Commit 77f0263d authored by John Jarvis's avatar John Jarvis

Add web-iap for iap access to the front-end.

parent 52cd62ea
###########################################################
# This is specific to the gprd environment
# and defines the mapping from web-iap hosts to backend
# services. This lb is used for allowing access to the gprd
# site with oauth.
variable "oauth2_client_id_web_iap" {}
variable "oauth2_client_secret_web_iap" {}
resource "google_compute_backend_service" "web-iap" {
name = "gprd-web-iap"
protocol = "HTTPS"
port_name = "web-iap"
backend {
group = "${module.fe-lb.instance_groups_self_link[0]}"
}
backend {
group = "${module.fe-lb.instance_groups_self_link[1]}"
}
backend {
group = "${module.fe-lb.instance_groups_self_link[2]}"
}
health_checks = ["${google_compute_health_check.web-ip.self_link}"]
iap {
oauth2_client_id = "${var.oauth2_client_id_web_iap}"
oauth2_client_secret = "${var.oauth2_client_secret_web_iap}"
}
}
resource "google_compute_health_check" "web-ip" {
name = "web-iap"
tcp_health_check {
port = "443"
}
}
resource "google_compute_url_map" "web-iap" {
name = "${format("%v-web-iap-lb", var.environment)}"
default_service = "${google_compute_backend_service.web-iap.self_link}"
host_rule {
hosts = ["web.gprd.gitlab.com"]
path_matcher = "web-iap"
}
path_matcher {
name = "web-iap"
default_service = "${google_compute_backend_service.web-iap.self_link}"
path_rule {
paths = ["/*"]
service = "${google_compute_backend_service.web-iap.self_link}"
}
}
}
......@@ -599,6 +599,27 @@ module "fe-lb-altssh" {
vpc = "${module.network.self_link}"
}
#######################
#
# Load balancer to IAP on web front end
#
#######################
module "web-iap-lb" {
subnetwork_name = "${google_compute_subnetwork.monitoring.name}"
environment = "${var.environment}"
source = "../../modules/google/monitoring-lb"
name = "web-iap-lb"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
project = "${var.project}"
region = "${var.region}"
gitlab_com_zone_id = "${var.gitlab_com_zone_id}"
cert_link = "${var.monitoring_cert_link}"
service_ports = ["443"]
url_map = "${google_compute_url_map.web-iap.self_link}"
hosts = ["web"]
}
##################################
#
# GCP TCP LoadBalancers
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment