From 16dfbb354120a04925775092b4e43a0420dc2e05 Mon Sep 17 00:00:00 2001 From: Alex Crawford Date: Thu, 1 Nov 2018 13:45:31 -0700 Subject: [PATCH] data/aws: use nlbs instead of elbs We've noticed an elevated rate of installation failures recently. The root cause appears to be 50-90 seconds of latency added to traffic going through the internal ELB on port 49500. This was causing Ignition's connections to timeout, resulting in the machines never provisioning. AWS's NLBs don't seem to have this high latency, so we've decided to move over to them instead. With the move to NLBs, we also get the ability to add individual health checks for each port instead of just a single health check for each load balancer. Also, NLBs are cheaper. This commit drops support for ingress and the console. Since the console and router aren't currently configured correctly, nobody should notice that this is gone. It was easier to drop support in this commit rather than continue to try to plumb through the existing implementation knowing that it was going to have to change in the future. Once the router has a strategy for ingress, we'll re-add this functionality using the new NLBs. This also drop support for the `-k8s` DNS entry. We aren't aware of any consumers and it was going to be tedious to keep this working. --- data/data/aws/bootstrap/main.tf | 16 ++- data/data/aws/bootstrap/variables.tf | 30 ++-- data/data/aws/main.tf | 90 ++++++------ data/data/aws/master/main.tf | 22 ++- data/data/aws/master/variables.tf | 24 ++-- data/data/aws/route53/tectonic.tf | 88 ++---------- data/data/aws/route53/variables.tf | 31 ++--- data/data/aws/vpc/master-elb.tf | 198 +++++++++++++++------------ data/data/aws/vpc/outputs.tf | 48 +++---- 9 files changed, 245 insertions(+), 302 deletions(-) diff --git a/data/data/aws/bootstrap/main.tf b/data/data/aws/bootstrap/main.tf index 1dec9bc5949..b4229cc246c 100644 --- a/data/data/aws/bootstrap/main.tf +++ b/data/data/aws/bootstrap/main.tf @@ -120,8 +120,16 @@ resource "aws_instance" "bootstrap" { volume_tags = "${var.tags}" } -resource "aws_elb_attachment" "bootstrap" { - count = "${var.elbs_length}" - elb = "${var.elbs[count.index]}" - instance = "${aws_instance.bootstrap.id}" +resource "aws_lb_target_group_attachment" "public" { + count = "${var.public_target_group_arns_length}" + + target_group_arn = "${var.public_target_group_arns[count.index]}" + target_id = "${aws_instance.bootstrap.private_ip}" +} + +resource "aws_lb_target_group_attachment" "private" { + count = "${var.private_target_group_arns_length}" + + target_group_arn = "${var.private_target_group_arns[count.index]}" + target_id = "${aws_instance.bootstrap.private_ip}" } diff --git a/data/data/aws/bootstrap/variables.tf b/data/data/aws/bootstrap/variables.tf index f775eeb2313..1125917e4c2 100644 --- a/data/data/aws/bootstrap/variables.tf +++ b/data/data/aws/bootstrap/variables.tf @@ -18,16 +18,6 @@ variable "cluster_name" { description = "The name of the cluster." } -variable "elbs" { - type = "list" - default = [] - description = "Elastic load balancer IDs to attach to the bootstrap node." -} - -variable "elbs_length" { - description = "The length of the 'elbs' variable, to work around https://github.com/hashicorp/terraform/issues/12570." -} - variable "iam_role" { type = "string" default = "" @@ -45,6 +35,26 @@ variable "instance_type" { description = "The EC2 instance type for the bootstrap node." } +variable "private_target_group_arns" { + type = "list" + default = [] + description = "The list of target group ARNs for the private load balancer." +} + +variable "private_target_group_arns_length" { + description = "The length of the 'private_target_group_arns' variable, to work around https://github.com/hashicorp/terraform/issues/12570." +} + +variable "public_target_group_arns" { + type = "list" + default = [] + description = "The list of target group ARNs for the public load balancer." +} + +variable "public_target_group_arns_length" { + description = "The length of the 'public_target_group_arns' variable, to work around https://github.com/hashicorp/terraform/issues/12570." +} + variable "subnet_id" { type = "string" description = "The subnet ID for the bootstrap node." diff --git a/data/data/aws/main.tf b/data/data/aws/main.tf index c4aefae8938..40fcaf2d703 100644 --- a/data/data/aws/main.tf +++ b/data/data/aws/main.tf @@ -17,16 +17,18 @@ provider "aws" { module "bootstrap" { source = "./bootstrap" - ami = "${var.tectonic_aws_ec2_ami_override}" - associate_public_ip_address = "${var.tectonic_aws_endpoints != "private"}" - bucket = "${aws_s3_bucket.bootstrap.id}" - cluster_name = "${var.tectonic_cluster_name}" - elbs = "${module.vpc.aws_lbs}" - elbs_length = "${module.vpc.aws_lbs_length}" - iam_role = "${var.tectonic_aws_master_iam_role_name}" - ignition = "${var.ignition_bootstrap}" - subnet_id = "${module.vpc.master_subnet_ids[0]}" - vpc_security_group_ids = ["${concat(var.tectonic_aws_master_extra_sg_ids, list(module.vpc.master_sg_id))}"] + ami = "${var.tectonic_aws_ec2_ami_override}" + associate_public_ip_address = "${var.tectonic_aws_endpoints != "private"}" + bucket = "${aws_s3_bucket.bootstrap.id}" + cluster_name = "${var.tectonic_cluster_name}" + public_target_group_arns = "${module.vpc.aws_lb_public_target_group_arns}" + public_target_group_arns_length = "${module.vpc.aws_lb_public_target_group_arns_length}" + private_target_group_arns = "${module.vpc.aws_lb_private_target_group_arns}" + private_target_group_arns_length = "${module.vpc.aws_lb_private_target_group_arns_length}" + iam_role = "${var.tectonic_aws_master_iam_role_name}" + ignition = "${var.ignition_bootstrap}" + subnet_id = "${module.vpc.master_subnet_ids[0]}" + vpc_security_group_ids = ["${concat(var.tectonic_aws_master_extra_sg_ids, list(module.vpc.master_sg_id))}"] tags = "${merge(map( "Name", "${var.tectonic_cluster_name}-bootstrap", @@ -37,25 +39,26 @@ module "bootstrap" { module "masters" { source = "./master" - elb_api_internal_id = "${module.vpc.aws_elb_api_internal_id}" - elb_api_external_id = "${module.vpc.aws_elb_api_external_id}" - elb_console_id = "${module.vpc.aws_elb_console_id}" - base_domain = "${var.tectonic_base_domain}" - cluster_id = "${var.tectonic_cluster_id}" - cluster_name = "${var.tectonic_cluster_name}" - ec2_type = "${var.tectonic_aws_master_ec2_type}" - extra_tags = "${var.tectonic_aws_extra_tags}" - instance_count = "${var.tectonic_master_count}" - master_iam_role = "${var.tectonic_aws_master_iam_role_name}" - master_sg_ids = "${concat(var.tectonic_aws_master_extra_sg_ids, list(module.vpc.master_sg_id))}" - private_endpoints = "${local.private_endpoints}" - public_endpoints = "${local.public_endpoints}" - root_volume_iops = "${var.tectonic_aws_master_root_volume_iops}" - root_volume_size = "${var.tectonic_aws_master_root_volume_size}" - root_volume_type = "${var.tectonic_aws_master_root_volume_type}" - subnet_ids = "${module.vpc.master_subnet_ids}" - ec2_ami = "${var.tectonic_aws_ec2_ami_override}" - user_data_ign = "${var.ignition_master}" + public_target_group_arns = "${module.vpc.aws_lb_public_target_group_arns}" + public_target_group_arns_length = "${module.vpc.aws_lb_public_target_group_arns_length}" + private_target_group_arns = "${module.vpc.aws_lb_private_target_group_arns}" + private_target_group_arns_length = "${module.vpc.aws_lb_private_target_group_arns_length}" + base_domain = "${var.tectonic_base_domain}" + cluster_id = "${var.tectonic_cluster_id}" + cluster_name = "${var.tectonic_cluster_name}" + ec2_type = "${var.tectonic_aws_master_ec2_type}" + extra_tags = "${var.tectonic_aws_extra_tags}" + instance_count = "${var.tectonic_master_count}" + master_iam_role = "${var.tectonic_aws_master_iam_role_name}" + master_sg_ids = "${concat(var.tectonic_aws_master_extra_sg_ids, list(module.vpc.master_sg_id))}" + private_endpoints = "${local.private_endpoints}" + public_endpoints = "${local.public_endpoints}" + root_volume_iops = "${var.tectonic_aws_master_root_volume_iops}" + root_volume_size = "${var.tectonic_aws_master_root_volume_size}" + root_volume_type = "${var.tectonic_aws_master_root_volume_type}" + subnet_ids = "${module.vpc.master_subnet_ids}" + ec2_ami = "${var.tectonic_aws_ec2_ami_override}" + user_data_ign = "${var.ignition_master}" } module "iam" { @@ -68,22 +71,19 @@ module "iam" { module "dns" { source = "./route53" - api_external_elb_dns_name = "${module.vpc.aws_elb_api_external_dns_name}" - api_external_elb_zone_id = "${module.vpc.aws_elb_api_external_zone_id}" - api_internal_elb_dns_name = "${module.vpc.aws_elb_api_internal_dns_name}" - api_internal_elb_zone_id = "${module.vpc.aws_elb_api_internal_zone_id}" - api_ip_addresses = "${module.vpc.aws_lbs}" - base_domain = "${var.tectonic_base_domain}" - cluster_name = "${var.tectonic_cluster_name}" - console_elb_dns_name = "${module.vpc.aws_console_dns_name}" - console_elb_zone_id = "${module.vpc.aws_elb_console_zone_id}" - elb_alias_enabled = true - master_count = "${var.tectonic_master_count}" - private_zone_id = "${local.private_zone_id}" - external_vpc_id = "${module.vpc.vpc_id}" - extra_tags = "${var.tectonic_aws_extra_tags}" - private_endpoints = "${local.private_endpoints}" - public_endpoints = "${local.public_endpoints}" + api_external_lb_dns_name = "${module.vpc.aws_lb_api_external_dns_name}" + api_external_lb_zone_id = "${module.vpc.aws_lb_api_external_zone_id}" + api_internal_lb_dns_name = "${module.vpc.aws_lb_api_internal_dns_name}" + api_internal_lb_zone_id = "${module.vpc.aws_lb_api_internal_zone_id}" + base_domain = "${var.tectonic_base_domain}" + cluster_name = "${var.tectonic_cluster_name}" + elb_alias_enabled = true + master_count = "${var.tectonic_master_count}" + private_zone_id = "${local.private_zone_id}" + external_vpc_id = "${module.vpc.vpc_id}" + extra_tags = "${var.tectonic_aws_extra_tags}" + private_endpoints = "${local.private_endpoints}" + public_endpoints = "${local.public_endpoints}" } module "vpc" { diff --git a/data/data/aws/master/main.tf b/data/data/aws/master/main.tf index 0ba8110b07c..d3ccd25b96c 100644 --- a/data/data/aws/master/main.tf +++ b/data/data/aws/master/main.tf @@ -113,20 +113,16 @@ resource "aws_instance" "master" { ), var.extra_tags)}" } -resource "aws_elb_attachment" "masters_internal" { - count = "${var.private_endpoints ? var.instance_count : 0}" - elb = "${var.elb_api_internal_id}" - instance = "${aws_instance.master.*.id[count.index]}" -} +resource "aws_lb_target_group_attachment" "public" { + count = "${var.public_endpoints ? var.instance_count * var.public_target_group_arns_length : 0}" -resource "aws_elb_attachment" "masters_external" { - count = "${var.public_endpoints ? var.instance_count : 0}" - elb = "${var.elb_api_external_id}" - instance = "${aws_instance.master.*.id[count.index]}" + target_group_arn = "${var.public_target_group_arns[count.index % var.public_target_group_arns_length]}" + target_id = "${aws_instance.master.*.private_ip[count.index / var.public_target_group_arns_length]}" } -resource "aws_elb_attachment" "masters_console" { - count = "${var.instance_count}" - elb = "${var.elb_console_id}" - instance = "${aws_instance.master.