com.pulumi.gcp.networkservices.kotlin.LbTrafficExtensionArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.networkservices.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.networkservices.LbTrafficExtensionArgs.builder
import com.pulumi.gcp.networkservices.kotlin.inputs.LbTrafficExtensionExtensionChainArgs
import com.pulumi.gcp.networkservices.kotlin.inputs.LbTrafficExtensionExtensionChainArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* LbTrafficExtension is a resource that lets the extension service modify the headers and payloads of both requests and responses without impacting the choice of backend services or any other security policies associated with the backend service.
* To get more information about LbTrafficExtension, see:
* * [API documentation](https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.lbTrafficExtensions)
* * How-to Guides
* * [Configure a traffic extension](https://cloud.google.com/service-extensions/docs/configure-callout#configure_a_traffic_extension)
* ## Example Usage
* ### Network Services Lb Traffic Extension Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* // Internal HTTP load balancer with a managed instance group backend
* // VPC network
* const ilbNetwork = new gcp.compute.Network("ilb_network", {
* name: "l7-ilb-network",
* autoCreateSubnetworks: false,
* });
* // proxy-only subnet
* const proxySubnet = new gcp.compute.Subnetwork("proxy_subnet", {
* name: "l7-ilb-proxy-subnet",
* ipCidrRange: "10.0.0.0/24",
* region: "us-west1",
* purpose: "REGIONAL_MANAGED_PROXY",
* role: "ACTIVE",
* network: ilbNetwork.id,
* });
* // backend subnet
* const ilbSubnet = new gcp.compute.Subnetwork("ilb_subnet", {
* name: "l7-ilb-subnet",
* ipCidrRange: "10.0.1.0/24",
* region: "us-west1",
* network: ilbNetwork.id,
* });
* // health check
* const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
* name: "l7-ilb-hc",
* region: "us-west1",
* httpHealthCheck: {
* portSpecification: "USE_SERVING_PORT",
* },
* });
* // instance template
* const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
* networkInterfaces: [{
* accessConfigs: [{}],
* network: ilbNetwork.id,
* subnetwork: ilbSubnet.id,
* }],
* name: "l7-ilb-mig-template",
* machineType: "e2-small",
* tags: ["http-server"],
* disks: [{
* sourceImage: "debian-cloud/debian-10",
* autoDelete: true,
* boot: true,
* }],
* metadata: {
* "startup-script": `#! /bin/bash
* set -euo pipefail
* export DEBIAN_FRONTEND=noninteractive
* apt-get update
* apt-get install -y nginx-light jq
* NAME=(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
* IP=(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
* METADATA=(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
* cat < /var/www/html/index.html
*
* Name: NAME
* IP: IP
* Metadata: METADATA
*
* EOF
* `,
* },
* });
* // MIG
* const mig = new gcp.compute.RegionInstanceGroupManager("mig", {
* name: "l7-ilb-mig1",
* region: "us-west1",
* baseInstanceName: "vm",
* targetSize: 2,
* versions: [{
* instanceTemplate: instanceTemplate.id,
* name: "primary",
* }],
* });
* // backend service
* const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", {
* name: "l7-ilb-backend-subnet",
* region: "us-west1",
* protocol: "HTTP",
* loadBalancingScheme: "INTERNAL_MANAGED",
* timeoutSec: 10,
* healthChecks: defaultRegionHealthCheck.id,
* backends: [{
* group: mig.instanceGroup,
* balancingMode: "UTILIZATION",
* capacityScaler: 1,
* }],
* });
* // URL map
* const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
* name: "l7-ilb-regional-url-map",
* region: "us-west1",
* defaultService: defaultRegionBackendService.id,
* });
* // HTTP target proxy
* const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", {
* name: "l7-ilb-target-http-proxy",
* region: "us-west1",
* urlMap: defaultRegionUrlMap.id,
* });
* // forwarding rule
* const _default = new gcp.compute.ForwardingRule("default", {
* name: "l7-ilb-forwarding-rule",
* region: "us-west1",
* ipProtocol: "TCP",
* loadBalancingScheme: "INTERNAL_MANAGED",
* portRange: "80",
* target: defaultRegionTargetHttpProxy.id,
* network: ilbNetwork.id,
* subnetwork: ilbSubnet.id,
* networkTier: "PREMIUM",
* });
* // allow all access from IAP and health check ranges
* const fwIap = new gcp.compute.Firewall("fw_iap", {
* name: "l7-ilb-fw-allow-iap-hc",
* direction: "INGRESS",
* network: ilbNetwork.id,
* sourceRanges: [
* "130.211.0.0/22",
* "35.191.0.0/16",
* "35.235.240.0/20",
* ],
* allows: [{
* protocol: "tcp",
* }],
* });
* // allow http from proxy subnet to backends
* const fwIlbToBackends = new gcp.compute.Firewall("fw_ilb_to_backends", {
* name: "l7-ilb-fw-allow-ilb-to-backends",
* direction: "INGRESS",
* network: ilbNetwork.id,
* sourceRanges: ["10.0.0.0/24"],
* targetTags: ["http-server"],
* allows: [{
* protocol: "tcp",
* ports: [
* "80",
* "443",
* "8080",
* ],
* }],
* });
* // Traffic Extension Backend Instance
* const calloutsInstance = new gcp.compute.Instance("callouts_instance", {
* networkInterfaces: [{
* accessConfigs: [{}],
* network: ilbNetwork.id,
* subnetwork: ilbSubnet.id,
* }],
* name: "l7-ilb-callouts-ins",
* zone: "us-west1-a",
* machineType: "e2-small",
* labels: {
* "container-vm": "cos-stable-109-17800-147-54",
* },
* tags: [
* "allow-ssh",
* "load-balanced-backend",
* ],
* bootDisk: {
* autoDelete: true,
* initializeParams: {
* type: "pd-standard",
* size: 10,
* image: "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54",
* },
* },
* metadata: {
* "gce-container-declaration": `# DISCLAIMER:
* # This container declaration format is not a public API and may change without
* # notice. Please use gcloud command-line tool or Google Cloud Console to run
* # Containers on Google Compute Engine.
* spec:
* containers:
* - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest
* name: callouts-vm
* securityContext:
* privileged: false
* stdin: false
* tty: false
* volumeMounts: []
* restartPolicy: Always
* volumes: []
* `,
* "google-logging-enabled": "true",
* },
* deletionProtection: false,
* });
* // callouts instance group
* const calloutsInstanceGroup = new gcp.compute.InstanceGroup("callouts_instance_group", {
* name: "l7-ilb-callouts-ins-group",
* description: "Terraform test instance group",
* zone: "us-west1-a",
* instances: [calloutsInstance.id],
* namedPorts: [
* {
* name: "http",
* port: 80,
* },
* {
* name: "grpc",
* port: 443,
* },
* ],
* });
* // callout health check
* const calloutsHealthCheck = new gcp.compute.RegionHealthCheck("callouts_health_check", {
* name: "l7-ilb-callouts-hc",
* region: "us-west1",
* httpHealthCheck: {
* port: 80,
* },
* });
* // callout backend service
* const calloutsBackend = new gcp.compute.RegionBackendService("callouts_backend", {
* name: "l7-ilb-callouts-backend",
* region: "us-west1",
* protocol: "HTTP2",
* loadBalancingScheme: "INTERNAL_MANAGED",
* timeoutSec: 10,
* portName: "grpc",
* healthChecks: calloutsHealthCheck.id,
* backends: [{
* group: calloutsInstanceGroup.id,
* balancingMode: "UTILIZATION",
* capacityScaler: 1,
* }],
* });
* const defaultLbTrafficExtension = new gcp.networkservices.LbTrafficExtension("default", {
* name: "l7-ilb-traffic-ext",
* description: "my traffic extension",
* location: "us-west1",
* loadBalancingScheme: "INTERNAL_MANAGED",
* forwardingRules: [_default.selfLink],
* extensionChains: [{
* name: "chain1",
* matchCondition: {
* celExpression: "request.host == 'example.com'",
* },
* extensions: [{
* name: "ext11",
* authority: "ext11.com",
* service: calloutsBackend.selfLink,
* timeout: "0.1s",
* failOpen: false,
* supportedEvents: ["REQUEST_HEADERS"],
* forwardHeaders: ["custom-header"],
* }],
* }],
* labels: {
* foo: "bar",
* },
* });
* // test instance
* const vmTest = new gcp.compute.Instance("vm_test", {
* name: "l7-ilb-test-vm",
* zone: "us-west1-b",
* machineType: "e2-small",
* networkInterfaces: [{
* network: ilbNetwork.id,
* subnetwork: ilbSubnet.id,
* }],
* bootDisk: {
* initializeParams: {
* image: "debian-cloud/debian-11",
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* # Internal HTTP load balancer with a managed instance group backend
* # VPC network
* ilb_network = gcp.compute.Network("ilb_network",
* name="l7-ilb-network",
* auto_create_subnetworks=False)
* # proxy-only subnet
* proxy_subnet = gcp.compute.Subnetwork("proxy_subnet",
* name="l7-ilb-proxy-subnet",
* ip_cidr_range="10.0.0.0/24",
* region="us-west1",
* purpose="REGIONAL_MANAGED_PROXY",
* role="ACTIVE",
* network=ilb_network.id)
* # backend subnet
* ilb_subnet = gcp.compute.Subnetwork("ilb_subnet",
* name="l7-ilb-subnet",
* ip_cidr_range="10.0.1.0/24",
* region="us-west1",
* network=ilb_network.id)
* # health check
* default_region_health_check = gcp.compute.RegionHealthCheck("default",
* name="l7-ilb-hc",
* region="us-west1",
* http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
* port_specification="USE_SERVING_PORT",
* ))
* # instance template
* instance_template = gcp.compute.InstanceTemplate("instance_template",
* network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
* access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
* network=ilb_network.id,
* subnetwork=ilb_subnet.id,
* )],
* name="l7-ilb-mig-template",
* machine_type="e2-small",
* tags=["http-server"],
* disks=[gcp.compute.InstanceTemplateDiskArgs(
* source_image="debian-cloud/debian-10",
* auto_delete=True,
* boot=True,
* )],
* metadata={
* "startup-script": """#! /bin/bash
* set -euo pipefail
* export DEBIAN_FRONTEND=noninteractive
* apt-get update
* apt-get install -y nginx-light jq
* NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
* IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
* METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
* cat < /var/www/html/index.html
*
* Name: $NAME
* IP: $IP
* Metadata: $METADATA
*
* EOF
* """,
* })
* # MIG
* mig = gcp.compute.RegionInstanceGroupManager("mig",
* name="l7-ilb-mig1",
* region="us-west1",
* base_instance_name="vm",
* target_size=2,
* versions=[gcp.compute.RegionInstanceGroupManagerVersionArgs(
* instance_template=instance_template.id,
* name="primary",
* )])
* # backend service
* default_region_backend_service = gcp.compute.RegionBackendService("default",
* name="l7-ilb-backend-subnet",
* region="us-west1",
* protocol="HTTP",
* load_balancing_scheme="INTERNAL_MANAGED",
* timeout_sec=10,
* health_checks=default_region_health_check.id,
* backends=[gcp.compute.RegionBackendServiceBackendArgs(
* group=mig.instance_group,
* balancing_mode="UTILIZATION",
* capacity_scaler=1,
* )])
* # URL map
* default_region_url_map = gcp.compute.RegionUrlMap("default",
* name="l7-ilb-regional-url-map",
* region="us-west1",
* default_service=default_region_backend_service.id)
* # HTTP target proxy
* default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default",
* name="l7-ilb-target-http-proxy",
* region="us-west1",
* url_map=default_region_url_map.id)
* # forwarding rule
* default = gcp.compute.ForwardingRule("default",
* name="l7-ilb-forwarding-rule",
* region="us-west1",
* ip_protocol="TCP",
* load_balancing_scheme="INTERNAL_MANAGED",
* port_range="80",
* target=default_region_target_http_proxy.id,
* network=ilb_network.id,
* subnetwork=ilb_subnet.id,
* network_tier="PREMIUM")
* # allow all access from IAP and health check ranges
* fw_iap = gcp.compute.Firewall("fw_iap",
* name="l7-ilb-fw-allow-iap-hc",
* direction="INGRESS",
* network=ilb_network.id,
* source_ranges=[
* "130.211.0.0/22",
* "35.191.0.0/16",
* "35.235.240.0/20",
* ],
* allows=[gcp.compute.FirewallAllowArgs(
* protocol="tcp",
* )])
* # allow http from proxy subnet to backends
* fw_ilb_to_backends = gcp.compute.Firewall("fw_ilb_to_backends",
* name="l7-ilb-fw-allow-ilb-to-backends",
* direction="INGRESS",
* network=ilb_network.id,
* source_ranges=["10.0.0.0/24"],
* target_tags=["http-server"],
* allows=[gcp.compute.FirewallAllowArgs(
* protocol="tcp",
* ports=[
* "80",
* "443",
* "8080",
* ],
* )])
* # Traffic Extension Backend Instance
* callouts_instance = gcp.compute.Instance("callouts_instance",
* network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
* access_configs=[gcp.compute.InstanceNetworkInterfaceAccessConfigArgs()],
* network=ilb_network.id,
* subnetwork=ilb_subnet.id,
* )],
* name="l7-ilb-callouts-ins",
* zone="us-west1-a",
* machine_type="e2-small",
* labels={
* "container-vm": "cos-stable-109-17800-147-54",
* },
* tags=[
* "allow-ssh",
* "load-balanced-backend",
* ],
* boot_disk=gcp.compute.InstanceBootDiskArgs(
* auto_delete=True,
* initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs(
* type="pd-standard",
* size=10,
* image="https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54",
* ),
* ),
* metadata={
* "gce-container-declaration": """# DISCLAIMER:
* # This container declaration format is not a public API and may change without
* # notice. Please use gcloud command-line tool or Google Cloud Console to run
* # Containers on Google Compute Engine.
* spec:
* containers:
* - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest
* name: callouts-vm
* securityContext:
* privileged: false
* stdin: false
* tty: false
* volumeMounts: []
* restartPolicy: Always
* volumes: []
* """,
* "google-logging-enabled": "true",
* },
* deletion_protection=False)
* # callouts instance group
* callouts_instance_group = gcp.compute.InstanceGroup("callouts_instance_group",
* name="l7-ilb-callouts-ins-group",
* description="Terraform test instance group",
* zone="us-west1-a",
* instances=[callouts_instance.id],
* named_ports=[
* gcp.compute.InstanceGroupNamedPortArgs(
* name="http",
* port=80,
* ),
* gcp.compute.InstanceGroupNamedPortArgs(
* name="grpc",
* port=443,
* ),
* ])
* # callout health check
* callouts_health_check = gcp.compute.RegionHealthCheck("callouts_health_check",
* name="l7-ilb-callouts-hc",
* region="us-west1",
* http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
* port=80,
* ))
* # callout backend service
* callouts_backend = gcp.compute.RegionBackendService("callouts_backend",
* name="l7-ilb-callouts-backend",
* region="us-west1",
* protocol="HTTP2",
* load_balancing_scheme="INTERNAL_MANAGED",
* timeout_sec=10,
* port_name="grpc",
* health_checks=callouts_health_check.id,
* backends=[gcp.compute.RegionBackendServiceBackendArgs(
* group=callouts_instance_group.id,
* balancing_mode="UTILIZATION",
* capacity_scaler=1,
* )])
* default_lb_traffic_extension = gcp.networkservices.LbTrafficExtension("default",
* name="l7-ilb-traffic-ext",
* description="my traffic extension",
* location="us-west1",
* load_balancing_scheme="INTERNAL_MANAGED",
* forwarding_rules=[default.self_link],
* extension_chains=[gcp.networkservices.LbTrafficExtensionExtensionChainArgs(
* name="chain1",
* match_condition=gcp.networkservices.LbTrafficExtensionExtensionChainMatchConditionArgs(
* cel_expression="request.host == 'example.com'",
* ),
* extensions=[gcp.networkservices.LbTrafficExtensionExtensionChainExtensionArgs(
* name="ext11",
* authority="ext11.com",
* service=callouts_backend.self_link,
* timeout="0.1s",
* fail_open=False,
* supported_events=["REQUEST_HEADERS"],
* forward_headers=["custom-header"],
* )],
* )],
* labels={
* "foo": "bar",
* })
* # test instance
* vm_test = gcp.compute.Instance("vm_test",
* name="l7-ilb-test-vm",
* zone="us-west1-b",
* machine_type="e2-small",
* network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
* network=ilb_network.id,
* subnetwork=ilb_subnet.id,
* )],
* boot_disk=gcp.compute.InstanceBootDiskArgs(
* initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs(
* image="debian-cloud/debian-11",
* ),
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* // Internal HTTP load balancer with a managed instance group backend
* // VPC network
* var ilbNetwork = new Gcp.Compute.Network("ilb_network", new()
* {
* Name = "l7-ilb-network",
* AutoCreateSubnetworks = false,
* });
* // proxy-only subnet
* var proxySubnet = new Gcp.Compute.Subnetwork("proxy_subnet", new()
* {
* Name = "l7-ilb-proxy-subnet",
* IpCidrRange = "10.0.0.0/24",
* Region = "us-west1",
* Purpose = "REGIONAL_MANAGED_PROXY",
* Role = "ACTIVE",
* Network = ilbNetwork.Id,
* });
* // backend subnet
* var ilbSubnet = new Gcp.Compute.Subnetwork("ilb_subnet", new()
* {
* Name = "l7-ilb-subnet",
* IpCidrRange = "10.0.1.0/24",
* Region = "us-west1",
* Network = ilbNetwork.Id,
* });
* // health check
* var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
* {
* Name = "l7-ilb-hc",
* Region = "us-west1",
* HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
* {
* PortSpecification = "USE_SERVING_PORT",
* },
* });
* // instance template
* var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
* {
* NetworkInterfaces = new[]
* {
* new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
* {
* AccessConfigs = new[]
* {
* null,
* },
* Network = ilbNetwork.Id,
* Subnetwork = ilbSubnet.Id,
* },
* },
* Name = "l7-ilb-mig-template",
* MachineType = "e2-small",
* Tags = new[]
* {
* "http-server",
* },
* Disks = new[]
* {
* new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
* {
* SourceImage = "debian-cloud/debian-10",
* AutoDelete = true,
* Boot = true,
* },
* },
* Metadata =
* {
* { "startup-script", @"#! /bin/bash
* set -euo pipefail
* export DEBIAN_FRONTEND=noninteractive
* apt-get update
* apt-get install -y nginx-light jq
* NAME=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/hostname"")
* IP=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip"")
* METADATA=$(curl -f -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True"" | jq 'del(.[""startup-script""])')
* cat < /var/www/html/index.html
*
* Name: $NAME
* IP: $IP
* Metadata: $METADATA
*
* EOF
* " },
* },
* });
* // MIG
* var mig = new Gcp.Compute.RegionInstanceGroupManager("mig", new()
* {
* Name = "l7-ilb-mig1",
* Region = "us-west1",
* BaseInstanceName = "vm",
* TargetSize = 2,
* Versions = new[]
* {
* new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
* {
* InstanceTemplate = instanceTemplate.Id,
* Name = "primary",
* },
* },
* });
* // backend service
* var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new()
* {
* Name = "l7-ilb-backend-subnet",
* Region = "us-west1",
* Protocol = "HTTP",
* LoadBalancingScheme = "INTERNAL_MANAGED",
* TimeoutSec = 10,
* HealthChecks = defaultRegionHealthCheck.Id,
* Backends = new[]
* {
* new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
* {
* Group = mig.InstanceGroup,
* BalancingMode = "UTILIZATION",
* CapacityScaler = 1,
* },
* },
* });
* // URL map
* var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
* {
* Name = "l7-ilb-regional-url-map",
* Region = "us-west1",
* DefaultService = defaultRegionBackendService.Id,
* });
* // HTTP target proxy
* var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new()
* {
* Name = "l7-ilb-target-http-proxy",
* Region = "us-west1",
* UrlMap = defaultRegionUrlMap.Id,
* });
* // forwarding rule
* var @default = new Gcp.Compute.ForwardingRule("default", new()
* {
* Name = "l7-ilb-forwarding-rule",
* Region = "us-west1",
* IpProtocol = "TCP",
* LoadBalancingScheme = "INTERNAL_MANAGED",
* PortRange = "80",
* Target = defaultRegionTargetHttpProxy.Id,
* Network = ilbNetwork.Id,
* Subnetwork = ilbSubnet.Id,
* NetworkTier = "PREMIUM",
* });
* // allow all access from IAP and health check ranges
* var fwIap = new Gcp.Compute.Firewall("fw_iap", new()
* {
* Name = "l7-ilb-fw-allow-iap-hc",
* Direction = "INGRESS",
* Network = ilbNetwork.Id,
* SourceRanges = new[]
* {
* "130.211.0.0/22",
* "35.191.0.0/16",
* "35.235.240.0/20",
* },
* Allows = new[]
* {
* new Gcp.Compute.Inputs.FirewallAllowArgs
* {
* Protocol = "tcp",
* },
* },
* });
* // allow http from proxy subnet to backends
* var fwIlbToBackends = new Gcp.Compute.Firewall("fw_ilb_to_backends", new()
* {
* Name = "l7-ilb-fw-allow-ilb-to-backends",
* Direction = "INGRESS",
* Network = ilbNetwork.Id,
* SourceRanges = new[]
* {
* "10.0.0.0/24",
* },
* TargetTags = new[]
* {
* "http-server",
* },
* Allows = new[]
* {
* new Gcp.Compute.Inputs.FirewallAllowArgs
* {
* Protocol = "tcp",
* Ports = new[]
* {
* "80",
* "443",
* "8080",
* },
* },
* },
* });
* // Traffic Extension Backend Instance
* var calloutsInstance = new Gcp.Compute.Instance("callouts_instance", new()
* {
* NetworkInterfaces = new[]
* {
* new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
* {
* AccessConfigs = new[]
* {
* null,
* },
* Network = ilbNetwork.Id,
* Subnetwork = ilbSubnet.Id,
* },
* },
* Name = "l7-ilb-callouts-ins",
* Zone = "us-west1-a",
* MachineType = "e2-small",
* Labels =
* {
* { "container-vm", "cos-stable-109-17800-147-54" },
* },
* Tags = new[]
* {
* "allow-ssh",
* "load-balanced-backend",
* },
* BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
* {
* AutoDelete = true,
* InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
* {
* Type = "pd-standard",
* Size = 10,
* Image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54",
* },
* },
* Metadata =
* {
* { "gce-container-declaration", @"# DISCLAIMER:
* # This container declaration format is not a public API and may change without
* # notice. Please use gcloud command-line tool or Google Cloud Console to run
* # Containers on Google Compute Engine.
* spec:
* containers:
* - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest
* name: callouts-vm
* securityContext:
* privileged: false
* stdin: false
* tty: false
* volumeMounts: []
* restartPolicy: Always
* volumes: []
* " },
* { "google-logging-enabled", "true" },
* },
* DeletionProtection = false,
* });
* // callouts instance group
* var calloutsInstanceGroup = new Gcp.Compute.InstanceGroup("callouts_instance_group", new()
* {
* Name = "l7-ilb-callouts-ins-group",
* Description = "Terraform test instance group",
* Zone = "us-west1-a",
* Instances = new[]
* {
* calloutsInstance.Id,
* },
* NamedPorts = new[]
* {
* new Gcp.Compute.Inputs.InstanceGroupNamedPortArgs
* {
* Name = "http",
* Port = 80,
* },
* new Gcp.Compute.Inputs.InstanceGroupNamedPortArgs
* {
* Name = "grpc",
* Port = 443,
* },
* },
* });
* // callout health check
* var calloutsHealthCheck = new Gcp.Compute.RegionHealthCheck("callouts_health_check", new()
* {
* Name = "l7-ilb-callouts-hc",
* Region = "us-west1",
* HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
* {
* Port = 80,
* },
* });
* // callout backend service
* var calloutsBackend = new Gcp.Compute.RegionBackendService("callouts_backend", new()
* {
* Name = "l7-ilb-callouts-backend",
* Region = "us-west1",
* Protocol = "HTTP2",
* LoadBalancingScheme = "INTERNAL_MANAGED",
* TimeoutSec = 10,
* PortName = "grpc",
* HealthChecks = calloutsHealthCheck.Id,
* Backends = new[]
* {
* new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
* {
* Group = calloutsInstanceGroup.Id,
* BalancingMode = "UTILIZATION",
* CapacityScaler = 1,
* },
* },
* });
* var defaultLbTrafficExtension = new Gcp.NetworkServices.LbTrafficExtension("default", new()
* {
* Name = "l7-ilb-traffic-ext",
* Description = "my traffic extension",
* Location = "us-west1",
* LoadBalancingScheme = "INTERNAL_MANAGED",
* ForwardingRules = new[]
* {
* @default.SelfLink,
* },
* ExtensionChains = new[]
* {
* new Gcp.NetworkServices.Inputs.LbTrafficExtensionExtensionChainArgs
* {
* Name = "chain1",
* MatchCondition = new Gcp.NetworkServices.Inputs.LbTrafficExtensionExtensionChainMatchConditionArgs
* {
* CelExpression = "request.host == 'example.com'",
* },
* Extensions = new[]
* {
* new Gcp.NetworkServices.Inputs.LbTrafficExtensionExtensionChainExtensionArgs
* {
* Name = "ext11",
* Authority = "ext11.com",
* Service = calloutsBackend.SelfLink,
* Timeout = "0.1s",
* FailOpen = false,
* SupportedEvents = new[]
* {
* "REQUEST_HEADERS",
* },
* ForwardHeaders = new[]
* {
* "custom-header",
* },
* },
* },
* },
* },
* Labels =
* {
* { "foo", "bar" },
* },
* });
* // test instance
* var vmTest = new Gcp.Compute.Instance("vm_test", new()
* {
* Name = "l7-ilb-test-vm",
* Zone = "us-west1-b",
* MachineType = "e2-small",
* NetworkInterfaces = new[]
* {
* new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
* {
* Network = ilbNetwork.Id,
* Subnetwork = ilbSubnet.Id,
* },
* },
* BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
* {
* InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
* {
* Image = "debian-cloud/debian-11",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networkservices"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* // Internal HTTP load balancer with a managed instance group backend
* // VPC network
* ilbNetwork, err := compute.NewNetwork(ctx, "ilb_network", &compute.NetworkArgs{
* Name: pulumi.String("l7-ilb-network"),
* AutoCreateSubnetworks: pulumi.Bool(false),
* })
* if err != nil {
* return err
* }
* // proxy-only subnet
* _, err = compute.NewSubnetwork(ctx, "proxy_subnet", &compute.SubnetworkArgs{
* Name: pulumi.String("l7-ilb-proxy-subnet"),
* IpCidrRange: pulumi.String("10.0.0.0/24"),
* Region: pulumi.String("us-west1"),
* Purpose: pulumi.String("REGIONAL_MANAGED_PROXY"),
* Role: pulumi.String("ACTIVE"),
* Network: ilbNetwork.ID(),
* })
* if err != nil {
* return err
* }
* // backend subnet
* ilbSubnet, err := compute.NewSubnetwork(ctx, "ilb_subnet", &compute.SubnetworkArgs{
* Name: pulumi.String("l7-ilb-subnet"),
* IpCidrRange: pulumi.String("10.0.1.0/24"),
* Region: pulumi.String("us-west1"),
* Network: ilbNetwork.ID(),
* })
* if err != nil {
* return err
* }
* // health check
* defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
* Name: pulumi.String("l7-ilb-hc"),
* Region: pulumi.String("us-west1"),
* HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
* PortSpecification: pulumi.String("USE_SERVING_PORT"),
* },
* })
* if err != nil {
* return err
* }
* // instance template
* instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
* NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
* &compute.InstanceTemplateNetworkInterfaceArgs{
* AccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{
* nil,
* },
* Network: ilbNetwork.ID(),
* Subnetwork: ilbSubnet.ID(),
* },
* },
* Name: pulumi.String("l7-ilb-mig-template"),
* MachineType: pulumi.String("e2-small"),
* Tags: pulumi.StringArray{
* pulumi.String("http-server"),
* },
* Disks: compute.InstanceTemplateDiskArray{
* &compute.InstanceTemplateDiskArgs{
* SourceImage: pulumi.String("debian-cloud/debian-10"),
* AutoDelete: pulumi.Bool(true),
* Boot: pulumi.Bool(true),
* },
* },
* Metadata: pulumi.Map{
* "startup-script": pulumi.Any(`#! /bin/bash
* set -euo pipefail
* export DEBIAN_FRONTEND=noninteractive
* apt-get update
* apt-get install -y nginx-light jq
* NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
* IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
* METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
* cat < /var/www/html/index.html
*
* Name: $NAME
* IP: $IP
* Metadata: $METADATA
*
* EOF
* `),
* },
* })
* if err != nil {
* return err
* }
* // MIG
* mig, err := compute.NewRegionInstanceGroupManager(ctx, "mig", &compute.RegionInstanceGroupManagerArgs{
* Name: pulumi.String("l7-ilb-mig1"),
* Region: pulumi.String("us-west1"),
* BaseInstanceName: pulumi.String("vm"),
* TargetSize: pulumi.Int(2),
* Versions: compute.RegionInstanceGroupManagerVersionArray{
* &compute.RegionInstanceGroupManagerVersionArgs{
* InstanceTemplate: instanceTemplate.ID(),
* Name: pulumi.String("primary"),
* },
* },
* })
* if err != nil {
* return err
* }
* // backend service
* defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
* Name: pulumi.String("l7-ilb-backend-subnet"),
* Region: pulumi.String("us-west1"),
* Protocol: pulumi.String("HTTP"),
* LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
* TimeoutSec: pulumi.Int(10),
* HealthChecks: defaultRegionHealthCheck.ID(),
* Backends: compute.RegionBackendServiceBackendArray{
* &compute.RegionBackendServiceBackendArgs{
* Group: mig.InstanceGroup,
* BalancingMode: pulumi.String("UTILIZATION"),
* CapacityScaler: pulumi.Float64(1),
* },
* },
* })
* if err != nil {
* return err
* }
* // URL map
* defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
* Name: pulumi.String("l7-ilb-regional-url-map"),
* Region: pulumi.String("us-west1"),
* DefaultService: defaultRegionBackendService.ID(),
* })
* if err != nil {
* return err
* }
* // HTTP target proxy
* defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
* Name: pulumi.String("l7-ilb-target-http-proxy"),
* Region: pulumi.String("us-west1"),
* UrlMap: defaultRegionUrlMap.ID(),
* })
* if err != nil {
* return err
* }
* // forwarding rule
* _, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
* Name: pulumi.String("l7-ilb-forwarding-rule"),
* Region: pulumi.String("us-west1"),
* IpProtocol: pulumi.String("TCP"),
* LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
* PortRange: pulumi.String("80"),
* Target: defaultRegionTargetHttpProxy.ID(),
* Network: ilbNetwork.ID(),
* Subnetwork: ilbSubnet.ID(),
* NetworkTier: pulumi.String("PREMIUM"),
* })
* if err != nil {
* return err
* }
* // allow all access from IAP and health check ranges
* _, err = compute.NewFirewall(ctx, "fw_iap", &compute.FirewallArgs{
* Name: pulumi.String("l7-ilb-fw-allow-iap-hc"),
* Direction: pulumi.String("INGRESS"),
* Network: ilbNetwork.ID(),
* SourceRanges: pulumi.StringArray{
* pulumi.String("130.211.0.0/22"),
* pulumi.String("35.191.0.0/16"),
* pulumi.String("35.235.240.0/20"),
* },
* Allows: compute.FirewallAllowArray{
* &compute.FirewallAllowArgs{
* Protocol: pulumi.String("tcp"),
* },
* },
* })
* if err != nil {
* return err
* }
* // allow http from proxy subnet to backends
* _, err = compute.NewFirewall(ctx, "fw_ilb_to_backends", &compute.FirewallArgs{
* Name: pulumi.String("l7-ilb-fw-allow-ilb-to-backends"),
* Direction: pulumi.String("INGRESS"),
* Network: ilbNetwork.ID(),
* SourceRanges: pulumi.StringArray{
* pulumi.String("10.0.0.0/24"),
* },
* TargetTags: pulumi.StringArray{
* pulumi.String("http-server"),
* },
* Allows: compute.FirewallAllowArray{
* &compute.FirewallAllowArgs{
* Protocol: pulumi.String("tcp"),
* Ports: pulumi.StringArray{
* pulumi.String("80"),
* pulumi.String("443"),
* pulumi.String("8080"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* // Traffic Extension Backend Instance
* calloutsInstance, err := compute.NewInstance(ctx, "callouts_instance", &compute.InstanceArgs{
* NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
* &compute.InstanceNetworkInterfaceArgs{
* AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{
* nil,
* },
* Network: ilbNetwork.ID(),
* Subnetwork: ilbSubnet.ID(),
* },
* },
* Name: pulumi.String("l7-ilb-callouts-ins"),
* Zone: pulumi.String("us-west1-a"),
* MachineType: pulumi.String("e2-small"),
* Labels: pulumi.StringMap{
* "container-vm": pulumi.String("cos-stable-109-17800-147-54"),
* },
* Tags: pulumi.StringArray{
* pulumi.String("allow-ssh"),
* pulumi.String("load-balanced-backend"),
* },
* BootDisk: &compute.InstanceBootDiskArgs{
* AutoDelete: pulumi.Bool(true),
* InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
* Type: pulumi.String("pd-standard"),
* Size: pulumi.Int(10),
* Image: pulumi.String("https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54"),
* },
* },
* Metadata: pulumi.StringMap{
* "gce-container-declaration": pulumi.String(`# DISCLAIMER:
* # This container declaration format is not a public API and may change without
* # notice. Please use gcloud command-line tool or Google Cloud Console to run
* # Containers on Google Compute Engine.
* spec:
* containers:
* - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest
* name: callouts-vm
* securityContext:
* privileged: false
* stdin: false
* tty: false
* volumeMounts: []
* restartPolicy: Always
* volumes: []
* `),
* "google-logging-enabled": pulumi.String("true"),
* },
* DeletionProtection: pulumi.Bool(false),
* })
* if err != nil {
* return err
* }
* // callouts instance group
* calloutsInstanceGroup, err := compute.NewInstanceGroup(ctx, "callouts_instance_group", &compute.InstanceGroupArgs{
* Name: pulumi.String("l7-ilb-callouts-ins-group"),
* Description: pulumi.String("Terraform test instance group"),
* Zone: pulumi.String("us-west1-a"),
* Instances: pulumi.StringArray{
* calloutsInstance.ID(),
* },
* NamedPorts: compute.InstanceGroupNamedPortTypeArray{
* &compute.InstanceGroupNamedPortTypeArgs{
* Name: pulumi.String("http"),
* Port: pulumi.Int(80),
* },
* &compute.InstanceGroupNamedPortTypeArgs{
* Name: pulumi.String("grpc"),
* Port: pulumi.Int(443),
* },
* },
* })
* if err != nil {
* return err
* }
* // callout health check
* calloutsHealthCheck, err := compute.NewRegionHealthCheck(ctx, "callouts_health_check", &compute.RegionHealthCheckArgs{
* Name: pulumi.String("l7-ilb-callouts-hc"),
* Region: pulumi.String("us-west1"),
* HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
* Port: pulumi.Int(80),
* },
* })
* if err != nil {
* return err
* }
* // callout backend service
* calloutsBackend, err := compute.NewRegionBackendService(ctx, "callouts_backend", &compute.RegionBackendServiceArgs{
* Name: pulumi.String("l7-ilb-callouts-backend"),
* Region: pulumi.String("us-west1"),
* Protocol: pulumi.String("HTTP2"),
* LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
* TimeoutSec: pulumi.Int(10),
* PortName: pulumi.String("grpc"),
* HealthChecks: calloutsHealthCheck.ID(),
* Backends: compute.RegionBackendServiceBackendArray{
* &compute.RegionBackendServiceBackendArgs{
* Group: calloutsInstanceGroup.ID(),
* BalancingMode: pulumi.String("UTILIZATION"),
* CapacityScaler: pulumi.Float64(1),
* },
* },
* })
* if err != nil {
* return err
* }
* _, err = networkservices.NewLbTrafficExtension(ctx, "default", &networkservices.LbTrafficExtensionArgs{
* Name: pulumi.String("l7-ilb-traffic-ext"),
* Description: pulumi.String("my traffic extension"),
* Location: pulumi.String("us-west1"),
* LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
* ForwardingRules: pulumi.StringArray{
* _default.SelfLink,
* },
* ExtensionChains: networkservices.LbTrafficExtensionExtensionChainArray{
* &networkservices.LbTrafficExtensionExtensionChainArgs{
* Name: pulumi.String("chain1"),
* MatchCondition: &networkservices.LbTrafficExtensionExtensionChainMatchConditionArgs{
* CelExpression: pulumi.String("request.host == 'example.com'"),
* },
* Extensions: networkservices.LbTrafficExtensionExtensionChainExtensionArray{
* &networkservices.LbTrafficExtensionExtensionChainExtensionArgs{
* Name: pulumi.String("ext11"),
* Authority: pulumi.String("ext11.com"),
* Service: calloutsBackend.SelfLink,
* Timeout: pulumi.String("0.1s"),
* FailOpen: pulumi.Bool(false),
* SupportedEvents: pulumi.StringArray{
* pulumi.String("REQUEST_HEADERS"),
* },
* ForwardHeaders: pulumi.StringArray{
* pulumi.String("custom-header"),
* },
* },
* },
* },
* },
* Labels: pulumi.StringMap{
* "foo": pulumi.String("bar"),
* },
* })
* if err != nil {
* return err
* }
* // test instance
* _, err = compute.NewInstance(ctx, "vm_test", &compute.InstanceArgs{
* Name: pulumi.String("l7-ilb-test-vm"),
* Zone: pulumi.String("us-west1-b"),
* MachineType: pulumi.String("e2-small"),
* NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
* &compute.InstanceNetworkInterfaceArgs{
* Network: ilbNetwork.ID(),
* Subnetwork: ilbSubnet.ID(),
* },
* },
* BootDisk: &compute.InstanceBootDiskArgs{
* InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
* Image: pulumi.String("debian-cloud/debian-11"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.compute.Network;
* import com.pulumi.gcp.compute.NetworkArgs;
* import com.pulumi.gcp.compute.Subnetwork;
* import com.pulumi.gcp.compute.SubnetworkArgs;
* import com.pulumi.gcp.compute.RegionHealthCheck;
* import com.pulumi.gcp.compute.RegionHealthCheckArgs;
* import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
* import com.pulumi.gcp.compute.InstanceTemplate;
* import com.pulumi.gcp.compute.InstanceTemplateArgs;
* import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
* import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
* import com.pulumi.gcp.compute.RegionInstanceGroupManager;
* import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
* import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
* import com.pulumi.gcp.compute.RegionBackendService;
* import com.pulumi.gcp.compute.RegionBackendServiceArgs;
* import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
* import com.pulumi.gcp.compute.RegionUrlMap;
* import com.pulumi.gcp.compute.RegionUrlMapArgs;
* import com.pulumi.gcp.compute.RegionTargetHttpProxy;
* import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
* import com.pulumi.gcp.compute.ForwardingRule;
* import com.pulumi.gcp.compute.ForwardingRuleArgs;
* import com.pulumi.gcp.compute.Firewall;
* import com.pulumi.gcp.compute.FirewallArgs;
* import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
* import com.pulumi.gcp.compute.Instance;
* import com.pulumi.gcp.compute.InstanceArgs;
* import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
* import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
* import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
* import com.pulumi.gcp.compute.InstanceGroup;
* import com.pulumi.gcp.compute.InstanceGroupArgs;
* import com.pulumi.gcp.compute.inputs.InstanceGroupNamedPortArgs;
* import com.pulumi.gcp.networkservices.LbTrafficExtension;
* import com.pulumi.gcp.networkservices.LbTrafficExtensionArgs;
* import com.pulumi.gcp.networkservices.inputs.LbTrafficExtensionExtensionChainArgs;
* import com.pulumi.gcp.networkservices.inputs.LbTrafficExtensionExtensionChainMatchConditionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* // Internal HTTP load balancer with a managed instance group backend
* // VPC network
* var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder()
* .name("l7-ilb-network")
* .autoCreateSubnetworks(false)
* .build());
* // proxy-only subnet
* var proxySubnet = new Subnetwork("proxySubnet", SubnetworkArgs.builder()
* .name("l7-ilb-proxy-subnet")
* .ipCidrRange("10.0.0.0/24")
* .region("us-west1")
* .purpose("REGIONAL_MANAGED_PROXY")
* .role("ACTIVE")
* .network(ilbNetwork.id())
* .build());
* // backend subnet
* var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder()
* .name("l7-ilb-subnet")
* .ipCidrRange("10.0.1.0/24")
* .region("us-west1")
* .network(ilbNetwork.id())
* .build());
* // health check
* var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
* .name("l7-ilb-hc")
* .region("us-west1")
* .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
* .portSpecification("USE_SERVING_PORT")
* .build())
* .build());
* // instance template
* var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
* .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
* .accessConfigs()
* .network(ilbNetwork.id())
* .subnetwork(ilbSubnet.id())
* .build())
* .name("l7-ilb-mig-template")
* .machineType("e2-small")
* .tags("http-server")
* .disks(InstanceTemplateDiskArgs.builder()
* .sourceImage("debian-cloud/debian-10")
* .autoDelete(true)
* .boot(true)
* .build())
* .metadata(Map.of("startup-script", """
* #! /bin/bash
* set -euo pipefail
* export DEBIAN_FRONTEND=noninteractive
* apt-get update
* apt-get install -y nginx-light jq
* NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
* IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
* METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
* cat < /var/www/html/index.html
*
* Name: $NAME
* IP: $IP
* Metadata: $METADATA
*
* EOF
* """))
* .build());
* // MIG
* var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder()
* .name("l7-ilb-mig1")
* .region("us-west1")
* .baseInstanceName("vm")
* .targetSize(2)
* .versions(RegionInstanceGroupManagerVersionArgs.builder()
* .instanceTemplate(instanceTemplate.id())
* .name("primary")
* .build())
* .build());
* // backend service
* var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()
* .name("l7-ilb-backend-subnet")
* .region("us-west1")
* .protocol("HTTP")
* .loadBalancingScheme("INTERNAL_MANAGED")
* .timeoutSec(10)
* .healthChecks(defaultRegionHealthCheck.id())
* .backends(RegionBackendServiceBackendArgs.builder()
* .group(mig.instanceGroup())
* .balancingMode("UTILIZATION")
* .capacityScaler(1)
* .build())
* .build());
* // URL map
* var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()
* .name("l7-ilb-regional-url-map")
* .region("us-west1")
* .defaultService(defaultRegionBackendService.id())
* .build());
* // HTTP target proxy
* var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()
* .name("l7-ilb-target-http-proxy")
* .region("us-west1")
* .urlMap(defaultRegionUrlMap.id())
* .build());
* // forwarding rule
* var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
* .name("l7-ilb-forwarding-rule")
* .region("us-west1")
* .ipProtocol("TCP")
* .loadBalancingScheme("INTERNAL_MANAGED")
* .portRange("80")
* .target(defaultRegionTargetHttpProxy.id())
* .network(ilbNetwork.id())
* .subnetwork(ilbSubnet.id())
* .networkTier("PREMIUM")
* .build());
* // allow all access from IAP and health check ranges
* var fwIap = new Firewall("fwIap", FirewallArgs.builder()
* .name("l7-ilb-fw-allow-iap-hc")
* .direction("INGRESS")
* .network(ilbNetwork.id())
* .sourceRanges(
* "130.211.0.0/22",
* "35.191.0.0/16",
* "35.235.240.0/20")
* .allows(FirewallAllowArgs.builder()
* .protocol("tcp")
* .build())
* .build());
* // allow http from proxy subnet to backends
* var fwIlbToBackends = new Firewall("fwIlbToBackends", FirewallArgs.builder()
* .name("l7-ilb-fw-allow-ilb-to-backends")
* .direction("INGRESS")
* .network(ilbNetwork.id())
* .sourceRanges("10.0.0.0/24")
* .targetTags("http-server")
* .allows(FirewallAllowArgs.builder()
* .protocol("tcp")
* .ports(
* "80",
* "443",
* "8080")
* .build())
* .build());
* // Traffic Extension Backend Instance
* var calloutsInstance = new Instance("calloutsInstance", InstanceArgs.builder()
* .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
* .accessConfigs()
* .network(ilbNetwork.id())
* .subnetwork(ilbSubnet.id())
* .build())
* .name("l7-ilb-callouts-ins")
* .zone("us-west1-a")
* .machineType("e2-small")
* .labels(Map.of("container-vm", "cos-stable-109-17800-147-54"))
* .tags(
* "allow-ssh",
* "load-balanced-backend")
* .bootDisk(InstanceBootDiskArgs.builder()
* .autoDelete(true)
* .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
* .type("pd-standard")
* .size(10)
* .image("https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54")
* .build())
* .build())
* .metadata(Map.ofEntries(
* Map.entry("gce-container-declaration", """
* # DISCLAIMER:
* # This container declaration format is not a public API and may change without
* # notice. Please use gcloud command-line tool or Google Cloud Console to run
* # Containers on Google Compute Engine.
* spec:
* containers:
* - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest
* name: callouts-vm
* securityContext:
* privileged: false
* stdin: false
* tty: false
* volumeMounts: []
* restartPolicy: Always
* volumes: []
* """),
* Map.entry("google-logging-enabled", "true")
* ))
* .deletionProtection(false)
* .build());
* // callouts instance group
* var calloutsInstanceGroup = new InstanceGroup("calloutsInstanceGroup", InstanceGroupArgs.builder()
* .name("l7-ilb-callouts-ins-group")
* .description("Terraform test instance group")
* .zone("us-west1-a")
* .instances(calloutsInstance.id())
* .namedPorts(
* InstanceGroupNamedPortArgs.builder()
* .name("http")
* .port("80")
* .build(),
* InstanceGroupNamedPortArgs.builder()
* .name("grpc")
* .port("443")
* .build())
* .build());
* // callout health check
* var calloutsHealthCheck = new RegionHealthCheck("calloutsHealthCheck", RegionHealthCheckArgs.builder()
* .name("l7-ilb-callouts-hc")
* .region("us-west1")
* .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
* .port(80)
* .build())
* .build());
* // callout backend service
* var calloutsBackend = new RegionBackendService("calloutsBackend", RegionBackendServiceArgs.builder()
* .name("l7-ilb-callouts-backend")
* .region("us-west1")
* .protocol("HTTP2")
* .loadBalancingScheme("INTERNAL_MANAGED")
* .timeoutSec(10)
* .portName("grpc")
* .healthChecks(calloutsHealthCheck.id())
* .backends(RegionBackendServiceBackendArgs.builder()
* .group(calloutsInstanceGroup.id())
* .balancingMode("UTILIZATION")
* .capacityScaler(1)
* .build())
* .build());
* var defaultLbTrafficExtension = new LbTrafficExtension("defaultLbTrafficExtension", LbTrafficExtensionArgs.builder()
* .name("l7-ilb-traffic-ext")
* .description("my traffic extension")
* .location("us-west1")
* .loadBalancingScheme("INTERNAL_MANAGED")
* .forwardingRules(default_.selfLink())
* .extensionChains(LbTrafficExtensionExtensionChainArgs.builder()
* .name("chain1")
* .matchCondition(LbTrafficExtensionExtensionChainMatchConditionArgs.builder()
* .celExpression("request.host == 'example.com'")
* .build())
* .extensions(LbTrafficExtensionExtensionChainExtensionArgs.builder()
* .name("ext11")
* .authority("ext11.com")
* .service(calloutsBackend.selfLink())
* .timeout("0.1s")
* .failOpen(false)
* .supportedEvents("REQUEST_HEADERS")
* .forwardHeaders("custom-header")
* .build())
* .build())
* .labels(Map.of("foo", "bar"))
* .build());
* // test instance
* var vmTest = new Instance("vmTest", InstanceArgs.builder()
* .name("l7-ilb-test-vm")
* .zone("us-west1-b")
* .machineType("e2-small")
* .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
* .network(ilbNetwork.id())
* .subnetwork(ilbSubnet.id())
* .build())
* .bootDisk(InstanceBootDiskArgs.builder()
* .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
* .image("debian-cloud/debian-11")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* # Internal HTTP load balancer with a managed instance group backend
* # VPC network
* ilbNetwork:
* type: gcp:compute:Network
* name: ilb_network
* properties:
* name: l7-ilb-network
* autoCreateSubnetworks: false
* # proxy-only subnet
* proxySubnet:
* type: gcp:compute:Subnetwork
* name: proxy_subnet
* properties:
* name: l7-ilb-proxy-subnet
* ipCidrRange: 10.0.0.0/24
* region: us-west1
* purpose: REGIONAL_MANAGED_PROXY
* role: ACTIVE
* network: ${ilbNetwork.id}
* # backend subnet
* ilbSubnet:
* type: gcp:compute:Subnetwork
* name: ilb_subnet
* properties:
* name: l7-ilb-subnet
* ipCidrRange: 10.0.1.0/24
* region: us-west1
* network: ${ilbNetwork.id}
* # forwarding rule
* default:
* type: gcp:compute:ForwardingRule
* properties:
* name: l7-ilb-forwarding-rule
* region: us-west1
* ipProtocol: TCP
* loadBalancingScheme: INTERNAL_MANAGED
* portRange: '80'
* target: ${defaultRegionTargetHttpProxy.id}
* network: ${ilbNetwork.id}
* subnetwork: ${ilbSubnet.id}
* networkTier: PREMIUM
* # HTTP target proxy
* defaultRegionTargetHttpProxy:
* type: gcp:compute:RegionTargetHttpProxy
* name: default
* properties:
* name: l7-ilb-target-http-proxy
* region: us-west1
* urlMap: ${defaultRegionUrlMap.id}
* # URL map
* defaultRegionUrlMap:
* type: gcp:compute:RegionUrlMap
* name: default
* properties:
* name: l7-ilb-regional-url-map
* region: us-west1
* defaultService: ${defaultRegionBackendService.id}
* # backend service
* defaultRegionBackendService:
* type: gcp:compute:RegionBackendService
* name: default
* properties:
* name: l7-ilb-backend-subnet
* region: us-west1
* protocol: HTTP
* loadBalancingScheme: INTERNAL_MANAGED
* timeoutSec: 10
* healthChecks: ${defaultRegionHealthCheck.id}
* backends:
* - group: ${mig.instanceGroup}
* balancingMode: UTILIZATION
* capacityScaler: 1
* # instance template
* instanceTemplate:
* type: gcp:compute:InstanceTemplate
* name: instance_template
* properties:
* networkInterfaces:
* - accessConfigs:
* - {}
* network: ${ilbNetwork.id}
* subnetwork: ${ilbSubnet.id}
* name: l7-ilb-mig-template
* machineType: e2-small
* tags:
* - http-server
* disks:
* - sourceImage: debian-cloud/debian-10
* autoDelete: true
* boot: true
* metadata:
* startup-script: |
* #! /bin/bash
* set -euo pipefail
* export DEBIAN_FRONTEND=noninteractive
* apt-get update
* apt-get install -y nginx-light jq
* NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
* IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
* METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
* cat < /var/www/html/index.html
*
* Name: $NAME
* IP: $IP
* Metadata: $METADATA
*
* EOF
* # health check
* defaultRegionHealthCheck:
* type: gcp:compute:RegionHealthCheck
* name: default
* properties:
* name: l7-ilb-hc
* region: us-west1
* httpHealthCheck:
* portSpecification: USE_SERVING_PORT
* # MIG
* mig:
* type: gcp:compute:RegionInstanceGroupManager
* properties:
* name: l7-ilb-mig1
* region: us-west1
* baseInstanceName: vm
* targetSize: 2
* versions:
* - instanceTemplate: ${instanceTemplate.id}
* name: primary
* # allow all access from IAP and health check ranges
* fwIap:
* type: gcp:compute:Firewall
* name: fw_iap
* properties:
* name: l7-ilb-fw-allow-iap-hc
* direction: INGRESS
* network: ${ilbNetwork.id}
* sourceRanges:
* - 130.211.0.0/22
* - 35.191.0.0/16
* - 35.235.240.0/20
* allows:
* - protocol: tcp
* # allow http from proxy subnet to backends
* fwIlbToBackends:
* type: gcp:compute:Firewall
* name: fw_ilb_to_backends
* properties:
* name: l7-ilb-fw-allow-ilb-to-backends
* direction: INGRESS
* network: ${ilbNetwork.id}
* sourceRanges:
* - 10.0.0.0/24
* targetTags:
* - http-server
* allows:
* - protocol: tcp
* ports:
* - '80'
* - '443'
* - '8080'
* defaultLbTrafficExtension:
* type: gcp:networkservices:LbTrafficExtension
* name: default
* properties:
* name: l7-ilb-traffic-ext
* description: my traffic extension
* location: us-west1
* loadBalancingScheme: INTERNAL_MANAGED
* forwardingRules:
* - ${default.selfLink}
* extensionChains:
* - name: chain1
* matchCondition:
* celExpression: request.host == 'example.com'
* extensions:
* - name: ext11
* authority: ext11.com
* service: ${calloutsBackend.selfLink}
* timeout: 0.1s
* failOpen: false
* supportedEvents:
* - REQUEST_HEADERS
* forwardHeaders:
* - custom-header
* labels:
* foo: bar
* # test instance
* vmTest:
* type: gcp:compute:Instance
* name: vm_test
* properties:
* name: l7-ilb-test-vm
* zone: us-west1-b
* machineType: e2-small
* networkInterfaces:
* - network: ${ilbNetwork.id}
* subnetwork: ${ilbSubnet.id}
* bootDisk:
* initializeParams:
* image: debian-cloud/debian-11
* # Traffic Extension Backend Instance
* calloutsInstance:
* type: gcp:compute:Instance
* name: callouts_instance
* properties:
* networkInterfaces:
* - accessConfigs:
* - {}
* network: ${ilbNetwork.id}
* subnetwork: ${ilbSubnet.id}
* name: l7-ilb-callouts-ins
* zone: us-west1-a
* machineType: e2-small
* labels:
* container-vm: cos-stable-109-17800-147-54
* tags:
* - allow-ssh
* - load-balanced-backend
* bootDisk:
* autoDelete: true
* initializeParams:
* type: pd-standard
* size: 10
* image: https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-109-17800-147-54
* metadata:
* gce-container-declaration: |
* # DISCLAIMER:
* # This container declaration format is not a public API and may change without
* # notice. Please use gcloud command-line tool or Google Cloud Console to run
* # Containers on Google Compute Engine.
* spec:
* containers:
* - image: us-docker.pkg.dev/service-extensions/ext-proc/service-callout-basic-example-python:latest
* name: callouts-vm
* securityContext:
* privileged: false
* stdin: false
* tty: false
* volumeMounts: []
* restartPolicy: Always
* volumes: []
* google-logging-enabled: 'true'
* deletionProtection: false
* # callouts instance group
* calloutsInstanceGroup:
* type: gcp:compute:InstanceGroup
* name: callouts_instance_group
* properties:
* name: l7-ilb-callouts-ins-group
* description: Terraform test instance group
* zone: us-west1-a
* instances:
* - ${calloutsInstance.id}
* namedPorts:
* - name: http
* port: '80'
* - name: grpc
* port: '443'
* # callout health check
* calloutsHealthCheck:
* type: gcp:compute:RegionHealthCheck
* name: callouts_health_check
* properties:
* name: l7-ilb-callouts-hc
* region: us-west1
* httpHealthCheck:
* port: 80
* # callout backend service
* calloutsBackend:
* type: gcp:compute:RegionBackendService
* name: callouts_backend
* properties:
* name: l7-ilb-callouts-backend
* region: us-west1
* protocol: HTTP2
* loadBalancingScheme: INTERNAL_MANAGED
* timeoutSec: 10
* portName: grpc
* healthChecks: ${calloutsHealthCheck.id}
* backends:
* - group: ${calloutsInstanceGroup.id}
* balancingMode: UTILIZATION
* capacityScaler: 1
* ```
*
* ## Import
* LbTrafficExtension can be imported using any of these accepted formats:
* * `projects/{{project}}/locations/{{location}}/lbTrafficExtensions/{{name}}`
* * `{{project}}/{{location}}/{{name}}`
* * `{{location}}/{{name}}`
* When using the `pulumi import` command, LbTrafficExtension can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:networkservices/lbTrafficExtension:LbTrafficExtension default projects/{{project}}/locations/{{location}}/lbTrafficExtensions/{{name}}
* ```
* ```sh
* $ pulumi import gcp:networkservices/lbTrafficExtension:LbTrafficExtension default {{project}}/{{location}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:networkservices/lbTrafficExtension:LbTrafficExtension default {{location}}/{{name}}
* ```
* @property description A human-readable description of the resource.
* @property extensionChains A set of ordered extension chains that contain the match conditions and extensions to execute.
* Match conditions for each extension chain are evaluated in sequence for a given request.
* The first extension chain that has a condition that matches the request is executed.
* Any subsequent extension chains do not execute. Limited to 5 extension chains per resource.
* Structure is documented below.
* @property forwardingRules A list of references to the forwarding rules to which this service extension is attached to.
* At least one forwarding rule is required. There can be only one LBTrafficExtension resource per forwarding rule.
* @property labels Set of labels associated with the LbTrafficExtension resource. **Note**: This field is non-authoritative, and will only
* manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels
* present on the resource.
* @property loadBalancingScheme All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. For
* more information, refer to Choosing a load balancer. Possible values: ["LOAD_BALANCING_SCHEME_UNSPECIFIED",
* "INTERNAL_MANAGED", "EXTERNAL_MANAGED"]
* @property location The location of the traffic extension
* @property name Name of the LbTrafficExtension resource in the following format: projects/{project}/locations/{location}/lbTrafficExtensions/{lbTrafficExtension}.
* @property project
*/
public data class LbTrafficExtensionArgs(
public val description: Output? = null,
public val extensionChains: Output>? = null,
public val forwardingRules: Output>? = null,
public val labels: Output
© 2015 - 2024 Weber Informatics LLC | Privacy Policy