This repository has been archived by the owner on May 13, 2024. It is now read-only.
generated from oracle-quickstart/oci-quickstart-template
-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathlb.tf
109 lines (89 loc) · 3.44 KB
/
lb.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
## Copyright © 2021, Oracle and/or its affiliates.
## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
locals {
is_flexible_lb_shape = var.lb_shape == "flexible" ? true : false
}
resource "oci_load_balancer" "JenkinsLB" {
shape = var.lb_shape
dynamic "shape_details" {
for_each = local.is_flexible_lb_shape ? [1] : []
content {
minimum_bandwidth_in_mbps = var.flex_lb_min_shape
maximum_bandwidth_in_mbps = var.flex_lb_max_shape
}
}
compartment_id = var.compartment_ocid
subnet_ids = [
oci_core_subnet.JenkinsLBSubnet1.id,
]
display_name = "JenkinsLB"
defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
}
resource "oci_load_balancer_backend_set" "JenkinsLBBes" {
name = "JenkinsLBBes"
load_balancer_id = oci_load_balancer.JenkinsLB.id
policy = "ROUND_ROBIN"
health_checker {
port = var.http_port
protocol = "TCP"
}
}
resource "oci_load_balancer_listener" "JenkinsLBLsnr" {
load_balancer_id = oci_load_balancer.JenkinsLB.id
name = "http"
default_backend_set_name = oci_load_balancer_backend_set.JenkinsLBBes.name
port = var.lb_http_port
protocol = "HTTP"
connection_configuration {
idle_timeout_in_seconds = "2"
}
}
resource "oci_load_balancer_backend" "JenkinsLBBe" {
load_balancer_id = oci_load_balancer.JenkinsLB.id
backendset_name = oci_load_balancer_backend_set.JenkinsLBBes.name
ip_address = module.jenkins.controller_private_ip
port = var.http_port
backup = false
drain = false
offline = false
weight = 1
}
resource "tls_private_key" "JenkinTLS" {
count = var.listener_ca_certificate == "" ? 1 : 0
algorithm = "RSA"
rsa_bits = 4096
}
resource "tls_self_signed_cert" "JenkinsCert" {
count = var.listener_ca_certificate == "" ? 1 : 0
key_algorithm = tls_private_key.JenkinTLS[0].algorithm
private_key_pem = tls_private_key.JenkinTLS[0].private_key_pem
validity_period_hours = 26280
early_renewal_hours = 8760
is_ca_certificate = true
allowed_uses = ["cert_signing"]
subject {
common_name = "*.example.com"
organization = "Example, Inc"
}
}
resource "oci_load_balancer_certificate" "JenkinsLBCert" {
load_balancer_id = oci_load_balancer.JenkinsLB.id
ca_certificate = var.listener_ca_certificate == "" ? tls_self_signed_cert.JenkinsCert[0].cert_pem : var.listener_ca_certificate
certificate_name = "JenkinsCert"
private_key = var.listener_private_key == "" ? tls_private_key.JenkinTLS[0].private_key_pem : var.listener_private_key
public_certificate = var.listener_public_certificate == "" ? tls_self_signed_cert.JenkinsCert[0].cert_pem : var.listener_public_certificate
lifecycle {
create_before_destroy = true
}
}
resource "oci_load_balancer_listener" "JenkinsLBLsnr_SSL" {
load_balancer_id = oci_load_balancer.JenkinsLB.id
name = "https"
default_backend_set_name = oci_load_balancer_backend_set.JenkinsLBBes.name
port = var.lb_https_port
protocol = "HTTP"
ssl_configuration {
certificate_name = oci_load_balancer_certificate.JenkinsLBCert.certificate_name
verify_peer_certificate = false
}
}