Según tu tipo de backend preferido, usa uno de los siguientes ejemplos para implementar un balanceador de cargas de HTTP(S) externo de muestra.
Si es la primera vez que usas Terraform para Google Cloud, consulta la página Comenzar con Google Cloud en el sitio web de HashiCorp.
MIG
Puedes usar un módulo de Terraform para abrir un balanceador de cargas de HTTP(S) externo con backends de Compute Engine.
Para obtener información sobre este ejemplo y aprender a ejecutarlo, consulta el archivo README en GitHub.
module "gce-lb-http" {
source = "GoogleCloudPlatform/lb-http/google"
version = "~> 5.1"
name = var.network_prefix
project = var.project
target_tags = [
"${var.network_prefix}-group1",
module.cloud-nat-group1.router_name,
"${var.network_prefix}-group2",
module.cloud-nat-group2.router_name
]
firewall_networks = [google_compute_network.default.name]
backends = {
default = {
description = null
protocol = "HTTP"
port = 80
port_name = "http"
timeout_sec = 10
connection_draining_timeout_sec = null
enable_cdn = false
security_policy = null
session_affinity = null
affinity_cookie_ttl_sec = null
custom_request_headers = null
custom_response_headers = null
health_check = {
check_interval_sec = null
timeout_sec = null
healthy_threshold = null
unhealthy_threshold = null
request_path = "/"
port = 80
host = null
logging = null
}
log_config = {
enable = true
sample_rate = 1.0
}
groups = [
{
group = module.mig1.instance_group
balancing_mode = null
capacity_scaler = null
description = null
max_connections = null
max_connections_per_instance = null
max_connections_per_endpoint = null
max_rate = null
max_rate_per_instance = null
max_rate_per_endpoint = null
max_utilization = null
},
{
group = module.mig2.instance_group
balancing_mode = null
capacity_scaler = null
description = null
max_connections = null
max_connections_per_instance = null
max_connections_per_endpoint = null
max_rate = null
max_rate_per_instance = null
max_rate_per_endpoint = null
max_utilization = null
},
]
iap_config = {
enable = false
oauth2_client_id = ""
oauth2_client_secret = ""
}
}
}
}Bucket con MIG
Puedes usar un módulo de Terraform para abrir un balanceador de cargas de HTTP(S) externo con backends de Compute Engine y recursos estáticos que se entregan desde un bucket de Cloud Storage.
Para obtener información sobre este ejemplo y aprender a ejecutarlo, consulta el archivo README en GitHub.
module "gce-lb-https" {
source = "GoogleCloudPlatform/lb-http/google"
version = "~> 5.1"
name = var.network_name
project = var.project
target_tags = [
"${var.network_name}-group1",
module.cloud-nat-group1.router_name,
"${var.network_name}-group2",
module.cloud-nat-group2.router_name,
"${var.network_name}-group3",
module.cloud-nat-group3.router_name
]
firewall_networks = [google_compute_network.default.self_link]
url_map = google_compute_url_map.ml-bkd-ml-mig-bckt-s-lb.self_link
create_url_map = false
ssl = true
private_key = tls_private_key.example.private_key_pem
certificate = tls_self_signed_cert.example.cert_pem
backends = {
default = {
description = null
protocol = "HTTP"
port = 80
port_name = "http"
timeout_sec = 10
connection_draining_timeout_sec = null
enable_cdn = false
security_policy = null
session_affinity = null
affinity_cookie_ttl_sec = null
custom_request_headers = null
custom_response_headers = null
health_check = local.health_check
log_config = {
enable = true
sample_rate = 1.0
}
groups = [
{
group = module.mig1.instance_group
balancing_mode = null
capacity_scaler = null
description = null
max_connections = null
max_connections_per_instance = null
max_connections_per_endpoint = null
max_rate = null
max_rate_per_instance = null
max_rate_per_endpoint = null
max_utilization = null
},
{
group = module.mig2.instance_group
balancing_mode = null
capacity_scaler = null
description = null
max_connections = null
max_connections_per_instance = null
max_connections_per_endpoint = null
max_rate = null
max_rate_per_instance = null
max_rate_per_endpoint = null
max_utilization = null
},
{
group = module.mig3.instance_group
balancing_mode = null
capacity_scaler = null
description = null
max_connections = null
max_connections_per_instance = null
max_connections_per_endpoint = null
max_rate = null
max_rate_per_instance = null
