Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-02 18:44:49 -05:00
Code Issues Packages Projects Releases Wiki Activity

terraform: use HTTPS health check for AWS

Browse Source
This commit is contained in:
Leonard Cohnen 2022-11-02 11:46:52 +01:00 committed by 3u13r
parent 7e385c4c86
commit be2b38f2ac
3 changed files with 71 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cli/internal/terraform/terraform/aws/main.tf
View File

@ -125,6 +125,14 @@ resource "aws_security_group" "security_group" {
description = "konnectivity" description = "konnectivity"
} }
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [aws_vpc.vpc.cidr_block]
description = "allow all internal"
}
dynamic "ingress" { dynamic "ingress" {
for_each = var.debug ? [1] : [] for_each = var.debug ? [1] : []
content { content {
@ -150,6 +158,7 @@ module "load_balancer_target_bootstrapper" {
lb_arn = aws_lb.front_end.arn lb_arn = aws_lb.front_end.arn
port = local.ports_bootstrapper port = local.ports_bootstrapper
tags = local.tags tags = local.tags
healthcheck_protocol = "TCP"
} }
module "load_balancer_target_kubernetes" { module "load_balancer_target_kubernetes" {
@ -159,6 +168,8 @@ module "load_balancer_target_kubernetes" {
lb_arn = aws_lb.front_end.arn lb_arn = aws_lb.front_end.arn
port = local.ports_kubernetes port = local.ports_kubernetes
tags = local.tags tags = local.tags
healthcheck_protocol = "HTTPS"
healthcheck_path = "/readyz"
} }
module "load_balancer_target_verify" { module "load_balancer_target_verify" {
@ -168,6 +179,7 @@ module "load_balancer_target_verify" {
lb_arn = aws_lb.front_end.arn lb_arn = aws_lb.front_end.arn
port = local.ports_verify port = local.ports_verify
tags = local.tags tags = local.tags
healthcheck_protocol = "TCP"
} }
module "load_balancer_target_debugd" { module "load_balancer_target_debugd" {
@ -178,6 +190,7 @@ module "load_balancer_target_debugd" {
lb_arn = aws_lb.front_end.arn lb_arn = aws_lb.front_end.arn
port = local.ports_debugd port = local.ports_debugd
tags = local.tags tags = local.tags
healthcheck_protocol = "TCP"
} }
module "load_balancer_target_konnectivity" { module "load_balancer_target_konnectivity" {
@ -187,6 +200,7 @@ module "load_balancer_target_konnectivity" {
lb_arn = aws_lb.front_end.arn lb_arn = aws_lb.front_end.arn
port = local.ports_konnectivity port = local.ports_konnectivity
tags = local.tags tags = local.tags
healthcheck_protocol = "TCP"
} }
# TODO: Remove when development is more advanced # TODO: Remove when development is more advanced
@ -198,6 +212,7 @@ module "load_balancer_target_ssh" {
lb_arn = aws_lb.front_end.arn lb_arn = aws_lb.front_end.arn
port = local.ports_ssh port = local.ports_ssh
tags = local.tags tags = local.tags
healthcheck_protocol = "TCP"
} }
module "instance_group_control_plane" { module "instance_group_control_plane" {

6
cli/internal/terraform/terraform/aws/modules/load_balancer_target/main.tf
View File

@ -16,7 +16,11 @@ resource "aws_lb_target_group" "front_end" {
health_check { health_check {
port = var.port port = var.port
protocol = "TCP" protocol = var.healthcheck_protocol
path = var.healthcheck_protocol == "HTTPS" ? var.healthcheck_path : null
interval = 10
healthy_threshold = 2
unhealthy_threshold = 2
} }
lifecycle { lifecycle {

12
cli/internal/terraform/terraform/aws/modules/load_balancer_target/variables.tf
View File

@ -18,6 +18,18 @@ variable "lb_arn" {
description = "ARN of the load balancer." description = "ARN of the load balancer."
} }
variable "healthcheck_protocol" {
type = string
default = "TCP"
description = "Type of the load balancer target."
}
variable "healthcheck_path" {
type = string
default = ""
description = "Path for health check."
}
variable "tags" { variable "tags" {
type = map(string) type = map(string)
description = "The tags to add to the loadbalancer." description = "The tags to add to the loadbalancer."