cannot create internal load balancer on a subnetwork
justinabrahms opened this issue · 2 comments
justinabrahms commented
TL;DR
the module doesn't take a subnetwork parameter, which is required to create an ip address within the right subnetwork range.
Expected behavior
I should be able to pass in my subnetwork.
Observed behavior
╷
│ Error: Error creating GlobalForwardingRule: googleapi: Error 400: Invalid value for field 'resource.IPAddress': '192.168.87.235'. Address '192.168.87.235' is not in the subnetwork ranges of network 'default'., invalid
│
│ with module.gce-internal-lb-http.google_compute_global_forwarding_rule.http[0],
│ on .terraform/modules/gce-internal-lb-http/main.tf line 32, in resource "google_compute_global_forwarding_rule" "http":
│ 32: resource "google_compute_global_forwarding_rule" "http" {
│
╵
Terraform Configuration
resource "google_compute_address" "internal-cluster" {
name = "${var.environment}-internal-ip"
address_type = "INTERNAL"
subnetwork = google_compute_subnetwork.cluster.id
}
module "gce-internal-lb-http" {
source = "GoogleCloudPlatform/lb-http/google"
version = "~> 9.0"
project = local.project_id
name = "${var.environment}-internal-http-lb"
load_balancing_scheme = "INTERNAL_MANAGED"
target_tags = ["client"]
create_address = false
address = google_compute_address.internal-cluster.address
network = module.networking.network_name
backends = {
default = {
port_name = "traefik"
protocol = "HTTP"
timeout_sec = 10
enable_cdn = false
health_check = {
request_path = "/___heartbeat___"
port_name = "traefik"
port = 80 # required so that the firewall knows which port to allow
protocol = "HTTP"
}
log_config = {
enable = false
}
groups = [
# {group = my-group-here}
]
iap_config = {
enable = false
}
}
}
}
Terraform Version
Terraform v1.5.7
on linux_amd64
+ provider registry.terraform.io/cloudflare/cloudflare v4.9.0
+ provider registry.terraform.io/hashicorp/google v4.72.0
+ provider registry.terraform.io/hashicorp/google-beta v4.84.0
+ provider registry.terraform.io/hashicorp/nomad v1.4.20
+ provider registry.terraform.io/hashicorp/null v3.2.1
+ provider registry.terraform.io/hashicorp/random v3.5.1
+ provider registry.terraform.io/integrations/github v5.29.0
+ provider registry.terraform.io/tailscale/tailscale v0.13.7
Your version of Terraform is out of date! The latest version
is 1.6.0. You can update by downloading from https://www.terraform.io/downloads.htAdditional information
No response
justinabrahms commented
Playing around with making a PR and this is more complex than it sounded. I'm not seeing how to make global forwarding rules that point to internal ips that are owned by a subnetwork. Just passing along the subnetwork yields this error, which I believe means not using global forwarding rules:
│ Error: Error creating GlobalForwardingRule: googleapi: Error 400: Invalid value for field 'resource.subnetwork': 'projects/<mine>/regions/us-central1/subnetworks/<subnet>'. The network/subnetwork field(s) can only be used for INTERNAL forwarding rules., invalid
│
│ with module.gce-internal-lb-http.google_compute_global_forwarding_rule.http[0],
│ on ../modules/terraform-google-lb-http/main.tf line 33, in resource "google_compute_global_forwarding_rule" "http":
│ 33: resource "google_compute_global_forwarding_rule" "http" {
imrannayer commented
@justinabrahms this module can only create External Application load balancers of type:
- Classic
- Envoy based
- Traffic director