Focus controller ELB on load balancing apiservers

* ELB distributing load across controllers is no longer the mechanism used to SSH to instances to distribute secrets * Focus the ELB on load balancing across apiserver and edit the HTTP health check to an SSL:443 check
2017-11-05 22:51:29 -08:00 · 2017-11-05 22:51:29 -08:00 · af5c413abf
parent 168c487484
commit af5c413abf
2 changed files with 8 additions and 8 deletions
--- a/aws/container-linux/kubernetes/elb.tf
+++ b/aws/container-linux/kubernetes/elb.tf
@ -1,5 +1,5 @@
-# Controller Network Load Balancer DNS Record
-resource "aws_route53_record" "controllers" {
+# kube-apiserver Network Load Balancer DNS Record
+resource "aws_route53_record" "apiserver" {
  zone_id = "${var.dns_zone_id}"

  name = "${format("%s.%s.", var.cluster_name, var.dns_zone)}"
@ -7,15 +7,15 @@ resource "aws_route53_record" "controllers" {

  # AWS recommends their special "alias" records for ELBs
  alias {
-    name                   = "${aws_elb.controllers.dns_name}"
-    zone_id                = "${aws_elb.controllers.zone_id}"
+    name                   = "${aws_elb.apiserver.dns_name}"
+    zone_id                = "${aws_elb.apiserver.zone_id}"
    evaluate_target_health = true
  }
 }

 # Controller Network Load Balancer
-resource "aws_elb" "controllers" {
-  name            = "${var.cluster_name}-controllers"
+resource "aws_elb" "apiserver" {
+  name            = "${var.cluster_name}-apiserver"
  subnets         = ["${aws_subnet.public.*.id}"]
  security_groups = ["${aws_security_group.controller.id}"]

@ -30,7 +30,7 @@ resource "aws_elb" "controllers" {

  # Kubelet HTTP health check
  health_check {
-    target              = "HTTP:10255/healthz"
+    target              = "SSL:443"
    healthy_threshold   = 2
    unhealthy_threshold = 4
    timeout             = 5
--- a/aws/container-linux/kubernetes/ssh.tf
+++ b/aws/container-linux/kubernetes/ssh.tf
@ -69,7 +69,7 @@ resource "null_resource" "copy-secrets" {
 # Secure copy bootkube assets to ONE controller and start bootkube to perform
 # one-time self-hosted cluster bootstrapping.
 resource "null_resource" "bootkube-start" {
-  depends_on = ["module.bootkube", "null_resource.copy-secrets", "aws_route53_record.controllers"]
+  depends_on = ["module.bootkube", "null_resource.copy-secrets", "aws_route53_record.apiserver"]

  connection {
    type    = "ssh"