From aa69923e6960447537897264b4e6a1655a653175 Mon Sep 17 00:00:00 2001 From: Modular Magician Date: Thu, 12 Aug 2021 22:13:15 +0000 Subject: [PATCH] L3 default support for Network Load Balancer (#5059) Signed-off-by: Modular Magician --- .changelog/5059.txt | 3 + google/resource_compute_forwarding_rule.go | 33 ++++++---- ...resource_compute_region_backend_service.go | 4 +- .../r/compute_forwarding_rule.html.markdown | 66 +++++++++++++++---- ...mpute_region_backend_service.html.markdown | 2 +- 5 files changed, 78 insertions(+), 30 deletions(-) create mode 100644 .changelog/5059.txt diff --git a/.changelog/5059.txt b/.changelog/5059.txt new file mode 100644 index 00000000000..c60939ee614 --- /dev/null +++ b/.changelog/5059.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +compute: added support for `L3_DEFAULT` as `ip_protocol` for `google_compute_forwarding_rule` and `UNSPECIFIED` as `protocol` for `google_compute_region_backend_service` to support network load balancers that forward all protocols and ports. +``` diff --git a/google/resource_compute_forwarding_rule.go b/google/resource_compute_forwarding_rule.go index 8da0fae80b5..0b19c34b5d6 100644 --- a/google/resource_compute_forwarding_rule.go +++ b/google/resource_compute_forwarding_rule.go @@ -83,22 +83,24 @@ Google APIs, IP address must be provided.`, Computed: true, Optional: true, ForceNew: true, - ValidateFunc: validation.StringInSlice([]string{"TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", ""}, false), + ValidateFunc: validation.StringInSlice([]string{"TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", "L3_DEFAULT", ""}, false), DiffSuppressFunc: caseDiffSuppress, Description: `The IP protocol to which this rule applies. When the load balancing scheme is INTERNAL, only TCP and UDP are -valid. Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP"]`, +valid. Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", "L3_DEFAULT"]`, }, "all_ports": { Type: schema.TypeBool, Optional: true, ForceNew: true, - Description: `For internal TCP/UDP load balancing (i.e. load balancing scheme is -INTERNAL and protocol is TCP/UDP), set this to true to allow packets -addressed to any ports to be forwarded to the backends configured -with this forwarding rule. Used with backend service. Cannot be set -if port or portRange are set.`, + Description: `This field can be used with internal load balancer or network load balancer +when the forwarding rule references a backend service, or with the target +field when it references a TargetInstance. Set this to true to +allow packets addressed to any ports to be forwarded to the backends configured +with this forwarding rule. This can be used when the protocol is TCP/UDP, and it +must be set to true when the protocol is set to L3_DEFAULT. +Cannot be set if port or portRange are set.`, }, "allow_global_access": { Type: schema.TypeBool, @@ -195,15 +197,18 @@ ports: Type: schema.TypeSet, Optional: true, ForceNew: true, - Description: `This field is used along with the backend_service field for internal -load balancing. + Description: `This field is used along with internal load balancing and network +load balancer when the forwarding rule references a backend service +and when protocol is not L3_DEFAULT. -When the load balancing scheme is INTERNAL, a single port or a comma -separated list of ports can be configured. Only packets addressed to -these ports will be forwarded to the backends configured with this -forwarding rule. +A single port or a comma separated list of ports can be configured. +Only packets addressed to these ports will be forwarded to the backends +configured with this forwarding rule. -You may specify a maximum of up to 5 ports.`, +You can only use one of ports and portRange, or allPorts. +The three are mutually exclusive. + +You may specify a maximum of up to 5 ports, which can be non-contiguous.`, MaxItems: 5, Elem: &schema.Schema{ Type: schema.TypeString, diff --git a/google/resource_compute_region_backend_service.go b/google/resource_compute_region_backend_service.go index 0133cc61c6a..1982a417d05 100644 --- a/google/resource_compute_region_backend_service.go +++ b/google/resource_compute_region_backend_service.go @@ -776,10 +776,10 @@ Must be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Type: schema.TypeString, Computed: true, Optional: true, - ValidateFunc: validation.StringInSlice([]string{"HTTP", "HTTPS", "HTTP2", "SSL", "TCP", "UDP", "GRPC", ""}, false), + ValidateFunc: validation.StringInSlice([]string{"HTTP", "HTTPS", "HTTP2", "SSL", "TCP", "UDP", "GRPC", "UNSPECIFIED", ""}, false), Description: `The protocol this RegionBackendService uses to communicate with backends. The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer -types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "SSL", "TCP", "UDP", "GRPC"]`, +types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "SSL", "TCP", "UDP", "GRPC", "UNSPECIFIED"]`, }, "region": { Type: schema.TypeString, diff --git a/website/docs/r/compute_forwarding_rule.html.markdown b/website/docs/r/compute_forwarding_rule.html.markdown index ab0288277f1..98d53919324 100644 --- a/website/docs/r/compute_forwarding_rule.html.markdown +++ b/website/docs/r/compute_forwarding_rule.html.markdown @@ -132,6 +132,42 @@ resource "google_compute_target_pool" "default" { name = "website-target-pool" } ``` +
+ + Open in Cloud Shell + +
+## Example Usage - Forwarding Rule L3 Default + + +```hcl +resource "google_compute_forwarding_rule" "fwd_rule" { + provider = google-beta + name = "l3-forwarding-rule" + backend_service = google_compute_region_backend_service.service.id + ip_protocol = "L3_DEFAULT" + all_ports = true +} + +resource "google_compute_region_backend_service" "service" { + provider = google-beta + region = "us-central1" + name = "service" + health_checks = [google_compute_region_health_check.health_check.id] + protocol = "UNSPECIFIED" + load_balancing_scheme = "EXTERNAL" +} + +resource "google_compute_region_health_check" "health_check" { + provider = google-beta + name = "health-check" + region = "us-central1" + + tcp_health_check { + port = 80 + } +} +```
Open in Cloud Shell @@ -435,7 +471,7 @@ The following arguments are supported: The IP protocol to which this rule applies. When the load balancing scheme is INTERNAL, only TCP and UDP are valid. - Possible values are `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, and `ICMP`. + Possible values are `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, `ICMP`, and `L3_DEFAULT`. * `backend_service` - (Optional) @@ -482,13 +518,15 @@ The following arguments are supported: * `ports` - (Optional) - This field is used along with the backend_service field for internal - load balancing. - When the load balancing scheme is INTERNAL, a single port or a comma - separated list of ports can be configured. Only packets addressed to - these ports will be forwarded to the backends configured with this - forwarding rule. - You may specify a maximum of up to 5 ports. + This field is used along with internal load balancing and network + load balancer when the forwarding rule references a backend service + and when protocol is not L3_DEFAULT. + A single port or a comma separated list of ports can be configured. + Only packets addressed to these ports will be forwarded to the backends + configured with this forwarding rule. + You can only use one of ports and portRange, or allPorts. + The three are mutually exclusive. + You may specify a maximum of up to 5 ports, which can be non-contiguous. * `subnetwork` - (Optional) @@ -516,11 +554,13 @@ The following arguments are supported: * `all_ports` - (Optional) - For internal TCP/UDP load balancing (i.e. load balancing scheme is - INTERNAL and protocol is TCP/UDP), set this to true to allow packets - addressed to any ports to be forwarded to the backends configured - with this forwarding rule. Used with backend service. Cannot be set - if port or portRange are set. + This field can be used with internal load balancer or network load balancer + when the forwarding rule references a backend service, or with the target + field when it references a TargetInstance. Set this to true to + allow packets addressed to any ports to be forwarded to the backends configured + with this forwarding rule. This can be used when the protocol is TCP/UDP, and it + must be set to true when the protocol is set to L3_DEFAULT. + Cannot be set if port or portRange are set. * `network_tier` - (Optional) diff --git a/website/docs/r/compute_region_backend_service.html.markdown b/website/docs/r/compute_region_backend_service.html.markdown index 3e12110a03f..d8ae0297d09 100644 --- a/website/docs/r/compute_region_backend_service.html.markdown +++ b/website/docs/r/compute_region_backend_service.html.markdown @@ -417,7 +417,7 @@ The following arguments are supported: The protocol this RegionBackendService uses to communicate with backends. The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. - Possible values are `HTTP`, `HTTPS`, `HTTP2`, `SSL`, `TCP`, `UDP`, and `GRPC`. + Possible values are `HTTP`, `HTTPS`, `HTTP2`, `SSL`, `TCP`, `UDP`, `GRPC`, and `UNSPECIFIED`. * `session_affinity` - (Optional)