FAQ | This is a LIVE service | Changelog

Skip to content
Snippets Groups Projects
Normal view Permalink
load_balancer.tf 2.14 KiB
Newer Older
Wajdi Hajji's avatar
Added LB config
Wajdi Hajji committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 
# load_balancer.tf configures Cloud Load Balancer resources for the Cloud Run
# service if var.ingress_style == "load-balancer".

# A network endpoint group for the "webapp" application.
resource "google_compute_region_network_endpoint_group" "webapp" {
  count = var.ingress_style == "load-balancer" ? 1 : 0

  name                  = var.name
  network_endpoint_type = "SERVERLESS"
  region                = var.cloud_run_region
  cloud_run {
    service = google_cloud_run_service.webapp.name
  }

  provider = google-beta
}

# A load balancer for the "webapp" application. This is just a set of sane
# defaults. See the full documentation at [1] for customisation.
#
# [1] https://registry.terraform.io/modules/GoogleCloudPlatform/lb-http/google/latest/submodules/serverless_negs
module "webapp_http_load_balancer" {
  for_each = toset([for neg in google_compute_region_network_endpoint_group.webapp : neg.id])

  # The double slash is important(!)
  source  = "GoogleCloudPlatform/lb-http/google//modules/serverless_negs"
  version = "~> 5.0"

  project = var.project
  name    = var.name

  ssl            = true
  https_redirect = true

  # Use custom TLS certs if var.use_ssl_certificates is true, otherwise, use the Google-managed certs.
  use_ssl_certificates            = var.use_ssl_certificates
  ssl_certificates                = var.ssl_certificates
  managed_ssl_certificate_domains = local.dns_names

  # Whether to create an IPv6 address to the load balancer.
  enable_ipv6         = var.enable_ipv6
  create_ipv6_address = var.create_ipv6_address

  backends = {
    default = {
      description            = null
      enable_cdn             = false
      custom_request_headers = null
      security_policy        = null

      log_config = {
        enable      = true
        sample_rate = 1.0
      }

      groups = [
        {
          group = each.key
        }
      ]

      # Currently Cloud IAP is not supported for Cloud Run endpoints. We still
      # need to specify that we don't want to use it though :).
      iap_config = {
        enable               = false
        oauth2_client_id     = null
        oauth2_client_secret = null
      }
    }
  }
}