Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nb-psc-l7ilb: support passing in subnet #147

Open
derhally opened this issue Jan 17, 2024 · 3 comments
Open

nb-psc-l7ilb: support passing in subnet #147

derhally opened this issue Jan 17, 2024 · 3 comments

Comments

@derhally
Copy link

The psc internal load balancer module creates a subnet, but there are scenarios were subnets are provisioned ahead of time by the team that manages the network.

For example, our org heavily relies on shared VPCS and the networking team provisions the subnets for the dev teams, and from my understanding, only one regional managed proxy can be active in a given region for a VPC.

It would be nice to support passing in a subnet for the proxy and skip the creation of it.

@danistrebel
Copy link
Collaborator

Hi @derhally , thanks for the input. Certainly understand the flexibility that you're asking for.

@g-greatdevaks created the module so I'll let him chip in. From what I saw in this specific case the module doesn't even use the created subnet but the one passed in via the module param: https://github.com/apigee/terraform-modules/blob/main/modules/nb-psc-l7ilb/main.tf#L79.

In this case just commenting out the network resources on the module should do the trick for you.

I'm leaving this open to consider a clean up and implement more modular defaults.

@g-greatdevaks
Copy link
Collaborator

g-greatdevaks commented Jan 24, 2024

Thanks for raising the issue.
As Daniel pointed out, the module is flexible to take subnet from the subnet resource or from the module param/variable.

I believe some usage documentation should be added to provide clarity on the same with some examples of passing subnet link(s). One example is shown here.

Will take the documentation task for this issue and update here once done.

Will have some clean up performed with tweaking the module a bit as well.

@derhally
Copy link
Author

derhally commented Jan 24, 2024

@g-greatdevaks I'm specifically referring to the resource google_compute_subnetwork.proxy_subnet not the subnet being used with the google_compute_forwarding_rule

edit:

There are two issues I see, which I apologize for not making it clear in the issue.

  1. This module assumes the VPC is in the same project as backend service. Which won't be the case with a shared vpc setup.

  2. In a shared VPC setup, the dev team may not have permissions to create a proxy subnets. e.g. In our org, network management is handled by the platform team. Dev teams can't create new subnets.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants