[GoogleCloudPlatform#1764] net-lb-int: add support for dual stack and…

… multiple forwarding rules
wiktorn · Oct 17, 2023 · 6c48512 · 6c48512
1 parent 29a6b9e
commit 6c48512
Show file tree

Hide file tree

Showing 23 changed files with 240 additions and 103 deletions.
diff --git a/blueprints/data-solutions/sqlserver-alwayson/README.md b/blueprints/data-solutions/sqlserver-alwayson/README.md
@@ -18,7 +18,6 @@ and to `C:\GcpSetupLog.txt` file.
 
 <!-- TFDOC OPTS files:1 -->
 <!-- BEGIN TFDOC -->
-
 ## Files
 
 | name | description | modules |
@@ -66,10 +65,8 @@ and to `C:\GcpSetupLog.txt` file.
 
 | name | description | sensitive |
 |---|---|:---:|
-| [instructions](outputs.tf#L19) | List of steps to follow after applying. |  |
-
+| [instructions](outputs.tf#L22) | List of steps to follow after applying. |  |
 <!-- END TFDOC -->
-
 ## Test
 
 ```hcl

diff --git a/blueprints/data-solutions/sqlserver-alwayson/outputs.tf b/blueprints/data-solutions/sqlserver-alwayson/outputs.tf
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,7 +13,10 @@
 # limitations under the License.
 
 locals {
-  loadbalancer_outputs = [for aog in var.always_on_groups : format("%s (%s)", module.listener-ilb[aog].forwarding_rule_address, aog)]
+  loadbalancer_outputs = [
+    for aog, ilb in module.listener-ilb
+    : format("%s (%s)", ilb.forwarding_rule_addresses[""], aog)
+  ]
 }
 
 output "instructions" {

diff --git a/blueprints/data-solutions/sqlserver-alwayson/vpc.tf b/blueprints/data-solutions/sqlserver-alwayson/vpc.tf
@@ -141,7 +141,11 @@ module "listener-ilb" {
   region        = var.region
   name          = "${var.prefix}-${each.value}-ilb"
   service_label = "${var.prefix}-${each.value}-ilb"
-  address       = local.internal_address_ips["${var.prefix}-lb-${each.value}"]
+  forwarding_rules_config = {
+    "" = {
+      address = local.internal_address_ips["${var.prefix}-lb-${each.value}"]
+    }
+  }
   vpc_config = {
     network    = local.network
     subnetwork = local.subnetwork

diff --git a/blueprints/networking/filtering-proxy-psc/main.tf b/blueprints/networking/filtering-proxy-psc/main.tf
@@ -106,7 +106,7 @@ resource "google_compute_service_attachment" "service_attachment" {
   enable_proxy_protocol = true
   connection_preference = "ACCEPT_MANUAL"
   nat_subnets           = [module.vpc.subnets_psc["${var.region}/psc"].self_link]
-  target_service        = module.squid-ilb.forwarding_rule_self_link
+  target_service        = module.squid-ilb.forwarding_rule_self_links[""]
   consumer_accept_lists {
     project_id_or_num = module.project.project_id
     connection_limit  = 10
@@ -206,8 +206,12 @@ module "squid-ilb" {
   project_id    = module.project.project_id
   region        = var.region
   name          = "squid-ilb"
-  ports         = [3128]
   service_label = "squid-ilb"
+  forwarding_rules_config = {
+    "" = {
+      ports = [3128]
+    }
+  }
   vpc_config = {
     network    = module.vpc.self_link
     subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]

diff --git a/blueprints/networking/filtering-proxy/main.tf b/blueprints/networking/filtering-proxy/main.tf
@@ -17,7 +17,7 @@
 locals {
   squid_address = (
     var.mig
-    ? module.squid-ilb.0.forwarding_rule_address
+    ? module.squid-ilb.0.forwarding_rule_addresses[""]
     : module.squid-vm.internal_ip
   )
 }
@@ -210,8 +210,12 @@ module "squid-ilb" {
   project_id    = module.project-host.project_id
   region        = var.region
   name          = "squid-ilb"
-  ports         = [3128]
   service_label = "squid-ilb"
+  forwarding_rules_config = {
+    "" = {
+      ports = [3128]
+    }
+  }
   vpc_config = {
     network    = module.vpc.self_link
     subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]

diff --git a/blueprints/networking/glb-hybrid-neg-internal/glb.tf b/blueprints/networking/glb-hybrid-neg-internal/glb.tf
@@ -44,7 +44,7 @@ module "hybrid-glb" {
         endpoints = {
           primary = {
             ip_address = (var.ilb_create
-              ? module.test_vm_ilbs["primary"].forwarding_rule_address
+              ? module.test_vm_ilbs["primary"].forwarding_rule_addresses[""]
               : module.test_vms["primary"].internal_ip
             )
             port = 80
@@ -59,7 +59,7 @@ module "hybrid-glb" {
         endpoints = {
           secondary = {
             ip_address = (var.ilb_create
-              ? module.test_vm_ilbs["secondary"].forwarding_rule_address
+              ? module.test_vm_ilbs["secondary"].forwarding_rule_addresses[""]
               : module.test_vms["secondary"].internal_ip
             )
             port = 80

diff --git a/blueprints/networking/glb-hybrid-neg-internal/main.tf b/blueprints/networking/glb-hybrid-neg-internal/main.tf
@@ -53,12 +53,12 @@ module "vpc_landing_untrusted" {
     spoke1-primary = {
       dest_range    = var.ip_config.spoke_primary
       next_hop_type = "ilb"
-      next_hop      = module.nva_untrusted_ilbs["primary"].forwarding_rule_self_link
+      next_hop      = module.nva_untrusted_ilbs["primary"].forwarding_rule_self_links[""]
     }
     spoke1-secondary = {
       dest_range    = var.ip_config.spoke_secondary
       next_hop_type = "ilb"
-      next_hop      = module.nva_untrusted_ilbs["secondary"].forwarding_rule_self_link
+      next_hop      = module.nva_untrusted_ilbs["secondary"].forwarding_rule_self_links[""]
     }
   }
 

diff --git a/blueprints/networking/ilb-next-hop/gateways.tf b/blueprints/networking/ilb-next-hop/gateways.tf
@@ -67,7 +67,11 @@ module "ilb-left" {
     network    = module.vpc-left.self_link
     subnetwork = values(module.vpc-left.subnet_self_links)[0]
   }
-  address = local.addresses.ilb-left
+  forwarding_rules_config = {
+    "" = {
+      address = local.addresses.ilb-left
+    }
+  }
   backend_service_config = {
     session_affinity = var.ilb_session_affinity
   }
@@ -91,7 +95,11 @@ module "ilb-right" {
     network    = module.vpc-right.self_link
     subnetwork = values(module.vpc-right.subnet_self_links)[0]
   }
-  address = local.addresses.ilb-right
+  forwarding_rules_config = {
+    "" = {
+      address = local.addresses.ilb-right
+    }
+  }
   backend_service_config = {
     session_affinity = var.ilb_session_affinity
   }

diff --git a/blueprints/networking/ilb-next-hop/outputs.tf b/blueprints/networking/ilb-next-hop/outputs.tf
@@ -18,8 +18,8 @@ output "addresses" {
   description = "IP addresses."
   value = {
     gw        = [for z, mod in module.gw : mod.internal_ip]
-    ilb-left  = module.ilb-left.forwarding_rule_address
-    ilb-right = module.ilb-right.forwarding_rule_address
+    ilb-left  = module.ilb-left.forwarding_rule_addresses[""]
+    ilb-right = module.ilb-right.forwarding_rule_addresses[""]
     vm-left   = [for z, mod in module.vm-left : mod.internal_ip]
     vm-right  = [for z, mod in module.vm-right : mod.internal_ip]
   }

diff --git a/blueprints/networking/ilb-next-hop/vpc-left.tf b/blueprints/networking/ilb-next-hop/vpc-left.tf
@@ -29,7 +29,7 @@ module "vpc-left" {
     to-right = {
       dest_range    = var.ip_ranges.right
       next_hop_type = "ilb"
-      next_hop      = module.ilb-left.forwarding_rule.self_link
+      next_hop      = module.ilb-left.forwarding_rule_self_links[""]
     }
   }
 }

diff --git a/blueprints/networking/ilb-next-hop/vpc-right.tf b/blueprints/networking/ilb-next-hop/vpc-right.tf
@@ -30,7 +30,7 @@ module "vpc-right" {
       dest_range    = var.ip_ranges.left
       priority      = var.ilb_right_enable ? 900 : 1100
       next_hop_type = "ilb"
-      next_hop      = module.ilb-right.forwarding_rule.self_link
+      next_hop      = module.ilb-right.forwarding_rule_self_links[""]
     }
     to-left-gw-1 = {
       dest_range    = var.ip_ranges.left

diff --git a/fast/stages/2-networking-c-nva/nva.tf b/fast/stages/2-networking-c-nva/nva.tf
@@ -129,7 +129,11 @@ module "ilb-nva-untrusted" {
   region        = each.value.region
   name          = "nva-untrusted-${each.key}"
   service_label = var.prefix
-  global_access = true
+  forwarding_rules_config = {
+    "" = {
+      global_access = true
+    }
+  }
   vpc_config = {
     network    = module.landing-untrusted-vpc.self_link
     subnetwork = module.landing-untrusted-vpc.subnet_self_links[each.value.subnet]
@@ -160,7 +164,11 @@ module "ilb-nva-trusted" {
   region        = each.value.region
   name          = "nva-trusted-${each.key}"
   service_label = var.prefix
-  global_access = true
+  forwarding_rules_config = {
+    "" = {
+      global_access = true
+    }
+  }
   vpc_config = {
     network    = module.landing-trusted-vpc.self_link
     subnetwork = module.landing-trusted-vpc.subnet_self_links[each.value.subnet]

diff --git a/fast/stages/2-networking-c-nva/spoke-dev.tf b/fast/stages/2-networking-c-nva/spoke-dev.tf
@@ -65,28 +65,28 @@ module "dev-spoke-vpc" {
       priority      = 1000
       tags          = ["primary"]
       next_hop_type = "ilb"
-      next_hop      = module.ilb-nva-trusted["primary"].forwarding_rule_address
+      next_hop      = module.ilb-nva-trusted["primary"].forwarding_rule_addresses[""]
     }
     nva-secondary-to-secondary = {
       dest_range    = "0.0.0.0/0"
       priority      = 1000
       tags          = ["secondary"]
       next_hop_type = "ilb"
-      next_hop      = module.ilb-nva-trusted["secondary"].forwarding_rule_address
+      next_hop      = module.ilb-nva-trusted["secondary"].forwarding_rule_addresses[""]
     }
     nva-primary-to-secondary = {
       dest_range    = "0.0.0.0/0"
       priority      = 1001
       tags          = ["primary"]
       next_hop_type = "ilb"
-      next_hop      = module.ilb-nva-trusted["primary"].forwarding_rule_address
+      next_hop      = module.ilb-nva-trusted["primary"].forwarding_rule_addresses[""]
     }
     nva-secondary-to-primary = {
       dest_range    = "0.0.0.0/0"
       priority      = 1001
       tags          = ["secondary"]
       next_hop_type = "ilb"
-      next_hop      = module.ilb-nva-trusted["secondary"].forwarding_rule_address
+      next_hop      = module.ilb-nva-trusted["secondary"].forwarding_rule_addresses[""]
     }
   }
 }

diff --git a/fast/stages/2-networking-c-nva/spoke-prod.tf b/fast/stages/2-networking-c-nva/spoke-prod.tf
@@ -64,28 +64,28 @@ module "prod-spoke-vpc" {
       priority      = 1000
       tags          = ["primary"]
       next_hop_type = "ilb"
-      next_hop      = module.ilb-nva-trusted["primary"].forwarding_rule_address
+      next_hop      = module.ilb-nva-trusted["primary"].forwarding_rule_addresses[""]
     }
     nva-secondary-to-secondary = {
       dest_range    = "0.0.0.0/0"
       priority      = 1000
       tags          = ["secondary"]
       next_hop_type = "ilb"
-      next_hop      = module.ilb-nva-trusted["secondary"].forwarding_rule_address
+      next_hop      = module.ilb-nva-trusted["secondary"].forwarding_rule_addresses[""]
     }
     nva-primary-to-secondary = {
       dest_range    = "0.0.0.0/0"
       priority      = 1001
       tags          = ["primary"]
       next_hop_type = "ilb"
-      next_hop      = module.ilb-nva-trusted["secondary"].forwarding_rule_address
+      next_hop      = module.ilb-nva-trusted["secondary"].forwarding_rule_addresses[""]
     }
     nva-secondary-to-primary = {
       dest_range    = "0.0.0.0/0"
       priority      = 1001
       tags          = ["secondary"]
       next_hop_type = "ilb"
-      next_hop      = module.ilb-nva-trusted["primary"].forwarding_rule_address
+      next_hop      = module.ilb-nva-trusted["primary"].forwarding_rule_addresses[""]
     }
   }
 }