New Target groups for SP removal (#1635)

* New Target groups for gorouters * forgot to comitt * fix output * added more groups * name * dont need flatten yet * array it up * more domain broker TGs * name is toooo long * name is toooooo long * White space to kick off check again --------- Co-authored-by: Christopher Weibel <christopher.weibel@gsa.gov>
cloud-gov · Apr 17, 2024 · f47e01d · f47e01d
1 parent 5c1364a
commit f47e01d
Show file tree

Hide file tree

Showing 9 changed files with 202 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -6,6 +6,7 @@ to bootstrap our infrastructure.
 Be sure to read the internal developer documentation ("cg-provision") for
 non-public information about using this repository.
 
+
 ## Layout
 
 ### Terraform

diff --git a/terraform/modules/cloudfoundry/elb_apps.tf b/terraform/modules/cloudfoundry/elb_apps.tf
@@ -30,6 +30,24 @@ resource "aws_lb_target_group" "cf_apps_target_https" {
   }
 }
 
+resource "aws_lb_target_group" "cf_gr_apps_target_https" {
+  name     = "${var.stack_description}-cf-gr-apps-https"
+  port     = 10443
+  protocol = "HTTPS"
+  vpc_id   = var.vpc_id
+
+  health_check {
+    healthy_threshold   = 2
+    interval            = 5
+    port                = 8443
+    timeout             = 4
+    unhealthy_threshold = 3
+    matcher             = 200
+    protocol            = "HTTPS"
+    path                = "/health"
+  }
+}
+
 resource "aws_lb_listener" "cf_apps" {
   load_balancer_arn = aws_lb.cf_apps.arn
   port              = "443"
@@ -70,6 +88,24 @@ resource "aws_lb_target_group" "cf_logstash_target_https" {
   }
 }
 
+resource "aws_lb_target_group" "cf_gr_logstash_target_https" {
+  name     = "${var.stack_description}-cf-gr-logstash-https"
+  port     = 10443
+  protocol = "HTTPS"
+  vpc_id   = var.vpc_id
+
+  health_check {
+    healthy_threshold   = 2
+    interval            = 5
+    port                = 8443
+    timeout             = 4
+    unhealthy_threshold = 3
+    matcher             = 200
+    protocol            = "HTTPS"
+    path                = "/health"
+  }
+}
+
 resource "aws_lb_listener_rule" "logstash_listener_rule" {
   listener_arn = aws_lb_listener.cf_apps.arn
 

diff --git a/terraform/modules/cloudfoundry/elb_main.tf b/terraform/modules/cloudfoundry/elb_main.tf
@@ -14,6 +14,24 @@ resource "aws_lb" "cf" {
   }
 }
 
+resource "aws_lb_target_group" "cf_gr_target_https" {
+  name     = "${var.stack_description}-cf-gr-https"
+  port     = 10443
+  protocol = "HTTPS"
+  vpc_id   = var.vpc_id
+
+  health_check {
+    healthy_threshold   = 2
+    interval            = 5
+    port                = 8443
+    timeout             = 4
+    unhealthy_threshold = 3
+    matcher             = 200
+    protocol            = "HTTPS"
+    path                = "/health"
+  }
+}
+
 resource "aws_lb_target_group" "cf_target_https" {
   name     = "${var.stack_description}-cf-https"
   port     = 443

diff --git a/terraform/modules/cloudfoundry/elb_uaa.tf b/terraform/modules/cloudfoundry/elb_uaa.tf
@@ -14,6 +14,24 @@ resource "aws_lb" "cf_uaa" {
   }
 }
 
+resource "aws_lb_target_group" "cf_gr_uaa_target" {
+  name     = "${var.stack_description}-cf-gr-uaa"
+  port     = 10443
+  protocol = "HTTPS"
+  vpc_id   = var.vpc_id
+
+  health_check {
+    healthy_threshold   = 2
+    interval            = 5
+    port                = 8443
+    timeout             = 4
+    unhealthy_threshold = 3
+    matcher             = 200
+    protocol            = "HTTPS"
+    path                = "/health"
+  }
+}
+
 resource "aws_lb_target_group" "cf_uaa_target" {
   name     = "${var.stack_description}-cf-uaa"
   port     = 443

diff --git a/terraform/modules/cloudfoundry/outputs.tf b/terraform/modules/cloudfoundry/outputs.tf
@@ -30,6 +30,22 @@ output "logstash_lb_target_https_group" {
   value = aws_lb_target_group.cf_logstash_target_https.name
 }
 
+output "lb_gr_target_https_group" {
+  value = aws_lb_target_group.cf_gr_target_https.name
+}
+
+output "apps_lb_gr_target_https_group" {
+  value = aws_lb_target_group.cf_gr_apps_target_https.name
+}
+
+output "uaa_lb_gr_target_https_group" {
+  value = aws_lb_target_group.cf_gr_uaa_target.name
+}
+
+output "logstash_gr_lb_target_https_group" {
+  value = aws_lb_target_group.cf_gr_logstash_target_https.name
+}
+
 output "uaa_lb_name" {
   value = aws_lb.cf_uaa.name
 }

diff --git a/terraform/modules/external_domain_broker_loadbalancer_group/outputs.tf b/terraform/modules/external_domain_broker_loadbalancer_group/outputs.tf
@@ -13,3 +13,11 @@ output "domains_lbgroup_listener_arns" {
 output "domains_lbgroup_target_group_logstash_https_names" {
   value = aws_lb_target_group.domains_lbgroup_logstash_https.*.name
 }
+
+output "domains_lbgroup_target_group_gr_apps_https_names" {
+  value = aws_lb_target_group.domains_lbgroup_gr_apps_https.*.name
+}
+
+output "domains_lbgroup_target_group_gr_logstash_https_names" {
+  value = aws_lb_target_group.domains_lbgroup_gr_logstash_https.*.name
+}
diff --git a/terraform/modules/external_domain_broker_loadbalancer_group/resources.tf b/terraform/modules/external_domain_broker_loadbalancer_group/resources.tf
@@ -103,6 +103,46 @@ resource "aws_lb_target_group" "domains_lbgroup_logstash_https" {
   }
 }
 
+resource "aws_lb_target_group" "domains_lbgroup_gr_apps_https" {
+  count = var.domains_lbgroup_count
+
+  name     = "${var.stack_description}-dlbg-gr-apps-https-${count.index}"
+  port     = 10443
+  protocol = "HTTPS"
+  vpc_id   = var.vpc_id
+
+  health_check {
+    healthy_threshold   = 2
+    interval            = 5
+    port                = 8443
+    timeout             = 4
+    unhealthy_threshold = 3
+    matcher             = 200
+    protocol            = "HTTPS"
+    path                = "/health"
+  }
+}
+
+resource "aws_lb_target_group" "domains_lbgroup_gr_logstash_https" {
+  count = var.domains_lbgroup_count
+
+  name     = "${var.stack_description}-dlbg-gr-logstash-${count.index}"
+  port     = 10443
+  protocol = "HTTPS"
+  vpc_id   = var.vpc_id
+
+  health_check {
+    healthy_threshold   = 2
+    interval            = 5
+    port                = 8443
+    timeout             = 4
+    unhealthy_threshold = 3
+    matcher             = 200
+    protocol            = "HTTPS"
+    path                = "/health"
+  }
+}
+
 resource "aws_wafv2_web_acl_association" "domain_waf" {
   count = var.domains_lbgroup_count
 

diff --git a/terraform/stacks/main/domains_broker.tf b/terraform/stacks/main/domains_broker.tf
@@ -237,6 +237,46 @@ resource "aws_lb_target_group" "domains_broker_logstash_https" {
   }
 }
 
+resource "aws_lb_target_group" "domains_broker_gr_apps_https" {
+  count = var.domains_broker_alb_count
+
+  name     = "${var.stack_description}-domains-gapps-https${count.index}"
+  port     = 10443
+  protocol = "HTTPS"
+  vpc_id   = module.stack.vpc_id
+
+  health_check {
+    healthy_threshold   = 2
+    interval            = 5
+    port                = 8443
+    timeout             = 4
+    unhealthy_threshold = 3
+    matcher             = 200
+    protocol            = "HTTPS"
+    path                = "/health"
+  }
+}
+
+resource "aws_lb_target_group" "domains_broker_gr_logstash_https" {
+  count = var.domains_broker_alb_count
+
+  name     = "${var.stack_description}-domains-glogstash-${count.index}"
+  port     = 10443
+  protocol = "HTTPS"
+  vpc_id   = module.stack.vpc_id
+
+  health_check {
+    healthy_threshold   = 2
+    interval            = 5
+    port                = 8443
+    timeout             = 4
+    unhealthy_threshold = 3
+    matcher             = 200
+    protocol            = "HTTPS"
+    path                = "/health"
+  }
+}
+
 resource "aws_lb_target_group" "domains_broker_challenge" {
   count = var.domains_broker_alb_count
 

diff --git a/terraform/stacks/main/outputs.tf b/terraform/stacks/main/outputs.tf
@@ -204,8 +204,12 @@ output "cf_router_target_groups" {
   value = flatten(concat(
     [module.cf.lb_target_https_group],
     [module.cf.apps_lb_target_https_group],
+    [module.cf.lb_gr_target_https_group],
+    [module.cf.apps_lb_gr_target_https_group],
     module.dedicated_loadbalancer_group.domains_lbgroup_target_group_apps_https_names,
+    module.dedicated_loadbalancer_group.domains_lbgroup_target_group_gr_apps_https_names,
     aws_lb_target_group.domains_broker_apps_https.*.name,
+    aws_lb_target_group.domains_broker_gr_apps_https.*.name,
     aws_lb_target_group.domains_broker_challenge.*.name,
   ))
 }
@@ -219,18 +223,37 @@ output "cf_apps_target_group" {
   value = module.cf.apps_lb_target_https_group
 }
 
+/* Temp target groups */
+output "cf_gr_target_group" {
+  value = module.cf.lb_gr_target_https_group
+}
+
+output "cf_apps_gr_target_group" {
+  value = module.cf.apps_lb_gr_target_https_group
+}
+
 output "cf_logstash_target_group" {
-  value = concat(
+  value = flatten(concat(
     [module.cf.logstash_lb_target_https_group],
+    [module.cf.logstash_gr_lb_target_https_group],
     module.dedicated_loadbalancer_group.domains_lbgroup_target_group_logstash_https_names,
+    module.dedicated_loadbalancer_group.domains_lbgroup_target_group_gr_logstash_https_names,
     aws_lb_target_group.domains_broker_logstash_https.*.name,
-  )
+    aws_lb_target_group.domains_broker_gr_logstash_https.*.name,
+  ))
 }
 
 output "cf_uaa_target_group" {
   value = module.cf.uaa_lb_target_group
 }
 
+output "cf_router_main_target_group" {
+  value = concat(
+    [module.cf.uaa_lb_target_group],
+    [module.cf.uaa_lb_gr_target_https_group],
+  )
+}
+
 /* Security Groups */
 output "bosh_security_group" {
   value = module.stack.bosh_security_group