Skip to content

Latest commit

 

History

History
309 lines (258 loc) · 9.72 KB

README.md

File metadata and controls

309 lines (258 loc) · 9.72 KB

Flexible Engine Enhanced Elastic Load Balancer Terraform Module

Terraform module for deploying an Elastic Load Balancer

TF version : 0.13

Module scope

This Terraform module Elastic Load Balancer for Flexible Engine cover :

  • Listeners configuration TCP/HTTP/HTTPS (With SSL certificate, and whitelist)
  • Backends/Pools configuration with members
  • Monitoring of backend members
  • L7 Policies to redirect HTTP requests to another listener or pool.

Resources module architecture

alt text

Terraform format

module "elb_web" {
  source = "FlexibleEngineCloud/elb/flexibleengine"
  version = "1.0.0"

  loadbalancer_name = "my-http-elb"

  subnet_id = "my-subnet-id"

  bind_eip = true

  cert = true

  domain = "my-domain-name.com"

  cert_name = "my-cert-name"

  certId = "my-cert-id"

  vip_address = "192.168.13.148"

  listeners = [
              {
              name = "http"
              port = 80
              protocol = "HTTP"
              hasCert = false
              },
              {
              name = "https"
              port = 443
              protocol = "TERMINATED_HTTPS"
              hasCert = true
              }
              ]

  pools = [   {
              name = "poolhttp"
              protocol = "HTTP"
              lb_method = "ROUND_ROBIN"
              listener_index = 0
              },
              {
              name = "poolhttps"
              protocol = "HTTP"
              lb_method = "ROUND_ROBIN"
              listener_index = 1
              }
            ]

  backends = [
            {
              name = "backend1"
              port = 80
              address_index = 0
              pool_index = 0
              subnet_id = "backend1-subnet-id"
            },
            {
              name = "backend2"
              port = 80
              address_index = 1
              pool_index = 0
              subnet_id = "backend2-subnet-id"
            },
            {
              name = "backend3"
              port = 443
              address_index = 0
              pool_index = 1
              subnet_id = "backend3-subnet-id"
            },
            {
              name = "backend4"
              port = 443
              address_index = 1
              pool_index = 1
              subnet_id = "backend4-subnet-id"
            }
            ]

    backends_addresses = ["192.168.13.102","192.168.13.247"]

    monitorsHttp =  [
            {
              name = "monitor1"
              pool_index = 0
              protocol = "HTTP"
              delay = 20
              timeout = 10
              max_retries = 3
              url_path = "/check"
              http_method = "GET"
              expected_codes = "2xx,3xx,4xx"
            },
            {
              name = "monitor2"
              pool_index = 1
              protocol = "HTTP"
              delay = 20
              timeout = 10
              max_retries = 3
              url_path = "/check"
              http_method = "GET"
              expected_codes = "2xx,3xx,4xx"
            }
            ]    

    listeners_whitelist = [
      {
        enable_whitelist = true
        whitelist = "192.168.11.1,192.168.0.1/24,192.168.201.18/8"
        listeners_index = 0
      }
    ]


}

Terragrunt format

################################
### Terragrunt Configuration ###
################################

terraform {
  source = "terraform-flexibleengine-modules/elb/flexibleengine"
  version = "1.0.0"
}

include {
  path = find_in_parent_folders()
}

##################
### Parameters ###
##################

inputs = {

  loadbalancer_name = "my-http-elb"

  subnet_id = "my-subnet-id"

  bind_eip = true

  cert = true

  domain = "my-domain-name.com"

  cert_name = "my-cert-name"

  certId = "my-cert-id"

  vip_address = "192.168.13.148"

  listeners = [
              {
              name = "http"
              port = 80
              protocol = "HTTP"
              hasCert = false
              },
              {
              name = "https"
              port = 443
              protocol = "TERMINATED_HTTPS"
              hasCert = true
              }
              ]

  pools = [   {
              name = "poolhttp"
              protocol = "HTTP"
              lb_method = "ROUND_ROBIN"
              listener_index = 0
              },
              {
              name = "poolhttps"
              protocol = "HTTP"
              lb_method = "ROUND_ROBIN"
              listener_index = 1
              }
            ]

