diff --git a/modules/net-lb-app-ext/README.md b/modules/net-lb-app-ext/README.md index 159d4c9f58..f404f105e1 100644 --- a/modules/net-lb-app-ext/README.md +++ b/modules/net-lb-app-ext/README.md @@ -12,6 +12,7 @@ Due to the complexity of the underlying resources, changes to the configuration - [Minimal HTTPS examples](#minimal-https-examples) - [HTTP backends](#http-backends) - [HTTPS backends](#https-backends) + - [HTTP to HTTPS redirect](#http-to-https-redirect) - [Classic vs Non-classic](#classic-vs-non-classic) - [Health Checks](#health-checks) - [Backend Types and Management](#backend-types-and-management) @@ -32,7 +33,6 @@ Due to the complexity of the underlying resources, changes to the configuration - [Outputs](#outputs) - ### Minimal HTTP Example An HTTP load balancer with a backend service pointing to a GCE instance group: @@ -123,6 +123,63 @@ module "glb-0" { # tftest modules=1 resources=6 ``` +#### HTTP to HTTPS redirect + +Redirect is implemented via an additional HTTP load balancer with a custom URL map, similarly to how it's done via the GCP Console. The address shared by the two load balancers needs to be reserved. + +```hcl +module "addresses" { + source = "./fabric/modules/net-address" + project_id = "myprj" + global_addresses = ["glb-test-0"] +} + +module "glb-test-0-redirect" { + source = "./fabric/modules/net-lb-app-ext" + project_id = "myprj" + name = "glb-test-0-redirect" + address = ( + module.addresses.global_addresses["glb-test-0"].address + ) + health_check_configs = {} + urlmap_config = { + description = "URL redirect for glb-test-0." + default_url_redirect = { + https = true + response_code = "MOVED_PERMANENTLY_DEFAULT" + } + } +} + +module "glb-test-0" { + source = "./fabric/modules/net-lb-app-ext" + project_id = "myprj" + name = "glb-test-0" + use_classic_version = false + address = ( + module.addresses.global_addresses["glb-test-0"].address + ) + backend_service_configs = { + default = { + backends = [ + { backend = "projects/myprj/zones/europe-west8-b/instanceGroups/myig-b" }, + ] + protocol = "HTTP" + } + } + protocol = "HTTPS" + ssl_certificates = { + managed_configs = { + default = { + domains = ["glb-test.example.com"] + } + } + } +} + +# tftest modules=3 resources=10 +``` + ### Classic vs Non-classic The module uses a classic Global Load Balancer by default. To use the non-classic version set the `use_classic_version` variable to `false` as in the following example, note that the module is not enforcing feature sets between the two versions: @@ -782,7 +839,6 @@ module "glb-0" { - ## Files | name | description | resources | @@ -819,7 +875,7 @@ module "glb-0" { | [ports](variables.tf#L187) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | list(string) | | null | | [protocol](variables.tf#L198) | Protocol supported by this load balancer. | string | | "HTTP" | | [ssl_certificates](variables.tf#L211) | SSL target proxy certificates (only if protocol is HTTPS) for existing, custom, and managed certificates. | object({…}) | | {} | -| [urlmap_config](variables-urlmap.tf#L19) | The URL map configuration. | object({…}) | | {…} | +| [urlmap_config](variables-urlmap.tf#L19) | The URL map configuration. | object({…}) | | {…} | | [use_classic_version](variables.tf#L228) | Use classic Global Load Balancer. | bool | | true | ## Outputs @@ -834,5 +890,4 @@ module "glb-0" { | [health_check_ids](outputs.tf#L48) | Autogenerated health check ids. | | | [id](outputs.tf#L55) | Fully qualified forwarding rule id. | | | [neg_ids](outputs.tf#L60) | Autogenerated network endpoint group ids. | | - diff --git a/modules/net-lb-app-ext/variables-urlmap.tf b/modules/net-lb-app-ext/variables-urlmap.tf index e4b72dfec4..8cf7d7ec2e 100644 --- a/modules/net-lb-app-ext/variables-urlmap.tf +++ b/modules/net-lb-app-ext/variables-urlmap.tf @@ -83,7 +83,7 @@ variable "urlmap_config" { path = optional(string) prefix = optional(string) response_code = optional(string) - strip_query = optional(bool) + strip_query = optional(bool, false) })) header_action = optional(object({ request_add = optional(map(object({