[Terraform-AWS] Replace CLB with NLB (#8578)
This commit is contained in:
parent
ee079f4740
commit
6d683c98a3
12 changed files with 72 additions and 84 deletions
|
@ -26,14 +26,14 @@ module "aws-vpc" {
|
||||||
default_tags = var.default_tags
|
default_tags = var.default_tags
|
||||||
}
|
}
|
||||||
|
|
||||||
module "aws-elb" {
|
module "aws-nlb" {
|
||||||
source = "./modules/elb"
|
source = "./modules/nlb"
|
||||||
|
|
||||||
aws_cluster_name = var.aws_cluster_name
|
aws_cluster_name = var.aws_cluster_name
|
||||||
aws_vpc_id = module.aws-vpc.aws_vpc_id
|
aws_vpc_id = module.aws-vpc.aws_vpc_id
|
||||||
aws_avail_zones = data.aws_availability_zones.available.names
|
aws_avail_zones = data.aws_availability_zones.available.names
|
||||||
aws_subnet_ids_public = module.aws-vpc.aws_subnet_ids_public
|
aws_subnet_ids_public = module.aws-vpc.aws_subnet_ids_public
|
||||||
aws_elb_api_port = var.aws_elb_api_port
|
aws_nlb_api_port = var.aws_nlb_api_port
|
||||||
k8s_secure_api_port = var.k8s_secure_api_port
|
k8s_secure_api_port = var.k8s_secure_api_port
|
||||||
default_tags = var.default_tags
|
default_tags = var.default_tags
|
||||||
}
|
}
|
||||||
|
@ -96,10 +96,10 @@ resource "aws_instance" "k8s-master" {
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_elb_attachment" "attach_master_nodes" {
|
resource "aws_lb_target_group_attachment" "tg-attach_master_nodes" {
|
||||||
count = var.aws_kube_master_num
|
count = var.aws_kube_master_num
|
||||||
elb = module.aws-elb.aws_elb_api_id
|
target_group_arn = module.aws-nlb.aws_nlb_api_tg_arn
|
||||||
instance = element(aws_instance.k8s-master.*.id, count.index)
|
target_id = element(aws_instance.k8s-master.*.private_ip, count.index)
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_instance" "k8s-etcd" {
|
resource "aws_instance" "k8s-etcd" {
|
||||||
|
@ -164,7 +164,7 @@ data "template_file" "inventory" {
|
||||||
list_node = join("\n", aws_instance.k8s-worker.*.private_dns)
|
list_node = join("\n", aws_instance.k8s-worker.*.private_dns)
|
||||||
connection_strings_etcd = join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.private_dns, aws_instance.k8s-etcd.*.private_ip))
|
connection_strings_etcd = join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.private_dns, aws_instance.k8s-etcd.*.private_ip))
|
||||||
list_etcd = join("\n", ((var.aws_etcd_num > 0) ? (aws_instance.k8s-etcd.*.private_dns) : (aws_instance.k8s-master.*.private_dns)))
|
list_etcd = join("\n", ((var.aws_etcd_num > 0) ? (aws_instance.k8s-etcd.*.private_dns) : (aws_instance.k8s-master.*.private_dns)))
|
||||||
elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\""
|
nlb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-nlb.aws_nlb_api_fqdn}\""
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,57 +0,0 @@
|
||||||
resource "aws_security_group" "aws-elb" {
|
|
||||||
name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
|
|
||||||
vpc_id = var.aws_vpc_id
|
|
||||||
|
|
||||||
tags = merge(var.default_tags, tomap({
|
|
||||||
Name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
|
|
||||||
}))
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_security_group_rule" "aws-allow-api-access" {
|
|
||||||
type = "ingress"
|
|
||||||
from_port = var.aws_elb_api_port
|
|
||||||
to_port = var.k8s_secure_api_port
|
|
||||||
protocol = "TCP"
|
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
|
||||||
