Define service attachment interface for lb modules and implement in internal LBs (#2122)
* add service attachment support to lb app int module * allow direct referencing of self managed ig in ilb module * add service attachment support to net-ilb-int * add service attachments example to net-lb-int * fix resource name in net-lb-ext * rename fwd rules resource in test inventories * add toc to net-lb-int
This commit is contained in:
parent
d10aee4c35
commit
525684faf3
File diff suppressed because one or more lines are too long
|
@ -117,6 +117,37 @@ resource "google_compute_region_target_https_proxy" "default" {
|
|||
url_map = google_compute_region_url_map.default.id
|
||||
}
|
||||
|
||||
resource "google_compute_service_attachment" "default" {
|
||||
count = var.service_attachment == null ? 0 : 1
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
name = var.name
|
||||
description = var.description
|
||||
target_service = google_compute_forwarding_rule.default.id
|
||||
nat_subnets = var.service_attachment.nat_subnets
|
||||
connection_preference = (
|
||||
var.service_attachment.automatic_connection
|
||||
? "ACCEPT_AUTOMATIC"
|
||||
: "ACCEPT_MANUAL"
|
||||
)
|
||||
consumer_reject_lists = var.service_attachment.consumer_reject_lists
|
||||
domain_names = (
|
||||
var.service_attachment.domain_name == null
|
||||
? null
|
||||
: [var.service_attachment.domain_name]
|
||||
)
|
||||
enable_proxy_protocol = var.service_attachment.enable_proxy_protocol
|
||||
reconcile_connections = var.service_attachment.reconcile_connections
|
||||
dynamic "consumer_accept_lists" {
|
||||
for_each = var.service_attachment.consumer_accept_lists
|
||||
iterator = accept
|
||||
content {
|
||||
project_id_or_num = accept.key
|
||||
connection_limit = accept.value
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_network_endpoint_group" "default" {
|
||||
for_each = local.neg_zonal
|
||||
project = (
|
||||
|
|
|
@ -78,3 +78,10 @@ output "regional_neg_ids" {
|
|||
for k, v in google_compute_region_network_endpoint_group.default : k => v.id
|
||||
}
|
||||
}
|
||||
|
||||
output "service_attachment_id" {
|
||||
description = "Id of the service attachment."
|
||||
value = try(
|
||||
google_compute_service_attachment.default.0.id, null
|
||||
)
|
||||
}
|
||||
|
|
|
@ -158,6 +158,21 @@ variable "region" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "service_attachment" {
|
||||
description = "PSC service attachment."
|
||||
type = object({
|
||||
nat_subnets = list(string)
|
||||
automatic_connection = optional(bool, false)
|
||||
consumer_accept_lists = optional(map(string), {})
|
||||
consumer_reject_lists = optional(list(string))
|
||||
description = optional(string)
|
||||
domain_name = optional(string)
|
||||
enable_proxy_protocol = optional(bool, false)
|
||||
reconcile_connections = optional(bool)
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "service_directory_registration" {
|
||||
description = "Service directory namespace and service used to register this load balancer."
|
||||
type = object({
|
||||
|
|
|
@ -24,7 +24,12 @@ locals {
|
|||
)
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "forwarding_rules" {
|
||||
moved {
|
||||
from = google_compute_forwarding_rule.forwarding_rules
|
||||
to = google_compute_forwarding_rule.default
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "default" {
|
||||
for_each = var.forwarding_rules_config
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
|
|
|
@ -32,7 +32,7 @@ output "backend_service_self_link" {
|
|||
output "forwarding_rule_addresses" {
|
||||
description = "Forwarding rule addresses."
|
||||
value = {
|
||||
for k, v in google_compute_forwarding_rule.forwarding_rules
|
||||
for k, v in google_compute_forwarding_rule.default
|
||||
: k => v.ip_address
|
||||
}
|
||||
}
|
||||
|
@ -40,14 +40,14 @@ output "forwarding_rule_addresses" {
|
|||
output "forwarding_rule_self_links" {
|
||||
description = "Forwarding rule self links."
|
||||
value = {
|
||||
for k, v in google_compute_forwarding_rule.forwarding_rules
|
||||
for k, v in google_compute_forwarding_rule.default
|
||||
: k => v.self_link
|
||||
}
|
||||
}
|
||||
|
||||
output "forwarding_rules" {
|
||||
description = "Forwarding rule resources."
