kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add context to net-lb-app-int module (#3880)

Browse Source
This commit is contained in:
Luca Prete
2026-04-17 15:00:00 +02:00
committed by GitHub
parent 5ca68a3de0
commit 7a31a07df9
4 changed files with 413 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
modules/net-lb-app-int/README.md
View File

@@ -23,6 +23,7 @@ Due to the complexity of the underlying resources, changes to the configuration
- [SSL Certificates](#ssl-certificates) - [SSL Certificates](#ssl-certificates)
- [Backend Authenticated TLS](#backend-authenticated-tls) - [Backend Authenticated TLS](#backend-authenticated-tls)
- [PSC service attachment](#psc-service-attachment) - [PSC service attachment](#psc-service-attachment)
- [Context](#context)
- [Complex example](#complex-example) - [Complex example](#complex-example)
- [Deploying changes to load balancer configurations](#deploying-changes-to-load-balancer-configurations) - [Deploying changes to load balancer configurations](#deploying-changes-to-load-balancer-configurations)
- [Files](#files) - [Files](#files)
@@ -777,6 +778,167 @@ module "ilb-l7" {
# tftest modules=3 resources=10 fixtures=fixtures/compute-vm-group-bc.tf e2e # tftest modules=3 resources=10 fixtures=fixtures/compute-vm-group-bc.tf e2e
``` ```
### Context
The module supports the contexts interpolation. For example:
```hcl
module "ilb-l7" {
source = "./fabric/modules/net-lb-app-int"
name = "ilb-test-0"
project_id = "$project_ids:test"
region = "$locations:ew8"
vpc_config = {
network = "$networks:test"
subnetwork = "$subnets:test"
}
address = "$addresses:test"
backend_service_configs = {
default = {
backends = [
{ group = "projects/foo-test-0/zones/europe-west8-b/instanceGroups/ig-b" },
{ group = "ig-c" }
]
}
neg-cloudrun = {
backends = [{ group = "neg-cloudrun" }]
health_checks = []
}
neg-gce = {
backends = [{ group = "neg-gce" }]
balancing_mode = "RATE"
max_rate = { per_endpoint = 10 }
}
neg-hybrid = {
backends = [{ group = "neg-hybrid" }]
balancing_mode = "RATE"
max_rate = { per_endpoint = 10 }
}
neg-internet = {
backends = [{ group = "neg-internet" }]
health_checks = []
}
neg-psc = {
backends = [{ group = "neg-psc" }]
health_checks = []
}
}
group_configs = {
ig-c = {
zone = "$locations:ew8-c"
instances = [
"projects/foo-test-0/zones/europe-west8-c/instances/vm-c"
]
named_ports = { http = 80 }
}
}
health_check_configs = {
default = {
http = {
host = "hello.example.org"
port_specification = "USE_SERVING_PORT"
}
}
}
neg_configs = {
neg-cloudrun = {
cloudrun = {
region = "$locations:ew8"
target_service = {
name = "hello"
}
}
}
neg-gce = {
gce = {
network = "$networks:test"
subnetwork = "$subnets:test"
zone = "$locations:ew8-b"
endpoints = {
e-0 = {
instance = "nginx-ew8-b"
ip_address = "$addresses:test"
port = 80
}
}
}
}
neg-hybrid = {
hybrid = {
network = "$networks:test"
zone = "$locations:ew8-b"
endpoints = {
e-0 = {
ip_address = "$addresses:test-hybrid"
port = 80
}
}
}
}
neg-internet = {
internet = {
region = "$locations:ew8"
use_fqdn = true
endpoints = {
e-0 = {
destination = "hello.example.org"
port = 80
}
}
}
}
neg-psc = {
psc = {
region = "$locations:ew8"
target_service = "projects/foo-test-0/regions/europe-west8/serviceAttachments/sa"
network = "$networks:test"
subnetwork = "$subnets:test"
}
}
}
urlmap_config = {
default_service = "default"
host_rules = [{
hosts = ["*"]
path_matcher = "pathmap"
}]
path_matchers = {
pathmap = {
default_service = "default"
path_rules = [
{ paths = ["/cloudrun", "/cloudrun/*"], service = "neg-cloudrun" },
{ paths = ["/gce", "/gce/*"], service = "neg-gce" },
{ paths = ["/hybrid", "/hybrid/*"], service = "neg-hybrid" },
{ paths = ["/internet", "/internet/*"], service = "neg-internet" },
{ paths = ["/psc", "/psc/*"], service = "neg-psc" },
]
}
}
}
context = {
addresses = {
test = "10.0.0.10"
test-hybrid = "192.168.0.3"
}
locations = {
ew8 = "europe-west8"
ew8-b = "europe-west8-b"
ew8-c = "europe-west8-c"
}
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
subnets = {
test = "projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/gce"
}
}
}
# tftest modules=1 resources=19 inventory=context.yaml
```
### Complex example ### Complex example
This example mixes group and NEG backends, and shows how to set HTTPS for specific backends. This example mixes group and NEG backends, and shows how to set HTTPS for specific backends.

2
modules/net-lb-app-int/groups.tf
View File

@@ -21,7 +21,7 @@ resource "google_compute_instance_group" "default" {
? local.project_id ? local.project_id
: each.value.project_id : each.value.project_id
) )
zone = each.value.zone zone = try(local.ctx.locations[each.value.zone], each.value.zone)
name = coalesce(each.value.name, "${var.name}-${each.key}") name = coalesce(each.value.name, "${var.name}-${each.key}")
description = each.value.description description = each.value.description
instances = each.value.instances instances = each.value.instances

21
modules/net-lb-app-int/main.tf
View File

@@ -183,12 +183,17 @@ resource "google_compute_network_endpoint_group" "default" {
description = var.description description = var.description
network_endpoint_type = each.value.type network_endpoint_type = each.value.type
network = ( network = (
each.value.network != null ? each.value.network : local.network each.value.network != null
? try(local.ctx.networks[each.value.network], each.value.network)
: local.network
) )
subnetwork = ( subnetwork = (
each.value.type == "NON_GCP_PRIVATE_IP_PORT" each.value.type == "NON_GCP_PRIVATE_IP_PORT"
? null ? null
: coalesce(each.value.subnetwork, local.subnetwork) : coalesce(
try(local.ctx.subnets[each.value.subnetwork], each.value.subnetwork),
local.subnetwork
)
) )
} }
@@ -238,8 +243,16 @@ resource "google_compute_region_network_endpoint_group" "psc" {
//description = coalesce(each.value.description, var.description) //description = coalesce(each.value.description, var.description)
network_endpoint_type = "PRIVATE_SERVICE_CONNECT" network_endpoint_type = "PRIVATE_SERVICE_CONNECT"
psc_target_service = each.value.psc.target_service psc_target_service = each.value.psc.target_service
network = each.value.psc.network network = (
subnetwork = each.value.psc.subnetwork each.value.psc.network == null
? null
: try(local.ctx.networks[each.value.psc.network], each.value.psc.network)
)
subnetwork = (
each.value.psc.subnetwork == null
? null
: try(local.ctx.subnets[each.value.psc.subnetwork], each.value.psc.subnetwork)
)
lifecycle { lifecycle {
# ignore until https://github.com/hashicorp/terraform-provider-google/issues/20576 is fixed # ignore until https://github.com/hashicorp/terraform-provider-google/issues/20576 is fixed
ignore_changes = [psc_data] ignore_changes = [psc_data]

233
tests/modules/net_lb_app_int/examples/context.yaml Normal file
View File

@@ -0,0 +1,233 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.ilb-l7.google_compute_forwarding_rule.default:
ip_address: 10.0.0.10
ip_protocol: TCP
load_balancing_scheme: INTERNAL_MANAGED
name: ilb-test-0
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
network_tier: PREMIUM
port_range: '80'
project: foo-test-0
region: europe-west8
subnetwork: projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/gce
module.ilb-l7.google_compute_health_check.default["default"]:
check_interval_sec: 5
description: Terraform managed.
healthy_threshold: 2
http_health_check:
- host: hello.example.org
port_specification: USE_SERVING_PORT
name: ilb-test-0-default
project: foo-test-0
timeout_sec: 5
unhealthy_threshold: 2
module.ilb-l7.google_compute_instance_group.default["ig-c"]:
description: Terraform managed.
instances:
- projects/foo-test-0/zones/europe-west8-c/instances/vm-c
name: ilb-test-0-ig-c
named_port:
- name: http
port: 80
project: foo-test-0
zone: europe-west8-c
module.ilb-l7.google_compute_network_endpoint.default["neg-gce-e-0"]:
instance: nginx-ew8-b
ip_address: $addresses:test
network_endpoint_group: ilb-test-0-neg-gce
port: 80
project: foo-test-0
zone: $locations:ew8-b
module.ilb-l7.google_compute_network_endpoint.default["neg-hybrid-e-0"]:
ip_address: $addresses:test-hybrid
network_endpoint_group: ilb-test-0-neg-hybrid
port: 80
project: foo-test-0
zone: $locations:ew8-b
module.ilb-l7.google_compute_network_endpoint_group.default["neg-gce"]:
description: Terraform managed.
name: ilb-test-0-neg-gce
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
network_endpoint_type: GCE_VM_IP_PORT
project: foo-test-0
subnetwork: projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/gce
zone: $locations:ew8-b
module.ilb-l7.google_compute_network_endpoint_group.default["neg-hybrid"]:
description: Terraform managed.