security_group_id = aws_security_group.aws-elb.id
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_security_group_rule" "aws-allow-api-egress" {
|
|
||||||
type = "egress"
|
|
||||||
from_port = 0
|
|
||||||
to_port = 65535
|
|
||||||
protocol = "TCP"
|
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
|
||||||
security_group_id = aws_security_group.aws-elb.id
|
|
||||||
}
|
|
||||||
|
|
||||||
# Create a new AWS ELB for K8S API
|
|
||||||
resource "aws_elb" "aws-elb-api" {
|
|
||||||
name = "kubernetes-elb-${var.aws_cluster_name}"
|
|
||||||
subnets = length(var.aws_subnet_ids_public) <= length(var.aws_avail_zones) ? var.aws_subnet_ids_public : slice(var.aws_subnet_ids_public, 0, length(var.aws_avail_zones))
|
|
||||||
security_groups = [aws_security_group.aws-elb.id]
|
|
||||||
|
|
||||||
listener {
|
|
||||||
instance_port = var.k8s_secure_api_port
|
|
||||||
instance_protocol = "tcp"
|
|
||||||
lb_port = var.aws_elb_api_port
|
|
||||||
lb_protocol = "tcp"
|
|
||||||
}
|
|
||||||
|
|
||||||
health_check {
|
|
||||||
healthy_threshold = 2
|
|
||||||
unhealthy_threshold = 2
|
|
||||||
timeout = 3
|
|
||||||
target = "HTTPS:${var.k8s_secure_api_port}/healthz"
|
|
||||||
interval = 30
|
|
||||||
}
|
|
||||||
|
|
||||||
cross_zone_load_balancing = true
|
|
||||||
idle_timeout = 400
|
|
||||||
connection_draining = true
|
|
||||||
connection_draining_timeout = 400
|
|
||||||
|
|
||||||
tags = merge(var.default_tags, tomap({
|
|
||||||
Name = "kubernetes-${var.aws_cluster_name}-elb-api"
|
|
||||||
}))
|
|
||||||
}
|
|
|
@ -1,7 +0,0 @@
|
||||||
output "aws_elb_api_id" {
|
|
||||||
value = aws_elb.aws-elb-api.id
|
|
||||||
}
|
|
||||||
|
|
||||||
output "aws_elb_api_fqdn" {
|
|
||||||
value = aws_elb.aws-elb-api.dns_name
|
|
||||||
}
|
|
41
contrib/terraform/aws/modules/nlb/main.tf
Normal file
41
contrib/terraform/aws/modules/nlb/main.tf
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# Create a new AWS NLB for K8S API
|
||||||
|
resource "aws_lb" "aws-nlb-api" {
|
||||||
|
name = "kubernetes-nlb-${var.aws_cluster_name}"
|
||||||
|
load_balancer_type = "network"
|
||||||
|
subnets = length(var.aws_subnet_ids_public) <= length(var.aws_avail_zones) ? var.aws_subnet_ids_public : slice(var.aws_subnet_ids_public, 0, length(var.aws_avail_zones))
|
||||||
|
idle_timeout = 400
|
||||||
|
enable_cross_zone_load_balancing = true
|
||||||
|
|
||||||
|
tags = merge(var.default_tags, tomap({
|
||||||
|
Name = "kubernetes-${var.aws_cluster_name}-nlb-api"
|
||||||
|
}))
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create a new AWS NLB Instance Target Group
|
||||||
|
resource "aws_lb_target_group" "aws-nlb-api-tg" {
|
||||||
|
name = "kubernetes-nlb-tg-${var.aws_cluster_name}"
|
||||||
|
port = var.k8s_secure_api_port
|
||||||
|
protocol = "TCP"
|
||||||
|
target_type = "ip"
|
||||||
|
vpc_id = var.aws_vpc_id
|
||||||
|
|
||||||
|
health_check {
|
||||||
|
healthy_threshold = 2
|
||||||
|
unhealthy_threshold = 2
|
||||||
|
interval = 30
|
||||||
|
protocol = "HTTPS"
|
||||||
|
path = "/healthz"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create a new AWS NLB Listener listen to target group
|
||||||
|
resource "aws_lb_listener" "aws-nlb-api-listener" {
|
||||||
|
load_balancer_arn = aws_lb.aws-nlb-api.arn
|
||||||
|
port = var.aws_nlb_api_port
|
||||||
|
protocol = "TCP"
|
||||||
|
|
||||||
|
default_action {
|
||||||
|
type = "forward"
|
||||||
