Merge branch 'master' into lcaggio/composer-2
This commit is contained in:
commit
78d54d13ba
10
CHANGELOG.md
10
CHANGELOG.md
|
@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file.
|
|||
|
||||
### BLUEPRINTS
|
||||
|
||||
- [[#828](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/828)] Update firewall rules. ([lcaggio](https://github.com/lcaggio)) <!-- 2022-09-20 15:24:12+00:00 -->
|
||||
- [[#813](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/813)] Add documentation example test for pf ([ludoo](https://github.com/ludoo)) <!-- 2022-09-14 12:34:30+00:00 -->
|
||||
- [[#809](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/809)] Renaming and moving blueprints ([juliocc](https://github.com/juliocc)) <!-- 2022-09-12 10:19:15+00:00 -->
|
||||
|
||||
|
@ -17,8 +18,17 @@ All notable changes to this project will be documented in this file.
|
|||
|
||||
### FAST
|
||||
|
||||
- [[#828](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/828)] Update firewall rules. ([lcaggio](https://github.com/lcaggio)) <!-- 2022-09-20 15:24:12+00:00 -->
|
||||
- [[#807](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/807)] FAST: refactor Gitlab template ([ludoo](https://github.com/ludoo)) <!-- 2022-09-12 05:26:49+00:00 -->
|
||||
|
||||
### MODULES
|
||||
|
||||
- [[#834](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/834)] Add support for service_label property in internal load balancer ([kmucha555](https://github.com/kmucha555)) <!-- 2022-09-21 21:30:35+00:00 -->
|
||||
- [[#833](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/833)] regional MySQL DBs - automatic backup conf ([skalolazka](https://github.com/skalolazka)) <!-- 2022-09-21 08:40:53+00:00 -->
|
||||
- [[#827](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/827)] Project module: Add Artifactregistry Service Identity SA creation. ([lcaggio](https://github.com/lcaggio)) <!-- 2022-09-20 09:48:17+00:00 -->
|
||||
- [[#826](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/826)] Added new binary_authorization argument in gke-cluster module ([sirohia](https://github.com/sirohia)) <!-- 2022-09-20 06:19:15+00:00 -->
|
||||
- [[#819](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/819)] Removed old and unused modules ([juliocc](https://github.com/juliocc)) <!-- 2022-09-15 15:02:58+00:00 -->
|
||||
|
||||
### TOOLS
|
||||
|
||||
- [[#811](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/811)] Fix changelog generator ([ludoo](https://github.com/ludoo)) <!-- 2022-09-13 09:41:29+00:00 -->
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
default:
|
||||
before_script:
|
||||
- echo "${CI_JOB_JWT_V2}" > token.txt
|
||||
- echo "$${CI_JOB_JWT_V2}" > token.txt
|
||||
image:
|
||||
name: hashicorp/terraform
|
||||
entrypoint:
|
||||
|
@ -49,10 +49,10 @@ gcp-auth:
|
|||
script:
|
||||
- |
|
||||
gcloud iam workload-identity-pools create-cred-config \
|
||||
${FAST_WIF_PROVIDER} \
|
||||
--service-account=${FAST_SERVICE_ACCOUNT} \
|
||||
$${FAST_WIF_PROVIDER} \
|
||||
--service-account=$${FAST_SERVICE_ACCOUNT} \
|
||||
--service-account-token-lifetime-seconds=3600 \
|
||||
--output-file=${GOOGLE_CREDENTIALS} \
|
||||
--output-file=$${GOOGLE_CREDENTIALS} \
|
||||
--credential-source-file=token.txt
|
||||
tf-files:
|
||||
dependencies:
|
||||
|
@ -62,14 +62,14 @@ tf-files:
|
|||
stage: tf-files
|
||||
script:
|
||||
# - gcloud components install -q alpha
|
||||
- gcloud config set auth/credential_file_override ${GOOGLE_CREDENTIALS}
|
||||
- gcloud config set auth/credential_file_override $${GOOGLE_CREDENTIALS}
|
||||
- mkdir -p .tf-setup
|
||||
- |
|
||||
gcloud alpha storage cp -r \
|
||||
"gs://${FAST_OUTPUTS_BUCKET}/providers/${TF_PROVIDERS_FILE}" .tf-setup/
|
||||
"gs://$${FAST_OUTPUTS_BUCKET}/providers/$${TF_PROVIDERS_FILE}" .tf-setup/
|
||||
- |
|
||||
gcloud alpha storage cp -r \
|
||||
"gs://${FAST_OUTPUTS_BUCKET}/tfvars" .tf-setup/
|
||||
"gs://$${FAST_OUTPUTS_BUCKET}/tfvars" .tf-setup/
|
||||
|
||||
tf-plan:
|
||||
# uncomment the following lines and set the SSH key secret for private modules repo
|
||||
|
@ -82,9 +82,9 @@ tf-plan:
|
|||
# ssh-keyscan gitlab.com | sort -u - ~/.ssh/known_hosts -o ~/.ssh/known_hosts
|
||||
stage: tf-plan
|
||||
script:
|
||||
- cp .tf-setup/${TF_PROVIDERS_FILE} ./
|
||||
- cp .tf-setup/$${TF_PROVIDERS_FILE} ./
|
||||
- |
|
||||
for f in ${TF_VAR_FILES}; do
|
||||
for f in $${TF_VAR_FILES}; do
|
||||
ln -s ".tf-setup/tfvars/$f" ./
|
||||
done
|
||||
- terraform init
|
||||
|
@ -104,9 +104,9 @@ tf-apply:
|
|||
# ssh-keyscan gitlab.com | sort -u - ~/.ssh/known_hosts -o ~/.ssh/known_hosts
|
||||
stage: tf-apply
|
||||
script:
|
||||
- cp .tf-setup/${TF_PROVIDERS_FILE} ./
|
||||
- cp .tf-setup/$${TF_PROVIDERS_FILE} ./
|
||||
- |
|
||||
for f in ${TF_VAR_FILES}; do
|
||||
for f in $${TF_VAR_FILES}; do
|
||||
ln -s ".tf-setup/tfvars/$f" ./
|
||||
done
|
||||
- terraform init
|
||||
|
|
|
@ -403,18 +403,18 @@ An Internal HTTP Load Balancer is made of multiple components, that change depen
|
|||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L17) | Load balancer name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L22) | Project id. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L157) | The region where to allocate the ILB resources. | <code>string</code> | ✓ | |
|
||||
| [subnetwork](variables.tf#L187) | The subnetwork where the ILB VIP is allocated. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L159) | The region where to allocate the ILB resources. | <code>string</code> | ✓ | |
|
||||
| [subnetwork](variables.tf#L189) | The subnetwork where the ILB VIP is allocated. | <code>string</code> | ✓ | |
|
||||
| [backend_services_config](variables.tf#L27) | The backends services configuration. | <code title="map(object({ backends = list(object({ group = string # The instance group link id options = object({ balancing_mode = string # Can be UTILIZATION, RATE capacity_scaler = number # Valid range is [0.0,1.0] max_connections = number max_connections_per_instance = number max_connections_per_endpoint = number max_rate = number max_rate_per_instance = number max_rate_per_endpoint = number max_utilization = number }) })) health_checks = list(string) log_config = object({ enable = bool sample_rate = number # must be in [0, 1] }) options = object({ affinity_cookie_ttl_sec = number custom_request_headers = list(string) custom_response_headers = list(string) connection_draining_timeout_sec = number locality_lb_policy = string port_name = string protocol = string session_affinity = string timeout_sec = number circuits_breakers = object({ max_requests_per_connection = number # Set to 1 to disable keep-alive max_connections = number # Defaults to 1024 max_pending_requests = number # Defaults to 1024 max_requests = number # Defaults to 1024 max_retries = number # Defaults to 3 }) consistent_hash = object({ http_header_name = string minimum_ring_size = string http_cookie = object({ name = string path = string ttl = object({ seconds = number nanos = number }) }) }) iap = object({ oauth2_client_id = string oauth2_client_secret = string oauth2_client_secret_sha256 = string }) }) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [forwarding_rule_config](variables.tf#L98) | Forwarding rule configurations. | <code title="object({ ip_version = string labels = map(string) network_tier = string port_range = string })">object({…})</code> | | <code title="{ allow_global_access = true ip_version = "IPV4" labels = {} network_tier = "PREMIUM" port_range = null }">{…}</code> |
|
||||
| [health_checks_config](variables.tf#L116) | Custom health checks configuration. | <code title="map(object({ type = string # http https tcp ssl http2 check = map(any) # actual health check block attributes options = map(number) # interval, thresholds, timeout logging = bool }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [health_checks_config_defaults](variables.tf#L127) | Auto-created health check default configuration. | <code title="object({ check = map(any) # actual health check block attributes logging = bool options = map(number) # interval, thresholds, timeout type = string # http https tcp ssl http2 })">object({…})</code> | | <code title="{ type = "http" logging = false options = {} check = { port_specification = "USE_SERVING_PORT" } }">{…}</code> |
|
||||
| [https](variables.tf#L145) | Whether to enable HTTPS. | <code>bool</code> | | <code>false</code> |
|
||||
| [network](variables.tf#L151) | The network where the ILB is created. | <code>string</code> | | <code>"default"</code> |
|
||||
| [ssl_certificates_config](variables.tf#L162) | The SSL certificates configuration. | <code title="map(object({ domains = list(string) tls_private_key = string tls_self_signed_cert = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [static_ip_config](variables.tf#L172) | Static IP address configuration. | <code title="object({ reserve = bool options = object({ address = string subnetwork = string # The subnet id }) })">object({…})</code> | | <code title="{ reserve = false options = null }">{…}</code> |
|
||||
| [target_proxy_https_config](variables.tf#L192) | The HTTPS target proxy configuration. | <code title="object({ ssl_certificates = list(string) })">object({…})</code> | | <code>null</code> |
|
||||
| [url_map_config](variables.tf#L200) | The url-map configuration. | <code title="object({ default_service = string default_url_redirect = map(any) host_rules = list(any) path_matchers = list(any) tests = list(map(string)) })">object({…})</code> | | <code>null</code> |
|
||||
| [forwarding_rule_config](variables.tf#L98) | Forwarding rule configurations. | <code title="object({ ip_version = string labels = map(string) network_tier = string port_range = string service_label = string })">object({…})</code> | | <code title="{ allow_global_access = true ip_version = "IPV4" labels = {} network_tier = "PREMIUM" port_range = null service_label = null }">{…}</code> |
|
||||
| [health_checks_config](variables.tf#L118) | Custom health checks configuration. | <code title="map(object({ type = string # http https tcp ssl http2 check = map(any) # actual health check block attributes options = map(number) # interval, thresholds, timeout logging = bool }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [health_checks_config_defaults](variables.tf#L129) | Auto-created health check default configuration. | <code title="object({ check = map(any) # actual health check block attributes logging = bool options = map(number) # interval, thresholds, timeout type = string # http https tcp ssl http2 })">object({…})</code> | | <code title="{ type = "http" logging = false options = {} check = { port_specification = "USE_SERVING_PORT" } }">{…}</code> |
|
||||
| [https](variables.tf#L147) | Whether to enable HTTPS. | <code>bool</code> | | <code>false</code> |
|
||||
| [network](variables.tf#L153) | The network where the ILB is created. | <code>string</code> | | <code>"default"</code> |
|
||||
| [ssl_certificates_config](variables.tf#L164) | The SSL certificates configuration. | <code title="map(object({ domains = list(string) tls_private_key = string tls_self_signed_cert = string }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [static_ip_config](variables.tf#L174) | Static IP address configuration. | <code title="object({ reserve = bool options = object({ address = string subnetwork = string # The subnet id }) })">object({…})</code> | | <code title="{ reserve = false options = null }">{…}</code> |
|
||||
| [target_proxy_https_config](variables.tf#L194) | The HTTPS target proxy configuration. | <code title="object({ ssl_certificates = list(string) })">object({…})</code> | | <code>null</code> |
|
||||
| [url_map_config](variables.tf#L202) | The url-map configuration. | <code title="object({ default_service = string default_url_redirect = map(any) host_rules = list(any) path_matchers = list(any) tests = list(map(string)) })">object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -62,6 +62,7 @@ resource "google_compute_forwarding_rule" "forwarding_rule" {
|
|||
port_range = local.port_range
|
||||
ports = []
|
||||
region = try(var.region, null)
|
||||
service_label = try(var.forwarding_rule_config.service_label, null)
|
||||
subnetwork = try(var.subnetwork, null)
|
||||
target = local.target
|
||||
}
|
||||
|
|
|
@ -98,10 +98,11 @@ variable "backend_services_config" {
|
|||
variable "forwarding_rule_config" {
|
||||
description = "Forwarding rule configurations."
|
||||
type = object({
|
||||
ip_version = string
|
||||
labels = map(string)
|
||||
network_tier = string
|
||||
port_range = string
|
||||
ip_version = string
|
||||
labels = map(string)
|
||||
network_tier = string
|
||||
port_range = string
|
||||
service_label = string
|
||||
})
|
||||
default = {
|
||||
allow_global_access = true
|
||||
|
@ -109,7 +110,8 @@ variable "forwarding_rule_config" {
|
|||
labels = {}
|
||||
network_tier = "PREMIUM"
|
||||
# If not specified, 443 if var.https = true; 80 otherwise
|
||||
port_range = null
|
||||
port_range = null
|
||||
service_label = null
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -88,10 +88,11 @@ variable "backend_services_config" {
|
|||
variable "forwarding_rule_config" {
|
||||
description = "Forwarding rule configurations."
|
||||
type = object({
|
||||
ip_version = string
|
||||
labels = map(string)
|
||||
network_tier = string
|
||||
port_range = string
|
||||
ip_version = string
|
||||
labels = map(string)
|
||||
network_tier = string
|
||||
port_range = string
|
||||
service_label = string
|
||||
})
|
||||
default = {
|
||||
allow_global_access = true
|
||||
|
@ -99,7 +100,8 @@ variable "forwarding_rule_config" {
|
|||
labels = {}
|
||||
network_tier = "PREMIUM"
|
||||
# If not specified, 443 if var.https = true; 80 otherwise
|
||||
port_range = null
|
||||
port_range = null
|
||||
service_label = null
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue