Merge pull request #42 from MaterializeInc/aws_nlb

NLB ingress

Author: alex-hunt-materialize

README.md

@@ -75,10 +75,12 @@ export AWS_PROFILE=your-profile-name
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_aws_lbc"></a> [aws\_lbc](#module\_aws\_lbc) | ./modules/aws-lbc | n/a |
 | <a name="module_database"></a> [database](#module\_database) | ./modules/database | n/a |
 | <a name="module_eks"></a> [eks](#module\_eks) | ./modules/eks | n/a |
 | <a name="module_networking"></a> [networking](#module\_networking) | ./modules/networking | n/a |
-| <a name="module_operator"></a> [operator](#module\_operator) | github.com/MaterializeInc/terraform-helm-materialize | v0.1.7 |
+| <a name="module_nlb"></a> [nlb](#module\_nlb) | ./modules/nlb | n/a |
+| <a name="module_operator"></a> [operator](#module\_operator) | github.com/MaterializeInc/terraform-helm-materialize | v0.1.8 |
 | <a name="module_storage"></a> [storage](#module\_storage) | ./modules/storage | n/a |
 
 ## Resources
@@ -118,15 +120,17 @@ export AWS_PROFILE=your-profile-name
 | <a name="input_environment"></a> [environment](#input\_environment) | Environment name (e.g., prod, staging, dev) | `string` | n/a | yes |
 | <a name="input_helm_chart"></a> [helm\_chart](#input\_helm\_chart) | Chart name from repository or local path to chart. For local charts, set the path to the chart directory. | `string` | `"materialize-operator"` | no |
 | <a name="input_helm_values"></a> [helm\_values](#input\_helm\_values) | Additional Helm values to merge with defaults | `any` | `{}` | no |
+| <a name="input_install_aws_load_balancer_controller"></a> [install\_aws\_load\_balancer\_controller](#input\_install\_aws\_load\_balancer\_controller) | Whether to install the AWS Load Balancer Controller | `bool` | `true` | no |
 | <a name="input_install_materialize_operator"></a> [install\_materialize\_operator](#input\_install\_materialize\_operator) | Whether to install the Materialize operator | `bool` | `true` | no |
 | <a name="input_install_metrics_server"></a> [install\_metrics\_server](#input\_install\_metrics\_server) | Whether to install the metrics-server for the Materialize Console | `bool` | `true` | no |
 | <a name="input_kubernetes_namespace"></a> [kubernetes\_namespace](#input\_kubernetes\_namespace) | The Kubernetes namespace for the Materialize resources | `string` | `"materialize-environment"` | no |
 | <a name="input_log_group_name_prefix"></a> [log\_group\_name\_prefix](#input\_log\_group\_name\_prefix) | Prefix for the CloudWatch log group name (will be combined with environment name) | `string` | `"materialize"` | no |
-| <a name="input_materialize_instances"></a> [materialize\_instances](#input\_materialize\_instances) | Configuration for Materialize instances | <pre>list(object({<br/>    name                    = string<br/>    namespace               = optional(string)<br/>    database_name           = string<br/>    environmentd_version    = optional(string, "v0.130.4")<br/>    cpu_request             = optional(string, "1")<br/>    memory_request          = optional(string, "1Gi")<br/>    memory_limit            = optional(string, "1Gi")<br/>    create_database         = optional(bool, true)<br/>    in_place_rollout        = optional(bool, false)<br/>    request_rollout         = optional(string)<br/>    force_rollout           = optional(string)<br/>    balancer_memory_request = optional(string, "256Mi")<br/>    balancer_memory_limit   = optional(string, "256Mi")<br/>    balancer_cpu_request    = optional(string, "100m")<br/>  }))</pre> | `[]` | no |
