-
Notifications
You must be signed in to change notification settings - Fork 92
/
Copy pathmetadata.yaml
181 lines (180 loc) · 6.12 KB
/
metadata.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: blueprints.cloud.google.com/v1alpha1
kind: BlueprintMetadata
metadata:
name: terraform-google-lb-internal
annotations:
config.kubernetes.io/local-config: "true"
spec:
title: Internal Load Balancer Terraform Module
source:
repo: https://github.com/terraform-google-modules/terraform-google-lb-internal
sourceType: git
version: 7.0.0
actuationTool:
type: Terraform
version: '>= 0.13'
examples:
- name: minimal
location: examples/minimal
- name: simple
location: examples/simple
variables:
- name: all_ports
description: Boolean for all_ports setting on forwarding rule.
type: bool
required: false
- name: backends
description: List of backends, should be a map of key-value pairs for each backend, must have the 'group' key.
type: list(any)
required: true
- name: connection_draining_timeout_sec
description: Time for which instance will be drained
type: number
required: false
- name: create_backend_firewall
description: Controls if firewall rules for the backends will be created or not. Health-check firewall rules are controlled separately.
type: bool
default: true
required: false
- name: create_health_check_firewall
description: Controls if firewall rules for the health check will be created or not. If this rule is not present backend healthcheck will fail.
type: bool
default: true
required: false
- name: firewall_enable_logging
description: Controls if firewall rules that are created are to have logging configured. This will be ignored for firewall rules that are not created.
type: bool
default: false
required: false
- name: global_access
description: Allow all regions on the same VPC network access.
type: bool
default: false
required: false
- name: health_check
description: Health check to determine whether instances are responsive and able to do work
type: |-
object({
type = string
check_interval_sec = number
healthy_threshold = number
timeout_sec = number
unhealthy_threshold = number
response = string
proxy_header = string
port = number
port_name = string
request = string
request_path = string
host = string
enable_log = bool
})
required: true
- name: ip_address
description: IP address of the internal load balancer, if empty one will be assigned. Default is empty.
type: string
required: false
- name: ip_protocol
description: The IP protocol for the backend and frontend forwarding rule. TCP or UDP.
type: string
default: TCP
required: false
- name: labels
description: The labels to attach to resources created by this module.
type: map(string)
default: {}
required: false
- name: name
description: Name for the forwarding rule and prefix for supporting resources.
type: string
required: true
- name: network
description: Name of the network to create resources in.
type: string
default: default
required: false
- name: network_project
description: Name of the project for the network. Useful for shared VPC. Default is var.project.
type: string
default: ""
required: false
- name: ports
description: List of ports range to forward to backend services. Max is 5.
type: list(string)
required: true
- name: project
description: The project to deploy to, if not set the default provider project is used.
type: string
default: ""
required: false
- name: region
description: Region for cloud resources.
type: string
default: us-central1
required: false
- name: service_label
description: Service label is used to create internal DNS name
type: string
required: false
- name: session_affinity
description: 'The session affinity for the backends example: NONE, CLIENT_IP. Default is `NONE`.'
type: string
default: NONE
required: false
- name: source_ip_ranges
description: List of source ip ranges for traffic between the internal load balancer.
type: list(string)
required: false
- name: source_service_accounts
description: List of source service accounts for traffic between the internal load balancer.
type: list(string)
required: false
- name: source_tags
description: List of source tags for traffic between the internal load balancer.
type: list(string)
required: true
- name: subnetwork
description: Name of the subnetwork to create resources in.
type: string
default: default
required: false
- name: target_service_accounts
description: List of target service accounts for traffic between the internal load balancer.
type: list(string)
required: false
- name: target_tags
description: List of target tags for traffic between the internal load balancer.
type: list(string)
required: true
outputs:
- name: forwarding_rule
description: The forwarding rule self_link.
- name: forwarding_rule_id
description: The forwarding rule id.
- name: ip_address
description: The internal IP assigned to the regional forwarding rule.
roles:
- level: Project
roles:
- roles/owner
- roles/compute.networkAdmin
- roles/compute.loadBalancerAdmin
- roles/compute.securityAdmin
services:
- cloudresourcemanager.googleapis.com
- storage-api.googleapis.com
- serviceusage.googleapis.com
- compute.googleapis.com