-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathload_balancer.tf
83 lines (72 loc) · 2.32 KB
/
load_balancer.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# sets global address name
resource "google_compute_global_address" "default" {
project = local.deployment_project
name = var.application_name
}
# creates google managed ssl certificate for the provided domain.
resource "google_compute_managed_ssl_certificate" "default" {
project = local.deployment_project
name = random_id.certificate.hex
managed {
domains = local.managed_domains
}
lifecycle {
create_before_destroy = true
}
}
# random id generated for ssl name
resource "random_id" "certificate" {
byte_length = 4
prefix = "just-in-time-certificate-"
keepers = {
domains = join(",", local.managed_domains)
}
}
# creates the load balancers backend service.
resource "google_compute_backend_service" "default" {
project = local.deployment_project
name = "${var.application_name}-backend"
protocol = "HTTP"
port_name = "http"
timeout_sec = 30
iap {
oauth2_client_id = google_iap_client.default.client_id
oauth2_client_secret = google_iap_client.default.secret
}
backend {
group = google_compute_region_network_endpoint_group.default.id
}
}
# creates a url map with a single route
resource "google_compute_url_map" "default" {
project = local.deployment_project
name = var.application_name
default_service = google_compute_backend_service.default.id
}
# creates a target https proxy routing to the url map
resource "google_compute_target_https_proxy" "default" {
project = local.deployment_project
name = var.application_name
url_map = google_compute_url_map.default.id
ssl_certificates = [
google_compute_managed_ssl_certificate.default.id
]
}
# forwards traffic to the target https proxy
resource "google_compute_global_forwarding_rule" "default" {
project = local.deployment_project
name = var.application_name
target = google_compute_target_https_proxy.default.id
port_range = "443"
ip_address = google_compute_global_address.default.address
}
# configures the NEG https://cloud.google.com/load-balancing/docs/negs
resource "google_compute_region_network_endpoint_group" "default" {
project = local.deployment_project
name = var.application_name
network_endpoint_type = "SERVERLESS"
region = var.region
cloud_run {
service = var.application_name
}
}