2018-04-16 02:21:49 +02:00
|
|
|
# Network Load Balancer DNS Record
|
2018-02-16 14:18:27 +01:00
|
|
|
resource "aws_route53_record" "apiserver" {
|
2019-05-28 05:42:48 +02:00
|
|
|
zone_id = var.dns_zone_id
|
2018-02-16 14:18:27 +01:00
|
|
|
|
2019-05-28 05:42:48 +02:00
|
|
|
name = format("%s.%s.", var.cluster_name, var.dns_zone)
|
2018-02-16 14:18:27 +01:00
|
|
|
type = "A"
|
|
|
|
|
2018-08-22 06:25:22 +02:00
|
|
|
# AWS recommends their special "alias" records for NLBs
|
2018-02-16 14:18:27 +01:00
|
|
|
alias {
|
2019-05-28 05:42:48 +02:00
|
|
|
name = aws_lb.nlb.dns_name
|
|
|
|
zone_id = aws_lb.nlb.zone_id
|
2018-02-16 14:18:27 +01:00
|
|
|
evaluate_target_health = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-06-19 07:56:32 +02:00
|
|
|
# Network Load Balancer for apiservers and ingress
|
|
|
|
resource "aws_lb" "nlb" {
|
|
|
|
name = "${var.cluster_name}-nlb"
|
2018-02-16 14:18:27 +01:00
|
|
|
load_balancer_type = "network"
|
|
|
|
internal = false
|
|
|
|
|
2019-05-28 05:42:48 +02:00
|
|
|
subnets = aws_subnet.public.*.id
|
2018-03-11 07:50:29 +01:00
|
|
|
|
|
|
|
enable_cross_zone_load_balancing = true
|
2018-02-16 14:18:27 +01:00
|
|
|
}
|
|
|
|
|
2018-06-19 07:56:32 +02:00
|
|
|
# Forward TCP apiserver traffic to controllers
|
2018-02-16 14:18:27 +01:00
|
|
|
resource "aws_lb_listener" "apiserver-https" {
|
2019-05-28 05:42:48 +02:00
|
|
|
load_balancer_arn = aws_lb.nlb.arn
|
2018-02-16 14:18:27 +01:00
|
|
|
protocol = "TCP"
|
2018-06-19 06:57:58 +02:00
|
|
|
port = "6443"
|
2018-02-16 14:18:27 +01:00
|
|
|
|
|
|
|
default_action {
|
|
|
|
type = "forward"
|
2019-05-28 05:42:48 +02:00
|
|
|
target_group_arn = aws_lb_target_group.controllers.arn
|
2018-02-16 14:18:27 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-06-19 07:56:32 +02:00
|
|
|
# Forward HTTP ingress traffic to workers
|
|
|
|
resource "aws_lb_listener" "ingress-http" {
|
2019-05-28 05:42:48 +02:00
|
|
|
load_balancer_arn = aws_lb.nlb.arn
|
2018-06-19 07:56:32 +02:00
|
|
|
protocol = "TCP"
|
|
|
|
port = 80
|
|
|
|
|
|
|
|
default_action {
|
|
|
|
type = "forward"
|
2019-05-28 05:42:48 +02:00
|
|
|
target_group_arn = module.workers.target_group_http
|
2018-06-19 07:56:32 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
# Forward HTTPS ingress traffic to workers
|
|
|
|
resource "aws_lb_listener" "ingress-https" {
|
2019-05-28 05:42:48 +02:00
|
|
|
load_balancer_arn = aws_lb.nlb.arn
|
2018-06-19 07:56:32 +02:00
|
|
|
protocol = "TCP"
|
|
|
|
port = 443
|
|
|
|
|
|
|
|
default_action {
|
|
|
|
type = "forward"
|
2019-05-28 05:42:48 +02:00
|
|
|
target_group_arn = module.workers.target_group_https
|
2018-06-19 07:56:32 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-02-16 14:18:27 +01:00
|
|
|
# Target group of controllers
|
|
|
|
resource "aws_lb_target_group" "controllers" {
|
|
|
|
name = "${var.cluster_name}-controllers"
|
2019-05-28 05:42:48 +02:00
|
|
|
vpc_id = aws_vpc.network.id
|
2018-02-16 14:18:27 +01:00
|
|
|
target_type = "instance"
|
|
|
|
|
|
|
|
protocol = "TCP"
|
2018-06-19 06:57:58 +02:00
|
|
|
port = 6443
|
2018-02-16 14:18:27 +01:00
|
|
|
|
2018-04-16 02:21:49 +02:00
|
|
|
# TCP health check for apiserver
|
2018-02-16 14:18:27 +01:00
|
|
|
health_check {
|
|
|
|
protocol = "TCP"
|
2018-06-19 06:57:58 +02:00
|
|
|
port = 6443
|
2018-02-16 14:18:27 +01:00
|
|
|
|
|
|
|
# NLBs required to use same healthy and unhealthy thresholds
|
|
|
|
healthy_threshold = 3
|
|
|
|
unhealthy_threshold = 3
|
|
|
|
|
|
|
|
# Interval between health checks required to be 10 or 30
|
|
|
|
interval = 10
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
# Attach controller instances to apiserver NLB
|
|
|
|
resource "aws_lb_target_group_attachment" "controllers" {
|
2019-05-28 05:42:48 +02:00
|
|
|
count = var.controller_count
|
2018-02-16 14:18:27 +01:00
|
|
|
|
2019-05-28 05:42:48 +02:00
|
|
|
target_group_arn = aws_lb_target_group.controllers.arn
|
|
|
|
target_id = element(aws_instance.controllers.*.id, count.index)
|
2018-06-19 06:57:58 +02:00
|
|
|
port = 6443
|
2018-02-16 14:18:27 +01:00
|
|
|
}
|
2019-05-28 05:42:48 +02:00
|
|
|
|