Commit 5e2c237b authored by Ahmad Sherif's avatar Ahmad Sherif

Merge branch 'jarv/add-lifecycle-rules-for-tcp-lbs' into 'master'

Adds no-destroy lifecycle rules for lbs.

See merge request !533
parents 6f6135a6 f0fd5b4b
/*
TCP LBs are on the edge of our infrastructure and
represent critical components (including IP addresses)
that should never be destroyed or released
unless you are absolutely sure you know what you
are doing, for this reason we set a lifecycle
rule to prevent the destruction of these resources.
Note that variable interpolation does not work in
lifecycle attributes so this can not be parameterized.
See https://github.com/hashicorp/terraform/issues/3116
*/
data "google_compute_lb_ip_ranges" "ranges" {}
resource "aws_route53_record" "default" {
......@@ -7,6 +22,10 @@ resource "aws_route53_record" "default" {
type = "A"
ttl = "300"
records = ["${google_compute_address.default.address}"]
lifecycle {
prevent_destroy = true
}
}
resource "aws_route53_record" "internal" {
......@@ -16,6 +35,10 @@ resource "aws_route53_record" "internal" {
type = "A"
ttl = "300"
records = ["${google_compute_forwarding_rule.internal.ip_address}"]
lifecycle {
prevent_destroy = true
}
}
resource "google_compute_address" "default" {
......@@ -23,6 +46,10 @@ resource "google_compute_address" "default" {
project = "${var.project}"
region = "${var.region}"
address_type = "${var.external ? "EXTERNAL" : "INTERNAL"}"
lifecycle {
prevent_destroy = true
}
}
resource "google_compute_firewall" "default" {
......@@ -36,6 +63,10 @@ resource "google_compute_firewall" "default" {
source_ranges = ["${concat(data.google_compute_lb_ip_ranges.ranges.network, data.google_compute_lb_ip_ranges.ranges.http_ssl_tcp_internal)}"]
target_tags = ["${var.targets}"]
lifecycle {
prevent_destroy = true
}
}
resource "google_compute_forwarding_rule" "default" {
......@@ -47,6 +78,10 @@ resource "google_compute_forwarding_rule" "default" {
load_balancing_scheme = "${var.external ? "EXTERNAL" : "INTERNAL"}"
port_range = "${var.forwarding_port_ranges[count.index]}"
ip_address = "${google_compute_address.default.address}"
lifecycle {
prevent_destroy = true
}
}
resource "google_compute_forwarding_rule" "internal" {
......@@ -60,6 +95,10 @@ resource "google_compute_forwarding_rule" "internal" {
network = "${var.environment}"
subnetwork = "${var.subnetwork_self_link}"
service_label = "i"
lifecycle {
prevent_destroy = true
}
}
resource "google_compute_target_pool" "default" {
......@@ -73,6 +112,10 @@ resource "google_compute_target_pool" "default" {
health_checks = [
"${google_compute_http_health_check.default.*.self_link[count.index]}",
]
lifecycle {
prevent_destroy = true
}
}
resource "google_compute_http_health_check" "default" {
......@@ -87,4 +130,8 @@ resource "google_compute_http_health_check" "default" {
check_interval_sec = 2
healthy_threshold = 2
unhealthy_threshold = 2
lifecycle {
prevent_destroy = true
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment