typhoon/aws/container-linux/kubernetes/workers/ingress.tf

# Network Load Balancer for Ingress
resource "aws_lb" "ingress" {
  name               = "${var.name}-ingress"
  load_balancer_type = "network"
  internal           = false

  subnets = ["${var.subnet_ids}"]

  enable_cross_zone_load_balancing = true
}

# Forward HTTP traffic to workers
resource "aws_lb_listener" "ingress-http" {
  load_balancer_arn = "${aws_lb.ingress.arn}"
  protocol          = "TCP"
  port              = 80

  default_action {
    type             = "forward"
    target_group_arn = "${aws_lb_target_group.workers-http.arn}"
  }
}

# Forward HTTPS traffic to workers
resource "aws_lb_listener" "ingress-https" {
  load_balancer_arn = "${aws_lb.ingress.arn}"
  protocol          = "TCP"
  port              = 443

  default_action {
    type             = "forward"
    target_group_arn = "${aws_lb_target_group.workers-https.arn}"
  }
}

# Network Load Balancer target groups of instances

resource "aws_lb_target_group" "workers-http" {
  name        = "${var.name}-workers-http"
  vpc_id      = "${var.vpc_id}"
  target_type = "instance"

  protocol = "TCP"
  port     = 80

  # Ingress Controller HTTP health check
  health_check {
    protocol = "HTTP"
    port     = 10254
    path     = "/healthz"

    # NLBs required to use same healthy and unhealthy thresholds
    healthy_threshold   = 3
    unhealthy_threshold = 3

    # Interval between health checks required to be 10 or 30
    interval = 10
  }
}

resource "aws_lb_target_group" "workers-https" {
  name        = "${var.name}-workers-https"
  vpc_id      = "${var.vpc_id}"
  target_type = "instance"

  protocol = "TCP"
  port     = 443

  # Ingress Controller HTTP health check
  health_check {
    protocol = "HTTP"
    port     = 10254
    path     = "/healthz"

    # NLBs required to use same healthy and unhealthy thresholds
    healthy_threshold   = 3
    unhealthy_threshold = 3

    # Interval between health checks required to be 10 or 30
    interval = 10
  }
}
Switch Ingress ELB to a network load balancer * Require terraform-provider-aws 1.7 or higher 2017-11-07 21:56:50 -08:00			`# Network Load Balancer for Ingress`
			`resource "aws_lb" "ingress" {`
Rename cluster_name to name in internal module * Ensure consistency between AWS and GCP platforms 2018-03-03 17:52:01 -08:00			`name = "${var.name}-ingress"`
Switch Ingress ELB to a network load balancer * Require terraform-provider-aws 1.7 or higher 2017-11-07 21:56:50 -08:00			`load_balancer_type = "network"`
			`internal = false`

Add support for worker pools on AWS * Allow groups of workers to be defined and joined to a cluster (i.e. worker pools) * Move worker resources into a Terraform submodule * Output variables needed for passing to worker pools * Add usage docs for AWS worker pools (advanced) 2018-02-26 22:16:34 -08:00			`subnets = ["${var.subnet_ids}"]`
Enable AWS NLB cross-zone load balancing * https://github.com/terraform-providers/terraform-provider-aws/pull/3537 * https://aws.amazon.com/about-aws/whats-new/2018/02/network-load-balancer-now-supports-cross-zone-load-balancing/ 2018-03-10 22:50:29 -08:00
			`enable_cross_zone_load_balancing = true`
Switch Ingress ELB to a network load balancer * Require terraform-provider-aws 1.7 or higher 2017-11-07 21:56:50 -08:00			`}`

Switch apiserver from ELB to a network load balancer 2018-02-16 13:18:27 +00:00			`# Forward HTTP traffic to workers`
Switch Ingress ELB to a network load balancer * Require terraform-provider-aws 1.7 or higher 2017-11-07 21:56:50 -08:00			`resource "aws_lb_listener" "ingress-http" {`
			`load_balancer_arn = "${aws_lb.ingress.arn}"`
			`protocol = "TCP"`
			`port = 80`

