Add support for Hybrid Load Balancer

[tcpkump]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Google Cloud Platform has recently released Hybrid Load Balancers as a preview feature. Key points from the documentation that would be relevant for updating the provider are:

• Each hybrid connectivity NEG can only contain network endpoints of the same type (NON_GCP_PRIVATE_IP_PORT).
• The backend service cannot also use other NEG types or instance groups as backends. All backends on a backend service must be of the same type. If you have backends on Google Cloud, you must create a separate backend service for them. This is because Google Cloud-based backends will use a different type of backend (instance group or zonal NEG) and backend services with mixed backend types are not supported.
• The backend service's load balancing scheme must be either EXTERNAL for external HTTP(S) load balancers, TCP proxy load balancers and SSL proxy load balancers, or INTERNAL_MANAGED for internal HTTP(S) load balancers. INTERNAL_SELF_MANAGED is supported for Traffic Director multi-environment deployments with hybrid connectivity NEGs.
• The backend service protocol must be one of HTTP, HTTPS, or HTTP2. For the list of backend service protocols supported by each load balancer, see Protocols from the load balancer to the backend.
• The balancing mode for the backend must be RATE for external and internal HTTP(S) Load Balancing, and CONNECTION for TCP/SSL Proxy Load Balancing. For details on balancing modes, see Backend services overview.
• To add more network endpoints, update the backends attached to your backend service.

Related Issues

• Internal issue b/181008964

New or Affected Resource(s)

• google_compute_network_endpoint_group
• google_compute_backend_service

Potential Terraform Configuration

Add support for the network endpoint type NON_GCP_PRIVATE_IP_PORT

resource "google_compute_network_endpoint_group" "hybrid_neg" {
  name = "hybrid-neg"
  network  = var.network
  network_endpoint_type = "NON_GCP_PRIVATE_IP_PORT"
}

Validation for backend service would include requiring RATE as balancing mode and a max_rate_per_endpoint (or set defaults) for internal and external HTTP(S) Load Balancers:

resource "google_compute_backend_service" "hybrid_backend" {
  name = "hybrid_backend"

  backend {
    group = google_compute_network_endpoint_group.hybrid_neg.self_link 
    balancing_mode = "RATE"
    max_rate_per_endpoint = var.endpoint_rps
  }
}

Among other changes for TCP/SSL Load balancing as indicated in the key points above.

[ct-dh]

I have a strong need for this functionality, I see there is an internal issue referenced, is this being actively worked on internally or should I look to submit a PR to magicmodules to add this myself?

[roaks3]

This issue appears resolved, and is very old, so I'm closing, but someone please correct me if there is still behavior missing.

GoogleCloudPlatform/magic-modules#5684 covers adding NON_GCP_PRIVATE_IP_PORT and making instance optional on google_compute_network_endpoint. It mentions it is only part of this issue, but I see the internal issue b/181008964 was closed. The other items listed in this issue all seem related to validation, and my assumption is that those are being adequately enforced by the server.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.