[#1764] net-lb-int: add support for dual stack and multiple forwarding rules
This commit is contained in:
Luca Prete
GitHub
parent
29a6b9ec0d
commit
6c48512f7e
|
|
@ -18,7 +18,6 @@ and to `C:\GcpSetupLog.txt` file.
|
||||||
|
|
||||||
<!-- TFDOC OPTS files:1 -->
|
<!-- TFDOC OPTS files:1 -->
|
||||||
<!-- BEGIN TFDOC -->
|
<!-- BEGIN TFDOC -->
|
||||||
|
|
||||||
## Files
|
## Files
|
||||||
|
|
||||||
| name | description | modules |
|
| name | description | modules |
|
||||||
|
|
@ -66,10 +65,8 @@ and to `C:\GcpSetupLog.txt` file.
|
||||||
|
|
||||||
| name | description | sensitive |
|
| name | description | sensitive |
|
||||||
|---|---|:---:|
|
|---|---|:---:|
|
||||||
| [instructions](outputs.tf#L19) | List of steps to follow after applying. | |
|
| [instructions](outputs.tf#L22) | List of steps to follow after applying. | |
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
||||||
## Test
|
## Test
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
# Copyright 2022 Google LLC
|
# Copyright 2023 Google LLC
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
|
|
@ -13,7 +13,10 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
loadbalancer_outputs = [for aog in var.always_on_groups : format("%s (%s)", module.listener-ilb[aog].forwarding_rule_address, aog)]
|
loadbalancer_outputs = [
|
||||||
|
for aog, ilb in module.listener-ilb
|
||||||
|
: format("%s (%s)", ilb.forwarding_rule_addresses[""], aog)
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
output "instructions" {
|
output "instructions" {
|
||||||
|
|
|
||||||
|
|
@ -141,7 +141,11 @@ module "listener-ilb" {
|
||||||
region = var.region
|
region = var.region
|
||||||
name = "${var.prefix}-${each.value}-ilb"
|
name = "${var.prefix}-${each.value}-ilb"
|
||||||
service_label = "${var.prefix}-${each.value}-ilb"
|
service_label = "${var.prefix}-${each.value}-ilb"
|
||||||
address = local.internal_address_ips["${var.prefix}-lb-${each.value}"]
|
forwarding_rules_config = {
|
||||||
|
"" = {
|
||||||
|
address = local.internal_address_ips["${var.prefix}-lb-${each.value}"]
|
||||||
|
}
|
||||||
|
}
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
network = local.network
|
network = local.network
|
||||||
subnetwork = local.subnetwork
|
subnetwork = local.subnetwork
|
||||||
|
|
|
||||||
|
|
@ -106,7 +106,7 @@ resource "google_compute_service_attachment" "service_attachment" {
|
||||||
enable_proxy_protocol = true
|
enable_proxy_protocol = true
|
||||||
connection_preference = "ACCEPT_MANUAL"
|
connection_preference = "ACCEPT_MANUAL"
|
||||||
nat_subnets = [module.vpc.subnets_psc["${var.region}/psc"].self_link]
|
nat_subnets = [module.vpc.subnets_psc["${var.region}/psc"].self_link]
|
||||||
target_service = module.squid-ilb.forwarding_rule_self_link
|
target_service = module.squid-ilb.forwarding_rule_self_links[""]
|
||||||
consumer_accept_lists {
|
consumer_accept_lists {
|
||||||
project_id_or_num = module.project.project_id
|
project_id_or_num = module.project.project_id
|
||||||
connection_limit = 10
|
connection_limit = 10
|
||||||
|
|
@ -206,8 +206,12 @@ module "squid-ilb" {
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
name = "squid-ilb"
|
name = "squid-ilb"
|
||||||
ports = [3128]
|
|
||||||
service_label = "squid-ilb"
|
service_label = "squid-ilb"
|
||||||
|
forwarding_rules_config = {
|
||||||
|
"" = {
|
||||||
|
ports = [3128]
|
||||||
|
}
|
||||||
|
}
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
network = module.vpc.self_link
|
network = module.vpc.self_link
|
||||||
subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]
|
subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
||||||
locals {
|
locals {
|
||||||
squid_address = (
|
squid_address = (
|
||||||
var.mig
|
var.mig
|
||||||
? module.squid-ilb.0.forwarding_rule_address
|
? module.squid-ilb.0.forwarding_rule_addresses[""]
|
||||||
: module.squid-vm.internal_ip
|
: module.squid-vm.internal_ip
