Skip to content

Modular Global HTTP Load Balancer for GCE using forwarding rules.

License

Notifications You must be signed in to change notification settings

nyuhpc/terraform-google-lb-http

 
 

Repository files navigation

Global HTTP Load Balancer Terraform Module

Modular Global HTTP Load Balancer for GCE using forwarding rules.

  • If you would like to allow for backend groups to be managed outside Terraform, such as via GKE services, see the dynamic backends submodule.
  • If you would like to use load balancing with serverless backends (Cloud Run, Cloud Functions or App Engine), see the serverless_negs submodule and cloudrun example.

Load Balancer Types

Compatibility

This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue. If you haven't upgraded and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is v4.5.0.

Usage

module "gce-lb-http" {
  source            = "GoogleCloudPlatform/lb-http/google"
  version           = "~> 4.4"

  project           = "my-project-id"
  name              = "group-http-lb"
  target_tags       = [module.mig1.target_tags, module.mig2.target_tags]

  backends = {
    default = {
      description                     = null
      protocol                        = "HTTP"
      port                            = var.service_port
      port_name                       = var.service_port_name
      timeout_sec                     = 10
      enable_cdn                      = false
      custom_request_headers          = null
      custom_response_headers         = null
      security_policy                 = null

      connection_draining_timeout_sec = null
      session_affinity                = null
      affinity_cookie_ttl_sec         = null

      health_check = {
        check_interval_sec  = null
        timeout_sec         = null
        healthy_threshold   = null
        unhealthy_threshold = null
        request_path        = "/"
        port                = var.service_port
        host                = null
        logging             = null
      }

      log_config = {
        enable = true
        sample_rate = 1.0
      }

      groups = [
        {
          # Each node pool instance group should be added to the backend.
          group                        = var.backend
          balancing_mode               = null
          capacity_scaler              = null
          description                  = null
          max_connections              = null
          max_connections_per_instance = null
          max_connections_per_endpoint = null
          max_rate                     = null
          max_rate_per_instance        = null
          max_rate_per_endpoint        = null
          max_utilization              = null
        },
      ]

      iap_config = {
        enable               = false
        oauth2_client_id     = null
        oauth2_client_secret = null
      }
    }
  }

}

Resources created

Figure 1. diagram of terraform resources

architecture diagram

Version

Current version is 3.0. Upgrade guides:

Inputs

Name Description Type Default Required
address Existing IPv4 address to use (the actual IP address value) string null no
backends Map backend indices to list of backend maps.
map(object({
protocol = string
port = number
port_name = string

description = string
enable_cdn = bool
security_policy = string
custom_request_headers = list(string)
custom_response_headers = list(string)

timeout_sec = number
connection_draining_timeout_sec = number
session_affinity = string
affinity_cookie_ttl_sec = number

health_check = object({
check_interval_sec = number
timeout_sec = number
healthy_threshold = number
unhealthy_threshold = number
request_path = string
port = number
host = string
logging = bool
})

log_config = object({
enable = bool
sample_rate = number
})

groups = list(object({
group = string

balancing_mode = string
capacity_scaler = number
description = string
max_connections = number
max_connections_per_instance = number
max_connections_per_endpoint = number
max_rate = number
max_rate_per_instance = number
max_rate_per_endpoint = number
max_utilization = number
}))
iap_config = object({
enable = bool
oauth2_client_id = string
oauth2_client_secret = string
})
}))
n/a yes
cdn Set to true to enable cdn on backends. bool false no
certificate Content of the SSL certificate. Required if ssl is true and ssl_certificates is empty. string null no
create_address Create a new global IPv4 address bool true no
create_ipv6_address Allocate a new IPv6 address. Conflicts with "ipv6_address" - if both specified, "create_ipv6_address" takes precedence. bool false no
create_url_map Set to false if url_map variable is provided. bool true no
enable_ipv6 Enable IPv6 address on the CDN load-balancer bool false no
firewall_networks Names of the networks to create firewall rules in list(string)
[
"default"
]
no
firewall_projects Names of the projects to create firewall rules in list(string)
[
"default"
]
no
http_forward Set to false to disable HTTP port 80 forward bool true no
https_redirect Set to true to enable https redirect on the lb. bool false no
ipv6_address An existing IPv6 address to use (the actual IP address value) string null no
managed_ssl_certificate_domains Create Google-managed SSL certificates for specified domains. Requires ssl to be set to true and use_ssl_certificates set to false. list(string) [] no
name Name for the forwarding rule and prefix for supporting resources string n/a yes
private_key Content of the private SSL key. Required if ssl is true and ssl_certificates is empty. string null no
project The project to deploy to, if not set the default provider project is used. string n/a yes
quic Set to true to enable QUIC support bool false no
random_certificate_suffix Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. bool false no
security_policy The resource URL for the security policy to associate with the backend service string null no
ssl Set to true to enable SSL support, requires variable ssl_certificates - a list of self_link certs bool false no
ssl_certificates SSL cert self_link list. Required if ssl is true and no private_key and certificate is provided. list(string) [] no
ssl_policy Selfink to SSL Policy string null no
target_service_accounts List of target service accounts for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. list(string) [] no
target_tags List of target tags for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. list(string) [] no
url_map The url_map resource to use. Default is to send all traffic to first backend. string null no
use_ssl_certificates If true, use the certificates provided by ssl_certificates, otherwise, create cert from private_key and certificate bool false no

Outputs

Name Description
backend_services The backend service resources.
external_ip The external IPv4 assigned to the global fowarding rule.
external_ipv6_address The external IPv6 assigned to the global fowarding rule.
http_proxy The HTTP proxy used by this module.
https_proxy The HTTPS proxy used by this module.
ipv6_enabled Whether IPv6 configuration is enabled on this load-balancer
url_map The default URL map used by this module.

About

Modular Global HTTP Load Balancer for GCE using forwarding rules.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • HCL 89.0%
  • Ruby 6.8%
  • Makefile 4.2%