Discover web_backend_service name in GCP/LoadBalancers/Backend created from helm apply inGKE/k8s api

I’m trying to deliver a service in GKE using helm with Google IAP protection enabled in a specific web_backend_service using terraform. My main issue is the names of resources created in GCP for resource web_backend_service there isn’t a name matching from terraform code after create the HTTP Load Balancer with helm.

Let me explain better…

  1. I deliver the service with helm using a code like this…
resource "helm_release" "jenkins" {
  1. After that, I’m trying to allow permission with Terraform but the main issue is the name of the web_backend_service is not well known in my terraform code…
    Let me share in my case, GCP create 2 HTTPS loadbalancers with the same Backend Names:
  • k8s-be-30667--289e6a19e503de26
  • k8s1-289e6a19-jenkins-onefront-jenkins-onefront-8080-588e64ecl
    Let me show you also the names of the two HTTPS loadbalancers (both of them with the same Backend Names showed previously)
  • k8s2-um-x0rsnpra-jenkins-onefro-jenkins-onefront-secon-05u5hswf
  • k8s2-um-x0rsnpra-jenkins-onefront-jenkins-onefront-bytgshhl
    3.Let me shoy you the BackendConfig yaml created in k8s/gke with helm
kind: BackendConfig
  annotations: jenkins-onefront jenkins-onefront
  labels: jenkins-master jenkins-onefront Helm jenkins jenkins-2.12.1-2
  name: jenkins
  namespace: jenkins-onefront
  selfLink: /apis/
  uid: 4a0f56dd-8577-4bd3-b3b9-50bef09127f9
    enabled: true
      secretName: iap

My problem is there are no relationship betweeen these resource names created on GCP and the web_backend_service parameter name in terraform resource iap_web_backend_service_iam - web_backend_service

Affected Resource(s)

resource "google_iap_web_backend_service_iam_binding" "binding" {
  project = google_compute_backend_service.default.project
  web_backend_service = 
  role = "roles/iap.httpsResourceAccessor"
  members = [
1 Like