mirror of
https://github.com/puppetmaster/typhoon.git
synced 2024-12-24 04:19:33 +01:00
Focus controller ELB on load balancing apiservers
* ELB distributing load across controllers is no longer the mechanism used to SSH to instances to distribute secrets * Focus the ELB on load balancing across apiserver and edit the HTTP health check to an SSL:443 check
This commit is contained in:
parent
168c487484
commit
af5c413abf
@ -1,5 +1,5 @@
|
||||
# Controller Network Load Balancer DNS Record
|
||||
resource "aws_route53_record" "controllers" {
|
||||
# kube-apiserver Network Load Balancer DNS Record
|
||||
resource "aws_route53_record" "apiserver" {
|
||||
zone_id = "${var.dns_zone_id}"
|
||||
|
||||
name = "${format("%s.%s.", var.cluster_name, var.dns_zone)}"
|
||||
@ -7,15 +7,15 @@ resource "aws_route53_record" "controllers" {
|
||||
|
||||
# AWS recommends their special "alias" records for ELBs
|
||||
alias {
|
||||
name = "${aws_elb.controllers.dns_name}"
|
||||
zone_id = "${aws_elb.controllers.zone_id}"
|
||||
name = "${aws_elb.apiserver.dns_name}"
|
||||
zone_id = "${aws_elb.apiserver.zone_id}"
|
||||
evaluate_target_health = true
|
||||
}
|
||||
}
|
||||
|
||||
# Controller Network Load Balancer
|
||||
resource "aws_elb" "controllers" {
|
||||
name = "${var.cluster_name}-controllers"
|
||||
resource "aws_elb" "apiserver" {
|
||||
name = "${var.cluster_name}-apiserver"
|
||||
subnets = ["${aws_subnet.public.*.id}"]
|
||||
security_groups = ["${aws_security_group.controller.id}"]
|
||||
|
||||
@ -30,7 +30,7 @@ resource "aws_elb" "controllers" {
|
||||
|
||||
# Kubelet HTTP health check
|
||||
health_check {
|
||||
target = "HTTP:10255/healthz"
|
||||
target = "SSL:443"
|
||||
healthy_threshold = 2
|
||||
unhealthy_threshold = 4
|
||||
timeout = 5
|
||||
|
@ -69,7 +69,7 @@ resource "null_resource" "copy-secrets" {
|
||||
# Secure copy bootkube assets to ONE controller and start bootkube to perform
|
||||
# one-time self-hosted cluster bootstrapping.
|
||||
resource "null_resource" "bootkube-start" {
|
||||
depends_on = ["module.bootkube", "null_resource.copy-secrets", "aws_route53_record.controllers"]
|
||||
depends_on = ["module.bootkube", "null_resource.copy-secrets", "aws_route53_record.apiserver"]
|
||||
|
||||
connection {
|
||||
type = "ssh"
|
||||
|
Loading…
Reference in New Issue
Block a user