|
||||
value = google_compute_forwarding_rule.forwarding_rules
|
||||
value = google_compute_forwarding_rule.default
|
||||
}
|
||||
|
||||
output "group_self_links" {
|
||||
|
@ -80,7 +80,7 @@ output "health_check_self_link" {
|
|||
output "id" {
|
||||
description = "Fully qualified forwarding rule ids."
|
||||
value = {
|
||||
for k, v in google_compute_forwarding_rule.forwarding_rules
|
||||
for k, v in google_compute_forwarding_rule.default
|
||||
: k => v.id
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,21 +2,22 @@
|
|||
|
||||
This module allows managing a GCE Internal Load Balancer and integrates the forwarding rule, regional backend, and optional health check resources. It's designed to be a simple match for the [`compute-vm`](../compute-vm) module, which can be used to manage instance templates and instance groups.
|
||||
|
||||
## Issues
|
||||
|
||||
There are some corner cases where Terraform raises a cycle error on apply, for example when using the entire ILB module as a value in `for_each` counts used to create static routes in the VPC module. These are easily fixed by using forwarding rule ids instead of modules as values in the `for_each` loop.
|
||||
|
||||
<!--
|
||||
One other issue is a `Provider produced inconsistent final plan` error which is sometimes raised when switching template version. This seems to be related to this [open provider issue](https://github.com/terraform-providers/terraform-provider-google/issues/3937), but it's relatively harmless since the resource is updated, and subsequent applies raise no errors.
|
||||
-->
|
||||
<!-- BEGIN TOC -->
|
||||
- [Examples](#examples)
|
||||
- [Referencing existing MIGs](#referencing-existing-migs)
|
||||
- [Externally managed instances](#externally-managed-instances)
|
||||
- [Passing multiple protocols through the load balancers](#passing-multiple-protocols-through-the-load-balancers)
|
||||
- [Mutiple forwarding rules](#mutiple-forwarding-rules)
|
||||
- [Dual stack (IPv4 and IPv6)](#dual-stack-ipv4-and-ipv6)
|
||||
- [PSC service attachments](#psc-service-attachments)
|
||||
- [End to end example](#end-to-end-example)
|
||||
- [Issues](#issues)
|
||||
- [Variables](#variables)
|
||||
- [Outputs](#outputs)
|
||||
<!-- END TOC -->
|
||||
|
||||
## Examples
|
||||
|
||||
- [Referencing existing MIGs](#referencing-existing-migs)
|
||||
- [Externally managed instances](#externally-managed-instances)
|
||||
- [Passing multiple protocols through the load balancers](#passing-multiple-protocols-through-the-load-balancers)
|
||||
- [End to end example](#end-to-end-example)
|
||||
|
||||
### Referencing existing MIGs
|
||||
|
||||
This example shows how to reference existing Managed Infrastructure Groups (MIGs).
|
||||
|
@ -154,7 +155,6 @@ The example adds two forwarding rules:
|
|||
- the first one, called `ilb-test-vip-one` exposes an IPv4 address, it listens on all ports, and allows connections from any region.
|
||||
- the second one, called `ilb-test-vip-two` exposes an IPv4 address, it listens on port 80 and allows connections from the same region only.
|
||||
|
||||
|
||||
```hcl
|
||||
module "ilb" {
|
||||
source = "./fabric/modules/net-lb-int"
|
||||
|
@ -229,6 +229,54 @@ module "ilb" {
|
|||
# tftest modules=1 resources=5
|
||||
```
|
||||
|
||||
### PSC service attachments
|
||||
|
||||
The optional `service_attachments` variable allows [publishing Private Service Connect services](https://cloud.google.com/vpc/docs/configure-private-service-connect-producer) by configuring up to one service attachment for each of the forwarding rules.
