Use global HTTP/TCP proxy load balancing for Ingress on GCP

* Switch Ingress from regional network load balancers to global HTTP/TCP Proxy load balancing * Reduce cost by ~$19/month per cluster. Google bills the first 5 global and regional forwarding rules separately. Typhoon clusters now use 3 global and 0 regional forwarding rules. * Worker pools no longer include an extraneous load balancer. Remove worker module's `ingress_static_ip` output. * Add `ingress_static_ipv4` output variable * Add `worker_instance_group` output to allow custom global load balancing * Deprecate `controllers_ipv4_public` module output * Deprecate `ingress_static_ip` module output. Use `ingress_static_ipv4`
2025-07-17 03:01:35 +02:00 · 2018-05-06 23:21:53 -07:00
parent 2eaf04c68b
commit 0c4d59db87
13 changed files with 322 additions and 134 deletions
--- a/google-cloud/container-linux/kubernetes/workers/workers.tf
+++ b/google-cloud/container-linux/kubernetes/workers/workers.tf
@ -1,5 +1,4 @@
-# Regional managed instance group maintains a homogeneous set of workers that
-# span the zones in the region.
+# Regional managed instance group of workers
 resource "google_compute_region_instance_group_manager" "workers" {
  name        = "${var.name}-worker-group"
  description = "Compute instance group of ${var.name} workers"
@ -11,30 +10,18 @@ resource "google_compute_region_instance_group_manager" "workers" {

  target_size = "${var.count}"

-  # target pool to which instances in the group should be added
-  target_pools = [
-    "${google_compute_target_pool.workers.self_link}",
-  ]
-}
+  named_port {
+    name = "http"
+    port = "80"
+  }

-# Worker Container Linux Config
-data "template_file" "worker_config" {
-  template = "${file("${path.module}/cl/worker.yaml.tmpl")}"
-
-  vars = {
-    kubeconfig            = "${indent(10, var.kubeconfig)}"
-    ssh_authorized_key    = "${var.ssh_authorized_key}"
-    k8s_dns_service_ip    = "${cidrhost(var.service_cidr, 10)}"
-    cluster_domain_suffix = "${var.cluster_domain_suffix}"
+  named_port {
+    name = "https"
+    port = "443"
  }
 }

-data "ct_config" "worker_ign" {
-  content      = "${data.template_file.worker_config.rendered}"
-  pretty_print = false
-  snippets     = ["${var.clc_snippets}"]
-}
-
+# Worker instance template
 resource "google_compute_instance_template" "worker" {
  name_prefix  = "${var.name}-worker-"
  description  = "Worker Instance template"
@ -76,3 +63,21 @@ resource "google_compute_instance_template" "worker" {
    create_before_destroy = true
  }
 }
+
+# Worker Container Linux Config
+data "template_file" "worker_config" {
+  template = "${file("${path.module}/cl/worker.yaml.tmpl")}"
+
+  vars = {
+    kubeconfig            = "${indent(10, var.kubeconfig)}"
+    ssh_authorized_key    = "${var.ssh_authorized_key}"
+    k8s_dns_service_ip    = "${cidrhost(var.service_cidr, 10)}"
+    cluster_domain_suffix = "${var.cluster_domain_suffix}"
+  }
+}
+
+data "ct_config" "worker_ign" {
+  content      = "${data.template_file.worker_config.rendered}"
+  pretty_print = false
+  snippets     = ["${var.clc_snippets}"]
+}