The Consul-Terraform-Sync (CTS) module creates a listener rule and target group for an Application Load Balancer. When the rule condition is met, traffic is forwarded to a Consul ingress gateway.
- Rosemary Wang
-
Consul-Terraform-Sync v0.1.0-beta
-
HashiCorp Consul v1.9+
-
HashiCorp Terraform v0.14+
The module primarily uses Consul-Terraform-Sync user metadata to build the listener rule conditions to the Consul ingress gateway target group.
You can use this module in Consul-Terraform-Sync with a service configuration for the Consul ingress gateway, any of its services for routing, and a task definition.
service {
name = "ingress-gateway"
datacenter = "cloud"
description = "all instances of the service ingress-gateway in datacenter cloud"
cts_user_defined_meta = {}
}
service {
name = "my-application"
datacenter = "cloud"
description = "all instances of the service my-application in datacenter cloud"
cts_user_defined_meta = {
host_header = "[\"test.hello-world.com\"]"
}
}
task {
name = "ingress"
description = "send traffic to ingress gateway for my-application"
providers = ["aws"]
services = ["my-application", "ingress-gateway"]
source = "aws-quickstart/alb_listener_rule/aws"
version = "0.1.0" # insert version
variable_files = [] # define file with required variables
}Exactly one of the following must be set per listener rule conditions:
- Host header
- HTTP request method
- HTTP header
- Path pattern
- Query string
- Source IP
The services behind the ingress gateway should include
cts_user_defined_meta](https://www.consul.io/docs/nia/configuration#cts_user_defined_meta).
The metadata fields use a map of strings. For example, in Consul-Terraform-Sync configuration,
you can set the conditions for my-application service.
service {
name = "my-application"
datacenter = "cloud"
description = "all instances of the service my-application in datacenter cloud"
cts_user_defined_meta = {
# You must set exactly one of the following:
host_header = "[\"test.hello-world.com\"]"
# path_pattern = "[\"/test\"]"
# source_ip = "[\"10.0.0.4/32\"]"
# http_request_method = "[\"POST\"]"
# http_header_name = "X-Forwarded-For"
# http_header_values = "[\"192.168.1.*\"]"
# query_string = "key,value"
}
}| Name | Version |
|---|---|
| Terraform | 0.14 or later |
| AWS provider for Terraform | 3.32 or later |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| listener_arn | Listener ARN on Application Load Balancer for Consul ingress gateway listener rule. | string |
n/a | yes |
| listener_rule_priority | Priority of listener rule, between 1 and 50000. | number |
1 |
no |
| services | Consul services monitored by CTS. | map( |
n/a | yes |
| target_group_health_check | Health check attributes for target group. CTS sets port based on ingress gateway service metadata. For additional parameters, see Resource: aws_lb_target_group. | object({ |
n/a | yes |
| vpc_id | VPC ID to attach a target group for Consul ingress gateway. | string |
n/a | yes |
| Name | Description |
|---|---|
| consul_ingress_listener_rule_arn | Amazon Resource Number (ARN) of the listener rule for Consul ingress gateway. |
| consul_ingress_target_group_arn | Target group ARN for Consul ingress gateway. |