# Static IPv4 address for Ingress Load Balancing
resource "google_compute_global_address" "ingress-ipv4" {
  name       = "${var.cluster_name}-ingress-ipv4"
  ip_version = "IPV4"
}

# Static IPv6 address for Ingress Load Balancing
resource "google_compute_global_address" "ingress-ipv6" {
  name       = "${var.cluster_name}-ingress-ipv6"
  ip_version = "IPV6"
}

# Forward IPv4 TCP traffic to the HTTP proxy load balancer
# Google Cloud does not allow TCP proxies for port 80. Must use HTTP proxy.
resource "google_compute_global_forwarding_rule" "ingress-http-ipv4" {
  name        = "${var.cluster_name}-ingress-http-ipv4"
  ip_address  = google_compute_global_address.ingress-ipv4.address
  ip_protocol = "TCP"
  port_range  = "80"
  target      = google_compute_target_http_proxy.ingress-http.self_link
}

# Forward IPv4 TCP traffic to the TCP proxy load balancer
resource "google_compute_global_forwarding_rule" "ingress-https-ipv4" {
  name        = "${var.cluster_name}-ingress-https-ipv4"
  ip_address  = google_compute_global_address.ingress-ipv4.address
  ip_protocol = "TCP"
  port_range  = "443"
  target      = google_compute_target_tcp_proxy.ingress-https.self_link
}

# Forward IPv6 TCP traffic to the HTTP proxy load balancer
# Google Cloud does not allow TCP proxies for port 80. Must use HTTP proxy.
resource "google_compute_global_forwarding_rule" "ingress-http-ipv6" {
  name        = "${var.cluster_name}-ingress-http-ipv6"
  ip_address  = google_compute_global_address.ingress-ipv6.address
  ip_protocol = "TCP"
  port_range  = "80"
  target      = google_compute_target_http_proxy.ingress-http.self_link
}

# Forward IPv6 TCP traffic to the TCP proxy load balancer
resource "google_compute_global_forwarding_rule" "ingress-https-ipv6" {
  name        = "${var.cluster_name}-ingress-https-ipv6"
  ip_address  = google_compute_global_address.ingress-ipv6.address
  ip_protocol = "TCP"
  port_range  = "443"
  target      = google_compute_target_tcp_proxy.ingress-https.self_link
}

# HTTP proxy load balancer for ingress controllers
resource "google_compute_target_http_proxy" "ingress-http" {
  name        = "${var.cluster_name}-ingress-http"
  description = "Distribute HTTP load across ${var.cluster_name} workers"
  url_map     = google_compute_url_map.ingress-http.self_link
}

# TCP proxy load balancer for ingress controllers
resource "google_compute_target_tcp_proxy" "ingress-https" {
  name            = "${var.cluster_name}-ingress-https"
  description     = "Distribute HTTPS load across ${var.cluster_name} workers"
  backend_service = google_compute_backend_service.ingress-https.self_link
}

# HTTP URL Map (required)
resource "google_compute_url_map" "ingress-http" {
  name = "${var.cluster_name}-ingress-http"

  # Do not add host/path rules for applications here. Use Ingress resources.
  default_service = google_compute_backend_service.ingress-http.self_link
}

# Backend service backed by managed instance group of workers
resource "google_compute_backend_service" "ingress-http" {
  name        = "${var.cluster_name}-ingress-http"
  description = "${var.cluster_name} ingress service"

  protocol         = "HTTP"
  port_name        = "http"
  session_affinity = "NONE"
  timeout_sec      = "60"

  backend {
    group = module.workers.instance_group
  }

  health_checks = [google_compute_health_check.ingress.self_link]
}

# Backend service backed by managed instance group of workers
resource "google_compute_backend_service" "ingress-https" {
  name        = "${var.cluster_name}-ingress-https"
  description = "${var.cluster_name} ingress service"

  protocol         = "TCP"
  port_name        = "https"
  session_affinity = "NONE"
  timeout_sec      = "60"

  backend {
    group = module.workers.instance_group
  }

  health_checks = [google_compute_health_check.ingress.self_link]
}

# Ingress HTTP Health Check
resource "google_compute_health_check" "ingress" {
  name        = "${var.cluster_name}-ingress-health"
  description = "Health check for Ingress controller"

  timeout_sec        = 5
  check_interval_sec = 5

  healthy_threshold   = 2
  unhealthy_threshold = 4

  http_health_check {
    port         = 10254
    request_path = "/healthz"
  }
}