Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct usage of "service_directory_registrations" block in "google_compute_forwarding_rule" with PSC / Private Service Connect? #17965

Open
ppuschmann opened this issue Apr 26, 2024 · 0 comments
Open

Correct usage of "service_directory_registrations" block in "google_compute_forwarding_rule" with PSC / Private Service Connect? #17965

ppuschmann opened this issue Apr 26, 2024 · 0 comments
Labels
question

Comments

@ppuschmann
Copy link

Question

Hi,

the configuration example for "Forwarding Rule VPC PSC" shows this configuration:

// Forwarding rule for VPC private service connect
resource "google_compute_forwarding_rule" "default" {
  name                    = "psc-endpoint"
  region                  = "us-central1"
  load_balancing_scheme   = ""
  target                  = google_compute_service_attachment.producer_service_attachment.id
  network                 = google_compute_network.consumer_net.name
  ip_address              = google_compute_address.consumer_address.id
  allow_psc_global_access = true
}

which I would extend with the following block to configure the Service Directory namespace and service name:

  service_directory_registrations {
    namespace = "my-psc"
    service   = "my-psc-service"
  }

Given the PSC-Attachment is configure with the attribute domain domain = "dev.psc.example.com.", I'd expect the service to be discoverable as:

my-psc-service.dev.psc.example.com

While provisioning this configuration I get an error message:

// Forwarding rule for VPC private service connect
resource "google_compute_forwarding_rule" "default" {
  name                    = "psc-endpoint"
  region                  = "us-central1"
  load_balancing_scheme   = ""
  target                  = google_compute_service_attachment.producer_service_attachment.id
  network                 = google_compute_network.consumer_net.name
  ip_address              = google_compute_address.consumer_address.id
  allow_psc_global_access = true

  service_directory_registrations {
    namespace = "my-psc"
    service   = "my-psc-service"
  }
}

If I remove the service, I can provision the PSC-Endpoint / Forwarding Rule.

Only that my service then is only discoverable via the hostname producer-service-euw1.dev.psc.example.com.

Where do the single parts come from?

  • producer-service is the name of the PSC-Attachment
  • -euw1 comes from the provider somehow (yes, I'm doing this in `europe-west1``
  • dev.psc.example.com is the domain I configure in the PSC-Attachment

My expectation (with a working service attribute in service_directory_registrations) would have been:

  • my-psc-service.dev.psc.example.com

Questions

  • Can I use the attribute service in service_directory_registrations? If "yes": how?
  • How can I define the port for the entry in the Service Discovery that was generated by PSC?

Provider Version

Terraform provider: google, version 5.26.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ppuschmann