Use global HTTP/TCP proxy load balancing for Ingress on GCP

* Switch Ingress from regional network load balancers to global HTTP/TCP Proxy load balancing * Reduce cost by ~$19/month per cluster. Google bills the first 5 global and regional forwarding rules separately. Typhoon clusters now use 3 global and 0 regional forwarding rules. * Worker pools no longer include an extraneous load balancer. Remove worker module's `ingress_static_ip` output. * Add `ingress_static_ipv4` output variable * Add `worker_instance_group` output to allow custom global load balancing * Deprecate `controllers_ipv4_public` module output * Deprecate `ingress_static_ip` module output. Use `ingress_static_ipv4`
2025-07-19 01:41:34 +02:00 · 2018-05-06 23:21:53 -07:00
parent 2eaf04c68b
commit 0c4d59db87
13 changed files with 322 additions and 134 deletions
--- a/google-cloud/container-linux/kubernetes/workers/ingress.tf
+++ b/google-cloud/container-linux/kubernetes/workers/ingress.tf
@ -1,45 +0,0 @@
-# Static IPv4 address for the Network Load Balancer
-resource "google_compute_address" "ingress-ip" {
-  name = "${var.name}-ingress-ip"
-}
-
-# Network Load Balancer (i.e. forwarding rules)
-resource "google_compute_forwarding_rule" "worker-http-lb" {
-  name       = "${var.name}-worker-http-rule"
-  ip_address = "${google_compute_address.ingress-ip.address}"
-  port_range = "80"
-  target     = "${google_compute_target_pool.workers.self_link}"
-}
-
-resource "google_compute_forwarding_rule" "worker-https-lb" {
-  name       = "${var.name}-worker-https-rule"
-  ip_address = "${google_compute_address.ingress-ip.address}"
-  port_range = "443"
-  target     = "${google_compute_target_pool.workers.self_link}"
-}
-
-# Network Load Balancer target pool of instances.
-resource "google_compute_target_pool" "workers" {
-  name = "${var.name}-worker-pool"
-
-  health_checks = [
-    "${google_compute_http_health_check.ingress.name}",
-  ]
-
-  session_affinity = "NONE"
-}
-
-# Ingress HTTP Health Check
-resource "google_compute_http_health_check" "ingress" {
-  name        = "${var.name}-ingress-health"
-  description = "Health check Ingress controller health host port"
-
-  timeout_sec        = 5
-  check_interval_sec = 5
-
-  healthy_threshold   = 2
-  unhealthy_threshold = 4
-
-  port         = 10254
-  request_path = "/healthz"
-}
--- a/google-cloud/container-linux/kubernetes/workers/outputs.tf
+++ b/google-cloud/container-linux/kubernetes/workers/outputs.tf
@ -1,3 +1,4 @@
-output "ingress_static_ip" {
-  value = "${google_compute_address.ingress-ip.address}"
+output "instance_group" {
+  description = "Full URL of the worker managed instance group"
+  value = "${google_compute_region_instance_group_manager.workers.instance_group}"
 }
--- a/google-cloud/container-linux/kubernetes/workers/workers.tf
+++ b/google-cloud/container-linux/kubernetes/workers/workers.tf
@ -1,5 +1,4 @@
-# Regional managed instance group maintains a homogeneous set of workers that
-# span the zones in the region.
+# Regional managed instance group of workers
 resource "google_compute_region_instance_group_manager" "workers" {
  name        = "${var.name}-worker-group"
  description = "Compute instance group of ${var.name} workers"
@ -11,30 +10,18 @@ resource "google_compute_region_instance_group_manager" "workers" {

  target_size = "${var.count}"

-  # target pool to which instances in the group should be added
-  target_pools = [
-    "${google_compute_target_pool.workers.self_link}",
-  ]
-}
+  named_port {
+    name = "http"
+    port = "80"
+  }

-# Worker Container Linux Config
-data "template_file" "worker_config" {
-  template = "${file("${path.module}/cl/worker.yaml.tmpl")}"
-
-  vars = {
-    kubeconfig            = "${indent(10, var.kubeconfig)}"
-    ssh_authorized_key    = "${var.ssh_authorized_key}"
-    k8s_dns_service_ip    = "${cidrhost(var.service_cidr, 10)}"
-    cluster_domain_suffix = "${var.cluster_domain_suffix}"
+  named_port {
+    name = "https"
+    port = "443"
  }
 }

-data "ct_config" "worker_ign" {
-  content      = "${data.template_file.worker_config.rendered}"
-  pretty_print = false
-  snippets     = ["${var.clc_snippets}"]
-}
-
+# Worker instance template
 resource "google_compute_instance_template" "worker" {
  name_prefix  = "${var.name}-worker-"
  description  = "Worker Instance template"
@ -76,3 +63,21 @@ resource "google_compute_instance_template" "worker" {
    create_before_destroy = true
  }
 }
+
+# Worker Container Linux Config
+data "template_file" "worker_config" {
+  template = "${file("${path.module}/cl/worker.yaml.tmpl")}"
+
+  vars = {
+    kubeconfig            = "${indent(10, var.kubeconfig)}"
+    ssh_authorized_key    = "${var.ssh_authorized_key}"
+    k8s_dns_service_ip    = "${cidrhost(var.service_cidr, 10)}"
+    cluster_domain_suffix = "${var.cluster_domain_suffix}"
+  }
+}
+
+data "ct_config" "worker_ign" {
+  content      = "${data.template_file.worker_config.rendered}"
+  pretty_print = false
+  snippets     = ["${var.clc_snippets}"]
+}