Support for targeting subnets for Load Balancers (Private placement o…

…f load balancers). With CRB-2275, we are introducing a feature that lets customers choose private subnets for LB. Some customers (for example- Banks), have stricter rules where they need to keep the workloads completely isoalted (non-routable) from even their network but provide access to API/UI endpoints for people on the network by placing the LBs in routable frontend private subnet. See https://docs.google.com/document/d/1qfdmFKHAN9NrE60ElPZNORvqhD7HwWAyt238wQvvvgo/edit#heading=h.1bz8nyaoflni for more details on how-to-use this feature.
cloudera-labs · Sep 8, 2023 · 24b2ba8 · 24b2ba8
1 parent 534a9c2
commit 24b2ba8
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 3 deletions.
diff --git a/modules/terraform-cdp-deploy/main.tf b/modules/terraform-cdp-deploy/main.tf
@@ -61,6 +61,8 @@ module "cdp_on_aws" {
   idbroker_instance_profile_arn = var.aws_idbroker_instance_profile_arn
   log_instance_profile_arn      = var.aws_log_instance_profile_arn
 
+  cdp_lb_subnet_ids = var.cdp_lb_subnet_ids
+
   # Optional parameters defaulting to null
   freeipa_catalog       = var.freeipa_catalog
   freeipa_image_id      = var.freeipa_image_id

diff --git a/modules/terraform-cdp-deploy/modules/aws/main.tf b/modules/terraform-cdp-deploy/modules/aws/main.tf
@@ -44,7 +44,7 @@ resource "cdp_environments_aws_environment" "cdp_env" {
   vpc_id                             = var.vpc_id
   subnet_ids                         = var.subnets_for_cdp
   endpoint_access_gateway_scheme     = var.endpoint_access_scheme
-  endpoint_access_gateway_subnet_ids = (length(var.public_subnet_ids) > 0) ? var.public_subnet_ids : null
+  endpoint_access_gateway_subnet_ids = length(var.cdp_lb_subnet_ids) > 0 && var.endpoint_access_scheme == "PRIVATE" ? var.cdp_lb_subnet_ids : length(var.public_subnet_ids) >0 && var.endpoint_access_scheme == "PUBLIC" ? var.public_subnet_ids : null
 
   freeipa = {
     instance_count_by_group = var.freeipa_instances

diff --git a/modules/terraform-cdp-deploy/modules/aws/variables.tf b/modules/terraform-cdp-deploy/modules/aws/variables.tf
@@ -238,6 +238,7 @@ variable "vpc_id" {
 variable "public_subnet_ids" {
   type        = list(string)
   description = "List of public subnet ids."
+  default = null
 }
 
 # variable "private_subnet_ids" {
@@ -356,4 +357,11 @@ variable "idbroker_instance_profile_arn" {
     error_message = "Valid values for var: idbroker_instance_profile_arn must be a valid ARN for IDBroker Instance Profile."
   }
 
-}
+}
+
+variable "cdp_lb_subnet_ids" {
+   type        = list(any)
+  description = "List of subnet ids for Load Balancer. Required if we want to target subnets for LB"
+
+  default = null
+}
diff --git a/modules/terraform-cdp-deploy/modules/azure/main.tf b/modules/terraform-cdp-deploy/modules/azure/main.tf
@@ -53,7 +53,7 @@ resource "cdp_environments_azure_environment" "cdp_env" {
   }
 
   endpoint_access_gateway_scheme     = var.endpoint_access_scheme
-  endpoint_access_gateway_subnet_ids = (length(var.cdp_gateway_subnet_names) > 0) ? var.cdp_gateway_subnet_names : null
+  endpoint_access_gateway_subnet_ids = length(var.cdp_gateway_subnet_names) > 0 ? var.cdp_gateway_subnet_names : null
 
   # Set this parameter to deploy all resources into a single resource group
   resource_group_name = var.use_single_resource_group ? var.resource_group_name : null

diff --git a/modules/terraform-cdp-deploy/variables.tf b/modules/terraform-cdp-deploy/variables.tf
@@ -588,3 +588,10 @@ variable "azure_raz_identity_id" {
   default = null
 
 }
+
+variable "cdp_lb_subnet_ids" {
+   type        = list(any)
+  description = "List of subnet ids for Load Balancer. Required if we want to target subnets for LB"
+
+  default = null
+}