|
target_group_arn = aws_lb_target_group.aws-nlb-api-tg.arn
|
||||||
|
}
|
||||||
|
}
|
11
contrib/terraform/aws/modules/nlb/outputs.tf
Normal file
11
contrib/terraform/aws/modules/nlb/outputs.tf
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
output "aws_nlb_api_id" {
|
||||||
|
value = aws_lb.aws-nlb-api.id
|
||||||
|
}
|
||||||
|
|
||||||
|
output "aws_nlb_api_fqdn" {
|
||||||
|
value = aws_lb.aws-nlb-api.dns_name
|
||||||
|
}
|
||||||
|
|
||||||
|
output "aws_nlb_api_tg_arn" {
|
||||||
|
value = aws_lb_target_group.aws-nlb-api-tg.arn
|
||||||
|
}
|
|
@ -6,8 +6,8 @@ variable "aws_vpc_id" {
|
||||||
description = "AWS VPC ID"
|
description = "AWS VPC ID"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "aws_elb_api_port" {
|
variable "aws_nlb_api_port" {
|
||||||
description = "Port for AWS ELB"
|
description = "Port for AWS NLB"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "k8s_secure_api_port" {
|
variable "k8s_secure_api_port" {
|
|
@ -14,8 +14,8 @@ output "etcd" {
|
||||||
value = join("\n", ((var.aws_etcd_num > 0) ? (aws_instance.k8s-etcd.*.private_ip) : (aws_instance.k8s-master.*.private_ip)))
|
value = join("\n", ((var.aws_etcd_num > 0) ? (aws_instance.k8s-etcd.*.private_ip) : (aws_instance.k8s-master.*.private_ip)))
|
||||||
}
|
}
|
||||||
|
|
||||||
output "aws_elb_api_fqdn" {
|
output "aws_nlb_api_fqdn" {
|
||||||
value = "${module.aws-elb.aws_elb_api_fqdn}:${var.aws_elb_api_port}"
|
value = "${module.aws-nlb.aws_nlb_api_fqdn}:${var.aws_nlb_api_port}"
|
||||||
}
|
}
|
||||||
|
|
||||||
output "inventory" {
|
output "inventory" {
|
||||||
|
|
|
@ -33,9 +33,9 @@ aws_kube_worker_size = "t2.medium"
|
||||||
|
|
||||||
aws_kube_worker_disk_size = 50
|
aws_kube_worker_disk_size = 50
|
||||||
|
|
||||||
#Settings AWS ELB
|
#Settings AWS NLB
|
||||||
|
|
||||||
aws_elb_api_port = 6443
|
aws_nlb_api_port = 6443
|
||||||
|
|
||||||
k8s_secure_api_port = 6443
|
k8s_secure_api_port = 6443
|
||||||
|
|
||||||
|
|
|
@ -24,4 +24,4 @@ kube_control_plane
|
||||||
calico_rr
|
calico_rr
|
||||||
|
|
||||||
[k8s_cluster:vars]
|
[k8s_cluster:vars]
|
||||||
${elb_api_fqdn}
|
${nlb_api_fqdn}
|
||||||
|
|
|
@ -32,7 +32,7 @@ aws_kube_worker_size = "t3.medium"
|
||||||
aws_kube_worker_disk_size = 50
|
aws_kube_worker_disk_size = 50
|
||||||
|
|
||||||
#Settings AWS ELB
|
#Settings AWS ELB
|
||||||
aws_elb_api_port = 6443
|
aws_nlb_api_port = 6443
|
||||||
k8s_secure_api_port = 6443
|
k8s_secure_api_port = 6443
|
||||||
|
|
||||||
default_tags = {
|
default_tags = {
|
||||||
|
|
|
@ -25,7 +25,7 @@ aws_kube_worker_size = "t3.medium"
|
||||||
aws_kube_worker_disk_size = 50
|
aws_kube_worker_disk_size = 50
|
||||||
|
|
||||||
#Settings AWS ELB
|
#Settings AWS ELB
|
||||||
aws_elb_api_port = 6443
|
aws_nlb_api_port = 6443
|
||||||
k8s_secure_api_port = 6443
|
k8s_secure_api_port = 6443
|
||||||
|
|
||||||
default_tags = { }
|
default_tags = { }
|
||||||
|
|
|
@ -104,11 +104,11 @@ variable "aws_kube_worker_size" {
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* AWS ELB Settings
|
* AWS NLB Settings
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
variable "aws_elb_api_port" {
|
variable "aws_nlb_api_port" {
|
||||||
description = "Port for AWS ELB"
|
description = "Port for AWS NLB"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "k8s_secure_api_port" {
|
variable "k8s_secure_api_port" {
|
||||||
|
|
Loading…
Reference in a new issue