Skip to content

Commit ff2fe84

Browse files
q2wq2w
committed
Add lb-http-frontend and lb-http-backend modules
1 parent 5a64230 commit ff2fe84

File tree

8 files changed

+1072
-0
lines changed

8 files changed

+1072
-0
lines changed

modules/lb-http-backend/main.tf

Lines changed: 265 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,265 @@
1+
resource "google_compute_backend_service" "default" {
2+
provider = google-beta
3+
4+
project = var.project_id
5+
name = var.name
6+
7+
load_balancing_scheme = var.load_balancing_scheme
8+
9+
port_name = var.port_name
10+
protocol = var.protocol
11+
12+
description = var.description
13+
connection_draining_timeout_sec = var.connection_draining_timeout_sec
14+
enable_cdn = var.enable_cdn
15+
compression_mode = var.compression_mode
16+
custom_request_headers = var.custom_request_headers
17+
custom_response_headers = var.custom_response_headers
18+
session_affinity = var.session_affinity
19+
affinity_cookie_ttl_sec = var.affinity_cookie_ttl_sec
20+
locality_lb_policy = var.locality_lb_policy
21+
edge_security_policy = var.edge_security_policy
22+
security_policy = var.security_policy
23+
24+
health_checks = var.health_check != null ? google_compute_health_check.default[*].self_link : null
25+
26+
dynamic "backend" {
27+
for_each = toset(var.groups)
28+
content {
29+
description = lookup(backend.value, "description", null)
30+
group = backend.value["group"]
31+
32+
}
33+
}
34+
35+
dynamic "backend" {
36+
for_each = toset(var.serverless_neg_backends)
37+
content {
38+
group = google_compute_region_network_endpoint_group.serverless_negs["neg-${var.name}-${backend.value.region}"].id
39+
}
40+
}
41+
42+
dynamic "log_config" {
43+
for_each = var.log_config.enable ? [1] : []
44+
content {
45+
enable = var.log_config.enable
46+
sample_rate = var.log_config.sample_rate
47+
}
48+
}
49+
50+
dynamic "iap" {
51+
for_each = var.iap_config.enable ? [1] : []
52+
content {
53+
oauth2_client_id = lookup(var.iap_config, "oauth2_client_id", "")
54+
enabled = var.iap_config.enable
55+
oauth2_client_secret = lookup(var.iap_config, "oauth2_client_secret", "")
56+
}
57+
}
58+
59+
dynamic "cdn_policy" {
60+
for_each = var.enable_cdn ? [1] : []
61+
content {
62+
cache_mode = var.cdn_policy.cache_mode
63+
signed_url_cache_max_age_sec = var.cdn_policy.signed_url_cache_max_age_sec
64+
default_ttl = var.cdn_policy.default_ttl
65+
max_ttl = var.cdn_policy.max_ttl
66+
client_ttl = var.cdn_policy.client_ttl
67+
negative_caching = var.cdn_policy.negative_caching
68+
serve_while_stale = var.cdn_policy.serve_while_stale
69+
70+
dynamic "negative_caching_policy" {
71+
for_each = var.cdn_policy.negative_caching_policy != null ? [1] : []
72+
content {
73+
code = var.cdn_policy.negative_caching_policy.code
74+
ttl = var.cdn_policy.negative_caching_policy.ttl
75+
}
76+
}
77+
78+
dynamic "cache_key_policy" {
79+
for_each = var.cdn_policy.cache_key_policy != null ? [1] : []
80+
content {
81+
include_host = var.cdn_policy.cache_key_policy.include_host
82+
include_protocol = var.cdn_policy.cache_key_policy.include_protocol
83+
include_query_string = var.cdn_policy.cache_key_policy.include_query_string
84+
query_string_blacklist = var.cdn_policy.cache_key_policy.query_string_blacklist
85+
query_string_whitelist = var.cdn_policy.cache_key_policy.query_string_whitelist
86+
include_http_headers = var.cdn_policy.cache_key_policy.include_http_headers
87+
include_named_cookies = var.cdn_policy.cache_key_policy.include_named_cookies
88+
}
89+
}
90+
91+
dynamic "bypass_cache_on_request_headers" {
92+
for_each = toset(var.cdn_policy.bypass_cache_on_request_headers) != null ? var.cdn_policy.bypass_cache_on_request_headers : []
93+
content {
94+
header_name = bypass_cache_on_request_headers.value
95+
}
96+
}
97+
}
98+
}
99+
100+
dynamic "outlier_detection" {
101+
for_each = var.outlier_detection != null && (var.load_balancing_scheme == "INTERNAL_SELF_MANAGED" || var.load_balancing_scheme == "EXTERNAL_MANAGED") ? [1] : []
102+
content {
103+
consecutive_errors = var.outlier_detection.consecutive_errors
104+
consecutive_gateway_failure = var.outlier_detection.consecutive_gateway_failure
105+
enforcing_consecutive_errors = var.outlier_detection.enforcing_consecutive_errors
106+
enforcing_consecutive_gateway_failure = var.outlier_detection.enforcing_consecutive_gateway_failure
107+
enforcing_success_rate = var.outlier_detection.enforcing_success_rate
108+
max_ejection_percent = var.outlier_detection.max_ejection_percent
109+
success_rate_minimum_hosts = var.outlier_detection.success_rate_minimum_hosts
110+
success_rate_request_volume = var.outlier_detection.success_rate_request_volume
111+
success_rate_stdev_factor = var.outlier_detection.success_rate_stdev_factor
112+
113+
dynamic "base_ejection_time" {
114+
for_each = var.outlier_detection.base_ejection_time != null ? [1] : []
115+
content {
116+
seconds = var.outlier_detection.base_ejection_time.seconds
