scottk/terraform-talos
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/terraform-talos.git synced 2025-10-29 09:32:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
terraform-talos/scaleway/network-lb.tf
Serge Logvinov 03c01f3d02 fix load-balancer
2024-08-13 15:39:05 +03:00

161 lines
3.7 KiB
HCL
Raw Permalink Blame History

locals {
lb_enable = lookup(var.controlplane, "type_lb", "") == "" ? false : true
ipv4_vip = cidrhost(local.main_subnet, 5)
lbv4 = local.lb_enable ? scaleway_lb_ip.lb_v4[0].ip_address : "127.0.0.1"
}
resource "scaleway_ipam_ip" "controlplane_vip" {
address = cidrhost(local.main_subnet, 5)
source {
private_network_id = scaleway_vpc_private_network.main.id
}
}
resource "scaleway_lb_ip" "lb_v4" {
count = local.lb_enable ? 1 : 0
}
resource "scaleway_lb_ip" "lb_v6" {
count = local.lb_enable ? 1 : 0
is_ipv6 = true
}
resource "scaleway_lb" "lb" {
count = local.lb_enable ? 1 : 0
name = "controlplane"
type = lookup(var.controlplane, "type_lb", "LB-S")
ip_ids = [scaleway_lb_ip.lb_v4[0].id, scaleway_lb_ip.lb_v6[0].id]
private_network {
private_network_id = scaleway_vpc_private_network.main.id
}
tags = concat(var.tags, ["infra"])
}
resource "scaleway_lb_backend" "api" {
count = local.lb_enable ? 1 : 0
lb_id = scaleway_lb.lb[0].id
name = "api"
forward_protocol = "tcp"
forward_port = "6443"
server_ips = [for k in range(0, lookup(var.controlplane, "count", 0)) : cidrhost(local.main_subnet, 11 + k)]
health_check_timeout = "5s"
health_check_delay = "30s"
health_check_https {
uri = "/readyz"
code = 401
}
}
resource "scaleway_lb_frontend" "api" {
count = local.lb_enable ? 1 : 0
lb_id = scaleway_lb.lb[0].id
backend_id = scaleway_lb_backend.api[0].id
name = "api"
inbound_port = "6443"
acl {
name = "Allow whitlist IPs"
action {
type = "allow"
}
match {
ip_subnet = var.whitelist_admins
}
}
acl {
name = "Deny all"
action {
type = "deny"
}
match {
ip_subnet = ["0.0.0.0/0", "::/0"]
}
}
}
###################
data "scaleway_ipam_ips" "web" {
count = lookup(try(var.instances[var.regions[0]], {}), "web_count", 0)
type = "ipv4"
attached = true
resource {
name = scaleway_instance_server.web[count.index].name
type = "instance_private_nic"
}
}
resource "scaleway_lb_backend" "http" {
count = local.lb_enable ? 1 : 0
lb_id = scaleway_lb.lb[0].id
name = "http"
forward_protocol = "http"
forward_port = "80"
proxy_protocol = "none"
server_ips = [for k in data.scaleway_ipam_ips.web : split("/", one(k.ips).address)[0]]
health_check_timeout = "5s"
health_check_delay = "30s"
health_check_http {
uri = "/healthz"
}
}
resource "scaleway_lb_frontend" "http" {
count = local.lb_enable ? 1 : 0
lb_id = scaleway_lb.lb[0].id
backend_id = scaleway_lb_backend.http[0].id
name = "http"
inbound_port = "80"
}
###################
resource "scaleway_lb_backend" "https" {
count = local.lb_enable ? 1 : 0
lb_id = scaleway_lb.lb[0].id
name = "https"
forward_protocol = "tcp"
forward_port = "443"
proxy_protocol = "none"
server_ips = [for k in data.scaleway_ipam_ips.web : split("/", one(k.ips).address)[0]]
health_check_timeout = "5s"
health_check_delay = "15s"
health_check_https {
uri = "/healthz"
}
}
resource "scaleway_lb_frontend" "https" {
count = local.lb_enable ? 1 : 0
lb_id = scaleway_lb.lb[0].id
backend_id = scaleway_lb_backend.https[0].id
name = "https"
inbound_port = "443"
acl {
name = "Allow whitlist IPs"
action {
type = "allow"
}
match {
ip_subnet = concat(var.whitelist_web, var.whitelist_admins)
}
}
acl {
name = "Deny all"
action {
type = "deny"
}
match {
ip_subnet = ["0.0.0.0/0"]
}
}
}
Reference in New Issue View Git Blame Copy Permalink