From f3e63deaa779b41d074ca92aa7a37372abdc2014 Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Fri, 29 Sep 2023 14:52:57 +0200 Subject: [PATCH 1/3] [#1713] Support multiple protocols (L3_DEFAULT) through net-ilb-in --- modules/net-lb-int/README.md | 66 +++++++++++++++++++++++++-------- modules/net-lb-int/main.tf | 4 +- modules/net-lb-int/variables.tf | 3 +- 3 files changed, 55 insertions(+), 18 deletions(-) diff --git a/modules/net-lb-int/README.md b/modules/net-lb-int/README.md index c5773883c8..59461b635f 100644 --- a/modules/net-lb-int/README.md +++ b/modules/net-lb-int/README.md @@ -14,6 +14,7 @@ One other issue is a `Provider produced inconsistent final plan` error which is - [Referencing existing MIGs](#referencing-existing-migs) - [Externally managed instances](#externally-managed-instances) +- [Passing multiple protocols through the load balancers](#passing-multiple-protocols-through-the-load-balancers) - [End to end example](#end-to-end-example) ### Referencing existing MIGs @@ -108,6 +109,41 @@ module "ilb" { # tftest modules=1 resources=4 ``` +### Passing multiple protocols through the load balancers + +The example shows how to send multiple protocols through the same internal network passthrough load balancer. + +```hcl +module "ilb" { + source = "./fabric/modules/net-lb-int" + project_id = var.project_id + region = "europe-west1" + name = "ilb-test" + protocol = "L3_DEFAULT" + service_label = "ilb-test" + vpc_config = { + network = var.vpc.self_link + subnetwork = var.subnet.self_link + } + group_configs = { + my-group = { + zone = "europe-west1-b" + instances = [ + "instance-1-self-link", + "instance-2-self-link" + ] + } + } + backend_service_config = { + protocol = "UNSPECIFIED" + } + backends = [{ + group = module.ilb.groups.my-group.self_link + }] +} +# tftest modules=1 resources=4 +``` + ### End to end example This example spins up a simple HTTP server and combines four modules: @@ -179,22 +215,22 @@ module "ilb" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L188) | Name used for all resources. | string | ✓ | | -| [project_id](variables.tf#L199) | Project id where resources will be created. | string | ✓ | | -| [region](variables.tf#L210) | GCP region. | string | ✓ | | -| [vpc_config](variables.tf#L221) | VPC-level configuration. | object({…}) | ✓ | | +| [name](variables.tf#L189) | Name used for all resources. | string | ✓ | | +| [project_id](variables.tf#L200) | Project id where resources will be created. | string | ✓ | | +| [region](variables.tf#L211) | GCP region. | string | ✓ | | +| [vpc_config](variables.tf#L222) | VPC-level configuration. | object({…}) | ✓ | | | [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | string | | null | -| [backend_service_config](variables.tf#L23) | Backend service level configuration. | object({…}) | | {} | -| [backends](variables.tf#L56) | Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'. | list(object({…})) | | [] | -| [description](variables.tf#L75) | Optional description used for resources. | string | | "Terraform managed." | -| [global_access](variables.tf#L81) | Global access, defaults to false if not set. | bool | | null | -| [group_configs](variables.tf#L87) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | map(object({…})) | | {} | -| [health_check](variables.tf#L99) | Name of existing health check to use, disables auto-created health check. | string | | null | -| [health_check_config](variables.tf#L105) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} | -| [labels](variables.tf#L182) | Labels set on resources. | map(string) | | {} | -| [ports](variables.tf#L193) | Comma-separated ports, leave null to use all ports. | list(string) | | null | -| [protocol](variables.tf#L204) | IP protocol used, defaults to TCP. | string | | "TCP" | -| [service_label](variables.tf#L215) | Optional prefix of the fully qualified forwarding rule name. | string | | null | +| [backend_service_config](variables.tf#L23) | Backend service level configuration. | object({…}) | | {} | +| [backends](variables.tf#L57) | Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'. | list(object({…})) | | [] | +| [description](variables.tf#L76) | Optional description used for resources. | string | | "Terraform managed." | +| [global_access](variables.tf#L82) | Global access, defaults to false if not set. | bool | | null | +| [group_configs](variables.tf#L88) | Optional unmanaged groups to create. Can be referenced in backends via outputs. | map(object({…})) | | {} | +| [health_check](variables.tf#L100) | Name of existing health check to use, disables auto-created health check. | string | | null | +| [health_check_config](variables.tf#L106) | Optional