*.id[count.index]}" +resource "aws_lb_target_group_attachment" "private" { + count = "${var.private_endpoints ? var.instance_count * var.private_target_group_arns_length : 0}" + + target_group_arn = "${var.private_target_group_arns[count.index % var.private_target_group_arns_length]}" + target_id = "${aws_instance.master.*.private_ip[count.index / var.private_target_group_arns_length]}" } diff --git a/data/data/aws/master/variables.tf b/data/data/aws/master/variables.tf index d2a17aacbbd..4d3f6ef666e 100644 --- a/data/data/aws/master/variables.tf +++ b/data/data/aws/master/variables.tf @@ -46,21 +46,29 @@ variable "private_endpoints" { default = true } +variable "private_target_group_arns" { + type = "list" + default = [] + description = "The list of target group ARNs for the private load balancer." +} + +variable "private_target_group_arns_length" { + description = "The length of the 'private_target_group_arns' variable, to work around https://github.com/hashicorp/terraform/issues/12570." +} + variable "public_endpoints" { description = "If set to true, public-facing ingress resources are created." default = true } -variable "elb_api_internal_id" { - type = "string" -} - -variable "elb_api_external_id" { - type = "string" +variable "public_target_group_arns" { + type = "list" + default = [] + description = "The list of target group ARNs for the public load balancer." } -variable "elb_console_id" { - type = "string" +variable "public_target_group_arns_length" { + description = "The length of the 'public_target_group_arns' variable, to work around https://github.com/hashicorp/terraform/issues/12570." } variable "root_volume_iops" { diff --git a/data/data/aws/route53/tectonic.tf b/data/data/aws/route53/tectonic.tf index 78772f46331..dec20b23af1 100644 --- a/data/data/aws/route53/tectonic.tf +++ b/data/data/aws/route53/tectonic.tf @@ -10,103 +10,33 @@ data "aws_route53_zone" "tectonic" { locals { public_zone_id = "${join("", data.aws_route53_zone.tectonic.*.zone_id)}" - zone_id = "${var.private_endpoints ? - var.private_zone_id : - local.public_zone_id}" -} - -resource "aws_route53_record" "tectonic_api" { - count = "${var.elb_alias_enabled ? 0 : 1}" - zone_id = "${local.public_zone_id}" - name = "${var.cluster_name}-k8s" - type = "A" - ttl = "60" - records = ["${var.api_ip_addresses}"] + zone_id = "${var.private_endpoints ? var.private_zone_id : local.public_zone_id}" } resource "aws_route53_record" "tectonic_api_external" { - count = "${var.elb_alias_enabled ? local.public_endpoints_count : 0}" + count = "${var.elb_alias_enabled ? local.public_endpoints_count : 0}" + zone_id = "${local.public_zone_id}" name = "${var.cluster_name}-api.${var.base_domain}" type = "A" alias { - name = "${var.api_external_elb_dns_name}" - zone_id = "${var.api_external_elb_zone_id}" + name = "${var.api_external_lb_dns_name}" + zone_id = "${var.api_external_lb_zone_id}" evaluate_target_health = true } } resource "aws_route53_record" "tectonic_api_internal" { - count = "${var.elb_alias_enabled ? local.private_endpoints_count : 0}" - zone_id = "${var.private_zone_id}" - name = "${var.cluster_name}-api.${var.base_domain}" - type = "A" - - alias { - name = "${var.api_internal_elb_dns_name}" - zone_id = "${var.api_internal_elb_zone_id}" - evaluate_target_health = true - } -} - -resource "aws_route53_record" "tectonic-console" { - count = "${var.elb_alias_enabled ? 0 : 1}" - zone_id = "${local.public_zone_id}" - name = "${var.cluster_name}" - type = "A" - ttl = "60" - records = ["${var.worker_ip_addresses}"] -} - -resource "aws_route53_record" "tectonic_ingress_public" { - count = "${var.elb_alias_enabled ? local.public_endpoints_count : 0}" - zone_id = "${local.public_zone_id}" - name = "${var.cluster_name}.