2017-03-02 01:25:58 +08:00
|
|
|
resource "aws_security_group" "aws-elb" {
|
2019-04-08 17:22:24 +08:00
|
|
|
name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
|
2020-06-05 15:05:43 +08:00
|
|
|
vpc_id = var.aws_vpc_id
|
2017-03-02 01:25:58 +08:00
|
|
|
|
2020-06-05 15:05:43 +08:00
|
|
|
tags = merge(var.default_tags, map(
|
2020-03-27 20:46:24 +08:00
|
|
|
"Name", "kubernetes-${var.aws_cluster_name}-securitygroup-elb"
|
2020-06-05 15:05:43 +08:00
|
|
|
))
|
2017-03-02 01:25:58 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "aws_security_group_rule" "aws-allow-api-access" {
|
2019-04-08 17:22:24 +08:00
|
|
|
type = "ingress"
|
2020-06-05 15:05:43 +08:00
|
|
|
from_port = var.aws_elb_api_port
|
|
|
|
to_port = var.k8s_secure_api_port
|
2019-04-08 17:22:24 +08:00
|
|
|
protocol = "TCP"
|
|
|
|
cidr_blocks = ["0.0.0.0/0"]
|
2020-06-05 15:05:43 +08:00
|
|
|
security_group_id = aws_security_group.aws-elb.id
|
2017-03-02 01:25:58 +08:00
|
|
|
}
|
|
|
|
|
2017-03-20 19:06:07 +08:00
|
|
|
resource "aws_security_group_rule" "aws-allow-api-egress" {
|
2019-04-08 17:22:24 +08:00
|
|
|
type = "egress"
|
|
|
|
from_port = 0
|
|
|
|
to_port = 65535
|
|
|
|
protocol = "TCP"
|
|
|
|
cidr_blocks = ["0.0.0.0/0"]
|
2020-06-05 15:05:43 +08:00
|
|
|
security_group_id = aws_security_group.aws-elb.id
|
2017-03-20 19:06:07 +08:00
|
|
|
}
|
2017-03-02 01:25:58 +08:00
|
|
|
|
|
|
|
# Create a new AWS ELB for K8S API
|
|
|
|
resource "aws_elb" "aws-elb-api" {
|
2019-04-08 17:22:24 +08:00
|
|
|
name = "kubernetes-elb-${var.aws_cluster_name}"
|
2019-12-12 19:42:33 +08:00
|
|
|
subnets = var.aws_subnet_ids_public
|
2020-06-05 15:05:43 +08:00
|
|
|
security_groups = [aws_security_group.aws-elb.id]
|
2017-03-02 01:25:58 +08:00
|
|
|
|
|
|
|
listener {
|
2020-06-05 15:05:43 +08:00
|
|
|
instance_port = var.k8s_secure_api_port
|
2017-03-02 01:25:58 +08:00
|
|
|
instance_protocol = "tcp"
|
2020-06-05 15:05:43 +08:00
|
|
|
lb_port = var.aws_elb_api_port
|
2019-04-08 17:22:24 +08:00
|
|
|
lb_protocol = "tcp"
|
2017-03-02 01:25:58 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
health_check {
|
2019-04-08 17:22:24 +08:00
|
|
|
healthy_threshold = 2
|
2017-03-02 01:25:58 +08:00
|
|
|
unhealthy_threshold = 2
|
2019-04-08 17:22:24 +08:00
|
|
|
timeout = 3
|
2020-09-22 15:56:47 +08:00
|
|
|
target = "HTTPS:${var.k8s_secure_api_port}/healthz"
|
2019-04-08 17:22:24 +08:00
|
|
|
interval = 30
|
2017-03-02 01:25:58 +08:00
|
|
|
}
|
|
|
|
|
2019-04-08 17:22:24 +08:00
|
|
|
cross_zone_load_balancing = true
|
|
|
|
idle_timeout = 400
|
|
|
|
connection_draining = true
|
2017-03-02 01:25:58 +08:00
|
|
|
connection_draining_timeout = 400
|
|
|
|
|
2020-06-05 15:05:43 +08:00
|
|
|
tags = merge(var.default_tags, map(
|
2017-10-18 18:44:32 +08:00
|
|
|
"Name", "kubernetes-${var.aws_cluster_name}-elb-api"
|
2020-06-05 15:05:43 +08:00
|
|
|
))
|
2017-03-02 01:25:58 +08:00
|
|
|
}
|