STACKITLB-798 | add ALB TF provider #1198
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,273 @@ | ||||||
| --- | ||||||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||||||
| page_title: "stackit_alb Data Source - stackit" | ||||||
| subcategory: "" | ||||||
| description: |- | ||||||
| Setting up supporting infrastructure | ||||||
| The example below creates the supporting infrastructure using the STACKIT Terraform provider, including the network, network interface, a public IP address and server resources. | ||||||
| --- | ||||||
|
|
||||||
| # stackit_alb (Data Source) | ||||||
|
|
||||||
| ## Setting up supporting infrastructure | ||||||
|
|
||||||
|
|
||||||
| The example below creates the supporting infrastructure using the STACKIT Terraform provider, including the network, network interface, a public IP address and server resources. | ||||||
|
Comment on lines
+12
to
+15
Contributor
There was a problem hiding this comment. The description doesn't fit to the datasource |
||||||
|
|
||||||
| ## Example Usage | ||||||
|
|
||||||
| ```terraform | ||||||
| data "stackit_alb" "example" { | ||||||
| project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" | ||||||
| name = "example-load-balancer" | ||||||
| } | ||||||
| ``` | ||||||
|
|
||||||
| <!-- schema generated by tfplugindocs --> | ||||||
| ## Schema | ||||||
|
|
||||||
| ### Required | ||||||
|
|
||||||
| - `name` (String) Application Load balancer name. | ||||||
| - `project_id` (String) STACKIT project ID to which the Application Load Balancer is associated. | ||||||
|
|
||||||
| ### Read-Only | ||||||
|
|
||||||
| - `disable_target_security_group_assignment` (Boolean) Disable target security group assignemt to allow targets outside of the given network. Connectivity to targets need to be ensured by the customer, including routing and Security Groups (targetSecurityGroup can be assigned). Not changeable after creation. | ||||||
| - `errors` (Attributes Set) Reports all errors a Application Load Balancer has. (see [below for nested schema](#nestedatt--errors)) | ||||||
|
Contributor
There was a problem hiding this comment. Are the errors really needed in terraform? For the network load balancer we also don't pass the errors |
||||||
| - `external_address` (String) The external IP address where this Application Load Balancer is exposed. Not changeable after creation. | ||||||
| - `id` (String) Terraform's internal resource ID. It is structured as "`project_id`","region","`name`". | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
| - `labels` (Map of String) Labels represent user-defined metadata as key-value pairs. Label count cannot exceed 64 per ALB. | ||||||
| - `listeners` (Attributes List) List of all listeners which will accept traffic. Limited to 20. (see [below for nested schema](#nestedatt--listeners)) | ||||||
| - `load_balancer_security_group` (Attributes) Security Group permitting network traffic from the LoadBalancer to the targets. Useful when disableTargetSecurityGroupAssignment=true to manually assign target security groups to targets. (see [below for nested schema](#nestedatt--load_balancer_security_group)) | ||||||
| - `networks` (Attributes Set) List of networks that listeners and targets reside in. (see [below for nested schema](#nestedatt--networks)) | ||||||
| - `options` (Attributes) Defines any optional functionality you want to have enabled on your Application Load Balancer. (see [below for nested schema](#nestedatt--options)) | ||||||
| - `plan_id` (String) Service Plan configures the size of the Application Load Balancer. Possible values are: `p10`.. This list can change in the future. Therefore, this is not an enum. | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
On the datasource the information which values are possible is not necessary. If you want you can leave it there, but it's not necessary. |
||||||
| - `private_address` (String) | ||||||
| - `region` (String) The resource region. If not defined, the provider region is used. Possible values are: `eu01`, `eu02`. | ||||||
|
Contributor
There was a problem hiding this comment. Please don't add the possible values for region here and also remove the validation behind it. There will be in the future more regions and if customer want to pin to an older provider version but want to use a new upcoming region, it will be not possible and the docs will be incorrect. |
||||||
| - `status` (String) Enum: "STATUS_UNSPECIFIED" "STATUS_PENDING" "STATUS_READY" "STATUS_ERROR" "STATUS_TERMINATING" | ||||||
| - `target_pools` (Attributes List) List of all target pools which will be used in the Application Load Balancer. Limited to 20. (see [below for nested schema](#nestedatt--target_pools)) | ||||||