${var.base_domain}" - type = "A" - - alias { - name = "${var.console_elb_dns_name}" - zone_id = "${var.console_elb_zone_id}" - evaluate_target_health = true - } -} + count = "${var.elb_alias_enabled ? local.private_endpoints_count : 0}" -resource "aws_route53_record" "tectonic_ingress_private" { - count = "${var.elb_alias_enabled ? local.private_endpoints_count : 0}" zone_id = "${var.private_zone_id}" - name = "${var.cluster_name}.${var.base_domain}" - type = "A" - - alias { - name = "${var.console_elb_dns_name}" - zone_id = "${var.console_elb_zone_id}" - evaluate_target_health = true - } -} - -resource "aws_route53_record" "routes_ingress_public" { - count = "${var.elb_alias_enabled ? local.public_endpoints_count : 0}" - zone_id = "${local.public_zone_id}" - name = "*.${var.cluster_name}.${var.base_domain}" - type = "A" - - alias { - name = "${var.console_elb_dns_name}" - zone_id = "${var.console_elb_zone_id}" - evaluate_target_health = true - } -} - -resource "aws_route53_record" "routes_ingress_private" { - count = "${var.elb_alias_enabled ? local.private_endpoints_count : 0}" - zone_id = "${var.private_zone_id}" - name = "*.${var.cluster_name}.${var.base_domain}" + name = "${var.cluster_name}-api.${var.base_domain}" type = "A" alias { - name = "${var.console_elb_dns_name}" - zone_id = "${var.console_elb_zone_id}" + name = "${var.api_internal_lb_dns_name}" + zone_id = "${var.api_internal_lb_zone_id}" evaluate_target_health = true } } diff --git a/data/data/aws/route53/variables.tf b/data/data/aws/route53/variables.tf index 248f20c141e..e26deecf501 100644 --- a/data/data/aws/route53/variables.tf +++ b/data/data/aws/route53/variables.tf @@ -43,11 +43,6 @@ variable "worker_public_ips_enabled" { default = true } -variable "api_ip_addresses" { - description = "List of string IPs for k8s API" - type = "list" -} - variable "extra_tags" { type = "map" description = "Extra tags to be applied to created resources." @@ -95,32 +90,22 @@ variable "private_zone_id" { type = "string" } -variable "api_external_elb_dns_name" { - description = "External API's ELB DNS name" - type = "string" -} - -variable "api_external_elb_zone_id" { - description = "External API's ELB Zone ID" - type = "string" -} - -variable "api_internal_elb_dns_name" { - description = "Internal API's ELB DNS name" +variable "api_external_lb_dns_name" { + description = "External API's LB DNS name" type = "string" } -variable "api_internal_elb_zone_id" { - description = "Internal API's ELB Zone ID" +variable "api_external_lb_zone_id" { + description = "External API's LB Zone ID" type = "string" } -variable "console_elb_dns_name" { - description = "Console's ELB DNS name" +variable "api_internal_lb_dns_name" { + description = "Internal API's LB DNS name" type = "string" } -variable "console_elb_zone_id" { - description = "Console's ELB Zone ID" +variable "api_internal_lb_zone_id" { + description = "Internal API's LB Zone ID" type = "string" } diff --git a/data/data/aws/vpc/master-elb.tf b/data/data/aws/vpc/master-elb.tf index 300bdbd5df5..1e4d768c155 100644 --- a/data/data/aws/vpc/master-elb.tf +++ b/data/data/aws/vpc/master-elb.tf @@ -1,118 +1,140 @@ -resource "aws_elb" "api_internal" { - count = "${var.private_master_endpoints ? 1 : 0}" - name = "${var.cluster_name}-int" - subnets = ["${local.master_subnet_ids}"] - internal = true - security_groups = ["${aws_security_group.api.id}"] - - idle_timeout = 3600 - connection_draining = true - connection_draining_timeout = 300 - - listener { - instance_port = 6443 - instance_protocol = "tcp" - lb_port = 6443 - lb_protocol = "tcp" - } +resource "aws_lb" "api_internal" { + count = "${var.private_master_endpoints ? 