Просмотр исходного кода

Merge pull request #517 from mdr-engineering/feature/ftd_MSOCI-2340_CrossZoneLoadbalancing

Enables cross-zone load balancing for most NLBs
Frederick Damstra 2 лет назад
Родитель
Сommit
74a584c32e

+ 1 - 0
base/rhsso/nlb.tf

@@ -20,6 +20,7 @@ resource "aws_lb" "external" {
   load_balancer_type = "network"
   internal           = false # tfsec:ignore:aws-elb-alb-not-public
   subnets            = var.public_subnets
+  enable_cross_zone_load_balancing = true
 
   access_logs {
     bucket  = "xdr-elb-${var.environment}"

+ 1 - 0
base/splunk_servers/alsi/nlb-splunk.tf

@@ -15,6 +15,7 @@ resource "aws_lb" "alsi_splunk_nlb" {
   internal           = false # tfsec:ignore:aws-elb-alb-not-public The NLB requires Internet exposure
   load_balancer_type = "network"
   #subnets            = data.terraform_remote_state.infra.subnets
+  enable_cross_zone_load_balancing = true
 
   subnet_mapping {
     subnet_id     = element(var.subnets, 0)

+ 9 - 14
base/splunk_servers/indexer_cluster/nlb-splunk-data.tf

@@ -2,7 +2,7 @@
 # An external NLB for the indexers for splunk-2-splunk
 #------------------------------------------------------------------------------
 resource "aws_eip" "nlb" {
-  count = "3"
+  count = "3" # Could be local.nlb_endpoint_count, but I'd rather reserve all 3
 
   vpc  = true
   tags = merge(local.standard_tags, var.tags, { "Name" : "${var.prefix}-nlb" })
@@ -26,20 +26,15 @@ resource "aws_lb" "nlb" {
   internal           = false # tfsec:ignore:aws-elb-alb-not-public
   load_balancer_type = "network"
   #subnets            = data.terraform_remote_state.infra.public_subnets
+  enable_cross_zone_load_balancing = true
 
-  subnet_mapping {
-    subnet_id     = element(var.public_subnets, 0)
-    allocation_id = element(aws_eip.nlb.*.id, 0)
-  }
-
-  subnet_mapping {
-    subnet_id     = element(var.public_subnets, 1)
-    allocation_id = element(aws_eip.nlb.*.id, 1)
-  }
-
-  subnet_mapping {
-    subnet_id     = element(var.public_subnets, 2)
-    allocation_id = element(aws_eip.nlb.*.id, 2)
+  dynamic "subnet_mapping" {
+    # create a subnet endpoint for each subnet where there's an asg group
+    for_each = [for n in local.splunk_asg_sizes : "yes" if n > 0]
+    content {
+      subnet_id     = element(var.public_subnets, subnet_mapping.key) # subnet_mapping.key is the index of the list
+      allocation_id = element(aws_eip.nlb.*.id, subnet_mapping.key)
+    }
   }
 
   access_logs {