Expand LB creation options

Provides a variable which swaps around the load balancer scheme used between internal and external, determining if a private or public IP is used. Provides additional variable which overrides architecture definitions and will disable load balancer creation.

Author: ody

main.tf

@@ -89,7 +89,7 @@ locals {
  subnetwork = coalesce(module.networking.subnetwork_link, try(data.google_compute_subnetwork.existing[0].self_link, null))
  create_network = var.subnetwork == null ? true : false
  fetch_existing = var.subnetwork == null ? 0 : 1
- has_lb = data.hiera5_bool.has_compilers.value ? true : false
+ has_lb = var.disable_lb ? false : data.hiera5_bool.has_compilers.value ? true : false
  labels = merge(var.labels, { "stack" = var.stack_name })
 }
 
@@ -112,14 +112,15 @@ module "networking" {
 
 # Contain all the loadbalancer configuration in a module for readability
 module "loadbalancer" {
- source = "./modules/loadbalancer"
- id = local.id
- ports = ["8140", "8142"]
- network = local.network
- subnetwork = local.subnetwork
- region = var.region
- instances = module.instances.compilers
- has_lb = local.has_lb
+ source = "./modules/loadbalancer"
+ id = local.id
+ ports = ["8140", "8142"]
+ network = local.network
+ subnetwork = local.subnetwork
+ region = var.region
+ instances = module.instances.compilers
+ has_lb = local.has_lb
+ lb_ip_mode = var.lb_ip_mode
 }
 
 # Contain all the instances configuration in a module for readability

modules/loadbalancer/main.tf

@@ -2,6 +2,9 @@
 locals {
  instance_zones = toset(nonsensitive(var.instances[*].zone))
  lb_count = var.has_lb ? 1 : 0
+ lb_scheme = var.lb_ip_mode == "public" ? "EXTERNAL" : "INTERNAL"
+ lb_network = var.lb_ip_mode == "public" ? null : var.network
+ lb_subnetwork = var.lb_ip_mode == "public" ? null : var.subnetwork
 }
 
 # Create an instance group per zone to attach that zone's compilers to
@@ -14,7 +17,7 @@ resource "google_compute_instance_group" "backend" {
 
 # Define a health check that'll indicate the health of a compiler node, very
 # irritating that this is a 1:1 mapping of front end IP to port
-resource "google_compute_health_check" "pe_compiler" {
+resource "google_compute_region_health_check" "pe_compiler" {
  count = local.lb_count
  name = "pe-compiler-${var.id}"
 
@@ -23,10 +26,11 @@ resource "google_compute_health_check" "pe_compiler" {
 
 # The backend service that bundles together all the zonal instance groups
 resource "google_compute_region_backend_service" "pe_compiler_lb" {
- count = local.lb_count
- name = "pe-compiler-lb-${var.id}"
- health_checks = [google_compute_health_check.pe_compiler[0].self_link]
- region = var.region
+ count = local.lb_count
+ name = "pe-compiler-lb-${var.id}"
+ load_balancing_scheme = local.lb_scheme
+ health_checks = [google_compute_region_health_check.pe_compiler[0].self_link]
+ region = var.region
 
  dynamic "backend" {
  for_each = local.instance_zones
@@ -41,9 +45,9 @@ resource "google_compute_forwarding_rule" "pe_compiler_lb" {
  count = local.lb_count
  name = "pe-compiler-lb-${var.id}"
  service_label = "puppet"
- load_balancing_scheme = "INTERNAL"
+ load_balancing_scheme = local.lb_scheme
  ports = var.ports
- network = var.network
- subnetwork = var.subnetwork
  backend_service = google_compute_region_backend_service.pe_compiler_lb[0].self_link
+ network = local.lb_network
+ subnetwork = local.lb_subnetwork
 }

modules/loadbalancer/variables.tf

@@ -30,4 +30,8 @@ variable network {
 variable subnetwork {
  description = "Regional subnetwork assigned to VPC network provisioned by the networking submodule"
  type = string
+}
+variable "lb_ip_mode" {
+ description = "Designate if a public or private IP address is assigned to load balancer"
+ type = string
 }

variables.tf

@@ -86,3 +86,18 @@ variable "subnetwork_project" {
  type = string
  default = null
 }
+variable "lb_ip_mode" {
+ description = "Designate if a public or private IP address is assigned to load balancer"
+ type = string
+ default = "public"
+
+ validation {
+ condition = contains(["public", "private"], var.lb_ip_mode)
+ error_message = "The provisioned load balancer can only have a public or private IP address assigned."
+ }
+}
+variable "disable_lb" {
+ description = "Disable load balancer creation for all architectures if you desire manually provisioning your own"
+ type = bool
+ default = false
+}