terraform-google-modules/ terraform-google-lb-http
About the developer
178 Stars 
209 Forks 
Apache License 2.0 
212 Commits 
17 Opened issues 
Description
Modular Global HTTP Load Balancer for GCE using forwarding rules.
Services available
Contributors list
Global HTTP Load Balancer Terraform Module
Modular Global HTTP Load Balancer for GCE using forwarding rules.
- If you would like to allow for backend groups to be managed outside Terraform, such as via GKE services, see the dynamic backends submodule.
- If you would like to use load balancing with serverless backends (Cloud Run, Cloud Functions or App Engine), see the serverless_negs submodule and cloudrun example.
Load Balancer Types
- TCP load balancer
- HTTP/S load balancer
- Internal load balancer
Compatibility
This module is meant for use with Terraform 0.13. If you haven't upgraded and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is v4.5.0.
Usage
module "gce-lb-http" {
source = "GoogleCloudPlatform/lb-http/google"
version = "~> 4.4"
project = "my-project-id"
name = "group-http-lb"
target_tags = [module.mig1.target_tags, module.mig2.target_tags]
backends = {
default = {
description = null
protocol = "HTTP"
port = var.service_port
port_name = var.service_port_name
timeout_sec = 10
enable_cdn = false
custom_request_headers = null
custom_response_headers = null
security_policy = null
connection_draining_timeout_sec = null
session_affinity = null
affinity_cookie_ttl_sec = null
health_check = {
check_interval_sec = null
timeout_sec = null
healthy_threshold = null
unhealthy_threshold = null
request_path = "/"
port = var.service_port
host = null
logging = null
}
log_config = {
enable = true
sample_rate = 1.0
}
groups = [
{
# Each node pool instance group should be added to the backend.
group = var.backend
balancing_mode = null
capacity_scaler = null
description = null
max_connections = null
max_connections_per_instance = null
max_connections_per_endpoint = null
max_rate = null
max_rate_per_instance = null
max_rate_per_endpoint = null
max_utilization = null
},
]
iap_config = {
enable = false
oauth2_client_id = null
oauth2_client_secret = null
}
}
}
}
Resources created
Figure 1. diagram of terraform resources
Version
Current version is 3.0. Upgrade guides:
Inputs
| Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | address | Existing IPv4 address to use (the actual IP address value) |
string|
null| no | | backends | Map backend indices to list of backend maps. |
map(object({
protocol = string
port = number
portname = string
description = string
enablecdn = bool
securitypolicy = string
customrequestheaders = list(string)
customresponseheaders = list(string)
timeoutsec = number
connectiondrainingtimeoutsec = number
sessionaffinity = string
affinitycookiettlsec = number
healthcheck = object({
checkintervalsec = number
timeoutsec = number
healthythreshold = number
unhealthythreshold = number
requestpath = string
port = number
host = string
logging = bool
})
logconfig = object({
enable = bool
samplerate = number
})
groups = list(object({
group = string
balancingmode = string
capacityscaler = number
description = string
maxconnections = number
maxconnectionsperinstance = number
maxconnectionsperendpoint = number
maxrate = number
maxrateperinstance = number
maxrateperendpoint = number
maxutilization = number
}))
iapconfig = object({
enable = bool
oauth2clientid = string
oauth2clientsecret = string
})
})) | n/a | yes |
| cdn | Set to trueto enable cdn on backend. |
bool|
false| no | | certificate | Content of the SSL certificate. Required if
sslis
trueand
ssl_certificatesis empty. |
string|
null| no | | create_address | Create a new global IPv4 address |
bool|
true| no | | create_ipv6_address | Allocate a new IPv6 address. Conflicts with "ipv6_address" - if both specified, "create_ipv6_address" takes precedence. |
bool|
false| no | | create_url_map | Set to
falseif url_map variable is provided. |
bool|
true| no | | enable_ipv6 | Enable IPv6 address on the CDN load-balancer |
bool|
false| no | | firewall_networks | Names of the networks to create firewall rules in |
list(string)|
[| no | | firewall_projects | Names of the projects to create firewall rules in |
"default"
]
list(string)|
[| no | | http_forward | Set to
"default"
]
falseto disable HTTP port 80 forward |
bool|
true| no | | https_redirect | Set to
trueto enable https redirect on the lb. |
bool|
false| no | | ipv6_address | An existing IPv6 address to use (the actual IP address value) |
string|
null| no | | managed_ssl_certificate_domains | Create Google-managed SSL certificates for specified domains. Requires
sslto be set to
trueand
use_ssl_certificatesset to
false. |
list(string)|
[]| no | | name | Name for the forwarding rule and prefix for supporting resources |
string| n/a | yes | | private_key | Content of the private SSL key. Required if
sslis
trueand
ssl_certificatesis empty. |
string|
null| no | | project | The project to deploy to, if not set the default provider project is used. |
string| n/a | yes | | quic | Set to
trueto enable QUIC support |
bool|
false| no | | random_certificate_suffix | Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. |
bool|
false| no | | security_policy | The resource URL for the security policy to associate with the backend service |
string|
null| no | | ssl | Set to
trueto enable SSL support, requires variable
ssl_certificates- a list of self_link certs |
bool|
false| no | | ssl_certificates | SSL cert self_link list. Required if
sslis
trueand no
private_keyand
certificateis provided. |
list(string)|
[]| no | | ssl_policy | Selfink to SSL Policy |
string|
null| no | | target_service_accounts | List of target service accounts for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. |
list(string)|
[]| no | | target_tags | List of target tags for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. |
list(string)|
[]| no | | url_map | The url_map resource to use. Default is to send all traffic to first backend. |
string|
null| no | | use_ssl_certificates | If true, use the certificates provided by
ssl_certificates, otherwise, create cert from
private_keyand
certificate|
bool|
false| no |
Outputs
| Name | Description | |------|-------------| | backend_services | The backend service resources. | | external_ip | The external IPv4 assigned to the global fowarding rule. | | external_ipv6_address | The external IPv6 assigned to the global fowarding rule. | | http_proxy | The HTTP proxy used by this module. | | https_proxy | The HTTPS proxy used by this module. | | ipv6_enabled | Whether IPv6 configuration is enabled on this load-balancer | | url_map | The default URL map used by this module. |
-
google_compute_global_forwarding_rule.http
: The global HTTP forwarding rule. -
google_compute_global_forwarding_rule.https
: The global HTTPS forwarding rule created whenssl
istrue
. -
google_compute_target_http_proxy.default
: The HTTP proxy resource that binds the url map. Created when inputssl
isfalse
. -
google_compute_target_https_proxy.default
: The HTTPS proxy resource that binds the url map. Created when inputssl
istrue
. -
google_compute_ssl_certificate.default
: The certificate resource created when inputssl
istrue
andmanaged_ssl_certificate_domains
not specified. -
google_compute_managed_ssl_certificate.default
: The Google-managed certificate resource created when inputssl
istrue
andmanaged_ssl_certificate_domains
is specified. -
google_compute_url_map.default
: The default URL map resource when inputurl_map
is not provided. -
google_compute_backend_service.default.*
: The backend services created for each of thebackend_params
elements. -
google_compute_health_check.default.*
: Health check resources created for each of the (non global NEG) backend services. -
google_compute_firewall.default-hc
: Firewall rule created for each of the backed services to allow health checks to the instance group.