Support internal load balancers (#2388)

* arch: support internal lb on Azure * arch: support internal lb on GCP * helm: remove lb svc from verify deployment * arch: support internal lb on AWS * terraform: add jump hosts for internal lb * cli: expose internalLoadBalancer in config * ci: add e2e-manual-internal * add in-cluster endpoint to terraform output
2025-09-24 14:58:35 -04:00 · 2023-10-17 15:46:15 +02:00 · 2023-10-17 15:46:15 +02:00 · 0c89f57ac5
commit 0c89f57ac5
parent fe7e16e1cc
46 changed files with 1310 additions and 412 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -82,6 +82,9 @@ type Config struct {
 	//   A fallback to DNS name is always available.
 	CustomEndpoint string `yaml:"customEndpoint" validate:"omitempty,hostname_rfc1123"`
 	// description: |
+	//   Flag to enable/disable the internal load balancer. If enabled, the Constellation is only accessible from within the VPC.
+	InternalLoadBalancer bool `yaml:"internalLoadBalancer" validate:"omitempty"`
+	// description: |
 	//   Supported cloud providers and their specific configurations.
 	Provider ProviderConfig `yaml:"provider" validate:"dive"`
 	// description: |
@ -830,6 +833,12 @@ func (c *Config) Validate(force bool) error {
 		}
 	}

+	if c.InternalLoadBalancer {
+		if c.GetProvider() != cloudprovider.AWS && c.GetProvider() != cloudprovider.GCP {
+			return &ValidationError{validationErrMsgs: []string{"internalLoadBalancer is only supported for AWS and GCP"}}
+		}
+	}
+
 	err := validate.Struct(c)
 	if err == nil {
 		return nil