Use HTTPS for kube lb health check on Azure (#305)

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

cli/internal/terraform/terraform/azure/main.tf

@@ -70,12 +70,42 @@ module "loadbalancer_backend_control_plane" {
   name            = "${local.name}-control-plane"
   loadbalancer_id = azurerm_lb.loadbalancer.id
   ports = flatten([
-    { name = "bootstrapper", port = local.ports_bootstrapper },
+    {
-    { name = "kubernetes", port = local.ports_kubernetes },
+      name     = "bootstrapper",
-    { name = "konnectivity", port = local.ports_konnectivity },
+      port     = local.ports_bootstrapper,
-    { name = "verify", port = local.ports_verify },
+      protocol = "Tcp",
-    { name = "recovery", port = local.ports_recovery },
+      path     = null
-    var.debug ? [{ name = "debugd", port = local.ports_debugd }] : [],
+    },
+    {
+      name     = "kubernetes",
+      port     = local.ports_kubernetes,
+      protocol = "Https",
+      path     = "/readyz"
+    },
+    {
+      name     = "konnectivity",
+      port     = local.ports_konnectivity,
+      protocol = "Tcp",
+      path     = null
+    },
+    {
+      name     = "verify",
+      port     = local.ports_verify,
+      protocol = "Tcp",
+      path     = null
+    },
+    {
+      name     = "recovery",
+      port     = local.ports_recovery,
+      protocol = "Tcp",
+      path     = null
+    },
+    var.debug ? [{
+      name     = "debugd",
+      port     = local.ports_debugd,
+      protocol = "Tcp",
+      path     = null
+    }] : [],
   ])
 }
 

cli/internal/terraform/terraform/azure/modules/load_balancer_backend/main.tf

@@ -18,7 +18,8 @@ resource "azurerm_lb_probe" "health_probes" {
   loadbalancer_id     = var.loadbalancer_id
   name                = each.value.name
   port                = each.value.port
-  protocol            = "Tcp"
+  protocol            = each.value.protocol
+  request_path        = each.value.path
   interval_in_seconds = 5
 }
 
@@ -27,7 +28,7 @@ resource "azurerm_lb_rule" "rules" {
 
   loadbalancer_id                = var.loadbalancer_id
   name                           = each.value.name
-  protocol                       = each.value.protocol
+  protocol                       = "Tcp"
   frontend_port                  = each.value.port
   backend_port                   = each.value.port
   frontend_ip_configuration_name = "PublicIPAddress"

cli/internal/terraform/terraform/azure/modules/load_balancer_backend/variables.tf

@@ -13,6 +13,8 @@ variable "ports" {
   type = list(object({
     name     = string
     port     = number
+    protocol = string
+    path     = string
   }))
-  description = "The ports to add to the backend."
+  description = "The ports to add to the backend. Protocol can be either 'Tcp' or 'Https'. Path is only used for 'Https' protocol and can otherwise be null."
 }