Merge pull request #45 from datafold/gerard-p-3645-poc-vertical-pod-autoscaling-vpa

fix: Fix LB IP collector and VPA adm. controller

Author: gtoonstra

modules/eks/main.tf

@@ -154,6 +154,20 @@ resource "aws_security_group_rule" "lb_ingress" {
   ]
 }
 
+resource "aws_security_group_rule" "vpa_ingress" {
+  type                     = "ingress"
+  from_port                = var.vpa_port
+  to_port                  = var.vpa_port
+  protocol                 = "tcp"
+  source_security_group_id = module.eks.cluster_security_group_id
+  security_group_id        = module.eks.node_security_group_id
+  description              = "Allows traffic from cluster control plane to VPA admission controller"
+
+  depends_on = [
+    module.eks
+  ]
+}
+
 resource "aws_security_group_rule" "db_ingress" {
   type                     = "ingress"
   from_port                = var.rds_port

modules/eks/variables.tf

@@ -83,6 +83,12 @@ variable "backend_app_port" {
   description = "The target port to use for the backend services"
 }
 
+variable "vpa_port" {
+  type        = number
+  default     = 8000
+  description = "The port for the VPA admission controller"
+}
+
 variable "rds_port" {
   type        = number
   default     = 5432

modules/load_balancer/main.tf

@@ -109,22 +109,20 @@ locals {
   vpc_subnets_joined = join(",", var.vpc_subnets)
 }
 
-data "aws_network_interface" "lb_app" {
-  count = length(var.vpc_subnets)
-
+data "aws_network_interfaces" "lb_app" {
   filter {
     name   = "description"
     values = ["ELB ${module.alb_app.lb_arn_suffix}"]
   }
 
-  filter {
-    name   = "subnet-id"
-    values = [split(",", local.vpc_subnets_joined)[count.index]]
-  }
-
   depends_on = [ module.alb_app ]
 }
 
+data "aws_network_interface" "lb_app" {
+  for_each = toset(data.aws_network_interfaces.lb_app.ids)
+  id       = each.value
+}
+
 locals {
   lb_ips = var.lb_internal ? jsonencode([for eni in data.aws_network_interface.lb_app : format("%s", eni.private_ip)]) : jsonencode([for eni in data.aws_network_interface.lb_app : format("%s", eni.association[0].public_ip)])
 }