  backends = [
            {
              name = "backend1"
              port = 80
              address_index = 0
              pool_index = 0
              subnet_id = "backend1-subnet-id"
            },
            {
              name = "backend2"
              port = 80
              address_index = 1
              pool_index = 0
              subnet_id = "backend2-subnet-id"
            },
            {
              name = "backend3"
              port = 443
              address_index = 0
              pool_index = 1
              subnet_id = "backend3-subnet-id"
            },
            {
              name = "backend4"
              port = 443
              address_index = 1
              pool_index = 1
              subnet_id = "backend4-subnet-id"
            }
            ]

    backends_addresses = ["192.168.13.102","192.168.13.247"]

    monitorsHttp =  [
            {
              name = "monitor1"
              pool_index = 0
              protocol = "HTTP"
              delay = 20
              timeout = 10
              max_retries = 3
              url_path = "/check"
              http_method = "GET"
              expected_codes = "2xx,3xx,4xx"
            },
            {
              name = "monitor2"
              pool_index = 1
              protocol = "HTTP"
              delay = 20
              timeout = 10
              max_retries = 3
              url_path = "/check"
              http_method = "GET"
              expected_codes = "2xx,3xx,4xx"
            }
            ]    

    listeners_whitelist = [
      {
        enable_whitelist = true
        whitelist = "192.168.11.1,192.168.0.1/24,192.168.201.18/8"
        listeners_index = 0
      }
    ]
}

Inputs

Name Description Type Default Required
backends List of backends
list(object({
name = string
port = number
address_index = string
pool_index = number
subnet_id = string
}))
n/a yes
backends_addresses List of backends adresses list n/a yes
bind_eip Boolean to know if we bind an EIP bool true no
cert Boolean to know if we add certificate bool false no
certId n/a string "" no
cert_name n/a string "" no
certificate n/a string "" no
domain n/a string "" no
eip_addr Address of an existing EIP to attach (ex: 1.2.3.4). Left null will create a new EIP string n/a yes
l7policies List of L7 policies redirected to pools/listeners
list(object({
name = string
action = string # REDIRECT_TO_POOL / REDIRECT_TO_LISTENER
description = string
position = number
listener_index = number
redirect_listener_index = number # if REDIRECT_TO_LISTENER is set, or null LISTENER must be listen on HTTPS_TERMINATED
redirect_pool_index = number # if REDIRECT_TO_POOL is set, or null - pool used to redirect must be not associated with a listener
}))
[] no
l7policies_rules List of L7 policies redirected to pools/listeners
list(object({
l7policy_index = number
type = string
compare_type = string
value = string
}))
[] no
listeners Listeners list
list(object({
name = string
port = number
protocol = string #Protocol used TCP, UDP, HTTP or TERMINATED_HTTPS
hasCert = bool
}))
n/a yes
listeners_whitelist Listeners whitelist
list(object({
listeners_index = number
enable_whitelist = bool
whitelist = string #Comma separated : "192.168.11.1,192.168.0.1/24,192.168.201.18/8"
}))
[] no
loadbalancer_name Name of the Load Balancer (It is already prefixed by elb-*) string n/a yes
monitors List of monitors
list(object({
name = string
pool_index = number
protocol = string
delay = number
timeout = number
max_retries = number
}))
[] no
monitorsHttp List of monitors HTTP/HTTPS
list(object({
name = string
pool_index = number
protocol = string
delay = number
timeout = number
max_retries = number
url_path = string
http_method = string
expected_codes = string
}))
[] no
pools Pools list
list(object({
name = string
protocol = string #Protocol used TCP, UDP
lb_method = string # Load Balancing method (ROUND_ROBIN recommended)
listener_index = number # index listener
}))
n/a yes
private_key n/a string "" no
subnet_id Subnet ID to attach the VIP string n/a yes
vip_address Address of the VIP (In the same Subnet) string n/a yes

Outputs

Name Description
public_ip The LB public IP
private_ip The LB private IP