			`default_action {`
			`type = "forward"`
			`target_group_arn = "${aws_lb_target_group.workers-http.arn}"`
Add dghubble/pegasus AWS Kubernetes Terraform module 2017-09-17 21:40:33 -07:00			`}`
Switch Ingress ELB to a network load balancer * Require terraform-provider-aws 1.7 or higher 2017-11-07 21:56:50 -08:00			`}`
Add dghubble/pegasus AWS Kubernetes Terraform module 2017-09-17 21:40:33 -07:00
Switch apiserver from ELB to a network load balancer 2018-02-16 13:18:27 +00:00			`# Forward HTTPS traffic to workers`
Switch Ingress ELB to a network load balancer * Require terraform-provider-aws 1.7 or higher 2017-11-07 21:56:50 -08:00			`resource "aws_lb_listener" "ingress-https" {`
			`load_balancer_arn = "${aws_lb.ingress.arn}"`
			`protocol = "TCP"`
			`port = 443`

			`default_action {`
			`type = "forward"`
			`target_group_arn = "${aws_lb_target_group.workers-https.arn}"`
Add dghubble/pegasus AWS Kubernetes Terraform module 2017-09-17 21:40:33 -07:00			`}`
Switch Ingress ELB to a network load balancer * Require terraform-provider-aws 1.7 or higher 2017-11-07 21:56:50 -08:00			`}`

			`# Network Load Balancer target groups of instances`

			`resource "aws_lb_target_group" "workers-http" {`
Rename cluster_name to name in internal module * Ensure consistency between AWS and GCP platforms 2018-03-03 17:52:01 -08:00			`name = "${var.name}-workers-http"`
Add support for worker pools on AWS * Allow groups of workers to be defined and joined to a cluster (i.e. worker pools) * Move worker resources into a Terraform submodule * Output variables needed for passing to worker pools * Add usage docs for AWS worker pools (advanced) 2018-02-26 22:16:34 -08:00			`vpc_id = "${var.vpc_id}"`
Switch Ingress ELB to a network load balancer * Require terraform-provider-aws 1.7 or higher 2017-11-07 21:56:50 -08:00			`target_type = "instance"`

			`protocol = "TCP"`
			`port = 80`
Add dghubble/pegasus AWS Kubernetes Terraform module 2017-09-17 21:40:33 -07:00
aws: Add Ingress ELB DNS name output as ingress_dns_name * Expose the Ingress ELB DNS name so application DNS records can be defined in Terraform to resolve to the Ingress ELB 2017-09-28 00:46:17 -07:00			`# Ingress Controller HTTP health check`
Add dghubble/pegasus AWS Kubernetes Terraform module 2017-09-17 21:40:33 -07:00			`health_check {`
Switch Ingress ELB to a network load balancer * Require terraform-provider-aws 1.7 or higher 2017-11-07 21:56:50 -08:00			`protocol = "HTTP"`
			`port = 10254`
			`path = "/healthz"`

			`# NLBs required to use same healthy and unhealthy thresholds`
			`healthy_threshold = 3`
			`unhealthy_threshold = 3`

			`# Interval between health checks required to be 10 or 30`
			`interval = 10`
Add dghubble/pegasus AWS Kubernetes Terraform module 2017-09-17 21:40:33 -07:00			`}`
Switch Ingress ELB to a network load balancer * Require terraform-provider-aws 1.7 or higher 2017-11-07 21:56:50 -08:00			`}`

			`resource "aws_lb_target_group" "workers-https" {`
Rename cluster_name to name in internal module * Ensure consistency between AWS and GCP platforms 2018-03-03 17:52:01 -08:00			`name = "${var.name}-workers-https"`
Add support for worker pools on AWS * Allow groups of workers to be defined and joined to a cluster (i.e. worker pools) * Move worker resources into a Terraform submodule * Output variables needed for passing to worker pools * Add usage docs for AWS worker pools (advanced) 2018-02-26 22:16:34 -08:00			`vpc_id = "${var.vpc_id}"`
Switch Ingress ELB to a network load balancer * Require terraform-provider-aws 1.7 or higher 2017-11-07 21:56:50 -08:00			`target_type = "instance"`

			`protocol = "TCP"`
			`port = 443`
Add dghubble/pegasus AWS Kubernetes Terraform module 2017-09-17 21:40:33 -07:00
Switch Ingress ELB to a network load balancer * Require terraform-provider-aws 1.7 or higher 2017-11-07 21:56:50 -08:00			`# Ingress Controller HTTP health check`
			`health_check {`
			`protocol = "HTTP"`
			`port = 10254`
			`path = "/healthz"`

			`# NLBs required to use same healthy and unhealthy thresholds`
			`healthy_threshold = 3`
			`unhealthy_threshold = 3`

			`# Interval between health checks required to be 10 or 30`
			`interval = 10`
			`}`
Add dghubble/pegasus AWS Kubernetes Terraform module 2017-09-17 21:40:33 -07:00			`}`