1 : 0}" - listener { - instance_port = 49500 - instance_protocol = "tcp" - lb_port = 49500 - lb_protocol = "tcp" - } + name = "${var.cluster_name}-int" + load_balancer_type = "network" + subnets = ["${local.master_subnet_ids}"] + internal = true + enable_cross_zone_load_balancing = true + idle_timeout = 3600 - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - target = "SSL:6443" - interval = 5 - } + tags = "${merge(map( + "kubernetes.io/cluster/${var.cluster_name}", "owned", + "tectonicClusterID", "${var.cluster_id}" + ), var.extra_tags)}" +} - # TODO: we only have on health_check per ELB but need to check the following too - # health_check { - # healthy_threshold = 2 - # unhealthy_threshold = 2 - # timeout = 3 - # target = "TCP:49500" - # interval = 5 - # } +resource "aws_lb" "api_external" { + count = "${var.public_master_endpoints ? 1 : 0}" + + name = "${var.cluster_name}-ext" + load_balancer_type = "network" + subnets = ["${local.master_subnet_ids}"] + internal = false + enable_cross_zone_load_balancing = true + idle_timeout = 3600 tags = "${merge(map( - "Name", "${var.cluster_name}-int", "kubernetes.io/cluster/${var.cluster_name}", "owned", "tectonicClusterID", "${var.cluster_id}" ), var.extra_tags)}" } -resource "aws_elb" "api_external" { - count = "${var.public_master_endpoints ? 1 : 0}" - name = "${var.cluster_name}-ext" - subnets = ["${local.master_subnet_ids}"] - internal = false - security_groups = ["${aws_security_group.api.id}"] - - idle_timeout = 3600 - connection_draining = true - connection_draining_timeout = 300 - - listener { - instance_port = 6443 - instance_protocol = "tcp" - lb_port = 6443 - lb_protocol = "tcp" - } +resource "aws_lb_target_group" "api_internal" { + count = "${var.private_master_endpoints ? 1 : 0}" - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - target = "SSL:6443" - interval = 5 - } + name = "${var.cluster_name}-api-int" + protocol = "TCP" + port = 6443 + vpc_id = "${local.vpc_id}" + + target_type = "ip" tags = "${merge(map( - "Name", "${var.cluster_name}-api-external", "kubernetes.io/cluster/${var.cluster_name}", "owned", "tectonicClusterID", "${var.cluster_id}" ), var.extra_tags)}" + + health_check { + healthy_threshold = 3 + unhealthy_threshold = 3 + interval = 10 + port = 6443 + protocol = "TCP" + } } -resource "aws_elb" "console" { - name = "${var.cluster_name}-con" - subnets = ["${local.master_subnet_ids}"] - internal = "${var.public_master_endpoints ? false : true}" - security_groups = ["${aws_security_group.console.id}"] +resource "aws_lb_target_group" "api_external" { + count = "${var.public_master_endpoints ? 1 : 0}" - idle_timeout = 3600 + name = "${var.cluster_name}-api-ext" + protocol = "TCP" + port = 6443 + vpc_id = "${local.vpc_id}" - listener { - instance_port = 32001 - instance_protocol = "tcp" - lb_port = 80 - lb_protocol = "tcp" - } + target_type = "ip" - listener { - instance_port = 32000 - instance_protocol = "tcp" - lb_port = 443 - lb_protocol = "tcp" - } + tags = "${merge(map( + "kubernetes.io/cluster/${var.cluster_name}", "owned", + "tectonicClusterID", "${var.cluster_id}" + ), var.extra_tags)}" health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - target = "HTTP:32002/healthz" - interval = 5 + healthy_threshold = 3 + unhealthy_threshold = 3 + interval = 10 + port = 6443 + protocol = "TCP" } +} + +resource "aws_lb_target_group" "services" { + name = "${var.cluster_name}-services" + protocol = "TCP" + port = 49500 + vpc_id = "${local.vpc_id}" + + target_type = "ip" tags = "${merge(map( - "Name", "${var.cluster_name}-console", "kubernetes.io/cluster/${var.cluster_name}", "owned", "tectonicClusterID", "${var.cluster_id}" ), var.extra_tags)}" + + health_check { + healthy_threshold = 3 + unhealthy_threshold = 3 + interval = 10 + port = 49500 + protocol = "TCP" + } +} + +resource "aws_lb_listener" "api_internal_api" { + count = "${var.private_master_endpoints ? 1 : 0}" + + load_balancer_arn = "${aws_lb.api_internal.arn}" + protocol = "TCP" + port = "6443" + + default_action { + target_group_arn = "${aws_lb_target_group.api_internal.arn}" + type = "forward" + } +} + +resource "aws_lb_listener" "api_internal_services" { + count = "${var.private_master_endpoints ? 1 : 0}" + + load_balancer_arn = "${aws_lb.api_internal.arn}" + protocol = "TCP" + port = "49500" + + default_action { + target_group_arn = "${aws_lb_target_group.services.arn}" + type = "forward" + } +} + +resource "aws_lb_listener" "api_external_api" { + count = "${var.public_master_endpoints ? 1 : 0}" + + load_balancer_arn = "${aws_lb.api_external.arn}" + protocol = "TCP" + port = "6443" + + default_action { + target_group_arn = "${aws_lb_target_group.api_external.arn}" + type = "forward" + } } diff --git a/data/data/aws/vpc/outputs.tf b/data/data/aws/vpc/outputs.tf index 70647446172..f3b69dec817 100644 --- a/data/data/aws/vpc/outputs.tf +++ b/data/data/aws/vpc/outputs.tf @@ -6,10 +6,6 @@ output "master_subnet_ids" { value = "${local.master_subnet_ids}" } -output "worker_subnet_ids" { - value = "${local.worker_subnet_ids}" -} - output "etcd_sg_id" { value = "${element(concat(aws_security_group.etcd.*.id, list("")), 0)}" } @@ -30,46 +26,34 @@ output "console_sg_id" { value = "${aws_security_group.console.id}" } -output "aws_elb_api_external_id" { - value = "${aws_elb.api_external.0.id}" -} - -output "aws_elb_api_internal_id" { - value = "${aws_elb.api_internal.0.id}" -} - -output "aws_elb_console_id" { - value = "${aws_elb.console.id}" -} - -output "aws_lbs" { - value = ["${compact(concat(aws_elb.api_internal.*.id, list(aws_elb.console.id), aws_elb.api_external.*.id))}"] +output "aws_lb_private_target_group_arns" { + value = "${compact(concat(aws_lb_target_group.api_internal.*.arn, aws_lb_target_group.services.*.arn))}" } -output "aws_lbs_length" { - value = "2" +output "aws_lb_private_target_group_arns_length" { + value = "${var.private_master_endpoints ? 2 : 0}" } -output "aws_elb_api_external_dns_name" { - value = "${element(concat(aws_elb.api_external.*.dns_name, list("")), 0)}" +output "aws_lb_public_target_group_arns" { + value = "${compact(concat(aws_lb_target_group.api_external.*.arn))}" } -output "aws_elb_api_external_zone_id" { - value = "${element(concat(aws_elb.api_external.*.zone_id, list("")), 0)}" +output "aws_lb_public_target_group_arns_length" { + value = "${var.public_master_endpoints ? 1 : 0}" } -output "aws_elb_api_internal_dns_name" { - value = "${element(concat(aws_elb.api_internal.*.dns_name, list("")), 0)}" +output "aws_lb_api_external_dns_name" { + value = "${element(concat(aws_lb.api_external.*.dns_name, list("")), 0)}" } -output "aws_elb_api_internal_zone_id" { - value = "${element(concat(aws_elb.api_internal.*.zone_id, list("")), 0)}" +output "aws_lb_api_external_zone_id" { + value = "${element(concat(aws_lb.api_external.*.zone_id, list("")), 0)}" } -output "aws_console_dns_name" { - value = "${aws_elb.console.dns_name}" +output "aws_lb_api_internal_dns_name" { + value = "${element(concat(aws_lb.api_internal.*.dns_name, list("")), 0)}" } -output "aws_elb_console_zone_id" { - value = "${aws_elb.console.zone_id}" +output "aws_lb_api_internal_zone_id" { + value = "${element(concat(aws_lb.api_internal.*.zone_id, list("")), 0)}" }