Merge pull request #1636 from GoogleCloudPlatform/delete-api-gateway
Delete api gateway blueprint
This commit is contained in:
commit
cae3a8bec7
|
@ -1041,7 +1041,7 @@ All notable changes to this project will be documented in this file.
|
||||||
- **incompatible change** the variable for service identities IAM has changed in the project factory
|
- **incompatible change** the variable for service identities IAM has changed in the project factory
|
||||||
- add `data-catalog-policy-tag` module
|
- add `data-catalog-policy-tag` module
|
||||||
- new [workload identity federetion example](blueprints/cloud-operations/workload-identity-federation)
|
- new [workload identity federetion example](blueprints/cloud-operations/workload-identity-federation)
|
||||||
- new `api-gateway` [module](./modules/api-gateway) and [example](blueprints/serverless/api-gateway).
|
- new `api-gateway` [module](./modules/api-gateway) and example
|
||||||
- **incompatible change** the `psn_ranges` variable has been renamed to `psa_ranges` in the `net-vpc` module and its type changed from `list(string)` to `map(string)`
|
- **incompatible change** the `psn_ranges` variable has been renamed to `psa_ranges` in the `net-vpc` module and its type changed from `list(string)` to `map(string)`
|
||||||
- **incompatible change** removed `iam` flag for organization and folder level sinks
|
- **incompatible change** removed `iam` flag for organization and folder level sinks
|
||||||
- **incompatible change** removed `ingress_settings` configuration option in the `cloud-functions` module.
|
- **incompatible change** removed `ingress_settings` configuration option in the `cloud-functions` module.
|
||||||
|
|
|
@ -10,7 +10,7 @@ Currently available blueprints:
|
||||||
- **factories** - [The why and the how of Resource Factories](./factories), [Google Cloud Identity Group Factory](./factories/cloud-identity-group-factory), [Google Cloud BQ Factory](./factories/bigquery-factory), [Google Cloud VPC Firewall Factory](./factories/net-vpc-firewall-yaml), [Minimal Project Factory](./factories/project-factory)
|
- **factories** - [The why and the how of Resource Factories](./factories), [Google Cloud Identity Group Factory](./factories/cloud-identity-group-factory), [Google Cloud BQ Factory](./factories/bigquery-factory), [Google Cloud VPC Firewall Factory](./factories/net-vpc-firewall-yaml), [Minimal Project Factory](./factories/project-factory)
|
||||||
- **GKE** - [Binary Authorization Pipeline Blueprint](./gke/binauthz), [Storage API](./gke/binauthz/image), [Multi-cluster mesh on GKE (fleet API)](./gke/multi-cluster-mesh-gke-fleet-api), [GKE Multitenant Blueprint](./gke/multitenant-fleet), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [GKE Autopilot](./gke/autopilot)
|
- **GKE** - [Binary Authorization Pipeline Blueprint](./gke/binauthz), [Storage API](./gke/binauthz/image), [Multi-cluster mesh on GKE (fleet API)](./gke/multi-cluster-mesh-gke-fleet-api), [GKE Multitenant Blueprint](./gke/multitenant-fleet), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [GKE Autopilot](./gke/autopilot)
|
||||||
- **networking** - [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [Decentralized firewall management](./networking/decentralized-firewall), [Decentralized firewall validator](./networking/decentralized-firewall/validator), [Network filtering with Squid](./networking/filtering-proxy), [HA VPN over Interconnect](./networking/ha-vpn-over-interconnect/), [GLB and multi-regional daisy-chaining through hybrid NEGs](./networking/glb-hybrid-neg-internal), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Hub and Spoke via VPN](./networking/hub-and-spoke-vpn), [Hub and Spoke via VPC Peering](./networking/hub-and-spoke-peering), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), [Network filtering with Squid with isolated VPCs using Private Service Connect](./networking/filtering-proxy-psc), On-prem DNS and Google Private Access, [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke)
|
- **networking** - [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [Decentralized firewall management](./networking/decentralized-firewall), [Decentralized firewall validator](./networking/decentralized-firewall/validator), [Network filtering with Squid](./networking/filtering-proxy), [HA VPN over Interconnect](./networking/ha-vpn-over-interconnect/), [GLB and multi-regional daisy-chaining through hybrid NEGs](./networking/glb-hybrid-neg-internal), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Hub and Spoke via VPN](./networking/hub-and-spoke-vpn), [Hub and Spoke via VPC Peering](./networking/hub-and-spoke-peering), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), [Network filtering with Squid with isolated VPCs using Private Service Connect](./networking/filtering-proxy-psc), On-prem DNS and Google Private Access, [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke)
|
||||||
- **serverless** - [Creating multi-region deployments for API Gateway](./serverless/api-gateway), [Cloud Run series](./serverless/cloud-run-explore)
|
- **serverless** - [Cloud Run series](./serverless/cloud-run-explore)
|
||||||
- **third party solutions** - [OpenShift on GCP user-provisioned infrastructure](./third-party-solutions/openshift), [Wordpress deployment on Cloud Run](./third-party-solutions/wordpress/cloudrun)
|
- **third party solutions** - [OpenShift on GCP user-provisioned infrastructure](./third-party-solutions/openshift), [Wordpress deployment on Cloud Run](./third-party-solutions/wordpress/cloudrun)
|
||||||
|
|
||||||
For more information see the individual README files in each section.
|
For more information see the individual README files in each section.
|
||||||
|
|
|
@ -6,11 +6,6 @@ They are meant to be used as minimal but complete starting points to create actu
|
||||||
|
|
||||||
## Blueprints
|
## Blueprints
|
||||||
|
|
||||||
### Multi-region deployments for API Gateway
|
|
||||||
|
|
||||||
<a href="./api-gateway/" title="Multi-region deployments for API Gateway"><img src="./api-gateway/diagram.png" align="left" width="280px"></a> This [blueprint](./api-gateway/) shows how to configure a load balancer to enable multi-region deployments for API Gateway. For more details on how this set up work have a look at the article [here](https://cloud.google.com/api-gateway/docs/multi-region-deployment)
|
|
||||||
<br clear="left">
|
|
||||||
|
|
||||||
### Cloud Run series
|
### Cloud Run series
|
||||||
|
|
||||||
<a href="./cloud-run-explore/" title="Cloud Run series"><img src="./cloud-run-corporate/images/use-case-4.png" align="left" width="280px"></a> These are a series of [blueprints](./cloud-run-explore/) developing the chapters of the [__Serverless Networking Guide__](https://services.google.com/fh/files/misc/serverless_networking_guide.pdf), focused in Cloud Run.
|
<a href="./cloud-run-explore/" title="Cloud Run series"><img src="./cloud-run-corporate/images/use-case-4.png" align="left" width="280px"></a> These are a series of [blueprints](./cloud-run-explore/) developing the chapters of the [__Serverless Networking Guide__](https://services.google.com/fh/files/misc/serverless_networking_guide.pdf), focused in Cloud Run.
|
||||||
|
|
|
@ -1,60 +0,0 @@
|
||||||
# Creating multi-region deployments for API Gateway
|
|
||||||
|
|
||||||
This tutorial shows you how to configure an HTTP(S) load balancer to enable multi-region deployments for API Gateway. For more details on how this set up work have a look at the article [here](https://cloud.google.com/api-gateway/docs/multi-region-deployment).
|
|
||||||
|
|
||||||
The diagram below depicts the architecture that this blueprint sets up.
|
|
||||||
|
|
||||||
![Architecture diagram](diagram.png)
|
|
||||||
|
|
||||||
# Running the blueprint
|
|
||||||
|
|
||||||
Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/cloudshell/editor?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fcloud-foundation-fabric&cloudshell_print=cloud-shell-readme.txt&cloudshell_working_dir=blueprints%2Fserverless%2Fapi-gateway), then go through the following steps to create resources:
|
|
||||||
|
|
||||||
* `terraform init`
|
|
||||||
* `terraform apply -var project_id=my-project-id`
|
|
||||||
|
|
||||||
## Testing the blueprint
|
|
||||||
|
|
||||||
1. Copy the IP address returned as output
|
|
||||||
|
|
||||||
2. Execute the following command
|
|
||||||
|
|
||||||
curl -v http://<IP_ADDRESS>/hello
|
|
||||||
|
|
||||||
Once done testing, you can clean up resources by running `terraform destroy`.
|
|
||||||
|
|
||||||
<!-- BEGIN TFDOC -->
|
|
||||||
|
|
||||||
## Variables
|
|
||||||
|
|
||||||
| name | description | type | required | default |
|
|
||||||
|---|---|:---:|:---:|:---:|
|
|
||||||
| [project_id](variables.tf#L26) | Identifier of the project. | <code>string</code> | ✓ | |
|
|
||||||
| [regions](variables.tf#L31) | List of regions to deploy the proxy in. | <code>list(string)</code> | ✓ | |
|
|
||||||
| [project_create](variables.tf#L17) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
|
||||||
|
|
||||||
## Outputs
|
|
||||||
|
|
||||||
| name | description | sensitive |
|
|
||||||
|---|---|:---:|
|
|
||||||
| [ip_address](outputs.tf#L17) | The reserved global IP address. | |
|
|
||||||
|
|
||||||
<!-- END TFDOC -->
|
|
||||||
|
|
||||||
## Test
|
|
||||||
|
|
||||||
```hcl
|
|
||||||
module "test" {
|
|
||||||
source = "./fabric/blueprints/serverless/api-gateway"
|
|
||||||
project_create = {
|
|
||||||
billing_account_id = "123456789"
|
|
||||||
parent = "organizations/123456789"
|
|
||||||
}
|
|
||||||
project_id = "project-1"
|
|
||||||
regions = [
|
|
||||||
"europe-west1",
|
|
||||||
"europe-west2"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
# tftest modules=8 resources=34
|
|
||||||
```
|
|
Binary file not shown.
Before Width: | Height: | Size: 52 KiB |
|
@ -1,7 +0,0 @@
|
||||||
const functions = require('@google-cloud/functions-framework');
|
|
||||||
|
|
||||||
// Register an HTTP function with the Functions Framework that will be executed
|
|
||||||
// when you make an HTTP request to the deployed function's endpoint.
|
|
||||||
functions.http('helloGET', (req, res) => {
|
|
||||||
res.send('Hello World!');
|
|
||||||
});
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,18 +0,0 @@
|
||||||
{
|
|
||||||
"name": "function",
|
|
||||||
"version": "1.0.0",
|
|
||||||
"description": "",
|
|
||||||
"main": "index.js",
|
|
||||||
"scripts": {
|
|
||||||
"test": "echo \"Error: no test specified\" && exit 1"
|
|
||||||
},
|
|
||||||
"author": "",
|
|
||||||
"license": "ISC",
|
|
||||||
"engines": {
|
|
||||||
"node": ">=16.0.0"
|
|
||||||
},
|
|
||||||
"dependencies": {
|
|
||||||
"@google-cloud/functions-framework": "^3.2.1",
|
|
||||||
"express": "^4.18.2"
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,135 +0,0 @@
|
||||||
/**
|
|
||||||
* Copyright 2022 Google LLC
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
locals {
|
|
||||||
api_id_prefix = "api"
|
|
||||||
function_name_prefix = "cf-hello"
|
|
||||||
specs = { for region in var.regions : region =>
|
|
||||||
templatefile("${path.module}/spec.yaml", {
|
|
||||||
api_id = "${local.api_id_prefix}-${region}"
|
|
||||||
function_name = "${local.function_name_prefix}-${region}"
|
|
||||||
region = region
|
|
||||||
project_id = var.project_id
|
|
||||||
})
|
|
||||||
}
|
|
||||||
backends = [for region in var.regions : {
|
|
||||||
group = google_compute_region_network_endpoint_group.serverless-negs[region].id
|
|
||||||
options = null
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
module "project" {
|
|
||||||
source = "../../../modules/project"
|
|
||||||
billing_account = (var.project_create != null
|
|
||||||
? var.project_create.billing_account_id
|
|
||||||
: null
|
|
||||||
)
|
|
||||||
parent = (var.project_create != null
|
|
||||||
? var.project_create.parent
|
|
||||||
: null
|
|
||||||
)
|
|
||||||
name = var.project_id
|
|
||||||
services = [
|
|
||||||
"apigateway.googleapis.com",
|
|
||||||
"cloudbuild.googleapis.com",
|
|
||||||
"cloudfunctions.googleapis.com",
|
|
||||||
"compute.googleapis.com",
|
|
||||||
"servicemanagement.googleapis.com",
|
|
||||||
"servicecontrol.googleapis.com"
|
|
||||||
]
|
|
||||||
project_create = var.project_create != null
|
|
||||||
}
|
|
||||||
|
|
||||||
module "sa" {
|
|
||||||
source = "../../../modules/iam-service-account"
|
|
||||||
project_id = module.project.project_id
|
|
||||||
name = "sa-api"
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
module "functions" {
|
|
||||||
source = "../../../modules/cloud-function-v1"
|
|
||||||
for_each = toset(var.regions)
|
|
||||||
project_id = module.project.project_id
|
|
||||||
name = "${local.function_name_prefix}-${each.value}"
|
|
||||||
bucket_name = "bkt-${module.project.project_id}-${each.value}"
|
|
||||||
region = each.value
|
|
||||||
ingress_settings = "ALLOW_ALL"
|
|
||||||
bucket_config = {
|
|
||||||
location = null
|
|
||||||
lifecycle_delete_age_days = 1
|
|
||||||
}
|
|
||||||
bundle_config = {
|
|
||||||
source_dir = "${path.module}/function"
|
|
||||||
output_path = "${path.module}/bundle.zip"
|
|
||||||
excludes = null
|
|
||||||
}
|
|
||||||
function_config = {
|
|
||||||
entry_point = "helloGET"
|
|
||||||
instances = null
|
|
||||||
memory = null
|
|
||||||
runtime = "nodejs16"
|
|
||||||
timeout = null
|
|
||||||
}
|
|
||||||
service_account_create = true
|
|
||||||
iam = {
|
|
||||||
"roles/cloudfunctions.invoker" = [module.sa.iam_email]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
module "gateways" {
|
|
||||||
for_each = toset(var.regions)
|
|
||||||
source = "../../../modules/api-gateway"
|
|
||||||
project_id = module.project.project_id
|
|
||||||
api_id = "${local.api_id_prefix}-${each.value}"
|
|
||||||
region = each.value
|
|
||||||
spec = local.specs[each.value]
|
|
||||||
service_account_email = module.sa.email
|
|
||||||
}
|
|
||||||
|
|
||||||
module "glb" {
|
|
||||||
source = "../../../modules/net-lb-app-ext"
|
|
||||||
project_id = module.project.project_id
|
|
||||||
name = "glb"
|
|
||||||
backend_service_configs = {
|
|
||||||
default = {
|
|
||||||
backends = [
|
|
||||||
for region in var.regions : {
|
|
||||||
backend = google_compute_region_network_endpoint_group.serverless-negs[region].id
|
|
||||||
}
|
|
||||||
]
|
|
||||||
health_checks = []
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_compute_region_network_endpoint_group" "serverless-negs" {
|
|
||||||
for_each = toset(var.regions)
|
|
||||||
provider = google-beta
|
|
||||||
name = "serverless-neg-${module.gateways[each.value].gateway_id}"
|
|
||||||
project = module.project.project_id
|
|
||||||
network_endpoint_type = "SERVERLESS"
|
|
||||||
region = each.value
|
|
||||||
serverless_deployment {
|
|
||||||
platform = "apigateway.googleapis.com"
|
|
||||||
resource = module.gateways[each.value].gateway_id
|
|
||||||
url_mask = ""
|
|
||||||
}
|
|
||||||
lifecycle {
|
|
||||||
create_before_destroy = true
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,20 +0,0 @@
|
||||||
/**
|
|
||||||
* Copyright 2022 Google LLC
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
output "ip_address" {
|
|
||||||
description = "The reserved global IP address."
|
|
||||||
value = module.glb.address
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
# Copyright 2022 Google LLC
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
swagger: '2.0'
|
|
||||||
info:
|
|
||||||
title: ${api_id} Sample API
|
|
||||||
description: Sample API on API Gateway with a Google Cloud Functions backend
|
|
||||||
version: 1.0.0
|
|
||||||
schemes:
|
|
||||||
- https
|
|
||||||
produces:
|
|
||||||
- application/json
|
|
||||||
paths:
|
|
||||||
/hello:
|
|
||||||
get:
|
|
||||||
summary: Greet a user
|
|
||||||
operationId: hello
|
|
||||||
x-google-backend:
|
|
||||||
address: https://${region}-${project_id}.cloudfunctions.net/${function_name}
|
|
||||||
responses:
|
|
||||||
'200':
|
|
||||||
description: A successful response
|
|
||||||
schema:
|
|
||||||
type: string
|
|
|
@ -1,34 +0,0 @@
|
||||||
/**
|
|
||||||
* Copyright 2022 Google LLC
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
variable "project_create" {
|
|
||||||
description = "Parameters for the creation of the new project."
|
|
||||||
type = object({
|
|
||||||
billing_account_id = string
|
|
||||||
parent = string
|
|
||||||
})
|
|
||||||
default = null
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "project_id" {
|
|
||||||
description = "Identifier of the project."
|
|
||||||
type = string
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "regions" {
|
|
||||||
description = "List of regions to deploy the proxy in."
|
|
||||||
type = list(string)
|
|
||||||
}
|
|
Loading…
Reference in New Issue