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
@ -210,8 +210,12 @@ module "squid-ilb" {
|
||||||
project_id = module.project-host.project_id
|
project_id = module.project-host.project_id
|
||||||
region = var.region
|
region = var.region
|
||||||
name = "squid-ilb"
|
name = "squid-ilb"
|
||||||
ports = [3128]
|
|
||||||
service_label = "squid-ilb"
|
service_label = "squid-ilb"
|
||||||
|
forwarding_rules_config = {
|
||||||
|
"" = {
|
||||||
|
ports = [3128]
|
||||||
|
}
|
||||||
|
}
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
network = module.vpc.self_link
|
network = module.vpc.self_link
|
||||||
subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]
|
subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,7 @@ module "hybrid-glb" {
|
||||||
endpoints = {
|
endpoints = {
|
||||||
primary = {
|
primary = {
|
||||||
ip_address = (var.ilb_create
|
ip_address = (var.ilb_create
|
||||||
? module.test_vm_ilbs["primary"].forwarding_rule_address
|
? module.test_vm_ilbs["primary"].forwarding_rule_addresses[""]
|
||||||
: module.test_vms["primary"].internal_ip
|
: module.test_vms["primary"].internal_ip
|
||||||
)
|
)
|
||||||
port = 80
|
port = 80
|
||||||
|
|
@ -59,7 +59,7 @@ module "hybrid-glb" {
|
||||||
endpoints = {
|
endpoints = {
|
||||||
secondary = {
|
secondary = {
|
||||||
ip_address = (var.ilb_create
|
ip_address = (var.ilb_create
|
||||||
? module.test_vm_ilbs["secondary"].forwarding_rule_address
|
? module.test_vm_ilbs["secondary"].forwarding_rule_addresses[""]
|
||||||
: module.test_vms["secondary"].internal_ip
|
: module.test_vms["secondary"].internal_ip
|
||||||
)
|
)
|
||||||
port = 80
|
port = 80
|
||||||
|
|
|
||||||
|
|
@ -53,12 +53,12 @@ module "vpc_landing_untrusted" {
|
||||||
spoke1-primary = {
|
spoke1-primary = {
|
||||||
dest_range = var.ip_config.spoke_primary
|
dest_range = var.ip_config.spoke_primary
|
||||||
next_hop_type = "ilb"
|
next_hop_type = "ilb"
|
||||||
next_hop = module.nva_untrusted_ilbs["primary"].forwarding_rule_self_link
|
next_hop = module.nva_untrusted_ilbs["primary"].forwarding_rule_self_links[""]
|
||||||
}
|
}
|
||||||
spoke1-secondary = {
|
spoke1-secondary = {
|
||||||
dest_range = var.ip_config.spoke_secondary
|
dest_range = var.ip_config.spoke_secondary
|
||||||
next_hop_type = "ilb"
|
next_hop_type = "ilb"
|
||||||
next_hop = module.nva_untrusted_ilbs["secondary"].forwarding_rule_self_link
|
next_hop = module.nva_untrusted_ilbs["secondary"].forwarding_rule_self_links[""]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -67,7 +67,11 @@ module "ilb-left" {
|
||||||
network = module.vpc-left.self_link
|
network = module.vpc-left.self_link
|
||||||
subnetwork = values(module.vpc-left.subnet_self_links)[0]
|
subnetwork = values(module.vpc-left.subnet_self_links)[0]
|
||||||
}
|
}
|
||||||
address = local.addresses.ilb-left
|
forwarding_rules_config = {
|
||||||
|
"" = {
|
||||||
|
address = local.addresses.ilb-left
|
||||||
|
}
|
||||||
|
}
|
||||||
backend_service_config = {
|
backend_service_config = {
|
||||||
session_affinity = var.ilb_session_affinity
|
session_affinity = var.ilb_session_affinity
|
||||||
}
|
}
|
||||||
|
|
@ -91,7 +95,11 @@ module "ilb-right" {
|
||||||
network = module.vpc-right.self_link
|
network = module.vpc-right.self_link
|
||||||
subnetwork = values(module.vpc-right.subnet_self_links)[0]
|
subnetwork = values(module.vpc-right.subnet_self_links)[0]
|
||||||
}
|
}
|
||||||
address = local.addresses.ilb-right
|
forwarding_rules_config = {
|
||||||
|
"" = {
|
||||||
|
address = local.addresses.ilb-right
|
||||||
|
}
|
||||||
|
}
|
||||||
backend_service_config = {
|
backend_service_config = {
|
||||||
session_affinity = var.ilb_session_affinity
|
session_affinity = var.ilb_session_affinity
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -18,8 +18,8 @@ output "addresses" {
|
||||||
description = "IP addresses."
|
description = "IP addresses."
