# load_balancer.tf configures Cloud Load Balancer resources for the Cloud Run
# service if var.ingress_style == "load-balancer".
# A network endpoint group for the "webapp" application.
resource "google_compute_region_network_endpoint_group" "webapp" {
count = var.ingress_style == "load-balancer" ? 1 : 0
name = var.name
network_endpoint_type = "SERVERLESS"
region = var.cloud_run_region
cloud_run {
service = google_cloud_run_service.webapp.name
}
provider = google-beta
}
# A load balancer for the "webapp" application. This is just a set of sane
# defaults. See the full documentation at [1] for customisation.
#
# [1] https://registry.terraform.io/modules/GoogleCloudPlatform/lb-http/google/latest/submodules/serverless_negs
module "webapp_http_load_balancer" {
for_each = toset([for neg in google_compute_region_network_endpoint_group.webapp : neg.id])
# The double slash is important(!)
source = "GoogleCloudPlatform/lb-http/google//modules/serverless_negs"
version = "~> 5.0"
project = var.project
name = var.name
ssl = true
https_redirect = true
# Use custom TLS certs if var.use_ssl_certificates is true, otherwise, use the Google-managed certs.
use_ssl_certificates = var.use_ssl_certificates
ssl_certificates = var.ssl_certificates
managed_ssl_certificate_domains = local.dns_names
# Whether to create an IPv6 address to the load balancer.
enable_ipv6 = var.enable_ipv6
create_ipv6_address = var.create_ipv6_address
backends = {
default = {
description = null
enable_cdn = false
custom_request_headers = null
security_policy = null
log_config = {
enable = true
sample_rate = 1.0
}
groups = [
{
group = each.key
}
]
# Currently Cloud IAP is not supported for Cloud Run endpoints. We still
# need to specify that we don't want to use it though :).
iap_config = {
enable = false
oauth2_client_id = null
oauth2_client_secret = null
}
}
}
}