max_rate_per_endpoint = null
max_utilization = null
},
]
iap_config = {
enable = false
oauth2_client_id = ""
oauth2_client_secret = ""
}
}
mig1 = {
description = null
protocol = "HTTP"
port = 80
port_name = "http"
timeout_sec = 10
connection_draining_timeout_sec = null
enable_cdn = false
security_policy = null
session_affinity = null
affinity_cookie_ttl_sec = null
custom_request_headers = null
custom_response_headers = null
health_check = local.health_check
log_config = {
enable = true
sample_rate = 1.0
}
groups = [
{
group = module.mig1.instance_group
balancing_mode = null
capacity_scaler = null
description = null
max_connections = null
max_connections_per_instance = null
max_connections_per_endpoint = null
max_rate = null
max_rate_per_instance = null
max_rate_per_endpoint = null
max_utilization = null
},
]
iap_config = {
enable = false
oauth2_client_id = ""
oauth2_client_secret = ""
}
}
mig2 = {
description = null
protocol = "HTTP"
port = 80
port_name = "http"
timeout_sec = 10
connection_draining_timeout_sec = null
enable_cdn = false
security_policy = null
session_affinity = null
affinity_cookie_ttl_sec = null
custom_request_headers = null
custom_response_headers = null
health_check = local.health_check
log_config = {
enable = true
sample_rate = 1.0
}
groups = [
{
group = module.mig2.instance_group
balancing_mode = null
capacity_scaler = null
description = null
max_connections = null
max_connections_per_instance = null
max_connections_per_endpoint = null
max_rate = null
max_rate_per_instance = null
max_rate_per_endpoint = null
max_utilization = null
},
]
iap_config = {
enable = false
oauth2_client_id = ""
oauth2_client_secret = ""
}
}
mig3 = {
description = null
protocol = "HTTP"
port = 80
port_name = "http"
timeout_sec = 10
connection_draining_timeout_sec = null
enable_cdn = false
security_policy = null
session_affinity = null
affinity_cookie_ttl_sec = null
custom_request_headers = null
custom_response_headers = null
health_check = local.health_check
log_config = {
enable = true
sample_rate = 1.0
}
groups = [
{
group = module.mig3.instance_group
balancing_mode = null
capacity_scaler = null
description = null
max_connections = null
max_connections_per_instance = null
max_connections_per_endpoint = null
max_rate = null
max_rate_per_instance = null
max_rate_per_endpoint = null
max_utilization = null
},
]
iap_config = {
enable = false
oauth2_client_id = ""
oauth2_client_secret = ""
}
}
}
}
resource "google_compute_url_map" "ml-bkd-ml-mig-bckt-s-lb" {
// note that this is the name of the load balancer
name = var.network_name
default_service = module.gce-lb-https.backend_services["default"].self_link
host_rule {
hosts = ["*"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = module.gce-lb-https.backend_services["default"].self_link
path_rule {
paths = [
"/group1",
"/group1/*"
]
service = module.gce-lb-https.backend_services["mig1"].self_link
}
path_rule {
paths = [
"/group2",
"/group2/*"
]
service = module.gce-lb-https.backend_services["mig2"].self_link
}
path_rule {
paths = [
"/group3",
"/group3/*"
]
service = module.gce-lb-https.backend_services["mig3"].self_link
}
path_rule {
paths = [
"/assets",
"/assets/*"
]
service = google_compute_backend_bucket.assets.self_link
}
}
}
resource "google_compute_backend_bucket" "assets" {
name = random_id.assets-bucket.hex
description = "Contains static resources for example app"
bucket_name = google_storage_bucket.assets.name
enable_cdn = true
}
resource "google_storage_bucket" "assets" {
name = random_id.assets-bucket.hex
location = "US"
// delete bucket and contents on destroy.
force_destroy = true
}
// The image object in Cloud Storage.
// Note that the path in the bucket matches the paths in the url map path rule above.
resource "google_storage_bucket_object" "image" {
name = "assets/gcp-logo.svg"
content = file("gcp-logo.svg")
content_type = "image/svg+xml"
bucket = google_storage_bucket.assets.name
}
// Make object public readable.
resource "google_storage_object_acl" "image-acl" {
bucket = google_storage_bucket.assets.name
object = google_storage_bucket_object.image.name
predefined_acl = "publicRead"
}Cloud Run
Puedes usar un módulo de Terraform para abrir un balanceador de cargas HTTPS externo con un backend de Cloud Run.
Para obtener información sobre este ejemplo y aprender a ejecutarlo, consulta el archivo README en GitHub.
module "lb-http" {
source = "GoogleCloudPlatform/lb-http/google//modules/serverless_negs"
version = "~> 5.1"
name = "tf-cr-lb"
project = var.project_id
ssl = var.ssl
managed_ssl_certificate_domains = [var.domain]
https_redirect = var.ssl
backends = {
default = {
description = null
groups = [
{
group = google_compute_region_network_endpoint_group.serverless_neg.id
}
]
enable_cdn = false
security_policy = null
custom_request_headers = null
custom_response_headers = null
iap_config = {
enable = false
oauth2_client_id = ""
oauth2_client_secret = ""
}
log_config = {
enable = false
sample_rate = null
}
}
}
}
resource "google_compute_region_network_endpoint_group" "serverless_neg" {
provider = google-beta
name = "serverless-neg"
network_endpoint_type = "SERVERLESS"
region = var.region
cloud_run {
service = google_cloud_run_service.default.name
}
}
resource "google_cloud_run_service" "default" {
name = "example"
location = var.region
project = var.project_id
template {
spec {
containers {
image = "gcr.io/cloudrun/hello"
}
}
}
}
resource "google_cloud_run_service_iam_member" "public-access" {
location = google_cloud_run_service.default.location
project = google_cloud_run_service.default.project
service = google_cloud_run_service.default.name
role = "roles/run.invoker"
member = "allUsers"
}Redireccionamiento HTTP a HTTPS
Puedes usar un módulo de Terraform para abrir un balanceador de cargas HTTPS externo con redireccionamiento de HTTP a HTTPS.
Para obtener información sobre este ejemplo y aprender a ejecutarlo, consulta el archivo README en GitHub.
module "gce-lb-http" {
source = "GoogleCloudPlatform/lb-http/google"
version = "~> 5.1"
name = "ci-https-redirect"
project = var.project
target_tags = [var.network_name]
firewall_networks = [google_compute_network.default.name]
ssl = true
ssl_certificates = [google_compute_ssl_certificate.example.self_link]
use_ssl_certificates = true
https_redirect = true
backends = {
default = {
description = null
protocol = "HTTP"
port = 80
port_name = "http"
timeout_sec = 10
connection_draining_timeout_sec = null
enable_cdn = false
security_policy = null
session_affinity = null
affinity_cookie_ttl_sec = null
custom_request_headers = null
custom_response_headers = null
health_check = {
check_interval_sec = null
timeout_sec = null
healthy_threshold = null
unhealthy_threshold = null
request_path = "/"
port = 80
host = null
logging = null
}
log_config = {
enable = false
sample_rate = null
}
groups = [
{
group = module.mig.instance_group
balancing_mode = null
capacity_scaler = null
description = null
max_connections = null
max_connections_per_instance = null
max_connections_per_endpoint = null
max_rate = null
max_rate_per_instance = null
max_rate_per_endpoint = null
max_utilization = null
}
]
iap_config = {
enable = false
oauth2_client_id = ""
oauth2_client_secret = ""
}
}
}
}VPC compartida
Puedes usar un módulo de Terraform para abrir un balanceador de cargas HTTP(S) externo en una configuración de VPC compartida.
Para obtener información sobre este ejemplo y aprender a ejecutarlo, consulta el archivo README en GitHub.
module "gce-lb-http" {
source = "GoogleCloudPlatform/lb-http/google"
version = "~> 5.1"
name = "group-http-lb"
project = var.service_project
target_tags = ["allow-shared-vpc-mig"]
firewall_projects = [var.host_project]
firewall_networks = [var.network]
backends = {
default = {
description = null
protocol = "HTTP"
port = 80
port_name = "http"
timeout_sec = 10
connection_draining_timeout_sec = null
enable_cdn = false
security_policy = null
session_affinity = null
affinity_cookie_ttl_sec = null
custom_request_headers = null
custom_response_headers = null
health_check = {
check_interval_sec = null
timeout_sec = null
healthy_threshold = null
unhealthy_threshold = null
request_path = "/"
port = 80
host = null
logging = null
}
log_config = {
enable = true
sample_rate = 1.0
}
groups = [
{
group = module.mig.instance_group
balancing_mode = null
capacity_scaler = null
description = null
max_connections = null
max_connections_per_instance = null
max_connections_per_endpoint = null
max_rate = null
max_rate_per_instance = null
max_rate_per_endpoint = null
max_utilization = null
}
]
iap_config = {
enable = false
oauth2_client_id = ""
oauth2_client_secret = ""
}
}
}
}