+| <a name="input_materialize_instances"></a> [materialize\_instances](#input\_materialize\_instances) | Configuration for Materialize instances | <pre>list(object({<br/>    name                    = string<br/>    namespace               = optional(string)<br/>    database_name           = string<br/>    environmentd_version    = optional(string, "v0.130.4")<br/>    cpu_request             = optional(string, "1")<br/>    memory_request          = optional(string, "1Gi")<br/>    memory_limit            = optional(string, "1Gi")<br/>    create_database         = optional(bool, true)<br/>    create_nlb              = optional(bool, true)<br/>    internal_nlb            = optional(bool, true)<br/>    in_place_rollout        = optional(bool, false)<br/>    request_rollout         = optional(string)<br/>    force_rollout           = optional(string)<br/>    balancer_memory_request = optional(string, "256Mi")<br/>    balancer_memory_limit   = optional(string, "256Mi")<br/>    balancer_cpu_request    = optional(string, "100m")<br/>  }))</pre> | `[]` | no |
 | <a name="input_metrics_retention_days"></a> [metrics\_retention\_days](#input\_metrics\_retention\_days) | Number of days to retain CloudWatch metrics | `number` | `7` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace for all resources, usually the organization or project name | `string` | n/a | yes |
 | <a name="input_network_id"></a> [network\_id](#input\_network\_id) | The ID of the VPC in which resources will be deployed. Only used if create\_vpc is false. | `string` | `""` | no |
 | <a name="input_network_private_subnet_ids"></a> [network\_private\_subnet\_ids](#input\_network\_private\_subnet\_ids) | A list of private subnet IDs in the VPC. Only used if create\_vpc is false. | `list(string)` | `[]` | no |
+| <a name="input_network_public_subnet_ids"></a> [network\_public\_subnet\_ids](#input\_network\_public\_subnet\_ids) | A list of public subnet IDs in the VPC. Only used if create\_vpc is false. | `list(string)` | `[]` | no |
 | <a name="input_node_group_ami_type"></a> [node\_group\_ami\_type](#input\_node\_group\_ami\_type) | AMI type for the node group | `string` | `"AL2023_ARM_64_STANDARD"` | no |
 | <a name="input_node_group_capacity_type"></a> [node\_group\_capacity\_type](#input\_node\_group\_capacity\_type) | Capacity type for worker nodes (ON\_DEMAND or SPOT) | `string` | `"ON_DEMAND"` | no |
 | <a name="input_node_group_desired_size"></a> [node\_group\_desired\_size](#input\_node\_group\_desired\_size) | Desired number of worker nodes | `number` | `2` | no |
@@ -150,6 +154,7 @@ export AWS_PROFILE=your-profile-name
 | Name | Description |
 |------|-------------|
 | <a name="output_cluster_certificate_authority_data"></a> [cluster\_certificate\_authority\_data](#output\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster |
+| <a name="output_cluster_oidc_issuer_url"></a> [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider |
 | <a name="output_database_endpoint"></a> [database\_endpoint](#output\_database\_endpoint) | RDS instance endpoint |
 | <a name="output_eks_cluster_endpoint"></a> [eks\_cluster\_endpoint](#output\_eks\_cluster\_endpoint) | EKS cluster endpoint |
 | <a name="output_eks_cluster_name"></a> [eks\_cluster\_name](#output\_eks\_cluster\_name) | EKS cluster name |
@@ -158,6 +163,8 @@ export AWS_PROFILE=your-profile-name
 | <a name="output_oidc_provider_arn"></a> [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider |
 | <a name="output_operator_details"></a> [operator\_details](#output\_operator\_details) | Details of the installed Materialize operator |
 | <a name="output_persist_backend_url"></a> [persist\_backend\_url](#output\_persist\_backend\_url) | S3 connection URL in the format required by Materialize using IRSA |
+| <a name="output_private_subnet_ids"></a> [private\_subnet\_ids](#output\_private\_subnet\_ids) | List of private subnet IDs |
+| <a name="output_public_subnet_ids"></a> [public\_subnet\_ids](#output\_public\_subnet\_ids) | List of public subnet IDs |
 | <a name="output_s3_bucket_name"></a> [s3\_bucket\_name](#output\_s3\_bucket\_name) | Name of the S3 bucket |
 | <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | VPC ID |
 

examples/simple/main.tf

@@ -135,13 +135,14 @@ variable "materialize_instances" {
     memory_request          = string
     memory_limit            = string
     create_database         = optional(bool)
+    create_nlb              = optional(bool)
+    internal_nlb            = optional(bool)
     in_place_rollout        = optional(bool, false)
     request_rollout         = optional(string)
     force_rollout           = optional(string)
     balancer_memory_request = optional(string, "256Mi")
     balancer_memory_limit   = optional(string, "256Mi")
     balancer_cpu_request    = optional(string, "100m")
-
   }))
   default = []
 }

main.tf

@@ -36,6 +36,25 @@ module "eks" {
   enable_cluster_creator_admin_permissions = var.enable_cluster_creator_admin_permissions
 
   tags = local.common_tags
+
+  depends_on = [
+    module.networking,
+  ]
+}
+
+module "aws_lbc" {
+  source = "./modules/aws-lbc"
+  count  = var.install_aws_load_balancer_controller ? 1 : 0
+
+  eks_cluster_name  = module.eks.cluster_name
+  oidc_provider_arn = module.eks.oidc_provider_arn
+  oidc_issuer_url   = module.eks.cluster_oidc_issuer_url
+  vpc_id            = module.networking.vpc_id
+  region            = data.aws_region.current.name
+
+  depends_on = [
+    module.eks,
+  ]
 }
 
 module "storage" {
@@ -76,10 +95,14 @@ module "database" {
   database_password          = var.database_password
 
   tags = local.common_tags
+
+  depends_on = [
+    module.networking,
+  ]
 }
 
 module "operator" {
-  source = "github.com/MaterializeInc/terraform-helm-materialize?ref=v0.1.7"
+  source = "github.com/MaterializeInc/terraform-helm-materialize?ref=v0.1.8"
 
   count = var.install_materialize_operator ? 1 : 0
 
@@ -88,7 +111,8 @@ module "operator" {
   depends_on = [
     module.eks,
     module.database,
-    module.storage
+    module.storage,
+    module.networking,
   ]
 
   namespace          = var.namespace
@@ -109,9 +133,30 @@ module "operator" {
   }
 }
 
+module "nlb" {
+  source = "./modules/nlb"
+
+  for_each = { for idx, instance in local.instances : instance.name => instance if lookup(instance, "create_nlb", true) }
+
+  name_prefix                      = each.value.name
+  namespace                        = each.value.namespace
+  internal                         = each.value.internal_nlb
+  subnet_ids                       = each.value.internal_nlb ? local.network_private_subnet_ids : local.network_public_subnet_ids
+  enable_cross_zone_load_balancing = each.value.enable_cross_zone_load_balancing
+  vpc_id                           = local.network_id
+  mz_resource_id                   = module.operator[0].materialize_instance_resource_ids[each.value.name]
+
+  depends_on = [
+    module.aws_lbc,
+    module.operator,
+    module.eks,
+  ]
+}
+
 locals {
   network_id                 = var.create_vpc ? module.networking.vpc_id : var.network_id
   network_private_subnet_ids = var.create_vpc ? module.networking.private_subnet_ids : var.network_private_subnet_ids
+  network_public_subnet_ids  = var.create_vpc ? module.networking.public_subnet_ids : var.network_public_subnet_ids
 
   default_helm_values = {
     observability = {
@@ -145,11 +190,14 @@ locals {
 
   instances = [
     for instance in var.materialize_instances : {
-      name                 = instance.name
-      namespace            = instance.namespace
-      database_name        = instance.database_name
-      create_database      = instance.create_database
-      environmentd_version = instance.environmentd_version
+      name                             = instance.name
+      namespace                        = instance.namespace
+      database_name                    = instance.database_name
+      create_database                  = instance.create_database
+      environmentd_version             = instance.environmentd_version
+      create_nlb                       = instance.create_nlb
+      internal_nlb                     = instance.internal_nlb
+      enable_cross_zone_load_balancing = instance.enable_cross_zone_load_balancing
 
       metadata_backend_url = format(
         "postgres://%s:%s@%s/%s?sslmode=require",