Skip to content

GoogleCloudPlatform/terraform-google-regional-lb-http

BranchesTags

Repository files navigation

Regional HTTP Load Balancer Terraform Module

Modular Regional HTTP Load Balancer for GCE using forwarding rules.

  • If you would like to allow for backend groups to be managed outside Terraform, such as via GKE services, see the backends submodule.
  • If you would like to use regional load balancing with serverless backends (Cloud Run, Cloud Functions or App Engine), see the frontend submodule.

Load Balancer Types

Compatibility

This module is meant for use with Terraform 1.3+ and tested using Terraform 1.3. If you find incompatibilities using Terraform >=1.3, please open an issue. If you haven't upgraded and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is v4.5.0.

Contributing

Refer to the contribution guidelines for information on contributing to this module.

Inputs

Name Description Type Default Required
address Existing IPv4 address to use (the actual IP address value) string null no
affinity_cookie_ttl_sec Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. number null no
certificate Content of the SSL certificate. Requires ssl to be set to true and create_ssl_certificate set to true string null no
connection_draining_timeout_sec Time for which instance will be drained (not accept new connections, but still work to finish started). number null no
create_address Create a new global IPv4 address bool true no
create_ssl_certificate If true, Create certificate using private_key/certificate bool false no
create_url_map Set to false if url_map variable is provided. bool true no
description Description of the backend service. string null no
enable_cdn Enable Cloud CDN for this BackendService. bool false no
firewall_networks Names of the networks to create firewall rules in list(string) 
[
  "default"
]
 no
firewall_projects Names of the projects to create firewall rules in list(string) 
[
  "default"
]
 no
groups The list of backend instance group which serves the traffic. 
list(object({
    group       = string
    description = optional(string)

    balancing_mode               = optional(string)
    capacity_scaler              = optional(number)
    max_connections              = optional(number)
    max_connections_per_instance = optional(number)
    max_connections_per_endpoint = optional(number)
    max_rate                     = optional(number)
    max_rate_per_instance        = optional(number)
    max_rate_per_endpoint        = optional(number)
    max_utilization              = optional(number)
  }))
 [] no
health_check Input for creating HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. 
object({
    host                = optional(string, null)
    request_path        = optional(string, null)
    request             = optional(string, null)
    response            = optional(string, null)
    port                = optional(number, null)
    port_name           = optional(string, null)
    proxy_header        = optional(string, null)
    port_specification  = optional(string, null)
    protocol            = optional(string, null)
    check_interval_sec  = optional(number, 10)
    timeout_sec         = optional(number, 10)
    healthy_threshold   = optional(number, 2)
    unhealthy_threshold = optional(number, 2)
    logging             = optional(bool, true)
  })
 null no
http_forward Set to false to disable HTTP port 80 forward bool true no
http_keep_alive_timeout_sec Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). number null no
http_port The port for the HTTP load balancer number 80 no
https_port The port for the HTTPS load balancer number 443 no
https_redirect Set to true to enable https redirect on the lb. bool false no
labels The labels to attach to resources created by this module map(string) {} no
load_balancing_scheme Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_SELF_MANAGED for traffic director) string "EXTERNAL_MANAGED" no
locality_lb_policy The load balancing algorithm used within the scope of the locality. string null no
managed_ssl_certificate_domains Create Google-managed SSL certificates for specified domains. Requires ssl to be set to true list(string) [] no
name Name for the backend service. string n/a yes
network Network for INTERNAL_SELF_MANAGED load balancing scheme string "default" no
port_name Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL. string "http" no
private_key Content of the private SSL key. Requires ssl to be set to true and create_ssl_certificate set to true string null no
project_id The project to deploy to, if not set the default provider project is used. string n/a yes
protocol The protocol this BackendService uses to communicate with backends. string "HTTP" no
random_certificate_suffix Bool to enable/disable random certificate name generation. Set and keep this to true if you need to change the SSL cert. bool false no
region The region where the load balancer backend service will be created string n/a yes
security_policy Security policy in string. string null no
server_tls_policy The resource URL for the server TLS policy to associate with the https proxy service string null no
serverless_neg_backends The list of serverless backend which serves the traffic. 
list(object({
    region          = string
    type            = string // cloud-run, cloud-function, and app-engine
    service_name    = string
    service_version = optional(string)
    capacity_scaler = optional(number, 1.0)
  }))
 [] no
session_affinity Type of session affinity to use. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY. string null no
ssl Set to true to enable SSL support. If true then at least one of these are required: 1) ssl_certificates OR 2) create_ssl_certificate set to true and private_key/certificate OR 3) managed_ssl_certificate_domains, OR 4) certificate_map bool false no
ssl_certificates SSL cert self_link list. Requires ssl to be set to true list(string) [] no
ssl_policy Selfink to SSL Policy string null no
target_service_accounts List of target service accounts for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. list(string) [] no
target_tags List of target tags for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. list(string) [] no
timeout_sec This has different meaning for different type of load balancing. Please refer https://cloud.google.com/load-balancing/docs/backend-service#timeout-setting number null no
url_map_input List of host, path and backend service for creating url_map 
list(object({
    host            = string
    path            = string
    backend_service = string
  }))
 [] no
url_map_resource_uri The url_map resource to use. Default is to send all traffic to first backend. string null no

Outputs

Name Description
backend_services The region backend service resources.
external_ip The external IPv4 assigned to the fowarding rule.
http_proxy The HTTP proxy used by this module.
https_proxy The HTTPS proxy used by this module.
url_map The default URL map used by this module.

About

Creates a regional HTTP load balancer using forwarding rules

registry.terraform.io/modules/GoogleCloudPlatform/regional-lb-http/google

Topics

cft-terraform

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

14 watching

Forks

2 forks
Report repository

Releases 1

v0.1.0 Latest
Jan 10, 2025

Packages

No packages published

Contributors 6

Languages