ? v.gce.endpoints : v.hybrid.endpoints
|
||||
network = v.gce != null ? v.gce.network : v.hybrid.network
|
||||
project_id = v.project_id
|
||||
subnetwork = v.gce != null ? v.gce.subnetwork : null
|
||||
type = v.gce != null ? "GCE_VM_IP_PORT" : "NON_GCP_PRIVATE_IP_PORT"
|
||||
zone = v.gce != null ? v.gce.zone : v.hybrid.zone
|
||||
|
@ -66,7 +68,15 @@ resource "google_compute_forwarding_rule" "default" {
|
|||
subnetwork = var.vpc_config.subnetwork
|
||||
labels = var.labels
|
||||
target = local.fwd_rule_target
|
||||
# service_directory_registrations
|
||||
# during the preview phase you cannot change this attribute on an existing rule
|
||||
allow_global_access = var.global_access
|
||||
dynamic "service_directory_registrations" {
|
||||
for_each = var.service_directory_registration == null ? [] : [""]
|
||||
content {
|
||||
namespace = var.service_directory_registration.namespace
|
||||
service = var.service_directory_registration.service
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_region_ssl_certificate" "default" {
|
||||
|
@ -98,8 +108,12 @@ resource "google_compute_region_target_https_proxy" "default" {
|
|||
}
|
||||
|
||||
resource "google_compute_instance_group" "default" {
|
||||
for_each = var.group_configs
|
||||
project = var.project_id
|
||||
for_each = var.group_configs
|
||||
project = (
|
||||
each.value.project_id == null
|
||||
? var.project_id
|
||||
: each.value.project_id
|
||||
)
|
||||
zone = each.value.zone
|
||||
name = "${var.name}-${each.key}"
|
||||
description = var.description
|
||||
|
@ -115,9 +129,13 @@ resource "google_compute_instance_group" "default" {
|
|||
|
||||
resource "google_compute_network_endpoint_group" "default" {
|
||||
for_each = local.neg_zonal
|
||||
project = var.project_id
|
||||
zone = each.value.zone
|
||||
name = "${var.name}-${each.key}"
|
||||
project = (
|
||||
each.value.project_id == null
|
||||
? var.project_id
|
||||
: each.value.project_id
|
||||
)
|
||||
zone = each.value.zone
|
||||
name = "${var.name}-${each.key}"
|
||||
# re-enable once provider properly supports this
|
||||
# default_port = each.value.default_port
|
||||
description = var.description
|
||||
|
@ -134,7 +152,9 @@ resource "google_compute_network_endpoint_group" "default" {
|
|||
|
||||
resource "google_compute_network_endpoint" "default" {
|
||||
for_each = local.neg_endpoints
|
||||
project = var.project_id
|
||||
project = (
|
||||
google_compute_network_endpoint_group.default[each.value.neg].project
|
||||
)
|
||||
network_endpoint_group = (
|
||||
google_compute_network_endpoint_group.default[each.value.neg].name
|
||||
)
|
||||
|
@ -145,8 +165,12 @@ resource "google_compute_network_endpoint" "default" {
|
|||
}
|
||||
|
||||
resource "google_compute_region_network_endpoint_group" "default" {
|
||||
for_each = local.neg_regional
|
||||
project = var.project_id
|
||||
for_each = local.neg_regional
|
||||
project = (
|
||||
each.value.project_id == null
|
||||
? var.project_id
|
||||
: each.value.project_id
|
||||
)
|
||||
region = each.value.region
|
||||
name = "${var.name}-${each.key}"
|
||||
description = var.description
|
||||
|
|
|
@ -25,6 +25,7 @@ variable "backend_service_configs" {
|
|||
locality_lb_policy = optional(string)
|
||||
log_sample_rate = optional(number)
|
||||
port_name = optional(string)
|
||||
project_id = optional(string)
|
||||
protocol = optional(string)
|
||||
session_affinity = optional(string)
|
||||
timeout_sec = optional(number)
|
||||
|
|
|
@ -23,6 +23,7 @@ variable "health_check_configs" {
|
|||
description = optional(string, "Terraform managed.")
|
||||
enable_logging = optional(bool, false)
|
||||
healthy_threshold = optional(number)
|
||||
project_id = optional(string)
|
||||
timeout_sec = optional(number)
|
||||
unhealthy_threshold = optional(number)
|
||||
grpc = optional(object({
|
||||
|
|
|
@ -26,12 +26,20 @@ variable "description" {
|
|||
default = "Terraform managed."
|
||||
}
|
||||
|
||||
# during the preview phase you cannot change this attribute on an existing rule
|
||||
variable "global_access" {
|
||||
description = "Allow client access from all regions."
|
||||
type = bool
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "group_configs" {
|
||||
description = "Optional unmanaged groups to create. Can be referenced in backends via key or outputs."
|
||||
type = map(object({
|
||||
zone = string
|
||||
instances = optional(list(string), [])
|
||||
named_ports = optional(map(number), {})
|
||||
project_id = optional(string)
|
||||
}))
|
||||
default = {}
|
||||
nullable = false
|
||||
|
@ -51,6 +59,7 @@ variable "name" {
|
|||
variable "neg_configs" {
|
||||
description = "Optional network endpoint groups to create. Can be referenced in backends via key or outputs."
|
||||
type = map(object({
|
||||
project_id = optional(string)
|
||||
cloudrun = optional(object({
|
||||
region = string
|
||||
target_service = optional(object({
|
||||
|
@ -143,6 +152,15 @@ variable "region" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "service_directory_registration" {
|
||||
description = "Service directory namespace and service used to register this load balancer."
|
||||
type = object({
|
||||
namespace = string
|
||||
service = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "ssl_certificates" {
|
||||
description = "SSL target proxy certificates (only if protocol is HTTPS)."
|
||||
type = object({
|
||||
|
|
Loading…
Reference in New Issue