forked from oracle-quickstart/appstack
-
Notifications
You must be signed in to change notification settings - Fork 0
/
load-balancer.tf
146 lines (127 loc) · 4.62 KB
/
load-balancer.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# Copyright (c) 2023, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
# creates load balancer and back ends
resource "oci_load_balancer" "flexible_loadbalancer" {
shape = "flexible"
compartment_id = var.compartment_id
subnet_ids = [
local.lb_subnet_id
]
network_security_group_ids = [oci_core_network_security_group.lb_nsg.id]
shape_details {
maximum_bandwidth_in_mbps = var.maximum_bandwidth_in_mbps
minimum_bandwidth_in_mbps = var.minimum_bandwidth_in_mbps
}
is_private = var.open_https_port ? false : true
display_name = local.load-balancer-name
}
resource "oci_load_balancer_backend_set" "load_balancer_backend_set" {
depends_on = [
# oci_core_image.app_image,
oci_load_balancer_certificate.backend_certificate
]
name = "${var.application_name}_bset"
load_balancer_id = oci_load_balancer.flexible_loadbalancer.id
policy = "ROUND_ROBIN"
health_checker {
port = var.exposed_port
protocol = "HTTP"
url_path = var.health_checker_url_path
return_code = var.health_checker_return_code
timeout_in_millis = var.lb_health_check_timeout_in_millis
interval_ms = var.lb_health_check_interval_ms
retries = var.lb_health_check_retries
}
ssl_configuration {
# certificate_ids = oci_load_balancer_certificate.backend_certificate.id
certificate_name = oci_load_balancer_certificate.backend_certificate.certificate_name
protocols = ["TLSv1.1", "TLSv1.2"]
}
# session affinity
dynamic "lb_cookie_session_persistence_configuration" {
for_each = var.session_affinity == "Enable load balancer cookie persistence" ? [1] : []
content {
cookie_name = var.session_affinity_cookie_name
}
}
dynamic "session_persistence_configuration" {
for_each = var.session_affinity == "Enable application cookie persistence" ? [1] : []
content {
cookie_name = var.session_affinity_cookie_name
}
}
}
resource "oci_load_balancer_certificate" "backend_certificate" {
#Required
certificate_name = "backend-certificate"
load_balancer_id = oci_load_balancer.flexible_loadbalancer.id
ca_certificate = (local.use-image
? var.ca_pem
: tls_self_signed_cert.self_signed_certificate[0].cert_pem)
private_key = (local.use-image
? var.private_key_pem
: tls_private_key.rsa_private_key[0].private_key_pem)
public_certificate = (local.use-image
? var.cert_pem
: tls_self_signed_cert.self_signed_certificate[0].cert_pem)
lifecycle {
create_before_destroy = true
}
}
resource "oci_load_balancer_backend" "load_balancer_backend" {
depends_on = [
oci_load_balancer_backend_set.load_balancer_backend_set
]
load_balancer_id = oci_load_balancer.flexible_loadbalancer.id
backendset_name = oci_load_balancer_backend_set.load_balancer_backend_set.name
ip_address = oci_container_instances_container_instance.app_container_instance[count.index].vnics[0].private_ip
port = var.exposed_port
backup = false
drain = false
offline = false
weight = 1
count = var.nb_copies
}
resource "oci_load_balancer_listener" "listener_https" {
depends_on = [
oci_load_balancer_backend_set.load_balancer_backend_set
]
default_backend_set_name = oci_load_balancer_backend_set.load_balancer_backend_set.name
load_balancer_id = oci_load_balancer.flexible_loadbalancer.id
name = "${var.application_name}_https"
port = 443
protocol = "HTTP"
ssl_configuration {
certificate_ids = [var.certificate_ocid]
protocols = ["TLSv1.2"]
cipher_suite_name = var.lb_listener_cypher_suite
verify_peer_certificate = false
verify_depth = 0
}
count = (var.create_fqdn ? 1 : 0)
}
resource "oci_load_balancer_listener" "listener_http" {
depends_on = [
oci_load_balancer_backend_set.load_balancer_backend_set
]
default_backend_set_name = oci_load_balancer_backend_set.load_balancer_backend_set.name
load_balancer_id = oci_load_balancer.flexible_loadbalancer.id
name = "${var.application_name}_http"
port = 80
protocol = "HTTP"
count = (var.create_fqdn ? 0 : 1)
}
resource "oci_dns_rrset" "subdomain_rrset" {
#Required
domain = local.domain_name
rtype = "A"
zone_name_or_id = data.oci_dns_zones.zones.zones[0].id
compartment_id = var.dns_compartment
items {
domain = local.domain_name
rdata = oci_load_balancer.flexible_loadbalancer.ip_address_details[0].ip_address
rtype = "A"
ttl = 30
}
count = (var.create_fqdn ? 1 : 0)
}