c12s-kubespray/contrib/terraform/aws/modules/elb/main.tf

resource "aws_security_group" "aws-elb" {
    name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
    vpc_id = "${var.aws_vpc_id}"

    tags {
        Name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
    }
}


resource "aws_security_group_rule" "aws-allow-api-access" {
    type = "ingress"
    from_port = "${var.aws_elb_api_port}"
    to_port = "${var.k8s_secure_api_port}"
    protocol = "TCP"
    cidr_blocks = ["0.0.0.0/0"]
    security_group_id = "${aws_security_group.aws-elb.id}"
}


# Create a new AWS ELB for K8S API
resource "aws_elb" "aws-elb-api" {
  name = "kubernetes-elb-${var.aws_cluster_name}"
  subnets = ["${var.aws_subnet_ids_public}"]
  security_groups = ["${aws_security_group.aws-elb.id}"]

  listener {
    instance_port = "${var.k8s_secure_api_port}"
    instance_protocol = "tcp"
    lb_port = "${var.aws_elb_api_port}"
    lb_protocol = "tcp"
  }

  health_check {
    healthy_threshold = 2
    unhealthy_threshold = 2
    timeout = 3
    target = "HTTP:8080/"
    interval = 30
  }

  cross_zone_load_balancing = true
  idle_timeout = 400
  connection_draining = true
  connection_draining_timeout = 400

  tags {
    Name = "kubernetes-${var.aws_cluster_name}-elb-api"
  }
}