Use HTTPS for kube lb health check on Azure (#305)

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2024-10-01 01:36:09 -04:00 · 2022-10-18 11:46:22 +02:00 · 2022-10-18 11:46:22 +02:00 · 01df06e142
commit 01df06e142
parent c85dc674ba
3 changed files with 44 additions and 11 deletions
--- a/cli/internal/terraform/terraform/azure/main.tf
+++ b/cli/internal/terraform/terraform/azure/main.tf
@ -70,12 +70,42 @@ module "loadbalancer_backend_control_plane" {
  name            = "${local.name}-control-plane"
  loadbalancer_id = azurerm_lb.loadbalancer.id
  ports = flatten([
-    { name = "bootstrapper", port = local.ports_bootstrapper },
-    { name = "kubernetes", port = local.ports_kubernetes },
-    { name = "konnectivity", port = local.ports_konnectivity },
-    { name = "verify", port = local.ports_verify },
-    { name = "recovery", port = local.ports_recovery },
-    var.debug ? [{ name = "debugd", port = local.ports_debugd }] : [],
+    {
+      name     = "bootstrapper",
+      port     = local.ports_bootstrapper,
+      protocol = "Tcp",
+      path     = null
+    },
+    {
+      name     = "kubernetes",
+      port     = local.ports_kubernetes,
+      protocol = "Https",
+      path     = "/readyz"
+    },
+    {
+      name     = "konnectivity",
+      port     = local.ports_konnectivity,
+      protocol = "Tcp",
+      path     = null
+    },
+    {
+      name     = "verify",
+      port     = local.ports_verify,
+      protocol = "Tcp",
+      path     = null
+    },
+    {
+      name     = "recovery",
+      port     = local.ports_recovery,
+      protocol = "Tcp",
+      path     = null
+    },
+    var.debug ? [{
+      name     = "debugd",
+      port     = local.ports_debugd,
+      protocol = "Tcp",
+      path     = null
+    }] : [],
  ])
 }

--- a/cli/internal/terraform/terraform/azure/modules/load_balancer_backend/main.tf
+++ b/cli/internal/terraform/terraform/azure/modules/load_balancer_backend/main.tf
@ -18,7 +18,8 @@ resource "azurerm_lb_probe" "health_probes" {
  loadbalancer_id     = var.loadbalancer_id
  name                = each.value.name
  port                = each.value.port
-  protocol            = "Tcp"
+  protocol            = each.value.protocol
+  request_path        = each.value.path
  interval_in_seconds = 5
 }

@ -27,7 +28,7 @@ resource "azurerm_lb_rule" "rules" {

  loadbalancer_id                = var.loadbalancer_id
  name                           = each.value.name
-  protocol                       = each.value.protocol
+  protocol                       = "Tcp"
  frontend_port                  = each.value.port
  backend_port                   = each.value.port
  frontend_ip_configuration_name = "PublicIPAddress"
--- a/cli/internal/terraform/terraform/azure/modules/load_balancer_backend/variables.tf
+++ b/cli/internal/terraform/terraform/azure/modules/load_balancer_backend/variables.tf
@ -11,8 +11,10 @@ variable "loadbalancer_id" {

 variable "ports" {
  type = list(object({
-    name = string
-    port = number
+    name     = string
+    port     = number
+    protocol = string
+    path     = string
  }))
-  description = "The ports to add to the backend."
+  description = "The ports to add to the backend. Protocol can be either 'Tcp' or 'Https'. Path is only used for 'Https' protocol and can otherwise be null."
 }