|
||||||
value = {
|
value = {
|
||||||
gw = [for z, mod in module.gw : mod.internal_ip]
|
gw = [for z, mod in module.gw : mod.internal_ip]
|
||||||
ilb-left = module.ilb-left.forwarding_rule_address
|
ilb-left = module.ilb-left.forwarding_rule_addresses[""]
|
||||||
ilb-right = module.ilb-right.forwarding_rule_address
|
ilb-right = module.ilb-right.forwarding_rule_addresses[""]
|
||||||
vm-left = [for z, mod in module.vm-left : mod.internal_ip]
|
vm-left = [for z, mod in module.vm-left : mod.internal_ip]
|
||||||
vm-right = [for z, mod in module.vm-right : mod.internal_ip]
|
vm-right = [for z, mod in module.vm-right : mod.internal_ip]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ module "vpc-left" {
|
||||||
to-right = {
|
to-right = {
|
||||||
dest_range = var.ip_ranges.right
|
dest_range = var.ip_ranges.right
|
||||||
next_hop_type = "ilb"
|
next_hop_type = "ilb"
|
||||||
next_hop = module.ilb-left.forwarding_rule.self_link
|
next_hop = module.ilb-left.forwarding_rule_self_links[""]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@ module "vpc-right" {
|
||||||
dest_range = var.ip_ranges.left
|
dest_range = var.ip_ranges.left
|
||||||
priority = var.ilb_right_enable ? 900 : 1100
|
priority = var.ilb_right_enable ? 900 : 1100
|
||||||
next_hop_type = "ilb"
|
next_hop_type = "ilb"
|
||||||
next_hop = module.ilb-right.forwarding_rule.self_link
|
next_hop = module.ilb-right.forwarding_rule_self_links[""]
|
||||||
}
|
}
|
||||||
to-left-gw-1 = {
|
to-left-gw-1 = {
|
||||||
dest_range = var.ip_ranges.left
|
dest_range = var.ip_ranges.left
|
||||||
|
|
|
||||||
|
|
@ -129,7 +129,11 @@ module "ilb-nva-untrusted" {
|
||||||
region = each.value.region
|
region = each.value.region
|
||||||
name = "nva-untrusted-${each.key}"
|
name = "nva-untrusted-${each.key}"
|
||||||
service_label = var.prefix
|
service_label = var.prefix
|
||||||
global_access = true
|
forwarding_rules_config = {
|
||||||
|
"" = {
|
||||||
|
global_access = true
|
||||||
|
}
|
||||||
|
}
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
network = module.landing-untrusted-vpc.self_link
|
network = module.landing-untrusted-vpc.self_link
|
||||||
subnetwork = module.landing-untrusted-vpc.subnet_self_links[each.value.subnet]
|
subnetwork = module.landing-untrusted-vpc.subnet_self_links[each.value.subnet]
|
||||||
|
|
@ -160,7 +164,11 @@ module "ilb-nva-trusted" {
|
||||||
region = each.value.region
|
region = each.value.region
|
||||||
name = "nva-trusted-${each.key}"
|
name = "nva-trusted-${each.key}"
|
||||||
service_label = var.prefix
|
service_label = var.prefix
|
||||||
global_access = true
|
forwarding_rules_config = {
|
||||||
|
"" = {
|
||||||
|
global_access = true
|
||||||
|
}
|
||||||
|
}
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
network = module.landing-trusted-vpc.self_link
|
network = module.landing-trusted-vpc.self_link
|
||||||
subnetwork = module.landing-trusted-vpc.subnet_self_links[each.value.subnet]
|
subnetwork = module.landing-trusted-vpc.subnet_self_links[each.value.subnet]
|
||||||
|
|
|
||||||
|
|
@ -65,28 +65,28 @@ module "dev-spoke-vpc" {
|
||||||
priority = 1000
|
priority = 1000
|
||||||
tags = ["primary"]
|
tags = ["primary"]
|
||||||
next_hop_type = "ilb"
|
next_hop_type = "ilb"
|
||||||
next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_address
|
next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_addresses[""]
|
||||||
}
|
}
|
||||||
nva-secondary-to-secondary = {
|
nva-secondary-to-secondary = {
|
||||||
dest_range = "0.0.0.0/0"
|
dest_range = "0.0.0.0/0"
|
||||||
priority = 1000
|
priority = 1000
|
||||||
tags = ["secondary"]
|
tags = ["secondary"]
|
||||||
next_hop_type = "ilb"
|
next_hop_type = "ilb"
|
||||||
next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_address
|
next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_addresses[""]
|
||||||
}
|
}
|
||||||
nva-primary-to-secondary = {
|
nva-primary-to-secondary = {
|
||||||
dest_range = "0.0.0.0/0"
|
dest_range = "0.0.0.0/0"
|
||||||
priority = 1001
|
priority = 1001
|
||||||
tags = ["primary"]
|
tags = ["primary"]
|
||||||
next_hop_type = "ilb"
|
next_hop_type = "ilb"
|
||||||
next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_address
|
next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_addresses[""]
|
||||||
}
|
}
|
||||||
nva-secondary-to-primary = {
|
nva-secondary-to-primary = {
|
||||||
dest_range = "0.0.0.0/0"
|
dest_range = "0.0.0.0/0"
|
||||||
priority = 1001
|
priority = 1001
|
||||||
tags = ["secondary"]
|
tags = ["secondary"]
|
||||||
next_hop_type = "ilb"
|
next_hop_type = "ilb"
|
||||||
next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_address