| - `target_security_group` (Attributes) Security Group that allows the targets to receive traffic from the LoadBalancer. Useful when disableTargetSecurityGroupAssignment=true to manually assign target security groups to targets. (see [below for nested schema](#nestedatt--target_security_group)) | ||||||
| - `version` (String) Application Load Balancer resource version. Used for concurrency safe updates. | ||||||
|
|
||||||
| <a id="nestedatt--errors"></a> | ||||||
| ### Nested Schema for `errors` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `description` (String) The error description contains additional helpful user information to fix the error state of the Application Load Balancer. For example the IP 45.135.247.139 does not exist in the project, then the description will report: Floating IP "45.135.247.139" could not be found. | ||||||
| - `type` (String) Enum: "TYPE_UNSPECIFIED" "TYPE_INTERNAL" "TYPE_QUOTA_SECGROUP_EXCEEDED" "TYPE_QUOTA_SECGROUPRULE_EXCEEDED" "TYPE_PORT_NOT_CONFIGURED" "TYPE_FIP_NOT_CONFIGURED" "TYPE_TARGET_NOT_ACTIVE" "TYPE_METRICS_MISCONFIGURED" "TYPE_LOGS_MISCONFIGURED" | ||||||
| The error type specifies which part of the Application Load Balancer encountered the error. I.e. the API will not check if a provided public IP is actually available in the project. Instead the Application Load Balancer with try to use the provided IP and if not available reports TYPE_FIP_NOT_CONFIGURED error. | ||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--listeners"></a> | ||||||
| ### Nested Schema for `listeners` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `http` (Attributes) Configuration for HTTP traffic. (see [below for nested schema](#nestedatt--listeners--http)) | ||||||
| - `https` (Attributes) Configuration for handling HTTPS traffic on this listener. (see [below for nested schema](#nestedatt--listeners--https)) | ||||||
| - `name` (String) Unique name for the listener | ||||||
| - `port` (Number) Port number on which the listener receives incoming traffic. | ||||||
| - `protocol` (String) Protocol is the highest network protocol we understand to load balance. Possible values are: `PROTOCOL_UNSPECIFIED`, `PROTOCOL_HTTP`, `PROTOCOL_HTTPS`. | ||||||
| - `waf_config_name` (String) Enable Web Application Firewall (WAF), referenced by name. See "Application Load Balancer - Web Application Firewall API" for more information. | ||||||
|
|
||||||
| <a id="nestedatt--listeners--http"></a> | ||||||
| ### Nested Schema for `listeners.http` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `hosts` (Attributes List) Defines routing rules grouped by hostname. (see [below for nested schema](#nestedatt--listeners--http--hosts)) | ||||||
|
|
||||||
| <a id="nestedatt--listeners--http--hosts"></a> | ||||||
| ### Nested Schema for `listeners.http.hosts` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `host` (String) Hostname to match. Supports wildcards (e.g. *.example.com). | ||||||
| - `rules` (Attributes List) Routing rules under the specified host, matched by path prefix. (see [below for nested schema](#nestedatt--listeners--http--hosts--rules)) | ||||||
|
|
||||||
| <a id="nestedatt--listeners--http--hosts--rules"></a> | ||||||
| ### Nested Schema for `listeners.http.hosts.rules` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `cookie_persistence` (Attributes) Routing persistence via cookies. (see [below for nested schema](#nestedatt--listeners--http--hosts--rules--cookie_persistence)) | ||||||
| - `headers` (Attributes Set) Headers for the rule. (see [below for nested schema](#nestedatt--listeners--http--hosts--rules--headers)) | ||||||
| - `path` (Attributes) Routing via path. (see [below for nested schema](#nestedatt--listeners--http--hosts--rules--path)) | ||||||
| - `query_parameters` (Attributes Set) Query parameters for the rule. (see [below for nested schema](#nestedatt--listeners--http--hosts--rules--query_parameters)) | ||||||
| - `target_pool` (String) Reference target pool by target pool name. | ||||||
| - `web_socket` (Boolean) If enabled, when client sends an HTTP request with and Upgrade header, indicating the desire to establish a Websocket connection, if backend server supports WebSocket, it responds with HTTP 101 status code, switching protocols from HTTP to WebSocket. Hence the client and the server can exchange data in real-time using one long-lived TCP connection. | ||||||
|
|
||||||
| <a id="nestedatt--listeners--http--hosts--rules--cookie_persistence"></a> | ||||||
| ### Nested Schema for `listeners.http.hosts.rules.cookie_persistence` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `name` (String) The name of the cookie to use. | ||||||
| - `ttl` (String) TTL specifies the time-to-live for the cookie. The default value is 0s, and it acts as a session cookie, expiring when the client session ends. | ||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--listeners--http--hosts--rules--headers"></a> | ||||||
