CadolesKube
/
typhoon
mirror of https://github.com/puppetmaster/typhoon.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Focus controller ELB on load balancing apiservers 

* ELB distributing load across controllers is no longer the mechanism
used to SSH to instances to distribute secrets
* Focus the ELB on load balancing across apiserver and edit the HTTP
health check to an SSL:443 check
This commit is contained in:
Dalton Hubble 2017-11-05 22:51:29 -08:00
parent 168c487484
commit af5c413abf
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
aws/container-linux/kubernetes/elb.tf
View File

@ -1,5 +1,5 @@
# Controller Network Load Balancer DNS Record # kube-apiserver Network Load Balancer DNS Record
resource "aws_route53_record" "controllers" { resource "aws_route53_record" "apiserver" {
zone_id = "${var.dns_zone_id}" zone_id = "${var.dns_zone_id}"
name = "${format("%s.%s.", var.cluster_name, var.dns_zone)}" name = "${format("%s.%s.", var.cluster_name, var.dns_zone)}"
@ -7,15 +7,15 @@ resource "aws_route53_record" "controllers" {
# AWS recommends their special "alias" records for ELBs # AWS recommends their special "alias" records for ELBs
alias { alias {
name = "${aws_elb.controllers.dns_name}" name = "${aws_elb.apiserver.dns_name}"
zone_id = "${aws_elb.controllers.zone_id}" zone_id = "${aws_elb.apiserver.zone_id}"
evaluate_target_health = true evaluate_target_health = true
} }
} }
# Controller Network Load Balancer # Controller Network Load Balancer
resource "aws_elb" "controllers" { resource "aws_elb" "apiserver" {
name = "${var.cluster_name}-controllers" name = "${var.cluster_name}-apiserver"
subnets = ["${aws_subnet.public.*.id}"] subnets = ["${aws_subnet.public.*.id}"]
security_groups = ["${aws_security_group.controller.id}"] security_groups = ["${aws_security_group.controller.id}"]
@ -30,7 +30,7 @@ resource "aws_elb" "controllers" {
# Kubelet HTTP health check # Kubelet HTTP health check
health_check { health_check {
target = "HTTP:10255/healthz" target = "SSL:443"
healthy_threshold = 2 healthy_threshold = 2
unhealthy_threshold = 4 unhealthy_threshold = 4
timeout = 5 timeout = 5

2
aws/container-linux/kubernetes/ssh.tf
View File

@ -69,7 +69,7 @@ resource "null_resource" "copy-secrets" {
# Secure copy bootkube assets to ONE controller and start bootkube to perform # Secure copy bootkube assets to ONE controller and start bootkube to perform
# one-time self-hosted cluster bootstrapping. # one-time self-hosted cluster bootstrapping.
resource "null_resource" "bootkube-start" { resource "null_resource" "bootkube-start" {
depends_on = ["module.bootkube", "null_resource.copy-secrets", "aws_route53_record.controllers"] depends_on = ["module.bootkube", "null_resource.copy-secrets", "aws_route53_record.apiserver"]
connection { connection {
type = "ssh" type = "ssh"