kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add context to net-lb-app-ext module (#3879)

Browse Source
This commit is contained in:
Luca Prete
2026-04-17 14:00:56 +02:00
committed by GitHub
parent a851638f15
commit 5ca68a3de0
10 changed files with 624 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
modules/net-lb-app-ext/README.md
View File

@@ -29,6 +29,7 @@ Due to the complexity of the underlying resources, changes to the configuration
- [URL Map](#url-map)
- [SSL Certificates](#ssl-certificates)
- [Backend Authenticated TLS](#backend-authenticated-tls)
- [Context](#context)
- [Complex example](#complex-example)
- [Deploying changes to load balancer configurations](#deploying-changes-to-load-balancer-configurations)
- [Changing the Network Endpoint Group](#changing-the-network-endpoint-group)
@@ -788,6 +789,152 @@ module "glb-0" {
# tftest modules=3 resources=9 fixtures=fixtures/compute-vm-group-bc.tf inventory=tls-settings.yaml
```
### Context
The module supports the contexts interpolation. For example:
```hcl
module "glb-0" {
source = "./fabric/modules/net-lb-app-ext"
name = "glb-test-0"
project_id = "$project_ids:test"
backend_buckets_config = {
default-gcs = {
bucket_name = "my-bucket"
}
}
backend_service_configs = {
default = {
backends = [
{ backend = "projects/my-project/zones/europe-west8-b/instanceGroups/ig-b" },
{ backend = "ig-c" }
]
}
neg-cloudrun = {
backends = [{ backend = "neg-cloudrun" }]
health_checks = []
}
neg-gce = {
backends = [{ backend = "neg-gce" }]
balancing_mode = "RATE"
max_rate = { per_endpoint = 10 }
}
neg-hybrid = {
backends = [{ backend = "neg-hybrid" }]
balancing_mode = "RATE"
max_rate = { per_endpoint = 10 }
}
neg-internet = {
backends = [{ backend = "neg-internet" }]
health_checks = []
}
}
group_configs = {
ig-c = {
zone = "$locations:ew8-c"
instances = [
"projects/my-project/zones/europe-west8-c/instances/vm-c"
]
named_ports = { http = 80 }
}
}
health_check_configs = {
default = {
http = {
host = "hello.example.org"
port_specification = "USE_SERVING_PORT"
}
}
}
neg_configs = {
neg-cloudrun = {
cloudrun = {
region = "$locations:ew8"
target_service = {
name = "hello"
}
}
}
neg-gce = {
gce = {
network = "$networks:test"
subnetwork = "$subnets:test"
zone = "$locations:ew8-b"
endpoints = {
e-0 = {
instance = "nginx-ew8-b"
ip_address = "$addresses:test"
port = 80
}
}
}
}
neg-hybrid = {
hybrid = {
network = "$networks:test"
zone = "$locations:ew8-b"
endpoints = {
e-0 = {
ip_address = "$addresses:test-hybrid"
port = 80
}
}
}
}
neg-internet = {
internet = {
use_fqdn = true
endpoints = {
e-0 = {
destination = "hello.example.org"
port = 80
}
}
}
}
}
urlmap_config = {
default_service = "default"
host_rules = [{
hosts = ["*"]
path_matcher = "pathmap"
}]
path_matchers = {
pathmap = {
default_service = "default"
path_rules = [
{ paths = ["/cloudrun", "/cloudrun/*"], service = "neg-cloudrun" },
{ paths = ["/gce", "/gce/*"], service = "neg-gce" },
{ paths = ["/hybrid", "/hybrid/*"], service = "neg-hybrid" },
{ paths = ["/internet", "/internet/*"], service = "neg-internet" },
]
}
}
}
context = {
addresses = {
test = "10.24.32.25"
test-hybrid = "192.168.0.3"
}
locations = {
ew8 = "europe-west8"
ew8-b = "europe-west8-b"
ew8-c = "europe-west8-c"
}
networks = {
test = "projects/my-project/global/networks/shared-vpc"
}
project_ids = {
test = "my-project"
}
subnets = {
test = "projects/my-project/regions/europe-west8/subnetworks/gce"
}
}
}
# tftest modules=1 resources=18 inventory=context.yaml
```
### Complex example
This example mixes group and NEG backends, and shows how to set HTTPS for specific backends.
