Attach LB to controllers

This required changing protocols and other tricks I had initially wrong due to the on the fly switch of GCP instructions to AWS
pecigonzalo · Oct 27, 2019 · 58a2172 · 58a2172
1 parent cbfdd7b
commit 58a2172
Show file tree

Hide file tree

Showing 4 changed files with 114 additions and 2 deletions.
diff --git a/terraform/k8s-controllers.tf b/terraform/k8s-controllers.tf
@@ -1,6 +1,44 @@
 locals {
   ctrl_root_volume_size = "200"
   ctrl_instance_type    = "t3.micro"
+  ctrl_lb_protocol      = "TCP"
+  ctrl_lb_port          = 6443
+  ctrl_lb_vpc_id        = "${module.vpc.vpc_id}"
+}
+
+resource "random_id" "controllers_tg" {
+  keepers {
+    name     = "${module.lb_label.id}"
+    protocol = "${local.ctrl_lb_protocol}"
+    vpc_id   = "${local.ctrl_lb_vpc_id}"
+  }
+
+  byte_length = 2
+}
+
+resource "aws_lb_target_group" "controllers" {
+  name     = "${module.lb_label.id}-${random_id.controllers_tg.hex}"
+  port     = "${local.ctrl_lb_port}"
+  protocol = "${local.ctrl_lb_protocol}"
+  vpc_id   = "${module.vpc.vpc_id}"
+
+  health_check {
+    enabled  = true
+    protocol = "HTTP"
+    port     = 80
+    path     = "/healthz"
+  }
+
+  stickiness {
+    type    = "lb_cookie"
+    enabled = false
+  }
+
+  tags = "${module.lb_label.tags}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 module "ctrl-0" {
@@ -35,6 +73,12 @@ module "ctrl-0" {
   root_volume_size = "${local.ctrl_root_volume_size}"
 }
 
+resource "aws_lb_target_group_attachment" "ctrl-0" {
+  target_group_arn = "${aws_lb_target_group.controllers.arn}"
+  target_id        = "${module.ctrl-0.id}"
+  port             = 6443
+}
+
 module "ctrl-1" {
   source = "git::https://github.com/cloudposse/terraform-aws-ec2-instance.git?ref=0.10.0"
 
@@ -67,6 +111,12 @@ module "ctrl-1" {
   root_volume_size = "${local.ctrl_root_volume_size}"
 }
 
+resource "aws_lb_target_group_attachment" "ctrl-1" {
+  target_group_arn = "${aws_lb_target_group.controllers.arn}"
+  target_id        = "${module.ctrl-1.id}"
+  port             = 6443
+}
+
 module "ctrl-2" {
   source = "git::https://github.com/cloudposse/terraform-aws-ec2-instance.git?ref=0.10.0"
 
@@ -98,3 +148,9 @@ module "ctrl-2" {
   instance_type    = "${local.ctrl_instance_type}"
   root_volume_size = "${local.ctrl_root_volume_size}"
 }
+
+resource "aws_lb_target_group_attachment" "ctrl-2" {
+  target_group_arn = "${aws_lb_target_group.controllers.arn}"
+  target_id        = "${module.ctrl-2.id}"
+  port             = 6443
+}
diff --git a/terraform/nlb.tf → terraform/lb.tf b/terraform/nlb.tf → terraform/lb.tf
@@ -17,3 +17,14 @@ resource "aws_lb" "kttw" {
 
   tags = "${module.lb_label.tags}"
 }
+
+resource "aws_lb_listener" "kttw" {
+  load_balancer_arn = "${aws_lb.kttw.arn}"
+  port              = 6443
+  protocol          = "TCP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = "${aws_lb_target_group.controllers.arn}"
+  }
+}
diff --git a/terraform/networks.tf b/terraform/networks.tf
@@ -31,7 +31,7 @@ module "dynamic_subnets" {
 }
 
 resource "aws_security_group" "k8s-internal" {
-  name_prefix = "k8s-internal"
+  name_prefix = "kttw-internal"
   description = "Allow all internal"
   vpc_id      = "${module.vpc.vpc_id}"
 
@@ -52,10 +52,14 @@ resource "aws_security_group" "k8s-internal" {
     protocol    = "-1"
     cidr_blocks = ["0.0.0.0/0"]
   }
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_security_group" "k8s-external" {
-  name_prefix = "k8s-external"
+  name_prefix = "kttw-external"
   description = "Allow SSH,ICMP,HTTPS"
   vpc_id      = "${module.vpc.vpc_id}"
 
@@ -86,4 +90,33 @@ resource "aws_security_group" "k8s-external" {
     protocol    = "-1"
     cidr_blocks = ["0.0.0.0/0"]
   }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_security_group" "k8s-lb" {
+  name_prefix = "kttw-lb"
+  description = "Allow LB traffic"
+  vpc_id      = "${module.vpc.vpc_id}"
+
+  ingress {
+    from_port = 6443
+    to_port   = 6443
+    protocol  = "tcp"
+
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
diff --git a/terraform/terraform.tf b/terraform/terraform.tf
@@ -5,3 +5,15 @@ provider "aws" {
 provider "null" {
   version = "~>2.1"
 }
+
+provider "local" {
+  version = "~> 1.4"
+}
+
+provider "random" {
+  version = "~> 2.2"
+}
+
+provider "template" {
+  version = "~> 2.1"
+}