search

terraform-google-modules / terraform-google-vault

Deploys Vault on Compute Engine
https://registry.terraform.io/modules/terraform-google-modules/vault/google
Apache License 2.0
192 stars 127 forks source link

Autohealing port doesn't align with firewall rule port when not using internal LB #187

Closed ggprod closed 1 year ago

ggprod commented 1 year ago

TL;DR

The port used for the auto-healing health check is always the variable vault_port (default 8200), but the firewall rule allowing this autohealing health check will be vault_port only when using internal load balacing, otherwise it will be vault_proxy_port (default 58200) which would result in the MIG being 100% unhealthy perpetually (though in practice the cluster will work with reduced capacity and rolling outages due to the staggered auto-healing behaviour)

Expected behavior

firewall rule created for autohealing and load-balancing health checks matches autohealing health check port

Observed behavior

firewall rule created for autohealing and load-balancing health checks does not match autohealing health check port (when using external load balancing)

Terraform Configuration

autohealing health check port: https://github.com/terraform-google-modules/terraform-google-vault/blob/master/modules/cluster/main.tf#LL290C24-L290C34

firewall rule used for autohealing and load-balancer health checks:
https://github.com/terraform-google-modules/terraform-google-vault/blob/master/network.tf#LL132C62-L132C78

for correct behaviour the firewall rule should always include the port used for autohealing health check

Terraform Version

any

Additional information

No response

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days