Modular Global HTTP Load Balancer for GCE using forwarding rules.
Modular Global HTTP Load Balancer for GCE using forwarding rules.
This module is meant for use with Terraform 0.12. If you haven't upgraded and need a Terraform 0.11.x-compatible version of this module, the last released version intended for Terraform 0.11.x is 1.0.10.
module "gce-lb-http" { source = "GoogleCloudPlatform/lb-http/google" version = "~> 4.4"project = "my-project-id" name = "group-http-lb" target_tags = [module.mig1.target_tags, module.mig2.target_tags] backends = { default = { description = null protocol = "HTTP" port = var.service_port port_name = var.service_port_name timeout_sec = 10 enable_cdn = false custom_request_headers = null security_policy = null
connection_draining_timeout_sec = null session_affinity = null affinity_cookie_ttl_sec = null health_check = { check_interval_sec = null timeout_sec = null healthy_threshold = null unhealthy_threshold = null request_path = "/" port = var.service_port host = null logging = null } log_config = { enable = true sample_rate = 1.0 } groups = [ { # Each node pool instance group should be added to the backend. group = var.backend balancing_mode = null capacity_scaler = null description = null max_connections = null max_connections_per_instance = null max_connections_per_endpoint = null max_rate = null max_rate_per_instance = null max_rate_per_endpoint = null max_utilization = null }, ] iap_config = { enable = false oauth2_client_id = null oauth2_client_secret = null } }
} }
Figure 1. diagram of terraform resources
Current version is 3.0. Upgrade guides:
| Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | address | IP address self link | string |
"null"| no | | backends | Map backend indices to list of backend maps. | object | n/a | yes | | cdn | Set to
trueto enable cdn on backend. | bool |
"false"| no | | certificate | Content of the SSL certificate. Required if
sslis
trueand
ssl_certificatesis empty. | string |
"null"| no | | create_address | Create a new global address | bool |
"true"| no | | create_url_map | Set to
falseif urlmap variable is provided. | bool |
"true"| no | | firewall_networks | Names of the networks to create firewall rules in | list(string) | | no | | firewall_projects | Names of the projects to create firewall rules in | list(string) | | no | | http_forward | Set to
falseto disable HTTP port 80 forward | bool |
"true"| no | | https_redirect | Set to
trueto enable https redirect on the lb. | bool |
"false"| no | | ip_version | IP version for the Global address (IPv4 or v6) - Empty defaults to IPV4 | string |
"null"| no | | managed_ssl_certificate_domains | Create Google-managed SSL certificates for specified domains. Requires
sslto be set to
trueand `usesslcertificates
set tofalse
. | list(string) |
| no | | name | Name for the forwarding rule and prefix for supporting resources | string | n/a | yes | | private\_key | Content of the private SSL key. Required ifssl
istrue
andsslcertificates
is empty. | string |"null"
| no | | project | The project to deploy to, if not set the default provider project is used. | string | n/a | yes | | quic | Set totrue
to enable QUIC support | bool |"false"
| no | | security\_policy | The resource URL for the security policy to associate with the backend service | string |"null"
| no | | ssl | Set totrue
to enable SSL support, requires variablesslcertificates` - a list of selflink certs | bool |
"false"| no | | ssl_certificates | SSL cert selflink list. Required if
sslis
trueand no `privatekey
andcertificate
is provided. | list(string) |
| no | | ssl\_policy | Selfink to SSL Policy | string |"null"
| no | | target\_service\_accounts | List of target service accounts for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. | list(string) |
| no | | target\_tags | List of target tags for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. | list(string) |
| no | | url\_map | The url_map resource to use. Default is to send all traffic to first backend. | string |"null"
| no | | use\_ssl\_certificates | If true, use the certificates provided bysslcertificates
, otherwise, create cert fromprivatekey
andcertificate
| bool |"false"` | no |
| Name | Description | |------|-------------| | backend_services | The backend service resources. | | external_ip | The external IP assigned to the global forwarding rule. | | http_proxy | The HTTP proxy used by this module. | | https_proxy | The HTTPS proxy used by this module. |
google_compute_global_forwarding_rule.http: The global HTTP forwarding rule.
google_compute_global_forwarding_rule.https: The global HTTPS forwarding rule created when
sslis
true.
google_compute_target_http_proxy.default: The HTTP proxy resource that binds the url map. Created when input
sslis
false.
google_compute_target_https_proxy.default: The HTTPS proxy resource that binds the url map. Created when input
sslis
true.
google_compute_ssl_certificate.default: The certificate resource created when input
sslis
trueand
managed_ssl_certificate_domainsnot specified.
google_compute_managed_ssl_certificate.default: The Google-managed certificate resource created when input
sslis
trueand
managed_ssl_certificate_domainsis specified.
google_compute_url_map.default: The default URL map resource when input
url_mapis not provided.
google_compute_backend_service.default.*: The backend services created for each of the
backend_paramselements.
google_compute_health_check.default.*: Health check resources created for each of the (non global NEG) backend services.
google_compute_firewall.default-hc: Firewall rule created for each of the backed services to allow health checks to the instance group.