From 244626a6eb021a4a645bff8eb66c24751ad2cd5d Mon Sep 17 00:00:00 2001 From: The Magician Date: Thu, 16 Sep 2021 19:00:16 -0500 Subject: [PATCH] Added end-to-end external HTTP LB example with custom headers (#5183) (#3626) Co-authored-by: Scott Suarez Signed-off-by: Modular Magician Co-authored-by: Scott Suarez --- .changelog/5183.txt | 2 + ...e_global_forwarding_rule_generated_test.go | 178 ++++++++++++++++++ ...mpute_global_forwarding_rule.html.markdown | 158 ++++++++++++++++ 3 files changed, 338 insertions(+) create mode 100644 .changelog/5183.txt diff --git a/.changelog/5183.txt b/.changelog/5183.txt new file mode 100644 index 0000000000..e4e22fc1e4 --- /dev/null +++ b/.changelog/5183.txt @@ -0,0 +1,2 @@ +```release-note:none +``` diff --git a/google-beta/resource_compute_global_forwarding_rule_generated_test.go b/google-beta/resource_compute_global_forwarding_rule_generated_test.go index 3e4343696b..e968fac275 100644 --- a/google-beta/resource_compute_global_forwarding_rule_generated_test.go +++ b/google-beta/resource_compute_global_forwarding_rule_generated_test.go @@ -23,6 +23,184 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) +func TestAccComputeGlobalForwardingRule_externalHttpLbMigBackendCustomHeaderExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProvidersOiCS, + CheckDestroy: testAccCheckComputeGlobalForwardingRuleDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeGlobalForwardingRule_externalHttpLbMigBackendCustomHeaderExample(context), + }, + { + ResourceName: "google_compute_global_forwarding_rule.google_compute_global_forwarding_rule", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"network", "port_range", "target"}, + }, + }, + }) +} + +func testAccComputeGlobalForwardingRule_externalHttpLbMigBackendCustomHeaderExample(context map[string]interface{}) string { + return Nprintf(` +# External HTTP load balancer with a CDN-enabled managed instance group backend +# and custom request and response headers + +# VPC +resource "google_compute_network" "xlb_network" { + name = "tf-test-l7-xlb-network%{random_suffix}" + provider = google + auto_create_subnetworks = false +} + +# backend subnet +resource "google_compute_subnetwork" "xlb_subnet" { + name = "tf-test-l7-xlb-subnet%{random_suffix}" + provider = google + ip_cidr_range = "10.0.1.0/24" + region = "us-central1" + network = google_compute_network.xlb_network.id +} + +# forwarding rule +resource "google_compute_global_forwarding_rule" "google_compute_global_forwarding_rule" { + name = "tf-test-l7-xlb-forwarding-rule%{random_suffix}" + provider = google + ip_protocol = "TCP" + load_balancing_scheme = "EXTERNAL" + port_range = "80" + target = google_compute_target_http_proxy.default.id +} + +# http proxy +resource "google_compute_target_http_proxy" "default" { + name = "tf-test-l7-xlb-target-http-proxy%{random_suffix}" + provider = google + url_map = google_compute_url_map.default.id +} + +# url map +resource "google_compute_url_map" "default" { + name = "tf-test-l7-xlb-url-map%{random_suffix}" + provider = google + default_service = google_compute_backend_service.default.id +} + +# backend service with custom request and response headers +resource "google_compute_backend_service" "default" { + name = "tf-test-l7-xlb-backend-service%{random_suffix}" + provider = google-beta + protocol = "HTTP" + port_name = "my-port" + load_balancing_scheme = "EXTERNAL" + timeout_sec = 10 + enable_cdn = true + custom_request_headers = ["X-Client-Geo-Location: {client_region_subdivision}, {client_city}"] + custom_response_headers = ["X-Cache-Hit: {cdn_cache_status}"] + health_checks = [google_compute_health_check.default.id] + backend { + group = google_compute_instance_group_manager.mig.instance_group + balancing_mode = "UTILIZATION" + capacity_scaler = 1.0 + } +} + +# instance template +resource "google_compute_instance_template" "instance_template" { + name = "tf-test-l7-xlb-mig-template%{random_suffix}" + provider = google + machine_type = "e2-small" + tags = ["allow-health-check"] + + network_interface { + network = google_compute_network.xlb_network.id + subnetwork = google_compute_subnetwork.xlb_subnet.id + access_config { + # add external ip to fetch packages + } + } + disk { + source_image = "debian-cloud/debian-10" + auto_delete = true + boot = true + } + + # install nginx and serve a simple web page + metadata = { + startup-script = <<-EOF1 + #! /bin/bash + set -euo pipefail + + export DEBIAN_FRONTEND=noninteractive + apt-get update + apt-get install -y nginx-light jq + + NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") + IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") + METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') + + cat < /var/www/html/index.html + 
+      Name: $NAME
+      IP: $IP
+      Metadata: $METADATA
+
