Backend services always have max_utilization set - cannot be edited through the UI

[cgpuglie]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v0.12.31
+ provider.google v3.74.0

Affected Resource(s)

• google_compute_instance_group
• google_compute_backend_service
• google_compute_url_map

Terraform Configuration Files

variable "access_token" {
  type = string
}

variable "project_id" {
  type = string
}

locals {
  region = "us-central1"
  zone   = "${local.region}-a"
}

provider "google" {
  access_token = var.access_token
  project      = var.project_id
  region       = local.region
}

resource "google_compute_instance" "test" {
  machine_type = "n1-standard-2"
  name         = "test-instance"
  zone         = local.zone

  network_interface {
    network = "default"

    access_config {

    }
  }

  boot_disk {
    initialize_params {
      image = "ubuntu-1804-bionic-v20210325"
    }
  }
}

resource "google_compute_instance_group" "test" {
  name = "test-ig"
  zone = local.zone

  instances = google_compute_instance.test[*].self_link

  named_port {
    name = "http80"
    port = 80
  }

  named_port {
    name = "http8080"
    port = 8080
  }
}

resource "google_compute_health_check" "web" {
  name = "test-check-80"

  check_interval_sec  = 10
  unhealthy_threshold = 3

  tcp_health_check {
    port = 80
  }
}

resource "google_compute_health_check" "web2" {
  name = "test-check-8080"

  check_interval_sec  = 10
  unhealthy_threshold = 3

  tcp_health_check {
    port = 8080
  }
}

resource "google_compute_backend_service" "web" {
  name = "test-backend-80"

  protocol              = "HTTP"
  load_balancing_scheme = "EXTERNAL"
  port_name             = "http80"

  health_checks = google_compute_health_check.web[*].self_link

  backend {
    group                 = google_compute_instance_group.test.self_link
    balancing_mode        = "RATE"
    max_rate_per_instance = 200
  }
}

resource "google_compute_backend_service" "web2" {
  name = "test-backend-8080"

  protocol              = "HTTP"
  load_balancing_scheme = "EXTERNAL"
  port_name             = "http80"

  health_checks = google_compute_health_check.web2[*].self_link

  backend {
    group                 = google_compute_instance_group.test.self_link
    balancing_mode        = "RATE"
    max_rate_per_instance = 200
  }
}

resource "google_compute_url_map" "test" {
  name = "test-map"

  default_service = google_compute_backend_service.web.self_link

  host_rule {
    hosts        = ["example.com"]
    path_matcher = "example"
  }

  path_matcher {
    name            = "example"
    default_service = google_compute_backend_service.web.self_link

    path_rule {
      paths   = ["/test"]
      service = google_compute_backend_service.web2.self_link
    }
  }
}

resource "google_compute_target_http_proxy" "test" {
  name    = "test-proxy"
  url_map = google_compute_url_map.test.id
}

resource "google_compute_global_forwarding_rule" "test" {
  name                  = "test-fw-rule"
  load_balancing_scheme = "EXTERNAL"
  port_range            = "80"
  target                = google_compute_target_http_proxy.test.self_link
}

Expected Behavior

Terraform apply succeeds

Load balancer appears valid in the GCP console UI

Actual Behavior

Terraform apply succeeds

Editing load balancer through the console UI fails validation with the message below

Validation failed for instance group 'projects/my-project/zones/us-central1-a/instanceGroups/test-ig': backend services 'projects/my-project/global/backendServices/test-backend-80' and 'projects/my-project/global/backendServices/test-backend-8080' point to the same instance group but the backends have incompatible balancing_mode. Values should be the same.

Steps to Reproduce

1. terraform apply
2. Open edit menu in GCP console (Network services > Load balancing > Load Balancers > test-map > edit)
3. Click save without making changes

Important Factoids

• According to the docs, using the same instance group in 2 backend services should be supported if the balancing modes are compatible.

  • You can use the same instance group as a backend for more than one backend service. In this situation, the backends must use compatible balancing modes. Compatible means that the balancing modes must be the same, or they must be a combination of CONNECTION and RATE. Incompatible combinations are as follows

• The issue seems to be that even though max_utilization isn't set on the backend_service, it defaults to 0.8, making the backend services incompatible.
• Setting max_utilization to 0.0 doesn't help, even though the terraform docs show that as a supported value. Editing through the console UI gives this message:

  • Invalid value for field 'resource': '{ "backend": [{ "resourceGroup": "projects/my-project/zones/us-central1-a/instanceGroups...'. None of the backends have a valid capacity

• This was working a couple weeks ago, it seems like Google's validation on the console UI was changed, and the API is still accepting invalid values.

References

• Google Backend Service Documentation
• Terraform Backend Service Documentation

[edwardmedia]

@cgpuglie I see the same behavior as you saw. I am able to update the resources via tf apply. What leads you to think this is a provider bug? I don't know much about what validation the UI run. Are you able to edit the resources that are created via non-terraform method?

[cgpuglie]

Yes, if I create a load balancer through the console UI I can omit max_utilization and specify balancing_mode = "RATE" and max_rate_per_instance = 200. This makes the backends 'compatible' according to the docs, and the UI allows you to edit the load balancer.

Google support advised me to unset the max_utilization argument, the bug is that the provider doesn't support this.

I do agree it's a weird situation, though. The API accepts this config as valid, but the console UI doesn't seem to agree.

[edwardmedia]

I see what the problem is. We can not have max_utilization in the request payload when balancing_mode is a non-UTILIZATION.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.