|
||||
|
||||
```hcl
|
||||
module "ilb" {
|
||||
source = "./fabric/modules/net-lb-int"
|
||||
project_id = var.project_id
|
||||
region = "europe-west1"
|
||||
name = "ilb-test"
|
||||
service_label = "ilb-test"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
}
|
||||
forwarding_rules_config = {
|
||||
vip-one = {}
|
||||
vip-two = {
|
||||
global_access = false
|
||||
ports = [80]
|
||||
}
|
||||
}
|
||||
group_configs = {
|
||||
my-group = {
|
||||
zone = "europe-west1-b"
|
||||
instances = [
|
||||
"instance-1-self-link",
|
||||
"instance-2-self-link"
|
||||
]
|
||||
}
|
||||
}
|
||||
backends = [{
|
||||
group = module.ilb.groups.my-group.self_link
|
||||
}]
|
||||
service_attachments = {
|
||||
vip-one = {
|
||||
nat_subnets = [var.subnet_psc_1.self_link]
|
||||
automatic_connection = true
|
||||
}
|
||||
vip-two = {
|
||||
nat_subnets = [var.subnet_psc_2.self_link]
|
||||
automatic_connection = true
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=7
|
||||
```
|
||||
|
||||
### End to end example
|
||||
|
||||
This example spins up a simple HTTP server and combines four modules:
|
||||
|
@ -298,6 +346,15 @@ module "ilb" {
|
|||
}
|
||||
# tftest modules=3 resources=7 e2e
|
||||
```
|
||||
|
||||
## Issues
|
||||
|
||||
There are some corner cases where Terraform raises a cycle error on apply, for example when using the entire ILB module as a value in `for_each` counts used to create static routes in the VPC module. These are easily fixed by using forwarding rule ids instead of modules as values in the `for_each` loop.
|
||||
|
||||
<!--
|
||||
One other issue is a `Provider produced inconsistent final plan` error which is sometimes raised when switching template version. This seems to be related to this [open provider issue](https://github.com/terraform-providers/terraform-provider-google/issues/3937), but it's relatively harmless since the resource is updated, and subsequent applies raise no errors.
|
||||
-->
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
|
@ -306,7 +363,7 @@ module "ilb" {
|
|||
| [name](variables.tf#L184) | Name used for all resources. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L189) | Project id where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L200) | GCP region. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L211) | VPC-level configuration. | <code title="object({ network = string subnetwork = string })">object({…})</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L226) | VPC-level configuration. | <code title="object({ network = string subnetwork = string })">object({…})</code> | ✓ | |
|
||||
| [backend_service_config](variables.tf#L17) | Backend service level configuration. | <code title="object({ connection_draining_timeout_sec = optional(number) connection_tracking = optional(object({ idle_timeout_sec = optional(number) persist_conn_on_unhealthy = optional(string) track_per_session = optional(bool) })) enable_subsetting = optional(bool) failover_config = optional(object({ disable_conn_drain = optional(bool) drop_traffic_if_unhealthy = optional(bool) ratio = optional(number) })) log_sample_rate = optional(number) protocol = optional(string, "UNSPECIFIED") session_affinity = optional(string) timeout_sec = optional(number) })">object({…})</code> | | <code>{}</code> |
|
||||
| [backends](variables.tf#L51) | Load balancer backends. | <code title="list(object({ group = string description = optional(string, "Terraform managed.") failover = optional(bool, false) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [description](variables.tf#L62) | Optional description used for resources. | <code>string</code> | | <code>"Terraform managed."</code> |
|
||||
|
@ -316,7 +373,8 @@ module "ilb" {
|
|||
| [health_check_config](variables.tf#L101) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code title="object({ check_interval_sec = optional(number) description = optional(string, "Terraform managed.") enable_logging = optional(bool, false) healthy_threshold = optional(number) timeout_sec = optional(number) unhealthy_threshold = optional(number) grpc = optional(object({ port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT service_name = optional(string) })) http = optional(object({ host = optional(string) port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request_path = optional(string) response = optional(string) })) http2 = optional(object({ host = optional(string) port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request_path = optional(string) response = optional(string) })) https = optional(object({ host = optional(string) port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request_path = optional(string) response = optional(string) })) tcp = optional(object({ port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request = optional(string) response = optional(string) })) ssl = optional(object({ port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request = optional(string) response = optional(string) })) })">object({…})</code> | | <code title="{ tcp = { port_specification = "USE_SERVING_PORT" } }">{…}</code> |
|
||||
| [labels](variables.tf#L178) | Labels set on resources. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [protocol](variables.tf#L194) | Forwarding rule protocol used, defaults to TCP. | <code>string</code> | | <code>"TCP"</code> |
|
||||
| [service_label](variables.tf#L205) | Optional prefix of the fully qualified forwarding rule name. | <code>string</code> | | <code>null</code> |
|
||||
| [service_attachments](variables.tf#L205) | PSC service attachments, keyed by forwarding rule. | <code title="map(object({ nat_subnets = list(string) automatic_connection = optional(bool, false) consumer_accept_lists = optional(map(string), {}) consumer_reject_lists = optional(list(string)) description = optional(string) domain_name = optional(string) enable_proxy_protocol = optional(bool, false) reconcile_connections = optional(bool) }))">map(object({…}))</code> | | <code>null</code> |
|
||||
| [service_label](variables.tf#L220) | Optional prefix of the fully qualified forwarding rule name. | <code>string</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
@ -334,4 +392,5 @@ module "ilb" {
|
|||
| [health_check_id](outputs.tf#L73) | Auto-created health-check id. | |
|
||||
| [health_check_self_link](outputs.tf#L78) | Auto-created health-check self link. | |
|
||||
| [id](outputs.tf#L83) | Fully qualified forwarding rule ids. | |
|
||||
| [service_attachment_ids](outputs.tf#L91) | Service attachment ids. | |
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
@ -18,20 +18,34 @@
|
|||
locals {
|
||||
bs_conntrack = var.backend_service_config.connection_tracking
|
||||
bs_failover = var.backend_service_config.failover_config
|
||||
forwarding_rule_names = {
|
||||
for k, v in var.forwarding_rules_config :
|
||||
k => k == "" ? var.name : "${var.name}-${k}"
|
||||
}
|
||||
health_check = (
|
||||
var.health_check != null
|
||||
? var.health_check
|
||||
: google_compute_health_check.default.0.self_link
|
||||
)
|
||||
_service_attachments = (
|
||||
var.service_attachments == null ? {} : var.service_attachments
|
||||
)
|
||||
service_attachments = {
|
||||
for k, v in local._service_attachments :
|
||||
k => v if lookup(var.forwarding_rules_config, k, null) != null
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "forwarding_rules" {
|
||||
for_each = var.forwarding_rules_config
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
name = (
|
||||
each.key == "" ? var.name : "${var.name}-${each.key}"
|
||||
)
|
||||
moved {
|
||||
from = google_compute_forwarding_rule.forwarding_rules
|
||||
to = google_compute_forwarding_rule.default
|
||||
}
|
||||
|
||||
resource "google_compute_forwarding_rule" "default" {
|
||||
for_each = var.forwarding_rules_config
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
name = local.forwarding_rule_names[each.key]
|
||||
region = var.region
|
||||
description = each.value.description
|
||||
ip_address = each.value.address
|
||||
|
@ -71,7 +85,10 @@ resource "google_compute_region_backend_service" "default" {
|
|||
balancing_mode = "CONNECTION"
|
||||
description = backend.value.description
|
||||
failover = backend.value.failover
|
||||
group = backend.key
|
||||
group = try(
|
||||
google_compute_instance_group.default[backend.key].id,
|
||||
backend.key
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -113,3 +130,30 @@ resource "google_compute_region_backend_service" "default" {
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
resource "google_compute_service_attachment" "default" {
|
||||
for_each = local.service_attachments
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
name = local.forwarding_rule_names[each.key]
|
||||
description = var.description
|
||||
target_service = google_compute_forwarding_rule.default[each.key].id
|
||||
nat_subnets = each.value.nat_subnets
|
||||
connection_preference = (
|
||||
each.value.automatic_connection ? "ACCEPT_AUTOMATIC" : "ACCEPT_MANUAL"
|
||||
)
|
||||
consumer_reject_lists = each.value.consumer_reject_lists
|
||||
domain_names = (
|
||||
each.value.domain_name == null ? null : [each.value.domain_name]
|
||||
)
|
||||
enable_proxy_protocol = each.value.enable_proxy_protocol
|
||||
reconcile_connections = each.value.reconcile_connections
|
||||
dynamic "consumer_accept_lists" {
|
||||
for_each = each.value.consumer_accept_lists
|
||||
iterator = accept
|
||||
content {
|
||||
project_id_or_num = accept.key
|
||||
connection_limit = accept.value
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -32,7 +32,7 @@ output "backend_service_self_link" {
|
|||
output "forwarding_rule_addresses" {
|
||||
description = "Forwarding rule address."
