mirror of
https://github.com/puppetmaster/typhoon.git
synced 2025-01-07 18:29:33 +01:00
e0c032be94
* On GCP, kubectl port-forward connections to pods are closed after a timeout (unlike AWS NLB's or Azure load balancers) * Increase the GCP apiserver backend service timeout from 1 minute to 5 minutes to be more similar to AWS/Azure LB behavior
98 lines
2.9 KiB
HCL
98 lines
2.9 KiB
HCL
# TCP Proxy load balancer DNS record
|
|
resource "google_dns_record_set" "apiserver" {
|
|
# DNS Zone name where record should be created
|
|
managed_zone = "${var.dns_zone_name}"
|
|
|
|
# DNS record
|
|
name = "${format("%s.%s.", var.cluster_name, var.dns_zone)}"
|
|
type = "A"
|
|
ttl = 300
|
|
|
|
# IPv4 address of apiserver TCP Proxy load balancer
|
|
rrdatas = ["${google_compute_global_address.apiserver-ipv4.address}"]
|
|
}
|
|
|
|
# Static IPv4 address for the TCP Proxy Load Balancer
|
|
resource "google_compute_global_address" "apiserver-ipv4" {
|
|
name = "${var.cluster_name}-apiserver-ip"
|
|
ip_version = "IPV4"
|
|
}
|
|
|
|
# Forward IPv4 TCP traffic to the TCP proxy load balancer
|
|
resource "google_compute_global_forwarding_rule" "apiserver" {
|
|
name = "${var.cluster_name}-apiserver"
|
|
ip_address = "${google_compute_global_address.apiserver-ipv4.address}"
|
|
ip_protocol = "TCP"
|
|
port_range = "443"
|
|
target = "${google_compute_target_tcp_proxy.apiserver.self_link}"
|
|
}
|
|
|
|
# TCP Proxy Load Balancer for apiservers
|
|
resource "google_compute_target_tcp_proxy" "apiserver" {
|
|
name = "${var.cluster_name}-apiserver"
|
|
description = "Distribute TCP load across ${var.cluster_name} controllers"
|
|
backend_service = "${google_compute_backend_service.apiserver.self_link}"
|
|
}
|
|
|
|
# Backend service backed by unmanaged instance groups
|
|
resource "google_compute_backend_service" "apiserver" {
|
|
name = "${var.cluster_name}-apiserver"
|
|
description = "${var.cluster_name} apiserver service"
|
|
|
|
protocol = "TCP"
|
|
port_name = "apiserver"
|
|
session_affinity = "NONE"
|
|
timeout_sec = "300"
|
|
|
|
# controller(s) spread across zonal instance groups
|
|
backend {
|
|
group = "${google_compute_instance_group.controllers.0.self_link}"
|
|
}
|
|
|
|
backend {
|
|
group = "${google_compute_instance_group.controllers.1.self_link}"
|
|
}
|
|
|
|
backend {
|
|
group = "${google_compute_instance_group.controllers.2.self_link}"
|
|
}
|
|
|
|
health_checks = ["${google_compute_health_check.apiserver.self_link}"]
|
|
}
|
|
|
|
# Instance group of heterogeneous (unmanged) controller instances
|
|
resource "google_compute_instance_group" "controllers" {
|
|
count = "${length(local.zones)}"
|
|
|
|
name = "${format("%s-controllers-%s", var.cluster_name, element(local.zones, count.index))}"
|
|
zone = "${element(local.zones, count.index)}"
|
|
|
|
named_port {
|
|
name = "apiserver"
|
|
port = "443"
|
|
}
|
|
|
|
# add instances in the zone into the instance group
|
|
instances = [
|
|
"${matchkeys(google_compute_instance.controllers.*.self_link,
|
|
google_compute_instance.controllers.*.zone,
|
|
list(element(local.zones, count.index)))}",
|
|
]
|
|
}
|
|
|
|
# TCP health check for apiserver
|
|
resource "google_compute_health_check" "apiserver" {
|
|
name = "${var.cluster_name}-apiserver-tcp-health"
|
|
description = "TCP health check for kube-apiserver"
|
|
|
|
timeout_sec = 5
|
|
check_interval_sec = 5
|
|
|
|
healthy_threshold = 1
|
|
unhealthy_threshold = 3
|
|
|
|
tcp_health_check {
|
|
port = "443"
|
|
}
|
|
}
|