name: ilb-test-0-neg-hybrid
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
network_endpoint_type: NON_GCP_PRIVATE_IP_PORT
project: foo-test-0
zone: $locations:ew8-b
module.ilb-l7.google_compute_region_backend_service.default["default"]:
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
description: Terraform managed.
failover: false
group: projects/foo-test-0/zones/europe-west8-b/instanceGroups/ig-b
- balancing_mode: UTILIZATION
capacity_scaler: 1
description: Terraform managed.
failover: false
connection_draining_timeout_sec: 300
description: Terraform managed.
load_balancing_scheme: INTERNAL_MANAGED
name: ilb-test-0-default
project: foo-test-0
protocol: HTTP
region: europe-west8
module.ilb-l7.google_compute_region_backend_service.default["neg-cloudrun"]:
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
description: Terraform managed.
failover: false
connection_draining_timeout_sec: 300
description: Terraform managed.
load_balancing_scheme: INTERNAL_MANAGED
name: ilb-test-0-neg-cloudrun
project: foo-test-0
protocol: HTTP
region: europe-west8
module.ilb-l7.google_compute_region_backend_service.default["neg-gce"]:
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
description: Terraform managed.
failover: false
connection_draining_timeout_sec: 300
description: Terraform managed.
load_balancing_scheme: INTERNAL_MANAGED
name: ilb-test-0-neg-gce
project: foo-test-0
protocol: HTTP
region: europe-west8
module.ilb-l7.google_compute_region_backend_service.default["neg-hybrid"]:
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
description: Terraform managed.
failover: false
connection_draining_timeout_sec: 300
description: Terraform managed.
load_balancing_scheme: INTERNAL_MANAGED
name: ilb-test-0-neg-hybrid
project: foo-test-0
protocol: HTTP
region: europe-west8
module.ilb-l7.google_compute_region_backend_service.default["neg-internet"]:
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
description: Terraform managed.
failover: false
connection_draining_timeout_sec: 300
description: Terraform managed.
load_balancing_scheme: INTERNAL_MANAGED
name: ilb-test-0-neg-internet
project: foo-test-0
protocol: HTTP
region: europe-west8
module.ilb-l7.google_compute_region_backend_service.default["neg-psc"]:
backend:
- balancing_mode: UTILIZATION
capacity_scaler: 1
description: Terraform managed.
failover: false
connection_draining_timeout_sec: 300
description: Terraform managed.
load_balancing_scheme: INTERNAL_MANAGED
name: ilb-test-0-neg-psc
project: foo-test-0
protocol: HTTP
region: europe-west8
module.ilb-l7.google_compute_region_network_endpoint.internet["neg-internet-e-0"]:
fqdn: hello.example.org
port: 80
project: foo-test-0
region: $locations:ew8
region_network_endpoint_group: ilb-test-0-neg-internet
module.ilb-l7.google_compute_region_network_endpoint_group.default["neg-cloudrun"]:
cloud_run:
- service: hello
description: Terraform managed.
name: ilb-test-0-neg-cloudrun
network_endpoint_type: SERVERLESS
project: foo-test-0
region: $locations:ew8
module.ilb-l7.google_compute_region_network_endpoint_group.internet["neg-internet"]:
description: Terraform managed.
name: ilb-test-0-neg-internet
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
network_endpoint_type: INTERNET_FQDN_PORT
project: foo-test-0
region: $locations:ew8
module.ilb-l7.google_compute_region_network_endpoint_group.psc["neg-psc"]:
name: ilb-test-0-neg-psc
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
network_endpoint_type: PRIVATE_SERVICE_CONNECT
project: foo-test-0
psc_target_service: projects/foo-test-0/regions/europe-west8/serviceAttachments/sa
region: $locations:ew8
subnetwork: projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/gce
module.ilb-l7.google_compute_region_target_http_proxy.default[0]:
description: Terraform managed.
name: ilb-test-0
project: foo-test-0
region: europe-west8
module.ilb-l7.google_compute_region_url_map.default:
description: Terraform managed.
host_rule:
- hosts:
- '*'
path_matcher: pathmap
name: ilb-test-0
path_matcher:
- name: pathmap
path_rule:
- paths:
- /cloudrun
- /cloudrun/*
- paths:
- /gce
- /gce/*
- paths:
- /hybrid
- /hybrid/*
- paths:
- /internet
- /internet/*
- paths:
- /psc
- /psc/*
project: foo-test-0
region: europe-west8
counts:
google_compute_forwarding_rule: 1
google_compute_health_check: 1
google_compute_instance_group: 1
google_compute_network_endpoint: 2
google_compute_network_endpoint_group: 2
google_compute_region_backend_service: 6
google_compute_region_network_endpoint: 1
google_compute_region_network_endpoint_group: 3
google_compute_region_target_http_proxy: 1
google_compute_region_url_map: 1
modules: 1
resources: 19