117+
nanos = var.outlier_detection.base_ejection_time.nanos
118+
}
119+
}
120+
121+
dynamic "interval" {
122+
for_each = var.outlier_detection.interval != null ? [1] : []
123+
content {
124+
seconds = var.outlier_detection.interval.seconds
125+
nanos = var.outlier_detection.interval.nanos
126+
}
127+
}
128+
}
129+
}
130+
}
131+
132+
resource "google_compute_region_network_endpoint_group" "serverless_negs" {
133+
for_each = { for serverless_neg_backend in var.serverless_neg_backends :
134+
"neg-${var.name}-${serverless_neg_backend.region}" => serverless_neg_backend }
135+
136+
137+
provider = google-beta
138+
project = var.project_id
139+
name = each.key
140+
network_endpoint_type = "SERVERLESS"
141+
region = each.value.region
142+
143+
dynamic "cloud_run" {
144+
for_each = each.value.type == "cloud-run" ? [1] : []
145+
content {
146+
service = each.value.service.name
147+
}
148+
}
149+
150+
dynamic "cloud_function" {
151+
for_each = each.value.type == "cloud-function" ? [1] : []
152+
content {
153+
function = each.value.service.name
154+
}
155+
}
156+
157+
dynamic "app_engine" {
158+
for_each = each.value.type == "app-engine" ? [1] : []
159+
content {
160+
service = each.value.service.name
161+
version = each.value.service.version
162+
}
163+
}
164+
165+
lifecycle {
166+
create_before_destroy = true
167+
}
168+
}
169+
170+
resource "google_compute_health_check" "default" {
171+
provider = google-beta
172+
count = var.health_check != null ? 1 : 0
173+
project = var.project_id
174+
name = "${var.name}-hc"
175+
176+
check_interval_sec = var.health_check.check_interval_sec
177+
timeout_sec = var.health_check.timeout_sec
178+
healthy_threshold = var.health_check.healthy_threshold
179+
unhealthy_threshold = var.health_check.unhealthy_threshold
180+
181+
log_config {
182+
enable = var.health_check.logging
183+
}
184+
185+
dynamic "http_health_check" {
186+
for_each = coalesce(var.health_check.protocol, var.protocol) == "HTTP" ? [
187+
1
188+
] : []
189+
190+
content {
191+
host = var.health_check.host
192+
request_path = var.health_check.request_path
193+
response = var.health_check.response
194+
port = var.health_check.port
195+
port_name = var.health_check.port_name
196+
proxy_header = var.health_check.proxy_header
197+
port_specification = var.health_check.port_specification
198+
}
199+
}
200+
201+
dynamic "https_health_check" {
202+
for_each = coalesce(var.health_check.protocol, var.protocol) == "HTTPS" ? [
203+
1
204+
] : []
205+
206+
content {
207+
host = var.health_check.host
208+
request_path = var.health_check.request_path
209+
response = var.health_check.response
210+
port = var.health_check.port
211+
port_name = var.health_check.port_name
212+
proxy_header = var.health_check.proxy_header
213+
port_specification = var.health_check.port_specification
214+
}
215+
}
216+
217+
dynamic "http2_health_check" {
218+
for_each = coalesce(var.health_check.protocol, var.protocol) == "HTTP2" ? [
219+
1
220+
] : []
221+
222+
content {
223+
host = var.health_check.host
224+
request_path = var.health_check.request_path
225+
response = var.health_check.response
226+
port = var.health_check.port
227+
port_name = var.health_check.port_name
228+
proxy_header = var.health_check.proxy_header
229+
port_specification = var.health_check.port_specification
230+
}
231+
}
232+
233+
dynamic "tcp_health_check" {
234+
for_each = coalesce(var.health_check.protocol, var.protocol) == "TCP" ? [
235+
1
236+
] : []
237+
238+
content {
239+
request = var.health_check.request
240+
response = var.health_check.response
241+
port = var.health_check.port
242+
port_name = var.health_check.port_name
243+
proxy_header = var.health_check.proxy_header
244+
port_specification = var.health_check.port_specification
245+
}
246+
}
247+
}
248+
249+
resource "google_compute_firewall" "default-hc" {
250+
count = var.health_check != null ? length(var.firewall_networks) : 0
251+
project = length(var.firewall_networks) == 1 && var.firewall_projects[0] == "default" ? var.project_id : var.firewall_projects[count.index]
252+
name = "${var.name}-hc-${count.index}"
253+
network = var.firewall_networks[count.index]
254+
source_ranges = [
255+
"130.211.0.0/22",
256+
"35.191.0.0/16"
257+
]
258+
target_tags = length(var.target_tags) > 0 ? var.target_tags : null
259+
target_service_accounts = length(var.target_service_accounts) > 0 ? var.target_service_accounts : null
260+
261+
allow {
262+
protocol = "tcp"
263+
ports = [var.health_check.port]
264+
}
265+
}

modules/lb-http-backend/outputs.tf

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
output "backend_service_info" {
2+
description = "Host, path and backend service mapping"
3+
value = [
4+
for mapping in var.host_path_mappings : {
5+
host = mapping.host
6+
path = mapping.path
7+
backend_service = google_compute_backend_service.default.self_link
8+
}
9+
]
10+
}

0 commit comments

Comments
 (0)