Support for targeting subnets for Load Balancers (Private placement o… #30
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…f load balancers).
With CRB-2275, we are introducing a feature that lets customers choose private subnets for LB. Some customers (for example- Banks), have stricter rules where they need to keep the workloads completely isoalted (non-routable) from even their network but provide access to API/UI endpoints for people on the network by placing the LBs in routable frontend private subnet. See https://docs.google.com/document/d/1qfdmFKHAN9NrE60ElPZNORvqhD7HwWAyt238wQvvvgo/edit#heading=h.1bz8nyaoflni for more details on how-to-use this feature.
Implementation
We have introduced a new variable "cdp_lb_subnet_ids" which is honoured ONLY when deployment_type is "private" and overrides "endpoint_access_gateway_subnet_ids" when provided.
If the deployment_type is "semi-private", it still uses "PUBLIC" subnets to bring-up environment, even when overriding "cdp_lb_subnet_ids" are provided.
This is because private placement is intuitively "more-aligned" to "private" deployment type, where workloads can be even more restricted ("non-routable").
With this approach, we don't need to have another "private-private" type topology. "private" is used for both with "cdp_lb_subnet_ids" being used to dictate private placement of LBs
Testing
Output:
Output