Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Finish GCLB Terraform setup #409

Merged
merged 8 commits into from
Sep 1, 2020
Merged

Finish GCLB Terraform setup #409

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
921e9e8
Add the rest of the LB configuration
icco Aug 26, 2020
1a5d97f
small fixes
icco Aug 26, 2020
fa5c269
small fixes
icco Aug 26, 2020
f3104e9
explicit serverless
icco Aug 26, 2020
41aa12a
we'll need the next version
icco Aug 28, 2020
049b738
Merge branch 'main' of github.com:google/exposure-notifications-verif…
icco Aug 28, 2020
f88c8eb
Merge branch 'main' of github.com:google/exposure-notifications-verif…
icco Sep 1, 2020
e43b586
keep providers at same versions
icco Sep 1, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
139 changes: 100 additions & 39 deletions terraform/lb.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,47 +11,108 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# TODO(icco): This is currently all setup manually.
#resource "google_compute_backend_service" "apiserver" {
# provider = google-beta
# name = "apiserver"
# project = var.project
# enable_cdn = true
#
# backend {
# group = google_compute_region_network_endpoint_group.apiserver.id
# }
#}

resource "google_compute_global_address" "verification-server" {
name = "verification-server-address"
project = var.project
}

#resource "google_compute_url_map" "urlmap" {
# name = "verification-server"
# project = var.project
# default_service = google_compute_backend_service.apiserver.id
#
# TODO(icco): Add host base routing for all four services.
#}
#
#resource "google_compute_target_http_proxy" "default" {
# name = "verification-server"
# project = var.project
# url_map = google_compute_url_map.urlmap.id
#}
#
#resource "google_compute_forwarding_rule" "verification-server" {
# provider = google-beta
# name = "verification-server"
# project = var.project
#
# ip_protocol = "TCP"
# ip_address = google_compute_global_address.verification-server.address
# load_balancing_scheme = "EXTERNAL"
# port_range = "80"
# target = google_compute_target_http_proxy.default.id
# network_tier = "PREMIUM"
#}
# Redirects all requests to https
resource "google_compute_url_map" "urlmap-http" {
name = "https-redirect"
provider = google-beta
project = var.project

default_url_redirect {
strip_query = false
https_redirect = true
}
}

resource "google_compute_url_map" "urlmap-https" {
name = "verification-server"
provider = google-beta
project = var.project
default_service = google_compute_backend_service.apiserver.id

host_rule {
hosts = [var.server-host]
path_matcher = "server"
}

path_matcher {
name = "server"
default_service = google_compute_backend_service.server.id
}

host_rule {
hosts = [var.apiserver-host]
path_matcher = "apiserver"
}

path_matcher {
name = "apiserver"
default_service = google_compute_backend_service.apiserver.id
}

host_rule {
hosts = [var.adminapi-host]
path_matcher = "adminapi"
}

path_matcher {
name = "adminapi"
default_service = google_compute_backend_service.adminapi.id
}
}

resource "google_compute_target_http_proxy" "http" {
provider = google-beta
name = "verification-server"
project = var.project

url_map = google_compute_url_map.urlmap-http.id
}

resource "google_compute_target_https_proxy" "https" {
name = "verification-server"
project = var.project

url_map = google_compute_url_map.urlmap-https.id
ssl_certificates = [google_compute_managed_ssl_certificate.default.id]
}

resource "google_compute_forwarding_rule" "http" {
provider = google-beta
name = "verification-server-http"
project = var.project

ip_protocol = "TCP"
ip_address = google_compute_global_address.verification-server.address
load_balancing_scheme = "EXTERNAL"
port_range = "80"
target = google_compute_target_http_proxy.http.id
network_tier = "PREMIUM"
}

resource "google_compute_forwarding_rule" "https" {
provider = google-beta
name = "verification-server-https"
project = var.project

ip_protocol = "TCP"
ip_address = google_compute_global_address.verification-server.address
load_balancing_scheme = "EXTERNAL"
port_range = "443"
target = google_compute_target_https_proxy.https.id
network_tier = "PREMIUM"
}

resource "google_compute_managed_ssl_certificate" "default" {
sethvargo marked this conversation as resolved.
Show resolved Hide resolved
provider = google-beta

name = "verification-cert"

managed {
domains = [var.server-host, var.apiserver-host, var.adminapi-host]
}
}
12 changes: 12 additions & 0 deletions terraform/service_admin_apiserver.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,11 +147,23 @@ resource "google_compute_region_network_endpoint_group" "adminapi" {
project = var.project
region = var.region

network_endpoint_type = "SERVERLESS"

cloud_run {
service = google_cloud_run_service.adminapi.name
}
}

resource "google_compute_backend_service" "adminapi" {
provider = google-beta
name = "adminapi"
project = var.project

backend {
group = google_compute_region_network_endpoint_group.adminapi.id
}
}

resource "google_cloud_run_domain_mapping" "adminapi" {
count = var.adminapi_custom_domain != "" ? 1 : 0
location = var.cloudrun_location
Expand Down
12 changes: 12 additions & 0 deletions terraform/service_apiserver.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,11 +155,23 @@ resource "google_compute_region_network_endpoint_group" "apiserver" {
project = var.project
region = var.region

network_endpoint_type = "SERVERLESS"

cloud_run {
service = google_cloud_run_service.apiserver.name
}
}

resource "google_compute_backend_service" "apiserver" {
provider = google-beta
name = "apiserver"
project = var.project

backend {
group = google_compute_region_network_endpoint_group.apiserver.id
}
}

resource "google_cloud_run_domain_mapping" "apiserver" {
count = var.apiserver_custom_domain != "" ? 1 : 0
location = var.cloudrun_location
Expand Down
12 changes: 12 additions & 0 deletions terraform/service_server.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,11 +188,23 @@ resource "google_compute_region_network_endpoint_group" "server" {
project = var.project
region = var.region

network_endpoint_type = "SERVERLESS"

cloud_run {
service = google_cloud_run_service.server.name
}
}

resource "google_compute_backend_service" "server" {
provider = google-beta
name = "server"
project = var.project

backend {
group = google_compute_region_network_endpoint_group.server.id
}
}

resource "google_cloud_run_domain_mapping" "server" {
count = var.server_custom_domain != "" ? 1 : 0
location = var.cloudrun_location
Expand Down
19 changes: 17 additions & 2 deletions terraform/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,17 +155,32 @@ variable "server_custom_domain" {
description = "Custom domain to map for server. This domain must already be verified by Google, and you must have a DNS CNAME record pointing to ghs.googlehosted.com in advance. If not provided, no domain mapping is created."
}

variable "server-host" {
type = string
description = "Domain web ui is hosted on."
}

variable "apiserver-host" {
type = string
description = "Domain apiserver is hosted on."
}

variable "adminapi-host" {
type = string
description = "Domain adminapi is hosted on."
}

terraform {
required_version = ">= 0.13"

required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.36"
version = "~> 3.37"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 3.36"
version = "~> 3.37"
}
local = {
source = "hashicorp/local"
Expand Down