| ### Nested Schema for `listeners.http.hosts.rules.headers` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `exact_match` (String) Exact match for the header value. | ||||||
| - `name` (String) Header name. | ||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--listeners--http--hosts--rules--path"></a> | ||||||
| ### Nested Schema for `listeners.http.hosts.rules.path` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `exact_match` (String) Exact path match. Only a request path exactly equal to the value will match, e.g. '/foo' matches only '/foo', not '/foo/bar' or '/foobar'. | ||||||
| - `prefix` (String) Prefix path match. Only matches on full segment boundaries, e.g. '/foo' matches '/foo' and '/foo/bar' but NOT '/foobar'. | ||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--listeners--http--hosts--rules--query_parameters"></a> | ||||||
| ### Nested Schema for `listeners.http.hosts.rules.query_parameters` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `exact_match` (String) Exact match for the query parameters value. | ||||||
| - `name` (String) Query parameter name. | ||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--listeners--https"></a> | ||||||
| ### Nested Schema for `listeners.https` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `certificate_config` (Attributes) TLS termination certificate configuration. (see [below for nested schema](#nestedatt--listeners--https--certificate_config)) | ||||||
|
|
||||||
| <a id="nestedatt--listeners--https--certificate_config"></a> | ||||||
| ### Nested Schema for `listeners.https.certificate_config` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `certificate_ids` (Set of String) Certificate IDs for TLS termination. | ||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--load_balancer_security_group"></a> | ||||||
| ### Nested Schema for `load_balancer_security_group` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `id` (String) ID of the security Group | ||||||
| - `name` (String) Name of the security Group | ||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--networks"></a> | ||||||
| ### Nested Schema for `networks` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `network_id` (String) STACKIT network ID the Application Load Balancer and/or targets are in. | ||||||
| - `role` (String) The role defines how the Application Load Balancer is using the network. Possible values are: `ROLE_UNSPECIFIED`, `ROLE_LISTENERS_AND_TARGETS`, `ROLE_LISTENERS`, `ROLE_TARGETS`. | ||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--options"></a> | ||||||
| ### Nested Schema for `options` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `acl` (Set of String) Use this option to limit the IP ranges that can use the Application Load Balancer. | ||||||
| - `ephemeral_address` (Boolean) This option automates the handling of the external IP address for an Application Load Balancer. If set to true a new IP address will be automatically created. It will also be automatically deleted when the Load Balancer is deleted. | ||||||
| - `observability` (Attributes) We offer Load Balancer observability via STACKIT Observability or external solutions. (see [below for nested schema](#nestedatt--options--observability)) | ||||||
| - `private_network_only` (Boolean) Application Load Balancer is accessible only via a private network ip address. Not changeable after creation. | ||||||
|
|
||||||
| <a id="nestedatt--options--observability"></a> | ||||||
| ### Nested Schema for `options.observability` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `logs` (Attributes) Observability logs configuration. (see [below for nested schema](#nestedatt--options--observability--logs)) | ||||||
| - `metrics` (Attributes) Observability metrics configuration. (see [below for nested schema](#nestedatt--options--observability--metrics)) | ||||||
|
|
||||||
| <a id="nestedatt--options--observability--logs"></a> | ||||||
| ### Nested Schema for `options.observability.logs` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `credentials_ref` (String) Credentials reference for logging. This reference is created via the observability create endpoint and the credential needs to contain the basic auth username and password for the logging solution the push URL points to. Then this enables monitoring via remote write for the Application Load Balancer. | ||||||
| - `push_url` (String) Credentials reference for logging. This reference is created via the observability create endpoint and the credential needs to contain the basic auth username and password for the logging solution the push URL points to. Then this enables monitoring via remote write for the Application Load Balancer. | ||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--options--observability--metrics"></a> | ||||||
