@pulumi/gcp 6.14.0 → 6.15.0-alpha.1646344351
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/certificateauthority/caPool.d.ts +91 -0
- package/certificateauthority/caPool.js +91 -0
- package/certificateauthority/caPool.js.map +1 -1
- package/compute/globalForwardingRule.d.ts +153 -0
- package/compute/globalForwardingRule.js +153 -0
- package/compute/globalForwardingRule.js.map +1 -1
- package/package.json +2 -2
- package/package.json.dev +2 -2
|
@@ -121,6 +121,97 @@ import { input as inputs, output as outputs } from "../types";
|
|
|
121
121
|
* tier: "ENTERPRISE",
|
|
122
122
|
* });
|
|
123
123
|
* ```
|
|
124
|
+
* ### Privateca Quickstart
|
|
125
|
+
*
|
|
126
|
+
* ```typescript
|
|
127
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
128
|
+
* import * as gcp from "@pulumi/gcp";
|
|
129
|
+
* import * as tls from "@pulumi/tls";
|
|
130
|
+
*
|
|
131
|
+
* const examplePrivateKey = new tls.PrivateKey("examplePrivateKey", {algorithm: "RSA"});
|
|
132
|
+
* const exampleCertRequest = new tls.CertRequest("exampleCertRequest", {
|
|
133
|
+
* keyAlgorithm: "RSA",
|
|
134
|
+
* privateKeyPem: examplePrivateKey.privateKeyPem,
|
|
135
|
+
* subjects: [{
|
|
136
|
+
* commonName: "example.com",
|
|
137
|
+
* organization: "ACME Examples, Inc",
|
|
138
|
+
* }],
|
|
139
|
+
* });
|
|
140
|
+
* const defaultCaPool = new gcp.certificateauthority.CaPool("defaultCaPool", {
|
|
141
|
+
* location: "us-central1",
|
|
142
|
+
* tier: "ENTERPRISE",
|
|
143
|
+
* project: "project-id",
|
|
144
|
+
* publishingOptions: {
|
|
145
|
+
* publishCaCert: true,
|
|
146
|
+
* publishCrl: true,
|
|
147
|
+
* },
|
|
148
|
+
* labels: {
|
|
149
|
+
* foo: "bar",
|
|
150
|
+
* },
|
|
151
|
+
* issuancePolicy: {
|
|
152
|
+
* baselineValues: {
|
|
153
|
+
* caOptions: {
|
|
154
|
+
* isCa: false,
|
|
155
|
+
* },
|
|
156
|
+
* keyUsage: {
|
|
157
|
+
* baseKeyUsage: {
|
|
158
|
+
* digitalSignature: true,
|
|
159
|
+
* keyEncipherment: true,
|
|
160
|
+
* },
|
|
161
|
+
* extendedKeyUsage: {
|
|
162
|
+
* serverAuth: true,
|
|
163
|
+
* },
|
|
164
|
+
* },
|
|
165
|
+
* },
|
|
166
|
+
* },
|
|
167
|
+
* });
|
|
168
|
+
* const test_ca = new gcp.certificateauthority.Authority("test-ca", {
|
|
169
|
+
* certificateAuthorityId: "my-authority",
|
|
170
|
+
* location: "us-central1",
|
|
171
|
+
* project: "project-id",
|
|
172
|
+
* pool: google_privateca_ca_pool.pool.name,
|
|
173
|
+
* config: {
|
|
174
|
+
* subjectConfig: {
|
|
175
|
+
* subject: {
|
|
176
|
+
* countryCode: "us",
|
|
177
|
+
* organization: "google",
|
|
178
|
+
* organizationalUnit: "enterprise",
|
|
179
|
+
* locality: "mountain view",
|
|
180
|
+
* province: "california",
|
|
181
|
+
* streetAddress: "1600 amphitheatre parkway",
|
|
182
|
+
* postalCode: "94109",
|
|
183
|
+
* commonName: "my-certificate-authority",
|
|
184
|
+
* },
|
|
185
|
+
* },
|
|
186
|
+
* x509Config: {
|
|
187
|
+
* caOptions: {
|
|
188
|
+
* isCa: true,
|
|
189
|
+
* },
|
|
190
|
+
* keyUsage: {
|
|
191
|
+
* baseKeyUsage: {
|
|
192
|
+
* certSign: true,
|
|
193
|
+
* crlSign: true,
|
|
194
|
+
* },
|
|
195
|
+
* extendedKeyUsage: {
|
|
196
|
+
* serverAuth: true,
|
|
197
|
+
* },
|
|
198
|
+
* },
|
|
199
|
+
* },
|
|
200
|
+
* },
|
|
201
|
+
* type: "SELF_SIGNED",
|
|
202
|
+
* keySpec: {
|
|
203
|
+
* algorithm: "RSA_PKCS1_4096_SHA256",
|
|
204
|
+
* },
|
|
205
|
+
* });
|
|
206
|
+
* const defaultCertificate = new gcp.certificateauthority.Certificate("defaultCertificate", {
|
|
207
|
+
* pool: google_privateca_ca_pool.pool.name,
|
|
208
|
+
* certificateAuthority: test_ca.certificateAuthorityId,
|
|
209
|
+
* project: "project-id",
|
|
210
|
+
* location: "us-central1",
|
|
211
|
+
* lifetime: "860s",
|
|
212
|
+
* pemCsr: exampleCertRequest.certRequestPem,
|
|
213
|
+
* });
|
|
214
|
+
* ```
|
|
124
215
|
*
|
|
125
216
|
* ## Import
|
|
126
217
|
*
|
|
@@ -126,6 +126,97 @@ const utilities = require("../utilities");
|
|
|
126
126
|
* tier: "ENTERPRISE",
|
|
127
127
|
* });
|
|
128
128
|
* ```
|
|
129
|
+
* ### Privateca Quickstart
|
|
130
|
+
*
|
|
131
|
+
* ```typescript
|
|
132
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
133
|
+
* import * as gcp from "@pulumi/gcp";
|
|
134
|
+
* import * as tls from "@pulumi/tls";
|
|
135
|
+
*
|
|
136
|
+
* const examplePrivateKey = new tls.PrivateKey("examplePrivateKey", {algorithm: "RSA"});
|
|
137
|
+
* const exampleCertRequest = new tls.CertRequest("exampleCertRequest", {
|
|
138
|
+
* keyAlgorithm: "RSA",
|
|
139
|
+
* privateKeyPem: examplePrivateKey.privateKeyPem,
|
|
140
|
+
* subjects: [{
|
|
141
|
+
* commonName: "example.com",
|
|
142
|
+
* organization: "ACME Examples, Inc",
|
|
143
|
+
* }],
|
|
144
|
+
* });
|
|
145
|
+
* const defaultCaPool = new gcp.certificateauthority.CaPool("defaultCaPool", {
|
|
146
|
+
* location: "us-central1",
|
|
147
|
+
* tier: "ENTERPRISE",
|
|
148
|
+
* project: "project-id",
|
|
149
|
+
* publishingOptions: {
|
|
150
|
+
* publishCaCert: true,
|
|
151
|
+
* publishCrl: true,
|
|
152
|
+
* },
|
|
153
|
+
* labels: {
|
|
154
|
+
* foo: "bar",
|
|
155
|
+
* },
|
|
156
|
+
* issuancePolicy: {
|
|
157
|
+
* baselineValues: {
|
|
158
|
+
* caOptions: {
|
|
159
|
+
* isCa: false,
|
|
160
|
+
* },
|
|
161
|
+
* keyUsage: {
|
|
162
|
+
* baseKeyUsage: {
|
|
163
|
+
* digitalSignature: true,
|
|
164
|
+
* keyEncipherment: true,
|
|
165
|
+
* },
|
|
166
|
+
* extendedKeyUsage: {
|
|
167
|
+
* serverAuth: true,
|
|
168
|
+
* },
|
|
169
|
+
* },
|
|
170
|
+
* },
|
|
171
|
+
* },
|
|
172
|
+
* });
|
|
173
|
+
* const test_ca = new gcp.certificateauthority.Authority("test-ca", {
|
|
174
|
+
* certificateAuthorityId: "my-authority",
|
|
175
|
+
* location: "us-central1",
|
|
176
|
+
* project: "project-id",
|
|
177
|
+
* pool: google_privateca_ca_pool.pool.name,
|
|
178
|
+
* config: {
|
|
179
|
+
* subjectConfig: {
|
|
180
|
+
* subject: {
|
|
181
|
+
* countryCode: "us",
|
|
182
|
+
* organization: "google",
|
|
183
|
+
* organizationalUnit: "enterprise",
|
|
184
|
+
* locality: "mountain view",
|
|
185
|
+
* province: "california",
|
|
186
|
+
* streetAddress: "1600 amphitheatre parkway",
|
|
187
|
+
* postalCode: "94109",
|
|
188
|
+
* commonName: "my-certificate-authority",
|
|
189
|
+
* },
|
|
190
|
+
* },
|
|
191
|
+
* x509Config: {
|
|
192
|
+
* caOptions: {
|
|
193
|
+
* isCa: true,
|
|
194
|
+
* },
|
|
195
|
+
* keyUsage: {
|
|
196
|
+
* baseKeyUsage: {
|
|
197
|
+
* certSign: true,
|
|
198
|
+
* crlSign: true,
|
|
199
|
+
* },
|
|
200
|
+
* extendedKeyUsage: {
|
|
201
|
+
* serverAuth: true,
|
|
202
|
+
* },
|
|
203
|
+
* },
|
|
204
|
+
* },
|
|
205
|
+
* },
|
|
206
|
+
* type: "SELF_SIGNED",
|
|
207
|
+
* keySpec: {
|
|
208
|
+
* algorithm: "RSA_PKCS1_4096_SHA256",
|
|
209
|
+
* },
|
|
210
|
+
* });
|
|
211
|
+
* const defaultCertificate = new gcp.certificateauthority.Certificate("defaultCertificate", {
|
|
212
|
+
* pool: google_privateca_ca_pool.pool.name,
|
|
213
|
+
* certificateAuthority: test_ca.certificateAuthorityId,
|
|
214
|
+
* project: "project-id",
|
|
215
|
+
* location: "us-central1",
|
|
216
|
+
* lifetime: "860s",
|
|
217
|
+
* pemCsr: exampleCertRequest.certRequestPem,
|
|
218
|
+
* });
|
|
219
|
+
* ```
|
|
129
220
|
*
|
|
130
221
|
* ## Import
|
|
131
222
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"caPool.js","sourceRoot":"","sources":["../../certificateauthority/caPool.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,0CAA0C;AAE1C
|
|
1
|
+
{"version":3,"file":"caPool.js","sourceRoot":"","sources":["../../certificateauthority/caPool.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoOG;AACH,MAAa,MAAO,SAAQ,MAAM,CAAC,cAAc;IAuE7C,YAAY,IAAY,EAAE,WAAsC,EAAE,IAAmC;QACjG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsC,CAAC;YACrD,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAAqC,CAAC;YACnD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SACzD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3D,CAAC;IApGD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmB,EAAE,IAAmC;QACjH,OAAO,IAAI,MAAM,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC7D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,MAAM,CAAC,YAAY,CAAC;IACvD,CAAC;;AA1BL,wBAsGC;AAxFG,gBAAgB;AACO,mBAAY,GAAG,wCAAwC,CAAC"}
|
|
@@ -10,6 +10,159 @@ import { input as inputs, output as outputs } from "../types";
|
|
|
10
10
|
* <https://cloud.google.com/compute/docs/load-balancing/http/>
|
|
11
11
|
*
|
|
12
12
|
* ## Example Usage
|
|
13
|
+
* ### External Ssl Proxy Lb Mig Backend
|
|
14
|
+
*
|
|
15
|
+
* ```typescript
|
|
16
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
17
|
+
* import * as gcp from "@pulumi/gcp";
|
|
18
|
+
* import * as tls from "@pulumi/tls";
|
|
19
|
+
*
|
|
20
|
+
* // External SSL proxy load balancer with managed instance group backend
|
|
21
|
+
* // VPC
|
|
22
|
+
* const defaultNetwork = new gcp.compute.Network("defaultNetwork", {autoCreateSubnetworks: false}, {
|
|
23
|
+
* provider: google,
|
|
24
|
+
* });
|
|
25
|
+
* // backend subnet
|
|
26
|
+
* const defaultSubnetwork = new gcp.compute.Subnetwork("defaultSubnetwork", {
|
|
27
|
+
* ipCidrRange: "10.0.1.0/24",
|
|
28
|
+
* region: "us-central1",
|
|
29
|
+
* network: defaultNetwork.id,
|
|
30
|
+
* }, {
|
|
31
|
+
* provider: google,
|
|
32
|
+
* });
|
|
33
|
+
* // reserved IP address
|
|
34
|
+
* const defaultGlobalAddress = new gcp.compute.GlobalAddress("defaultGlobalAddress", {});
|
|
35
|
+
* // Self-signed regional SSL certificate for testing
|
|
36
|
+
* const defaultPrivateKey = new tls.PrivateKey("defaultPrivateKey", {
|
|
37
|
+
* algorithm: "RSA",
|
|
38
|
+
* rsaBits: 2048,
|
|
39
|
+
* });
|
|
40
|
+
* const defaultSelfSignedCert = new tls.SelfSignedCert("defaultSelfSignedCert", {
|
|
41
|
+
* keyAlgorithm: defaultPrivateKey.algorithm,
|
|
42
|
+
* privateKeyPem: defaultPrivateKey.privateKeyPem,
|
|
43
|
+
* validityPeriodHours: 12,
|
|
44
|
+
* earlyRenewalHours: 3,
|
|
45
|
+
* allowedUses: [
|
|
46
|
+
* "key_encipherment",
|
|
47
|
+
* "digital_signature",
|
|
48
|
+
* "server_auth",
|
|
49
|
+
* ],
|
|
50
|
+
* dnsNames: ["example.com"],
|
|
51
|
+
* subjects: [{
|
|
52
|
+
* commonName: "example.com",
|
|
53
|
+
* organization: "ACME Examples, Inc",
|
|
54
|
+
* }],
|
|
55
|
+
* });
|
|
56
|
+
* const defaultSSLCertificate = new gcp.compute.SSLCertificate("defaultSSLCertificate", {
|
|
57
|
+
* privateKey: defaultPrivateKey.privateKeyPem,
|
|
58
|
+
* certificate: defaultSelfSignedCert.certPem,
|
|
59
|
+
* });
|
|
60
|
+
* const defaultHealthCheck = new gcp.compute.HealthCheck("defaultHealthCheck", {
|
|
61
|
+
* timeoutSec: 1,
|
|
62
|
+
* checkIntervalSec: 1,
|
|
63
|
+
* tcpHealthCheck: {
|
|
64
|
+
* port: "443",
|
|
65
|
+
* },
|
|
66
|
+
* });
|
|
67
|
+
* // instance template
|
|
68
|
+
* const defaultInstanceTemplate = new gcp.compute.InstanceTemplate("defaultInstanceTemplate", {
|
|
69
|
+
* machineType: "e2-small",
|
|
70
|
+
* tags: ["allow-health-check"],
|
|
71
|
+
* networkInterfaces: [{
|
|
72
|
+
* network: defaultNetwork.id,
|
|
73
|
+
* subnetwork: defaultSubnetwork.id,
|
|
74
|
+
* accessConfigs: [{}],
|
|
75
|
+
* }],
|
|
76
|
+
* disks: [{
|
|
77
|
+
* sourceImage: "debian-cloud/debian-10",
|
|
78
|
+
* autoDelete: true,
|
|
79
|
+
* boot: true,
|
|
80
|
+
* }],
|
|
81
|
+
* metadata: {
|
|
82
|
+
* "startup-script": `#! /bin/bash
|
|
83
|
+
* set -euo pipefail
|
|
84
|
+
* export DEBIAN_FRONTEND=noninteractive
|
|
85
|
+
* sudo apt-get update
|
|
86
|
+
* sudo apt-get install -y apache2 jq
|
|
87
|
+
* sudo a2ensite default-ssl
|
|
88
|
+
* sudo a2enmod ssl
|
|
89
|
+
* sudo service apache2 restart
|
|
90
|
+
* NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
|
|
91
|
+
* IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
|
|
92
|
+
* METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
|
|
93
|
+
* cat <<EOF > /var/www/html/index.html
|
|
94
|
+
* <h1>SSL Load Balancer</h1>
|
|
95
|
+
* <pre>
|
|
96
|
+
* Name: $NAME
|
|
97
|
+
* IP: $IP
|
|
98
|
+
* Metadata: $METADATA
|
|
99
|
+
* </pre>
|
|
100
|
+
* EOF
|
|
101
|
+
* `,
|
|
102
|
+
* },
|
|
103
|
+
* }, {
|
|
104
|
+
* provider: google,
|
|
105
|
+
* });
|
|
106
|
+
* // MIG
|
|
107
|
+
* const defaultInstanceGroupManager = new gcp.compute.InstanceGroupManager("defaultInstanceGroupManager", {
|
|
108
|
+
* zone: "us-central1-c",
|
|
109
|
+
* namedPorts: [{
|
|
110
|
+
* name: "tcp",
|
|
111
|
+
* port: 443,
|
|
112
|
+
* }],
|
|
113
|
+
* versions: [{
|
|
114
|
+
* instanceTemplate: defaultInstanceTemplate.id,
|
|
115
|
+
* name: "primary",
|
|
116
|
+
* }],
|
|
117
|
+
* baseInstanceName: "vm",
|
|
118
|
+
* targetSize: 2,
|
|
119
|
+
* }, {
|
|
120
|
+
* provider: google,
|
|
121
|
+
* });
|
|
122
|
+
* // backend service
|
|
123
|
+
* const defaultBackendService = new gcp.compute.BackendService("defaultBackendService", {
|
|
124
|
+
* protocol: "SSL",
|
|
125
|
+
* portName: "tcp",
|
|
126
|
+
* loadBalancingScheme: "EXTERNAL",
|
|
127
|
+
* timeoutSec: 10,
|
|
128
|
+
* healthChecks: [defaultHealthCheck.id],
|
|
129
|
+
* backends: [{
|
|
130
|
+
* group: defaultInstanceGroupManager.instanceGroup,
|
|
131
|
+
* balancingMode: "UTILIZATION",
|
|
132
|
+
* maxUtilization: 1,
|
|
133
|
+
* capacityScaler: 1,
|
|
134
|
+
* }],
|
|
135
|
+
* });
|
|
136
|
+
* const defaultTargetSSLProxy = new gcp.compute.TargetSSLProxy("defaultTargetSSLProxy", {
|
|
137
|
+
* backendService: defaultBackendService.id,
|
|
138
|
+
* sslCertificates: [defaultSSLCertificate.id],
|
|
139
|
+
* });
|
|
140
|
+
* // forwarding rule
|
|
141
|
+
* const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("defaultGlobalForwardingRule", {
|
|
142
|
+
* ipProtocol: "TCP",
|
|
143
|
+
* loadBalancingScheme: "EXTERNAL",
|
|
144
|
+
* portRange: "443",
|
|
145
|
+
* target: defaultTargetSSLProxy.id,
|
|
146
|
+
* ipAddress: defaultGlobalAddress.id,
|
|
147
|
+
* }, {
|
|
148
|
+
* provider: google,
|
|
149
|
+
* });
|
|
150
|
+
* // allow access from health check ranges
|
|
151
|
+
* const defaultFirewall = new gcp.compute.Firewall("defaultFirewall", {
|
|
152
|
+
* direction: "INGRESS",
|
|
153
|
+
* network: defaultNetwork.id,
|
|
154
|
+
* sourceRanges: [
|
|
155
|
+
* "130.211.0.0/22",
|
|
156
|
+
* "35.191.0.0/16",
|
|
157
|
+
* ],
|
|
158
|
+
* allows: [{
|
|
159
|
+
* protocol: "tcp",
|
|
160
|
+
* }],
|
|
161
|
+
* targetTags: ["allow-health-check"],
|
|
162
|
+
* }, {
|
|
163
|
+
* provider: google,
|
|
164
|
+
* });
|
|
165
|
+
* ```
|
|
13
166
|
* ### External Tcp Proxy Lb Mig Backend
|
|
14
167
|
*
|
|
15
168
|
* ```typescript
|
|
@@ -15,6 +15,159 @@ const utilities = require("../utilities");
|
|
|
15
15
|
* <https://cloud.google.com/compute/docs/load-balancing/http/>
|
|
16
16
|
*
|
|
17
17
|
* ## Example Usage
|
|
18
|
+
* ### External Ssl Proxy Lb Mig Backend
|
|
19
|
+
*
|
|
20
|
+
* ```typescript
|
|
21
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
22
|
+
* import * as gcp from "@pulumi/gcp";
|
|
23
|
+
* import * as tls from "@pulumi/tls";
|
|
24
|
+
*
|
|
25
|
+
* // External SSL proxy load balancer with managed instance group backend
|
|
26
|
+
* // VPC
|
|
27
|
+
* const defaultNetwork = new gcp.compute.Network("defaultNetwork", {autoCreateSubnetworks: false}, {
|
|
28
|
+
* provider: google,
|
|
29
|
+
* });
|
|
30
|
+
* // backend subnet
|
|
31
|
+
* const defaultSubnetwork = new gcp.compute.Subnetwork("defaultSubnetwork", {
|
|
32
|
+
* ipCidrRange: "10.0.1.0/24",
|
|
33
|
+
* region: "us-central1",
|
|
34
|
+
* network: defaultNetwork.id,
|
|
35
|
+
* }, {
|
|
36
|
+
* provider: google,
|
|
37
|
+
* });
|
|
38
|
+
* // reserved IP address
|
|
39
|
+
* const defaultGlobalAddress = new gcp.compute.GlobalAddress("defaultGlobalAddress", {});
|
|
40
|
+
* // Self-signed regional SSL certificate for testing
|
|
41
|
+
* const defaultPrivateKey = new tls.PrivateKey("defaultPrivateKey", {
|
|
42
|
+
* algorithm: "RSA",
|
|
43
|
+
* rsaBits: 2048,
|
|
44
|
+
* });
|
|
45
|
+
* const defaultSelfSignedCert = new tls.SelfSignedCert("defaultSelfSignedCert", {
|
|
46
|
+
* keyAlgorithm: defaultPrivateKey.algorithm,
|
|
47
|
+
* privateKeyPem: defaultPrivateKey.privateKeyPem,
|
|
48
|
+
* validityPeriodHours: 12,
|
|
49
|
+
* earlyRenewalHours: 3,
|
|
50
|
+
* allowedUses: [
|
|
51
|
+
* "key_encipherment",
|
|
52
|
+
* "digital_signature",
|
|
53
|
+
* "server_auth",
|
|
54
|
+
* ],
|
|
55
|
+
* dnsNames: ["example.com"],
|
|
56
|
+
* subjects: [{
|
|
57
|
+
* commonName: "example.com",
|
|
58
|
+
* organization: "ACME Examples, Inc",
|
|
59
|
+
* }],
|
|
60
|
+
* });
|
|
61
|
+
* const defaultSSLCertificate = new gcp.compute.SSLCertificate("defaultSSLCertificate", {
|
|
62
|
+
* privateKey: defaultPrivateKey.privateKeyPem,
|
|
63
|
+
* certificate: defaultSelfSignedCert.certPem,
|
|
64
|
+
* });
|
|
65
|
+
* const defaultHealthCheck = new gcp.compute.HealthCheck("defaultHealthCheck", {
|
|
66
|
+
* timeoutSec: 1,
|
|
67
|
+
* checkIntervalSec: 1,
|
|
68
|
+
* tcpHealthCheck: {
|
|
69
|
+
* port: "443",
|
|
70
|
+
* },
|
|
71
|
+
* });
|
|
72
|
+
* // instance template
|
|
73
|
+
* const defaultInstanceTemplate = new gcp.compute.InstanceTemplate("defaultInstanceTemplate", {
|
|
74
|
+
* machineType: "e2-small",
|
|
75
|
+
* tags: ["allow-health-check"],
|
|
76
|
+
* networkInterfaces: [{
|
|
77
|
+
* network: defaultNetwork.id,
|
|
78
|
+
* subnetwork: defaultSubnetwork.id,
|
|
79
|
+
* accessConfigs: [{}],
|
|
80
|
+
* }],
|
|
81
|
+
* disks: [{
|
|
82
|
+
* sourceImage: "debian-cloud/debian-10",
|
|
83
|
+
* autoDelete: true,
|
|
84
|
+
* boot: true,
|
|
85
|
+
* }],
|
|
86
|
+
* metadata: {
|
|
87
|
+
* "startup-script": `#! /bin/bash
|
|
88
|
+
* set -euo pipefail
|
|
89
|
+
* export DEBIAN_FRONTEND=noninteractive
|
|
90
|
+
* sudo apt-get update
|
|
91
|
+
* sudo apt-get install -y apache2 jq
|
|
92
|
+
* sudo a2ensite default-ssl
|
|
93
|
+
* sudo a2enmod ssl
|
|
94
|
+
* sudo service apache2 restart
|
|
95
|
+
* NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
|
|
96
|
+
* IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
|
|
97
|
+
* METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
|
|
98
|
+
* cat <<EOF > /var/www/html/index.html
|
|
99
|
+
* <h1>SSL Load Balancer</h1>
|
|
100
|
+
* <pre>
|
|
101
|
+
* Name: $NAME
|
|
102
|
+
* IP: $IP
|
|
103
|
+
* Metadata: $METADATA
|
|
104
|
+
* </pre>
|
|
105
|
+
* EOF
|
|
106
|
+
* `,
|
|
107
|
+
* },
|
|
108
|
+
* }, {
|
|
109
|
+
* provider: google,
|
|
110
|
+
* });
|
|
111
|
+
* // MIG
|
|
112
|
+
* const defaultInstanceGroupManager = new gcp.compute.InstanceGroupManager("defaultInstanceGroupManager", {
|
|
113
|
+
* zone: "us-central1-c",
|
|
114
|
+
* namedPorts: [{
|
|
115
|
+
* name: "tcp",
|
|
116
|
+
* port: 443,
|
|
117
|
+
* }],
|
|
118
|
+
* versions: [{
|
|
119
|
+
* instanceTemplate: defaultInstanceTemplate.id,
|
|
120
|
+
* name: "primary",
|
|
121
|
+
* }],
|
|
122
|
+
* baseInstanceName: "vm",
|
|
123
|
+
* targetSize: 2,
|
|
124
|
+
* }, {
|
|
125
|
+
* provider: google,
|
|
126
|
+
* });
|
|
127
|
+
* // backend service
|
|
128
|
+
* const defaultBackendService = new gcp.compute.BackendService("defaultBackendService", {
|
|
129
|
+
* protocol: "SSL",
|
|
130
|
+
* portName: "tcp",
|
|
131
|
+
* loadBalancingScheme: "EXTERNAL",
|
|
132
|
+
* timeoutSec: 10,
|
|
133
|
+
* healthChecks: [defaultHealthCheck.id],
|
|
134
|
+
* backends: [{
|
|
135
|
+
* group: defaultInstanceGroupManager.instanceGroup,
|
|
136
|
+
* balancingMode: "UTILIZATION",
|
|
137
|
+
* maxUtilization: 1,
|
|
138
|
+
* capacityScaler: 1,
|
|
139
|
+
* }],
|
|
140
|
+
* });
|
|
141
|
+
* const defaultTargetSSLProxy = new gcp.compute.TargetSSLProxy("defaultTargetSSLProxy", {
|
|
142
|
+
* backendService: defaultBackendService.id,
|
|
143
|
+
* sslCertificates: [defaultSSLCertificate.id],
|
|
144
|
+
* });
|
|
145
|
+
* // forwarding rule
|
|
146
|
+
* const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("defaultGlobalForwardingRule", {
|
|
147
|
+
* ipProtocol: "TCP",
|
|
148
|
+
* loadBalancingScheme: "EXTERNAL",
|
|
149
|
+
* portRange: "443",
|
|
150
|
+
* target: defaultTargetSSLProxy.id,
|
|
151
|
+
* ipAddress: defaultGlobalAddress.id,
|
|
152
|
+
* }, {
|
|
153
|
+
* provider: google,
|
|
154
|
+
* });
|
|
155
|
+
* // allow access from health check ranges
|
|
156
|
+
* const defaultFirewall = new gcp.compute.Firewall("defaultFirewall", {
|
|
157
|
+
* direction: "INGRESS",
|
|
158
|
+
* network: defaultNetwork.id,
|
|
159
|
+
* sourceRanges: [
|
|
160
|
+
* "130.211.0.0/22",
|
|
161
|
+
* "35.191.0.0/16",
|
|
162
|
+
* ],
|
|
163
|
+
* allows: [{
|
|
164
|
+
* protocol: "tcp",
|
|
165
|
+
* }],
|
|
166
|
+
* targetTags: ["allow-health-check"],
|
|
167
|
+
* }, {
|
|
168
|
+
* provider: google,
|
|
169
|
+
* });
|
|
170
|
+
* ```
|
|
18
171
|
* ### External Tcp Proxy Lb Mig Backend
|
|
19
172
|
*
|
|
20
173
|
* ```typescript
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"globalForwardingRule.js","sourceRoot":"","sources":["../../compute/globalForwardingRule.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,0CAA0C;AAE1C
|
|
1
|
+
{"version":3,"file":"globalForwardingRule.js","sourceRoot":"","sources":["../../compute/globalForwardingRule.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+uBG;AACH,MAAa,oBAAqB,SAAQ,MAAM,CAAC,cAAc;IAkK3D,YAAY,IAAY,EAAE,WAAkE,EAAE,IAAmC;QAC7H,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAoD,CAAC;YACnE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAmD,CAAC;YACjE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACzD;YACD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,kBAAkB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACvD,cAAc,CAAC,UAAU,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAClD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,oBAAoB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACzE,CAAC;IA1MD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAiC,EAAE,IAAmC;QAC/H,OAAO,IAAI,oBAAoB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC3E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,oBAAoB,CAAC,YAAY,CAAC;IACrE,CAAC;;AA1BL,oDA4MC;AA9LG,gBAAgB;AACO,iCAAY,GAAG,uDAAuD,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pulumi/gcp",
|
|
3
|
-
"version": "v6.
|
|
3
|
+
"version": "v6.15.0-alpha.1646344351+840d9600",
|
|
4
4
|
"description": "A Pulumi package for creating and managing Google Cloud Platform resources.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pulumi",
|
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
"license": "Apache-2.0",
|
|
12
12
|
"scripts": {
|
|
13
13
|
"build": "tsc",
|
|
14
|
-
"install": "node scripts/install-pulumi-plugin.js resource gcp v6.
|
|
14
|
+
"install": "node scripts/install-pulumi-plugin.js resource gcp v6.15.0-alpha.1646344351+840d9600"
|
|
15
15
|
},
|
|
16
16
|
"dependencies": {
|
|
17
17
|
"@pulumi/pulumi": "^3.0.0",
|
package/package.json.dev
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pulumi/gcp",
|
|
3
|
-
"version": "v6.
|
|
3
|
+
"version": "v6.15.0-alpha.1646344351+840d9600",
|
|
4
4
|
"description": "A Pulumi package for creating and managing Google Cloud Platform resources.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pulumi",
|
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
"license": "Apache-2.0",
|
|
12
12
|
"scripts": {
|
|
13
13
|
"build": "tsc",
|
|
14
|
-
"install": "node scripts/install-pulumi-plugin.js resource gcp v6.
|
|
14
|
+
"install": "node scripts/install-pulumi-plugin.js resource gcp v6.15.0-alpha.1646344351+840d9600"
|
|
15
15
|
},
|
|
16
16
|
"dependencies": {
|
|
17
17
|
"@pulumi/pulumi": "^3.0.0",
|