From 02cfb7019af6cf182f04d92d2b1f9a8f13e24a9e Mon Sep 17 00:00:00 2001 From: jaskaransarkaria Date: Tue, 26 Mar 2024 08:49:34 +0000 Subject: [PATCH 1/3] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20optional=20enable=20?= =?UTF-8?q?cross=20zone=20lb?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- main.tf | 4 +++- templates/values.yaml.tpl | 2 +- variables.tf | 6 ++++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 3a415c0..553fd5c 100644 --- a/main.tf +++ b/main.tf @@ -61,7 +61,9 @@ resource "helm_release" "nginx_ingress" { enable_owasp = var.enable_owasp keepalive = var.keepalive # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#upstream-keepalive-time - upstream_keepalive_time = var.upstream_keepalive_time + upstream_keepalive_time = var.upstream_keepalive_time + # https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#cross-zone-load-balancing + enable_cross_zone_lb = var.enable_cross_zone_lb proxy_response_buffering = var.proxy_response_buffering default = var.controller_name == "default" ? true : false name_override = "ingress-${var.controller_name}" diff --git a/templates/values.yaml.tpl b/templates/values.yaml.tpl index 68a9880..3deba35 100644 --- a/templates/values.yaml.tpl +++ b/templates/values.yaml.tpl @@ -254,7 +254,7 @@ controller: %{~ endif ~} service.beta.kubernetes.io/aws-load-balancer-type: "nlb" - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "${enable_cross_zone_lb}" externalTrafficPolicy: "Local" %{ if default_cert != "" } diff --git a/variables.tf b/variables.tf index 010920a..af14f71 100644 --- a/variables.tf +++ b/variables.tf @@ -80,6 +80,12 @@ variable "upstream_keepalive_time" { default = "1h" } +variable "enable_cross_zone_lb" { + description = "Limits the maximum time during which requests can be processed through one keepalive connection. After this time is reached, the connection is closed following the subsequent request processing." + type = bool + default = true +} + variable "proxy_response_buffering" { description = "nginx receives a response from the proxied server as soon as possible, saving it into the buffers set by the proxy_buffer_size and proxy_buffers directives. If the whole response does not fit into memory, a part of it can be saved to a temporary file on the disk. https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering" type = string From f7cd24cbd9513febe002d4bdc11773272b7819b4 Mon Sep 17 00:00:00 2001 From: jaskaransarkaria Date: Wed, 27 Mar 2024 12:03:39 +0000 Subject: [PATCH 2/3] =?UTF-8?q?fixup!=20feat:=20=F0=9F=8E=B8=20optional=20?= =?UTF-8?q?enable=20cross=20zone=20lb?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index af14f71..9bfcccf 100644 --- a/variables.tf +++ b/variables.tf @@ -81,7 +81,7 @@ variable "upstream_keepalive_time" { } variable "enable_cross_zone_lb" { - description = "Limits the maximum time during which requests can be processed through one keepalive connection. After this time is reached, the connection is closed following the subsequent request processing." + description = "cross-zone load balancing distributes traffic across the registered targets in all enabled Availability Zones" type = bool default = true } From 2bf5d22be4c6205127c27b75ac1b0fc6afc998a7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 27 Mar 2024 12:04:12 +0000 Subject: [PATCH 3/3] terraform-docs: automated action --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 12f1a1d..008ee0e 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,7 @@ No modules. | [cluster\_domain\_name](#input\_cluster\_domain\_name) | The cluster domain used for externalDNS annotations and certmanager | `any` | n/a | yes | | [controller\_name](#input\_controller\_name) | Will be used as the ingress controller name and the class annotation | `string` | n/a | yes | | [default\_cert](#input\_default\_cert) | Useful if you want to use a default certificate for your ingress controller. Format: namespace/secretName | `string` | `"ingress-controllers/default-certificate"` | no | +| [enable\_cross\_zone\_lb](#input\_enable\_cross\_zone\_lb) | cross-zone load balancing distributes traffic across the registered targets in all enabled Availability Zones | `bool` | `true` | no | | [enable\_external\_dns\_annotation](#input\_enable\_external\_dns\_annotation) | Add external dns annotation for service | `bool` | `false` | no | | [enable\_latest\_tls](#input\_enable\_latest\_tls) | Provide support to tlsv1.3 along with tlsv1.2 | `bool` | `false` | no | | [enable\_modsec](#input\_enable\_modsec) | Enable https://github.com/SpiderLabs/ModSecurity-nginx | `bool` | `false` | no |