| ### Nested Schema for `options.observability.metrics` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `credentials_ref` (String) Credentials reference for metrics. This reference is created via the observability create endpoint and the credential needs to contain the basic auth username and password for the metrics solution the push URL points to. Then this enables monitoring via remote write for the Application Load Balancer. | ||||||
| - `push_url` (String) Credentials reference for metrics. This reference is created via the observability create endpoint and the credential needs to contain the basic auth username and password for the metrics solution the push URL points to. Then this enables monitoring via remote write for the Application Load Balancer. | ||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--target_pools"></a> | ||||||
| ### Nested Schema for `target_pools` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `active_health_check` (Attributes) (see [below for nested schema](#nestedatt--target_pools--active_health_check)) | ||||||
| - `name` (String) Target pool name. | ||||||
| - `target_port` (Number) The number identifying the port where each target listens for traffic. | ||||||
| - `targets` (Attributes Set) List of all targets which will be used in the pool. Limited to 250. (see [below for nested schema](#nestedatt--target_pools--targets)) | ||||||
| - `tls_config` (Attributes) Configuration for TLS bridging. (see [below for nested schema](#nestedatt--target_pools--tls_config)) | ||||||
|
|
||||||
| <a id="nestedatt--target_pools--active_health_check"></a> | ||||||
| ### Nested Schema for `target_pools.active_health_check` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `healthy_threshold` (Number) Healthy threshold of the health checking. | ||||||
| - `http_health_checks` (Attributes) Options for the HTTP health checking. (see [below for nested schema](#nestedatt--target_pools--active_health_check--http_health_checks)) | ||||||
| - `interval` (String) Interval duration of health checking in seconds. | ||||||
| - `interval_jitter` (String) Interval duration threshold of the health checking in seconds. | ||||||
| - `timeout` (String) Active health checking timeout duration in seconds. | ||||||
| - `unhealthy_threshold` (Number) Unhealthy threshold of the health checking. | ||||||
|
|
||||||
| <a id="nestedatt--target_pools--active_health_check--http_health_checks"></a> | ||||||
| ### Nested Schema for `target_pools.active_health_check.http_health_checks` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `ok_status` (Set of String) List of HTTP status codes that indicate a healthy response. | ||||||
| - `path` (String) Path to send the health check request to. | ||||||
|
|
||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--target_pools--targets"></a> | ||||||
| ### Nested Schema for `target_pools.targets` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `display_name` (String) Target display name | ||||||
| - `ip` (String) Private target IP, which must by unique within a target pool. | ||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--target_pools--tls_config"></a> | ||||||
| ### Nested Schema for `target_pools.tls_config` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `custom_ca` (String) Specifies a custom Certificate Authority (CA). When provided, the target pool will trust certificates signed by this CA, in addition to any system-trusted CAs. This is useful for scenarios where the target pool needs to communicate with servers using self-signed or internally-issued certificates. Enabled needs to be set to true and skip validation to false for this option. | ||||||
| - `enabled` (Boolean) Enable TLS (Transport Layer Security) bridging for the connection between Application Load Balancer and targets in this pool. When enabled, public CAs are trusted. Can be used in tandem with the options either custom CA or skip validation or alone. | ||||||
| - `skip_certificate_validation` (Boolean) Bypass certificate validation for TLS bridging in this target pool. This option is insecure and can only be used with public CAs by setting enabled true. Meant to be used for testing purposes only! | ||||||
|
|
||||||
|
|
||||||
|
|
||||||
| <a id="nestedatt--target_security_group"></a> | ||||||
| ### Nested Schema for `target_security_group` | ||||||
|
|
||||||
| Read-Only: | ||||||
|
|
||||||
| - `id` (String) ID of the security Group | ||||||
| - `name` (String) Name of the security Group | ||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Like @h3adex already suggested, I would prefer as well that the datasource and resource is named application_load_balancer. This makes it easier for first time users to understand for what resource and datasource