diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index e23de6840..75462ff60 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -195,7 +195,8 @@ module "vpc" {
| *subnet_descriptions* | Optional map of subnet descriptions, keyed by subnet 'region/name'. | map(string) | | {} |
| *subnet_flow_logs* | Optional map of boolean to control flow logs (default is disabled), keyed by subnet 'region/name'. | map(bool) | | {} |
| *subnet_private_access* | Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'. | map(bool) | | {} |
-| *subnets* | The list of subnets being created | list(object({...})) | | [] |
+| *subnets* | List of subnets being created. | list(object({...})) | | [] |
+| *subnets_l7ilb* | List of subnets for private HTTPS load balancer. | list(object({...})) | | [] |
| *vpc_create* | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true |
## Outputs
@@ -212,6 +213,7 @@ module "vpc" {
| subnet_secondary_ranges | Map of subnet secondary ranges keyed by name. | |
| subnet_self_links | Map of subnet self links keyed by name. | |
| subnets | Subnet resources. | |
+| subnets_l7ilb | L7 ILB subnet resources. | |
The key format is `subnet_region/subnet_name`. For example `europe-west1/my_subnet`.
diff --git a/modules/net-vpc/main.tf b/modules/net-vpc/main.tf
index 4b2610d73..0695968fb 100644
--- a/modules/net-vpc/main.tf
+++ b/modules/net-vpc/main.tf
@@ -68,6 +68,10 @@ locals {
for subnet in var.subnets :
"${subnet.region}/${subnet.name}" => subnet
}
+ subnets_l7ilb = {
+ for subnet in var.subnets_l7ilb :
+ "${subnet.region}/${subnet.name}" => subnet
+ }
network = (
var.vpc_create
? try(google_compute_network.network.0, null)
@@ -141,8 +145,14 @@ resource "google_compute_subnetwork" "subnetwork" {
for name, range in each.value.secondary_ip_range :
{ range_name = name, ip_cidr_range = range }
]
- description = lookup(var.subnet_descriptions, "${each.value.region}/${each.value.name}", "Terraform-managed.")
- private_ip_google_access = lookup(var.subnet_private_access, "${each.value.region}/${each.value.name}", true)
+ description = lookup(
+ var.subnet_descriptions,
+ "${each.value.region}/${each.value.name}",
+ "Terraform-managed."
+ )
+ private_ip_google_access = lookup(
+ var.subnet_private_access, "${each.value.region}/${each.value.name}", true
+ )
dynamic "log_config" {
for_each = local.subnet_log_configs["${each.value.region}/${each.value.name}"]
iterator = config
@@ -154,6 +164,25 @@ resource "google_compute_subnetwork" "subnetwork" {
}
}
+resource "google_compute_subnetwork" "l7ilb" {
+ provider = google-beta
+ for_each = local.subnets_l7ilb
+ project = var.project_id
+ network = local.network.name
+ region = each.value.region
+ name = each.value.name
+ ip_cidr_range = each.value.ip_cidr_range
+ purpose = "INTERNAL_HTTPS_LOAD_BALANCER"
+ role = (
+ each.value.active || each.value.active == null ? "ACTIVE" : "BACKUP"
+ )
+ description = lookup(
+ var.subnet_descriptions,
+ "${each.value.region}/${each.value.name}",
+ "Terraform-managed."
+ )
+}
+
resource "google_compute_subnetwork_iam_binding" "binding" {
for_each = {
for binding in local.subnet_iam_members :
diff --git a/modules/net-vpc/outputs.tf b/modules/net-vpc/outputs.tf
index affd7d0c4..cf17e7f98 100644
--- a/modules/net-vpc/outputs.tf
+++ b/modules/net-vpc/outputs.tf
@@ -70,12 +70,16 @@ output "self_link" {
output "subnet_ips" {
description = "Map of subnet address ranges keyed by name."
- value = { for k, v in google_compute_subnetwork.subnetwork : k => v.ip_cidr_range }
+ value = {
+ for k, v in google_compute_subnetwork.subnetwork : k => v.ip_cidr_range
+ }
}
output "subnet_regions" {
description = "Map of subnet regions keyed by name."
- value = { for k, v in google_compute_subnetwork.subnetwork : k => v.region }
+ value = {
+ for k, v in google_compute_subnetwork.subnetwork : k => v.region
+ }
}
output "subnet_secondary_ranges" {
@@ -99,3 +103,8 @@ output "subnets" {
description = "Subnet resources."
value = { for k, v in google_compute_subnetwork.subnetwork : k => v }
}
+
+output "subnets_l7ilb" {
+ description = "L7 ILB subnet resources."
+ value = { for k, v in google_compute_subnetwork.l7ilb : k => v }
+}
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index 0b45d20ce..462c8a4d6 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -168,17 +168,27 @@ variable "subnet_private_access" {
}
variable "subnets" {
- description = "The list of subnets being created"
+ description = "List of subnets being created."
type = list(object({
name = string
ip_cidr_range = string
- name = string
region = string
secondary_ip_range = map(string)
}))
default = []
}
+variable "subnets_l7ilb" {
+ description = "List of subnets for private HTTPS load balancer."
+ type = list(object({
+ active = bool
+ name = string
+ ip_cidr_range = string
+ region = string
+ }))
+ default = []
+}
+
variable "vpc_create" {
description = "Create VPC. When set to false, uses a data source to reference existing VPC."
type = bool