|
||||
value = {
|
||||
for k, v in google_compute_forwarding_rule.forwarding_rules
|
||||
for k, v in google_compute_forwarding_rule.default
|
||||
: k => v.ip_address
|
||||
}
|
||||
}
|
||||
|
@ -40,7 +40,7 @@ output "forwarding_rule_addresses" {
|
|||
output "forwarding_rule_self_links" {
|
||||
description = "Forwarding rule self links."
|
||||
value = {
|
||||
for k, v in google_compute_forwarding_rule.forwarding_rules
|
||||
for k, v in google_compute_forwarding_rule.default
|
||||
: k => v.self_link
|
||||
}
|
||||
}
|
||||
|
@ -48,7 +48,7 @@ output "forwarding_rule_self_links" {
|
|||
output "forwarding_rules" {
|
||||
description = "Forwarding rule resources."
|
||||
value = {
|
||||
for k, v in google_compute_forwarding_rule.forwarding_rules
|
||||
for k, v in google_compute_forwarding_rule.default
|
||||
: k => v
|
||||
}
|
||||
}
|
||||
|
@ -83,7 +83,14 @@ output "health_check_self_link" {
|
|||
output "id" {
|
||||
description = "Fully qualified forwarding rule ids."
|
||||
value = {
|
||||
for k, v in google_compute_forwarding_rule.forwarding_rules
|
||||
for k, v in google_compute_forwarding_rule.default
|
||||
: k => v.id
|
||||
}
|
||||
}
|
||||
|
||||
output "service_attachment_ids" {
|
||||
description = "Service attachment ids."
|
||||
value = {
|
||||
for k, v in google_compute_service_attachment.default : k => v.id
|
||||
}
|
||||
}
|
||||
|
|
|
@ -202,6 +202,21 @@ variable "region" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "service_attachments" {
|
||||
description = "PSC service attachments, keyed by forwarding rule."
|
||||
type = map(object({
|
||||
nat_subnets = list(string)
|
||||
automatic_connection = optional(bool, false)
|
||||
consumer_accept_lists = optional(map(string), {})
|
||||
consumer_reject_lists = optional(list(string))
|
||||
description = optional(string)
|
||||
domain_name = optional(string)
|
||||
enable_proxy_protocol = optional(bool, false)
|
||||
reconcile_connections = optional(bool)
|
||||
}))
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "service_label" {
|
||||
description = "Optional prefix of the fully qualified forwarding rule name."
|
||||
type = string
|
||||
|
|
|
@ -98,7 +98,7 @@ values:
|
|||
network: projects/my-project/global/networks/dataplane
|
||||
project: my-project
|
||||
zone: europe-west1-b
|
||||
module.f5-lb.module.passthrough-ilb[0].google_compute_forwarding_rule.forwarding_rules["l4"]:
|
||||
module.f5-lb.module.passthrough-ilb[0].google_compute_forwarding_rule.default["l4"]:
|
||||
all_ports: true
|
||||
allow_global_access: true
|
||||
allow_psc_global_access: null
|
||||
|
|
|
@ -123,7 +123,7 @@ values:
|
|||
project: my-project
|
||||
region: europe-west1
|
||||
subnetwork: projects/my-project/regions/europe-west1/subnetworks/dataplane
|
||||
module.f5-lb.module.passthrough-ilb[0].google_compute_forwarding_rule.forwarding_rules["int-ipv4"]:
|
||||
module.f5-lb.module.passthrough-ilb[0].google_compute_forwarding_rule.default["int-ipv4"]:
|
||||
all_ports: true
|
||||
allow_global_access: true
|
||||
ip_protocol: L3_DEFAULT
|
||||
|
@ -135,7 +135,7 @@ values:
|
|||
project: my-project
|
||||
region: europe-west1
|
||||
subnetwork: projects/my-project/regions/europe-west1/subnetworks/dataplane
|
||||
module.f5-lb.module.passthrough-ilb[0].google_compute_forwarding_rule.forwarding_rules["int-ipv6"]:
|
||||
module.f5-lb.module.passthrough-ilb[0].google_compute_forwarding_rule.default["int-ipv6"]:
|
