CODEWITHSUNDEEP
google-cloud-platformterraform-provider-gcp
fFace
fFace

Reputation: 101

terraform GCP http(s) Loadbalancer

I am trying to create a HTTP(S) Loadbalancer using terraform on GCP. I want it to server both HTTP and HTTPS clients. I am using the below methods to create the frontend part (google_compute_global_forwarding_rule) of the LB.

// SSL
resource "google_compute_global_forwarding_rule" "default-ssl" {
  name       = "frontend-https"
  target     = google_compute_target_https_proxy.default-ssl.self_link
  port_range = "443"
}


resource "google_compute_target_https_proxy" "default-ssl" {
  provider         = google-beta
  name             = "target-proxy-ssl"
  description      = "a description"
  ssl_certificates = ["mysslcert"]
  url_map          = google_compute_url_map.default.self_link
}

// non SSL
resource "google_compute_global_forwarding_rule" "default" {
  name       = "frontend-http"
  target     = google_compute_target_http_proxy.default.self_link
  port_range = "80"
}

resource "google_compute_target_http_proxy" "default" {
  project     = var.project_id
  provider    = google-beta
  name        = "target-proxy"
  description = "a description"
  url_map     = google_compute_url_map.default.self_link
}

problem with this is, that it allocates two IP addresses; One for the HTTP and one for the HTTPS. But when I am creating a Loadbalancer on GCP manually (no terraform) I can create an IP address and select the protocol. by doing that I can use the same IP address when creating the next frontend rule. adding-an-image

terraform created;

enter image description here

manual created;

enter image description here

apprecete your help on creating a load balancer that only have one IP address.

Upvotes: 4

Views: 5549

Answers (2)

hj5708
hj5708

Reputation: 1

The supplied IP address resource needs to have the SHARED_LOADBALANCER_VIP purpose in Terraform

SHARED_LOADBALANCER_VIP for an address that can be used by multiple internal load balancers. https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_address

Upvotes: 0

John Heyer
John Heyer

Reputation: 921

You can also allocate an external IP on the fly with this:

resource "google_compute_global_address" "L7LB_IP_ADDRESS" {
  name                  = "l7lb-external-ip-address"
}

Then in the forwarding rules (frontend), set the ip address:

resource "google_compute_global_forwarding_rule" "EXTERNAL_FWD_RULE_HTTP" {
  name                  = "frontend-80"
  ip_address            = google_compute_global_address.L7LB_IP_ADDRESS.address
  port_range            = "80"
}
resource "google_compute_global_forwarding_rule" "EXTERNAL_FWD_RULE_HTTPS" {
  name                  = "frontend-443"
  ip_address            = google_compute_global_address.L7LB_IP_ADDRESS.address
  port_range            = "443"
}

Upvotes: 2

Related Questions