From 43f4c85a63aa519cbef5dba0b4deac01d902a764 Mon Sep 17 00:00:00 2001 From: Jaskaran Sarkaria Date: Wed, 27 Mar 2024 12:29:27 +0000 Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20optional=20enable=20cros?= =?UTF-8?q?s=20zone=20lb=20(#88)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: 🎸 optional enable cross zone lb * fixup! feat: 🎸 optional enable cross zone lb * terraform-docs: automated action --------- Co-authored-by: github-actions[bot] --- README.md | 1 + main.tf | 4 +++- templates/values.yaml.tpl | 2 +- variables.tf | 6 ++++++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 12f1a1d..008ee0e 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,7 @@ No modules. | [cluster\_domain\_name](#input\_cluster\_domain\_name) | The cluster domain used for externalDNS annotations and certmanager | `any` | n/a | yes | | [controller\_name](#input\_controller\_name) | Will be used as the ingress controller name and the class annotation | `string` | n/a | yes | | [default\_cert](#input\_default\_cert) | Useful if you want to use a default certificate for your ingress controller. Format: namespace/secretName | `string` | `"ingress-controllers/default-certificate"` | no | +| [enable\_cross\_zone\_lb](#input\_enable\_cross\_zone\_lb) | cross-zone load balancing distributes traffic across the registered targets in all enabled Availability Zones | `bool` | `true` | no | | [enable\_external\_dns\_annotation](#input\_enable\_external\_dns\_annotation) | Add external dns annotation for service | `bool` | `false` | no | | [enable\_latest\_tls](#input\_enable\_latest\_tls) | Provide support to tlsv1.3 along with tlsv1.2 | `bool` | `false` | no | | [enable\_modsec](#input\_enable\_modsec) | Enable https://github.com/SpiderLabs/ModSecurity-nginx | `bool` | `false` | no | diff --git a/main.tf b/main.tf index 3a415c0..553fd5c 100644 --- a/main.tf +++ b/main.tf @@ -61,7 +61,9 @@ resource "helm_release" "nginx_ingress" { enable_owasp = var.enable_owasp keepalive = var.keepalive # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#upstream-keepalive-time - upstream_keepalive_time = var.upstream_keepalive_time + upstream_keepalive_time = var.upstream_keepalive_time + # https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#cross-zone-load-balancing + enable_cross_zone_lb = var.enable_cross_zone_lb proxy_response_buffering = var.proxy_response_buffering default = var.controller_name == "default" ? true : false name_override = "ingress-${var.controller_name}" diff --git a/templates/values.yaml.tpl b/templates/values.yaml.tpl index 68a9880..3deba35 100644 --- a/templates/values.yaml.tpl +++ b/templates/values.yaml.tpl @@ -254,7 +254,7 @@ controller: %{~ endif ~} service.beta.kubernetes.io/aws-load-balancer-type: "nlb" - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "${enable_cross_zone_lb}" externalTrafficPolicy: "Local" %{ if default_cert != "" } diff --git a/variables.tf b/variables.tf index 010920a..9bfcccf 100644 --- a/variables.tf +++ b/variables.tf @@ -80,6 +80,12 @@ variable "upstream_keepalive_time" { default = "1h" } +variable "enable_cross_zone_lb" { + description = "cross-zone load balancing distributes traffic across the registered targets in all enabled Availability Zones" + type = bool + default = true +} + variable "proxy_response_buffering" { description = "nginx receives a response from the proxied server as soon as possible, saving it into the buffers set by the proxy_buffer_size and proxy_buffers directives. If the whole response does not fit into memory, a part of it can be saved to a temporary file on the disk. https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering" type = string