|
|
resource "aws_security_group" "aws-elb" { name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb" vpc_id = "${var.aws_vpc_id}"
tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-securitygroup-elb" ))}"
}
resource "aws_security_group_rule" "aws-allow-api-access" { type = "ingress" from_port = "${var.aws_elb_api_port}" to_port = "${var.k8s_secure_api_port}" protocol = "TCP" cidr_blocks = ["0.0.0.0/0"] security_group_id = "${aws_security_group.aws-elb.id}"}
resource "aws_security_group_rule" "aws-allow-api-egress" { type = "egress" from_port = 0 to_port = 65535 protocol = "TCP" cidr_blocks = ["0.0.0.0/0"] security_group_id = "${aws_security_group.aws-elb.id}"}
# Create a new AWS ELB for K8S API
resource "aws_elb" "aws-elb-api" { name = "kubernetes-elb-${var.aws_cluster_name}" subnets = ["${var.aws_subnet_ids_public}"] security_groups = ["${aws_security_group.aws-elb.id}"]
listener { instance_port = "${var.k8s_secure_api_port}" instance_protocol = "tcp" lb_port = "${var.aws_elb_api_port}" lb_protocol = "tcp" }
health_check { healthy_threshold = 2 unhealthy_threshold = 2 timeout = 3 target = "TCP:${var.k8s_secure_api_port}" interval = 30 }
cross_zone_load_balancing = true idle_timeout = 400 connection_draining = true connection_draining_timeout = 400
tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-elb-api" ))}"
}
|