auto-created health check configuration, use the output self-link to set it in the auto healing policy. Refer to examples for usage. | object({…}) | | {…} | +| [labels](variables.tf#L183) | Labels set on resources. | map(string) | | {} | +| [ports](variables.tf#L194) | Comma-separated ports, leave null to use all ports. | list(string) | | null | +| [protocol](variables.tf#L205) | Forwarding rule protocol used, defaults to TCP. | string | | "TCP" | +| [service_label](variables.tf#L216) | Optional prefix of the fully qualified forwarding rule name. | string | | null | ## Outputs diff --git a/modules/net-lb-int/main.tf b/modules/net-lb-int/main.tf index 698293a57f..eccb536ef4 100644 --- a/modules/net-lb-int/main.tf +++ b/modules/net-lb-int/main.tf @@ -32,7 +32,7 @@ resource "google_compute_forwarding_rule" "default" { name = var.name description = var.description ip_address = var.address - ip_protocol = var.protocol # TCP | UDP + ip_protocol = var.protocol backend_service = ( google_compute_region_backend_service.default.self_link ) @@ -54,7 +54,7 @@ resource "google_compute_region_backend_service" "default" { name = var.name description = var.description load_balancing_scheme = "INTERNAL" - protocol = var.protocol + protocol = var.backend_service_config.protocol network = var.vpc_config.network health_checks = [local.health_check] connection_draining_timeout_sec = var.backend_service_config.connection_draining_timeout_sec diff --git a/modules/net-lb-int/variables.tf b/modules/net-lb-int/variables.tf index 9e90c1db35..26af7f3024 100644 --- a/modules/net-lb-int/variables.tf +++ b/modules/net-lb-int/variables.tf @@ -36,6 +36,7 @@ variable "backend_service_config" { ratio = optional(number) })) log_sample_rate = optional(number) + protocol = optional(string, "TCP") session_affinity = optional(string) timeout_sec = optional(number) }) @@ -202,7 +203,7 @@ variable "project_id" { } variable "protocol" { - description = "IP protocol used, defaults to TCP." + description = "Forwarding rule protocol used, defaults to TCP." type = string default = "TCP" } From 6b1c9c3afbcfe456f4e37e5ee39a68e6912a8b8e Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Fri, 29 Sep 2023 15:14:43 +0200 Subject: [PATCH 2/3] Use UNSPECIFIED as the default bs protocol --- modules/net-lb-int/README.md | 5 +---- modules/net-lb-int/variables.tf | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/modules/net-lb-int/README.md b/modules/net-lb-int/README.md index 59461b635f..02c4fbc847 100644 --- a/modules/net-lb-int/README.md +++ b/modules/net-lb-int/README.md @@ -134,9 +134,6 @@ module "ilb" { ] } } - backend_service_config = { - protocol = "UNSPECIFIED" - } backends = [{ group = module.ilb.groups.my-group.self_link }] @@ -220,7 +217,7 @@ module "ilb" { | [region](variables.tf#L211) | GCP region. | string | ✓ | | | [vpc_config](variables.tf#L222) | VPC-level configuration. | object({…}) | ✓ | | | [address](variables.tf#L17) | Optional IP address used for the forwarding rule. | string | | null | -| [backend_service_config](variables.tf#L23) | Backend service level configuration. | object({…}) | | {} | +| [backend_service_config](variables.tf#L23) | Backend service level configuration. | object({…}) | | {} | | [backends](variables.tf#L57) | Load balancer backends, balancing mode is one of 'CONNECTION' or 'UTILIZATION'. | list(object({…})) | | [] | | [description](variables.tf#L76) | Optional description used for resources. | string | | "Terraform managed." | | [global_access](variables.tf#L82) | Global access, defaults to false if not set. | bool | | null | diff --git a/modules/net-lb-int/variables.tf b/modules/net-lb-int/variables.tf index 26af7f3024..d10f6dbd70 100644 --- a/modules/net-lb-int/variables.tf +++ b/modules/net-lb-int/variables.tf @@ -36,7 +36,7 @@ variable "backend_service_config" { ratio = optional(number) })) log_sample_rate = optional(number) - protocol = optional(string, "TCP") + protocol = optional(string, "UNSPECIFIED") session_affinity = optional(string) timeout_sec = optional(number) }) From c3a1be989c62721412eeb5bf044499917c0fcfce Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Fri, 29 Sep 2023 15:39:17 +0200 Subject: [PATCH 3/3] Fixing module tests --- tests/modules/net_lb_int/defaults.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/modules/net_lb_int/defaults.yaml b/tests/modules/net_lb_int/defaults.yaml index f66ea2a888..dcbc12d043 100644 --- a/tests/modules/net_lb_int/defaults.yaml +++ b/tests/modules/net_lb_int/defaults.yaml @@ -54,7 +54,7 @@ values: name: ilb-test network: default project: my-project - protocol: TCP + protocol: UNSPECIFIED region: europe-west1 counts: