All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.networkservices.kotlin.LbTrafficExtension.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.networkservices.kotlin

import com.pulumi.core.Output
import com.pulumi.gcp.networkservices.kotlin.outputs.LbTrafficExtensionExtensionChain
import com.pulumi.gcp.networkservices.kotlin.outputs.LbTrafficExtensionExtensionChain.Companion.toKotlin
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map

/**
 * Builder for [LbTrafficExtension].
 */
@PulumiTagMarker
public class LbTrafficExtensionResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: LbTrafficExtensionArgs = LbTrafficExtensionArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend LbTrafficExtensionArgsBuilder.() -> Unit) {
        val builder = LbTrafficExtensionArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): LbTrafficExtension {
        val builtJavaResource =
            com.pulumi.gcp.networkservices.LbTrafficExtension(
                this.name,
                this.args.toJava(),
                this.opts.toJava(),
            )
        return LbTrafficExtension(builtJavaResource)
    }
}

/**
 * LbTrafficExtension is a resource that lets the extension service modify the headers and payloads of both requests and responses without impacting the choice of backend services or any other security policies associated with the backend service.
 * To get more information about LbTrafficExtension, see:
 * * [API documentation](https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.lbTrafficExtensions)
 * * How-to Guides
 *     * [Configure a traffic extension](https://cloud.google.com/service-extensions/docs/configure-callout#configure_a_traffic_extension)
 * ## Example Usage
 * ### Network Services Lb Traffic Extension Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * // Internal HTTP load balancer with a managed instance group backend
 * // VPC network
 * const ilbNetwork = new gcp.compute.Network("ilb_network", {
 *     name: "l7-ilb-network",
 *     autoCreateSubnetworks: false,
 * });
 * // proxy-only subnet
 * const proxySubnet = new gcp.compute.Subnetwork("proxy_subnet", {
 *     name: "l7-ilb-proxy-subnet",
 *     ipCidrRange: "10.0.0.0/24",
 *     region: "us-west1",
 *     purpose: "REGIONAL_MANAGED_PROXY",
 *     role: "ACTIVE",
 *     network: ilbNetwork.id,
 * });
 * // backend subnet
 * const ilbSubnet = new gcp.compute.Subnetwork("ilb_subnet", {
 *     name: "l7-ilb-subnet",
 *     ipCidrRange: "10.0.1.0/24",
 *     region: "us-west1",
 *     network: ilbNetwork.id,
 * });
 * // health check
 * const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
 *     name: "l7-ilb-hc",
 *     region: "us-west1",
 *     httpHealthCheck: {
 *         portSpecification: "USE_SERVING_PORT",
 *     },
 * });
 * // instance template
 * const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
 *     networkInterfaces: [{
 *         accessConfigs: [{}],
 *         network: ilbNetwork.id,
 *         subnetwork: ilbSubnet.id,
 *     }],
 *     name: "l7-ilb-mig-template",
 *     machineType: "e2-small",
 *     tags: ["http-server"],
 *     disks: [{
 *         sourceImage: "debian-cloud/debian-10",
 *         autoDelete: true,
 *         boot: true,
 *     }],
 *     metadata: {
 *         "startup-script": `#! /bin/bash
 * set -euo pipefail
 * export DEBIAN_FRONTEND=noninteractive
 * apt-get update
 * apt-get install -y nginx-light jq
 * NAME=(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
 * IP=(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
 * METADATA=(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
 * cat < /var/www/html/index.html
 * 
 * Name: NAME
 * IP: IP
 * Metadata: METADATA
 * 
* EOF * `, * }, * }); * // MIG * const mig = new gcp.compute.RegionInstanceGroupManager("mig", { * name: "l7-ilb-mig1", * region: "us-west1", * baseInstanceName: "vm", * targetSize: 2, * versions: [{ * instanceTemplate: instanceTemplate.id, * name: "primary", * }], * }); * // backend service * const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", { * name: "l7-ilb-backend-subnet", * region: "us-west1", * protocol: "HTTP", * loadBalancingScheme: "INTERNAL_MANAGED", * timeoutSec: 10, * healthChecks: defaultRegionHealthCheck.id, * backends: [{ * group: mig.instanceGroup, * balancingMode: "UTILIZATION", * capacityScaler: 1, * }], * }); * // URL map * const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", { * name: "l7-ilb-regional-url-map", * region: "us-west1", * defaultService: defaultRegionBackendService.id, * }); * // HTTP target proxy * const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", { * name: "l7-ilb-target-http-proxy", * region: "us-west1", * urlMap: defaultRegionUrlMap.id, * }); * // forwarding rule * const _default = new gcp.compute.ForwardingRule("default", { * name: "l7-ilb-forwarding-rule", * region: "us-west1", * ipProtocol: "TCP", * loadBalancingScheme: "INTERNAL_MANAGED", * portRange: "80", * target: defaultRegionTargetHttpProxy.id, * network: ilbNetwork.id, * subnetwork: ilbSubnet.id, * networkTier: "PREMIUM", * }); * // allow all access from IAP and health check ranges * const fwIap = new gcp.compute.Firewall("fw_iap", { * name: "l7-ilb-fw-allow-iap-hc", * direction: "INGRESS", * network: ilbNetwork.id, * sourceRanges: [ * "130.211.0.0/22", * "35.191.0.0/16", * "35.235.240.0/20", * ], * allows: [{ * protocol: "tcp", * }], * }); * // allow http from proxy subnet to backends * const fwIlbToBackends = new gcp.compute.Firewall("fw_ilb_to_backends", { * name: "l7-ilb-fw-allow-ilb-to-backends", * direction: "INGRESS", * network: ilbNetwork.id, * sourceRanges: ["10.0.0.0/24"], * targetTags: ["http-server"], * allows: [{ * protocol: "tcp", * ports: [ * "80", * "443", * "8080", * ], * }], * }); * // Traffic Extension Backend Instance * const calloutsInstance = new gcp.compute.Instance("callouts_instance", { * networkInterfaces: [{ * accessConfigs: [{}], * network: ilbNetwork.id, * subnetwork: ilbSubnet.id, * }], * name: "l7-ilb-callouts-ins", * zone: "us-west1-a", * machineType: "e2-small", * labels: { * "container-vm": "cos-stable-109-17800-147-54", * }, * tags: [ * "allow-ssh", * "load-balanced-backend", * ], * bootDisk: { * autoDelete: true, * initializeParams: { * type: "pd-standard", * size: 10, * image: "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54", * }, * }, * metadata: { * "gce-container-declaration": `# DISCLAIMER: * # This container declaration format is not a public API and may change without * # notice. Please use gcloud command-line tool or Google Cloud Console to run * # Containers on Google Compute Engine. * spec: * containers: * - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest * name: callouts-vm * securityContext: * privileged: false * stdin: false * tty: false * volumeMounts: [] * restartPolicy: Always * volumes: [] * `, * "google-logging-enabled": "true", * }, * deletionProtection: false, * }); * // callouts instance group * const calloutsInstanceGroup = new gcp.compute.InstanceGroup("callouts_instance_group", { * name: "l7-ilb-callouts-ins-group", * description: "Terraform test instance group", * zone: "us-west1-a", * instances: [calloutsInstance.id], * namedPorts: [ * { * name: "http", * port: 80, * }, * { * name: "grpc", * port: 443, * }, * ], * }); * // callout health check * const calloutsHealthCheck = new gcp.compute.RegionHealthCheck("callouts_health_check", { * name: "l7-ilb-callouts-hc", * region: "us-west1", * httpHealthCheck: { * port: 80, * }, * }); * // callout backend service * const calloutsBackend = new gcp.compute.RegionBackendService("callouts_backend", { * name: "l7-ilb-callouts-backend", * region: "us-west1", * protocol: "HTTP2", * loadBalancingScheme: "INTERNAL_MANAGED", * timeoutSec: 10, * portName: "grpc", * healthChecks: calloutsHealthCheck.id, * backends: [{ * group: calloutsInstanceGroup.id, * balancingMode: "UTILIZATION", * capacityScaler: 1, * }], * }); * const defaultLbTrafficExtension = new gcp.networkservices.LbTrafficExtension("default", { * name: "l7-ilb-traffic-ext", * description: "my traffic extension", * location: "us-west1", * loadBalancingScheme: "INTERNAL_MANAGED", * forwardingRules: [_default.selfLink], * extensionChains: [{ * name: "chain1", * matchCondition: { * celExpression: "request.host == 'example.com'", * }, * extensions: [{ * name: "ext11", * authority: "ext11.com", * service: calloutsBackend.selfLink, * timeout: "0.1s", * failOpen: false, * supportedEvents: ["REQUEST_HEADERS"], * forwardHeaders: ["custom-header"], * }], * }], * labels: { * foo: "bar", * }, * }); * // test instance * const vmTest = new gcp.compute.Instance("vm_test", { * name: "l7-ilb-test-vm", * zone: "us-west1-b", * machineType: "e2-small", * networkInterfaces: [{ * network: ilbNetwork.id, * subnetwork: ilbSubnet.id, * }], * bootDisk: { * initializeParams: { * image: "debian-cloud/debian-11", * }, * }, * }); * ``` * ```python * import pulumi * import pulumi_gcp as gcp * # Internal HTTP load balancer with a managed instance group backend * # VPC network * ilb_network = gcp.compute.Network("ilb_network", * name="l7-ilb-network", * auto_create_subnetworks=False) * # proxy-only subnet * proxy_subnet = gcp.compute.Subnetwork("proxy_subnet", * name="l7-ilb-proxy-subnet", * ip_cidr_range="10.0.0.0/24", * region="us-west1", * purpose="REGIONAL_MANAGED_PROXY", * role="ACTIVE", * network=ilb_network.id) * # backend subnet * ilb_subnet = gcp.compute.Subnetwork("ilb_subnet", * name="l7-ilb-subnet", * ip_cidr_range="10.0.1.0/24", * region="us-west1", * network=ilb_network.id) * # health check * default_region_health_check = gcp.compute.RegionHealthCheck("default", * name="l7-ilb-hc", * region="us-west1", * http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs( * port_specification="USE_SERVING_PORT", * )) * # instance template * instance_template = gcp.compute.InstanceTemplate("instance_template", * network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs( * access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()], * network=ilb_network.id, * subnetwork=ilb_subnet.id, * )], * name="l7-ilb-mig-template", * machine_type="e2-small", * tags=["http-server"], * disks=[gcp.compute.InstanceTemplateDiskArgs( * source_image="debian-cloud/debian-10", * auto_delete=True, * boot=True, * )], * metadata={ * "startup-script": """#! /bin/bash * set -euo pipefail * export DEBIAN_FRONTEND=noninteractive * apt-get update * apt-get install -y nginx-light jq * NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") * IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") * METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') * cat < /var/www/html/index.html *
 * Name: $NAME
 * IP: $IP
 * Metadata: $METADATA
 * 
* EOF * """, * }) * # MIG * mig = gcp.compute.RegionInstanceGroupManager("mig", * name="l7-ilb-mig1", * region="us-west1", * base_instance_name="vm", * target_size=2, * versions=[gcp.compute.RegionInstanceGroupManagerVersionArgs( * instance_template=instance_template.id, * name="primary", * )]) * # backend service * default_region_backend_service = gcp.compute.RegionBackendService("default", * name="l7-ilb-backend-subnet", * region="us-west1", * protocol="HTTP", * load_balancing_scheme="INTERNAL_MANAGED", * timeout_sec=10, * health_checks=default_region_health_check.id, * backends=[gcp.compute.RegionBackendServiceBackendArgs( * group=mig.instance_group, * balancing_mode="UTILIZATION", * capacity_scaler=1, * )]) * # URL map * default_region_url_map = gcp.compute.RegionUrlMap("default", * name="l7-ilb-regional-url-map", * region="us-west1", * default_service=default_region_backend_service.id) * # HTTP target proxy * default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default", * name="l7-ilb-target-http-proxy", * region="us-west1", * url_map=default_region_url_map.id) * # forwarding rule * default = gcp.compute.ForwardingRule("default", * name="l7-ilb-forwarding-rule", * region="us-west1", * ip_protocol="TCP", * load_balancing_scheme="INTERNAL_MANAGED", * port_range="80", * target=default_region_target_http_proxy.id, * network=ilb_network.id, * subnetwork=ilb_subnet.id, * network_tier="PREMIUM") * # allow all access from IAP and health check ranges * fw_iap = gcp.compute.Firewall("fw_iap", * name="l7-ilb-fw-allow-iap-hc", * direction="INGRESS", * network=ilb_network.id, * source_ranges=[ * "130.211.0.0/22", * "35.191.0.0/16", * "35.235.240.0/20", * ], * allows=[gcp.compute.FirewallAllowArgs( * protocol="tcp", * )]) * # allow http from proxy subnet to backends * fw_ilb_to_backends = gcp.compute.Firewall("fw_ilb_to_backends", * name="l7-ilb-fw-allow-ilb-to-backends", * direction="INGRESS", * network=ilb_network.id, * source_ranges=["10.0.0.0/24"], * target_tags=["http-server"], * allows=[gcp.compute.FirewallAllowArgs( * protocol="tcp", * ports=[ * "80", * "443", * "8080", * ], * )]) * # Traffic Extension Backend Instance * callouts_instance = gcp.compute.Instance("callouts_instance", * network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs( * access_configs=[gcp.compute.InstanceNetworkInterfaceAccessConfigArgs()], * network=ilb_network.id, * subnetwork=ilb_subnet.id, * )], * name="l7-ilb-callouts-ins", * zone="us-west1-a", * machine_type="e2-small", * labels={ * "container-vm": "cos-stable-109-17800-147-54", * }, * tags=[ * "allow-ssh", * "load-balanced-backend", * ], * boot_disk=gcp.compute.InstanceBootDiskArgs( * auto_delete=True, * initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs( * type="pd-standard", * size=10, * image="https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54", * ), * ), * metadata={ * "gce-container-declaration": """# DISCLAIMER: * # This container declaration format is not a public API and may change without * # notice. Please use gcloud command-line tool or Google Cloud Console to run * # Containers on Google Compute Engine. * spec: * containers: * - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest * name: callouts-vm * securityContext: * privileged: false * stdin: false * tty: false * volumeMounts: [] * restartPolicy: Always * volumes: [] * """, * "google-logging-enabled": "true", * }, * deletion_protection=False) * # callouts instance group * callouts_instance_group = gcp.compute.InstanceGroup("callouts_instance_group", * name="l7-ilb-callouts-ins-group", * description="Terraform test instance group", * zone="us-west1-a", * instances=[callouts_instance.id], * named_ports=[ * gcp.compute.InstanceGroupNamedPortArgs( * name="http", * port=80, * ), * gcp.compute.InstanceGroupNamedPortArgs( * name="grpc", * port=443, * ), * ]) * # callout health check * callouts_health_check = gcp.compute.RegionHealthCheck("callouts_health_check", * name="l7-ilb-callouts-hc", * region="us-west1", * http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs( * port=80, * )) * # callout backend service * callouts_backend = gcp.compute.RegionBackendService("callouts_backend", * name="l7-ilb-callouts-backend", * region="us-west1", * protocol="HTTP2", * load_balancing_scheme="INTERNAL_MANAGED", * timeout_sec=10, * port_name="grpc", * health_checks=callouts_health_check.id, * backends=[gcp.compute.RegionBackendServiceBackendArgs( * group=callouts_instance_group.id, * balancing_mode="UTILIZATION", * capacity_scaler=1, * )]) * default_lb_traffic_extension = gcp.networkservices.LbTrafficExtension("default", * name="l7-ilb-traffic-ext", * description="my traffic extension", * location="us-west1", * load_balancing_scheme="INTERNAL_MANAGED", * forwarding_rules=[default.self_link], * extension_chains=[gcp.networkservices.LbTrafficExtensionExtensionChainArgs( * name="chain1", * match_condition=gcp.networkservices.LbTrafficExtensionExtensionChainMatchConditionArgs( * cel_expression="request.host == 'example.com'", * ), * extensions=[gcp.networkservices.LbTrafficExtensionExtensionChainExtensionArgs( * name="ext11", * authority="ext11.com", * service=callouts_backend.self_link, * timeout="0.1s", * fail_open=False, * supported_events=["REQUEST_HEADERS"], * forward_headers=["custom-header"], * )], * )], * labels={ * "foo": "bar", * }) * # test instance * vm_test = gcp.compute.Instance("vm_test", * name="l7-ilb-test-vm", * zone="us-west1-b", * machine_type="e2-small", * network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs( * network=ilb_network.id, * subnetwork=ilb_subnet.id, * )], * boot_disk=gcp.compute.InstanceBootDiskArgs( * initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs( * image="debian-cloud/debian-11", * ), * )) * ``` * ```csharp * using System.Collections.Generic; * using System.Linq; * using Pulumi; * using Gcp = Pulumi.Gcp; * return await Deployment.RunAsync(() => * { * // Internal HTTP load balancer with a managed instance group backend * // VPC network * var ilbNetwork = new Gcp.Compute.Network("ilb_network", new() * { * Name = "l7-ilb-network", * AutoCreateSubnetworks = false, * }); * // proxy-only subnet * var proxySubnet = new Gcp.Compute.Subnetwork("proxy_subnet", new() * { * Name = "l7-ilb-proxy-subnet", * IpCidrRange = "10.0.0.0/24", * Region = "us-west1", * Purpose = "REGIONAL_MANAGED_PROXY", * Role = "ACTIVE", * Network = ilbNetwork.Id, * }); * // backend subnet * var ilbSubnet = new Gcp.Compute.Subnetwork("ilb_subnet", new() * { * Name = "l7-ilb-subnet", * IpCidrRange = "10.0.1.0/24", * Region = "us-west1", * Network = ilbNetwork.Id, * }); * // health check * var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new() * { * Name = "l7-ilb-hc", * Region = "us-west1", * HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs * { * PortSpecification = "USE_SERVING_PORT", * }, * }); * // instance template * var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new() * { * NetworkInterfaces = new[] * { * new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs * { * AccessConfigs = new[] * { * null, * }, * Network = ilbNetwork.Id, * Subnetwork = ilbSubnet.Id, * }, * }, * Name = "l7-ilb-mig-template", * MachineType = "e2-small", * Tags = new[] * { * "http-server", * }, * Disks = new[] * { * new Gcp.Compute.Inputs.InstanceTemplateDiskArgs * { * SourceImage = "debian-cloud/debian-10", * AutoDelete = true, * Boot = true, * }, * }, * Metadata = * { * { "startup-script", @"#! /bin/bash * set -euo pipefail * export DEBIAN_FRONTEND=noninteractive * apt-get update * apt-get install -y nginx-light jq * NAME=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/hostname"") * IP=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip"") * METADATA=$(curl -f -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True"" | jq 'del(.[""startup-script""])') * cat < /var/www/html/index.html *
 * Name: $NAME
 * IP: $IP
 * Metadata: $METADATA
 * 
* EOF * " }, * }, * }); * // MIG * var mig = new Gcp.Compute.RegionInstanceGroupManager("mig", new() * { * Name = "l7-ilb-mig1", * Region = "us-west1", * BaseInstanceName = "vm", * TargetSize = 2, * Versions = new[] * { * new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs * { * InstanceTemplate = instanceTemplate.Id, * Name = "primary", * }, * }, * }); * // backend service * var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new() * { * Name = "l7-ilb-backend-subnet", * Region = "us-west1", * Protocol = "HTTP", * LoadBalancingScheme = "INTERNAL_MANAGED", * TimeoutSec = 10, * HealthChecks = defaultRegionHealthCheck.Id, * Backends = new[] * { * new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs * { * Group = mig.InstanceGroup, * BalancingMode = "UTILIZATION", * CapacityScaler = 1, * }, * }, * }); * // URL map * var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new() * { * Name = "l7-ilb-regional-url-map", * Region = "us-west1", * DefaultService = defaultRegionBackendService.Id, * }); * // HTTP target proxy * var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new() * { * Name = "l7-ilb-target-http-proxy", * Region = "us-west1", * UrlMap = defaultRegionUrlMap.Id, * }); * // forwarding rule * var @default = new Gcp.Compute.ForwardingRule("default", new() * { * Name = "l7-ilb-forwarding-rule", * Region = "us-west1", * IpProtocol = "TCP", * LoadBalancingScheme = "INTERNAL_MANAGED", * PortRange = "80", * Target = defaultRegionTargetHttpProxy.Id, * Network = ilbNetwork.Id, * Subnetwork = ilbSubnet.Id, * NetworkTier = "PREMIUM", * }); * // allow all access from IAP and health check ranges * var fwIap = new Gcp.Compute.Firewall("fw_iap", new() * { * Name = "l7-ilb-fw-allow-iap-hc", * Direction = "INGRESS", * Network = ilbNetwork.Id, * SourceRanges = new[] * { * "130.211.0.0/22", * "35.191.0.0/16", * "35.235.240.0/20", * }, * Allows = new[] * { * new Gcp.Compute.Inputs.FirewallAllowArgs * { * Protocol = "tcp", * }, * }, * }); * // allow http from proxy subnet to backends * var fwIlbToBackends = new Gcp.Compute.Firewall("fw_ilb_to_backends", new() * { * Name = "l7-ilb-fw-allow-ilb-to-backends", * Direction = "INGRESS", * Network = ilbNetwork.Id, * SourceRanges = new[] * { * "10.0.0.0/24", * }, * TargetTags = new[] * { * "http-server", * }, * Allows = new[] * { * new Gcp.Compute.Inputs.FirewallAllowArgs * { * Protocol = "tcp", * Ports = new[] * { * "80", * "443", * "8080", * }, * }, * }, * }); * // Traffic Extension Backend Instance * var calloutsInstance = new Gcp.Compute.Instance("callouts_instance", new() * { * NetworkInterfaces = new[] * { * new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs * { * AccessConfigs = new[] * { * null, * }, * Network = ilbNetwork.Id, * Subnetwork = ilbSubnet.Id, * }, * }, * Name = "l7-ilb-callouts-ins", * Zone = "us-west1-a", * MachineType = "e2-small", * Labels = * { * { "container-vm", "cos-stable-109-17800-147-54" }, * }, * Tags = new[] * { * "allow-ssh", * "load-balanced-backend", * }, * BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs * { * AutoDelete = true, * InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs * { * Type = "pd-standard", * Size = 10, * Image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54", * }, * }, * Metadata = * { * { "gce-container-declaration", @"# DISCLAIMER: * # This container declaration format is not a public API and may change without * # notice. Please use gcloud command-line tool or Google Cloud Console to run * # Containers on Google Compute Engine. * spec: * containers: * - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest * name: callouts-vm * securityContext: * privileged: false * stdin: false * tty: false * volumeMounts: [] * restartPolicy: Always * volumes: [] * " }, * { "google-logging-enabled", "true" }, * }, * DeletionProtection = false, * }); * // callouts instance group * var calloutsInstanceGroup = new Gcp.Compute.InstanceGroup("callouts_instance_group", new() * { * Name = "l7-ilb-callouts-ins-group", * Description = "Terraform test instance group", * Zone = "us-west1-a", * Instances = new[] * { * calloutsInstance.Id, * }, * NamedPorts = new[] * { * new Gcp.Compute.Inputs.InstanceGroupNamedPortArgs * { * Name = "http", * Port = 80, * }, * new Gcp.Compute.Inputs.InstanceGroupNamedPortArgs * { * Name = "grpc", * Port = 443, * }, * }, * }); * // callout health check * var calloutsHealthCheck = new Gcp.Compute.RegionHealthCheck("callouts_health_check", new() * { * Name = "l7-ilb-callouts-hc", * Region = "us-west1", * HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs * { * Port = 80, * }, * }); * // callout backend service * var calloutsBackend = new Gcp.Compute.RegionBackendService("callouts_backend", new() * { * Name = "l7-ilb-callouts-backend", * Region = "us-west1", * Protocol = "HTTP2", * LoadBalancingScheme = "INTERNAL_MANAGED", * TimeoutSec = 10, * PortName = "grpc", * HealthChecks = calloutsHealthCheck.Id, * Backends = new[] * { * new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs * { * Group = calloutsInstanceGroup.Id, * BalancingMode = "UTILIZATION", * CapacityScaler = 1, * }, * }, * }); * var defaultLbTrafficExtension = new Gcp.NetworkServices.LbTrafficExtension("default", new() * { * Name = "l7-ilb-traffic-ext", * Description = "my traffic extension", * Location = "us-west1", * LoadBalancingScheme = "INTERNAL_MANAGED", * ForwardingRules = new[] * { * @default.SelfLink, * }, * ExtensionChains = new[] * { * new Gcp.NetworkServices.Inputs.LbTrafficExtensionExtensionChainArgs * { * Name = "chain1", * MatchCondition = new Gcp.NetworkServices.Inputs.LbTrafficExtensionExtensionChainMatchConditionArgs * { * CelExpression = "request.host == 'example.com'", * }, * Extensions = new[] * { * new Gcp.NetworkServices.Inputs.LbTrafficExtensionExtensionChainExtensionArgs * { * Name = "ext11", * Authority = "ext11.com", * Service = calloutsBackend.SelfLink, * Timeout = "0.1s", * FailOpen = false, * SupportedEvents = new[] * { * "REQUEST_HEADERS", * }, * ForwardHeaders = new[] * { * "custom-header", * }, * }, * }, * }, * }, * Labels = * { * { "foo", "bar" }, * }, * }); * // test instance * var vmTest = new Gcp.Compute.Instance("vm_test", new() * { * Name = "l7-ilb-test-vm", * Zone = "us-west1-b", * MachineType = "e2-small", * NetworkInterfaces = new[] * { * new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs * { * Network = ilbNetwork.Id, * Subnetwork = ilbSubnet.Id, * }, * }, * BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs * { * InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs * { * Image = "debian-cloud/debian-11", * }, * }, * }); * }); * ``` * ```go * package main * import ( * "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" * "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networkservices" * "github.com/pulumi/pulumi/sdk/v3/go/pulumi" * ) * func main() { * pulumi.Run(func(ctx *pulumi.Context) error { * // Internal HTTP load balancer with a managed instance group backend * // VPC network * ilbNetwork, err := compute.NewNetwork(ctx, "ilb_network", &compute.NetworkArgs{ * Name: pulumi.String("l7-ilb-network"), * AutoCreateSubnetworks: pulumi.Bool(false), * }) * if err != nil { * return err * } * // proxy-only subnet * _, err = compute.NewSubnetwork(ctx, "proxy_subnet", &compute.SubnetworkArgs{ * Name: pulumi.String("l7-ilb-proxy-subnet"), * IpCidrRange: pulumi.String("10.0.0.0/24"), * Region: pulumi.String("us-west1"), * Purpose: pulumi.String("REGIONAL_MANAGED_PROXY"), * Role: pulumi.String("ACTIVE"), * Network: ilbNetwork.ID(), * }) * if err != nil { * return err * } * // backend subnet * ilbSubnet, err := compute.NewSubnetwork(ctx, "ilb_subnet", &compute.SubnetworkArgs{ * Name: pulumi.String("l7-ilb-subnet"), * IpCidrRange: pulumi.String("10.0.1.0/24"), * Region: pulumi.String("us-west1"), * Network: ilbNetwork.ID(), * }) * if err != nil { * return err * } * // health check * defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{ * Name: pulumi.String("l7-ilb-hc"), * Region: pulumi.String("us-west1"), * HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{ * PortSpecification: pulumi.String("USE_SERVING_PORT"), * }, * }) * if err != nil { * return err * } * // instance template * instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{ * NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{ * &compute.InstanceTemplateNetworkInterfaceArgs{ * AccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{ * nil, * }, * Network: ilbNetwork.ID(), * Subnetwork: ilbSubnet.ID(), * }, * }, * Name: pulumi.String("l7-ilb-mig-template"), * MachineType: pulumi.String("e2-small"), * Tags: pulumi.StringArray{ * pulumi.String("http-server"), * }, * Disks: compute.InstanceTemplateDiskArray{ * &compute.InstanceTemplateDiskArgs{ * SourceImage: pulumi.String("debian-cloud/debian-10"), * AutoDelete: pulumi.Bool(true), * Boot: pulumi.Bool(true), * }, * }, * Metadata: pulumi.Map{ * "startup-script": pulumi.Any(`#! /bin/bash * set -euo pipefail * export DEBIAN_FRONTEND=noninteractive * apt-get update * apt-get install -y nginx-light jq * NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") * IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") * METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') * cat < /var/www/html/index.html *
 * Name: $NAME
 * IP: $IP
 * Metadata: $METADATA
 * 
* EOF * `), * }, * }) * if err != nil { * return err * } * // MIG * mig, err := compute.NewRegionInstanceGroupManager(ctx, "mig", &compute.RegionInstanceGroupManagerArgs{ * Name: pulumi.String("l7-ilb-mig1"), * Region: pulumi.String("us-west1"), * BaseInstanceName: pulumi.String("vm"), * TargetSize: pulumi.Int(2), * Versions: compute.RegionInstanceGroupManagerVersionArray{ * &compute.RegionInstanceGroupManagerVersionArgs{ * InstanceTemplate: instanceTemplate.ID(), * Name: pulumi.String("primary"), * }, * }, * }) * if err != nil { * return err * } * // backend service * defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{ * Name: pulumi.String("l7-ilb-backend-subnet"), * Region: pulumi.String("us-west1"), * Protocol: pulumi.String("HTTP"), * LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"), * TimeoutSec: pulumi.Int(10), * HealthChecks: defaultRegionHealthCheck.ID(), * Backends: compute.RegionBackendServiceBackendArray{ * &compute.RegionBackendServiceBackendArgs{ * Group: mig.InstanceGroup, * BalancingMode: pulumi.String("UTILIZATION"), * CapacityScaler: pulumi.Float64(1), * }, * }, * }) * if err != nil { * return err * } * // URL map * defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{ * Name: pulumi.String("l7-ilb-regional-url-map"), * Region: pulumi.String("us-west1"), * DefaultService: defaultRegionBackendService.ID(), * }) * if err != nil { * return err * } * // HTTP target proxy * defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{ * Name: pulumi.String("l7-ilb-target-http-proxy"), * Region: pulumi.String("us-west1"), * UrlMap: defaultRegionUrlMap.ID(), * }) * if err != nil { * return err * } * // forwarding rule * _, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{ * Name: pulumi.String("l7-ilb-forwarding-rule"), * Region: pulumi.String("us-west1"), * IpProtocol: pulumi.String("TCP"), * LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"), * PortRange: pulumi.String("80"), * Target: defaultRegionTargetHttpProxy.ID(), * Network: ilbNetwork.ID(), * Subnetwork: ilbSubnet.ID(), * NetworkTier: pulumi.String("PREMIUM"), * }) * if err != nil { * return err * } * // allow all access from IAP and health check ranges * _, err = compute.NewFirewall(ctx, "fw_iap", &compute.FirewallArgs{ * Name: pulumi.String("l7-ilb-fw-allow-iap-hc"), * Direction: pulumi.String("INGRESS"), * Network: ilbNetwork.ID(), * SourceRanges: pulumi.StringArray{ * pulumi.String("130.211.0.0/22"), * pulumi.String("35.191.0.0/16"), * pulumi.String("35.235.240.0/20"), * }, * Allows: compute.FirewallAllowArray{ * &compute.FirewallAllowArgs{ * Protocol: pulumi.String("tcp"), * }, * }, * }) * if err != nil { * return err * } * // allow http from proxy subnet to backends * _, err = compute.NewFirewall(ctx, "fw_ilb_to_backends", &compute.FirewallArgs{ * Name: pulumi.String("l7-ilb-fw-allow-ilb-to-backends"), * Direction: pulumi.String("INGRESS"), * Network: ilbNetwork.ID(), * SourceRanges: pulumi.StringArray{ * pulumi.String("10.0.0.0/24"), * }, * TargetTags: pulumi.StringArray{ * pulumi.String("http-server"), * }, * Allows: compute.FirewallAllowArray{ * &compute.FirewallAllowArgs{ * Protocol: pulumi.String("tcp"), * Ports: pulumi.StringArray{ * pulumi.String("80"), * pulumi.String("443"), * pulumi.String("8080"), * }, * }, * }, * }) * if err != nil { * return err * } * // Traffic Extension Backend Instance * calloutsInstance, err := compute.NewInstance(ctx, "callouts_instance", &compute.InstanceArgs{ * NetworkInterfaces: compute.InstanceNetworkInterfaceArray{ * &compute.InstanceNetworkInterfaceArgs{ * AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{ * nil, * }, * Network: ilbNetwork.ID(), * Subnetwork: ilbSubnet.ID(), * }, * }, * Name: pulumi.String("l7-ilb-callouts-ins"), * Zone: pulumi.String("us-west1-a"), * MachineType: pulumi.String("e2-small"), * Labels: pulumi.StringMap{ * "container-vm": pulumi.String("cos-stable-109-17800-147-54"), * }, * Tags: pulumi.StringArray{ * pulumi.String("allow-ssh"), * pulumi.String("load-balanced-backend"), * }, * BootDisk: &compute.InstanceBootDiskArgs{ * AutoDelete: pulumi.Bool(true), * InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{ * Type: pulumi.String("pd-standard"), * Size: pulumi.Int(10), * Image: pulumi.String("https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54"), * }, * }, * Metadata: pulumi.StringMap{ * "gce-container-declaration": pulumi.String(`# DISCLAIMER: * # This container declaration format is not a public API and may change without * # notice. Please use gcloud command-line tool or Google Cloud Console to run * # Containers on Google Compute Engine. * spec: * containers: * - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest * name: callouts-vm * securityContext: * privileged: false * stdin: false * tty: false * volumeMounts: [] * restartPolicy: Always * volumes: [] * `), * "google-logging-enabled": pulumi.String("true"), * }, * DeletionProtection: pulumi.Bool(false), * }) * if err != nil { * return err * } * // callouts instance group * calloutsInstanceGroup, err := compute.NewInstanceGroup(ctx, "callouts_instance_group", &compute.InstanceGroupArgs{ * Name: pulumi.String("l7-ilb-callouts-ins-group"), * Description: pulumi.String("Terraform test instance group"), * Zone: pulumi.String("us-west1-a"), * Instances: pulumi.StringArray{ * calloutsInstance.ID(), * }, * NamedPorts: compute.InstanceGroupNamedPortTypeArray{ * &compute.InstanceGroupNamedPortTypeArgs{ * Name: pulumi.String("http"), * Port: pulumi.Int(80), * }, * &compute.InstanceGroupNamedPortTypeArgs{ * Name: pulumi.String("grpc"), * Port: pulumi.Int(443), * }, * }, * }) * if err != nil { * return err * } * // callout health check * calloutsHealthCheck, err := compute.NewRegionHealthCheck(ctx, "callouts_health_check", &compute.RegionHealthCheckArgs{ * Name: pulumi.String("l7-ilb-callouts-hc"), * Region: pulumi.String("us-west1"), * HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{ * Port: pulumi.Int(80), * }, * }) * if err != nil { * return err * } * // callout backend service * calloutsBackend, err := compute.NewRegionBackendService(ctx, "callouts_backend", &compute.RegionBackendServiceArgs{ * Name: pulumi.String("l7-ilb-callouts-backend"), * Region: pulumi.String("us-west1"), * Protocol: pulumi.String("HTTP2"), * LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"), * TimeoutSec: pulumi.Int(10), * PortName: pulumi.String("grpc"), * HealthChecks: calloutsHealthCheck.ID(), * Backends: compute.RegionBackendServiceBackendArray{ * &compute.RegionBackendServiceBackendArgs{ * Group: calloutsInstanceGroup.ID(), * BalancingMode: pulumi.String("UTILIZATION"), * CapacityScaler: pulumi.Float64(1), * }, * }, * }) * if err != nil { * return err * } * _, err = networkservices.NewLbTrafficExtension(ctx, "default", &networkservices.LbTrafficExtensionArgs{ * Name: pulumi.String("l7-ilb-traffic-ext"), * Description: pulumi.String("my traffic extension"), * Location: pulumi.String("us-west1"), * LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"), * ForwardingRules: pulumi.StringArray{ * _default.SelfLink, * }, * ExtensionChains: networkservices.LbTrafficExtensionExtensionChainArray{ * &networkservices.LbTrafficExtensionExtensionChainArgs{ * Name: pulumi.String("chain1"), * MatchCondition: &networkservices.LbTrafficExtensionExtensionChainMatchConditionArgs{ * CelExpression: pulumi.String("request.host == 'example.com'"), * }, * Extensions: networkservices.LbTrafficExtensionExtensionChainExtensionArray{ * &networkservices.LbTrafficExtensionExtensionChainExtensionArgs{ * Name: pulumi.String("ext11"), * Authority: pulumi.String("ext11.com"), * Service: calloutsBackend.SelfLink, * Timeout: pulumi.String("0.1s"), * FailOpen: pulumi.Bool(false), * SupportedEvents: pulumi.StringArray{ * pulumi.String("REQUEST_HEADERS"), * }, * ForwardHeaders: pulumi.StringArray{ * pulumi.String("custom-header"), * }, * }, * }, * }, * }, * Labels: pulumi.StringMap{ * "foo": pulumi.String("bar"), * }, * }) * if err != nil { * return err * } * // test instance * _, err = compute.NewInstance(ctx, "vm_test", &compute.InstanceArgs{ * Name: pulumi.String("l7-ilb-test-vm"), * Zone: pulumi.String("us-west1-b"), * MachineType: pulumi.String("e2-small"), * NetworkInterfaces: compute.InstanceNetworkInterfaceArray{ * &compute.InstanceNetworkInterfaceArgs{ * Network: ilbNetwork.ID(), * Subnetwork: ilbSubnet.ID(), * }, * }, * BootDisk: &compute.InstanceBootDiskArgs{ * InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{ * Image: pulumi.String("debian-cloud/debian-11"), * }, * }, * }) * if err != nil { * return err * } * return nil * }) * } * ``` * ```java * package generated_program; * import com.pulumi.Context; * import com.pulumi.Pulumi; * import com.pulumi.core.Output; * import com.pulumi.gcp.compute.Network; * import com.pulumi.gcp.compute.NetworkArgs; * import com.pulumi.gcp.compute.Subnetwork; * import com.pulumi.gcp.compute.SubnetworkArgs; * import com.pulumi.gcp.compute.RegionHealthCheck; * import com.pulumi.gcp.compute.RegionHealthCheckArgs; * import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs; * import com.pulumi.gcp.compute.InstanceTemplate; * import com.pulumi.gcp.compute.InstanceTemplateArgs; * import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs; * import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs; * import com.pulumi.gcp.compute.RegionInstanceGroupManager; * import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs; * import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs; * import com.pulumi.gcp.compute.RegionBackendService; * import com.pulumi.gcp.compute.RegionBackendServiceArgs; * import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs; * import com.pulumi.gcp.compute.RegionUrlMap; * import com.pulumi.gcp.compute.RegionUrlMapArgs; * import com.pulumi.gcp.compute.RegionTargetHttpProxy; * import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs; * import com.pulumi.gcp.compute.ForwardingRule; * import com.pulumi.gcp.compute.ForwardingRuleArgs; * import com.pulumi.gcp.compute.Firewall; * import com.pulumi.gcp.compute.FirewallArgs; * import com.pulumi.gcp.compute.inputs.FirewallAllowArgs; * import com.pulumi.gcp.compute.Instance; * import com.pulumi.gcp.compute.InstanceArgs; * import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs; * import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs; * import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs; * import com.pulumi.gcp.compute.InstanceGroup; * import com.pulumi.gcp.compute.InstanceGroupArgs; * import com.pulumi.gcp.compute.inputs.InstanceGroupNamedPortArgs; * import com.pulumi.gcp.networkservices.LbTrafficExtension; * import com.pulumi.gcp.networkservices.LbTrafficExtensionArgs; * import com.pulumi.gcp.networkservices.inputs.LbTrafficExtensionExtensionChainArgs; * import com.pulumi.gcp.networkservices.inputs.LbTrafficExtensionExtensionChainMatchConditionArgs; * import java.util.List; * import java.util.ArrayList; * import java.util.Map; * import java.io.File; * import java.nio.file.Files; * import java.nio.file.Paths; * public class App { * public static void main(String[] args) { * Pulumi.run(App::stack); * } * public static void stack(Context ctx) { * // Internal HTTP load balancer with a managed instance group backend * // VPC network * var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder() * .name("l7-ilb-network") * .autoCreateSubnetworks(false) * .build()); * // proxy-only subnet * var proxySubnet = new Subnetwork("proxySubnet", SubnetworkArgs.builder() * .name("l7-ilb-proxy-subnet") * .ipCidrRange("10.0.0.0/24") * .region("us-west1") * .purpose("REGIONAL_MANAGED_PROXY") * .role("ACTIVE") * .network(ilbNetwork.id()) * .build()); * // backend subnet * var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder() * .name("l7-ilb-subnet") * .ipCidrRange("10.0.1.0/24") * .region("us-west1") * .network(ilbNetwork.id()) * .build()); * // health check * var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder() * .name("l7-ilb-hc") * .region("us-west1") * .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder() * .portSpecification("USE_SERVING_PORT") * .build()) * .build()); * // instance template * var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder() * .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder() * .accessConfigs() * .network(ilbNetwork.id()) * .subnetwork(ilbSubnet.id()) * .build()) * .name("l7-ilb-mig-template") * .machineType("e2-small") * .tags("http-server") * .disks(InstanceTemplateDiskArgs.builder() * .sourceImage("debian-cloud/debian-10") * .autoDelete(true) * .boot(true) * .build()) * .metadata(Map.of("startup-script", """ * #! /bin/bash * set -euo pipefail * export DEBIAN_FRONTEND=noninteractive * apt-get update * apt-get install -y nginx-light jq * NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") * IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") * METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') * cat < /var/www/html/index.html *
 * Name: $NAME
 * IP: $IP
 * Metadata: $METADATA
 * 
* EOF * """)) * .build()); * // MIG * var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder() * .name("l7-ilb-mig1") * .region("us-west1") * .baseInstanceName("vm") * .targetSize(2) * .versions(RegionInstanceGroupManagerVersionArgs.builder() * .instanceTemplate(instanceTemplate.id()) * .name("primary") * .build()) * .build()); * // backend service * var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder() * .name("l7-ilb-backend-subnet") * .region("us-west1") * .protocol("HTTP") * .loadBalancingScheme("INTERNAL_MANAGED") * .timeoutSec(10) * .healthChecks(defaultRegionHealthCheck.id()) * .backends(RegionBackendServiceBackendArgs.builder() * .group(mig.instanceGroup()) * .balancingMode("UTILIZATION") * .capacityScaler(1) * .build()) * .build()); * // URL map * var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder() * .name("l7-ilb-regional-url-map") * .region("us-west1") * .defaultService(defaultRegionBackendService.id()) * .build()); * // HTTP target proxy * var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder() * .name("l7-ilb-target-http-proxy") * .region("us-west1") * .urlMap(defaultRegionUrlMap.id()) * .build()); * // forwarding rule * var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder() * .name("l7-ilb-forwarding-rule") * .region("us-west1") * .ipProtocol("TCP") * .loadBalancingScheme("INTERNAL_MANAGED") * .portRange("80") * .target(defaultRegionTargetHttpProxy.id()) * .network(ilbNetwork.id()) * .subnetwork(ilbSubnet.id()) * .networkTier("PREMIUM") * .build()); * // allow all access from IAP and health check ranges * var fwIap = new Firewall("fwIap", FirewallArgs.builder() * .name("l7-ilb-fw-allow-iap-hc") * .direction("INGRESS") * .network(ilbNetwork.id()) * .sourceRanges( * "130.211.0.0/22", * "35.191.0.0/16", * "35.235.240.0/20") * .allows(FirewallAllowArgs.builder() * .protocol("tcp") * .build()) * .build()); * // allow http from proxy subnet to backends * var fwIlbToBackends = new Firewall("fwIlbToBackends", FirewallArgs.builder() * .name("l7-ilb-fw-allow-ilb-to-backends") * .direction("INGRESS") * .network(ilbNetwork.id()) * .sourceRanges("10.0.0.0/24") * .targetTags("http-server") * .allows(FirewallAllowArgs.builder() * .protocol("tcp") * .ports( * "80", * "443", * "8080") * .build()) * .build()); * // Traffic Extension Backend Instance * var calloutsInstance = new Instance("calloutsInstance", InstanceArgs.builder() * .networkInterfaces(InstanceNetworkInterfaceArgs.builder() * .accessConfigs() * .network(ilbNetwork.id()) * .subnetwork(ilbSubnet.id()) * .build()) * .name("l7-ilb-callouts-ins") * .zone("us-west1-a") * .machineType("e2-small") * .labels(Map.of("container-vm", "cos-stable-109-17800-147-54")) * .tags( * "allow-ssh", * "load-balanced-backend") * .bootDisk(InstanceBootDiskArgs.builder() * .autoDelete(true) * .initializeParams(InstanceBootDiskInitializeParamsArgs.builder() * .type("pd-standard") * .size(10) * .image("https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54") * .build()) * .build()) * .metadata(Map.ofEntries( * Map.entry("gce-container-declaration", """ * # DISCLAIMER: * # This container declaration format is not a public API and may change without * # notice. Please use gcloud command-line tool or Google Cloud Console to run * # Containers on Google Compute Engine. * spec: * containers: * - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest * name: callouts-vm * securityContext: * privileged: false * stdin: false * tty: false * volumeMounts: [] * restartPolicy: Always * volumes: [] * """), * Map.entry("google-logging-enabled", "true") * )) * .deletionProtection(false) * .build()); * // callouts instance group * var calloutsInstanceGroup = new InstanceGroup("calloutsInstanceGroup", InstanceGroupArgs.builder() * .name("l7-ilb-callouts-ins-group") * .description("Terraform test instance group") * .zone("us-west1-a") * .instances(calloutsInstance.id()) * .namedPorts( * InstanceGroupNamedPortArgs.builder() * .name("http") * .port("80") * .build(), * InstanceGroupNamedPortArgs.builder() * .name("grpc") * .port("443") * .build()) * .build()); * // callout health check * var calloutsHealthCheck = new RegionHealthCheck("calloutsHealthCheck", RegionHealthCheckArgs.builder() * .name("l7-ilb-callouts-hc") * .region("us-west1") * .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder() * .port(80) * .build()) * .build()); * // callout backend service * var calloutsBackend = new RegionBackendService("calloutsBackend", RegionBackendServiceArgs.builder() * .name("l7-ilb-callouts-backend") * .region("us-west1") * .protocol("HTTP2") * .loadBalancingScheme("INTERNAL_MANAGED") * .timeoutSec(10) * .portName("grpc") * .healthChecks(calloutsHealthCheck.id()) * .backends(RegionBackendServiceBackendArgs.builder() * .group(calloutsInstanceGroup.id()) * .balancingMode("UTILIZATION") * .capacityScaler(1) * .build()) * .build()); * var defaultLbTrafficExtension = new LbTrafficExtension("defaultLbTrafficExtension", LbTrafficExtensionArgs.builder() * .name("l7-ilb-traffic-ext") * .description("my traffic extension") * .location("us-west1") * .loadBalancingScheme("INTERNAL_MANAGED") * .forwardingRules(default_.selfLink()) * .extensionChains(LbTrafficExtensionExtensionChainArgs.builder() * .name("chain1") * .matchCondition(LbTrafficExtensionExtensionChainMatchConditionArgs.builder() * .celExpression("request.host == 'example.com'") * .build()) * .extensions(LbTrafficExtensionExtensionChainExtensionArgs.builder() * .name("ext11") * .authority("ext11.com") * .service(calloutsBackend.selfLink()) * .timeout("0.1s") * .failOpen(false) * .supportedEvents("REQUEST_HEADERS") * .forwardHeaders("custom-header") * .build()) * .build()) * .labels(Map.of("foo", "bar")) * .build()); * // test instance * var vmTest = new Instance("vmTest", InstanceArgs.builder() * .name("l7-ilb-test-vm") * .zone("us-west1-b") * .machineType("e2-small") * .networkInterfaces(InstanceNetworkInterfaceArgs.builder() * .network(ilbNetwork.id()) * .subnetwork(ilbSubnet.id()) * .build()) * .bootDisk(InstanceBootDiskArgs.builder() * .initializeParams(InstanceBootDiskInitializeParamsArgs.builder() * .image("debian-cloud/debian-11") * .build()) * .build()) * .build()); * } * } * ``` * ```yaml * resources: * # Internal HTTP load balancer with a managed instance group backend * # VPC network * ilbNetwork: * type: gcp:compute:Network * name: ilb_network * properties: * name: l7-ilb-network * autoCreateSubnetworks: false * # proxy-only subnet * proxySubnet: * type: gcp:compute:Subnetwork * name: proxy_subnet * properties: * name: l7-ilb-proxy-subnet * ipCidrRange: 10.0.0.0/24 * region: us-west1 * purpose: REGIONAL_MANAGED_PROXY * role: ACTIVE * network: ${ilbNetwork.id} * # backend subnet * ilbSubnet: * type: gcp:compute:Subnetwork * name: ilb_subnet * properties: * name: l7-ilb-subnet * ipCidrRange: 10.0.1.0/24 * region: us-west1 * network: ${ilbNetwork.id} * # forwarding rule * default: * type: gcp:compute:ForwardingRule * properties: * name: l7-ilb-forwarding-rule * region: us-west1 * ipProtocol: TCP * loadBalancingScheme: INTERNAL_MANAGED * portRange: '80' * target: ${defaultRegionTargetHttpProxy.id} * network: ${ilbNetwork.id} * subnetwork: ${ilbSubnet.id} * networkTier: PREMIUM * # HTTP target proxy * defaultRegionTargetHttpProxy: * type: gcp:compute:RegionTargetHttpProxy * name: default * properties: * name: l7-ilb-target-http-proxy * region: us-west1 * urlMap: ${defaultRegionUrlMap.id} * # URL map * defaultRegionUrlMap: * type: gcp:compute:RegionUrlMap * name: default * properties: * name: l7-ilb-regional-url-map * region: us-west1 * defaultService: ${defaultRegionBackendService.id} * # backend service * defaultRegionBackendService: * type: gcp:compute:RegionBackendService * name: default * properties: * name: l7-ilb-backend-subnet * region: us-west1 * protocol: HTTP * loadBalancingScheme: INTERNAL_MANAGED * timeoutSec: 10 * healthChecks: ${defaultRegionHealthCheck.id} * backends: * - group: ${mig.instanceGroup} * balancingMode: UTILIZATION * capacityScaler: 1 * # instance template * instanceTemplate: * type: gcp:compute:InstanceTemplate * name: instance_template * properties: * networkInterfaces: * - accessConfigs: * - {} * network: ${ilbNetwork.id} * subnetwork: ${ilbSubnet.id} * name: l7-ilb-mig-template * machineType: e2-small * tags: * - http-server * disks: * - sourceImage: debian-cloud/debian-10 * autoDelete: true * boot: true * metadata: * startup-script: | * #! /bin/bash * set -euo pipefail * export DEBIAN_FRONTEND=noninteractive * apt-get update * apt-get install -y nginx-light jq * NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") * IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") * METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') * cat < /var/www/html/index.html *
 *           Name: $NAME
 *           IP: $IP
 *           Metadata: $METADATA
 *           
* EOF * # health check * defaultRegionHealthCheck: * type: gcp:compute:RegionHealthCheck * name: default * properties: * name: l7-ilb-hc * region: us-west1 * httpHealthCheck: * portSpecification: USE_SERVING_PORT * # MIG * mig: * type: gcp:compute:RegionInstanceGroupManager * properties: * name: l7-ilb-mig1 * region: us-west1 * baseInstanceName: vm * targetSize: 2 * versions: * - instanceTemplate: ${instanceTemplate.id} * name: primary * # allow all access from IAP and health check ranges * fwIap: * type: gcp:compute:Firewall * name: fw_iap * properties: * name: l7-ilb-fw-allow-iap-hc * direction: INGRESS * network: ${ilbNetwork.id} * sourceRanges: * - 130.211.0.0/22 * - 35.191.0.0/16 * - 35.235.240.0/20 * allows: * - protocol: tcp * # allow http from proxy subnet to backends * fwIlbToBackends: * type: gcp:compute:Firewall * name: fw_ilb_to_backends * properties: * name: l7-ilb-fw-allow-ilb-to-backends * direction: INGRESS * network: ${ilbNetwork.id} * sourceRanges: * - 10.0.0.0/24 * targetTags: * - http-server * allows: * - protocol: tcp * ports: * - '80' * - '443' * - '8080' * defaultLbTrafficExtension: * type: gcp:networkservices:LbTrafficExtension * name: default * properties: * name: l7-ilb-traffic-ext * description: my traffic extension * location: us-west1 * loadBalancingScheme: INTERNAL_MANAGED * forwardingRules: * - ${default.selfLink} * extensionChains: * - name: chain1 * matchCondition: * celExpression: request.host == 'example.com' * extensions: * - name: ext11 * authority: ext11.com * service: ${calloutsBackend.selfLink} * timeout: 0.1s * failOpen: false * supportedEvents: * - REQUEST_HEADERS * forwardHeaders: * - custom-header * labels: * foo: bar * # test instance * vmTest: * type: gcp:compute:Instance * name: vm_test * properties: * name: l7-ilb-test-vm * zone: us-west1-b * machineType: e2-small * networkInterfaces: * - network: ${ilbNetwork.id} * subnetwork: ${ilbSubnet.id} * bootDisk: * initializeParams: * image: debian-cloud/debian-11 * # Traffic Extension Backend Instance * calloutsInstance: * type: gcp:compute:Instance * name: callouts_instance * properties: * networkInterfaces: * - accessConfigs: * - {} * network: ${ilbNetwork.id} * subnetwork: ${ilbSubnet.id} * name: l7-ilb-callouts-ins * zone: us-west1-a * machineType: e2-small * labels: * container-vm: cos-stable-109-17800-147-54 * tags: * - allow-ssh * - load-balanced-backend * bootDisk: * autoDelete: true * initializeParams: * type: pd-standard * size: 10 * image: https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54 * metadata: * gce-container-declaration: | * # DISCLAIMER: * # This container declaration format is not a public API and may change without * # notice. Please use gcloud command-line tool or Google Cloud Console to run * # Containers on Google Compute Engine. * spec: * containers: * - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest * name: callouts-vm * securityContext: * privileged: false * stdin: false * tty: false * volumeMounts: [] * restartPolicy: Always * volumes: [] * google-logging-enabled: 'true' * deletionProtection: false * # callouts instance group * calloutsInstanceGroup: * type: gcp:compute:InstanceGroup * name: callouts_instance_group * properties: * name: l7-ilb-callouts-ins-group * description: Terraform test instance group * zone: us-west1-a * instances: * - ${calloutsInstance.id} * namedPorts: * - name: http * port: '80' * - name: grpc * port: '443' * # callout health check * calloutsHealthCheck: * type: gcp:compute:RegionHealthCheck * name: callouts_health_check * properties: * name: l7-ilb-callouts-hc * region: us-west1 * httpHealthCheck: * port: 80 * # callout backend service * calloutsBackend: * type: gcp:compute:RegionBackendService * name: callouts_backend * properties: * name: l7-ilb-callouts-backend * region: us-west1 * protocol: HTTP2 * loadBalancingScheme: INTERNAL_MANAGED * timeoutSec: 10 * portName: grpc * healthChecks: ${calloutsHealthCheck.id} * backends: * - group: ${calloutsInstanceGroup.id} * balancingMode: UTILIZATION * capacityScaler: 1 * ``` * * ## Import * LbTrafficExtension can be imported using any of these accepted formats: * * `projects/{{project}}/locations/{{location}}/lbTrafficExtensions/{{name}}` * * `{{project}}/{{location}}/{{name}}` * * `{{location}}/{{name}}` * When using the `pulumi import` command, LbTrafficExtension can be imported using one of the formats above. For example: * ```sh * $ pulumi import gcp:networkservices/lbTrafficExtension:LbTrafficExtension default projects/{{project}}/locations/{{location}}/lbTrafficExtensions/{{name}} * ``` * ```sh * $ pulumi import gcp:networkservices/lbTrafficExtension:LbTrafficExtension default {{project}}/{{location}}/{{name}} * ``` * ```sh * $ pulumi import gcp:networkservices/lbTrafficExtension:LbTrafficExtension default {{location}}/{{name}} * ``` */ public class LbTrafficExtension internal constructor( override val javaResource: com.pulumi.gcp.networkservices.LbTrafficExtension, ) : KotlinCustomResource(javaResource, LbTrafficExtensionMapper) { /** * A human-readable description of the resource. */ public val description: Output? get() = javaResource.description().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) }) /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ public val effectiveLabels: Output> get() = javaResource.effectiveLabels().applyValue({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }) /** * A set of ordered extension chains that contain the match conditions and extensions to execute. * Match conditions for each extension chain are evaluated in sequence for a given request. * The first extension chain that has a condition that matches the request is executed. * Any subsequent extension chains do not execute. Limited to 5 extension chains per resource. * Structure is documented below. */ public val extensionChains: Output> get() = javaResource.extensionChains().applyValue({ args0 -> args0.map({ args0 -> args0.let({ args0 -> toKotlin(args0) }) }) }) /** * A list of references to the forwarding rules to which this service extension is attached to. * At least one forwarding rule is required. There can be only one LBTrafficExtension resource per forwarding rule. */ public val forwardingRules: Output> get() = javaResource.forwardingRules().applyValue({ args0 -> args0.map({ args0 -> args0 }) }) /** * Set of labels associated with the LbTrafficExtension resource. **Note**: This field is non-authoritative, and will only * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels * present on the resource. */ public val labels: Output>? get() = javaResource.labels().applyValue({ args0 -> args0.map({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }).orElse(null) }) /** * All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. For * more information, refer to Choosing a load balancer. Possible values: ["LOAD_BALANCING_SCHEME_UNSPECIFIED", * "INTERNAL_MANAGED", "EXTERNAL_MANAGED"] */ public val loadBalancingScheme: Output? get() = javaResource.loadBalancingScheme().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) }) /** * The location of the traffic extension */ public val location: Output get() = javaResource.location().applyValue({ args0 -> args0 }) /** * Name of the LbTrafficExtension resource in the following format: projects/{project}/locations/{location}/lbTrafficExtensions/{lbTrafficExtension}. */ public val name: Output get() = javaResource.name().applyValue({ args0 -> args0 }) public val project: Output get() = javaResource.project().applyValue({ args0 -> args0 }) /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ public val pulumiLabels: Output> get() = javaResource.pulumiLabels().applyValue({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }) } public object LbTrafficExtensionMapper : ResourceMapper { override fun supportsMappingOfType(javaResource: Resource): Boolean = com.pulumi.gcp.networkservices.LbTrafficExtension::class == javaResource::class override fun map(javaResource: Resource): LbTrafficExtension = LbTrafficExtension( javaResource as com.pulumi.gcp.networkservices.LbTrafficExtension, ) } /** * @see [LbTrafficExtension]. * @param name The _unique_ name of the resulting resource. * @param block Builder for [LbTrafficExtension]. */ public suspend fun lbTrafficExtension( name: String, block: suspend LbTrafficExtensionResourceBuilder.() -> Unit, ): LbTrafficExtension { val builder = LbTrafficExtensionResourceBuilder() builder.name(name) block(builder) return builder.build() } /** * @see [LbTrafficExtension]. * @param name The _unique_ name of the resulting resource. */ public fun lbTrafficExtension(name: String): LbTrafficExtension { val builder = LbTrafficExtensionResourceBuilder() builder.name(name) return builder.build() }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy