diff --git a/contrib/terraform/aws/create-infrastructure.tf b/contrib/terraform/aws/create-infrastructure.tf index 930168ffd..0a388447c 100644 --- a/contrib/terraform/aws/create-infrastructure.tf +++ b/contrib/terraform/aws/create-infrastructure.tf @@ -26,14 +26,14 @@ module "aws-vpc" { default_tags = var.default_tags } -module "aws-elb" { - source = "./modules/elb" +module "aws-nlb" { + source = "./modules/nlb" aws_cluster_name = var.aws_cluster_name aws_vpc_id = module.aws-vpc.aws_vpc_id aws_avail_zones = data.aws_availability_zones.available.names aws_subnet_ids_public = module.aws-vpc.aws_subnet_ids_public - aws_elb_api_port = var.aws_elb_api_port + aws_nlb_api_port = var.aws_nlb_api_port k8s_secure_api_port = var.k8s_secure_api_port default_tags = var.default_tags } @@ -96,10 +96,10 @@ resource "aws_instance" "k8s-master" { })) } -resource "aws_elb_attachment" "attach_master_nodes" { - count = var.aws_kube_master_num - elb = module.aws-elb.aws_elb_api_id - instance = element(aws_instance.k8s-master.*.id, count.index) +resource "aws_lb_target_group_attachment" "tg-attach_master_nodes" { + count = var.aws_kube_master_num + target_group_arn = module.aws-nlb.aws_nlb_api_tg_arn + target_id = element(aws_instance.k8s-master.*.private_ip, count.index) } resource "aws_instance" "k8s-etcd" { @@ -164,7 +164,7 @@ data "template_file" "inventory" { list_node = join("\n", aws_instance.k8s-worker.*.private_dns) connection_strings_etcd = join("\n", formatlist("%s ansible_host=%s", aws_instance.k8s-etcd.*.private_dns, aws_instance.k8s-etcd.*.private_ip)) list_etcd = join("\n", ((var.aws_etcd_num > 0) ? (aws_instance.k8s-etcd.*.private_dns) : (aws_instance.k8s-master.*.private_dns))) - elb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-elb.aws_elb_api_fqdn}\"" + nlb_api_fqdn = "apiserver_loadbalancer_domain_name=\"${module.aws-nlb.aws_nlb_api_fqdn}\"" } } diff --git a/contrib/terraform/aws/modules/elb/main.tf b/contrib/terraform/aws/modules/elb/main.tf deleted file mode 100644 index 0bc589db9..000000000 --- a/contrib/terraform/aws/modules/elb/main.tf +++ /dev/null @@ -1,57 +0,0 @@ -resource "aws_security_group" "aws-elb" { - name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb" - vpc_id = var.aws_vpc_id - - tags = merge(var.default_tags, tomap({ - Name = "kubernetes-${var.aws_cluster_name}-securitygroup-elb" - })) -} - -resource "aws_security_group_rule" "aws-allow-api-access" { - type = "ingress" - from_port = var.aws_elb_api_port - to_port = var.k8s_secure_api_port - protocol = "TCP" - cidr_blocks = ["0.0.0.0/0"] - security_group_id = aws_security_group.aws-elb.id -} - -resource "aws_security_group_rule" "aws-allow-api-egress" { - type = "egress" - from_port = 0 - to_port = 65535 - protocol = "TCP" - cidr_blocks = ["0.0.0.0/0"] - security_group_id = aws_security_group.aws-elb.id -} - -# Create a new AWS ELB for K8S API -resource "aws_elb" "aws-elb-api" { - name = "kubernetes-elb-${var.aws_cluster_name}" - subnets = length(var.aws_subnet_ids_public) <= length(var.aws_avail_zones) ? var.aws_subnet_ids_public : slice(var.aws_subnet_ids_public, 0, length(var.aws_avail_zones)) - security_groups = [aws_security_group.aws-elb.id] - - listener { - instance_port = var.k8s_secure_api_port - instance_protocol = "tcp" - lb_port = var.aws_elb_api_port - lb_protocol = "tcp" - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - target = "HTTPS:${var.k8s_secure_api_port}/healthz" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = merge(var.default_tags, tomap({ - Name = "kubernetes-${var.aws_cluster_name}-elb-api" - })) -} diff --git a/contrib/terraform/aws/modules/elb/outputs.tf b/contrib/terraform/aws/modules/elb/outputs.tf deleted file mode 100644 index 185b10525..000000000 --- a/contrib/terraform/aws/modules/elb/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "aws_elb_api_id" { - value = aws_elb.aws-elb-api.id -} - -output "aws_elb_api_fqdn" { - value = aws_elb.aws-elb-api.dns_name -} diff --git a/contrib/terraform/aws/modules/nlb/main.tf b/contrib/terraform/aws/modules/nlb/main.tf new file mode 100644 index 000000000..2093b49dd --- /dev/null +++ b/contrib/terraform/aws/modules/nlb/main.tf @@ -0,0 +1,41 @@ +# Create a new AWS NLB for K8S API +resource "aws_lb" "aws-nlb-api" { + name = "kubernetes-nlb-${var.aws_cluster_name}" + load_balancer_type = "network" + subnets = length(var.aws_subnet_ids_public) <= length(var.aws_avail_zones) ? var.aws_subnet_ids_public : slice(var.aws_subnet_ids_public, 0, length(var.aws_avail_zones)) + idle_timeout = 400 + enable_cross_zone_load_balancing = true + + tags = merge(var.default_tags, tomap({ + Name = "kubernetes-${var.aws_cluster_name}-nlb-api" + })) +} + +# Create a new AWS NLB Instance Target Group +resource "aws_lb_target_group" "aws-nlb-api-tg" { + name = "kubernetes-nlb-tg-${var.aws_cluster_name}" + port = var.k8s_secure_api_port + protocol = "TCP" + target_type = "ip" + vpc_id = var.aws_vpc_id + + health_check { + healthy_threshold = 2 + unhealthy_threshold = 2 + interval = 30 + protocol = "HTTPS" + path = "/healthz" + } +} + +# Create a new AWS NLB Listener listen to target group +resource "aws_lb_listener" "aws-nlb-api-listener" { + load_balancer_arn = aws_lb.aws-nlb-api.arn + port = var.aws_nlb_api_port + protocol = "TCP" + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.aws-nlb-api-tg.arn + } +} diff --git a/contrib/terraform/aws/modules/nlb/outputs.tf b/contrib/terraform/aws/modules/nlb/outputs.tf new file mode 100644 index 000000000..2a97c4b19 --- /dev/null +++ b/contrib/terraform/aws/modules/nlb/outputs.tf @@ -0,0 +1,11 @@ +output "aws_nlb_api_id" { + value = aws_lb.aws-nlb-api.id +} + +output "aws_nlb_api_fqdn" { + value = aws_lb.aws-nlb-api.dns_name +} + +output "aws_nlb_api_tg_arn" { + value = aws_lb_target_group.aws-nlb-api-tg.arn +} diff --git a/contrib/terraform/aws/modules/elb/variables.tf b/contrib/terraform/aws/modules/nlb/variables.tf similarity index 88% rename from contrib/terraform/aws/modules/elb/variables.tf rename to contrib/terraform/aws/modules/nlb/variables.tf index ca56b1a92..db280f67b 100644 --- a/contrib/terraform/aws/modules/elb/variables.tf +++ b/contrib/terraform/aws/modules/nlb/variables.tf @@ -6,8 +6,8 @@ variable "aws_vpc_id" { description = "AWS VPC ID" } -variable "aws_elb_api_port" { - description = "Port for AWS ELB" +variable "aws_nlb_api_port" { + description = "Port for AWS NLB" } variable "k8s_secure_api_port" { diff --git a/contrib/terraform/aws/output.tf b/contrib/terraform/aws/output.tf index 8cac230af..952841037 100644 --- a/contrib/terraform/aws/output.tf +++ b/contrib/terraform/aws/output.tf @@ -14,8 +14,8 @@ output "etcd" { value = join("\n", ((var.aws_etcd_num > 0) ? (aws_instance.k8s-etcd.*.private_ip) : (aws_instance.k8s-master.*.private_ip))) } -output "aws_elb_api_fqdn" { - value = "${module.aws-elb.aws_elb_api_fqdn}:${var.aws_elb_api_port}" +output "aws_nlb_api_fqdn" { + value = "${module.aws-nlb.aws_nlb_api_fqdn}:${var.aws_nlb_api_port}" } output "inventory" { diff --git a/contrib/terraform/aws/sample-inventory/cluster.tfvars b/contrib/terraform/aws/sample-inventory/cluster.tfvars index d731a0416..8aca21909 100644 --- a/contrib/terraform/aws/sample-inventory/cluster.tfvars +++ b/contrib/terraform/aws/sample-inventory/cluster.tfvars @@ -33,9 +33,9 @@ aws_kube_worker_size = "t2.medium" aws_kube_worker_disk_size = 50 -#Settings AWS ELB +#Settings AWS NLB -aws_elb_api_port = 6443 +aws_nlb_api_port = 6443 k8s_secure_api_port = 6443 diff --git a/contrib/terraform/aws/templates/inventory.tpl b/contrib/terraform/aws/templates/inventory.tpl index c0d0d1024..10a3995e1 100644 --- a/contrib/terraform/aws/templates/inventory.tpl +++ b/contrib/terraform/aws/templates/inventory.tpl @@ -24,4 +24,4 @@ kube_control_plane calico_rr [k8s_cluster:vars] -${elb_api_fqdn} +${nlb_api_fqdn} diff --git a/contrib/terraform/aws/terraform.tfvars b/contrib/terraform/aws/terraform.tfvars index 21089ebdd..693fa9bfb 100644 --- a/contrib/terraform/aws/terraform.tfvars +++ b/contrib/terraform/aws/terraform.tfvars @@ -32,7 +32,7 @@ aws_kube_worker_size = "t3.medium" aws_kube_worker_disk_size = 50 #Settings AWS ELB -aws_elb_api_port = 6443 +aws_nlb_api_port = 6443 k8s_secure_api_port = 6443 default_tags = { diff --git a/contrib/terraform/aws/terraform.tfvars.example b/contrib/terraform/aws/terraform.tfvars.example index 76684d831..584b6a236 100644 --- a/contrib/terraform/aws/terraform.tfvars.example +++ b/contrib/terraform/aws/terraform.tfvars.example @@ -25,7 +25,7 @@ aws_kube_worker_size = "t3.medium" aws_kube_worker_disk_size = 50 #Settings AWS ELB -aws_elb_api_port = 6443 +aws_nlb_api_port = 6443 k8s_secure_api_port = 6443 default_tags = { } diff --git a/contrib/terraform/aws/variables.tf b/contrib/terraform/aws/variables.tf index 92a5512c8..479629e2f 100644 --- a/contrib/terraform/aws/variables.tf +++ b/contrib/terraform/aws/variables.tf @@ -104,11 +104,11 @@ variable "aws_kube_worker_size" { } /* -* AWS ELB Settings +* AWS NLB Settings * */ -variable "aws_elb_api_port" { - description = "Port for AWS ELB" +variable "aws_nlb_api_port" { + description = "Port for AWS NLB" } variable "k8s_secure_api_port" {