From 20dd3df27ca62f91890eae04d6756b7da8d9786c Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Wed, 4 Oct 2023 10:30:11 +0200 Subject: [PATCH] Support multiple protocols (L3_DEFAULT) through net-ilb-int --- modules/net-lb-int/README.md | 63 ++++++++++++++++++++------ modules/net-lb-int/main.tf | 4 +- modules/net-lb-int/variables.tf | 3 +- tests/modules/net_lb_int/defaults.yaml | 2 +- 4 files changed, 53 insertions(+), 19 deletions(-) diff --git a/modules/net-lb-int/README.md b/modules/net-lb-int/README.md index c5773883..02c4fbc8 100644 --- a/modules/net-lb-int/README.md +++ b/modules/net-lb-int/README.md @@ -14,6 +14,7 @@ One other issue is a `Provider produced inconsistent final plan` error which is - [Referencing existing MIGs](#referencing-existing-migs) - [Externally managed instances](#externally-managed-instances) +- [Passing multiple protocols through the load balancers](#passing-multiple-protocols-through-the-load-balancers) - [End to end example](#end-to-end-example) ### Referencing existing MIGs @@ -108,6 +109,38 @@ module "ilb" { # tftest modules=1 resources=4 ``` +### Passing multiple protocols through the load balancers + +The example shows how to send multiple protocols through the same internal network passthrough load balancer. + +```hcl +module "ilb" { + source = "./fabric/modules/net-lb-int" + project_id = var.project_id + region = "europe-west1" + name = "ilb-test" + protocol = "L3_DEFAULT" + service_label = "ilb-test" + vpc_config = { + network = var.vpc.self_link + subnetwork = var.subnet.self_link + } + group_configs = { + my-group = { + zone = "europe-west1-b" + instances = [ + "instance-1-self-link", + "instance-2-self-link" + ] + } + } + backends = [{ + group = module.ilb.groups.my-group.self_link + }] +} +# tftest modules=1 resources=4 +``` + ### End to end example This example spins up a simple HTTP server and combines four modules: @@ -179,22 +212,22 @@ module "ilb" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L188) | Name used for all resources. | string | ✓ | | -| [project_id](variables.tf#L199) | Project id where resources will be created. | string | ✓ | | -| [region](variables.tf#L210) | GCP region. | string | ✓ | | -| [vpc_config](variables.tf#L221) | VPC-level configuration. | object({…}) | ✓ | | +| [name](variables.tf#L189) | Name used for all resources. | string | ✓ | | +| [project_id](variables.tf#L200) | Project id where resources will be created. | string | ✓ | | +| [region](variables.tf#L211) | GCP region. | string | ✓ | | +| [vpc_config](variables.tf#L222) | VPC-level configuration. | object({…}) | ✓ | | | [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | string | | null | -| [backend_service_config](variables.tf#L23) | Backend service level configuration. | object({…}) | | {} | -| [backends](variables.tf#L56) | Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'. | list(object({…})) | | [] | -| [description](variables.tf#L75) | Optional description used for resources. | string | | "Terraform managed." | -| [global_access](variables.tf#L81) | Global access, defaults to false if not set. | bool | | null | -| [group_configs](variables.tf#L87) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | map(object({…})) | | {} | -| [health_check](variables.tf#L99) | Name of existing health check to use, disables auto-created health check. | string | | null | -| [health_check_config](variables.tf#L105) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} | -| [labels](variables.tf#L182) | Labels set on resources. | map(string) | | {} | -| [ports](variables.tf#L193) | Comma-separated ports, leave null to use all ports. | list(string) | | null | -| [protocol](variables.tf#L204) | IP protocol used, defaults to TCP. | string | | "TCP" | -| [service_label](variables.tf#L215) | Optional prefix of the fully qualified forwarding rule name. | string | | null | +| [backend_service_config](variables.tf#L23) | Backend service level configuration. | object({…}) | | {} | +| [backends](variables.tf#L57) | Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'. | list(object({…})) | | [] | +| [description](variables.tf#L76) | Optional description used for resources. | string | | "Terraform managed." | +| [global_access](variables.tf#L82) | Global access, defaults to false if not set. | bool | | null | +| [group_configs](variables.tf#L88) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | map(object({…})) | | {} | +| [health_check](variables.tf#L100) | Name of existing health check to use, disables auto-created health check. | string | | null | +| [health_check_config](variables.tf#L106) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} | +| [labels](variables.tf#L183) | Labels set on resources. | map(string) | | {} | +| [ports](variables.tf#L194) | Comma-separated ports, leave null to use all ports. | list(string) | | null | +| [protocol](variables.tf#L205) | Forwarding rule protocol used, defaults to TCP. | string | | "TCP" | +| [service_label](variables.tf#L216) | Optional prefix of the fully qualified forwarding rule name. | string | | null | ## Outputs diff --git a/modules/net-lb-int/main.tf b/modules/net-lb-int/main.tf index 698293a5..eccb536e 100644 --- a/modules/net-lb-int/main.tf +++ b/modules/net-lb-int/main.tf @@ -32,7 +32,7 @@ resource "google_compute_forwarding_rule" "default" { name = var.name description = var.description ip_address = var.address - ip_protocol = var.protocol # TCP | UDP + ip_protocol = var.protocol backend_service = ( google_compute_region_backend_service.default.self_link ) @@ -54,7 +54,7 @@ resource "google_compute_region_backend_service" "default" { name = var.name description = var.description load_balancing_scheme = "INTERNAL" - protocol = var.protocol + protocol = var.backend_service_config.protocol network = var.vpc_config.network health_checks = [local.health_check] connection_draining_timeout_sec = var.backend_service_config.connection_draining_timeout_sec diff --git a/modules/net-lb-int/variables.tf b/modules/net-lb-int/variables.tf index 9e90c1db..d10f6dbd 100644 --- a/modules/net-lb-int/variables.tf +++ b/modules/net-lb-int/variables.tf @@ -36,6 +36,7 @@ variable "backend_service_config" { ratio = optional(number) })) log_sample_rate = optional(number) + protocol = optional(string, "UNSPECIFIED") session_affinity = optional(string) timeout_sec = optional(number) }) @@ -202,7 +203,7 @@ variable "project_id" { } variable "protocol" { - description = "IP protocol used, defaults to TCP." + description = "Forwarding rule protocol used, defaults to TCP." type = string default = "TCP" } diff --git a/tests/modules/net_lb_int/defaults.yaml b/tests/modules/net_lb_int/defaults.yaml index f66ea2a8..dcbc12d0 100644 --- a/tests/modules/net_lb_int/defaults.yaml +++ b/tests/modules/net_lb_int/defaults.yaml @@ -54,7 +54,7 @@ values: name: ilb-test network: default project: my-project - protocol: TCP + protocol: UNSPECIFIED region: europe-west1 counts: