feat: added support for creating proxy only subnet

Author: pawan1210

modules/frontend/README.md

@@ -19,7 +19,7 @@ This module creates `HTTP(S) forwarding rule` and its dependencies. This modules
 | http\_port | The port for the HTTP load balancer | `number` | `80` | no |
 | https\_port | The port for the HTTPS load balancer | `number` | `443` | no |
 | https\_redirect | Set to `true` to enable https redirect on the lb. | `bool` | `false` | no |
-| internal\_forwarding\_rules\_config | List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. It is only applicable for internal load balancer | <pre>list(object({<br>    region     = string<br>    address    = optional(string)<br>    subnetwork = optional(string)<br>  }))</pre> | `[]` | no |
+| internal\_forwarding\_rules\_config | List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. If 'create\_proxy\_only\_subnet' is true, 'proxy\_only\_subnet\_ip' is required. It is only applicable for internal load balancer. | <pre>list(object({<br>    region                   = string<br>    address                  = optional(string)<br>    subnetwork               = optional(string)<br>    create_proxy_only_subnet = bool<br>    proxy_only_subnet_ip     = optional(string)<br>  }))</pre> | `[]` | no |
 | ipv6\_address | An existing IPv6 address to use (the actual IP address value) | `string` | `null` | no |
 | labels | The labels to attach to resources created by this module | `map(string)` | `{}` | no |
 | load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, INTERNAL\_MANAGED for internal load balancer and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL_MANAGED"` | no |

modules/frontend/main.tf

@@ -43,6 +43,22 @@ locals {
   first_backend_service = try(local.backend_services_by_host[local.first_host][local.first_path], null)
 }
 
+resource "google_compute_subnetwork" "proxy_only" {
+  for_each = {
+    for index, config in var.internal_forwarding_rules_config : index => config
+    if config.create_proxy_only_subnet == true
+  }
+
+  name          = "${var.name}-proxy-only-subnet-${each.value.region}"
+  ip_cidr_range = each.value.proxy_only_subnet_ip
+  network       = var.network
+  purpose       = "GLOBAL_MANAGED_PROXY"
+  region        = each.value.region
+  project_id    = var.project_id
+  role          = "ACTIVE"
+}
+
+
 ### IPv4 block ###
 resource "google_compute_global_forwarding_rule" "http" {
   provider              = google-beta

modules/frontend/metadata.yaml

@@ -188,12 +188,14 @@ spec:
         description: Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds).
         varType: number
       - name: internal_forwarding_rules_config
-        description: List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. It is only applicable for internal load balancer
+        description: List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. If 'create_proxy_only_subnet' is true, 'proxy_only_subnet_ip' is required. It is only applicable for internal load balancer.
         varType: |-
           list(object({
-              region     = string
-              address    = optional(string)
-              subnetwork = optional(string)
+              region                   = string
+              address                  = optional(string)
+              subnetwork               = optional(string)
+              create_proxy_only_subnet = bool
+              proxy_only_subnet_ip     = optional(string)
             }))
         defaultValue: []
     outputs:

modules/frontend/variables.tf

@@ -200,11 +200,13 @@ variable "http_keep_alive_timeout_sec" {
 }
 
 variable "internal_forwarding_rules_config" {
-  description = "List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. It is only applicable for internal load balancer"
+  description = "List of internal managed forwarding rules config. One of 'address' or 'subnetwork' is required for each. If 'create_proxy_only_subnet' is true, 'proxy_only_subnet_ip' is required. It is only applicable for internal load balancer."
   type = list(object({
-    region     = string
-    address    = optional(string)
-    subnetwork = optional(string)
+    region                   = string
+    address                  = optional(string)
+    subnetwork               = optional(string)
+    create_proxy_only_subnet = bool
+    proxy_only_subnet_ip     = optional(string)
   }))
   default = []
 }