From 7bc52558d97dc89625b07b07a71f62e9d2387ca3 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Thu, 6 Mar 2025 12:47:43 +0000 Subject: [PATCH 01/41] fix: fixed compression mode variable for internal lbs --- modules/backend/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/backend/main.tf b/modules/backend/main.tf index 0212a7ee..09864b33 100644 --- a/modules/backend/main.tf +++ b/modules/backend/main.tf @@ -28,7 +28,7 @@ resource "google_compute_backend_service" "default" { description = var.description connection_draining_timeout_sec = var.connection_draining_timeout_sec enable_cdn = var.enable_cdn - compression_mode = var.compression_mode + compression_mode = var.load_balancing_scheme == "INTERNAL_SELF_MANAGED" || var.load_balancing_scheme == "INTERNAL_MANAGED" ? null : var.compression_mode custom_request_headers = var.custom_request_headers custom_response_headers = var.custom_response_headers session_affinity = var.session_affinity From 47263c500175f024fcb2125ba5b00bff66885672 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Thu, 6 Mar 2025 12:48:15 +0000 Subject: [PATCH 02/41] feat: added support for multiple forwarding rule creation based on subnets --- modules/frontend/main.tf | 68 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 62 insertions(+), 6 deletions(-) diff --git a/modules/frontend/main.tf b/modules/frontend/main.tf index 366ce6af..d288d7e2 100644 --- a/modules/frontend/main.tf +++ b/modules/frontend/main.tf @@ -23,8 +23,8 @@ locals { create_http_forward = var.http_forward || var.https_redirect - is_internal = var.load_balancing_scheme == "INTERNAL_SELF_MANAGED" - internal_network = local.is_internal ? var.network : null + is_internal = var.load_balancing_scheme == "INTERNAL_SELF_MANAGED" || var.load_balancing_scheme == "INTERNAL_MANAGED" + internal_network = local.is_internal ? var.network : null # Create a map with hosts as keys and empty lists as initial values hosts = toset([for service in var.url_map_input : service.host]) @@ -46,7 +46,7 @@ locals { resource "google_compute_global_forwarding_rule" "http" { provider = google-beta project = var.project_id - count = local.create_http_forward ? 1 : 0 + count = local.create_http_forward && !local.is_internal ? 1 : 0 name = var.name target = google_compute_target_http_proxy.default[0].self_link ip_address = local.address @@ -56,10 +56,24 @@ resource "google_compute_global_forwarding_rule" "http" { network = local.internal_network } +resource "google_compute_global_forwarding_rule" "http_internal" { + count = local.create_http_forward && local.is_internal ? length(var.internal_forwarding_rule_subnetworks) : 0 + + provider = google-beta + project = var.project_id + name = "${var.name}-http-internal-${count.index}" + target = google_compute_target_http_proxy.default[0].self_link + port_range = var.http_port + labels = var.labels + load_balancing_scheme = var.load_balancing_scheme + network = local.internal_network + subnetwork = var.internal_forwarding_rule_subnetworks[count.index] +} + resource "google_compute_global_forwarding_rule" "https" { provider = google-beta project = var.project_id - count = var.ssl ? 1 : 0 + count = var.ssl && !local.is_internal ? 1 : 0 name = "${var.name}-https" target = google_compute_target_https_proxy.default[0].self_link ip_address = local.address @@ -69,6 +83,20 @@ resource "google_compute_global_forwarding_rule" "https" { network = local.internal_network } +resource "google_compute_global_forwarding_rule" "https_internal" { + count = var.ssl && local.is_internal ? length(var.internal_forwarding_rule_subnetworks) : 0 + + provider = google-beta + project = var.project_id + name = "${var.name}-https-internal-${count.index}" + target = google_compute_target_https_proxy.default[0].self_link + port_range = var.https_port + labels = var.labels + load_balancing_scheme = var.load_balancing_scheme + network = local.internal_network + subnetwork = var.internal_forwarding_rule_subnetworks[count.index] +} + resource "google_compute_global_address" "default" { provider = google-beta count = local.is_internal ? 0 : var.create_address ? 1 : 0 @@ -83,7 +111,7 @@ resource "google_compute_global_address" "default" { resource "google_compute_global_forwarding_rule" "http_ipv6" { provider = google-beta project = var.project_id - count = (var.enable_ipv6 && local.create_http_forward) ? 1 : 0 + count = (var.enable_ipv6 && local.create_http_forward && !local.is_internal) ? 1 : 0 name = "${var.name}-ipv6-http" target = google_compute_target_http_proxy.default[0].self_link ip_address = local.ipv6_address @@ -93,10 +121,24 @@ resource "google_compute_global_forwarding_rule" "http_ipv6" { network = local.internal_network } +resource "google_compute_global_forwarding_rule" "http_ipv6_internal" { + count = var.enable_ipv6 && local.create_http_forward && local.is_internal ? length(var.internal_forwarding_rule_subnetworks) : 0 + + provider = google-beta + project = var.project_id + name = "${var.name}-ipv6-http-internal" + target = google_compute_target_http_proxy.default[0].self_link + port_range = "80" + labels = var.labels + load_balancing_scheme = var.load_balancing_scheme + network = local.internal_network + subnetwork = var.internal_forwarding_rule_subnetworks[count.index] +} + resource "google_compute_global_forwarding_rule" "https_ipv6" { provider = google-beta project = var.project_id - count = var.enable_ipv6 && var.ssl ? 1 : 0 + count = var.enable_ipv6 && var.ssl && !local.is_internal ? 1 : 0 name = "${var.name}-ipv6-https" target = google_compute_target_https_proxy.default[0].self_link ip_address = local.ipv6_address @@ -106,6 +148,20 @@ resource "google_compute_global_forwarding_rule" "https_ipv6" { network = local.internal_network } +resource "google_compute_global_forwarding_rule" "https_ipv6_internal" { + count = var.enable_ipv6 && var.ssl && local.is_internal ? length(var.internal_forwarding_rule_subnetworks) : 0 + + provider = google-beta + project = var.project_id + name = "${var.name}-ipv6-https-internal-${count.index}" + target = google_compute_target_https_proxy.default[0].self_link + port_range = "443" + labels = var.labels + load_balancing_scheme = var.load_balancing_scheme + network = local.internal_network + subnetwork = var.internal_forwarding_rule_subnetworks[count.index] +} + resource "google_compute_global_address" "default_ipv6" { provider = google-beta count = local.is_internal ? 0 : (var.enable_ipv6 && var.create_ipv6_address) ? 1 : 0 From 0e5d599c3564584fd14cd4472eee6620f6dc90bc Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Thu, 6 Mar 2025 12:48:42 +0000 Subject: [PATCH 03/41] fix: exposed ip addresses of internal forwarding rules --- modules/frontend/outputs.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/frontend/outputs.tf b/modules/frontend/outputs.tf index df3dd025..b847a8f7 100644 --- a/modules/frontend/outputs.tf +++ b/modules/frontend/outputs.tf @@ -14,6 +14,11 @@ * limitations under the License. */ +output "ip_address_http_internal" { + description = "The internal/external IP addresses assigned to the HTTP forwarding rules." + value = [for rule in google_compute_global_forwarding_rule.http_internal : rule.ip_address] +} + output "external_ip" { description = "The external IPv4 assigned to the global fowarding rule." value = local.address From 46f0e6257fb3a1b5acfa34a1d1652015e13802d7 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Thu, 6 Mar 2025 12:48:59 +0000 Subject: [PATCH 04/41] chore: renamed description of network variable --- modules/frontend/variables.tf | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/frontend/variables.tf b/modules/frontend/variables.tf index be93c406..f6fa209f 100644 --- a/modules/frontend/variables.tf +++ b/modules/frontend/variables.tf @@ -162,7 +162,7 @@ variable "load_balancing_scheme" { } variable "network" { - description = "Network for INTERNAL_SELF_MANAGED load balancing scheme" + description = "Network for INTERNAL_SELF_MANAGED/INTERNAL_MANAGED load balancing scheme" type = string default = "default" } @@ -198,3 +198,9 @@ variable "http_keep_alive_timeout_sec" { type = number default = null } + +variable "internal_forwarding_rule_subnetworks" { + description = "Subnetworks for internal forwarding rules." + type = list(string) + default = [] +} \ No newline at end of file From 8f223c6eca766b93b39524e7ef0854d0a9a24fcc Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Thu, 6 Mar 2025 12:49:17 +0000 Subject: [PATCH 05/41] feat: added example for internal cross regional lb --- examples/internal-lb-cloud-run/main.tf | 173 ++++++++++++++++++++ examples/internal-lb-cloud-run/variables.tf | 38 +++++ 2 files changed, 211 insertions(+) create mode 100644 examples/internal-lb-cloud-run/main.tf create mode 100644 examples/internal-lb-cloud-run/variables.tf diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf new file mode 100644 index 00000000..6b24e026 --- /dev/null +++ b/examples/internal-lb-cloud-run/main.tf @@ -0,0 +1,173 @@ +/** + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + project = var.project_id +} + +provider "google-beta" { + project = var.project_id +} + +resource "google_compute_network" "internal_lb_network" { + name = "int-lb-network" + auto_create_subnetworks = "false" + project = var.project_id +} + +resource "google_compute_subnetwork" "internal_lb_subnet_a" { + name = "int-lb-subnet-a" + ip_cidr_range = "10.1.2.0/24" + network = google_compute_network.internal_lb_network.id + region = var.subnet_region_a + project = var.project_id + depends_on = [google_compute_network.internal_lb_network] +} + +resource "google_compute_subnetwork" "internal_lb_proxy_only_a" { + name = "int-lb-proxy-only-subnet-a" + ip_cidr_range = "10.129.0.0/23" + network = google_compute_network.internal_lb_network.id + purpose = "GLOBAL_MANAGED_PROXY" + region = var.subnet_region_a + project = var.project_id + role = "ACTIVE" + depends_on = [google_compute_network.internal_lb_network] +} + +resource "google_compute_subnetwork" "internal_lb_subnet_b" { + name = "int-lb-subnet-b" + ip_cidr_range = "10.1.3.0/24" + network = google_compute_network.internal_lb_network.id + region = var.subnet_region_b + project = var.project_id + depends_on = [google_compute_network.internal_lb_network] +} + +resource "google_compute_subnetwork" "internal_lb_proxy_only_b" { + name = "int-lb-proxy-only-subnet-b" + ip_cidr_range = "10.130.0.0/23" + network = google_compute_network.internal_lb_network.id + purpose = "GLOBAL_MANAGED_PROXY" + region = var.subnet_region_b + project = var.project_id + role = "ACTIVE" + depends_on = [google_compute_network.internal_lb_network] +} + +module "backend-service-region-a" { + source = "GoogleCloudPlatform/cloud-run/google//modules/v2" + version = "~> 0.16.3" + project_id = var.project_id + location = var.backend_region_a + service_name = "bs-a" + containers = [{ "container_name" = "", "container_image" = "gcr.io/cloudrun/hello" }] + members = ["allUsers"] + ingress = "INGRESS_TRAFFIC_INTERNAL_ONLY" + cloud_run_deletion_protection = false + enable_prometheus_sidecar = false +} + +module "backend-service-region-b" { + source = "GoogleCloudPlatform/cloud-run/google//modules/v2" + version = "~> 0.16.3" + project_id = var.project_id + location = var.backend_region_b + service_name = "bs-b" + containers = [{ "container_name" = "", "container_image" = "gcr.io/cloudrun/hello" }] + members = ["allUsers"] + ingress = "INGRESS_TRAFFIC_INTERNAL_ONLY" + cloud_run_deletion_protection = false + enable_prometheus_sidecar = false +} + +module "internal-lb-http-backend" { + source = "../../modules/backend" # use registry + #version = "~> 12.1.1" + + project_id = var.project_id + name = "int-lb-http-backend" + enable_cdn = false + load_balancing_scheme = "INTERNAL_MANAGED" + locality_lb_policy = "RANDOM" + compression_mode = "DISABLED" + serverless_neg_backends = [ + { region : var.backend_region_a, type : "cloud-run", service_name : module.backend-service-region-a.service_name }, + { region : var.backend_region_b, type : "cloud-run", service_name : module.backend-service-region-b.service_name } + ] +} + +module "internal-lb-http-frontend" { + source = "../../modules/frontend" # use registry + #version = "~> 12.1.1" + + project_id = var.project_id + name = "int-lb-http-frontend" + url_map_input = module.internal-lb-http-backend.backend_service_info + network = google_compute_network.internal_lb_network.name + load_balancing_scheme = "INTERNAL_MANAGED" + internal_forwarding_rule_subnetworks = [ + google_compute_subnetwork.internal_lb_subnet_a.id, + google_compute_subnetwork.internal_lb_subnet_b.id + ] + #depends_on = [google_compute_subnetwork.internal_lb_proxy_only_a, google_compute_subnetwork.internal_lb_proxy_only_b, google_compute_subnetwork.internal_lb_subnet_a, google_compute_network.internal_lb_subnet_b] +} + +resource "google_vpc_access_connector" "internal_lb_vpc_connector" { + provider = google-beta + project = var.project_id + name = "int-lb-vpc-connector" + region = var.subnet_region_a + ip_cidr_range = "10.8.0.0/28" + network = google_compute_network.internal_lb_network.name + max_throughput = 500 + min_throughput = 300 +} + +module "frontend-service-a" { + source = "GoogleCloudPlatform/cloud-run/google//modules/v2" + version = "~> 0.16.3" + project_id = var.project_id + location = var.subnet_region_a + service_name = "fs-a" + containers = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_http_internal[0] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }] + members = ["allUsers"] + vpc_access = { + connector = google_vpc_access_connector.internal_lb_vpc_connector.id + egress = "ALL_TRAFFIC" + } + ingress = "INGRESS_TRAFFIC_ALL" + cloud_run_deletion_protection = false + enable_prometheus_sidecar = false + depends_on = [google_vpc_access_connector.internal_lb_vpc_connector] +} + +module "frontend-service-b" { + source = "GoogleCloudPlatform/cloud-run/google//modules/v2" + version = "~> 0.16.3" + project_id = var.project_id + location = var.subnet_region_a + service_name = "fs-b" + containers = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_http_internal[1] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }] + members = ["allUsers"] + vpc_access = { + connector = google_vpc_access_connector.internal_lb_vpc_connector.id + egress = "ALL_TRAFFIC" + } + ingress = "INGRESS_TRAFFIC_ALL" + cloud_run_deletion_protection = false + enable_prometheus_sidecar = false +} diff --git a/examples/internal-lb-cloud-run/variables.tf b/examples/internal-lb-cloud-run/variables.tf new file mode 100644 index 00000000..609dca37 --- /dev/null +++ b/examples/internal-lb-cloud-run/variables.tf @@ -0,0 +1,38 @@ +/** + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + type = string +} + +variable "backend_region_a" { + type = string +} + +variable "backend_region_b" { + type = string +} + +variable "subnet_region_a" { + type = string +} + +variable "subnet_region_b" { + type = string +} + + + From e0b61e87e94836279e94d7945e9e555f349682ed Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Fri, 7 Mar 2025 07:05:20 +0000 Subject: [PATCH 06/41] fix: segregated internal self managed and managed for backward compatibility --- modules/frontend/main.tf | 41 +++++++++++++++++++------------------ modules/frontend/outputs.tf | 4 ++-- 2 files changed, 23 insertions(+), 22 deletions(-) diff --git a/modules/frontend/main.tf b/modules/frontend/main.tf index d288d7e2..3d8d5041 100644 --- a/modules/frontend/main.tf +++ b/modules/frontend/main.tf @@ -23,8 +23,9 @@ locals { create_http_forward = var.http_forward || var.https_redirect - is_internal = var.load_balancing_scheme == "INTERNAL_SELF_MANAGED" || var.load_balancing_scheme == "INTERNAL_MANAGED" - internal_network = local.is_internal ? var.network : null + is_internal_self_managed = var.load_balancing_scheme == "INTERNAL_SELF_MANAGED" + is_internal_managed = var.load_balancing_scheme == "INTERNAL_MANAGED" + internal_network = local.is_internal_self_managed || local.is_internal_managed ? var.network : null # Create a map with hosts as keys and empty lists as initial values hosts = toset([for service in var.url_map_input : service.host]) @@ -46,7 +47,7 @@ locals { resource "google_compute_global_forwarding_rule" "http" { provider = google-beta project = var.project_id - count = local.create_http_forward && !local.is_internal ? 1 : 0 + count = local.create_http_forward && !local.is_internal_managed ? 1 : 0 name = var.name target = google_compute_target_http_proxy.default[0].self_link ip_address = local.address @@ -56,12 +57,12 @@ resource "google_compute_global_forwarding_rule" "http" { network = local.internal_network } -resource "google_compute_global_forwarding_rule" "http_internal" { - count = local.create_http_forward && local.is_internal ? length(var.internal_forwarding_rule_subnetworks) : 0 +resource "google_compute_global_forwarding_rule" "http_internal_managed" { + count = local.create_http_forward && local.is_internal_managed ? length(var.internal_forwarding_rule_subnetworks) : 0 provider = google-beta project = var.project_id - name = "${var.name}-http-internal-${count.index}" + name = "${var.name}-http-internal-managed-${count.index}" target = google_compute_target_http_proxy.default[0].self_link port_range = var.http_port labels = var.labels @@ -73,7 +74,7 @@ resource "google_compute_global_forwarding_rule" "http_internal" { resource "google_compute_global_forwarding_rule" "https" { provider = google-beta project = var.project_id - count = var.ssl && !local.is_internal ? 1 : 0 + count = var.ssl && !local.is_internal_managed ? 1 : 0 name = "${var.name}-https" target = google_compute_target_https_proxy.default[0].self_link ip_address = local.address @@ -83,12 +84,12 @@ resource "google_compute_global_forwarding_rule" "https" { network = local.internal_network } -resource "google_compute_global_forwarding_rule" "https_internal" { - count = var.ssl && local.is_internal ? length(var.internal_forwarding_rule_subnetworks) : 0 +resource "google_compute_global_forwarding_rule" "https_internal_managed" { + count = var.ssl && local.is_internal_managed ? length(var.internal_forwarding_rule_subnetworks) : 0 provider = google-beta project = var.project_id - name = "${var.name}-https-internal-${count.index}" + name = "${var.name}-https-internal-managed-${count.index}" target = google_compute_target_https_proxy.default[0].self_link port_range = var.https_port labels = var.labels @@ -99,7 +100,7 @@ resource "google_compute_global_forwarding_rule" "https_internal" { resource "google_compute_global_address" "default" { provider = google-beta - count = local.is_internal ? 0 : var.create_address ? 1 : 0 + count = local.is_internal_self_managed ? 0 : var.create_address ? 1 : 0 project = var.project_id name = "${var.name}-address" ip_version = "IPV4" @@ -111,7 +112,7 @@ resource "google_compute_global_address" "default" { resource "google_compute_global_forwarding_rule" "http_ipv6" { provider = google-beta project = var.project_id - count = (var.enable_ipv6 && local.create_http_forward && !local.is_internal) ? 1 : 0 + count = (var.enable_ipv6 && local.create_http_forward && !local.is_internal_managed) ? 1 : 0 name = "${var.name}-ipv6-http" target = google_compute_target_http_proxy.default[0].self_link ip_address = local.ipv6_address @@ -121,12 +122,12 @@ resource "google_compute_global_forwarding_rule" "http_ipv6" { network = local.internal_network } -resource "google_compute_global_forwarding_rule" "http_ipv6_internal" { - count = var.enable_ipv6 && local.create_http_forward && local.is_internal ? length(var.internal_forwarding_rule_subnetworks) : 0 +resource "google_compute_global_forwarding_rule" "http_ipv6_internal_managed" { + count = var.enable_ipv6 && local.create_http_forward && local.is_internal_managed ? length(var.internal_forwarding_rule_subnetworks) : 0 provider = google-beta project = var.project_id - name = "${var.name}-ipv6-http-internal" + name = "${var.name}-http-ipv6-internal-managed-${count.index}" target = google_compute_target_http_proxy.default[0].self_link port_range = "80" labels = var.labels @@ -138,7 +139,7 @@ resource "google_compute_global_forwarding_rule" "http_ipv6_internal" { resource "google_compute_global_forwarding_rule" "https_ipv6" { provider = google-beta project = var.project_id - count = var.enable_ipv6 && var.ssl && !local.is_internal ? 1 : 0 + count = var.enable_ipv6 && var.ssl && !local.is_internal_managed ? 1 : 0 name = "${var.name}-ipv6-https" target = google_compute_target_https_proxy.default[0].self_link ip_address = local.ipv6_address @@ -148,12 +149,12 @@ resource "google_compute_global_forwarding_rule" "https_ipv6" { network = local.internal_network } -resource "google_compute_global_forwarding_rule" "https_ipv6_internal" { - count = var.enable_ipv6 && var.ssl && local.is_internal ? length(var.internal_forwarding_rule_subnetworks) : 0 +resource "google_compute_global_forwarding_rule" "https_ipv6_internal)managed" { + count = var.enable_ipv6 && var.ssl && local.is_internal_managed ? length(var.internal_forwarding_rule_subnetworks) : 0 provider = google-beta project = var.project_id - name = "${var.name}-ipv6-https-internal-${count.index}" + name = "${var.name}-https-ipv6-internal-managed-${count.index}" target = google_compute_target_https_proxy.default[0].self_link port_range = "443" labels = var.labels @@ -164,7 +165,7 @@ resource "google_compute_global_forwarding_rule" "https_ipv6_internal" { resource "google_compute_global_address" "default_ipv6" { provider = google-beta - count = local.is_internal ? 0 : (var.enable_ipv6 && var.create_ipv6_address) ? 1 : 0 + count = local.is_internal_self_managed ? 0 : (var.enable_ipv6 && var.create_ipv6_address) ? 1 : 0 project = var.project_id name = "${var.name}-ipv6-address" ip_version = "IPV6" diff --git a/modules/frontend/outputs.tf b/modules/frontend/outputs.tf index b847a8f7..c5b2ccff 100644 --- a/modules/frontend/outputs.tf +++ b/modules/frontend/outputs.tf @@ -14,9 +14,9 @@ * limitations under the License. */ -output "ip_address_http_internal" { +output "ip_address_http_internal_managed" { description = "The internal/external IP addresses assigned to the HTTP forwarding rules." - value = [for rule in google_compute_global_forwarding_rule.http_internal : rule.ip_address] + value = [for rule in google_compute_global_forwarding_rule.http_internal_managed : rule.ip_address] } output "external_ip" { From 8f10e7e84473f716d7380e37ae2ff64c33d214f9 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Fri, 7 Mar 2025 07:05:46 +0000 Subject: [PATCH 07/41] fix: using updated variables in example --- examples/internal-lb-cloud-run/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index 6b24e026..bab6be48 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -143,7 +143,7 @@ module "frontend-service-a" { project_id = var.project_id location = var.subnet_region_a service_name = "fs-a" - containers = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_http_internal[0] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }] + containers = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_http_internal_managed[0] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }] members = ["allUsers"] vpc_access = { connector = google_vpc_access_connector.internal_lb_vpc_connector.id @@ -161,7 +161,7 @@ module "frontend-service-b" { project_id = var.project_id location = var.subnet_region_a service_name = "fs-b" - containers = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_http_internal[1] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }] + containers = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_http_internal_managed[1] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }] members = ["allUsers"] vpc_access = { connector = google_vpc_access_connector.internal_lb_vpc_connector.id From f3d770b22788bd1a4c75ba7a70de03d51aec8123 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Fri, 7 Mar 2025 07:06:50 +0000 Subject: [PATCH 08/41] chore: lint --- examples/internal-lb-cloud-run/main.tf | 2 +- examples/internal-lb-cloud-run/variables.tf | 6 +++--- modules/frontend/main.tf | 10 +++++----- modules/frontend/outputs.tf | 2 +- modules/frontend/variables.tf | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index bab6be48..a09c9a02 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - + provider "google" { project = var.project_id } diff --git a/examples/internal-lb-cloud-run/variables.tf b/examples/internal-lb-cloud-run/variables.tf index 609dca37..1e121fa8 100644 --- a/examples/internal-lb-cloud-run/variables.tf +++ b/examples/internal-lb-cloud-run/variables.tf @@ -13,17 +13,17 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - + variable "project_id" { type = string } variable "backend_region_a" { - type = string + type = string } variable "backend_region_b" { - type = string + type = string } variable "subnet_region_a" { diff --git a/modules/frontend/main.tf b/modules/frontend/main.tf index 3d8d5041..97974a3b 100644 --- a/modules/frontend/main.tf +++ b/modules/frontend/main.tf @@ -24,8 +24,8 @@ locals { is_internal_self_managed = var.load_balancing_scheme == "INTERNAL_SELF_MANAGED" - is_internal_managed = var.load_balancing_scheme == "INTERNAL_MANAGED" - internal_network = local.is_internal_self_managed || local.is_internal_managed ? var.network : null + is_internal_managed = var.load_balancing_scheme == "INTERNAL_MANAGED" + internal_network = local.is_internal_self_managed || local.is_internal_managed ? var.network : null # Create a map with hosts as keys and empty lists as initial values hosts = toset([for service in var.url_map_input : service.host]) @@ -68,7 +68,7 @@ resource "google_compute_global_forwarding_rule" "http_internal_managed" { labels = var.labels load_balancing_scheme = var.load_balancing_scheme network = local.internal_network - subnetwork = var.internal_forwarding_rule_subnetworks[count.index] + subnetwork = var.internal_forwarding_rule_subnetworks[count.index] } resource "google_compute_global_forwarding_rule" "https" { @@ -95,7 +95,7 @@ resource "google_compute_global_forwarding_rule" "https_internal_managed" { labels = var.labels load_balancing_scheme = var.load_balancing_scheme network = local.internal_network - subnetwork = var.internal_forwarding_rule_subnetworks[count.index] + subnetwork = var.internal_forwarding_rule_subnetworks[count.index] } resource "google_compute_global_address" "default" { @@ -133,7 +133,7 @@ resource "google_compute_global_forwarding_rule" "http_ipv6_internal_managed" { labels = var.labels load_balancing_scheme = var.load_balancing_scheme network = local.internal_network - subnetwork = var.internal_forwarding_rule_subnetworks[count.index] + subnetwork = var.internal_forwarding_rule_subnetworks[count.index] } resource "google_compute_global_forwarding_rule" "https_ipv6" { diff --git a/modules/frontend/outputs.tf b/modules/frontend/outputs.tf index c5b2ccff..ba5c3c01 100644 --- a/modules/frontend/outputs.tf +++ b/modules/frontend/outputs.tf @@ -16,7 +16,7 @@ output "ip_address_http_internal_managed" { description = "The internal/external IP addresses assigned to the HTTP forwarding rules." - value = [for rule in google_compute_global_forwarding_rule.http_internal_managed : rule.ip_address] + value = [for rule in google_compute_global_forwarding_rule.http_internal_managed : rule.ip_address] } output "external_ip" { diff --git a/modules/frontend/variables.tf b/modules/frontend/variables.tf index f6fa209f..dff2b923 100644 --- a/modules/frontend/variables.tf +++ b/modules/frontend/variables.tf @@ -201,6 +201,6 @@ variable "http_keep_alive_timeout_sec" { variable "internal_forwarding_rule_subnetworks" { description = "Subnetworks for internal forwarding rules." - type = list(string) - default = [] + type = list(string) + default = [] } \ No newline at end of file From 971e93d67d13ea111ea6dc38bd4dd61826cf7966 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Fri, 7 Mar 2025 07:14:51 +0000 Subject: [PATCH 09/41] chore: added readme.md file for example --- examples/internal-lb-cloud-run/readme.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 examples/internal-lb-cloud-run/readme.md diff --git a/examples/internal-lb-cloud-run/readme.md b/examples/internal-lb-cloud-run/readme.md new file mode 100644 index 00000000..9170733a --- /dev/null +++ b/examples/internal-lb-cloud-run/readme.md @@ -0,0 +1,24 @@ +# HTTP Internal Regional Load Balancer Example + +This example creates a simple application with below components. + +* *Frontend Service*: Two cloud-run services to send request to internal cross-regional load balancers. The cloud-run service uses VPC access connector to send the request to the internal load balancer. +* *Internal Load Balancer*: An internal cross-regional load balancer to distribute traffic to internal cloud run services. +* *Backend Service*: Two cloud-run services to run the actual application code. These can be accessed within internal traffic. The internal Application Load Balancer is considered internal traffic. + + +The `google_compute_backend_service` and its dependencies are created as part of `backend` module. +The forwarding rules and its dependecies are created as part of `frontend` module. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| project\_id | n/a | `string` | n/a | yes | +| backend_region_a | n/a | `string` | `"us-east1"` | no | +| backend_region_b | n/a | `string` | `"us-south1"` | no | +| subnet_region_a | n/a | `string` | `"us-central1"` | no | +| subnet_region_b | n/a | `string` | `"us-west1"` | no | + + \ No newline at end of file From ad2f3fe288f6a5f176d4e239bd166f3675ce4f03 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Fri, 7 Mar 2025 07:15:47 +0000 Subject: [PATCH 10/41] fix: added default values for variables as per readme --- examples/internal-lb-cloud-run/variables.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/examples/internal-lb-cloud-run/variables.tf b/examples/internal-lb-cloud-run/variables.tf index 1e121fa8..af25884d 100644 --- a/examples/internal-lb-cloud-run/variables.tf +++ b/examples/internal-lb-cloud-run/variables.tf @@ -20,18 +20,22 @@ variable "project_id" { variable "backend_region_a" { type = string + default = "us-east1" } variable "backend_region_b" { type = string + default = "us-south1" } variable "subnet_region_a" { type = string + default = "us-central1" } variable "subnet_region_b" { type = string + default = "us-west1" } From 31da11d6314cc69108a9c53dcde380ee3338895e Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Fri, 7 Mar 2025 07:21:48 +0000 Subject: [PATCH 11/41] chore: updated frontend module's readme.md file --- modules/frontend/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/frontend/README.md b/modules/frontend/README.md index 0e43a1dd..95525015 100644 --- a/modules/frontend/README.md +++ b/modules/frontend/README.md @@ -21,7 +21,7 @@ This module creates `HTTP(S) forwarding rule` and its dependencies. This modules | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no | | ipv6\_address | An existing IPv6 address to use (the actual IP address value) | `string` | `null` | no | | labels | The labels to attach to resources created by this module | `map(string)` | `{}` | no | -| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL_MANAGED"` | no | +| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, INTERNAL\_SELF\_MANAGED for traffic director and INTERNAL_MANAGED for cross-regional internal Envoy-based load balancer) | `string` | `"EXTERNAL_MANAGED"` | no | | managed\_ssl\_certificate\_domains | Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` | `list(string)` | `[]` | no | | name | Name for the forwarding rule and prefix for supporting resources | `string` | n/a | yes | | network | Network for INTERNAL\_SELF\_MANAGED load balancing scheme | `string` | `"default"` | no | @@ -40,6 +40,7 @@ This module creates `HTTP(S) forwarding rule` and its dependencies. This modules | Name | Description | |------|-------------| +| ip\_address\_http\_internal\_managed| The internal IPv4s assigned to the global internal fowarding rules. | | external\_ip | The external IPv4 assigned to the global fowarding rule. | | external\_ipv6\_address | The external IPv6 assigned to the global fowarding rule. | | http\_proxy | The HTTP proxy used by this module. | From c07ac9855d97e735d663512bac88a83fc0f959b9 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Mon, 10 Mar 2025 04:53:40 +0000 Subject: [PATCH 12/41] chore: updated naming convention for internal managed fw rules --- examples/internal-lb-cloud-run/main.tf | 4 ++-- modules/frontend/main.tf | 16 ++++++++-------- modules/frontend/outputs.tf | 4 ++-- modules/frontend/variables.tf | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index a09c9a02..b87befb8 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -143,7 +143,7 @@ module "frontend-service-a" { project_id = var.project_id location = var.subnet_region_a service_name = "fs-a" - containers = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_http_internal_managed[0] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }] + containers = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_internal_managed_http[0] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }] members = ["allUsers"] vpc_access = { connector = google_vpc_access_connector.internal_lb_vpc_connector.id @@ -161,7 +161,7 @@ module "frontend-service-b" { project_id = var.project_id location = var.subnet_region_a service_name = "fs-b" - containers = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_http_internal_managed[1] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }] + containers = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_internal_managed_http[1] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }] members = ["allUsers"] vpc_access = { connector = google_vpc_access_connector.internal_lb_vpc_connector.id diff --git a/modules/frontend/main.tf b/modules/frontend/main.tf index 97974a3b..208d0fed 100644 --- a/modules/frontend/main.tf +++ b/modules/frontend/main.tf @@ -57,12 +57,12 @@ resource "google_compute_global_forwarding_rule" "http" { network = local.internal_network } -resource "google_compute_global_forwarding_rule" "http_internal_managed" { +resource "google_compute_global_forwarding_rule" "internal_managed_http" { count = local.create_http_forward && local.is_internal_managed ? length(var.internal_forwarding_rule_subnetworks) : 0 provider = google-beta project = var.project_id - name = "${var.name}-http-internal-managed-${count.index}" + name = "${var.name}-internal-managed-http-${count.index}" target = google_compute_target_http_proxy.default[0].self_link port_range = var.http_port labels = var.labels @@ -84,12 +84,12 @@ resource "google_compute_global_forwarding_rule" "https" { network = local.internal_network } -resource "google_compute_global_forwarding_rule" "https_internal_managed" { +resource "google_compute_global_forwarding_rule" "internal_managed_https" { count = var.ssl && local.is_internal_managed ? length(var.internal_forwarding_rule_subnetworks) : 0 provider = google-beta project = var.project_id - name = "${var.name}-https-internal-managed-${count.index}" + name = "${var.name}-internal-managed-https-${count.index}" target = google_compute_target_https_proxy.default[0].self_link port_range = var.https_port labels = var.labels @@ -122,12 +122,12 @@ resource "google_compute_global_forwarding_rule" "http_ipv6" { network = local.internal_network } -resource "google_compute_global_forwarding_rule" "http_ipv6_internal_managed" { +resource "google_compute_global_forwarding_rule" "internal_managed_http_ipv6" { count = var.enable_ipv6 && local.create_http_forward && local.is_internal_managed ? length(var.internal_forwarding_rule_subnetworks) : 0 provider = google-beta project = var.project_id - name = "${var.name}-http-ipv6-internal-managed-${count.index}" + name = "${var.name}-internal-managed-http-ipv6-${count.index}" target = google_compute_target_http_proxy.default[0].self_link port_range = "80" labels = var.labels @@ -149,12 +149,12 @@ resource "google_compute_global_forwarding_rule" "https_ipv6" { network = local.internal_network } -resource "google_compute_global_forwarding_rule" "https_ipv6_internal)managed" { +resource "google_compute_global_forwarding_rule" "internal_managed_https_ipv6" { count = var.enable_ipv6 && var.ssl && local.is_internal_managed ? length(var.internal_forwarding_rule_subnetworks) : 0 provider = google-beta project = var.project_id - name = "${var.name}-https-ipv6-internal-managed-${count.index}" + name = "${var.name}-internal-managed-https-ipv6-${count.index}" target = google_compute_target_https_proxy.default[0].self_link port_range = "443" labels = var.labels diff --git a/modules/frontend/outputs.tf b/modules/frontend/outputs.tf index ba5c3c01..377d4af6 100644 --- a/modules/frontend/outputs.tf +++ b/modules/frontend/outputs.tf @@ -14,9 +14,9 @@ * limitations under the License. */ -output "ip_address_http_internal_managed" { +output "ip_address_internal_managed_http" { description = "The internal/external IP addresses assigned to the HTTP forwarding rules." - value = [for rule in google_compute_global_forwarding_rule.http_internal_managed : rule.ip_address] + value = [for rule in google_compute_global_forwarding_rule.internal_managed_http : rule.ip_address] } output "external_ip" { diff --git a/modules/frontend/variables.tf b/modules/frontend/variables.tf index dff2b923..e050de0e 100644 --- a/modules/frontend/variables.tf +++ b/modules/frontend/variables.tf @@ -203,4 +203,4 @@ variable "internal_forwarding_rule_subnetworks" { description = "Subnetworks for internal forwarding rules." type = list(string) default = [] -} \ No newline at end of file +} From 4c0d42286ee6c9b99f8e1b01b779521503e111ea Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Mon, 10 Mar 2025 17:59:29 +0000 Subject: [PATCH 13/41] fix: removed redundant compression_mode argument --- examples/internal-lb-cloud-run/main.tf | 1 - examples/internal-lb-cloud-run/variables.tf | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index b87befb8..b2420e45 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -103,7 +103,6 @@ module "internal-lb-http-backend" { enable_cdn = false load_balancing_scheme = "INTERNAL_MANAGED" locality_lb_policy = "RANDOM" - compression_mode = "DISABLED" serverless_neg_backends = [ { region : var.backend_region_a, type : "cloud-run", service_name : module.backend-service-region-a.service_name }, { region : var.backend_region_b, type : "cloud-run", service_name : module.backend-service-region-b.service_name } diff --git a/examples/internal-lb-cloud-run/variables.tf b/examples/internal-lb-cloud-run/variables.tf index af25884d..8288785f 100644 --- a/examples/internal-lb-cloud-run/variables.tf +++ b/examples/internal-lb-cloud-run/variables.tf @@ -19,22 +19,22 @@ variable "project_id" { } variable "backend_region_a" { - type = string + type = string default = "us-east1" } variable "backend_region_b" { - type = string + type = string default = "us-south1" } variable "subnet_region_a" { - type = string + type = string default = "us-central1" } variable "subnet_region_b" { - type = string + type = string default = "us-west1" } From 4e7b103b9e90429382c6bf3f12ae5fabcee506ee Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Tue, 11 Mar 2025 17:21:04 +0000 Subject: [PATCH 14/41] fix: added ip_address_internal_managed_https output variable --- modules/frontend/outputs.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/frontend/outputs.tf b/modules/frontend/outputs.tf index 377d4af6..7f25310f 100644 --- a/modules/frontend/outputs.tf +++ b/modules/frontend/outputs.tf @@ -19,6 +19,11 @@ output "ip_address_internal_managed_http" { value = [for rule in google_compute_global_forwarding_rule.internal_managed_http : rule.ip_address] } +output "ip_address_internal_managed_https" { + description = "The internal/external IP addresses assigned to the HTTPS forwarding rules." + value = [for rule in google_compute_global_forwarding_rule.internal_managed_https : rule.ip_address] +} + output "external_ip" { description = "The external IPv4 assigned to the global fowarding rule." value = local.address From f6f576eddb3bec803b8571e7f9d44919a32a5511 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Tue, 11 Mar 2025 17:26:23 +0000 Subject: [PATCH 15/41] fix: using hardcoded region values instead of variables --- examples/internal-lb-cloud-run/main.tf | 22 ++++++++++---------- examples/internal-lb-cloud-run/variables.tf | 23 --------------------- 2 files changed, 11 insertions(+), 34 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index b2420e45..b63492d6 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -32,7 +32,7 @@ resource "google_compute_subnetwork" "internal_lb_subnet_a" { name = "int-lb-subnet-a" ip_cidr_range = "10.1.2.0/24" network = google_compute_network.internal_lb_network.id - region = var.subnet_region_a + region = "us-east1" project = var.project_id depends_on = [google_compute_network.internal_lb_network] } @@ -42,7 +42,7 @@ resource "google_compute_subnetwork" "internal_lb_proxy_only_a" { ip_cidr_range = "10.129.0.0/23" network = google_compute_network.internal_lb_network.id purpose = "GLOBAL_MANAGED_PROXY" - region = var.subnet_region_a + region = "us-east1" project = var.project_id role = "ACTIVE" depends_on = [google_compute_network.internal_lb_network] @@ -52,7 +52,7 @@ resource "google_compute_subnetwork" "internal_lb_subnet_b" { name = "int-lb-subnet-b" ip_cidr_range = "10.1.3.0/24" network = google_compute_network.internal_lb_network.id - region = var.subnet_region_b + region = "us-south1" project = var.project_id depends_on = [google_compute_network.internal_lb_network] } @@ -62,7 +62,7 @@ resource "google_compute_subnetwork" "internal_lb_proxy_only_b" { ip_cidr_range = "10.130.0.0/23" network = google_compute_network.internal_lb_network.id purpose = "GLOBAL_MANAGED_PROXY" - region = var.subnet_region_b + region = "us-south1" project = var.project_id role = "ACTIVE" depends_on = [google_compute_network.internal_lb_network] @@ -72,7 +72,7 @@ module "backend-service-region-a" { source = "GoogleCloudPlatform/cloud-run/google//modules/v2" version = "~> 0.16.3" project_id = var.project_id - location = var.backend_region_a + location = "us-central1" service_name = "bs-a" containers = [{ "container_name" = "", "container_image" = "gcr.io/cloudrun/hello" }] members = ["allUsers"] @@ -85,7 +85,7 @@ module "backend-service-region-b" { source = "GoogleCloudPlatform/cloud-run/google//modules/v2" version = "~> 0.16.3" project_id = var.project_id - location = var.backend_region_b + location = "us-west1" service_name = "bs-b" containers = [{ "container_name" = "", "container_image" = "gcr.io/cloudrun/hello" }] members = ["allUsers"] @@ -104,8 +104,8 @@ module "internal-lb-http-backend" { load_balancing_scheme = "INTERNAL_MANAGED" locality_lb_policy = "RANDOM" serverless_neg_backends = [ - { region : var.backend_region_a, type : "cloud-run", service_name : module.backend-service-region-a.service_name }, - { region : var.backend_region_b, type : "cloud-run", service_name : module.backend-service-region-b.service_name } + { region : "us-central1", type : "cloud-run", service_name : module.backend-service-region-a.service_name }, + { region : "us-west1", type : "cloud-run", service_name : module.backend-service-region-b.service_name } ] } @@ -129,7 +129,7 @@ resource "google_vpc_access_connector" "internal_lb_vpc_connector" { provider = google-beta project = var.project_id name = "int-lb-vpc-connector" - region = var.subnet_region_a + region = "us-east1" ip_cidr_range = "10.8.0.0/28" network = google_compute_network.internal_lb_network.name max_throughput = 500 @@ -140,7 +140,7 @@ module "frontend-service-a" { source = "GoogleCloudPlatform/cloud-run/google//modules/v2" version = "~> 0.16.3" project_id = var.project_id - location = var.subnet_region_a + location = "us-east1" service_name = "fs-a" containers = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_internal_managed_http[0] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }] members = ["allUsers"] @@ -158,7 +158,7 @@ module "frontend-service-b" { source = "GoogleCloudPlatform/cloud-run/google//modules/v2" version = "~> 0.16.3" project_id = var.project_id - location = var.subnet_region_a + location = "us-east1" service_name = "fs-b" containers = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_internal_managed_http[1] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }] members = ["allUsers"] diff --git a/examples/internal-lb-cloud-run/variables.tf b/examples/internal-lb-cloud-run/variables.tf index 8288785f..419e3a19 100644 --- a/examples/internal-lb-cloud-run/variables.tf +++ b/examples/internal-lb-cloud-run/variables.tf @@ -17,26 +17,3 @@ variable "project_id" { type = string } - -variable "backend_region_a" { - type = string - default = "us-east1" -} - -variable "backend_region_b" { - type = string - default = "us-south1" -} - -variable "subnet_region_a" { - type = string - default = "us-central1" -} - -variable "subnet_region_b" { - type = string - default = "us-west1" -} - - - From 2ab0e8debb42e6ece8bb190f5d6504d562e658d2 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Tue, 11 Mar 2025 17:32:06 +0000 Subject: [PATCH 16/41] fix: fixed variable description --- modules/frontend/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/frontend/variables.tf b/modules/frontend/variables.tf index e050de0e..8fa42095 100644 --- a/modules/frontend/variables.tf +++ b/modules/frontend/variables.tf @@ -200,7 +200,7 @@ variable "http_keep_alive_timeout_sec" { } variable "internal_forwarding_rule_subnetworks" { - description = "Subnetworks for internal forwarding rules." + description = "List of fully-qualified subnetwork IDs (e.g., projects/my-project/regions/us-central1/subnetworks/my-subnet)." type = list(string) default = [] -} +} \ No newline at end of file From e19fdaab7c657e33342e3b8bb31ab1178685adfd Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Tue, 11 Mar 2025 17:51:33 +0000 Subject: [PATCH 17/41] chore: updated metadata.yaml and readme.md --- examples/internal-lb-cloud-run/readme.md | 4 ---- metadata.yaml | 2 ++ modules/backend/metadata.yaml | 2 ++ modules/dynamic_backends/metadata.yaml | 2 ++ modules/frontend/README.md | 10 ++++++---- modules/frontend/metadata.yaml | 12 +++++++++++- modules/serverless_negs/metadata.yaml | 2 ++ 7 files changed, 25 insertions(+), 9 deletions(-) diff --git a/examples/internal-lb-cloud-run/readme.md b/examples/internal-lb-cloud-run/readme.md index 9170733a..99350385 100644 --- a/examples/internal-lb-cloud-run/readme.md +++ b/examples/internal-lb-cloud-run/readme.md @@ -16,9 +16,5 @@ The forwarding rules and its dependecies are created as part of `frontend` modul | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | project\_id | n/a | `string` | n/a | yes | -| backend_region_a | n/a | `string` | `"us-east1"` | no | -| backend_region_b | n/a | `string` | `"us-south1"` | no | -| subnet_region_a | n/a | `string` | `"us-central1"` | no | -| subnet_region_b | n/a | `string` | `"us-west1"` | no | \ No newline at end of file diff --git a/metadata.yaml b/metadata.yaml index 99297dcd..ab9a4a29 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -58,6 +58,8 @@ spec: location: examples/https-gke - name: https-redirect location: examples/https-redirect + - name: internal-lb-cloud-run + location: examples/internal-lb-cloud-run - name: lb-http-separate-frontend-and-backend location: examples/lb-http-separate-frontend-and-backend - name: mig-nat-http-lb diff --git a/modules/backend/metadata.yaml b/modules/backend/metadata.yaml index 814a3bf0..25c4ba00 100644 --- a/modules/backend/metadata.yaml +++ b/modules/backend/metadata.yaml @@ -50,6 +50,8 @@ spec: location: examples/https-gke - name: https-redirect location: examples/https-redirect + - name: internal-lb-cloud-run + location: examples/internal-lb-cloud-run - name: lb-http-separate-frontend-and-backend location: examples/lb-http-separate-frontend-and-backend - name: mig-nat-http-lb diff --git a/modules/dynamic_backends/metadata.yaml b/modules/dynamic_backends/metadata.yaml index cad75afd..4843a4b9 100644 --- a/modules/dynamic_backends/metadata.yaml +++ b/modules/dynamic_backends/metadata.yaml @@ -50,6 +50,8 @@ spec: location: examples/https-gke - name: https-redirect location: examples/https-redirect + - name: internal-lb-cloud-run + location: examples/internal-lb-cloud-run - name: lb-http-separate-frontend-and-backend location: examples/lb-http-separate-frontend-and-backend - name: mig-nat-http-lb diff --git a/modules/frontend/README.md b/modules/frontend/README.md index 95525015..57e9af3a 100644 --- a/modules/frontend/README.md +++ b/modules/frontend/README.md @@ -19,12 +19,13 @@ This module creates `HTTP(S) forwarding rule` and its dependencies. This modules | http\_port | The port for the HTTP load balancer | `number` | `80` | no | | https\_port | The port for the HTTPS load balancer | `number` | `443` | no | | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no | +| internal\_forwarding\_rule\_subnetworks | List of fully-qualified subnetwork IDs (e.g., projects/my-project/regions/us-central1/subnetworks/my-subnet). | `list(string)` | `[]` | no | | ipv6\_address | An existing IPv6 address to use (the actual IP address value) | `string` | `null` | no | | labels | The labels to attach to resources created by this module | `map(string)` | `{}` | no | -| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, INTERNAL\_SELF\_MANAGED for traffic director and INTERNAL_MANAGED for cross-regional internal Envoy-based load balancer) | `string` | `"EXTERNAL_MANAGED"` | no | +| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL_MANAGED"` | no | | managed\_ssl\_certificate\_domains | Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` | `list(string)` | `[]` | no | | name | Name for the forwarding rule and prefix for supporting resources | `string` | n/a | yes | -| network | Network for INTERNAL\_SELF\_MANAGED load balancing scheme | `string` | `"default"` | no | +| network | Network for INTERNAL\_SELF\_MANAGED/INTERNAL\_MANAGED load balancing scheme | `string` | `"default"` | no | | private\_key | Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no | | project\_id | The project to deploy to, if not set the default provider project is used. | `string` | n/a | yes | | quic | Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. | `bool` | `null` | no | @@ -40,13 +41,14 @@ This module creates `HTTP(S) forwarding rule` and its dependencies. This modules | Name | Description | |------|-------------| -| ip\_address\_http\_internal\_managed| The internal IPv4s assigned to the global internal fowarding rules. | | external\_ip | The external IPv4 assigned to the global fowarding rule. | | external\_ipv6\_address | The external IPv6 assigned to the global fowarding rule. | | http\_proxy | The HTTP proxy used by this module. | | https\_proxy | The HTTPS proxy used by this module. | +| ip\_address\_internal\_managed\_http | The internal/external IP addresses assigned to the HTTP forwarding rules. | +| ip\_address\_internal\_managed\_https | The internal/external IP addresses assigned to the HTTPS forwarding rules. | | ipv6\_enabled | Whether IPv6 configuration is enabled on this load-balancer | | ssl\_certificate\_created | The SSL certificate create from key/pem | | url\_map | The default URL map used by this module. | - + \ No newline at end of file diff --git a/modules/frontend/metadata.yaml b/modules/frontend/metadata.yaml index 39b549b2..8644c2e2 100644 --- a/modules/frontend/metadata.yaml +++ b/modules/frontend/metadata.yaml @@ -50,6 +50,8 @@ spec: location: examples/https-gke - name: https-redirect location: examples/https-redirect + - name: internal-lb-cloud-run + location: examples/internal-lb-cloud-run - name: lb-http-separate-frontend-and-backend location: examples/lb-http-separate-frontend-and-backend - name: mig-nat-http-lb @@ -168,7 +170,7 @@ spec: varType: string defaultValue: EXTERNAL_MANAGED - name: network - description: Network for INTERNAL_SELF_MANAGED load balancing scheme + description: Network for INTERNAL_SELF_MANAGED/INTERNAL_MANAGED load balancing scheme varType: string defaultValue: default - name: server_tls_policy @@ -185,6 +187,10 @@ spec: - name: http_keep_alive_timeout_sec description: Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). varType: number + - name: internal_forwarding_rule_subnetworks + description: List of fully-qualified subnetwork IDs (e.g., projects/my-project/regions/us-central1/subnetworks/my-subnet). + varType: list(string) + defaultValue: [] outputs: - name: external_ip description: The external IPv4 assigned to the global fowarding rule. @@ -198,6 +204,10 @@ spec: - name: https_proxy description: The HTTPS proxy used by this module. type: string + - name: ip_address_internal_managed_http + description: The internal/external IP addresses assigned to the HTTP forwarding rules. + - name: ip_address_internal_managed_https + description: The internal/external IP addresses assigned to the HTTPS forwarding rules. - name: ipv6_enabled description: Whether IPv6 configuration is enabled on this load-balancer type: bool diff --git a/modules/serverless_negs/metadata.yaml b/modules/serverless_negs/metadata.yaml index 1ba53db8..16348932 100644 --- a/modules/serverless_negs/metadata.yaml +++ b/modules/serverless_negs/metadata.yaml @@ -50,6 +50,8 @@ spec: location: examples/https-gke - name: https-redirect location: examples/https-redirect + - name: internal-lb-cloud-run + location: examples/internal-lb-cloud-run - name: lb-http-separate-frontend-and-backend location: examples/lb-http-separate-frontend-and-backend - name: mig-nat-http-lb From 1cf6c0d79691d3f5372bc4cc5aab691eef0e6a85 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 12 Mar 2025 06:02:05 +0000 Subject: [PATCH 18/41] chore: added newline --- modules/frontend/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/frontend/variables.tf b/modules/frontend/variables.tf index 8fa42095..08dcf94d 100644 --- a/modules/frontend/variables.tf +++ b/modules/frontend/variables.tf @@ -203,4 +203,4 @@ variable "internal_forwarding_rule_subnetworks" { description = "List of fully-qualified subnetwork IDs (e.g., projects/my-project/regions/us-central1/subnetworks/my-subnet)." type = list(string) default = [] -} \ No newline at end of file +} From 0267ef8b42b5538887f9ecee3901ce666ac7abb4 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 12 Mar 2025 07:51:12 +0000 Subject: [PATCH 19/41] fix: added source registry --- examples/internal-lb-cloud-run/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index b63492d6..52c03593 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -95,8 +95,8 @@ module "backend-service-region-b" { } module "internal-lb-http-backend" { - source = "../../modules/backend" # use registry - #version = "~> 12.1.1" + source = "terraform-google-modules/lb-http/google//modules/frontend" + version = "~> 12.1.1" project_id = var.project_id name = "int-lb-http-backend" @@ -110,8 +110,8 @@ module "internal-lb-http-backend" { } module "internal-lb-http-frontend" { - source = "../../modules/frontend" # use registry - #version = "~> 12.1.1" + source = "terraform-google-modules/lb-http/google//modules/frontend" + version = "~> 12.1.1" project_id = var.project_id name = "int-lb-http-frontend" From 5fd73946f55b0054932f28eeea829c9f9d119874 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 12 Mar 2025 09:30:50 +0000 Subject: [PATCH 20/41] chore: updated metadata --- metadata.yaml | 1 + modules/backend/metadata.yaml | 1 + modules/dynamic_backends/metadata.yaml | 1 + modules/frontend/metadata.yaml | 1 + modules/serverless_negs/metadata.yaml | 1 + 5 files changed, 5 insertions(+) diff --git a/metadata.yaml b/metadata.yaml index ab9a4a29..000087aa 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -348,6 +348,7 @@ spec: - run.googleapis.com - iam.googleapis.com - certificatemanager.googleapis.com + - vpcaccess.googleapis.com providerVersions: - source: hashicorp/google version: ">= 6.0, < 7" diff --git a/modules/backend/metadata.yaml b/modules/backend/metadata.yaml index 25c4ba00..ce3fe1d4 100644 --- a/modules/backend/metadata.yaml +++ b/modules/backend/metadata.yaml @@ -315,6 +315,7 @@ spec: - run.googleapis.com - iam.googleapis.com - certificatemanager.googleapis.com + - vpcaccess.googleapis.com providerVersions: - source: hashicorp/google version: ">= 6.0, < 7" diff --git a/modules/dynamic_backends/metadata.yaml b/modules/dynamic_backends/metadata.yaml index 4843a4b9..09a0c387 100644 --- a/modules/dynamic_backends/metadata.yaml +++ b/modules/dynamic_backends/metadata.yaml @@ -340,6 +340,7 @@ spec: - run.googleapis.com - iam.googleapis.com - certificatemanager.googleapis.com + - vpcaccess.googleapis.com providerVersions: - source: hashicorp/google version: ">= 6.0, < 7" diff --git a/modules/frontend/metadata.yaml b/modules/frontend/metadata.yaml index 8644c2e2..83ca5eec 100644 --- a/modules/frontend/metadata.yaml +++ b/modules/frontend/metadata.yaml @@ -237,6 +237,7 @@ spec: - run.googleapis.com - iam.googleapis.com - certificatemanager.googleapis.com + - vpcaccess.googleapis.com providerVersions: - source: hashicorp/google version: ">= 6.0, < 7" diff --git a/modules/serverless_negs/metadata.yaml b/modules/serverless_negs/metadata.yaml index 16348932..e05fd500 100644 --- a/modules/serverless_negs/metadata.yaml +++ b/modules/serverless_negs/metadata.yaml @@ -304,6 +304,7 @@ spec: - run.googleapis.com - iam.googleapis.com - certificatemanager.googleapis.com + - vpcaccess.googleapis.com providerVersions: - source: hashicorp/google version: ">= 6.0, < 7" From a86f3d89c4d125bd36abf4ec7606583cffca798f Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 12 Mar 2025 09:44:33 +0000 Subject: [PATCH 21/41] feat: added test --- build/int.cloudbuild.yaml | 16 +++++++ examples/internal-lb-cloud-run/outputs.tf | 21 ++++++++ .../internal_lb_cloud_run_test.go | 48 +++++++++++++++++++ test/setup/main.tf | 2 + 4 files changed, 87 insertions(+) create mode 100644 examples/internal-lb-cloud-run/outputs.tf create mode 100644 test/integration/internal-lb-cloud-run/internal_lb_cloud_run_test.go diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index 37f90561..f069df3e 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -127,6 +127,22 @@ steps: - verify lb-http-separate-frontend-and-backend name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' args: ['/bin/bash', '-c', 'cft test run TestSeparateFrontendAndBackend --stage teardown --verbose'] + # Internal cross regional http load balancer with cloud-run +- id: apply internal-lb-http + waitFor: + - init-all + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestInternalLbCloudRun --stage apply --verbose'] +- id: verify internal-lb-http + waitFor: + - apply internal-lb-http + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'sleep 360 && cft test run TestInternalLbCloudRun --stage verify --verbose'] +- id: teardown internal-lb-http + waitFor: + - verify internal-lb-http + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestInternalLbCloudRun --stage teardown --verbose'] tags: - 'ci' - 'integration' diff --git a/examples/internal-lb-cloud-run/outputs.tf b/examples/internal-lb-cloud-run/outputs.tf new file mode 100644 index 00000000..c4726269 --- /dev/null +++ b/examples/internal-lb-cloud-run/outputs.tf @@ -0,0 +1,21 @@ +/** + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + output "external_cloudrun_uris" { + description = "List of URIs for the frontend Cloud Run services" + value = [module.frontend-service-a.service_uri, module.frontend-service-b.service_uri] + } + \ No newline at end of file diff --git a/test/integration/internal-lb-cloud-run/internal_lb_cloud_run_test.go b/test/integration/internal-lb-cloud-run/internal_lb_cloud_run_test.go new file mode 100644 index 00000000..f97a11e1 --- /dev/null +++ b/test/integration/internal-lb-cloud-run/internal_lb_cloud_run_test.go @@ -0,0 +1,48 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal_lb_cloud_run + +import ( + "testing" + "fmt" + + "net/http" + + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/utils" + "github.com/stretchr/testify/assert" +) + +func TestInternalLbCloudRun(t *testing.T) { + bpt := tft.NewTFBlueprintTest(t) + + bpt.DefineVerify(func(assert *assert.Assertions) { + bpt.DefaultVerify(assert) + + cloudRunURIs := bpt.GetStringOutputList("external_cloudrun_uris") + + assertHttp := utils.NewAssertHTTP() + + for _, uri := range cloudRunURIs { + httpRequest, err := http.NewRequest("GET", uri, nil) + if err != nil { + t.Fatalf("Failed to create HTTP request for %s: %v", uri, err) + } + assertHttp.AssertResponse(t, httpRequest, http.StatusOK) + } + }) + + bpt.Test() +} \ No newline at end of file diff --git a/test/setup/main.tf b/test/setup/main.tf index c158fa58..3d51ae0c 100644 --- a/test/setup/main.tf +++ b/test/setup/main.tf @@ -36,6 +36,7 @@ module "project-ci-lb-http" { "run.googleapis.com", "iam.googleapis.com", "certificatemanager.googleapis.com", + "vpcaccess.googleapis.com", ] } @@ -61,5 +62,6 @@ module "project-ci-lb-http-1" { "run.googleapis.com", "iam.googleapis.com", "certificatemanager.googleapis.com", + "vpcaccess.googleapis.com", ] } From 3515fdbb6445d360aa3a36debdb308dd911cfbb0 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 12 Mar 2025 09:59:48 +0000 Subject: [PATCH 22/41] chore: lint --- examples/internal-lb-cloud-run/main.tf | 4 ++-- examples/internal-lb-cloud-run/outputs.tf | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index 52c03593..30996433 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -95,7 +95,7 @@ module "backend-service-region-b" { } module "internal-lb-http-backend" { - source = "terraform-google-modules/lb-http/google//modules/frontend" + source = "terraform-google-modules/lb-http/google//modules/frontend" version = "~> 12.1.1" project_id = var.project_id @@ -110,7 +110,7 @@ module "internal-lb-http-backend" { } module "internal-lb-http-frontend" { - source = "terraform-google-modules/lb-http/google//modules/frontend" + source = "terraform-google-modules/lb-http/google//modules/frontend" version = "~> 12.1.1" project_id = var.project_id diff --git a/examples/internal-lb-cloud-run/outputs.tf b/examples/internal-lb-cloud-run/outputs.tf index c4726269..22772df2 100644 --- a/examples/internal-lb-cloud-run/outputs.tf +++ b/examples/internal-lb-cloud-run/outputs.tf @@ -14,8 +14,7 @@ * limitations under the License. */ - output "external_cloudrun_uris" { - description = "List of URIs for the frontend Cloud Run services" - value = [module.frontend-service-a.service_uri, module.frontend-service-b.service_uri] - } - \ No newline at end of file +output "external_cloudrun_uris" { + description = "List of URIs for the frontend Cloud Run services" + value = [module.frontend-service-a.service_uri, module.frontend-service-b.service_uri] +} From d0e98e82c76a3442efd4d32aff6765abde897b42 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 12 Mar 2025 10:14:05 +0000 Subject: [PATCH 23/41] chore: lint --- examples/internal-lb-cloud-run/readme.md | 2 +- modules/frontend/README.md | 2 +- .../internal-lb-cloud-run/internal_lb_cloud_run_test.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/internal-lb-cloud-run/readme.md b/examples/internal-lb-cloud-run/readme.md index 99350385..444c6e16 100644 --- a/examples/internal-lb-cloud-run/readme.md +++ b/examples/internal-lb-cloud-run/readme.md @@ -17,4 +17,4 @@ The forwarding rules and its dependecies are created as part of `frontend` modul |------|-------------|------|---------|:--------:| | project\_id | n/a | `string` | n/a | yes | - \ No newline at end of file + diff --git a/modules/frontend/README.md b/modules/frontend/README.md index 57e9af3a..7b501fca 100644 --- a/modules/frontend/README.md +++ b/modules/frontend/README.md @@ -51,4 +51,4 @@ This module creates `HTTP(S) forwarding rule` and its dependencies. This modules | ssl\_certificate\_created | The SSL certificate create from key/pem | | url\_map | The default URL map used by this module. | - \ No newline at end of file + diff --git a/test/integration/internal-lb-cloud-run/internal_lb_cloud_run_test.go b/test/integration/internal-lb-cloud-run/internal_lb_cloud_run_test.go index f97a11e1..bf5981b8 100644 --- a/test/integration/internal-lb-cloud-run/internal_lb_cloud_run_test.go +++ b/test/integration/internal-lb-cloud-run/internal_lb_cloud_run_test.go @@ -45,4 +45,4 @@ func TestInternalLbCloudRun(t *testing.T) { }) bpt.Test() -} \ No newline at end of file +} From f351557cd02a421012220776919f67eb39b4193e Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 12 Mar 2025 10:32:26 +0000 Subject: [PATCH 24/41] fix: fixed module versions --- examples/internal-lb-cloud-run/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index 30996433..793c4f39 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -95,8 +95,8 @@ module "backend-service-region-b" { } module "internal-lb-http-backend" { - source = "terraform-google-modules/lb-http/google//modules/frontend" - version = "~> 12.1.1" + source = "terraform-google-modules/lb-http/google//modules/backend" + version = "~> 12.0" project_id = var.project_id name = "int-lb-http-backend" @@ -111,7 +111,7 @@ module "internal-lb-http-backend" { module "internal-lb-http-frontend" { source = "terraform-google-modules/lb-http/google//modules/frontend" - version = "~> 12.1.1" + version = "~> 12.0" project_id = var.project_id name = "int-lb-http-frontend" From 72cb5b909ae1c47d307a792cb5e0ea7f2d09e6c4 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 12 Mar 2025 19:49:16 +0000 Subject: [PATCH 25/41] chore: removed unused dependencies --- .../internal-lb-cloud-run/internal_lb_cloud_run_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/test/integration/internal-lb-cloud-run/internal_lb_cloud_run_test.go b/test/integration/internal-lb-cloud-run/internal_lb_cloud_run_test.go index bf5981b8..6472a313 100644 --- a/test/integration/internal-lb-cloud-run/internal_lb_cloud_run_test.go +++ b/test/integration/internal-lb-cloud-run/internal_lb_cloud_run_test.go @@ -16,7 +16,6 @@ package internal_lb_cloud_run import ( "testing" - "fmt" "net/http" From 74f0cf58376315f93ad82e88392773846a0038c7 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 12 Mar 2025 20:11:32 +0000 Subject: [PATCH 26/41] fix: added wait for create --- build/int.cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index f069df3e..d3b0f7b8 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -130,7 +130,7 @@ steps: # Internal cross regional http load balancer with cloud-run - id: apply internal-lb-http waitFor: - - init-all + - create name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' args: ['/bin/bash', '-c', 'cft test run TestInternalLbCloudRun --stage apply --verbose'] - id: verify internal-lb-http From e97af8bd1e436e1cc0dad682bf0e875527db8090 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 12 Mar 2025 23:12:03 +0000 Subject: [PATCH 27/41] fix: added owner role in test setup --- test/setup/iam.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/setup/iam.tf b/test/setup/iam.tf index 6cba4dca..d155713b 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -20,7 +20,8 @@ locals { "roles/compute.admin", "roles/run.admin", "roles/iam.serviceAccountUser", - "roles/certificatemanager.owner" + "roles/certificatemanager.owner", + "roles/owner" ] int_required_folder_roles = [ "roles/compute.xpnAdmin" From 6435ec72101037f0fa197a8531f064571d51b22b Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 12 Mar 2025 23:14:33 +0000 Subject: [PATCH 28/41] chore: updated metadata --- metadata.yaml | 1 + modules/backend/metadata.yaml | 1 + modules/dynamic_backends/metadata.yaml | 1 + modules/frontend/metadata.yaml | 1 + modules/serverless_negs/metadata.yaml | 1 + 5 files changed, 5 insertions(+) diff --git a/metadata.yaml b/metadata.yaml index 000087aa..64dfbda0 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -340,6 +340,7 @@ spec: - roles/run.admin - roles/iam.serviceAccountUser - roles/certificatemanager.owner + - roles/owner services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/backend/metadata.yaml b/modules/backend/metadata.yaml index ce3fe1d4..7cd0ae3c 100644 --- a/modules/backend/metadata.yaml +++ b/modules/backend/metadata.yaml @@ -307,6 +307,7 @@ spec: - roles/run.admin - roles/iam.serviceAccountUser - roles/certificatemanager.owner + - roles/owner services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/dynamic_backends/metadata.yaml b/modules/dynamic_backends/metadata.yaml index 09a0c387..e559a73e 100644 --- a/modules/dynamic_backends/metadata.yaml +++ b/modules/dynamic_backends/metadata.yaml @@ -332,6 +332,7 @@ spec: - roles/run.admin - roles/iam.serviceAccountUser - roles/certificatemanager.owner + - roles/owner services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/frontend/metadata.yaml b/modules/frontend/metadata.yaml index 83ca5eec..42a21e2a 100644 --- a/modules/frontend/metadata.yaml +++ b/modules/frontend/metadata.yaml @@ -229,6 +229,7 @@ spec: - roles/run.admin - roles/iam.serviceAccountUser - roles/certificatemanager.owner + - roles/owner services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/serverless_negs/metadata.yaml b/modules/serverless_negs/metadata.yaml index e05fd500..361452d7 100644 --- a/modules/serverless_negs/metadata.yaml +++ b/modules/serverless_negs/metadata.yaml @@ -296,6 +296,7 @@ spec: - roles/run.admin - roles/iam.serviceAccountUser - roles/certificatemanager.owner + - roles/owner services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com From 66cfc367fb3475db9727d0c053a4597dfef3b7b1 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Thu, 13 Mar 2025 00:26:41 +0000 Subject: [PATCH 29/41] fix: added correct dependencies for terraform destroy --- examples/internal-lb-cloud-run/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index 793c4f39..9c0ac6bd 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -122,7 +122,7 @@ module "internal-lb-http-frontend" { google_compute_subnetwork.internal_lb_subnet_a.id, google_compute_subnetwork.internal_lb_subnet_b.id ] - #depends_on = [google_compute_subnetwork.internal_lb_proxy_only_a, google_compute_subnetwork.internal_lb_proxy_only_b, google_compute_subnetwork.internal_lb_subnet_a, google_compute_network.internal_lb_subnet_b] + depends_on = [google_compute_subnetwork.internal_lb_proxy_only_a, google_compute_subnetwork.internal_lb_proxy_only_b] } resource "google_vpc_access_connector" "internal_lb_vpc_connector" { From 9debd261cce014e1aaf3b21ad70d7ca24dbe28a2 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Mon, 17 Mar 2025 06:36:09 +0000 Subject: [PATCH 30/41] fix: removed owner roles and added service specific roles --- metadata.yaml | 3 ++- modules/backend/metadata.yaml | 3 ++- modules/dynamic_backends/metadata.yaml | 3 ++- modules/frontend/metadata.yaml | 3 ++- modules/serverless_negs/metadata.yaml | 3 ++- test/setup/iam.tf | 5 +++-- 6 files changed, 13 insertions(+), 7 deletions(-) diff --git a/metadata.yaml b/metadata.yaml index 64dfbda0..5bec1932 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -340,7 +340,8 @@ spec: - roles/run.admin - roles/iam.serviceAccountUser - roles/certificatemanager.owner - - roles/owner + - roles/vpcaccess.admin + - roles/iam.serviceAccountCreator services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/backend/metadata.yaml b/modules/backend/metadata.yaml index 7cd0ae3c..39990157 100644 --- a/modules/backend/metadata.yaml +++ b/modules/backend/metadata.yaml @@ -307,7 +307,8 @@ spec: - roles/run.admin - roles/iam.serviceAccountUser - roles/certificatemanager.owner - - roles/owner + - roles/vpcaccess.admin + - roles/iam.serviceAccountCreator services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/dynamic_backends/metadata.yaml b/modules/dynamic_backends/metadata.yaml index e559a73e..4e15ea65 100644 --- a/modules/dynamic_backends/metadata.yaml +++ b/modules/dynamic_backends/metadata.yaml @@ -332,7 +332,8 @@ spec: - roles/run.admin - roles/iam.serviceAccountUser - roles/certificatemanager.owner - - roles/owner + - roles/vpcaccess.admin + - roles/iam.serviceAccountCreator services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/frontend/metadata.yaml b/modules/frontend/metadata.yaml index 42a21e2a..0b9f78f7 100644 --- a/modules/frontend/metadata.yaml +++ b/modules/frontend/metadata.yaml @@ -229,7 +229,8 @@ spec: - roles/run.admin - roles/iam.serviceAccountUser - roles/certificatemanager.owner - - roles/owner + - roles/vpcaccess.admin + - roles/iam.serviceAccountCreator services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/serverless_negs/metadata.yaml b/modules/serverless_negs/metadata.yaml index 361452d7..18497277 100644 --- a/modules/serverless_negs/metadata.yaml +++ b/modules/serverless_negs/metadata.yaml @@ -296,7 +296,8 @@ spec: - roles/run.admin - roles/iam.serviceAccountUser - roles/certificatemanager.owner - - roles/owner + - roles/vpcaccess.admin + - roles/iam.serviceAccountCreator services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/test/setup/iam.tf b/test/setup/iam.tf index d155713b..0e297091 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -19,9 +19,10 @@ locals { "roles/storage.admin", "roles/compute.admin", "roles/run.admin", - "roles/iam.serviceAccountUser", + "roles/iam.serviceAccountUser", "roles/certificatemanager.owner", - "roles/owner" + "roles/vpcaccess.admin", + "roles/iam.serviceAccountCreator" ] int_required_folder_roles = [ "roles/compute.xpnAdmin" From b92d6f7fd00e1f2169eb2a7074807739d562c3dd Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Mon, 17 Mar 2025 06:42:28 +0000 Subject: [PATCH 31/41] chore: lint --- test/setup/iam.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/setup/iam.tf b/test/setup/iam.tf index 0e297091..5a61ae81 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -19,7 +19,7 @@ locals { "roles/storage.admin", "roles/compute.admin", "roles/run.admin", - "roles/iam.serviceAccountUser", + "roles/iam.serviceAccountUser", "roles/certificatemanager.owner", "roles/vpcaccess.admin", "roles/iam.serviceAccountCreator" From a04358e06754b572b6239df6401d7091bd55399f Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Mon, 17 Mar 2025 08:44:36 +0000 Subject: [PATCH 32/41] fix: added service account admin role --- metadata.yaml | 2 +- modules/backend/metadata.yaml | 2 +- modules/dynamic_backends/metadata.yaml | 2 +- modules/frontend/metadata.yaml | 2 +- modules/serverless_negs/metadata.yaml | 2 +- test/setup/iam.tf | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/metadata.yaml b/metadata.yaml index 5bec1932..72db8795 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -341,7 +341,7 @@ spec: - roles/iam.serviceAccountUser - roles/certificatemanager.owner - roles/vpcaccess.admin - - roles/iam.serviceAccountCreator + - roles/iam.serviceAccountAdmin services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/backend/metadata.yaml b/modules/backend/metadata.yaml index 39990157..b45c3b27 100644 --- a/modules/backend/metadata.yaml +++ b/modules/backend/metadata.yaml @@ -308,7 +308,7 @@ spec: - roles/iam.serviceAccountUser - roles/certificatemanager.owner - roles/vpcaccess.admin - - roles/iam.serviceAccountCreator + - roles/iam.serviceAccountAdmin services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/dynamic_backends/metadata.yaml b/modules/dynamic_backends/metadata.yaml index 4e15ea65..af4894f7 100644 --- a/modules/dynamic_backends/metadata.yaml +++ b/modules/dynamic_backends/metadata.yaml @@ -333,7 +333,7 @@ spec: - roles/iam.serviceAccountUser - roles/certificatemanager.owner - roles/vpcaccess.admin - - roles/iam.serviceAccountCreator + - roles/iam.serviceAccountAdmin services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/frontend/metadata.yaml b/modules/frontend/metadata.yaml index 0b9f78f7..fbbaa472 100644 --- a/modules/frontend/metadata.yaml +++ b/modules/frontend/metadata.yaml @@ -230,7 +230,7 @@ spec: - roles/iam.serviceAccountUser - roles/certificatemanager.owner - roles/vpcaccess.admin - - roles/iam.serviceAccountCreator + - roles/iam.serviceAccountAdmin services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/modules/serverless_negs/metadata.yaml b/modules/serverless_negs/metadata.yaml index 18497277..f709bc65 100644 --- a/modules/serverless_negs/metadata.yaml +++ b/modules/serverless_negs/metadata.yaml @@ -297,7 +297,7 @@ spec: - roles/iam.serviceAccountUser - roles/certificatemanager.owner - roles/vpcaccess.admin - - roles/iam.serviceAccountCreator + - roles/iam.serviceAccountAdmin services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com diff --git a/test/setup/iam.tf b/test/setup/iam.tf index 5a61ae81..033e829d 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -22,7 +22,7 @@ locals { "roles/iam.serviceAccountUser", "roles/certificatemanager.owner", "roles/vpcaccess.admin", - "roles/iam.serviceAccountCreator" + "roles/iam.serviceAccountAdmin" ] int_required_folder_roles = [ "roles/compute.xpnAdmin" From 263c89b00703a498c6271894f5d7e962ac434f1d Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 19 Mar 2025 07:49:53 +0000 Subject: [PATCH 33/41] fix: updated the variable to use map instead of list --- examples/internal-lb-cloud-run/main.tf | 20 +++++++++------ modules/frontend/main.tf | 34 ++++++++++++++------------ modules/frontend/variables.tf | 9 +++++++ 3 files changed, 39 insertions(+), 24 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index 9c0ac6bd..8dbabb67 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -95,8 +95,8 @@ module "backend-service-region-b" { } module "internal-lb-http-backend" { - source = "terraform-google-modules/lb-http/google//modules/backend" - version = "~> 12.0" + source = "../../modules/backend" + #version = "~> 12.0" project_id = var.project_id name = "int-lb-http-backend" @@ -110,18 +110,22 @@ module "internal-lb-http-backend" { } module "internal-lb-http-frontend" { - source = "terraform-google-modules/lb-http/google//modules/frontend" - version = "~> 12.0" + source = "../../modules/frontend" + #version = "~> 12.0" project_id = var.project_id name = "int-lb-http-frontend" url_map_input = module.internal-lb-http-backend.backend_service_info network = google_compute_network.internal_lb_network.name load_balancing_scheme = "INTERNAL_MANAGED" - internal_forwarding_rule_subnetworks = [ - google_compute_subnetwork.internal_lb_subnet_a.id, - google_compute_subnetwork.internal_lb_subnet_b.id - ] + internal_forwarding_rule_configs = { + "1" : { + "subnetwork" : google_compute_subnetwork.internal_lb_subnet_a.id + }, + "2" : { + "subnetwork" : google_compute_subnetwork.internal_lb_subnet_b.id + } + } depends_on = [google_compute_subnetwork.internal_lb_proxy_only_a, google_compute_subnetwork.internal_lb_proxy_only_b] } diff --git a/modules/frontend/main.tf b/modules/frontend/main.tf index 208d0fed..9c256713 100644 --- a/modules/frontend/main.tf +++ b/modules/frontend/main.tf @@ -58,17 +58,18 @@ resource "google_compute_global_forwarding_rule" "http" { } resource "google_compute_global_forwarding_rule" "internal_managed_http" { - count = local.create_http_forward && local.is_internal_managed ? length(var.internal_forwarding_rule_subnetworks) : 0 + for_each = local.create_http_forward && local.is_internal_managed ? var.internal_forwarding_rule_configs : {} provider = google-beta project = var.project_id - name = "${var.name}-internal-managed-http-${count.index}" + name = "${var.name}-internal-managed-http-${each.key}" target = google_compute_target_http_proxy.default[0].self_link port_range = var.http_port labels = var.labels load_balancing_scheme = var.load_balancing_scheme network = local.internal_network - subnetwork = var.internal_forwarding_rule_subnetworks[count.index] + subnetwork = each.value.subnetwork + ip_address = each.value.address } resource "google_compute_global_forwarding_rule" "https" { @@ -85,22 +86,23 @@ resource "google_compute_global_forwarding_rule" "https" { } resource "google_compute_global_forwarding_rule" "internal_managed_https" { - count = var.ssl && local.is_internal_managed ? length(var.internal_forwarding_rule_subnetworks) : 0 + for_each = var.ssl && local.is_internal_managed ? var.internal_forwarding_rule_configs : {} provider = google-beta project = var.project_id - name = "${var.name}-internal-managed-https-${count.index}" + name = "${var.name}-internal-managed-https-${each.key}" target = google_compute_target_https_proxy.default[0].self_link port_range = var.https_port labels = var.labels load_balancing_scheme = var.load_balancing_scheme network = local.internal_network - subnetwork = var.internal_forwarding_rule_subnetworks[count.index] + subnetwork = each.value.subnetwork + ip_address = each.value.address } resource "google_compute_global_address" "default" { provider = google-beta - count = local.is_internal_self_managed ? 0 : var.create_address ? 1 : 0 + count = local.is_internal_self_managed || local.is_internal_managed ? 0 : var.create_address ? 1 : 0 project = var.project_id name = "${var.name}-address" ip_version = "IPV4" @@ -123,17 +125,17 @@ resource "google_compute_global_forwarding_rule" "http_ipv6" { } resource "google_compute_global_forwarding_rule" "internal_managed_http_ipv6" { - count = var.enable_ipv6 && local.create_http_forward && local.is_internal_managed ? length(var.internal_forwarding_rule_subnetworks) : 0 + for_each = var.enable_ipv6 && local.create_http_forward && local.is_internal_managed ? var.internal_forwarding_rule_configs : {} provider = google-beta project = var.project_id - name = "${var.name}-internal-managed-http-ipv6-${count.index}" + name = "${var.name}-internal-managed-http-ipv6-${each.key}" target = google_compute_target_http_proxy.default[0].self_link port_range = "80" labels = var.labels load_balancing_scheme = var.load_balancing_scheme - network = local.internal_network - subnetwork = var.internal_forwarding_rule_subnetworks[count.index] + subnetwork = each.value.subnetwork + ip_address = each.value.address } resource "google_compute_global_forwarding_rule" "https_ipv6" { @@ -150,22 +152,22 @@ resource "google_compute_global_forwarding_rule" "https_ipv6" { } resource "google_compute_global_forwarding_rule" "internal_managed_https_ipv6" { - count = var.enable_ipv6 && var.ssl && local.is_internal_managed ? length(var.internal_forwarding_rule_subnetworks) : 0 + for_each = var.enable_ipv6 && var.ssl && local.is_internal_managed ? var.internal_forwarding_rule_configs : {} provider = google-beta project = var.project_id - name = "${var.name}-internal-managed-https-ipv6-${count.index}" + name = "${var.name}-internal-managed-https-ipv6-${each.key}" target = google_compute_target_https_proxy.default[0].self_link port_range = "443" labels = var.labels load_balancing_scheme = var.load_balancing_scheme - network = local.internal_network - subnetwork = var.internal_forwarding_rule_subnetworks[count.index] + subnetwork = each.value.subnetwork + ip_address = each.value.address } resource "google_compute_global_address" "default_ipv6" { provider = google-beta - count = local.is_internal_self_managed ? 0 : (var.enable_ipv6 && var.create_ipv6_address) ? 1 : 0 + count = local.is_internal_self_managed || local.is_internal_managed ? 0 : (var.enable_ipv6 && var.create_ipv6_address) ? 1 : 0 project = var.project_id name = "${var.name}-ipv6-address" ip_version = "IPV6" diff --git a/modules/frontend/variables.tf b/modules/frontend/variables.tf index 08dcf94d..6a6f206d 100644 --- a/modules/frontend/variables.tf +++ b/modules/frontend/variables.tf @@ -204,3 +204,12 @@ variable "internal_forwarding_rule_subnetworks" { type = list(string) default = [] } + +variable "internal_forwarding_rule_configs" { + description = "Map of internal managed forwarding rule configs. One of 'address' or 'subnetwork' is required for each." + type = map(object({ + address = optional(string) + subnetwork = optional(string) + })) + default = {} +} \ No newline at end of file From 68227a76a00e5918ee417dc9f02866a9e12a5607 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 19 Mar 2025 09:04:08 +0000 Subject: [PATCH 34/41] fix: using modules instead of resources --- examples/internal-lb-cloud-run/main.tf | 87 +++++++++++++------------- 1 file changed, 42 insertions(+), 45 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index 8dbabb67..312667f0 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -22,50 +22,48 @@ provider "google-beta" { project = var.project_id } -resource "google_compute_network" "internal_lb_network" { - name = "int-lb-network" - auto_create_subnetworks = "false" - project = var.project_id +module "internal-lb-network" { + source = "terraform-google-modules/network/google//modules/vpc" + version = "~> 10.0.0" + project_id = var.project_id + network_name = "int-lb-network" + auto_create_subnetworks = false } -resource "google_compute_subnetwork" "internal_lb_subnet_a" { - name = "int-lb-subnet-a" - ip_cidr_range = "10.1.2.0/24" - network = google_compute_network.internal_lb_network.id - region = "us-east1" - project = var.project_id - depends_on = [google_compute_network.internal_lb_network] -} - -resource "google_compute_subnetwork" "internal_lb_proxy_only_a" { - name = "int-lb-proxy-only-subnet-a" - ip_cidr_range = "10.129.0.0/23" - network = google_compute_network.internal_lb_network.id - purpose = "GLOBAL_MANAGED_PROXY" - region = "us-east1" - project = var.project_id - role = "ACTIVE" - depends_on = [google_compute_network.internal_lb_network] -} +module "internal-lb-subnet" { + source = "terraform-google-modules/network/google//modules/subnets" + version = "~> 10.0.0" -resource "google_compute_subnetwork" "internal_lb_subnet_b" { - name = "int-lb-subnet-b" - ip_cidr_range = "10.1.3.0/24" - network = google_compute_network.internal_lb_network.id - region = "us-south1" - project = var.project_id - depends_on = [google_compute_network.internal_lb_network] -} + subnets = [ + { + subnet_name = "int-lb-subnet-a" + subnet_ip = "10.1.2.0/24" + subnet_region = "us-east1" + }, + { + subnet_name = "int-lb-proxy-only-subnet-a" + subnet_ip = "10.129.0.0/23" + subnet_region = "us-east1" + purpose = "GLOBAL_MANAGED_PROXY" + role = "ACTIVE" + }, + { + subnet_name = "int-lb-subnet-b" + subnet_ip = "10.1.3.0/24" + subnet_region = "us-south1" + }, + { + subnet_name = "int-lb-proxy-only-subnet-b", + subnet_ip = "10.130.0.0/23" + subnet_region = "us-south1" + purpose = "GLOBAL_MANAGED_PROXY" + role = "ACTIVE" + } + ] -resource "google_compute_subnetwork" "internal_lb_proxy_only_b" { - name = "int-lb-proxy-only-subnet-b" - ip_cidr_range = "10.130.0.0/23" - network = google_compute_network.internal_lb_network.id - purpose = "GLOBAL_MANAGED_PROXY" - region = "us-south1" - project = var.project_id - role = "ACTIVE" - depends_on = [google_compute_network.internal_lb_network] + network_name = module.internal-lb-network.network_name + project_id = var.project_id + depends_on = [module.internal-lb-network] } module "backend-service-region-a" { @@ -116,17 +114,16 @@ module "internal-lb-http-frontend" { project_id = var.project_id name = "int-lb-http-frontend" url_map_input = module.internal-lb-http-backend.backend_service_info - network = google_compute_network.internal_lb_network.name + network = module.internal-lb-network.network_name load_balancing_scheme = "INTERNAL_MANAGED" internal_forwarding_rule_configs = { "1" : { - "subnetwork" : google_compute_subnetwork.internal_lb_subnet_a.id + "subnetwork" : module.internal-lb-subnet.subnets["us-east1/int-lb-subnet-a"].id }, "2" : { - "subnetwork" : google_compute_subnetwork.internal_lb_subnet_b.id + "subnetwork" : module.internal-lb-subnet.subnets["us-south1/int-lb-subnet-b"].id } } - depends_on = [google_compute_subnetwork.internal_lb_proxy_only_a, google_compute_subnetwork.internal_lb_proxy_only_b] } resource "google_vpc_access_connector" "internal_lb_vpc_connector" { @@ -135,7 +132,7 @@ resource "google_vpc_access_connector" "internal_lb_vpc_connector" { name = "int-lb-vpc-connector" region = "us-east1" ip_cidr_range = "10.8.0.0/28" - network = google_compute_network.internal_lb_network.name + network = module.internal-lb-network.network_name max_throughput = 500 min_throughput = 300 } From 4da35586ddb923f1288b7b83f860a48cd682007b Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Wed, 19 Mar 2025 09:20:50 +0000 Subject: [PATCH 35/41] fix: added back the registry version --- examples/internal-lb-cloud-run/main.tf | 8 ++++---- modules/frontend/README.md | 2 +- modules/frontend/metadata.yaml | 12 ++++++++---- modules/frontend/variables.tf | 8 +------- 4 files changed, 14 insertions(+), 16 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index 312667f0..d39bef88 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -93,8 +93,8 @@ module "backend-service-region-b" { } module "internal-lb-http-backend" { - source = "../../modules/backend" - #version = "~> 12.0" + source = "terraform-google-modules/lb-http/google//modules/backend" + version = "~> 12.0" project_id = var.project_id name = "int-lb-http-backend" @@ -108,8 +108,8 @@ module "internal-lb-http-backend" { } module "internal-lb-http-frontend" { - source = "../../modules/frontend" - #version = "~> 12.0" + source = "terraform-google-modules/lb-http/google//modules/frontend" + version = "~> 12.0" project_id = var.project_id name = "int-lb-http-frontend" diff --git a/modules/frontend/README.md b/modules/frontend/README.md index 7b501fca..e7372232 100644 --- a/modules/frontend/README.md +++ b/modules/frontend/README.md @@ -19,7 +19,7 @@ This module creates `HTTP(S) forwarding rule` and its dependencies. This modules | http\_port | The port for the HTTP load balancer | `number` | `80` | no | | https\_port | The port for the HTTPS load balancer | `number` | `443` | no | | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no | -| internal\_forwarding\_rule\_subnetworks | List of fully-qualified subnetwork IDs (e.g., projects/my-project/regions/us-central1/subnetworks/my-subnet). | `list(string)` | `[]` | no | +| internal\_forwarding\_rule\_configs | Map of internal managed forwarding rule configs. One of 'address' or 'subnetwork' is required for each. | 
map(object({
    address    = optional(string)
    subnetwork = optional(string)
  }))
| `{}` | no | | ipv6\_address | An existing IPv6 address to use (the actual IP address value) | `string` | `null` | no | | labels | The labels to attach to resources created by this module | `map(string)` | `{}` | no | | load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL_MANAGED"` | no | diff --git a/modules/frontend/metadata.yaml b/modules/frontend/metadata.yaml index fbbaa472..11d4c707 100644 --- a/modules/frontend/metadata.yaml +++ b/modules/frontend/metadata.yaml @@ -187,10 +187,14 @@ spec: - name: http_keep_alive_timeout_sec description: Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). varType: number - - name: internal_forwarding_rule_subnetworks - description: List of fully-qualified subnetwork IDs (e.g., projects/my-project/regions/us-central1/subnetworks/my-subnet). - varType: list(string) - defaultValue: [] + - name: internal_forwarding_rule_configs + description: Map of internal managed forwarding rule configs. One of 'address' or 'subnetwork' is required for each. + varType: |- + map(object({ + address = optional(string) + subnetwork = optional(string) + })) + defaultValue: {} outputs: - name: external_ip description: The external IPv4 assigned to the global fowarding rule. diff --git a/modules/frontend/variables.tf b/modules/frontend/variables.tf index 6a6f206d..6532d74c 100644 --- a/modules/frontend/variables.tf +++ b/modules/frontend/variables.tf @@ -199,12 +199,6 @@ variable "http_keep_alive_timeout_sec" { default = null } -variable "internal_forwarding_rule_subnetworks" { - description = "List of fully-qualified subnetwork IDs (e.g., projects/my-project/regions/us-central1/subnetworks/my-subnet)." - type = list(string) - default = [] -} - variable "internal_forwarding_rule_configs" { description = "Map of internal managed forwarding rule configs. One of 'address' or 'subnetwork' is required for each." type = map(object({ @@ -212,4 +206,4 @@ variable "internal_forwarding_rule_configs" { subnetwork = optional(string) })) default = {} -} \ No newline at end of file +} From 599fbcd9218524708062d7770f8d95b3c54bdf50 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Thu, 20 Mar 2025 09:06:45 +0000 Subject: [PATCH 36/41] fix: using list of object type for the new variable --- examples/internal-lb-cloud-run/main.tf | 8 ++++---- modules/frontend/README.md | 2 +- modules/frontend/main.tf | 16 ++++++++++++---- modules/frontend/metadata.yaml | 8 ++++---- modules/frontend/variables.tf | 8 ++++---- 5 files changed, 25 insertions(+), 17 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index d39bef88..a0dc8b63 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -116,14 +116,14 @@ module "internal-lb-http-frontend" { url_map_input = module.internal-lb-http-backend.backend_service_info network = module.internal-lb-network.network_name load_balancing_scheme = "INTERNAL_MANAGED" - internal_forwarding_rule_configs = { - "1" : { + internal_forwarding_rules_config = [ + { "subnetwork" : module.internal-lb-subnet.subnets["us-east1/int-lb-subnet-a"].id }, - "2" : { + { "subnetwork" : module.internal-lb-subnet.subnets["us-south1/int-lb-subnet-b"].id } - } + ] } resource "google_vpc_access_connector" "internal_lb_vpc_connector" { diff --git a/modules/frontend/README.md b/modules/frontend/README.md index e7372232..f01f0062 100644 --- a/modules/frontend/README.md +++ b/modules/frontend/README.md @@ -19,7 +19,7 @@ This module creates `HTTP(S) forwarding rule` and its dependencies. This modules | http\_port | The port for the HTTP load balancer | `number` | `80` | no | | https\_port | The port for the HTTPS load balancer | `number` | `443` | no | | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no | -| internal\_forwarding\_rule\_configs | Map of internal managed forwarding rule configs. One of 'address' or 'subnetwork' is required for each. | 
map(object({
    address    = optional(string)
    subnetwork = optional(string)
  }))
| `{}` | no | +| internal\_forwarding\_rules\_config | List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. | 
list(object({
    address    = optional(string)
    subnetwork = optional(string)
  }))
| `[]` | no | | ipv6\_address | An existing IPv6 address to use (the actual IP address value) | `string` | `null` | no | | labels | The labels to attach to resources created by this module | `map(string)` | `{}` | no | | load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL_MANAGED"` | no | diff --git a/modules/frontend/main.tf b/modules/frontend/main.tf index 9c256713..713f3b43 100644 --- a/modules/frontend/main.tf +++ b/modules/frontend/main.tf @@ -58,7 +58,9 @@ resource "google_compute_global_forwarding_rule" "http" { } resource "google_compute_global_forwarding_rule" "internal_managed_http" { - for_each = local.create_http_forward && local.is_internal_managed ? var.internal_forwarding_rule_configs : {} + for_each = local.create_http_forward && local.is_internal_managed ? { + for index, config in var.internal_forwarding_rules_config : index => config + } : {} provider = google-beta project = var.project_id @@ -86,7 +88,9 @@ resource "google_compute_global_forwarding_rule" "https" { } resource "google_compute_global_forwarding_rule" "internal_managed_https" { - for_each = var.ssl && local.is_internal_managed ? var.internal_forwarding_rule_configs : {} + for_each = var.ssl && local.is_internal_managed ? { + for index, config in var.internal_forwarding_rules_config : index => config + } : {} provider = google-beta project = var.project_id @@ -125,7 +129,9 @@ resource "google_compute_global_forwarding_rule" "http_ipv6" { } resource "google_compute_global_forwarding_rule" "internal_managed_http_ipv6" { - for_each = var.enable_ipv6 && local.create_http_forward && local.is_internal_managed ? var.internal_forwarding_rule_configs : {} + for_each = var.enable_ipv6 && local.create_http_forward && local.is_internal_managed ? { + for index, config in var.internal_forwarding_rules_config : index => config + } : {} provider = google-beta project = var.project_id @@ -152,7 +158,9 @@ resource "google_compute_global_forwarding_rule" "https_ipv6" { } resource "google_compute_global_forwarding_rule" "internal_managed_https_ipv6" { - for_each = var.enable_ipv6 && var.ssl && local.is_internal_managed ? var.internal_forwarding_rule_configs : {} + for_each = var.enable_ipv6 && var.ssl && local.is_internal_managed ? { + for index, config in var.internal_forwarding_rules_config : index => config + } : {} provider = google-beta project = var.project_id diff --git a/modules/frontend/metadata.yaml b/modules/frontend/metadata.yaml index 11d4c707..9d483ee6 100644 --- a/modules/frontend/metadata.yaml +++ b/modules/frontend/metadata.yaml @@ -187,14 +187,14 @@ spec: - name: http_keep_alive_timeout_sec description: Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). varType: number - - name: internal_forwarding_rule_configs - description: Map of internal managed forwarding rule configs. One of 'address' or 'subnetwork' is required for each. + - name: internal_forwarding_rules_config + description: List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. varType: |- - map(object({ + list(object({ address = optional(string) subnetwork = optional(string) })) - defaultValue: {} + defaultValue: [] outputs: - name: external_ip description: The external IPv4 assigned to the global fowarding rule. diff --git a/modules/frontend/variables.tf b/modules/frontend/variables.tf index 6532d74c..3a573738 100644 --- a/modules/frontend/variables.tf +++ b/modules/frontend/variables.tf @@ -199,11 +199,11 @@ variable "http_keep_alive_timeout_sec" { default = null } -variable "internal_forwarding_rule_configs" { - description = "Map of internal managed forwarding rule configs. One of 'address' or 'subnetwork' is required for each." - type = map(object({ +variable "internal_forwarding_rules_config" { + description = "List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each." + type = list(object({ address = optional(string) subnetwork = optional(string) })) - default = {} + default = [] } From e1ee5e10226c4b88492376d487a3ef6f8ef32b08 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Fri, 21 Mar 2025 04:12:33 +0000 Subject: [PATCH 37/41] chore: updated variable description --- modules/backend/variables.tf | 2 +- modules/frontend/variables.tf | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/backend/variables.tf b/modules/backend/variables.tf index 28166182..c3e57f27 100644 --- a/modules/backend/variables.tf +++ b/modules/backend/variables.tf @@ -26,7 +26,7 @@ variable "project_id" { } variable "load_balancing_scheme" { - description = "Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_SELF_MANAGED for traffic director)." + description = "Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_MANAGED for internal load balancer)" type = string default = "EXTERNAL_MANAGED" } diff --git a/modules/frontend/variables.tf b/modules/frontend/variables.tf index 3a573738..99972b57 100644 --- a/modules/frontend/variables.tf +++ b/modules/frontend/variables.tf @@ -156,13 +156,13 @@ variable "labels" { } variable "load_balancing_scheme" { - description = "Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_SELF_MANAGED for traffic director)" + description = "Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_MANAGED for internal load balancer)" type = string default = "EXTERNAL_MANAGED" } variable "network" { - description = "Network for INTERNAL_SELF_MANAGED/INTERNAL_MANAGED load balancing scheme" + description = "Network for INTERNAL_MANAGED load balancing scheme" type = string default = "default" } @@ -200,8 +200,9 @@ variable "http_keep_alive_timeout_sec" { } variable "internal_forwarding_rules_config" { - description = "List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each." + description = "List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. It is only applicable for internal load balancer" type = list(object({ + region = string address = optional(string) subnetwork = optional(string) })) From abd2c6f0d6f3aa0136c8e0c114039493b5975641 Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Fri, 21 Mar 2025 04:12:49 +0000 Subject: [PATCH 38/41] chore: added enums --- modules/backend/metadata.display.yaml | 5 +++++ modules/frontend/metadata.display.yaml | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/modules/backend/metadata.display.yaml b/modules/backend/metadata.display.yaml index 6a406b2c..77480ec8 100644 --- a/modules/backend/metadata.display.yaml +++ b/modules/backend/metadata.display.yaml @@ -77,6 +77,11 @@ spec: load_balancing_scheme: name: load_balancing_scheme title: Load Balancing Scheme + enumValueLabels: + - label: EXTERNAL_MANAGED + value: EXTERNAL_MANAGED + - label: INTERNAL_MANAGED + value: INTERNAL_MANAGED locality_lb_policy: name: locality_lb_policy title: Locality Lb Policy diff --git a/modules/frontend/metadata.display.yaml b/modules/frontend/metadata.display.yaml index 94428c24..8aa6d5cc 100644 --- a/modules/frontend/metadata.display.yaml +++ b/modules/frontend/metadata.display.yaml @@ -76,6 +76,13 @@ spec: load_balancing_scheme: name: load_balancing_scheme title: Load Balancing Scheme + enumValueLabels: + - label: EXTERNAL_MANAGED + value: EXTERNAL_MANAGED + - label: INTERNAL_MANAGED + value: INTERNAL_MANAGED + - label: INTERNAL_SELF_MANAGED + value: INTERNAL_SELF_MANAGED managed_ssl_certificate_domains: name: managed_ssl_certificate_domains title: Managed Ssl Certificate Domains From abcc4991bce75ccfbadc617ecc4572d81fbb8b4d Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Fri, 21 Mar 2025 04:13:52 +0000 Subject: [PATCH 39/41] fix: using region instead of index for unique names --- examples/internal-lb-cloud-run/main.tf | 2 ++ modules/frontend/main.tf | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/examples/internal-lb-cloud-run/main.tf b/examples/internal-lb-cloud-run/main.tf index a0dc8b63..4a84ac81 100644 --- a/examples/internal-lb-cloud-run/main.tf +++ b/examples/internal-lb-cloud-run/main.tf @@ -118,9 +118,11 @@ module "internal-lb-http-frontend" { load_balancing_scheme = "INTERNAL_MANAGED" internal_forwarding_rules_config = [ { + "region" : "us-east1", "subnetwork" : module.internal-lb-subnet.subnets["us-east1/int-lb-subnet-a"].id }, { + "region" : "us-south1", "subnetwork" : module.internal-lb-subnet.subnets["us-south1/int-lb-subnet-b"].id } ] diff --git a/modules/frontend/main.tf b/modules/frontend/main.tf index 713f3b43..de2983b7 100644 --- a/modules/frontend/main.tf +++ b/modules/frontend/main.tf @@ -59,7 +59,7 @@ resource "google_compute_global_forwarding_rule" "http" { resource "google_compute_global_forwarding_rule" "internal_managed_http" { for_each = local.create_http_forward && local.is_internal_managed ? { - for index, config in var.internal_forwarding_rules_config : index => config + for config in var.internal_forwarding_rules_config : config.region => config } : {} provider = google-beta @@ -89,7 +89,7 @@ resource "google_compute_global_forwarding_rule" "https" { resource "google_compute_global_forwarding_rule" "internal_managed_https" { for_each = var.ssl && local.is_internal_managed ? { - for index, config in var.internal_forwarding_rules_config : index => config + for config in var.internal_forwarding_rules_config : config.region => config } : {} provider = google-beta @@ -130,7 +130,7 @@ resource "google_compute_global_forwarding_rule" "http_ipv6" { resource "google_compute_global_forwarding_rule" "internal_managed_http_ipv6" { for_each = var.enable_ipv6 && local.create_http_forward && local.is_internal_managed ? { - for index, config in var.internal_forwarding_rules_config : index => config + for config in var.internal_forwarding_rules_config : config.region => config } : {} provider = google-beta @@ -159,7 +159,7 @@ resource "google_compute_global_forwarding_rule" "https_ipv6" { resource "google_compute_global_forwarding_rule" "internal_managed_https_ipv6" { for_each = var.enable_ipv6 && var.ssl && local.is_internal_managed ? { - for index, config in var.internal_forwarding_rules_config : index => config + for config in var.internal_forwarding_rules_config : config.region => config } : {} provider = google-beta From 96495f4a7f93e5e2d2c5270d7b6081188a40424d Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Fri, 21 Mar 2025 04:15:26 +0000 Subject: [PATCH 40/41] chore: generate docs --- modules/backend/README.md | 2 +- modules/backend/metadata.yaml | 2 +- modules/frontend/README.md | 6 +++--- modules/frontend/metadata.yaml | 7 ++++--- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/modules/backend/README.md b/modules/backend/README.md index 0bc78add..7a18aeb3 100644 --- a/modules/backend/README.md +++ b/modules/backend/README.md @@ -21,7 +21,7 @@ This module creates `google_compute_backend_service` resource and its dependenci | health\_check | Input for creating HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. | 
object({
    host                = optional(string, null)
    request_path        = optional(string, null)
    request             = optional(string, null)
    response            = optional(string, null)
    port                = optional(number, null)
    port_name           = optional(string, null)
    proxy_header        = optional(string, null)
    port_specification  = optional(string, null)
    protocol            = optional(string, null)
    check_interval_sec  = optional(number, 5)
    timeout_sec         = optional(number, 5)
    healthy_threshold   = optional(number, 2)
    unhealthy_threshold = optional(number, 2)
    logging             = optional(bool, false)
  })
| `null` | no | | host\_path\_mappings | The list of host/path for which traffic could be sent to the backend service | 
list(object({
    host = string
    path = string
  }))
| 
[
  {
    "host": "*",
    "path": "/*"
  }
]
| no | | iap\_config | Settings for enabling Cloud Identity Aware Proxy Structure. | 
object({
    enable               = bool
    oauth2_client_id     = optional(string)
    oauth2_client_secret = optional(string)
  })
| 
{
  "enable": false
}
| no | -| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_SELF\_MANAGED for traffic director). | `string` | `"EXTERNAL_MANAGED"` | no | +| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_MANAGED for internal load balancer) | `string` | `"EXTERNAL_MANAGED"` | no | | locality\_lb\_policy | The load balancing algorithm used within the scope of the locality. | `string` | `null` | no | | log\_config | This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. | 
object({
    enable      = bool
    sample_rate = number
  })
| 
{
  "enable": true,
  "sample_rate": 1
}
| no | | name | Name for the backend service. | `string` | n/a | yes | diff --git a/modules/backend/metadata.yaml b/modules/backend/metadata.yaml index b45c3b27..27a5f54e 100644 --- a/modules/backend/metadata.yaml +++ b/modules/backend/metadata.yaml @@ -79,7 +79,7 @@ spec: varType: string required: true - name: load_balancing_scheme - description: Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_SELF_MANAGED for traffic director). + description: Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_MANAGED for internal load balancer) varType: string defaultValue: EXTERNAL_MANAGED - name: protocol diff --git a/modules/frontend/README.md b/modules/frontend/README.md index f01f0062..5fbe0798 100644 --- a/modules/frontend/README.md +++ b/modules/frontend/README.md @@ -19,13 +19,13 @@ This module creates `HTTP(S) forwarding rule` and its dependencies. This modules | http\_port | The port for the HTTP load balancer | `number` | `80` | no | | https\_port | The port for the HTTPS load balancer | `number` | `443` | no | | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no | -| internal\_forwarding\_rules\_config | List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. | 
list(object({
    address    = optional(string)
    subnetwork = optional(string)
  }))
| `[]` | no | +| internal\_forwarding\_rules\_config | List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. It is only applicable for internal load balancer | 
list(object({
    region     = string
    address    = optional(string)
    subnetwork = optional(string)
  }))
| `[]` | no | | ipv6\_address | An existing IPv6 address to use (the actual IP address value) | `string` | `null` | no | | labels | The labels to attach to resources created by this module | `map(string)` | `{}` | no | -| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL_MANAGED"` | no | +| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_MANAGED for internal load balancer) | `string` | `"EXTERNAL_MANAGED"` | no | | managed\_ssl\_certificate\_domains | Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` | `list(string)` | `[]` | no | | name | Name for the forwarding rule and prefix for supporting resources | `string` | n/a | yes | -| network | Network for INTERNAL\_SELF\_MANAGED/INTERNAL\_MANAGED load balancing scheme | `string` | `"default"` | no | +| network | Network for INTERNAL\_MANAGED load balancing scheme | `string` | `"default"` | no | | private\_key | Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no | | project\_id | The project to deploy to, if not set the default provider project is used. | `string` | n/a | yes | | quic | Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. | `bool` | `null` | no | diff --git a/modules/frontend/metadata.yaml b/modules/frontend/metadata.yaml index 9d483ee6..853f9474 100644 --- a/modules/frontend/metadata.yaml +++ b/modules/frontend/metadata.yaml @@ -166,11 +166,11 @@ spec: varType: map(string) defaultValue: {} - name: load_balancing_scheme - description: Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_SELF_MANAGED for traffic director) + description: Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_MANAGED for internal load balancer) varType: string defaultValue: EXTERNAL_MANAGED - name: network - description: Network for INTERNAL_SELF_MANAGED/INTERNAL_MANAGED load balancing scheme + description: Network for INTERNAL_MANAGED load balancing scheme varType: string defaultValue: default - name: server_tls_policy @@ -188,9 +188,10 @@ spec: description: Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). varType: number - name: internal_forwarding_rules_config - description: List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. + description: List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. It is only applicable for internal load balancer varType: |- list(object({ + region = string address = optional(string) subnetwork = optional(string) })) From 973e17e5093a0ea6528e492bf8d961ae10c3942b Mon Sep 17 00:00:00 2001 From: pawan1210 Date: Fri, 21 Mar 2025 05:14:05 +0000 Subject: [PATCH 41/41] chore: added generic variable description --- modules/backend/README.md | 2 +- modules/backend/metadata.yaml | 2 +- modules/backend/variables.tf | 2 +- modules/frontend/README.md | 4 ++-- modules/frontend/metadata.display.yaml | 2 -- modules/frontend/metadata.yaml | 4 ++-- modules/frontend/variables.tf | 4 ++-- 7 files changed, 9 insertions(+), 11 deletions(-) diff --git a/modules/backend/README.md b/modules/backend/README.md index 7a18aeb3..5c5616c7 100644 --- a/modules/backend/README.md +++ b/modules/backend/README.md @@ -21,7 +21,7 @@ This module creates `google_compute_backend_service` resource and its dependenci | health\_check | Input for creating HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. | 
object({
    host                = optional(string, null)
    request_path        = optional(string, null)
    request             = optional(string, null)
    response            = optional(string, null)
    port                = optional(number, null)
    port_name           = optional(string, null)
    proxy_header        = optional(string, null)
    port_specification  = optional(string, null)
    protocol            = optional(string, null)
    check_interval_sec  = optional(number, 5)
    timeout_sec         = optional(number, 5)
    healthy_threshold   = optional(number, 2)
    unhealthy_threshold = optional(number, 2)
    logging             = optional(bool, false)
  })
| `null` | no | | host\_path\_mappings | The list of host/path for which traffic could be sent to the backend service | 
list(object({
    host = string
    path = string
  }))
| 
[
  {
    "host": "*",
    "path": "/*"
  }
]
| no | | iap\_config | Settings for enabling Cloud Identity Aware Proxy Structure. | 
object({
    enable               = bool
    oauth2_client_id     = optional(string)
    oauth2_client_secret = optional(string)
  })
| 
{
  "enable": false
}
| no | -| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_MANAGED for internal load balancer) | `string` | `"EXTERNAL_MANAGED"` | no | +| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, INTERNAL\_MANAGED for internal load balancer and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL_MANAGED"` | no | | locality\_lb\_policy | The load balancing algorithm used within the scope of the locality. | `string` | `null` | no | | log\_config | This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. | 
object({
    enable      = bool
    sample_rate = number
  })
| 
{
  "enable": true,
  "sample_rate": 1
}
| no | | name | Name for the backend service. | `string` | n/a | yes | diff --git a/modules/backend/metadata.yaml b/modules/backend/metadata.yaml index 27a5f54e..77dd99a9 100644 --- a/modules/backend/metadata.yaml +++ b/modules/backend/metadata.yaml @@ -79,7 +79,7 @@ spec: varType: string required: true - name: load_balancing_scheme - description: Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_MANAGED for internal load balancer) + description: Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, INTERNAL_MANAGED for internal load balancer and INTERNAL_SELF_MANAGED for traffic director) varType: string defaultValue: EXTERNAL_MANAGED - name: protocol diff --git a/modules/backend/variables.tf b/modules/backend/variables.tf index c3e57f27..882aff6d 100644 --- a/modules/backend/variables.tf +++ b/modules/backend/variables.tf @@ -26,7 +26,7 @@ variable "project_id" { } variable "load_balancing_scheme" { - description = "Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_MANAGED for internal load balancer)" + description = "Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, INTERNAL_MANAGED for internal load balancer and INTERNAL_SELF_MANAGED for traffic director)" type = string default = "EXTERNAL_MANAGED" } diff --git a/modules/frontend/README.md b/modules/frontend/README.md index 5fbe0798..e2552a99 100644 --- a/modules/frontend/README.md +++ b/modules/frontend/README.md @@ -22,10 +22,10 @@ This module creates `HTTP(S) forwarding rule` and its dependencies. This modules | internal\_forwarding\_rules\_config | List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. It is only applicable for internal load balancer | 
list(object({
    region     = string
    address    = optional(string)
    subnetwork = optional(string)
  }))
| `[]` | no | | ipv6\_address | An existing IPv6 address to use (the actual IP address value) | `string` | `null` | no | | labels | The labels to attach to resources created by this module | `map(string)` | `{}` | no | -| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, and INTERNAL\_MANAGED for internal load balancer) | `string` | `"EXTERNAL_MANAGED"` | no | +| load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, INTERNAL\_MANAGED for internal load balancer and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL_MANAGED"` | no | | managed\_ssl\_certificate\_domains | Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` | `list(string)` | `[]` | no | | name | Name for the forwarding rule and prefix for supporting resources | `string` | n/a | yes | -| network | Network for INTERNAL\_MANAGED load balancing scheme | `string` | `"default"` | no | +| network | Network for internal load balancer | `string` | `"default"` | no | | private\_key | Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no | | project\_id | The project to deploy to, if not set the default provider project is used. | `string` | n/a | yes | | quic | Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. | `bool` | `null` | no | diff --git a/modules/frontend/metadata.display.yaml b/modules/frontend/metadata.display.yaml index 8aa6d5cc..6622c464 100644 --- a/modules/frontend/metadata.display.yaml +++ b/modules/frontend/metadata.display.yaml @@ -81,8 +81,6 @@ spec: value: EXTERNAL_MANAGED - label: INTERNAL_MANAGED value: INTERNAL_MANAGED - - label: INTERNAL_SELF_MANAGED - value: INTERNAL_SELF_MANAGED managed_ssl_certificate_domains: name: managed_ssl_certificate_domains title: Managed Ssl Certificate Domains diff --git a/modules/frontend/metadata.yaml b/modules/frontend/metadata.yaml index 853f9474..4cd66e47 100644 --- a/modules/frontend/metadata.yaml +++ b/modules/frontend/metadata.yaml @@ -166,11 +166,11 @@ spec: varType: map(string) defaultValue: {} - name: load_balancing_scheme - description: Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_MANAGED for internal load balancer) + description: Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, INTERNAL_MANAGED for internal load balancer and INTERNAL_SELF_MANAGED for traffic director) varType: string defaultValue: EXTERNAL_MANAGED - name: network - description: Network for INTERNAL_MANAGED load balancing scheme + description: Network for internal load balancer varType: string defaultValue: default - name: server_tls_policy diff --git a/modules/frontend/variables.tf b/modules/frontend/variables.tf index 99972b57..7f11bc84 100644 --- a/modules/frontend/variables.tf +++ b/modules/frontend/variables.tf @@ -156,13 +156,13 @@ variable "labels" { } variable "load_balancing_scheme" { - description = "Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_MANAGED for internal load balancer)" + description = "Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, INTERNAL_MANAGED for internal load balancer and INTERNAL_SELF_MANAGED for traffic director)" type = string default = "EXTERNAL_MANAGED" } variable "network" { - description = "Network for INTERNAL_MANAGED load balancing scheme" + description = "Network for internal load balancer" type = string default = "default" }