@@ -1088,22 +1235,23 @@ After provisioning this change, and verifying that the new certificate is provis
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [name](variables.tf#L126) | Load balancer name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L241) | Project id. | <code>string</code> | ✓ | |
| [name](variables.tf#L139) | Load balancer name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L254) | Project id. | <code>string</code> | ✓ | |
| [backend_buckets_config](variables.tf#L17) | Backend buckets configuration. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [backend_service_configs](variables-backend-service.tf#L19) | Backend service level configuration. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [description](variables.tf#L52) | Optional description used for resources. | <code>string</code> | | <code>&#34;Terraform managed.&#34;</code> |
| [forwarding_rules_config](variables.tf#L58) | The optional forwarding rules configuration. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [group_configs](variables.tf#L79) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [context](variables.tf#L52) | Context-specific interpolations. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [description](variables.tf#L65) | Optional description used for resources. | <code>string</code> | | <code>&#34;Terraform managed.&#34;</code> |
| [forwarding_rules_config](variables.tf#L71) | The optional forwarding rules configuration. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [group_configs](variables.tf#L92) | Optional unmanaged groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [health_check_configs](variables-health-check.tf#L19) | Optional auto-created health check configurations, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [http_proxy_config](variables.tf#L93) | HTTP proxy configuration. Only used for non-classic load balancers. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [https_proxy_config](variables.tf#L104) | HTTPS proxy connfiguration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [labels](variables.tf#L120) | Labels set on resources. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [neg_configs](variables.tf#L131) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [protocol](variables.tf#L246) | Protocol supported by this load balancer. | <code>string</code> | | <code>&#34;HTTP&#34;</code> |
| [ssl_certificates](variables.tf#L259) | SSL target proxy certificates (only if protocol is HTTPS) for existing, custom, and managed certificates. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [http_proxy_config](variables.tf#L106) | HTTP proxy configuration. Only used for non-classic load balancers. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [https_proxy_config](variables.tf#L117) | HTTPS proxy connfiguration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [labels](variables.tf#L133) | Labels set on resources. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [neg_configs](variables.tf#L144) | Optional network endpoint groups to create. Can be referenced in backends via key or outputs. | <code>map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [protocol](variables.tf#L259) | Protocol supported by this load balancer. | <code>string</code> | | <code>&#34;HTTP&#34;</code> |
| [ssl_certificates](variables.tf#L272) | SSL target proxy certificates (only if protocol is HTTPS) for existing, custom, and managed certificates. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [urlmap_config](variables-urlmap.tf#L19) | The URL map configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#8230;&#125;</code> |
| [use_classic_version](variables.tf#L277) | Use classic Global Load Balancer. | <code>bool</code> | | <code>true</code> |
| [use_classic_version](variables.tf#L290) | Use classic Global Load Balancer. | <code>bool</code> | | <code>true</code> |
## Outputs

2
modules/net-lb-app-ext/backend-service.tf
View File

@@ -46,7 +46,7 @@ resource "google_compute_backend_service" "default" {
for_each = var.backend_service_configs
project = (
each.value.project_id == null
? var.project_id
? local.project_id
: each.value.project_id
)
name = coalesce(each.value.name, "${var.name}-${each.key}")

2
modules/net-lb-app-ext/backends.tf
View File

@@ -20,7 +20,7 @@ resource "google_compute_backend_bucket" "default" {
for_each = var.backend_buckets_config
project = (
each.value.project_id == null
? var.project_id
? local.project_id
: each.value.project_id
)
name = coalesce(each.value.name, "${var.name}-${each.key}")

4
modules/net-lb-app-ext/groups.tf
View File

@@ -18,10 +18,10 @@ resource "google_compute_instance_group" "default" {
for_each = var.group_configs
project = (
each.value.project_id == null
? var.project_id
? local.project_id
: each.value.project_id
)
zone = each.value.zone
zone = try(local.ctx.locations[each.value.zone], each.value.zone)
name = coalesce(each.value.name, "${var.name}-${each.key}")
description = each.value.description
instances = each.value.instances

2
modules/net-lb-app-ext/health-check.tf
View File

@@ -21,7 +21,7 @@ resource "google_compute_health_check" "default" {
for_each = var.health_check_configs
project = (
each.value.project_id == null
? var.project_id
