Need help with terraform-google-lb-http?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

terraform-google-modules
178 Stars 209 Forks Apache License 2.0 212 Commits 17 Opened issues

Description

Modular Global HTTP Load Balancer for GCE using forwarding rules.

Services available

!
?

Need anything else?

Contributors list

Global HTTP Load Balancer Terraform Module

Modular Global HTTP Load Balancer for GCE using forwarding rules.

  • If you would like to allow for backend groups to be managed outside Terraform, such as via GKE services, see the dynamic backends submodule.
  • If you would like to use load balancing with serverless backends (Cloud Run, Cloud Functions or App Engine), see the serverless_negs submodule and cloudrun example.

Load Balancer Types

Compatibility

This module is meant for use with Terraform 0.13. If you haven't upgraded and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is v4.5.0.

Usage

module "gce-lb-http" {
  source            = "GoogleCloudPlatform/lb-http/google"
  version           = "~> 4.4"

project = "my-project-id" name = "group-http-lb" target_tags = [module.mig1.target_tags, module.mig2.target_tags] backends = { default = { description = null protocol = "HTTP" port = var.service_port port_name = var.service_port_name timeout_sec = 10 enable_cdn = false custom_request_headers = null custom_response_headers = null security_policy = null

  connection_draining_timeout_sec = null
  session_affinity                = null
  affinity_cookie_ttl_sec         = null

  health_check = {
    check_interval_sec  = null
    timeout_sec         = null
    healthy_threshold   = null
    unhealthy_threshold = null
    request_path        = "/"
    port                = var.service_port
    host                = null
    logging             = null
  }

  log_config = {
    enable = true
    sample_rate = 1.0
  }

  groups = [
    {
      # Each node pool instance group should be added to the backend.
      group                        = var.backend
      balancing_mode               = null
      capacity_scaler              = null
      description                  = null
      max_connections              = null
      max_connections_per_instance = null
      max_connections_per_endpoint = null
      max_rate                     = null
      max_rate_per_instance        = null
      max_rate_per_endpoint        = null
      max_utilization              = null
    },
  ]

  iap_config = {
    enable               = false
    oauth2_client_id     = null
    oauth2_client_secret = null
  }
}

} }

Resources created

Figure 1. diagram of terraform resources

architecture diagram

Version

Current version is 3.0. Upgrade guides:

Inputs

| Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | address | Existing IPv4 address to use (the actual IP address value) |

string
|
null
| no | | backends | Map backend indices to list of backend maps. |
map(object({
protocol = string
port = number
portname = string

description = string
enable
cdn = bool
securitypolicy = string
custom
requestheaders = list(string)
custom
responseheaders = list(string)

timeout
sec = number
connectiondrainingtimeoutsec = number
session
affinity = string
affinitycookiettlsec = number

health
check = object({
checkintervalsec = number
timeoutsec = number
healthy
threshold = number
unhealthythreshold = number
request
path = string
port = number
host = string
logging = bool
})

logconfig = object({
enable = bool
sample
rate = number
})

groups = list(object({
group = string

balancingmode = string
capacity
scaler = number
description = string
maxconnections = number
max
connectionsperinstance = number
maxconnectionsperendpoint = number
max
rate = number
maxrateperinstance = number
max
rateperendpoint = number
maxutilization = number
}))
iap
config = object({
enable = bool
oauth2clientid = string
oauth2clientsecret = string
})
}))
| n/a | yes | | cdn | Set to
true
to enable cdn on backend. |
bool
|
false
| no | | certificate | Content of the SSL certificate. Required if
ssl
is
true
and
ssl_certificates
is empty. |
string
|
null
| no | | create_address | Create a new global IPv4 address |
bool
|
true
| no | | create_ipv6_address | Allocate a new IPv6 address. Conflicts with "ipv6_address" - if both specified, "create_ipv6_address" takes precedence. |
bool
|
false
| no | | create_url_map | Set to
false
if url_map variable is provided. |
bool
|
true
| no | | enable_ipv6 | Enable IPv6 address on the CDN load-balancer |
bool
|
false
| no | | firewall_networks | Names of the networks to create firewall rules in |
list(string)
|
[
"default"
]
| no | | firewall_projects | Names of the projects to create firewall rules in |
list(string)
|
[
"default"
]
| no | | http_forward | Set to
false
to disable HTTP port 80 forward |
bool
|
true
| no | | https_redirect | Set to
true
to enable https redirect on the lb. |
bool
|
false
| no | | ipv6_address | An existing IPv6 address to use (the actual IP address value) |
string
|
null
| no | | managed_ssl_certificate_domains | Create Google-managed SSL certificates for specified domains. Requires
ssl
to be set to
true
and
use_ssl_certificates
set to
false
. |
list(string)
|
[]
| no | | name | Name for the forwarding rule and prefix for supporting resources |
string
| n/a | yes | | private_key | Content of the private SSL key. Required if
ssl
is
true
and
ssl_certificates
is empty. |
string
|
null
| no | | project | The project to deploy to, if not set the default provider project is used. |
string
| n/a | yes | | quic | Set to
true
to enable QUIC support |
bool
|
false
| no | | random_certificate_suffix | Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. |
bool
|
false
| no | | security_policy | The resource URL for the security policy to associate with the backend service |
string
|
null
| no | | ssl | Set to
true
to enable SSL support, requires variable
ssl_certificates
- a list of self_link certs |
bool
|
false
| no | | ssl_certificates | SSL cert self_link list. Required if
ssl
is
true
and no
private_key
and
certificate
is provided. |
list(string)
|
[]
| no | | ssl_policy | Selfink to SSL Policy |
string
|
null
| no | | target_service_accounts | List of target service accounts for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. |
list(string)
|
[]
| no | | target_tags | List of target tags for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. |
list(string)
|
[]
| no | | url_map | The url_map resource to use. Default is to send all traffic to first backend. |
string
|
null
| no | | use_ssl_certificates | If true, use the certificates provided by
ssl_certificates
, otherwise, create cert from
private_key
and
certificate
|
bool
|
false
| no |

Outputs

| Name | Description | |------|-------------| | backend_services | The backend service resources. | | external_ip | The external IPv4 assigned to the global fowarding rule. | | external_ipv6_address | The external IPv6 assigned to the global fowarding rule. | | http_proxy | The HTTP proxy used by this module. | | https_proxy | The HTTPS proxy used by this module. | | ipv6_enabled | Whether IPv6 configuration is enabled on this load-balancer | | url_map | The default URL map used by this module. |

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.