lb
AckeeCZ/lb/gcp
GCP
Terraform module for provisioning of GCP LB on top of precreated named NEG passed as parameter to this module.
Terraform GCP HTTP(S) Load Balancing Terraform module for provisioning of GCP LB on top of precreated named NEGs, Cloud Run services and GCS buckets passed as parameter to this module. Usage HTTPS Load-balancer with self-signed certificate and Cloudflare DNS record creation: ``hcl data "cloudflare_zones" "ackee_cz" { filter { name = "ackee.cz" } } resource "google_storage_bucket" "test" { name = "test-randompostfix-98582341" location = var.region storage_class = "STANDARD" uniform_bucket_level_access = true website { main_page_suffix = "index.html" } } module "api_unicorn" { source = "git::ssh://[email protected]/Infra/tf-module/terraform-gcp-lb.git?ref=master" name = "main-${var.project}-${var.namespace}" project = var.project region = var.region self_signed_tls = true services = [ { type
| Name | Type | Description | Default |
|---|---|---|---|
| region | string | GCP region where we will look for NEGs | |
| services | list(object({ name | List of services: cloudrun, neg, bucket, ... to be used in the map Use | |
| url_map | map(object({ hostnames | Url map setup | |
| project | string | Project ID | |
| iap_setup | map(object({ oauth2_client | Service setup for IAP, overwrites default_iap_setup if used | {} |
| non_tls_global_forwarding_rule_name | string | Global non tls forwarding rule name, if set, changes name of non-tls forwarding | "" |
| logging_sink_bucket_retency | number | Number of days after which log files are deleted from bucket | 730 |
| zone | string | GCP zone where we will look for NEGs - optional parameter, if not set, the we wi | null |
| name | string | Instance name | "default_value" |
| self_signed_tls | bool | If true, creates self-signed TLS cert | false |
| managed_certificate_name | string | Name of Google-managed certificate. Useful when migrating from Ingress-provision | null |
| timeout_sec | number | How long (in seconds) to wait before claiming failure. The default value is 5 se | 5 |
| health_check_request_path | string | Health checked path (URN) | "/healthz" |
| log_config_sample_rate | string | The value of the field must be in [0, 1]. This configures the sampling rate of r | "1.0" |
| keys_valid_period | number | Validation period of the self signed key | 29200 |
| unhealthy_threshold | number | A so-far healthy instance will be marked unhealthy after this many consecutive f | 2 |
| custom_health_check_ports | list(string) | Custom ports for GCE health checks, not needed unless your services are not in 3 | [] |
| private_key | string | The write-only private key in PEM format. Note: This property is sensitive and w | null |
| custom_target_https_proxy_name | string | Custom name for HTTPS proxy name used. | "" |
| google_managed_tls | bool | If true, creates Google-managed TLS cert | false |
| http_backend_timeout | string | Time of http request timeout (in seconds) | "30" |
| dont_use_dns_names_in_certificate | bool | Due to backward compatibility, TLS setup can omit setup of dns_names in self sig | false |
| custom_target_http_proxy_name | string | Custom name for HTTP proxy name used instead of non-tls-proxy- | "" |
| allow_non_tls_frontend | string | If true, enables port 80 frontend - creates non-TLS (http://) variant of LB | false |
ip_address — IP address GCP