||||
all_ports: true
|
||||
allow_global_access: true
|
||||
ip_protocol: L3_DEFAULT
|
||||
|
@ -171,7 +171,7 @@ values:
|
|||
project: my-project
|
||||
protocol: UNSPECIFIED
|
||||
region: europe-west1
|
||||
module.f5-lb.module.passthrough-nlb[0].google_compute_forwarding_rule.forwarding_rules["ext-ipv4"]:
|
||||
module.f5-lb.module.passthrough-nlb[0].google_compute_forwarding_rule.default["ext-ipv4"]:
|
||||
all_ports: true
|
||||
allow_global_access: null
|
||||
ip_protocol: L3_DEFAULT
|
||||
|
@ -180,7 +180,7 @@ values:
|
|||
name: test-nlb-ext-ipv4
|
||||
project: my-project
|
||||
region: europe-west1
|
||||
module.f5-lb.module.passthrough-nlb[0].google_compute_forwarding_rule.forwarding_rules["ext-ipv6"]:
|
||||
module.f5-lb.module.passthrough-nlb[0].google_compute_forwarding_rule.default["ext-ipv6"]:
|
||||
all_ports: true
|
||||
allow_global_access: null
|
||||
ip_protocol: L3_DEFAULT
|
||||
|
|
|
@ -97,7 +97,7 @@ values:
|
|||
network: projects/my-project/global/networks/dataplane
|
||||
project: my-project
|
||||
zone: europe-west1-b
|
||||
module.f5-lb.module.passthrough-nlb[0].google_compute_forwarding_rule.forwarding_rules["ext-ipv4"]:
|
||||
module.f5-lb.module.passthrough-nlb[0].google_compute_forwarding_rule.default["ext-ipv4"]:
|
||||
all_ports: true
|
||||
allow_global_access: null
|
||||
allow_psc_global_access: null
|
||||
|
|
|
@ -56,7 +56,7 @@ values:
|
|||
project: my-project
|
||||
region: europe-west1
|
||||
subnetwork: projects/my-project/regions/europe-west1/subnetworks/dataplane
|
||||
module.f5-lb.module.passthrough-ilb[0].google_compute_forwarding_rule.forwarding_rules["l4"]:
|
||||
module.f5-lb.module.passthrough-ilb[0].google_compute_forwarding_rule.default["l4"]:
|
||||
all_ports: true
|
||||
allow_global_access: true
|
||||
allow_psc_global_access: null
|
||||
|
|
|
@ -100,7 +100,7 @@ values:
|
|||
network: projects/my-project/global/networks/dataplane
|
||||
project: my-project
|
||||
zone: europe-west1-b
|
||||
module.f5-lb.module.passthrough-ilb[0].google_compute_forwarding_rule.forwarding_rules["l4"]:
|
||||
module.f5-lb.module.passthrough-ilb[0].google_compute_forwarding_rule.default["l4"]:
|
||||
all_ports: true
|
||||
allow_global_access: true
|
||||
allow_psc_global_access: null
|
||||
|
|
|
@ -56,7 +56,7 @@ values:
|
|||
project: my-project
|
||||
region: europe-west1
|
||||
subnetwork: projects/my-project/regions/europe-west1/subnetworks/dataplane
|
||||
module.f5-lb.module.passthrough-ilb[0].google_compute_forwarding_rule.forwarding_rules["l4"]:
|
||||
module.f5-lb.module.passthrough-ilb[0].google_compute_forwarding_rule.default["l4"]:
|
||||
all_ports: true
|
||||
allow_global_access: true
|
||||
allow_psc_global_access: null
|
||||
|
|
|
@ -73,6 +73,24 @@ variable "subnet" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "subnet_psc_1" {
|
||||
default = {
|
||||
name = "subnet_name"
|
||||
region = "subnet_region"
|
||||
cidr = "subnet_cidr"
|
||||
self_link = "subnet_self_link"
|
||||
}
|
||||
}
|
||||
|
||||
variable "subnet_psc_2" {
|
||||
default = {
|
||||
name = "subnet_name"
|
||||
region = "subnet_region"
|
||||
cidr = "subnet_cidr"
|
||||
self_link = "subnet_self_link"
|
||||
}
|
||||
}
|
||||
|
||||
variable "subnet1" {
|
||||
default = {
|
||||
name = "subnet_name"
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_compute_forwarding_rule.forwarding_rules[""]:
|
||||
google_compute_forwarding_rule.default[""]:
|
||||
all_ports: true
|
||||
ip_protocol: TCP
|
||||
labels: null
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_compute_forwarding_rule.forwarding_rules["ipv4"]:
|
||||
google_compute_forwarding_rule.default["ipv4"]:
|
||||
ip_version: "IPV4"
|
||||
google_compute_forwarding_rule.forwarding_rules["ipv6"]:
|
||||
google_compute_forwarding_rule.default["ipv6"]:
|
||||
ip_version: "IPV6"
|
||||
|
||||
counts:
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.nlb.google_compute_forwarding_rule.forwarding_rules["ipv4"]:
|
||||
module.nlb.google_compute_forwarding_rule.default["ipv4"]:
|
||||
all_ports: true
|
||||
allow_global_access: null
|
||||
allow_psc_global_access: null
|
||||
|
@ -32,7 +32,7 @@ values:
|
|||
source_ip_ranges: null
|
||||
target: null
|
||||
timeouts: null
|
||||
module.nlb.google_compute_forwarding_rule.forwarding_rules["ipv6"]:
|
||||
module.nlb.google_compute_forwarding_rule.default["ipv6"]:
|
||||
all_ports: true
|
||||
allow_global_access: null
|
||||
allow_psc_global_access: null
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.nlb.google_compute_forwarding_rule.forwarding_rules[""]:
|
||||
module.nlb.google_compute_forwarding_rule.default[""]:
|
||||
all_ports: null
|
||||
allow_global_access: null
|
||||
allow_psc_global_access: null
|
||||
|
@ -79,7 +79,7 @@ values:
|
|||
unhealthy_threshold: 2
|
||||
|
||||
counts:
|
||||
google_compute_forwarding_rule: 1
|
||||
google_compute_forwarding_rule: 1
|
||||
google_compute_region_backend_service: 1
|
||||
google_compute_region_health_check: 1
|
||||
modules: 3
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.nlb.google_compute_forwarding_rule.forwarding_rules[""]:
|
||||
module.nlb.google_compute_forwarding_rule.default[""]:
|
||||
all_ports: true
|
||||
allow_global_access: null
|
||||
allow_psc_global_access: null
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.nlb.google_compute_forwarding_rule.forwarding_rules["vip-one"]:
|
||||
module.nlb.google_compute_forwarding_rule.default["vip-one"]:
|
||||
all_ports: true
|
||||
allow_global_access: null
|
||||
allow_psc_global_access: null
|
||||
|
@ -32,7 +32,7 @@ values:
|
|||
source_ip_ranges: null
|
||||
target: null
|
||||
timeouts: null
|
||||
module.nlb.google_compute_forwarding_rule.forwarding_rules["vip-two"]:
|
||||
module.nlb.google_compute_forwarding_rule.default["vip-two"]:
|
||||
all_ports: null
|
||||
allow_global_access: null
|
||||
allow_psc_global_access: null
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.nlb.google_compute_forwarding_rule.forwarding_rules[""]:
|
||||
module.nlb.google_compute_forwarding_rule.default[""]:
|
||||
all_ports: true
|
||||
allow_global_access: null
|
||||
allow_psc_global_access: null
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_compute_forwarding_rule.forwarding_rules["port-80"]:
|
||||
google_compute_forwarding_rule.default["port-80"]:
|
||||
all_ports: null
|
||||
ports:
|
||||
- '80'
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_compute_forwarding_rule.forwarding_rules[""]:
|
||||
google_compute_forwarding_rule.default[""]:
|
||||
all_ports: true
|
||||
ip_protocol: TCP
|
||||
labels: null
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
values:
|
||||
google_compute_forwarding_rule.forwarding_rules["port-80"]:
|
||||
google_compute_forwarding_rule.default["port-80"]:
|
||||
all_ports: null
|
||||
allow_global_access: true
|
||||
ports:
|
||||
|
|
Loading…
Reference in New Issue