Add an IPv6 address and forwarding rules on Google Cloud

* Allowing serving IPv6 applications via Kubernetes Ingress on Typhoon Google Cloud clusters * Add `ingress_static_ipv6` output variable for use in AAAA DNS records
2025-07-23 00:11:38 +02:00 · 2018-10-28 14:17:12 -07:00
parent f034ef90ae
commit 5be5b261e2
12 changed files with 159 additions and 16 deletions
--- a/google-cloud/container-linux/kubernetes/ingress.tf
+++ b/google-cloud/container-linux/kubernetes/ingress.tf
@ -1,13 +1,19 @@
-# Static IPv4 address for the TCP Proxy Load Balancer
+# Static IPv4 address for Ingress Load Balancing
 resource "google_compute_global_address" "ingress-ipv4" {
-  name       = "${var.cluster_name}-ingress-ip"
+  name       = "${var.cluster_name}-ingress-ipv4"
  ip_version = "IPV4"
 }

+# Static IPv6 address for Ingress Load Balancing
+resource "google_compute_global_address" "ingress-ipv6" {
+  name       = "${var.cluster_name}-ingress-ipv6"
+  ip_version = "IPV6"
+}
+
 # Forward IPv4 TCP traffic to the HTTP proxy load balancer
 # Google Cloud does not allow TCP proxies for port 80. Must use HTTP proxy.
-resource "google_compute_global_forwarding_rule" "ingress-http" {
-  name        = "${var.cluster_name}-ingress-http"
+resource "google_compute_global_forwarding_rule" "ingress-http-ipv4" {
+  name        = "${var.cluster_name}-ingress-http-ipv4"
  ip_address  = "${google_compute_global_address.ingress-ipv4.address}"
  ip_protocol = "TCP"
  port_range  = "80"
@ -15,14 +21,33 @@ resource "google_compute_global_forwarding_rule" "ingress-http" {
 }

 # Forward IPv4 TCP traffic to the TCP proxy load balancer
-resource "google_compute_global_forwarding_rule" "ingress-https" {
-  name        = "${var.cluster_name}-ingress-https"
+resource "google_compute_global_forwarding_rule" "ingress-https-ipv4" {
+  name        = "${var.cluster_name}-ingress-https-ipv4"
  ip_address  = "${google_compute_global_address.ingress-ipv4.address}"
  ip_protocol = "TCP"
  port_range  = "443"
  target      = "${google_compute_target_tcp_proxy.ingress-https.self_link}"
 }

+# Forward IPv6 TCP traffic to the HTTP proxy load balancer
+# Google Cloud does not allow TCP proxies for port 80. Must use HTTP proxy.
+resource "google_compute_global_forwarding_rule" "ingress-http-ipv6" {
+  name        = "${var.cluster_name}-ingress-http-ipv6"
+  ip_address  = "${google_compute_global_address.ingress-ipv6.address}"
+  ip_protocol = "TCP"
+  port_range  = "80"
+  target      = "${google_compute_target_http_proxy.ingress-http.self_link}"
+}
+
+# Forward IPv6 TCP traffic to the TCP proxy load balancer
+resource "google_compute_global_forwarding_rule" "ingress-https-ipv6" {
+  name        = "${var.cluster_name}-ingress-https-ipv6"
+  ip_address  = "${google_compute_global_address.ingress-ipv6.address}"
+  ip_protocol = "TCP"
+  port_range  = "443"
+  target      = "${google_compute_target_tcp_proxy.ingress-https.self_link}"
+}
+
 # HTTP proxy load balancer for ingress controllers
 resource "google_compute_target_http_proxy" "ingress-http" {
  name        = "${var.cluster_name}-ingress-http"
--- a/google-cloud/container-linux/kubernetes/outputs.tf
+++ b/google-cloud/container-linux/kubernetes/outputs.tf
@ -5,6 +5,11 @@ output "ingress_static_ipv4" {
  value       = "${google_compute_global_address.ingress-ipv4.address}"
 }

+output "ingress_static_ipv6" {
+  description = "Global IPv6 address for proxy load balancing to the nearest Ingress controller"
+  value       = "${google_compute_global_address.ingress-ipv6.address}"
+}
+
 # Outputs for worker pools

 output "network_name" {