|
next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_addresses[""]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -64,28 +64,28 @@ module "prod-spoke-vpc" {
|
||||||
priority = 1000
|
priority = 1000
|
||||||
tags = ["primary"]
|
tags = ["primary"]
|
||||||
next_hop_type = "ilb"
|
next_hop_type = "ilb"
|
||||||
next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_address
|
next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_addresses[""]
|
||||||
}
|
}
|
||||||
nva-secondary-to-secondary = {
|
nva-secondary-to-secondary = {
|
||||||
dest_range = "0.0.0.0/0"
|
dest_range = "0.0.0.0/0"
|
||||||
priority = 1000
|
priority = 1000
|
||||||
tags = ["secondary"]
|
tags = ["secondary"]
|
||||||
next_hop_type = "ilb"
|
next_hop_type = "ilb"
|
||||||
next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_address
|
next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_addresses[""]
|
||||||
}
|
}
|
||||||
nva-primary-to-secondary = {
|
nva-primary-to-secondary = {
|
||||||
dest_range = "0.0.0.0/0"
|
dest_range = "0.0.0.0/0"
|
||||||
priority = 1001
|
priority = 1001
|
||||||
tags = ["primary"]
|
tags = ["primary"]
|
||||||
next_hop_type = "ilb"
|
next_hop_type = "ilb"
|
||||||
next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_address
|
next_hop = module.ilb-nva-trusted["secondary"].forwarding_rule_addresses[""]
|
||||||
}
|
}
|
||||||
nva-secondary-to-primary = {
|
nva-secondary-to-primary = {
|
||||||
dest_range = "0.0.0.0/0"
|
dest_range = "0.0.0.0/0"
|
||||||
priority = 1001
|
priority = 1001
|
||||||
tags = ["secondary"]
|
tags = ["secondary"]
|
||||||
next_hop_type = "ilb"
|
next_hop_type = "ilb"
|
||||||
next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_address
|
next_hop = module.ilb-nva-trusted["primary"].forwarding_rule_addresses[""]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -119,12 +119,16 @@ module "ilb" {
|
||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
region = "europe-west1"
|
region = "europe-west1"
|
||||||
name = "ilb-test"
|
name = "ilb-test"
|
||||||
protocol = "L3_DEFAULT"
|
|
||||||
service_label = "ilb-test"
|
service_label = "ilb-test"
|
||||||
vpc_config = {
|
vpc_config = {
|
||||||
network = var.vpc.self_link
|
network = var.vpc.self_link
|
||||||
subnetwork = var.subnet.self_link
|
subnetwork = var.subnet.self_link
|
||||||
}
|
}
|
||||||
|
forwarding_rules_config = {
|
||||||
|
"" = {
|
||||||
|
protocol = "L3_DEFAULT"
|
||||||
|
}
|
||||||
|
}
|
||||||
group_configs = {
|
group_configs = {
|
||||||
my-group = {
|
my-group = {
|
||||||
zone = "europe-west1-b"
|
zone = "europe-west1-b"
|
||||||
|
|
@ -141,6 +145,90 @@ module "ilb" {
|
||||||
# tftest modules=1 resources=4
|
# tftest modules=1 resources=4
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Mutiple forwarding rules
|
||||||
|
|
||||||
|
You can add more forwarding rules to your load balancer and override some forwarding rules defaults, including the global access policy, the IP protocol, the IP version and ports.
|
||||||
|
|
||||||
|
The example adds two forwarding rules:
|
||||||
|
|
||||||
|
- the first one, called `ilb-test-vip-one` exposes an IPv4 address, it listens on all ports, and allows connections from any region.
|
||||||
|
- the second one, called `ilb-test-vip-two` exposes an IPv4 address, it listens on port 80 and allows connections from the same region only.
|
||||||
|
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "ilb" {
|
||||||
|
source = "./fabric/modules/net-lb-int"
|
||||||
|
project_id = var.project_id
|
||||||
|
region = "europe-west1"
|
||||||
|
name = "ilb-test"
|
||||||
|
service_label = "ilb-test"
|
||||||
|
vpc_config = {
|
||||||
|
network = var.vpc.self_link
|
||||||
|
subnetwork = var.subnet.self_link
|
||||||
|
}
|
||||||
|
forwarding_rules_config = {
|
||||||
|
vip-one = {}
|
||||||
|
vip-two = {
|
||||||
|
global_access = false
|
||||||
|
ports = [80]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
group_configs = {
|
||||||
|
my-group = {
|
||||||
|
zone = "europe-west1-b"
|
||||||
|
instances = [
|
||||||
|
"instance-1-self-link",
|
||||||
|
"instance-2-self-link"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
backends = [{
|
||||||
|
group = module.ilb.groups.my-group.self_link
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
# tftest modules=1 resources=5
|
||||||
|
```
|
||||||
|
|
||||||
|
### Dual stack (IPv4 and IPv6)
|
||||||
|
|
||||||
|
Your load balancer can use a combination of either or both IPv4 and IPv6 forwarding rules.
|
||||||
|
In this example we set the load balancer to work as dual stack, meaning it exposes both an IPv4 and an IPv6 address.
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "ilb" {
|
||||||
|
source = "./fabric/modules/net-lb-int"
|
||||||
|
project_id = var.project_id
|
||||||
|
region = "europe-west1"
|
||||||
|
name = "ilb-test"
|
||||||
|
service_label = "ilb-test"
|
||||||
|
vpc_config = {
|
||||||
|
network = var.vpc.self_link
|
||||||
|
subnetwork = var.subnet.self_link
|
||||||
|
}
|
||||||
|
forwarding_rules_config = {
|
||||||
|
ipv4 = {
|
||||||
|
version = "IPV4"
|
||||||
|
}
|
||||||
|
ipv6 = {
|
||||||
|
version = "IPV6"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
group_configs = {
|
||||||
|
my-group = {
|
||||||
|
zone = "europe-west1-b"
|
||||||
|
instances = [
|
||||||
|
"instance-1-self-link",
|
||||||
|
"instance-2-self-link"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
backends = [{
|
||||||
|
group = module.ilb.groups.my-group.self_link
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
# tftest modules=1 resources=5
|
||||||
|
```
|
||||||
|
|
||||||
### End to end example
|
### End to end example
|
||||||
|
|
||||||
This example spins up a simple HTTP server and combines four modules:
|
This example spins up a simple HTTP server and combines four modules:
|
||||||
|
|
@ -192,7 +280,11 @@ module "ilb" {
|
||||||
network = var.vpc.self_link
|
network = var.vpc.self_link
|
||||||
subnetwork = var.subnet.self_link
|
subnetwork = var.subnet.self_link
|
||||||
}
|
}
|
||||||
ports = [80]
|
forwarding_rules_config = {
|
||||||
|
"" = {
|
||||||
|
ports = [80]
|
||||||
|
}
|
||||||
|
}
|
||||||
backends = [
|
backends = [
|
||||||
for z, mod in module.instance-group : {
|
for z, mod in module.instance-group : {
|
||||||
group = mod.group.self_link
|
group = mod.group.self_link
|
||||||
|
|
@ -212,22 +304,20 @@ module "ilb" {
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [name](variables.tf#L189) | Name used for all resources. | <code>string</code> | ✓ | |
|
| [name](variables.tf#L192) | Name used for all resources. | <code>string</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L200) | Project id where resources will be created. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L197) | Project id where resources will be created. | <code>string</code> | ✓ | |
|
||||||
| [region](variables.tf#L211) | GCP region. | <code>string</code> | ✓ | |
|
| [region](variables.tf#L208) | GCP region. | <code>string</code> | ✓ | |
|
||||||
| [vpc_config](variables.tf#L222) | VPC-level configuration. | <code title="object({ network = string subnetwork = string })">object({…})</code> | ✓ | |
|
| [vpc_config](variables.tf#L219) | VPC-level configuration. | <code title="object({ network = string subnetwork = string })">object({…})</code> | ✓ | |
|
||||||
| [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | <code>string</code> | | <code>null</code> |
|
| [backend_service_config](variables.tf#L17) | Backend service level configuration. | <code title="object({ connection_draining_timeout_sec = optional(number) connection_tracking = optional(object({ idle_timeout_sec = optional(number) persist_conn_on_unhealthy = optional(string) track_per_session = optional(bool) })) enable_subsetting = optional(bool) failover_config = optional(object({ disable_conn_drain = optional(bool) drop_traffic_if_unhealthy = optional(bool) ratio = optional(number) })) log_sample_rate = optional(number) protocol = optional(string, "UNSPECIFIED") session_affinity = optional(string) timeout_sec = optional(number) })">object({…})</code> | | <code>{}</code> |
|
||||||
| [backend_service_config](variables.tf#L23) | Backend service level configuration. | <code title="object({ connection_draining_timeout_sec = optional(number) connection_tracking = optional(object({ idle_timeout_sec = optional(number) persist_conn_on_unhealthy = optional(string) track_per_session = optional(bool) })) enable_subsetting = optional(bool) failover_config = optional(object({ disable_conn_drain = optional(bool) drop_traffic_if_unhealthy = optional(bool) ratio = optional(number) })) log_sample_rate = optional(number) protocol = optional(string, "UNSPECIFIED") session_affinity = optional(string) timeout_sec = optional(number) })">object({…})</code> | | <code>{}</code> |
|
| [backends](variables.tf#L51) | Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'. | <code title="list(object({ group = string balancing_mode = optional(string, "CONNECTION") description = optional(string, "Terraform managed.") failover = optional(bool, false) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||||
| [backends](variables.tf#L57) | Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'. | <code title="list(object({ group = string balancing_mode = optional(string, "CONNECTION") description = optional(string, "Terraform managed.") failover = optional(bool, false) }))">list(object({…}))</code> | | <code>[]</code> |
|
| [description](variables.tf#L70) | Optional description used for resources. | <code>string</code> | | <code>"Terraform managed."</code> |
|
||||||
| [description](variables.tf#L76) | Optional description used for resources. | <code>string</code> | | <code>"Terraform managed."</code> |
|
| [forwarding_rules_config](variables.tf#L76) | The optional forwarding rules configuration. | <code title="map(object({ address = optional(string) description = optional(string) global_access = optional(bool, true) ip_version = optional(string) ports = optional(list(string), null) protocol = optional(string, "TCP") }))">map(object({…}))</code> | | <code title="{ "" = {} }">{…}</code> |
|
||||||
| [global_access](variables.tf#L82) | Global access, defaults to false if not set. | <code>bool</code> | | <code>null</code> |
|
| [group_configs](variables.tf#L91) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | <code title="map(object({ zone = string description = optional(string, "Terraform managed.") instances = optional(list(string)) named_ports = optional(map(number), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [group_configs](variables.tf#L88) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | <code title="map(object({ zone = string description = optional(string, "Terraform managed.") instances = optional(list(string)) named_ports = optional(map(number), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [health_check](variables.tf#L103) | Name of existing health check to use, disables auto-created health check. | <code>string</code> | | <code>null</code> |
|
||||||
| [health_check](variables.tf#L100) | Name of existing health check to use, disables auto-created health check. | <code>string</code> | | <code>null</code> |
|
| [health_check_config](variables.tf#L109) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code title="object({ check_interval_sec = optional(number) description = optional(string, "Terraform managed.") enable_logging = optional(bool, false) healthy_threshold = optional(number) timeout_sec = optional(number) unhealthy_threshold = optional(number) grpc = optional(object({ port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT service_name = optional(string) })) http = optional(object({ host = optional(string) port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request_path = optional(string) response = optional(string) })) http2 = optional(object({ host = optional(string) port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request_path = optional(string) response = optional(string) })) https = optional(object({ host = optional(string) port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request_path = optional(string) response = optional(string) })) tcp = optional(object({ port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request = optional(string) response = optional(string) })) ssl = optional(object({ port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request = optional(string) response = optional(string) })) })">object({…})</code> | | <code title="{ tcp = { port_specification = "USE_SERVING_PORT" } }">{…}</code> |
|
||||||
| [health_check_config](variables.tf#L106) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code title="object({ check_interval_sec = optional(number) description = optional(string, "Terraform managed.") enable_logging = optional(bool, false) healthy_threshold = optional(number) timeout_sec = optional(number) unhealthy_threshold = optional(number) grpc = optional(object({ port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT service_name = optional(string) })) http = optional(object({ host = optional(string) port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request_path = optional(string) response = optional(string) })) http2 = optional(object({ host = optional(string) port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request_path = optional(string) response = optional(string) })) https = optional(object({ host = optional(string) port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request_path = optional(string) response = optional(string) })) tcp = optional(object({ port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request = optional(string) response = optional(string) })) ssl = optional(object({ port = optional(number) port_name = optional(string) port_specification = optional(string) # USE_FIXED_PORT USE_NAMED_PORT USE_SERVING_PORT proxy_header = optional(string) request = optional(string) response = optional(string) })) })">object({…})</code> | | <code title="{ tcp = { port_specification = "USE_SERVING_PORT" } }">{…}</code> |
|
| [labels](variables.tf#L186) | Labels set on resources. | <code>map(string)</code> | | <code>{}</code> |
|
||||||
| [labels](variables.tf#L183) | Labels set on resources. | <code>map(string)</code> | | <code>{}</code> |
|
| [protocol](variables.tf#L202) | Forwarding rule protocol used, defaults to TCP. | <code>string</code> | | <code>"TCP"</code> |
|
||||||
| [ports](variables.tf#L194) | Comma-separated ports, leave null to use all ports. | <code>list(string)</code> | | <code>null</code> |
|
| [service_label](variables.tf#L213) | Optional prefix of the fully qualified forwarding rule name. | <code>string</code> | | <code>null</code> |
