forked from chainguard-dev/registry-redirect
-
Notifications
You must be signed in to change notification settings - Fork 3
/
new_gclb.tf
103 lines (86 loc) · 3.03 KB
/
new_gclb.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
// Reserve a global static IP address.
resource "google_compute_global_address" "new_global" {
name = "new-address"
}
output "new_global_ip" {
value = google_compute_global_address.new_global.address
}
resource "google_compute_global_forwarding_rule" "new_global" {
name = "new-global"
target = google_compute_target_https_proxy.new_global.id
port_range = "443"
ip_address = google_compute_global_address.new_global.address
}
resource "google_compute_url_map" "new_global" {
name = "new-global"
description = "direct traffic to the backend service"
default_service = google_compute_backend_service.new_global.id
host_rule {
hosts = var.new_domains
path_matcher = "matcher"
}
path_matcher {
name = "matcher"
# Match /v2/ and /token and send to the backend service.
path_rule {
paths = ["/v2", "/v2/*", "/token"]
service = google_compute_backend_service.new_global.id
}
# Match all other path and redirect to the Chainguard Images marketing page.
# See also:
# https://cloud.google.com/load-balancing/docs/https/setting-up-global-traffic-mgmt#configure_a_url_redirect
default_url_redirect {
host_redirect = "chainguard.dev"
https_redirect = false
path_redirect = "/chainguard-images"
redirect_response_code = "TEMPORARY_REDIRECT"
strip_query = true
}
}
test {
service = google_compute_backend_service.new_global.id
host = "cgr.dev"
path = "/v2/chainguard/static/manifests/latest"
}
test {
service = google_compute_backend_service.new_global.id
host = "distroless.dev"
path = "/v2/static/manifests/latest"
}
}
resource "google_compute_target_https_proxy" "new_global" {
name = "new-global"
url_map = google_compute_url_map.new_global.id
certificate_map = "//certificatemanager.googleapis.com/${google_certificate_manager_certificate_map.map.id}"
}
// Create a global backend service with a backend for each regional NEG.
resource "google_compute_backend_service" "new_global" {
name = "new-global"
enable_cdn = true
# Inject some request headers based on detected client information.
# See https://cloud.google.com/load-balancing/docs/https/custom-headers#variables
custom_request_headers = [
"x-client-rtt: {client_rtt_msec}",
"x-client-region: {client_region}",
"x-client-region-subdivision: {client_region_subdivision}",
"x-client-city: {client_city}",
]
# Log a sample of requests which we can query later.
log_config {
enable = true
sample_rate = 0.1
}
// Add a backend for each regional NEG.
dynamic "backend" {
for_each = google_compute_region_network_endpoint_group.neg
content {
group = backend.value["id"]
}
}
}
resource "google_compute_global_forwarding_rule" "new_https_redirect" {
name = "new-https-redirect"
target = google_compute_target_http_proxy.https_redirect.id
port_range = "80"
ip_address = google_compute_global_address.new_global.address
}