Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
AFS
/
xdr-terraform-modules
2
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Ağaç: b805a53eed
Dallar Biçim İmleri
xdr-terraform-m...
/
base
/
rhsso
/
nlb.tf

nlb.tf 2.0 KB
Geçmiş Ham

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. # KeyCloak Needs an NLB:
    2. 

  2. #   * ALB/ELB can't terminate SSL, because RHSSO needs the certificate
    3. 

  3. #   * Because they don't terminate SSL, they can't provide X-forwarded-for, and rhsso needs the source IP
    4. 

  4. #   * Therefore, we use an NLB and preserve the source IP.
    5. 

  5. module "public_dns_record" {
    6. 

  6.   source = "../../submodules/dns/public_ALIAS_record"
    7. 

  7. 

  8.   name            = "auth.${var.dns_info["public"]["zone"]}"
    9. 

  9.   target_dns_name = aws_lb.external.dns_name
    10. 

  10.   target_zone_id  = aws_lb.external.zone_id
    11. 

  11.   dns_info        = var.dns_info
    12. 

  12. 

  13.   providers = {
    14. 

  14.     aws.mdr-common-services-commercial = aws.mdr-common-services-commercial
    15. 

  15.   }
    16. 

  16. }
    17. 

  17. 

  18. resource "aws_lb" "external" {
    19. 

  19.   name               = "rhsso-external-nlb"
    20. 

  20.   load_balancer_type = "network"
    21. 

  21.   internal           = false # tfsec:ignore:aws-elb-alb-not-public
    22. 

  22.   subnets            = var.public_subnets
    23. 

  23.   enable_cross_zone_load_balancing = true
    24. 

  24. 

  25.   access_logs {
    26. 

  26.     bucket  = "xdr-elb-${var.environment}"
    27. 

  27.     enabled = true
    28. 

  28.   }
    29. 

  29. 

  30.   enable_cross_zone_load_balancing = true
    31. 

  31.   idle_timeout                     = 300
    32. 

  32. 

  33.   tags = merge(local.standard_tags, var.tags)
    34. 

  34. }
    35. 

  35. 

  36. resource "aws_lb_listener" "nlb_443" {
    37. 

  37.   load_balancer_arn = aws_lb.external.arn
    38. 

  38.   port              = "443"
    39. 

  39.   protocol          = "TCP"
    40. 

  40. 

  41.   default_action {
    42. 

  42.     type             = "forward"
    43. 

  43.     target_group_arn = aws_lb_target_group.external.arn
    44. 

  44.   }
    45. 

  45. }
    46. 

  46. 

  47. resource "aws_lb_target_group" "external" {
    48. 

  48.   name        = "rhsso-external-nlb"
    49. 

  49.   port        = 8443
    50. 

  50.   protocol    = "TCP"
    51. 

  51.   vpc_id      = var.vpc_id
    52. 

  52.   target_type = "instance"
    53. 

  53. 

  54.   health_check {
    55. 

  55.     enabled = true
    56. 

  56.     #healthy_threshold   = 3
    57. 

  57.     #unhealthy_threshold = 2
    58. 

  58.     timeout  = 10
    59. 

  59.     interval = 10
    60. 

  60.     #matcher = "200,302"
    61. 

  61.     path     = "/"
    62. 

  62.     protocol = "HTTPS"
    63. 

  63.   }
    64. 

  64. 

  65.   stickiness {
    66. 

  66.     enabled = true
    67. 

  67.     type    = "source_ip" # only option for NLBs
    68. 

  68.   }
    69. 

  69. }
    70. 

  70. 

  71. # Create a new load balancer attachment
    72. 

  72. resource "aws_lb_target_group_attachment" "external_attachment" {
    73. 

  73.   count            = local.instance_count
    74. 

  74.   target_group_arn = aws_lb_target_group.external.arn
    75. 

  75.   target_id        = aws_instance.instance[count.index].id
    76. 

  76. }
    77.