-
Notifications
You must be signed in to change notification settings - Fork 3
/
load-bal.tf
95 lines (78 loc) · 2.95 KB
/
load-bal.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
locals {
with-https = var.lb-scheme != "" && (
var.map-name != "" || var.cert-map-ref != "" || var.create-lb-certs
|| 0 < length(var.lb-cert-refs) )
http-redir = ( 301 == var.http-redir-code ? "MOVED_PERMANENTLY_DEFAULT"
: 302 == var.http-redir-code ? "FOUND"
: 303 == var.http-redir-code ? "SEE_OTHER"
: 307 == var.http-redir-code ? "TEMPORARY_REDIRECT"
: 308 == var.http-redir-code ? "PERMANENT_REDIRECT"
: "ERROR Invalid redirect HTTP status code: ${var.http-redir-code}" )
}
# HTTPS target proxy:
resource "google_compute_target_https_proxy" "https" {
count = local.with-https ? 1 : 0
name = "${var.name-prefix}https"
url_map = local.url-map-id
project = local.project
description = var.description
# labels = var.labels
quic_override = var.quic-override
certificate_map = "" == local.cert-map-id[0] ? null : local.cert-map-id[0]
ssl_certificates = "" != local.cert-map-id[0] ? null : flatten( [
[ for h, c in google_compute_managed_ssl_certificate.c : c.id ],
local.lb-cert-ids,
[ for ref, c in data.google_compute_ssl_certificate.c :
try( 0 < length(c.id), false ) ? c.id
: "ERROR No certificate ${ref} found" ],
] )
# TODO: Add support for ssl_policy set from var.ssl-policy-ref
}
# URL Map to redirect from http:// to https://
resource "google_compute_url_map" "redir" {
count = local.with-https && var.redirect-http ? 1 : 0
name = "${var.name-prefix}redir"
project = local.project
description = var.description
# labels = var.labels
default_url_redirect {
https_redirect = true
redirect_response_code = local.http-redir
strip_query = false
}
lifecycle { create_before_destroy = true }
}
# HTTP target proxy:
resource "google_compute_target_http_proxy" "http" {
count = var.lb-scheme == "" ? 0 : 1
name = "${var.name-prefix}http"
url_map = ( local.with-https && var.redirect-http
? google_compute_url_map.redir[0].id : local.url-map-id )
project = local.project
description = var.description
# labels = var.labels
}
# HTTPS listener:
resource "google_compute_global_forwarding_rule" "f443" {
count = local.with-https ? 1 : 0
name = "${var.name-prefix}f443"
target = google_compute_target_https_proxy.https[0].id
ip_address = local.ip-addr
port_range = "443"
project = local.project
description = var.description
labels = var.labels
load_balancing_scheme = var.lb-scheme
}
# HTTP listener:
resource "google_compute_global_forwarding_rule" "f80" {
count = var.lb-scheme == "" ? 0 : 1
name = "${var.name-prefix}f80"
target = google_compute_target_http_proxy.http[0].id
ip_address = local.ip-addr
port_range = "80"
project = local.project
description = var.description
labels = var.labels
load_balancing_scheme = var.lb-scheme
}