|
||||||
| [protocol](variables.tf#L205) | Forwarding rule protocol used, defaults to TCP. | <code>string</code> | | <code>"TCP"</code> |
|
|
||||||
| [service_label](variables.tf#L216) | Optional prefix of the fully qualified forwarding rule name. | <code>string</code> | | <code>null</code> |
|
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
@ -236,13 +326,13 @@ module "ilb" {
|
||||||
| [backend_service](outputs.tf#L17) | Backend resource. | |
|
| [backend_service](outputs.tf#L17) | Backend resource. | |
|
||||||
| [backend_service_id](outputs.tf#L22) | Backend id. | |
|
| [backend_service_id](outputs.tf#L22) | Backend id. | |
|
||||||
| [backend_service_self_link](outputs.tf#L27) | Backend self link. | |
|
| [backend_service_self_link](outputs.tf#L27) | Backend self link. | |
|
||||||
| [forwarding_rule](outputs.tf#L32) | Forwarding rule resource. | |
|
| [forwarding_rule_addresses](outputs.tf#L32) | Forwarding rule address. | |
|
||||||
| [forwarding_rule_address](outputs.tf#L37) | Forwarding rule address. | |
|
| [forwarding_rule_self_links](outputs.tf#L40) | Forwarding rule self links. | |
|
||||||
| [forwarding_rule_self_link](outputs.tf#L42) | Forwarding rule self link. | |
|
| [forwarding_rules](outputs.tf#L48) | Forwarding rule resources. | |
|
||||||
| [group_self_links](outputs.tf#L47) | Optional unmanaged instance group self links. | |
|
| [group_self_links](outputs.tf#L56) | Optional unmanaged instance group self links. | |
|
||||||
| [groups](outputs.tf#L54) | Optional unmanaged instance group resources. | |
|
| [groups](outputs.tf#L63) | Optional unmanaged instance group resources. | |
|
||||||
| [health_check](outputs.tf#L59) | Auto-created health-check resource. | |
|
| [health_check](outputs.tf#L68) | Auto-created health-check resource. | |
|
||||||
| [health_check_self_id](outputs.tf#L64) | Auto-created health-check self id. | |
|
| [health_check_self_id](outputs.tf#L73) | Auto-created health-check self id. | |
|
||||||
| [health_check_self_link](outputs.tf#L69) | Auto-created health-check self link. | |
|
| [health_check_self_link](outputs.tf#L78) | Auto-created health-check self link. | |
|
||||||
| [id](outputs.tf#L74) | Fully qualified forwarding rule id. | |
|
| [id](outputs.tf#L83) | Fully qualified forwarding rule ids. | |
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/**
|
/**
|
||||||
* Copyright 2022 Google LLC
|
* Copyright 2023 Google LLC
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/**
|
/**
|
||||||
* Copyright 2022 Google LLC
|
* Copyright 2023 Google LLC
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/**
|
/**
|
||||||
* Copyright 2022 Google LLC
|
* Copyright 2023 Google LLC
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
@ -25,24 +25,28 @@ locals {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_forwarding_rule" "default" {
|
resource "google_compute_forwarding_rule" "forwarding_rules" {
|
||||||
provider = google-beta
|
for_each = var.forwarding_rules_config
|
||||||
project = var.project_id
|
provider = google-beta
|
||||||
|
project = var.project_id
|
||||||
|
name = (
|
||||||
|
each.key == "" ? var.name : "${var.name}-${each.key}"
|
||||||
|
)
|
||||||
region = var.region
|
region = var.region
|
||||||
name = var.name
|
description = each.value.description
|
||||||
description = var.description
|
ip_address = each.value.address
|
||||||
ip_address = var.address
|
ip_protocol = each.value.protocol
|
||||||
ip_protocol = var.protocol
|
ip_version = each.value.ip_version
|
||||||
backend_service = (
|
backend_service = (
|
||||||
google_compute_region_backend_service.default.self_link
|
google_compute_region_backend_service.default.self_link
|
||||||
)
|
)
|
||||||
load_balancing_scheme = "INTERNAL"
|
load_balancing_scheme = "INTERNAL"
|
||||||
network = var.vpc_config.network
|
network = var.vpc_config.network
|
||||||
ports = var.ports # "nnnnn" or "nnnnn,nnnnn,nnnnn" max 5
|
ports = each.value.ports # "nnnnn" or "nnnnn,nnnnn,nnnnn" max 5
|
||||||
subnetwork = var.vpc_config.subnetwork
|
subnetwork = var.vpc_config.subnetwork
|
||||||
allow_global_access = var.global_access
|
allow_global_access = each.value.global_access
|
||||||
labels = var.labels
|
labels = var.labels
|
||||||
all_ports = var.ports == null ? true : null
|
all_ports = each.value.ports == null ? true : null
|
||||||
service_label = var.service_label
|
service_label = var.service_label
|
||||||
# is_mirroring_collector = false
|
# is_mirroring_collector = false
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/**
|
/**
|
||||||
* Copyright 2022 Google LLC
|
* Copyright 2023 Google LLC
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
@ -29,19 +29,28 @@ output "backend_service_self_link" {
|
||||||
value = google_compute_region_backend_service.default.self_link
|
value = google_compute_region_backend_service.default.self_link
|
||||||
}
|
}
|
||||||
|
|
||||||
output "forwarding_rule" {
|
output "forwarding_rule_addresses" {
|
||||||
description = "Forwarding rule resource."
