# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: blueprints.cloud.google.com/v1alpha1 kind: BlueprintMetadata metadata: name: terraform-google-regional-lb-http-backend annotations: config.kubernetes.io/local-config: "true" spec: info: title: HTTP Regional Load balancer backend module source: repo: https://github.com/googlestaging/terraform-google-regional-lb-http.git sourceType: git dir: /modules/backend version: 0.4.3 actuationTool: flavor: Terraform version: ">= 1.3" description: {} content: examples: - name: cloud-run location: examples/cloud-run - name: gce-mig location: examples/gce-mig - name: internal-lb-cloud-run location: examples/internal-lb-cloud-run - name: internal-lb-gce-mig location: examples/internal-lb-gce-mig interfaces: variables: - name: project_id description: The project to deploy load balancer backend resources. varType: string required: true - name: region description: The region where the load balancer backend service will be created varType: string required: true - name: name description: Name for the load balancer backend service. varType: string required: true - name: host_path_mappings description: The list of host/path for which traffic should be sent to this backend service varType: |- list(object({ host = string path = string })) defaultValue: - host: "*" path: /* - name: serverless_neg_backends description: The list of serverless backends which serves the traffic. A region can have only one serverless backend. varType: |- list(object({ region = string type = string // cloud-run, cloud-function, and app-engine service_name = string service_version = optional(string) capacity_scaler = optional(number, 1.0) })) defaultValue: [] connections: - source: source: github.com/GoogleCloudPlatform/terraform-google-cloud-run//modules/v2 version: ">= 0.13" spec: outputExpr: "{\"region\": location, \"service_name\": service_name, \"type\": \"cloud-run\", \"service_version\": \"\", \"capacity_scaler\": 1.0}" - name: groups description: The list of backend instance group which serves the traffic. varType: |- list(object({ group = string description = optional(string) balancing_mode = optional(string) capacity_scaler = optional(number, 1.0) max_connections = optional(number) max_connections_per_instance = optional(number) max_connections_per_endpoint = optional(number) max_rate = optional(number) max_rate_per_instance = optional(number) max_rate_per_endpoint = optional(number) max_utilization = optional(number) })) defaultValue: [] connections: - source: source: github.com/terraform-google-modules/terraform-google-vm//modules/mig version: ">= 12.0" spec: outputExpr: "{\"group\": instance_group, \"description\": \"Input created by connection\"}" - name: load_balancing_scheme description: Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL_MANAGED for Envoy-based load balancer, and INTERNAL_MANAGED for internal load balancer) varType: string defaultValue: EXTERNAL_MANAGED - name: protocol description: The protocol this BackendService uses to communicate with backends. varType: string defaultValue: HTTP - name: port_name description: Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL. varType: string defaultValue: http - name: description description: Description of the backend service. varType: string - name: health_check description: Input for creating HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. varType: |- object({ host = optional(string, null) request_path = optional(string, null) request = optional(string, null) response = optional(string, null) port = optional(number, null) port_name = optional(string, null) proxy_header = optional(string, null) port_specification = optional(string, null) protocol = optional(string, null) check_interval_sec = optional(number, 10) timeout_sec = optional(number, 10) healthy_threshold = optional(number, 2) unhealthy_threshold = optional(number, 2) logging = optional(bool, true) }) - name: firewall_networks description: Names of the networks to create firewall rules in varType: list(string) defaultValue: - default - name: firewall_projects description: Names of the projects to create firewall rules in varType: list(string) defaultValue: - default - name: target_tags description: List of target tags for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. varType: list(string) defaultValue: [] - name: target_service_accounts description: List of target service accounts for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified. varType: list(string) defaultValue: [] - name: firewall_source_ranges description: Source ranges for regional Application Load Balancer's proxies. This should be set to ip_cidr_range of your REGIONAL_MANAGED_PROXY subnet. varType: list(string) defaultValue: - 10.129.0.0/23 - name: connection_draining_timeout_sec description: Time for which instance will be drained (not accept new connections, but still work to finish started). varType: number - name: enable_cdn description: Enable Cloud CDN for this BackendService. varType: bool defaultValue: false - name: session_affinity description: "Type of session affinity to use. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY." varType: string - name: affinity_cookie_ttl_sec description: Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. varType: number - name: locality_lb_policy description: The load balancing algorithm used within the scope of the locality. varType: string - name: security_policy description: The resource URL for the security policy to associate with the backend service varType: string - name: timeout_sec description: This has different meaning for different type of load balancing. Please refer https://cloud.google.com/load-balancing/docs/backend-service#timeout-setting varType: number outputs: - name: backend_service_info description: Host, path and backend service mapping type: - list - - object - backend_service: string host: string path: string requirements: roles: - level: Project roles: - roles/compute.xpnAdmin - level: Project roles: - roles/storage.admin - roles/compute.admin - roles/run.admin - roles/iam.serviceAccountUser - roles/certificatemanager.owner - roles/vpcaccess.admin - roles/iam.serviceAccountAdmin services: - cloudresourcemanager.googleapis.com - storage-api.googleapis.com - serviceusage.googleapis.com - compute.googleapis.com - run.googleapis.com - iam.googleapis.com - certificatemanager.googleapis.com - vpcaccess.googleapis.com providerVersions: - source: hashicorp/google version: ">= 6.0, < 7" - source: hashicorp/google-beta version: ">= 6.0, < 7" - source: hashicorp/random version: ">= 2.1"