mirror of
https://github.com/puppetmaster/typhoon.git
synced 2024-12-27 11:09:33 +01:00
316f06df06
* Simplify clusters to come with a single NLB * Listen for apiserver traffic on port 6443 and forward to controllers (with healthy apiserver) * Listen for ingress traffic on ports 80/443 and forward to workers (with healthy ingress controller) * Reduce cost of default clusters by 1 NLB ($18.14/month) * Keep using CNAME records to the `ingress_dns_name` NLB and the nginx-ingress addon for Ingress (up to a few million RPS) * Users with heavy traffic (many million RPS) can create their own separate NLB(s) for Ingress and use the new output worker target groups * Fix issue where additional worker pools come with an extraneous network load balancer
48 lines
1.1 KiB
HCL
48 lines
1.1 KiB
HCL
# Target groups of instances for use with load balancers
|
|
|
|
resource "aws_lb_target_group" "workers-http" {
|
|
name = "${var.name}-workers-http"
|
|
vpc_id = "${var.vpc_id}"
|
|
target_type = "instance"
|
|
|
|
protocol = "TCP"
|
|
port = 80
|
|
|
|
# HTTP health check for ingress
|
|
health_check {
|
|
protocol = "HTTP"
|
|
port = 10254
|
|
path = "/healthz"
|
|
|
|
# NLBs required to use same healthy and unhealthy thresholds
|
|
healthy_threshold = 3
|
|
unhealthy_threshold = 3
|
|
|
|
# Interval between health checks required to be 10 or 30
|
|
interval = 10
|
|
}
|
|
}
|
|
|
|
resource "aws_lb_target_group" "workers-https" {
|
|
name = "${var.name}-workers-https"
|
|
vpc_id = "${var.vpc_id}"
|
|
target_type = "instance"
|
|
|
|
protocol = "TCP"
|
|
port = 443
|
|
|
|
# HTTP health check for ingress
|
|
health_check {
|
|
protocol = "HTTP"
|
|
port = 10254
|
|
path = "/healthz"
|
|
|
|
# NLBs required to use same healthy and unhealthy thresholds
|
|
healthy_threshold = 3
|
|
unhealthy_threshold = 3
|
|
|
|
# Interval between health checks required to be 10 or 30
|
|
interval = 10
|
|
}
|
|
}
|