|
|
||||||
value = google_compute_forwarding_rule.default
|
|
||||||
}
|
|
||||||
|
|
||||||
output "forwarding_rule_address" {
|
|
||||||
description = "Forwarding rule address."
|
description = "Forwarding rule address."
|
||||||
value = google_compute_forwarding_rule.default.ip_address
|
value = {
|
||||||
|
for k, v in google_compute_forwarding_rule.forwarding_rules
|
||||||
|
: k => v.ip_address
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
output "forwarding_rule_self_link" {
|
output "forwarding_rule_self_links" {
|
||||||
description = "Forwarding rule self link."
|
description = "Forwarding rule self links."
|
||||||
value = google_compute_forwarding_rule.default.self_link
|
value = {
|
||||||
|
for k, v in google_compute_forwarding_rule.forwarding_rules
|
||||||
|
: k => v.self_link
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
output "forwarding_rules" {
|
||||||
|
description = "Forwarding rule resources."
|
||||||
|
value = {
|
||||||
|
for k, v in google_compute_forwarding_rule.forwarding_rules
|
||||||
|
: k => v
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
output "group_self_links" {
|
output "group_self_links" {
|
||||||
|
|
@ -72,6 +81,9 @@ output "health_check_self_link" {
|
||||||
}
|
}
|
||||||
|
|
||||||
output "id" {
|
output "id" {
|
||||||
description = "Fully qualified forwarding rule id."
|
description = "Fully qualified forwarding rule ids."
|
||||||
value = google_compute_forwarding_rule.default.id
|
value = {
|
||||||
|
for k, v in google_compute_forwarding_rule.forwarding_rules
|
||||||
|
: k => v.id
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/**
|
/**
|
||||||
* Copyright 2022 Google LLC
|
* Copyright 2023 Google LLC
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
@ -14,12 +14,6 @@
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
variable "address" {
|
|
||||||
description = "Optional IP address used for the forwarding rule."
|
|
||||||
type = string
|
|
||||||
default = null
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "backend_service_config" {
|
variable "backend_service_config" {
|
||||||
description = "Backend service level configuration."
|
description = "Backend service level configuration."
|
||||||
type = object({
|
type = object({
|
||||||
|
|
@ -79,10 +73,19 @@ variable "description" {
|
||||||
default = "Terraform managed."
|
default = "Terraform managed."
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "global_access" {
|
variable "forwarding_rules_config" {
|
||||||
description = "Global access, defaults to false if not set."
|
description = "The optional forwarding rules configuration."
|
||||||
type = bool
|
type = map(object({
|
||||||
default = null
|
address = optional(string)
|
||||||
|
description = optional(string)
|
||||||
|
global_access = optional(bool, true)
|
||||||
|
ip_version = optional(string)
|
||||||
|
ports = optional(list(string), null)
|
||||||
|
protocol = optional(string, "TCP")
|
||||||
|
}))
|
||||||
|
default = {
|
||||||
|
"" = {}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "group_configs" {
|
variable "group_configs" {
|
||||||
|
|
@ -191,12 +194,6 @@ variable "name" {
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "ports" {
|
|
||||||
description = "Comma-separated ports, leave null to use all ports."
|
|
||||||
type = list(string)
|
|
||||||
default = null
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "project_id" {
|
variable "project_id" {
|
||||||
description = "Project id where resources will be created."
|
description = "Project id where resources will be created."
|
||||||
type = string
|
type = string
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
values:
|
values:
|
||||||
google_compute_forwarding_rule.default:
|
google_compute_forwarding_rule.forwarding_rules[""]:
|
||||||
all_ports: true
|
all_ports: true
|
||||||
ip_protocol: TCP
|
ip_protocol: TCP
|
||||||
labels: null
|
labels: null
|
||||||
|
|
|
||||||
|
|
@ -11,4 +11,10 @@ backends = [{
|
||||||
failover = false
|
failover = false
|
||||||
}]
|
}]
|
||||||
global_access = true
|
global_access = true
|
||||||
ports = [80]
|
|
||||||
|
forwarding_rules_config = {
|
||||||
|
"port-80" = {
|
||||||
|
ports = [80]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
values:
|
values:
|
||||||
google_compute_forwarding_rule.default:
|
google_compute_forwarding_rule.forwarding_rules["port-80"]:
|
||||||
all_ports: null
|
all_ports: null
|
||||||
allow_global_access: true
|
allow_global_access: true
|
||||||
ports:
|
ports:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue