kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow cross-project backend services in ILB L7 module (#991)

Browse Source 
* wip

* neg, README

* fix neg variable

* fix neg project id, enable global access, add service directory
This commit is contained in:
Ludovico Magnocavallo
2022-11-18 09:48:41 +01:00
committed by GitHub
parent ddd47b0095
commit 002ba4eef7
7 changed files with 186 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

191
modules/net-ilb-l7/README.md
View File

File diff suppressed because one or more lines are too long

10
modules/net-ilb-l7/backend-service.tf
View File

@@ -31,9 +31,13 @@ locals {
} }
resource "google_compute_region_backend_service" "default" { resource "google_compute_region_backend_service" "default" {
provider = google-beta provider = google-beta
for_each = var.backend_service_configs for_each = var.backend_service_configs
project = var.project_id project = (
each.value.project_id == null
? var.project_id
: each.value.project_id
)
region = var.region region = var.region
name = "${var.name}-${each.key}" name = "${var.name}-${each.key}"
description = var.description description = var.description

10
modules/net-ilb-l7/health-check.tf
View File

@@ -17,9 +17,13 @@
# tfdoc:file:description Health check resource. # tfdoc:file:description Health check resource.
resource "google_compute_health_check" "default" { resource "google_compute_health_check" "default" {
provider = google-beta provider = google-beta
for_each = var.health_check_configs for_each = var.health_check_configs
project = var.project_id project = (
each.value.project_id == null
? var.project_id
: each.value.project_id
)
name = "${var.name}-${each.key}" name = "${var.name}-${each.key}"
description = each.value.description description = each.value.description
check_interval_sec = each.value.check_interval_sec check_interval_sec = each.value.check_interval_sec

44
modules/net-ilb-l7/main.tf
View File

@@ -33,13 +33,15 @@ locals {
"${v.neg}-${v.ip_address}-${coalesce(v.port, "none")}" => v "${v.neg}-${v.ip_address}-${coalesce(v.port, "none")}" => v
} }
neg_regional = { neg_regional = {
for k, v in var.neg_configs : k => v.cloudrun if v.cloudrun != null for k, v in var.neg_configs :
k => merge(v.cloudrun, { project_id = v.project_id }) if v.cloudrun != null
} }
neg_zonal = { neg_zonal = {
# we need to rebuild new objects as we cannot merge different types # we need to rebuild new objects as we cannot merge different types
for k, v in var.neg_configs : k => { for k, v in var.neg_configs : k => {
endpoints = v.gce != null ? v.gce.endpoints : v.hybrid.endpoints endpoints = v.gce != null ? v.gce.endpoints : v.hybrid.endpoints
network = v.gce != null ? v.gce.network : v.hybrid.network network = v.gce != null ? v.gce.network : v.hybrid.network
project_id = v.project_id
subnetwork = v.gce != null ? v.gce.subnetwork : null subnetwork = v.gce != null ? v.gce.subnetwork : null
type = v.gce != null ? "GCE_VM_IP_PORT" : "NON_GCP_PRIVATE_IP_PORT" type = v.gce != null ? "GCE_VM_IP_PORT" : "NON_GCP_PRIVATE_IP_PORT"
zone = v.gce != null ? v.gce.zone : v.hybrid.zone zone = v.gce != null ? v.gce.zone : v.hybrid.zone
@@ -66,7 +68,15 @@ resource "google_compute_forwarding_rule" "default" {
subnetwork = var.vpc_config.subnetwork subnetwork = var.vpc_config.subnetwork
labels = var.labels labels = var.labels
target = local.fwd_rule_target target = local.fwd_rule_target
# service_directory_registrations # during the preview phase you cannot change this attribute on an existing rule
allow_global_access = var.global_access
dynamic "service_directory_registrations" {
for_each = var.service_directory_registration == null ? [] : [""]
content {
namespace = var.service_directory_registration.namespace
service = var.service_directory_registration.service
}
}
} }
resource "google_compute_region_ssl_certificate" "default" { resource "google_compute_region_ssl_certificate" "default" {
@@ -98,8 +108,12 @@ resource "google_compute_region_target_https_proxy" "default" {
} }
resource "google_compute_instance_group" "default" { resource "google_compute_instance_group" "default" {
for_each = var.group_configs for_each = var.group_configs
project = var.project_id project = (
each.value.project_id == null
? var.project_id
: each.value.project_id
)
zone = each.value.zone zone = each.value.zone
name = "${var.name}-${each.key}" name = "${var.name}-${each.key}"
description = var.description description = var.description
@@ -115,9 +129,13 @@ resource "google_compute_instance_group" "default" {
resource "google_compute_network_endpoint_group" "default" { resource "google_compute_network_endpoint_group" "default" {
for_each = local.neg_zonal for_each = local.neg_zonal
project = var.project_id project = (
zone = each.value.zone each.value.project_id == null
name = "${var.name}-${each.key}" ? var.project_id
: each.value.project_id
)
zone = each.value.zone
name = "${var.name}-${each.key}"
# re-enable once provider properly supports this # re-enable once provider properly supports this
# default_port = each.value.default_port # default_port = each.value.default_port
description = var.description description = var.description
@@ -134,7 +152,9 @@ resource "google_compute_network_endpoint_group" "default" {
resource "google_compute_network_endpoint" "default" { resource "google_compute_network_endpoint" "default" {
for_each = local.neg_endpoints for_each = local.neg_endpoints
project = var.project_id project = (
google_compute_network_endpoint_group.default[each.value.neg].project
)
network_endpoint_group = ( network_endpoint_group = (
google_compute_network_endpoint_group.default[each.value.neg].name google_compute_network_endpoint_group.default[each.value.neg].name
) )
@@ -145,8 +165,12 @@ resource "google_compute_network_endpoint" "default" {
} }
resource "google_compute_region_network_endpoint_group" "default" { resource "google_compute_region_network_endpoint_group" "default" {
for_each = local.neg_regional for_each = local.neg_regional
project = var.project_id project = (
each.value.project_id == null
? var.project_id
: each.value.project_id
)
region = each.value.region region = each.value.region
name = "${var.name}-${each.key}" name = "${var.name}-${each.key}"
description = var.description description = var.description

1
modules/net-ilb-l7/variables-backend-service.tf
View File

@@ -25,6 +25,7 @@ variable "backend_service_configs" {
locality_lb_policy = optional(string) locality_lb_policy = optional(string)
log_sample_rate = optional(number) log_sample_rate = optional(number)
port_name = optional(string) port_name = optional(string)
project_id = optional(string)
protocol = optional(string) protocol = optional(string)
session_affinity = optional(string) session_affinity = optional(string)
timeout_sec = optional(number) timeout_sec = optional(number)

1
modules/net-ilb-l7/variables-health-check.tf
View File

@@ -23,6 +23,7 @@ variable "health_check_configs" {
description = optional(string, "Terraform managed.") description = optional(string, "Terraform managed.")
enable_logging = optional(bool, false) enable_logging = optional(bool, false)
healthy_threshold = optional(number) healthy_threshold = optional(number)
project_id = optional(string)
timeout_sec = optional(number) timeout_sec = optional(number)
unhealthy_threshold = optional(number) unhealthy_threshold = optional(number)
grpc = optional(object({ grpc = optional(object({

18
modules/net-ilb-l7/variables.tf
View File

@@ -26,12 +26,20 @@ variable "description" {
default = "Terraform managed." default = "Terraform managed."
} }
# during the preview phase you cannot change this attribute on an existing rule
variable "global_access" {
description = "Allow client access from all regions."
type = bool
default = null
}
variable "group_configs" { variable "group_configs" {
description = "Optional unmanaged groups to create. Can be referenced in backends via key or outputs." description = "Optional unmanaged groups to create. Can be referenced in backends via key or outputs."
type = map(object({ type = map(object({
zone = string zone = string
instances = optional(list(string), []) instances = optional(list(string), [])
named_ports = optional(map(number), {}) named_ports = optional(map(number), {})
project_id = optional(string)
})) }))
default = {} default = {}
nullable = false nullable = false
@@ -51,6 +59,7 @@ variable "name" {
variable "neg_configs" { variable "neg_configs" {
description = "Optional network endpoint groups to create. Can be referenced in backends via key or outputs." description = "Optional network endpoint groups to create. Can be referenced in backends via key or outputs."
type = map(object({ type = map(object({
project_id = optional(string)
cloudrun = optional(object({ cloudrun = optional(object({
region = string region = string
target_service = optional(object({ target_service = optional(object({
@@ -143,6 +152,15 @@ variable "region" {
type = string type = string
} }
variable "service_directory_registration" {
description = "Service directory namespace and service used to register this load balancer."
type = object({
namespace = string
service = string
})
default = null
}
variable "ssl_certificates" { variable "ssl_certificates" {
description = "SSL target proxy certificates (only if protocol is HTTPS)." description = "SSL target proxy certificates (only if protocol is HTTPS)."
type = object({ type = object({