? local.project_id
: each.value.project_id
)
name = coalesce(each.value.name, "${var.name}-${each.key}")

20
modules/net-lb-app-ext/main.tf
View File

@@ -15,6 +15,14 @@
*/
locals {
ctx = {
for k, v in var.context : k => {
for kk, vv in v : "${local.ctx_p}${k}:${kk}" => vv
}
}
ctx_p = "$"
project_id = lookup(local.ctx.project_ids, var.project_id, var.project_id)
fwd_rule_names = {
for k, v in var.forwarding_rules_config :
k => k == "" ? var.name : "${var.name}-${k}"
@@ -55,7 +63,7 @@ resource "google_compute_global_forwarding_rule" "default" {
project = var.project_id
name = coalesce(each.value.name, local.fwd_rule_names[each.key])
description = each.value.description
ip_address = each.value.address
ip_address = try(local.ctx.addresses[each.value.address], each.value.address)
ip_protocol = "TCP"
ip_version = each.value.address != null ? null : each.value.ipv6 == true ? "IPV6" : "IPV4" # do not set if address is provided
load_balancing_scheme = (
@@ -80,7 +88,7 @@ resource "google_compute_ssl_certificate" "default" {
resource "google_compute_managed_ssl_certificate" "default" {
for_each = var.ssl_certificates.managed_configs
project = var.project_id
project = local.project_id
name = coalesce(each.value.name, "${var.name}-${each.key}")
description = each.value.description
managed {
@@ -94,7 +102,7 @@ resource "google_compute_target_http_proxy" "default" {
count = (
var.protocol == "HTTP" && var.use_classic_version ? 1 : 0
)
project = var.project_id
project = local.project_id
name = coalesce(var.https_proxy_config.name, var.name)
description = var.http_proxy_config.description
url_map = google_compute_url_map.default.id
@@ -104,7 +112,7 @@ resource "google_compute_target_https_proxy" "default" {
count = (
var.protocol == "HTTPS" && var.use_classic_version ? 1 : 0
)
project = var.project_id
project = local.project_id
name = coalesce(var.https_proxy_config.name, var.name)
description = var.https_proxy_config.description
certificate_map = var.https_proxy_config.certificate_map
@@ -120,7 +128,7 @@ resource "google_compute_target_http_proxy" "new" {
count = (
var.protocol == "HTTP" && !var.use_classic_version ? 1 : 0
)
project = var.project_id
project = local.project_id
name = coalesce(var.http_proxy_config.name, var.name)
description = var.http_proxy_config.description
http_keep_alive_timeout_sec = var.http_proxy_config.http_keepalive_timeout
@@ -131,7 +139,7 @@ resource "google_compute_target_https_proxy" "new" {
count = (
var.protocol == "HTTPS" && !var.use_classic_version ? 1 : 0
)
project = var.project_id
project = local.project_id
name = coalesce(var.https_proxy_config.name, var.name)
description = var.https_proxy_config.description
certificate_map = var.https_proxy_config.certificate_map

12
modules/net-lb-app-ext/negs.tf
View File

@@ -65,7 +65,7 @@ locals {
resource "google_compute_global_network_endpoint_group" "default" {
for_each = local.neg_global
project = var.project_id
project = local.project_id
name = "${var.name}-${each.key}"
# re-enable once provider properly supports this
# default_port = each.value.default_port
@@ -91,18 +91,18 @@ resource "google_compute_global_network_endpoint" "default" {
resource "google_compute_network_endpoint_group" "default" {
for_each = local.neg_zonal
project = var.project_id
project = local.project_id
zone = each.value.zone
name = "${var.name}-${each.key}"
# re-enable once provider properly supports this
# default_port = each.value.default_port
description = coalesce(each.value.description, var.description)
network_endpoint_type = each.value.type
network = each.value.network
network = try(local.ctx.networks[each.value.network], each.value.network)
subnetwork = (
each.value.type == "NON_GCP_PRIVATE_IP_PORT"
? null
: each.value.subnetwork
: try(local.ctx.subnets[each.value.subnetwork], each.value.subnetwork)
)
}
@@ -122,7 +122,7 @@ resource "google_compute_network_endpoint" "default" {
resource "google_compute_region_network_endpoint_group" "psc" {
for_each = local.neg_regional_psc
project = var.project_id
project = local.project_id
region = each.value.psc.region
name = "${var.name}-${each.key}"
description = coalesce(each.value.description, var.description)
@@ -141,7 +141,7 @@ resource "google_compute_region_network_endpoint_group" "serverless" {
for_each = local.neg_regional_serverless
project = (
each.value.project_id == null
? var.project_id
? local.project_id
: each.value.project_id
)
region = try(

2
modules/net-lb-app-ext/urlmap.tf
View File

@@ -25,7 +25,7 @@ locals {
resource "google_compute_url_map" "default" {
provider = google-beta
project = var.project_id
project = local.project_id
name = var.name
description = var.urlmap_config.description
default_service = (

13
modules/net-lb-app-ext/variables.tf
View File

@@ -49,6 +49,19 @@ variable "backend_buckets_config" {
nullable = true
}
variable "context" {
description = "Context-specific interpolations."
type = object({
addresses = optional(map(string), {})
locations = optional(map(string), {})
networks = optional(map(string), {})
project_ids = optional(map(string), {})
subnets = optional(map(string), {})
})
default = {}
nullable = false
}
variable "description" {
description = "Optional description used for resources."
type = string