Adding end-to-end example for L4 ILB (#5120) (#3555)

modular-magician · web-flow · commit 68a5e948cd70 · 2021-08-23T10:20:15.000-05:00
Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/5120.txt b/.changelog/5120.txt
@@ -0,0 +1,2 @@
+```release-note:none
+```
diff --git a/google-beta/resource_compute_forwarding_rule_generated_test.go b/google-beta/resource_compute_forwarding_rule_generated_test.go
@@ -236,6 +236,207 @@ resource "google_compute_instance" "vm-test" {
 `, context)
 }
 
+func TestAccComputeForwardingRule_internalTcpUdpLbWithMigBackendExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProvidersOiCS,
+		CheckDestroy: testAccCheckComputeForwardingRuleDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeForwardingRule_internalTcpUdpLbWithMigBackendExample(context),
+			},
+		},
+	})
+}
+
+func testAccComputeForwardingRule_internalTcpUdpLbWithMigBackendExample(context map[string]interface{}) string {
+	return Nprintf(`
+# Internal TCP/UDP load balancer with a managed instance group backend
+
+# VPC
+resource "google_compute_network" "ilb_network" {
+  name                    = "tf-test-l4-ilb-network%{random_suffix}"
+  provider                = google-beta
+  auto_create_subnetworks = false
+}
+
+# backed subnet
+resource "google_compute_subnetwork" "ilb_subnet" {
+  name          = "tf-test-l4-ilb-subnet%{random_suffix}"
+  provider      = google-beta
+  ip_cidr_range = "10.0.1.0/24"
+  region        = "europe-west1"
+  network       = google_compute_network.ilb_network.id
+}
+
+# forwarding rule
+resource "google_compute_forwarding_rule" "google_compute_forwarding_rule" {
+  name                  = "tf-test-l4-ilb-forwarding-rule%{random_suffix}"
+  backend_service       = google_compute_region_backend_service.default.id
+  provider              = google-beta
+  region                = "europe-west1"
+  ip_protocol           = "TCP"
+  load_balancing_scheme = "INTERNAL"
+  all_ports             = true
+  allow_global_access   = true
+  network               = google_compute_network.ilb_network.id
+  subnetwork            = google_compute_subnetwork.ilb_subnet.id
+}
+
+# backend service
+resource "google_compute_region_backend_service" "default" {
+  name                  = "tf-test-l4-ilb-backend-subnet%{random_suffix}"
+  provider              = google-beta
+  region                = "europe-west1"
+  protocol              = "TCP"
+  load_balancing_scheme = "INTERNAL"
+  health_checks         = [google_compute_region_health_check.default.id]
+  backend {
+    group           = google_compute_region_instance_group_manager.mig.instance_group
+    balancing_mode  = "CONNECTION"
+  }
+}
+
+# instance template
+resource "google_compute_instance_template" "instance_template" {
+  name         = "tf-test-l4-ilb-mig-template%{random_suffix}"
+  provider     = google-beta
+  machine_type = "e2-small"
+  tags         = ["allow-ssh","allow-health-check"]
+
+  network_interface {
+    network    = google_compute_network.ilb_network.id
+    subnetwork = google_compute_subnetwork.ilb_subnet.id
+    access_config {
+      # add external ip to fetch packages
+    }
+  }
+  disk {
+    source_image = "debian-cloud/debian-10"
+    auto_delete  = true
+    boot         = true
+  }
+
+  # install nginx and serve a simple web page
+  metadata = {
+    startup-script = <<-EOF1
+      #! /bin/bash
+      set -euo pipefail
+
+      export DEBIAN_FRONTEND=noninteractive
+      apt-get update
+      apt-get install -y nginx-light jq
+
+      NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
+      IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
+      METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
+
+      cat <<EOF > /var/www/html/index.html
+      <pre>
+      Name: $NAME
+      IP: $IP
+      Metadata: $METADATA
+      </pre>
+      EOF
+    EOF1
+  }
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# health check
+resource "google_compute_region_health_check" "default" {
+  name     = "tf-test-l4-ilb-hc%{random_suffix}"
+  provider = google-beta
+  region   = "europe-west1"
+  http_health_check {
+    port = "80"
+  }
+}
+
+# MIG
+resource "google_compute_region_instance_group_manager" "mig" {
+  name     = "tf-test-l4-ilb-mig1%{random_suffix}"
+  provider = google-beta
+  region   = "europe-west1"
+  version {
+    instance_template = google_compute_instance_template.instance_template.id
+    name              = "primary"
+  }
+  base_instance_name = "vm"
+  target_size        = 2
+}
+
+# allow all access from health check ranges
+resource "google_compute_firewall" "fw_hc" {
+  name          = "tf-test-l4-ilb-fw-allow-hc%{random_suffix}"
+  provider      = google-beta
+  direction     = "INGRESS"
+  network       = google_compute_network.ilb_network.id
+  source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "35.235.240.0/20"]
+  allow {
+    protocol = "tcp"
+  }
+  source_tags = ["allow-health-check"]
+}
+
+# allow communication within the subnet 
+resource "google_compute_firewall" "fw_ilb_to_backends" {
+  name          = "tf-test-l4-ilb-fw-allow-ilb-to-backends%{random_suffix}"
+  provider      = google-beta
+  direction     = "INGRESS"
+  network       = google_compute_network.ilb_network.id
+  source_ranges = ["10.0.1.0/24"]
+  allow {
+    protocol = "tcp"
+  }
+  allow {
+    protocol = "udp"
+  }
+  allow {
+    protocol = "icmp"
+  }
+}
+
+# allow SSH
+resource "google_compute_firewall" "fw_ilb_ssh" {
+  name          = "tf-test-l4-ilb-fw-ssh%{random_suffix}"
+  provider      = google-beta
+  direction     = "INGRESS"
+  network       = google_compute_network.ilb_network.id
+  allow {
+    protocol = "tcp"
+    ports = ["22"]
+  }
+  source_tags = ["allow-ssh"]
+}
+
+# test instance
+resource "google_compute_instance" "vm_test" {
+  name         = "tf-test-l4-ilb-test-vm%{random_suffix}"
+  provider     = google-beta
+  zone         = "europe-west1-b"
+  machine_type = "e2-small"
+  network_interface {
+    network    = google_compute_network.ilb_network.id
+    subnetwork = google_compute_subnetwork.ilb_subnet.id
+  }
+  boot_disk {
+    initialize_params {
+      image = "debian-cloud/debian-10"
+    }
+  }
+}
+`, context)
+}
+
 func TestAccComputeForwardingRule_forwardingRuleExternallbExample(t *testing.T) {
 	t.Parallel()
 
diff --git a/website/docs/r/compute_forwarding_rule.html.markdown b/website/docs/r/compute_forwarding_rule.html.markdown
