Modular Internal Load Balancer for GCE using forwarding rules.
- TCP load balancer
- HTTP/S load balancer
- Internal load balancer
This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue. If you haven't upgraded and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is v2.3.0.
The current version is 2.X. The following guides are available to assist with upgrades:
module "gce-ilb" {
source = "GoogleCloudPlatform/lb-internal/google"
version = "~> 2.0"
region = var.region
name = "group2-ilb"
ports = ["80"]
health_check = var.health_check
source_tags = ["allow-group1"]
target_tags = ["allow-group2", "allow-group3"]
backends = [
{ group = module.mig2.instance_group, description = "", failover = false },
{ group = module.mig3.instance_group, description = "", failover = false },
]
}
Name | Description | Type | Default | Required |
---|---|---|---|---|
all_ports | Boolean for all_ports setting on forwarding rule. | bool |
null |
no |
backends | List of backends, should be a map of key-value pairs for each backend, must have the 'group' key. | list(any) |
n/a | yes |
connection_draining_timeout_sec | Time for which instance will be drained | number |
null |
no |
create_backend_firewall | Controls if firewall rules for the backends will be created or not. Health-check firewall rules are controlled separately. | bool |
true |
no |
create_health_check_firewall | Controls if firewall rules for the health check will be created or not. If this rule is not present backend healthcheck will fail. | bool |
true |
no |
firewall_enable_logging | Controls if firewall rules that are created are to have logging configured. This will be ignored for firewall rules that are not created. | bool |
false |
no |
global_access | Allow all regions on the same VPC network access. | bool |
false |
no |
health_check | Health check to determine whether instances are responsive and able to do work | object({ |
n/a | yes |
ip_address | IP address of the internal load balancer, if empty one will be assigned. Default is empty. | string |
null |
no |
ip_protocol | The IP protocol for the backend and frontend forwarding rule. TCP or UDP. | string |
"TCP" |
no |
labels | The labels to attach to resources created by this module. | map(string) |
{} |
no |
name | Name for the forwarding rule and prefix for supporting resources. | string |
n/a | yes |
network | Name of the network to create resources in. | string |
"default" |
no |
network_project | Name of the project for the network. Useful for shared VPC. Default is var.project. | string |
"" |
no |
ports | List of ports range to forward to backend services. Max is 5. | list(string) |
n/a | yes |
project | The project to deploy to, if not set the default provider project is used. | string |
"" |
no |
region | Region for cloud resources. | string |
"us-central1" |
no |
service_label | Service label is used to create internal DNS name | string |
null |
no |
session_affinity | The session affinity for the backends example: NONE, CLIENT_IP. Default is NONE . |
string |
"NONE" |
no |
source_ip_ranges | List of source ip ranges for traffic between the internal load balancer. | list(string) |
null |
no |
source_service_accounts | List of source service accounts for traffic between the internal load balancer. | list(string) |
null |
no |
source_tags | List of source tags for traffic between the internal load balancer. | list(string) |
n/a | yes |
subnetwork | Name of the subnetwork to create resources in. | string |
"default" |
no |
target_service_accounts | List of target service accounts for traffic between the internal load balancer. | list(string) |
null |
no |
target_tags | List of target tags for traffic between the internal load balancer. | list(string) |
n/a | yes |
Name | Description |
---|---|
forwarding_rule | The forwarding rule self_link. |
forwarding_rule_id | The forwarding rule id. |
ip_address | The internal IP assigned to the regional forwarding rule. |
google_compute_forwarding_rule.default
: The internal regional forwarding rule.google_compute_region_backend_service.default
: The backend service registered to the giveninstance_group
.google_compute_health_check.tcp
: The TCP health check for theinstance_group
targets.google_compute_health_check.http
: The HTTP health check for theinstance_group
targets.google_compute_health_check.https
: The HTTPS health check for theinstance_group
targets.google_compute_firewall.default-ilb-fw
: Firewall rule that allows traffic from thesource_tags
resources totarget_tags
on theservice_port
.google_compute_firewall.default-hc
: Firewall rule that allows traffic for health checks to thetarget_tags
resources.