Adding IPv6 support to lb_internal module

PaloAltoNetworks · Sep 13, 2024 · 43233a2 · 43233a2
1 parent bbd9e72
commit 43233a2
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 6 deletions.
diff --git a/modules/lb_internal/README.md b/modules/lb_internal/README.md
@@ -43,8 +43,9 @@ No modules.
 | <a name="input_failover_ratio"></a> [failover\_ratio](#input\_failover\_ratio) | (Optional) The value of the field must be in [0, 1]. If the ratio of the healthy VMs in the primary backend is at or below this number, traffic arriving at the load-balanced IP will be directed to the failover\_backends. In case where 'failoverRatio' is not set or all the VMs in the backup backend are unhealthy, the traffic will be directed back to the primary backend in the `force` mode, where traffic will be spread to the healthy VMs with the best effort, or to all VMs when no VM is healthy. This field is only used with l4 load balancing. | `number` | `null` | no |
 | <a name="input_health_check"></a> [health\_check](#input\_health\_check) | (Optional) Name of either the global google\_compute\_health\_check or google\_compute\_region\_health\_check to use. Conflicts with health\_check\_port. | `string` | `null` | no |
 | <a name="input_health_check_port"></a> [health\_check\_port](#input\_health\_check\_port) | (Optional) Port number for TCP healthchecking, default 22. This setting is ignored when `health_check` is provided. | `number` | `22` | no |
-| <a name="input_ip_address"></a> [ip\_address](#input\_ip\_address) | n/a | `any` | `null` | no |
+| <a name="input_ip_address"></a> [ip\_address](#input\_ip\_address) | (Optional) An existing private IP address on which LB listens. IP version must correspond `ip_version`.<br>In case of IPv6 address specify address with a netmask, for example: fd20:6db:d1b6:1000:0:1::/96.<br>If empty, a new ephemeral IP address is created on the PREMIUM tier. | `any` | `null` | no |
 | <a name="input_ip_protocol"></a> [ip\_protocol](#input\_ip\_protocol) | The IP protocol for the frontend forwarding rule, valid values are TCP and UDP. | `string` | `"TCP"` | no |
+| <a name="input_ip_version"></a> [ip\_version](#input\_ip\_version) | (Optional) The IP version that will be used by this Load Balancer. Possible values are: IPV4 (default), IPV6. | `string` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of the load balancer (that is, both the forwarding rule and the backend service) | `string` | n/a | yes |
 | <a name="input_network"></a> [network](#input\_network) | n/a | `any` | `null` | no |
 | <a name="input_ports"></a> [ports](#input\_ports) | Which port numbers are forwarded to the backends (up to 5 ports). Conflicts with all\_ports. | `list(number)` | `[]` | no |

diff --git a/modules/lb_internal/main.tf b/modules/lb_internal/main.tf
@@ -23,16 +23,18 @@ resource "google_compute_region_backend_service" "this" {
   dynamic "backend" {
     for_each = var.backends
     content {
-      group    = backend.value
-      failover = false
+      group          = backend.value
+      failover       = false
+      balancing_mode = "CONNECTION"
     }
   }
 
   dynamic "backend" {
     for_each = var.failover_backends
     content {
-      group    = backend.value
-      failover = true
+      group          = backend.value
+      failover       = true
+      balancing_mode = "CONNECTION"
     }
   }
 
@@ -55,6 +57,13 @@ resource "google_compute_region_backend_service" "this" {
       failover_ratio                       = var.failover_ratio
     }
   }
+
+  # For provider >=v6 `iap { enabled = false }` block is required for convergence.
+  # For provider <=v5 `iap { enabled = false }` is not complete (has missing arguments).
+  # To overcome issues we are ignore `iap { }` block.
+  lifecycle {
+    ignore_changes = [iap]
+  }
 }
 
 resource "google_compute_forwarding_rule" "this" {
@@ -63,6 +72,7 @@ resource "google_compute_forwarding_rule" "this" {
   region  = var.region
 
   load_balancing_scheme = "INTERNAL"
+  ip_version            = var.ip_version
   ip_address            = var.ip_address
   ip_protocol           = var.ip_protocol
   all_ports             = var.all_ports

diff --git a/modules/lb_internal/variables.tf b/modules/lb_internal/variables.tf
@@ -42,8 +42,19 @@ variable "subnetwork" {
   type = string
 }
 
+variable "ip_version" {
+  description = "(Optional) The IP version that will be used by this Load Balancer. Possible values are: IPV4 (default), IPV6."
+  type        = string
+  default     = null
+}
+
 variable "ip_address" {
-  default = null
+  description = <<-EOF
+    (Optional) An existing private IP address on which LB listens. IP version must correspond `ip_version`.
+    In case of IPv6 address specify address with a netmask, for example: fd20:6db:d1b6:1000:0:1::/96.
+    If empty, a new ephemeral IP address is created on the PREMIUM tier.
+  EOF
+  default     = null
 }
 
 variable "ip_protocol" {