+ EOF + EOF1 + } + lifecycle { + create_before_destroy = true + } +} + +# health check +resource "google_compute_health_check" "default" { + name = "tf-test-l7-xlb-hc%{random_suffix}" + provider = google + http_health_check { + port_specification = "USE_SERVING_PORT" + } +} + +# MIG +resource "google_compute_instance_group_manager" "mig" { + name = "tf-test-l7-xlb-mig1%{random_suffix}" + provider = google + zone = "us-central1-c" + named_port { + name = "http" + port = 8080 + } + version { + instance_template = google_compute_instance_template.instance_template.id + name = "primary" + } + base_instance_name = "vm" + target_size = 2 +} + +# allow access from health check ranges +resource "google_compute_firewall" "fw_health_check" { + name = "tf-test-l7-xlb-fw-allow-hc%{random_suffix}" + provider = google + direction = "INGRESS" + network = google_compute_network.xlb_network.id + source_ranges = ["130.211.0.0/22", "35.191.0.0/16"] + allow { + protocol = "tcp" + } + target_tags = ["allow-health-check"] +} +`, context) +} + func TestAccComputeGlobalForwardingRule_globalForwardingRuleHttpExample(t *testing.T) { t.Parallel() diff --git a/website/docs/r/compute_global_forwarding_rule.html.markdown b/website/docs/r/compute_global_forwarding_rule.html.markdown index bcc4e48c69..9a47014c60 100644 --- a/website/docs/r/compute_global_forwarding_rule.html.markdown +++ b/website/docs/r/compute_global_forwarding_rule.html.markdown @@ -32,6 +32,164 @@ https://cloud.google.com/compute/docs/load-balancing/http/ +
+ + Open in Cloud Shell + +
+## Example Usage - External Http Lb Mig Backend Custom Header + + +```hcl +# External HTTP load balancer with a CDN-enabled managed instance group backend +# and custom request and response headers + +# VPC +resource "google_compute_network" "xlb_network" { + name = "l7-xlb-network" + provider = google + auto_create_subnetworks = false +} + +# backend subnet +resource "google_compute_subnetwork" "xlb_subnet" { + name = "l7-xlb-subnet" + provider = google + ip_cidr_range = "10.0.1.0/24" + region = "us-central1" + network = google_compute_network.xlb_network.id +} + +# forwarding rule +resource "google_compute_global_forwarding_rule" "google_compute_global_forwarding_rule" { + name = "l7-xlb-forwarding-rule" + provider = google + ip_protocol = "TCP" + load_balancing_scheme = "EXTERNAL" + port_range = "80" + target = google_compute_target_http_proxy.default.id +} + +# http proxy +resource "google_compute_target_http_proxy" "default" { + name = "l7-xlb-target-http-proxy" + provider = google + url_map = google_compute_url_map.default.id +} + +# url map +resource "google_compute_url_map" "default" { + name = "l7-xlb-url-map" + provider = google + default_service = google_compute_backend_service.default.id +} + +# backend service with custom request and response headers +resource "google_compute_backend_service" "default" { + name = "l7-xlb-backend-service" + provider = google-beta + protocol = "HTTP" + port_name = "my-port" + load_balancing_scheme = "EXTERNAL" + timeout_sec = 10 + enable_cdn = true + custom_request_headers = ["X-Client-Geo-Location: {client_region_subdivision}, {client_city}"] + custom_response_headers = ["X-Cache-Hit: {cdn_cache_status}"] + health_checks = [google_compute_health_check.default.id] + backend { + group = google_compute_instance_group_manager.mig.instance_group + balancing_mode = "UTILIZATION" + capacity_scaler = 1.0 + } +} + +# instance template +resource "google_compute_instance_template" "instance_template" { + name = "l7-xlb-mig-template" + provider = google + machine_type = "e2-small" + tags = ["allow-health-check"] + + network_interface { + network = google_compute_network.xlb_network.id + subnetwork = google_compute_subnetwork.xlb_subnet.id + access_config { + # add external ip to fetch packages + } + } + disk { + source_image = "debian-cloud/debian-10" + auto_delete = true + boot = true + } + + # install nginx and serve a simple web page + metadata = { + startup-script = <<-EOF1 + #! /bin/bash + set -euo pipefail + + export DEBIAN_FRONTEND=noninteractive + apt-get update + apt-get install -y nginx-light jq + + NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") + IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") + METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') + + cat < /var/www/html/index.html + 
+      Name: $NAME
+      IP: $IP
+      Metadata: $METADATA
+
+ EOF + EOF1 + } + lifecycle { + create_before_destroy = true + } +} + +# health check +resource "google_compute_health_check" "default" { + name = "l7-xlb-hc" + provider = google + http_health_check { + port_specification = "USE_SERVING_PORT" + } +} + +# MIG +resource "google_compute_instance_group_manager" "mig" { + name = "l7-xlb-mig1" + provider = google + zone = "us-central1-c" + named_port { + name = "http" + port = 8080 + } + version { + instance_template = google_compute_instance_template.instance_template.id + name = "primary" + } + base_instance_name = "vm" + target_size = 2 +} + +# allow access from health check ranges +resource "google_compute_firewall" "fw_health_check" { + name = "l7-xlb-fw-allow-hc" + provider = google + direction = "INGRESS" + network = google_compute_network.xlb_network.id + source_ranges = ["130.211.0.0/22", "35.191.0.0/16"] + allow { + protocol = "tcp" + } + target_tags = ["allow-health-check"] +} +```
Open in Cloud Shell