Focus controller ELB on load balancing apiservers
* ELB distributing load across controllers is no longer the mechanism used to SSH to instances to distribute secrets * Focus the ELB on load balancing across apiserver and edit the HTTP health check to an SSL:443 check
This commit is contained in:
parent
168c487484
commit
af5c413abf
|
@ -1,5 +1,5 @@
|
||||||
# Controller Network Load Balancer DNS Record
|
# kube-apiserver Network Load Balancer DNS Record
|
||||||
resource "aws_route53_record" "controllers" {
|
resource "aws_route53_record" "apiserver" {
|
||||||
zone_id = "${var.dns_zone_id}"
|
zone_id = "${var.dns_zone_id}"
|
||||||
|
|
||||||
name = "${format("%s.%s.", var.cluster_name, var.dns_zone)}"
|
name = "${format("%s.%s.", var.cluster_name, var.dns_zone)}"
|
||||||
|
@ -7,15 +7,15 @@ resource "aws_route53_record" "controllers" {
|
||||||
|
|
||||||
# AWS recommends their special "alias" records for ELBs
|
# AWS recommends their special "alias" records for ELBs
|
||||||
alias {
|
alias {
|
||||||
name = "${aws_elb.controllers.dns_name}"
|
name = "${aws_elb.apiserver.dns_name}"
|
||||||
zone_id = "${aws_elb.controllers.zone_id}"
|
zone_id = "${aws_elb.apiserver.zone_id}"
|
||||||
evaluate_target_health = true
|
evaluate_target_health = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Controller Network Load Balancer
|
# Controller Network Load Balancer
|
||||||
resource "aws_elb" "controllers" {
|
resource "aws_elb" "apiserver" {
|
||||||
name = "${var.cluster_name}-controllers"
|
name = "${var.cluster_name}-apiserver"
|
||||||
subnets = ["${aws_subnet.public.*.id}"]
|
subnets = ["${aws_subnet.public.*.id}"]
|
||||||
security_groups = ["${aws_security_group.controller.id}"]
|
security_groups = ["${aws_security_group.controller.id}"]
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@ resource "aws_elb" "controllers" {
|
||||||
|
|
||||||
# Kubelet HTTP health check
|
# Kubelet HTTP health check
|
||||||
health_check {
|
health_check {
|
||||||
target = "HTTP:10255/healthz"
|
target = "SSL:443"
|
||||||
healthy_threshold = 2
|
healthy_threshold = 2
|
||||||
unhealthy_threshold = 4
|
unhealthy_threshold = 4
|
||||||
timeout = 5
|
timeout = 5
|
||||||
|
|
|
@ -69,7 +69,7 @@ resource "null_resource" "copy-secrets" {
|
||||||
# Secure copy bootkube assets to ONE controller and start bootkube to perform
|
# Secure copy bootkube assets to ONE controller and start bootkube to perform
|
||||||
# one-time self-hosted cluster bootstrapping.
|
# one-time self-hosted cluster bootstrapping.
|
||||||
resource "null_resource" "bootkube-start" {
|
resource "null_resource" "bootkube-start" {
|
||||||
depends_on = ["module.bootkube", "null_resource.copy-secrets", "aws_route53_record.controllers"]
|
depends_on = ["module.bootkube", "null_resource.copy-secrets", "aws_route53_record.apiserver"]
|
||||||
|
|
||||||
connection {
|
connection {
|
||||||
type = "ssh"
|
type = "ssh"
|
||||||
|
|
Loading…
Reference in New Issue